Премини към съдържанието

    Препоръчан отговор


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015
    Ran by Toni (administrator) on TONI-PC (25-12-2015 14:43:06)
    Running from D:\dowloads
    Loaded Profiles: Toni (Available Profiles: Toni)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (BitTorrent Inc.) C:\Users\Toni\AppData\Roaming\uTorrent\uTorrent.exe
    (Spotify Ltd) C:\Users\Toni\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (BitTorrent Inc.) C:\Users\Toni\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
    (BitTorrent Inc.) C:\Users\Toni\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-28] (AVAST Software)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKU\S-1-5-21-1245008870-2349687684-1380508342-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-1245008870-2349687684-1380508342-1000\...\Run: [uTorrent] => C:\Users\Toni\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-05] (BitTorrent Inc.)
    HKU\S-1-5-21-1245008870-2349687684-1380508342-1000\...\Run: [Spotify Web Helper] => C:\Users\Toni\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-21] (Spotify Ltd)
    HKU\S-1-5-21-1245008870-2349687684-1380508342-1000\...\Run: [Spotify] => C:\Users\Toni\AppData\Roaming\Spotify\Spotify.exe [8387696 2015-12-21] (Spotify Ltd)
    HKU\S-1-5-21-1245008870-2349687684-1380508342-1000\...\MountPoints2: {70e0be1a-e692-11e4-87ce-bc5ff4850c03} - F:\setup.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-28] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 185.82.216.244 8.8.8.8
    Tcpip\..\Interfaces\{1300AF3A-A141-409B-B572-FD2A99CD5D65}: [DhcpNameServer] 185.82.216.244 8.8.8.8

    Internet Explorer:
    ==================
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-28] (AVAST Software)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-28] (AVAST Software)
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\7d29xaqh.default
    FF Homepage: hxxp://google.bg/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-05-20] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-05-20] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Extension: Bronze Aid - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\7d29xaqh.default\Extensions\{a5adbf96-6c85-4c15-8d79-21aa419d172c}.xpi [2015-12-24] [not signed]
    FF Extension: Adblock Plus - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\7d29xaqh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-28]
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-11-28]

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
            
    CHR Profile: C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-07]
    CHR Extension: (Avast Online Security) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-07]
    CHR Extension: (Google Wallet) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-07]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-28]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-28]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-28] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5554152 2015-11-28] (Avast Software)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-28] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-28] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-28] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-28] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-28] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-28] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-28] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-28] (AVAST Software)
    S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [268896 2015-04-19] (SysProgs.org)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-11-28] (AVAST Software)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-11-28] (Avast Software)
    R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-25 14:42 - 2015-12-25 14:43 - 00000000 ____D C:\FRST
    2015-12-25 14:24 - 2015-12-25 14:24 - 00000563 _____ C:\Users\Toni\Desktop\JRT.txt
    2015-12-25 14:13 - 2015-12-25 14:13 - 00004548 _____ C:\Windows\system32\.crusader
    2015-12-25 13:36 - 2015-12-25 13:52 - 00000080 _____ C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\чTorrent.lnk
    2015-12-25 13:07 - 2015-12-25 13:07 - 00000000 ____D C:\Users\Toni\AppData\Local\Flvto
    2015-12-23 13:33 - 2015-12-25 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-12-22 14:57 - 2015-12-22 14:57 - 00000000 ____D C:\Users\Toni\AppData\Roaming\dvdcss
    2015-12-21 17:51 - 2015-12-25 14:26 - 00000000 ____D C:\Users\Toni\AppData\Roaming\Spotify
    2015-12-21 17:51 - 2015-12-25 14:26 - 00000000 ____D C:\Users\Toni\AppData\Local\Spotify
    2015-12-21 17:51 - 2015-12-25 13:53 - 00001768 _____ C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    2015-12-21 17:51 - 2015-12-25 13:52 - 00001762 _____ C:\Users\Toni\Desktop\Spotify.lnk
    2015-12-21 17:51 - 2015-12-21 17:51 - 00000000 ____D C:\Users\Toni\AppData\Local\CEF
    2015-12-18 15:52 - 2015-12-18 16:23 - 00000000 ____D C:\Users\Toni\Desktop\New folder
    2015-12-18 11:52 - 2015-12-25 14:26 - 00000000 ____D C:\Users\Toni\AppData\LocalLow\uTorrent
    2015-12-14 01:44 - 2015-12-14 01:44 - 00000000 ___RD C:\Users\Toni\Documents\Scanned Documents
    2015-12-14 01:44 - 2015-12-14 01:44 - 00000000 ____D C:\Users\Toni\Documents\Fax
    2015-12-05 12:24 - 2015-12-05 12:24 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2015-12-05 12:24 - 2015-12-05 12:24 - 00000000 ____D C:\Program Files\Common Files\AV
    2015-11-28 16:22 - 2015-11-28 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2015-11-28 16:22 - 2015-11-28 16:22 - 00000000 ____D C:\ProgramData\Apple Computer
    2015-11-28 16:22 - 2015-11-28 16:22 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2015-11-28 16:02 - 2015-11-28 16:02 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2015-11-28 16:02 - 2015-11-28 16:02 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-25 14:43 - 2014-10-22 21:21 - 00000000 ____D C:\Users\Toni\AppData\Roaming\uTorrent
    2015-12-25 14:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows
    2015-12-25 14:34 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-12-25 14:34 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-12-25 14:31 - 2009-07-14 07:13 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-12-25 14:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
    2015-12-25 14:25 - 2014-11-03 21:15 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-12-25 14:25 - 2014-10-22 17:33 - 00000000 ____D C:\ProgramData\NVIDIA
    2015-12-25 14:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-12-25 14:23 - 2014-10-22 19:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-12-25 14:22 - 2014-11-03 21:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-12-25 14:15 - 2014-11-03 21:15 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2015-12-25 14:13 - 2014-11-02 18:41 - 00000000 ____D C:\ProgramData\HitmanPro
    2015-12-25 13:53 - 2014-10-23 03:01 - 00001423 _____ C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-12-25 13:53 - 2014-10-23 03:01 - 00001389 _____ C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    2015-12-25 13:52 - 2015-04-19 15:35 - 00000813 _____ C:\Users\Toni\Desktop\DiRT 3 Complete Edition.lnk
    2015-12-25 13:52 - 2015-02-02 19:38 - 00001239 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
    2015-12-25 13:52 - 2014-12-17 22:12 - 00002002 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-12-25 13:52 - 2014-10-30 16:15 - 00001221 _____ C:\Users\Public\Desktop\MPEG Video Wizard DVD 5.0.lnk
    2015-12-25 13:52 - 2014-10-23 18:47 - 00000733 _____ C:\Users\Public\Desktop\GRID Autosport.lnk
    2015-12-25 13:52 - 2014-10-23 02:59 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    2015-12-25 13:52 - 2014-10-22 21:50 - 00002837 _____ C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
    2015-12-25 13:52 - 2014-10-22 19:13 - 00001110 _____ C:\Users\Toni\Desktop\Adobe Premiere Pro CS6.lnk
    2015-12-25 13:52 - 2014-10-22 18:34 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-12-25 13:52 - 2014-10-22 18:34 - 00001145 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-12-25 13:52 - 2014-10-22 18:27 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2015-12-25 13:52 - 2014-10-22 18:06 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
    2015-12-25 13:52 - 2009-07-14 07:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
    2015-12-25 13:52 - 2009-07-14 06:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-12-25 13:52 - 2009-07-14 06:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    2015-12-25 13:52 - 2009-07-14 06:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    2015-12-25 13:52 - 2009-07-14 06:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    2015-12-25 13:52 - 2009-07-14 06:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
    2015-12-25 13:45 - 2014-10-22 21:24 - 00000000 ____D C:\KMPlayer
    2015-12-25 13:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources
    2015-12-25 13:10 - 2014-12-29 21:27 - 00000000 ____D C:\Users\Toni\AppData\Local\Hotger
    2015-12-25 13:06 - 2014-12-29 21:27 - 00000000 ____D C:\Users\Toni\Documents\YouTubeDownloads
    2015-12-25 12:28 - 2014-10-22 18:02 - 00000000 ____D C:\Users\Toni\AppData\Local\Adobe
    2015-12-25 12:17 - 2014-10-22 18:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-12-22 14:57 - 2014-11-16 16:53 - 00000000 ____D C:\Users\Toni\AppData\Roaming\vlc
    2015-12-14 10:56 - 2014-10-23 03:01 - 00000000 ____D C:\Users\Toni\AppData\Local\VirtualStore
    2015-12-09 11:06 - 2014-10-22 17:27 - 00000000 ____D C:\Windows\SysWOW64\vbox
    2015-12-09 11:06 - 2014-10-22 17:27 - 00000000 ____D C:\Windows\system32\vbox
    2015-12-08 23:23 - 2014-10-22 19:28 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-12-08 23:23 - 2014-10-22 19:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-12-08 23:23 - 2014-10-22 19:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-12-07 13:13 - 2014-04-29 22:26 - 00000000 ___HD C:\Users\Toni\AppData\Local\Eg8lnRYWqJllIqj
    2015-12-05 13:17 - 2014-11-03 21:15 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-12-05 13:17 - 2014-11-03 21:15 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-11-28 16:02 - 2014-11-03 21:15 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2015-11-28 16:02 - 2014-11-03 21:15 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2015-11-28 16:02 - 2014-11-03 21:15 - 00154256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2015-11-28 16:02 - 2014-11-03 21:15 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-11-28 16:02 - 2014-11-03 21:15 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-11-28 16:02 - 2014-11-03 21:15 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2015-11-28 16:02 - 2014-11-03 21:15 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2015-11-28 16:01 - 2015-09-15 09:24 - 00147088 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
    2015-11-28 16:01 - 2014-11-03 21:15 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-21 18:44

    ==================== End of FRST.txt ============================

    Addition.txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте и Весела Коледа!

    Какъв е проблема за да знам къде да търся? В логовете на бърз преглед няма нищо зловредно...

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Изкачат ми реклами почити на целия екрани като се опитам да ги премахна и ми отваря сайтове с още реклами.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Само във Firefox ли е проблема?

    Изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
    Стартирайте FRST.exe и натиснете бутона Fix веднъж!
    След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
     
    Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

     

    След това задайте ръчно DNS-ите на Google:  (както са на снимката):

    8.8.8.8

    8.8.4.4

    При вас в момента само единия адрес е на Google - втория 8.8.8.8, но първия е на прокси и е добре да се премахне и да се замени с 8.8.8.8, а втория да стане 8.8.4.4

    Кликнете с десен бутон върху иконата на мрежовия адаптер в системния трей => Open network and sharing center => change adapter settings (линка вляво) => десен бутон върху мрежовия адаптер => properties => плъзнете плъзгача до Internet protocol version 4 (TCP/IPv4) =>   Properties и ще ги видите.

    K1zEE2t.jpg

    След това рестартирайте системата и пишете дали има подобрение.


    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Направих всичко както ми описахте и мисля че проблемът се решен. Не ми излизат вече реклами.

    Трябва ли сега да правя още някаква проверка или вече системата ми е чиста?

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Може ли все пак да видя лог файла от FRST - fixlog.txt? Изобщо преминахте ли през тази стъпка преди да смените DNS адреса?

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Не, този от първото стартиране. Това е лог файла от 2-второто такова:

    Цитат

    Run:2

    Други логове име ли в споменатите от мен папки?

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Това е друго нещо.

    Що се отнася дали да правим още проверки...видях, че вие вече сте проверили с Junkware Removal Tool, HitmanPro и Malwarebytes Anti-Malware...можем да направим 3 последни проверки, но не вярвам да открием нещо съществено...но за ваше успокоение ще ги направим.

     

    СТЪПКА 1

     

    icon_zps423a0d9f.jpgМоля изтеглете ZHPcleaner и я запазете на вашия десктоп.

    • Стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
    • Кликнете върху Ashampoo_Snap_20140819_13h09m50s_001__zp за да се съгласите с лицензионното споразумение.
    • Изберете бутона y3pI4LR.png.
    • Браузърите ще бъдат затворени автоматично.
    • Ще се отвори лог файл след прикючването на проверката.
    • Публикувайте лог файла в следващия си коментар.

     

    СТЪПКА 2

    • Изтеглете и стартирайтe 6sv1DN9.jpgAdwCleaner.exe.
    • От Options => сложете всички отметки (без последната).
    • Натиснете бутона Scan.
    • AdwCleaner ще започне да проверява компютъра.
    • След като проверката приключи натиснете бутона Clean.
    • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
    • Ще се появи автоматично лог файл с името (AdwCleaner[C0].txt) в C:\Adwcleaner
    • Публикувайте съдържанието му в следващия си коментар.

     

    СТЪПКА 3

     

    emsisoft_emergency_kit.pnglogo.png

    • Моля изтеглете EmsisoftEmergencyKit, стартирайте exe файла и посочете къде да се разархивира програмата - например в (C:\EEK), натискайки бутона Extract.
    • Стартирайте иконата на файла Start Emsisoft Emergency Kit от десктопа за да стартирате приложението.
    • Натиснете бутона"Yes", когато бъдете подканени да обновите дефинициите на програмата.

    EKK.gif

    • След като процеса по обновяването на дефинициите приключи натиснете бутона "Scan".
    • Натиснете бутона "Yes", когато бъдете попитани дали да програмата да включи засичането на потенциално нежелани приложения (Potentially Unwanted Applications).
    • Сега вече изберете бутона Custom Scan. Премахнете от списъка всички дялове без C:\ (т.е. нека да остане само дял C:\ в списъка).
    • Натиснете Next за да започне проверката.
    • Когато проверката приключи натиснете бутона View Report.
    • Копирайте съдържанието на лог файла в следващия си коментар.

     

    Поздрави!

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Emsisoft Emergency Kit - Version 10.0
    Last update: 26.12.2015 г. 21:45:39
    User account: Toni-PC\Toni

    Scan settings:

    Scan type: Custom Scan
    Objects: Rootkits, Memory, Traces, C:\

    Detect PUPs: Off
    Scan archives: On
    ADS Scan: On
    File extension filter: Off
    Advanced caching: On
    Direct disk access: Off

    Scan start:    26.12.2015 г. 21:48:10
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32     detected: Application.Win32.InstallExt (A)
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS     detected: Application.Win32.InstallExt (A)
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\BINGBAR_RASMANCS     detected: Application.Win32.InstallExt (A)

    Scanned    177799
    Found    3

    Scan end:    26.12.2015 г. 22:09:35
    Scan time:    0:21:25

     

    AdwCleaner[S1].txt

    ZHPCleaner-[S]-26122015-21_20_55.txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Повторете проверката със ZHPCleaner, но този път натиснете бутона Repair. Като се отвори списъка с намерените неща за почистване натиснете отново бутона Repair. Като приключи натиснете бутпна Report и запазете файла на десктопа и го публикувайте в следващия си коментар.

    За да изтрием намерените неща от Emsisoft направете следното:

    Изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
    Стартирайте FRST.exe и натиснете бутона Fix веднъж!
    След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
     
    Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

    След това сме готови...вижте финалните ми инструкции тук.

    Поздрави и приятни почивни дни! :despicable-me-2-minion-4:

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    • Горещи теми в момента

    • Подобни теми

      • от tany
        От известно време 3-4 пъти месечно "Актуализация" ми иска съгласието да го инсталирам.Аз отказвам но след 6-7 дни пак опит 
        и така вече няколко месеца.Нямам представа дали е вирус,нямам проблеми с компютъра,няма забивания или забавяне.
        Ето за това става въпрос
         
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2017
        Ran by Стоянчо (administrator) on DESKTOP-HV76MO6 (24-09-2017 23:11:02)
        Running from C:\Users\Стоянчо\Downloads
        Loaded Profiles: Стоянчо (Available Profiles: Стоянчо)
        Platform: Windows 10 Pro Version 1703 (X64) Language: Български (България)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
        (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
        (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
        (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
        () C:\Program Files\Gramblr\gramblr.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
        (Intel Corporation) C:\Windows\System32\igfxEM.exe
        (Intel Corporation) C:\Windows\System32\igfxHK.exe
        () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
        (Microsoft Corporation) C:\Windows\System32\dllhost.exe
        (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
        (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
        (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
        () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        ==================== Registry (Whitelisted) ===========================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
        HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
        Winlogon\Notify\igfxcui: igfxdev.dll [X]
        HKU\S-1-5-21-3274723310-3931731729-1199849900-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
        HKU\S-1-5-21-3274723310-3931731729-1199849900-1001\...\Run: [GoogleChromeAutoLaunch_7AC76D272A3C9865EEE36FF327D0728E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848 2017-08-23] (Google Inc.)
        Startup: C:\Users\Стоянчо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2016-12-26]
        ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Стоянчо\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Hosts: 127.0.0.1    localhost
        Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
        Tcpip\..\Interfaces\{2b43ead3-416b-49fc-acb0-4ea078b43530}: [DhcpNameServer] 192.168.42.129
        Tcpip\..\Interfaces\{9146b479-0d48-411c-83c0-18542761f0fe}: [DhcpNameServer] 95.87.194.4 192.168.0.1
        Tcpip\..\Interfaces\{a5340c57-e453-40ab-bfb5-c36cda227066}: [DhcpNameServer] 192.168.1.1
        Internet Explorer:
        ==================
        BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
        BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
        BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
        BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
        Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
        Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
        Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
        Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
        FireFox:
        ========
        FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
        FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-19] (Microsoft Corporation)
        FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-19] (Microsoft Corporation)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
        Chrome: 
        =======
        CHR DefaultProfile: Default
        CHR Profile: C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default [2017-09-24]
        CHR Extension: (Google Презентации) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-11]
        CHR Extension: (Google Документи) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-11]
        CHR Extension: (Google Диск) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-11]
        CHR Extension: (YouTube) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-11]
        CHR Extension: (Video Downloader professional) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-08-04]
        CHR Extension: (Електронни таблици от Google) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-11]
        CHR Extension: (Farmville 2 Beacon) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkkmnngogaccacpomdhdiahljbjihoc [2017-05-08]
        CHR Extension: (Google Документи офлайн) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-11]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
        CHR Extension: (Gmail) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-11]
        CHR Extension: (Chrome Media Router) - C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
        CHR Extension: (JobBoxPro) - C:\Users\Стоянчо\Downloads\Нова папка (6)\jobboxpro [2017-01-25]
        CHR Profile: C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-09-14]
        CHR Profile: C:\Users\Стоянчо\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-11]
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
        R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation)
        R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [11867216 2017-09-23] () [File not signed]
        R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
        S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
        S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-05-04] (Enigma Software Group USA, LLC.)
        R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255584 2017-08-19] (Synaptics Incorporated)
        R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
        R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-30] (Microsoft Corporation)
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
        S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [22704 2016-05-04] ()
        R1 MpKsl1045740a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1018B7D-39B5-48CE-97D7-3CAF92792300}\MpKsl1045740a.sys [44928 2017-09-24] (Microsoft Corporation)
        R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-03-18] (MediaTek Inc.)
        R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895224 2016-02-17] (Realtek )
        R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-09-13] (Ralink Technology, Corp.)
        S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
        S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
        S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-03-18] (Microsoft Corporation)
        S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
        R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
        R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
        R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-24 23:11 - 2017-09-24 23:12 - 000012716 _____ C:\Users\Стоянчо\Downloads\FRST.txt
        2017-09-24 23:10 - 2017-09-24 23:11 - 000000000 ____D C:\FRST
        2017-09-24 23:10 - 2017-09-24 23:10 - 002399744 _____ (Farbar) C:\Users\Стоянчо\Downloads\FRST64.exe
        2017-09-20 22:41 - 2017-09-20 22:43 - 000000000 ____D C:\Users\Стоянчо\Desktop\други
        2017-09-15 23:41 - 2017-09-15 23:41 - 017675071 _____ C:\Users\Стоянчо\Downloads\Milk and Honey- Didi(DVD Quality).mp4
        2017-09-13 07:05 - 2017-09-05 08:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
        2017-09-13 07:05 - 2017-09-05 08:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
        2017-09-13 07:05 - 2017-09-05 08:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
        2017-09-13 07:05 - 2017-09-05 08:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
        2017-09-13 07:05 - 2017-09-05 08:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
        2017-09-13 07:05 - 2017-09-05 08:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
        2017-09-13 07:05 - 2017-09-05 07:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
        2017-09-13 07:05 - 2017-09-05 07:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
        2017-09-13 07:05 - 2017-09-05 07:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
        2017-09-13 07:05 - 2017-09-05 07:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
        2017-09-13 07:05 - 2017-09-05 07:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
        2017-09-13 07:05 - 2017-09-05 07:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
        2017-09-13 07:05 - 2017-09-05 07:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
        2017-09-13 07:05 - 2017-09-05 07:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
        2017-09-13 07:05 - 2017-09-05 07:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
        2017-09-13 07:05 - 2017-09-05 07:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
        2017-09-13 07:05 - 2017-09-05 07:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
        2017-09-13 07:05 - 2017-09-05 07:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
        2017-09-13 07:05 - 2017-09-05 07:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
        2017-09-13 07:05 - 2017-09-05 07:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
        2017-09-13 07:05 - 2017-09-05 07:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
        2017-09-13 07:05 - 2017-09-05 07:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
        2017-09-13 07:05 - 2017-09-05 07:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
        2017-09-13 07:05 - 2017-09-05 07:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
        2017-09-13 07:05 - 2017-09-05 07:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
        2017-09-13 07:05 - 2017-09-05 07:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
        2017-09-13 07:05 - 2017-09-05 07:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
        2017-09-13 07:05 - 2017-09-05 07:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
        2017-09-13 07:05 - 2017-09-05 07:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
        2017-09-13 07:05 - 2017-09-05 07:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
        2017-09-13 07:05 - 2017-09-05 07:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
        2017-09-13 07:05 - 2017-09-05 07:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
        2017-09-13 07:05 - 2017-09-05 07:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
        2017-09-13 07:05 - 2017-09-05 07:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
        2017-09-13 07:05 - 2017-09-05 07:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
        2017-09-13 07:05 - 2017-09-05 07:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
        2017-09-13 07:05 - 2017-09-05 07:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
        2017-09-13 07:05 - 2017-09-05 07:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
        2017-09-13 07:05 - 2017-09-05 07:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
        2017-09-13 07:05 - 2017-09-05 07:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
        2017-09-13 07:05 - 2017-09-05 07:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
        2017-09-13 07:05 - 2017-09-05 07:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
        2017-09-13 07:05 - 2017-09-05 07:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
        2017-09-13 07:05 - 2017-09-05 07:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
        2017-09-13 07:05 - 2017-09-05 07:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
        2017-09-13 07:05 - 2017-09-05 07:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
        2017-09-13 07:05 - 2017-09-05 07:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
        2017-09-13 07:05 - 2017-09-05 07:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
        2017-09-13 07:05 - 2017-09-05 07:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
        2017-09-13 07:05 - 2017-09-05 07:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
        2017-09-13 07:05 - 2017-09-05 07:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
        2017-09-13 07:05 - 2017-09-05 07:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
        2017-09-13 07:05 - 2017-09-05 07:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
        2017-09-13 07:05 - 2017-09-05 07:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
        2017-09-13 07:05 - 2017-09-05 07:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
        2017-09-13 07:05 - 2017-09-05 07:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
        2017-09-13 07:05 - 2017-09-05 07:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
        2017-09-13 07:05 - 2017-09-05 07:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
        2017-09-13 07:05 - 2017-09-05 07:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
        2017-09-13 07:05 - 2017-09-05 07:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
        2017-09-13 07:05 - 2017-09-05 07:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
        2017-09-13 07:05 - 2017-09-05 07:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
        2017-09-13 07:05 - 2017-09-05 07:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
        2017-09-13 07:05 - 2017-09-05 07:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
        2017-09-13 07:05 - 2017-09-05 07:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
        2017-09-13 07:05 - 2017-09-05 07:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
        2017-09-13 07:05 - 2017-09-05 07:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
        2017-09-13 07:05 - 2017-09-05 07:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
        2017-09-13 07:05 - 2017-09-05 07:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
        2017-09-13 07:05 - 2017-09-05 07:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
        2017-09-13 07:05 - 2017-09-05 07:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
        2017-09-13 07:05 - 2017-09-05 07:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
        2017-09-13 07:05 - 2017-09-05 07:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
        2017-09-13 07:05 - 2017-09-05 07:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
        2017-09-13 07:05 - 2017-09-05 07:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
        2017-09-13 07:05 - 2017-09-05 07:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
        2017-09-13 07:05 - 2017-09-05 07:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
        2017-09-13 07:04 - 2017-09-05 08:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
        2017-09-13 07:04 - 2017-09-05 08:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
        2017-09-13 07:04 - 2017-09-05 08:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
        2017-09-13 07:04 - 2017-09-05 08:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
        2017-09-13 07:04 - 2017-09-05 08:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
        2017-09-13 07:04 - 2017-09-05 08:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
        2017-09-13 07:04 - 2017-09-05 08:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
        2017-09-13 07:04 - 2017-09-05 08:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
        2017-09-13 07:04 - 2017-09-05 08:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
        2017-09-13 07:04 - 2017-09-05 08:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
        2017-09-13 07:04 - 2017-09-05 08:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
        2017-09-13 07:04 - 2017-09-05 08:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
        2017-09-13 07:04 - 2017-09-05 08:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
        2017-09-13 07:04 - 2017-09-05 08:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
        2017-09-13 07:04 - 2017-09-05 08:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
        2017-09-13 07:04 - 2017-09-05 08:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
        2017-09-13 07:04 - 2017-09-05 08:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
        2017-09-13 07:04 - 2017-09-05 08:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
        2017-09-13 07:04 - 2017-09-05 08:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
        2017-09-13 07:04 - 2017-09-05 07:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
        2017-09-13 07:04 - 2017-09-05 07:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
        2017-09-13 07:04 - 2017-09-05 07:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
        2017-09-13 07:04 - 2017-09-05 07:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
        2017-09-13 07:04 - 2017-09-05 07:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
        2017-09-13 07:04 - 2017-09-05 07:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
        2017-09-13 07:04 - 2017-09-05 07:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
        2017-09-13 07:04 - 2017-09-05 07:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
        2017-09-13 07:04 - 2017-09-05 07:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
        2017-09-13 07:04 - 2017-09-05 07:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
        2017-09-13 07:04 - 2017-09-05 07:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
        2017-09-13 07:04 - 2017-09-05 07:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
        2017-09-13 07:04 - 2017-09-05 07:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
        2017-09-13 07:04 - 2017-09-05 07:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
        2017-09-13 07:04 - 2017-09-05 07:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
        2017-09-13 07:04 - 2017-09-05 07:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
        2017-09-13 07:04 - 2017-09-05 07:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
        2017-09-13 07:04 - 2017-09-05 07:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
        2017-09-13 07:04 - 2017-09-05 07:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
        2017-09-13 07:04 - 2017-09-05 07:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
        2017-09-13 07:04 - 2017-09-05 07:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
        2017-09-13 07:04 - 2017-09-05 07:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
        2017-09-13 07:04 - 2017-09-05 07:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
        2017-09-13 07:04 - 2017-09-05 07:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
        2017-09-13 07:04 - 2017-09-05 07:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
        2017-09-13 07:04 - 2017-09-05 07:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
        2017-09-13 07:04 - 2017-09-05 07:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
        2017-09-13 07:04 - 2017-09-05 07:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
        2017-09-13 07:04 - 2017-09-05 07:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
        2017-09-13 07:04 - 2017-09-05 07:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
        2017-09-13 07:04 - 2017-09-05 07:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
        2017-09-13 07:04 - 2017-09-05 07:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
        2017-09-13 07:04 - 2017-09-05 07:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
        2017-09-13 07:04 - 2017-09-05 07:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
        2017-09-13 07:04 - 2017-09-05 07:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
        2017-09-13 07:04 - 2017-09-05 07:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
        2017-09-13 07:04 - 2017-09-05 07:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
        2017-09-13 07:04 - 2017-09-05 07:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
        2017-09-13 07:04 - 2017-09-05 07:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
        2017-09-13 07:04 - 2017-09-05 07:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
        2017-09-13 07:04 - 2017-09-05 07:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
        2017-09-13 07:04 - 2017-09-05 07:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
        2017-09-13 07:04 - 2017-09-05 07:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
        2017-09-13 07:03 - 2017-09-05 08:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
        2017-09-13 07:03 - 2017-09-05 08:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
        2017-09-13 07:03 - 2017-09-05 08:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
        2017-09-13 07:03 - 2017-09-05 08:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
        2017-09-13 07:03 - 2017-09-05 08:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
        2017-09-13 07:03 - 2017-09-05 08:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
        2017-09-13 07:03 - 2017-09-05 08:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
        2017-09-13 07:03 - 2017-09-05 08:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
        2017-09-13 07:03 - 2017-09-05 08:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
        2017-09-13 07:03 - 2017-09-05 08:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
        2017-09-13 07:03 - 2017-09-05 08:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
        2017-09-13 07:03 - 2017-09-05 08:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
        2017-09-13 07:03 - 2017-09-05 08:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
        2017-09-13 07:03 - 2017-09-05 08:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
        2017-09-13 07:03 - 2017-09-05 08:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
        2017-09-13 07:03 - 2017-09-05 08:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
        2017-09-13 07:03 - 2017-09-05 08:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
        2017-09-13 07:03 - 2017-09-05 08:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
        2017-09-13 07:03 - 2017-09-05 08:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
        2017-09-13 07:03 - 2017-09-05 08:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
        2017-09-13 07:03 - 2017-09-05 08:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
        2017-09-13 07:03 - 2017-09-05 08:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
        2017-09-13 07:03 - 2017-09-05 08:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
        2017-09-13 07:03 - 2017-09-05 08:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
        2017-09-13 07:03 - 2017-09-05 08:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
        2017-09-13 07:03 - 2017-09-05 08:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
        2017-09-13 07:03 - 2017-09-05 08:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
        2017-09-13 07:03 - 2017-09-05 08:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
        2017-09-13 07:03 - 2017-09-05 08:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
        2017-09-13 07:03 - 2017-09-05 08:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
        2017-09-13 07:03 - 2017-09-05 08:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
        2017-09-13 07:03 - 2017-09-05 07:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
        2017-09-13 07:03 - 2017-09-05 07:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
        2017-09-13 07:03 - 2017-09-05 07:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
        2017-09-13 07:03 - 2017-09-05 07:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
        2017-09-13 07:03 - 2017-09-05 07:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
        2017-09-13 07:03 - 2017-09-05 07:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
        2017-09-13 07:03 - 2017-09-05 07:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
        2017-09-13 07:03 - 2017-09-05 07:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
        2017-09-13 07:03 - 2017-09-05 07:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
        2017-09-13 07:03 - 2017-09-05 07:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
        2017-09-13 07:03 - 2017-09-05 07:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
        2017-09-13 07:03 - 2017-09-05 07:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
        2017-09-13 07:03 - 2017-09-05 07:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
        2017-09-13 07:03 - 2017-09-05 07:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
        2017-09-13 07:03 - 2017-09-05 07:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
        2017-09-13 07:03 - 2017-09-05 07:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
        2017-09-13 07:03 - 2017-09-05 07:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
        2017-09-13 07:03 - 2017-09-05 07:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
        2017-09-13 07:03 - 2017-09-05 07:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
        2017-09-13 07:03 - 2017-09-05 07:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
        2017-09-13 07:03 - 2017-09-05 07:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
        2017-09-13 07:03 - 2017-09-05 07:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
        2017-09-13 07:03 - 2017-09-05 07:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
        2017-09-13 07:03 - 2017-09-05 07:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
        2017-09-13 07:03 - 2017-09-05 07:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
        2017-09-13 07:03 - 2017-09-05 07:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
        2017-09-13 07:03 - 2017-09-05 07:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
        2017-09-13 07:03 - 2017-09-05 07:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
        2017-09-13 07:03 - 2017-09-05 07:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
        2017-09-13 07:03 - 2017-09-05 07:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
        2017-09-13 07:03 - 2017-09-05 07:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
        2017-09-13 07:03 - 2017-09-05 07:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
        2017-09-13 07:03 - 2017-09-05 07:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
        2017-09-13 07:03 - 2017-09-05 07:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
        2017-09-13 07:03 - 2017-09-05 07:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
        2017-09-13 07:03 - 2017-09-05 07:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
        2017-09-13 07:03 - 2017-09-05 07:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
        2017-09-13 07:03 - 2017-09-05 07:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
        2017-09-13 07:03 - 2017-09-05 07:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
        2017-09-13 07:03 - 2017-09-05 07:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
        2017-09-13 07:03 - 2017-09-05 07:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
        2017-09-13 07:03 - 2017-09-05 07:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
        2017-09-13 07:03 - 2017-09-05 07:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
        2017-09-13 07:03 - 2017-09-05 07:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
        2017-09-13 07:03 - 2017-09-05 07:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
        2017-09-13 07:03 - 2017-09-05 07:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
        2017-09-13 07:03 - 2017-09-05 07:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
        2017-09-13 07:03 - 2017-09-05 07:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
        2017-09-13 07:03 - 2017-09-05 07:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
        2017-09-13 07:03 - 2017-09-05 07:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
        2017-09-13 07:03 - 2017-09-05 07:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
        2017-09-13 07:03 - 2017-09-05 07:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
        2017-09-13 07:03 - 2017-09-01 08:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
        2017-08-25 23:36 - 2017-09-13 21:06 - 000000000 ____D C:\Users\Стоянчо\Desktop\red
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-24 23:13 - 2017-02-05 23:56 - 000000000 ____D C:\ProgramData\Gramblr
        2017-09-24 22:54 - 2017-06-18 07:23 - 000000000 ____D C:\Users\Стоянчо\Desktop\яяь
        2017-09-24 20:10 - 2017-06-30 01:05 - 000004212 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{33349A0F-B0C0-4DB3-AFE6-0F51132F45D5}
        2017-09-24 19:38 - 2017-06-30 00:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
        2017-09-24 17:36 - 2017-06-30 01:05 - 000004276 _____ C:\WINDOWS\System32\Tasks\Software Updater
        2017-09-24 13:12 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\AppReadiness
        2017-09-24 13:06 - 2015-09-13 15:31 - 000000000 __SHD C:\Users\Стоянчо\IntelGraphicsProfiles
        2017-09-23 19:06 - 2015-09-13 15:01 - 000000000 ____D C:\Users\Стоянчо\AppData\Local\Packages
        2017-09-23 19:04 - 2015-09-25 17:35 - 000000000 ____D C:\Users\Стоянчо\AppData\Roaming\uTorrent
        2017-09-23 18:02 - 2017-07-18 10:48 - 000001085 _____ C:\Users\Стоянчо\Desktop\Нов текстов документ.txt
        2017-09-23 15:14 - 2017-02-05 23:57 - 000000000 ____D C:\Program Files\Gramblr
        2017-09-23 13:05 - 2017-06-30 01:03 - 002547028 _____ C:\WINDOWS\system32\PerfStringBackup.INI
        2017-09-23 13:05 - 2015-12-04 21:09 - 001132696 _____ C:\WINDOWS\system32\perfh002.dat
        2017-09-23 13:05 - 2015-12-04 21:09 - 000334978 _____ C:\WINDOWS\system32\perfc002.dat
        2017-09-23 13:00 - 2017-06-30 01:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
        2017-09-23 13:00 - 2017-03-18 14:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
        2017-09-23 07:37 - 2017-03-19 00:03 - 000000000 ___HD C:\Program Files\WindowsApps
        2017-09-22 07:46 - 2017-06-30 00:48 - 000000000 ____D C:\Users\Стоянчо
        2017-09-22 06:18 - 2017-07-27 20:57 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3274723310-3931731729-1199849900-1001
        2017-09-22 06:17 - 2015-09-13 15:03 - 000002401 _____ C:\Users\Стоянчо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
        2017-09-22 06:17 - 2015-09-13 15:03 - 000000000 ___RD C:\Users\Стоянчо\OneDrive
        2017-09-19 06:55 - 2015-10-09 22:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
        2017-09-18 21:49 - 2017-03-19 00:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
        2017-09-14 02:24 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\rescache
        2017-09-14 02:16 - 2017-03-19 00:01 - 000000000 ____D C:\WINDOWS\INF
        2017-09-13 18:18 - 2015-09-13 15:01 - 000000000 __RHD C:\Users\Public\AccountPictures
        2017-09-13 18:15 - 2017-06-30 00:42 - 000381448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
        2017-09-13 07:44 - 2017-03-20 06:21 - 000000000 ____D C:\WINDOWS\system32\bg
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ___SD C:\WINDOWS\system32\F12
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\setup
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
        2017-09-13 07:44 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
        2017-09-13 07:20 - 2015-09-13 17:14 - 000000000 ____D C:\WINDOWS\system32\MRT
        2017-09-13 07:16 - 2017-03-18 23:51 - 000000000 ____D C:\WINDOWS\CbsTemp
        2017-09-13 07:16 - 2015-09-13 17:14 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
        2017-09-02 18:15 - 2017-03-19 00:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
        2017-09-02 18:15 - 2017-03-19 00:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
        2017-08-29 06:58 - 2016-09-11 19:33 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2017-08-26 15:34 - 2017-08-05 17:48 - 000000000 ____D C:\Users\Стоянчо\Desktop\;[;.[plpl
        2017-08-25 07:37 - 2017-07-28 23:11 - 000000000 ____D C:\Users\Стоянчо\Desktop\dfere
        ==================== Files in the root of some directories =======
        2016-01-17 08:06 - 2017-07-17 07:19 - 000009216 _____ () C:\Users\Стоянчо\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        2016-07-17 20:30 - 2016-07-17 20:30 - 000000036 _____ () C:\Users\Стоянчо\AppData\Local\housecall.guid.cache
        2015-09-13 15:16 - 2015-09-13 15:16 - 000000003 _____ () C:\Users\Стоянчо\AppData\Local\updater.log
        2015-09-13 15:16 - 2017-05-06 19:17 - 000000425 _____ () C:\Users\Стоянчо\AppData\Local\UserProducts.xml
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\WINDOWS\system32\winlogon.exe => File is digitally signed
        C:\WINDOWS\system32\wininit.exe => File is digitally signed
        C:\WINDOWS\explorer.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
        C:\WINDOWS\system32\svchost.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
        C:\WINDOWS\system32\services.exe => File is digitally signed
        C:\WINDOWS\system32\User32.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
        C:\WINDOWS\system32\userinit.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
        C:\WINDOWS\system32\rpcss.dll => File is digitally signed
        C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
        C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-09-19 19:38
        ==================== End of FRST.txt ============================
         
        Addition.txt
         
        Благодаря предварително.
      • от doktorkartar
        Здравейте, мина доста време от както ползвах услугите ви и съм изключително доволен от това. Проблема е че възстанових един стар backup (от преди години) на системата и загубих защитата си. Като цяло системата ми работи добре и не мисля че има кой знае какво притеснително в нея но за всеки случай да я проверим.
        Не съм сигурен но мисля че тук ми дадохте един файл (по скоро съдържание на host) в който бяха добавени много сайтове който да се блокирват при опит за посещение.
        Примерно: 0.0.0.0 www.google.com
         
        Другото за което също не съм сигурен е дали вие ми дадохте филтър на adblock за Мозила . От него също бях много доволен.
        И последното което ме притеснява проблем със самата Мозила. Не знам дали е от вирус или от самата програма. Проблема се изразява в това че като натисна на падащото меню в адресната лента то не се отваря. Всъщност се отваря но не се вижда абсолютно нищо. Цялото е чисто бяло и не се виждат сайтовете. Същото е при всички падащи менюта от Мозила: Падащото меню за търсачките (какво сме търсили) както и падащото меню на запазените регистрации.
         
        Общо взето това са ми притесненията а останалото те първа ще излезе на яве след сканиранията
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-10-2017 01 Ran by eclips (administrator) on ECLIPS-PC (19-10-2017 21:33:45) Running from C:\Users\eclips\Desktop Loaded Profiles: eclips (Available Profiles: eclips & Guest) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe () C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe () D:\- MOI NE6TA\DLNA\Serviio\bin\ServiioService.exe () D:\- MOI NE6TA\DLNA\Serviio\bin\ServiioService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Transaction Software, D 81829 Munich) H:\TECDOC_CD\1_2014\db\tbmux32.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{1E0F611B-DAE1-48B6-8208-5A38B3F56DB9}: [DhcpNameServer] 62.221.132.211 85.130.60.11 Tcpip\..\Interfaces\{5A334197-46EE-4622-AD06-D1F2AE57959E}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10181_1360_171019__yaie HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-1144684173-3877916052-1330907298-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10181_1360_171019__yaie&p={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2017-10-14] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2017-10-14] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-17] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2017-10-14] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-17] (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2017-10-14] (Kaspersky Lab ZAO) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated) BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.11.9.dll [2010-11-09] (BitComet) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2017-10-14] (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2017-10-14] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-17] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2017-10-14] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-17] (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2017-10-14] (Kaspersky Lab ZAO) FireFox: ======== FF DefaultProfile: 7lwtatk8.default-1507842258539 FF ProfilePath: C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 [2017-10-19] FF NewTab: Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10181_1360_171019__yaff FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 -> Yahoo® FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 -> Yahoo® FF Homepage: Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10181_1360_171019__yaff FF Extension: (Search Shield Study) - C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539\Extensions\@unified-urlbar-shield-study-opt-out-new-users.xpi [2017-10-13] FF Extension: (AdBlock) - C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-10-14] FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-13] FF Extension: (Adblock Plus) - C:\Users\eclips\AppData\Roaming\Mozilla\Firefox\Profiles\7lwtatk8.default-1507842258539\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-10-19] FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2017-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: (Virtual Keyboard) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2017-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: (Dangerous Websites Blocker) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2017-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: (Anti-Banner) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2017-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: (Safe Money) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2017-10-14] [not signed] FF HKU\S-1-5-21-1144684173-3877916052-1330907298-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-18] () FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2013-12-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-17] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-17] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-14] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-11] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.) FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [No File] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2010-08-24] (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-09-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013-04-09] (Nullsoft, Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17] CHR crx: C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\default_apps\search.crx [2014-03-15] CHR crx: C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\default_apps\search.crx [2014-02-20] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed] R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2017-10-14] (Kaspersky Lab ZAO) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) S4 CyberLink PowerDVD 13 Media Server Monitor Service; D:\PROGRAMKI\Power DVD\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-05-03] (CyberLink) S4 CyberLink PowerDVD 13 Media Server Service; D:\PROGRAMKI\Power DVD\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-05-03] (CyberLink) R2 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1232880 2014-05-04] () R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S4 Samsung Link Service; D:\- MOI NE6TA\Samsung Link\Samsung Link.exe [604512 2014-05-19] (Copyright 2013 SAMSUNG) R2 Serviio; D:\- MOI NE6TA\DLNA\Serviio\bin\ServiioService.exe [413696 2016-10-17] () [File not signed] S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed] R2 Transbase TECDOC CD 1_2014 Service; H:\TECDOC_CD\1_2014\db\tbmux32.exe [360448 2013-02-25] (Transaction Software, D 81829 Munich) [File not signed] R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-10-16] (Microsoft Corporation) S2 Hamachi2Svc; H:\Programki\Hamachi\hamachi-2.exe -s [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2012-11-06] (Advanced Micro Devices) [File not signed] R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-11-20] (DT Soft Ltd) R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-10-19] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2017-10-14] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2017-10-14] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2017-10-14] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2017-10-14] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2017-10-14] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2017-10-14] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2017-10-14] (Kaspersky Lab ZAO) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [192952 2017-10-19] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-10-19] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45504 2017-10-19] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-19] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-10-19] (Malwarebytes) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [60416 2013-10-16] (Microsoft Corporation) R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; D:\PROGRAMKI\Power DVD\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-05-03] (CyberLink Corp.) S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-19 21:33 - 2017-10-19 21:34 - 000021252 _____ C:\Users\eclips\Desktop\FRST.txt 2017-10-19 21:30 - 2017-10-19 21:30 - 002402816 _____ (Farbar) C:\Users\eclips\Desktop\FRST64.exe 2017-10-19 21:25 - 2017-10-19 21:25 - 019012622 _____ C:\Users\eclips\Desktop\unhackme.zip 2017-10-19 20:51 - 2017-10-19 20:51 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2017-10-19 20:51 - 2017-10-19 20:51 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2017-10-19 20:51 - 2017-10-19 20:51 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-10-19 20:50 - 2017-10-19 20:50 - 000045504 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-10-19 20:07 - 2017-10-19 20:51 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-10-19 20:07 - 2017-10-19 20:50 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-10-19 20:07 - 2017-10-19 20:07 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-10-19 20:07 - 2017-10-19 20:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-10-19 20:05 - 2017-10-19 20:05 - 000000000 ____D C:\Windows\system32\Drivers\etc\BACKUP 2017-10-19 16:27 - 2017-10-19 20:41 - 000000000 ____D C:\Users\eclips\Desktop\bsplayer_pro271.1081 2017-10-19 16:20 - 2017-10-19 16:20 - 000003164 _____ C:\Windows\System32\Tasks\klcp_update 2017-10-19 16:20 - 2017-10-19 16:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2017-10-19 16:20 - 2017-10-19 16:20 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2017-10-19 16:20 - 2017-07-30 13:50 - 003850240 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll 2017-10-19 16:20 - 2017-07-30 13:50 - 003799552 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll 2017-10-19 16:20 - 2015-12-18 12:00 - 000755200 _____ C:\Windows\system32\xvidcore.dll 2017-10-19 16:20 - 2015-12-18 12:00 - 000309248 _____ C:\Windows\system32\xvidvfw.dll 2017-10-19 16:20 - 2015-12-18 12:00 - 000282112 _____ C:\Windows\SysWOW64\xvidvfw.dll 2017-10-19 16:20 - 2015-10-24 19:00 - 000126976 _____ C:\Windows\system32\ff_vfw.dll 2017-10-19 16:20 - 2015-10-24 19:00 - 000112128 _____ C:\Windows\SysWOW64\ff_vfw.dll 2017-10-19 16:20 - 2012-07-21 13:55 - 000180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm 2017-10-19 16:20 - 2012-07-21 13:54 - 000122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm 2017-10-19 16:20 - 2011-12-07 20:37 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll 2017-10-19 16:20 - 2011-12-07 20:32 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll 2017-10-19 16:16 - 2017-10-19 16:18 - 052381992 _____ (KLCP ) C:\Users\eclips\Desktop\K-Lite_Codec_Pack_1359_Mega.exe 2017-10-19 15:58 - 2017-10-19 15:58 - 010563576 _____ C:\Users\eclips\Desktop\bsplayer271.setup.exe 2017-10-19 15:54 - 2017-10-19 15:58 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Lavasoft 2017-10-19 15:54 - 2017-10-19 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2017-10-19 15:54 - 2017-10-19 15:58 - 000000000 ____D C:\Program Files (x86)\Lavasoft 2017-10-19 15:54 - 2017-10-19 15:54 - 000000000 ____D C:\Users\eclips\AppData\Local\Lavasoft 2017-10-19 15:53 - 2017-10-19 15:58 - 000000000 ____D C:\ProgramData\Lavasoft 2017-10-19 15:44 - 2017-10-19 16:29 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk 2017-10-19 15:44 - 2017-10-19 16:29 - 000001147 _____ C:\Users\Public\Desktop\BS.Player PRO.lnk 2017-10-19 15:44 - 2017-10-19 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh 2017-10-19 15:37 - 2017-10-19 15:39 - 053285758 _____ (KLCP ) C:\Users\eclips\Desktop\K-Lite_Codec_Pack_1360_Mega.exe 2017-10-19 14:57 - 2017-10-19 14:57 - 000091280 _____ C:\Users\eclips\Desktop\WAR_2017.(subs.sab.bz).rar 2017-10-17 23:41 - 2013-12-10 14:50 - 000955888 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2017-10-17 23:41 - 2013-12-10 14:50 - 000839152 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2017-10-17 23:40 - 2017-10-17 23:40 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2017-10-17 23:39 - 2017-10-17 23:39 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Sun 2017-10-17 23:38 - 2017-10-17 23:38 - 000000000 ____D C:\Users\eclips\AppData\LocalLow\Oracle 2017-10-14 20:33 - 2017-10-14 20:33 - 000032774 _____ C:\Users\eclips\Desktop\IT_2017_NEW_HD_TS_60FPS_x264_HQ_CPG.(subs.sab.bz).rar 2017-10-14 19:44 - 2017-10-17 23:33 - 000000000 ____D C:\Program Files\Common Files\AV 2017-10-14 19:44 - 2017-10-14 19:44 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2017-10-14 19:16 - 2017-10-14 19:16 - 008250832 _____ (Malwarebytes) C:\Users\eclips\Downloads\adwcleaner_7.0.3.1.exe 2017-10-14 19:12 - 2017-10-17 23:33 - 000002334 _____ C:\Users\eclips\Desktop\Safe Money.lnk 2017-10-14 19:12 - 2017-10-14 19:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2017-10-14 19:12 - 2017-10-14 19:11 - 000001124 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2017-10-14 19:11 - 2017-10-14 19:43 - 000625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2017-10-14 19:11 - 2017-10-14 19:43 - 000115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2017-10-14 19:11 - 2017-10-14 19:11 - 000000000 ____D C:\Windows\ELAMBKUP 2017-10-14 19:11 - 2017-10-14 19:11 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab 2017-10-14 19:11 - 2013-05-06 09:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2017-10-14 16:17 - 2017-10-19 20:41 - 000000000 ____D C:\ProgramData\NVIDIA 2017-10-14 16:17 - 2017-10-14 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-10-14 16:16 - 2009-07-10 07:01 - 000539168 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE 2017-10-14 16:15 - 2009-12-03 18:43 - 000000000 ____D C:\Users\eclips\Downloads\VGA_Win7-64(190.38)e 2017-10-14 16:15 - 2009-07-14 11:54 - 015005696 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 011327776 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2017-10-14 16:15 - 2009-07-14 11:54 - 010854400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 009375232 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 007565824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 002617856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 002258976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 002169376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001983488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001723424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001706528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001291776 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 001044992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 000930272 _____ (Microsoft Corporation) C:\Windows\system32\dpinst.exe 2017-10-14 16:15 - 2009-07-14 11:54 - 000539168 _____ (NVIDIA Corporation) C:\Windows\system32\nvudisp.exe 2017-10-14 16:15 - 2009-07-14 11:54 - 000167936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod157.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 000167936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod.dll 2017-10-14 16:15 - 2009-07-14 11:54 - 000011168 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvBridge.kmd 2017-10-14 16:15 - 2009-07-14 11:54 - 000010161 _____ C:\Windows\system32\nvdisp.nvu 2017-10-14 16:14 - 2017-10-14 16:15 - 153992488 _____ C:\Users\eclips\Downloads\VGA_Win7-64(190.38)e.zip 2017-10-14 16:13 - 2017-10-19 21:13 - 000000000 ____D C:\Users\eclips\AppData\LocalLow\Mozilla 2017-10-13 22:03 - 2017-10-13 22:03 - 000033952 _____ C:\Users\eclips\Downloads\the.flash.2014.s04e01.hdtv.x264(subsunacs.net).rar 2017-10-13 01:17 - 2017-10-13 01:17 - 000000000 ____D C:\ProgramData\MB2Migration 2017-10-13 01:17 - 2017-10-13 01:17 - 000000000 ____D C:\Program Files\Malwarebytes 2017-10-13 01:12 - 2017-10-14 15:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-10-13 00:34 - 2017-10-18 00:30 - 005818880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2017-10-13 00:04 - 2017-10-13 00:04 - 000000000 ____D C:\Users\eclips\Desktop\Стари данни Firefox 2017-10-13 00:01 - 2017-10-13 01:17 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-10-12 23:30 - 2017-10-13 00:35 - 000000000 ____D C:\Users\eclips\AppData\Local\Dropbox 2017-10-12 23:30 - 2017-10-12 23:30 - 000000000 ____D C:\ProgramData\Dropbox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-19 21:33 - 2014-07-01 19:48 - 000000000 ____D C:\FRST 2017-10-19 21:15 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\tracing 2017-10-19 20:49 - 2009-07-14 07:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-10-19 20:49 - 2009-07-14 07:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-10-19 20:43 - 2014-02-12 12:17 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2017-10-19 20:41 - 2013-11-19 23:28 - 000065536 _____ C:\Windows\system32\Ikeext.etl 2017-10-19 20:41 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-10-19 20:40 - 2013-11-19 19:37 - 000000000 ____D C:\Users\eclips\AppData\Roaming\BitComet 2017-10-19 20:06 - 2013-12-07 21:43 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-10-19 19:14 - 2014-05-28 13:04 - 000000000 ____D C:\AdwCleaner 2017-10-19 16:28 - 2013-11-19 23:49 - 000000000 ____D C:\Users\eclips\AppData\Roaming\BSplayer Pro 2017-10-19 16:27 - 2013-11-19 23:49 - 000000000 ____D C:\Program Files (x86)\Webteh 2017-10-19 16:23 - 2013-11-19 23:49 - 000000000 ____D C:\Users\eclips\AppData\Roaming\BSplayer 2017-10-18 19:40 - 2014-02-13 20:08 - 000000000 ____D C:\ADCDA2 2017-10-18 11:24 - 2013-12-18 22:51 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Skype 2017-10-18 00:30 - 2013-12-10 11:19 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-10-18 00:30 - 2013-11-20 11:44 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-10-18 00:30 - 2013-11-20 11:44 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-10-18 00:30 - 2013-11-20 11:44 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-10-18 00:30 - 2013-11-20 11:44 - 000000000 ____D C:\Windows\system32\Macromed 2017-10-17 23:42 - 2014-01-21 17:33 - 000000000 ____D C:\Program Files (x86)\Java 2017-10-17 23:41 - 2014-01-21 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-10-17 23:41 - 2013-12-10 14:50 - 000000000 ____D C:\Program Files\Java 2017-10-17 23:40 - 2013-12-10 14:50 - 000319552 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2017-10-17 23:40 - 2013-12-10 14:50 - 000206912 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2017-10-17 23:40 - 2013-12-10 14:50 - 000206912 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2017-10-17 23:39 - 2014-09-01 14:38 - 000270912 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2017-10-17 23:39 - 2014-09-01 14:38 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2017-10-17 23:39 - 2014-01-21 17:34 - 000000000 ____D C:\ProgramData\Oracle 2017-10-14 21:22 - 2013-12-04 16:02 - 000000000 ____D C:\Users\eclips\AppData\Roaming\vlc 2017-10-14 19:43 - 2013-06-10 12:27 - 000029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys 2017-10-14 19:43 - 2013-06-06 17:38 - 000178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2017-10-14 19:43 - 2013-05-06 09:22 - 000458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2017-10-14 19:43 - 2013-05-05 22:42 - 000029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys 2017-10-14 19:43 - 2013-05-05 22:42 - 000029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys 2017-10-14 19:28 - 2013-11-20 17:22 - 000000000 ____D C:\Windows\pss 2017-10-14 19:11 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf 2017-10-14 18:40 - 2014-01-05 21:34 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Dropbox 2017-10-14 16:24 - 2009-07-14 08:13 - 000785366 _____ C:\Windows\system32\PerfStringBackup.INI 2017-10-14 16:17 - 2014-05-12 23:13 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-10-14 16:17 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\Help 2017-10-14 15:37 - 2013-12-10 11:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-10-13 22:40 - 2013-11-19 23:41 - 000000000 ____D C:\ProgramData\AMD 2017-10-13 00:01 - 2013-12-07 21:44 - 000000000 ____D C:\Users\eclips\AppData\Roaming\Malwarebytes 2017-10-13 00:01 - 2013-12-07 21:43 - 000000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2017-10-13 00:00 - 2013-11-19 21:24 - 000000000 ____D C:\ProgramData\TuneUp Software ==================== Files in the root of some directories ======= 2014-01-04 21:14 - 2014-01-04 21:14 - 001615904 ____R () C:\Users\eclips\AppData\Local\ASbs.ac 2014-05-12 11:02 - 2014-05-12 11:02 - 000585728 _____ () C:\Users\eclips\AppData\Local\file__0.localstorage 2013-11-19 22:07 - 2013-11-19 22:07 - 000000017 ____R () C:\Users\eclips\AppData\Local\resmon.resmoncfg 2014-09-14 20:59 - 2014-09-15 21:08 - 010807116 _____ () C:\ProgramData\OfflineCatalogue_1_2014_TECDOC_CD.log 2014-09-14 21:05 - 2014-09-14 21:05 - 000006106 _____ () C:\ProgramData\UninstallOfflineCatalogue.log Some files in TEMP: ==================== 2014-09-15 19:44 - 2011-02-11 18:36 - 023454528 ____N ( ) C:\Users\eclips\AppData\Local\Temp\AdbeRdr_en_US.exe 2014-09-07 14:19 - 2014-09-07 14:19 - 007850088 _____ (Microsoft Corporation) C:\Users\eclips\AppData\Local\Temp\BingBarSetup-Partner.exe 2017-10-13 22:07 - 2017-10-13 22:07 - 016739360 _____ () C:\Users\eclips\AppData\Local\Temp\BitBEFB.tmp.exe 2017-10-14 18:40 - 2017-10-14 18:40 - 000043008 _____ () C:\Users\eclips\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprkbc9q.dll 2014-01-31 06:29 - 2014-01-31 06:29 - 000341120 _____ (Gretech Corporation) C:\Users\eclips\AppData\Local\Temp\ExPromo.exe 2014-07-01 12:48 - 2014-09-29 20:15 - 000035224 _____ () C:\Users\eclips\AppData\Local\Temp\i4jdel0.exe 2014-07-28 08:15 - 2014-07-28 08:15 - 000918440 _____ (Oracle Corporation) C:\Users\eclips\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe 2017-09-08 19:04 - 2017-09-08 19:04 - 001856576 _____ (Oracle Corporation) C:\Users\eclips\AppData\Local\Temp\jre-8u151-windows-au.exe 2014-07-29 18:48 - 2014-07-29 18:48 - 000021888 _____ () C:\Users\eclips\AppData\Local\Temp\ochelper.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-10-18 20:24 ==================== End of FRST.txt ============================  
        Addition.txt
      • от Rada Beliata
        Здравейте, тази сутрин, отваряйки си компа установих, че се е самонастанила непоискана от мен търсачка Bing мястото на стандартния ми Google. Не зная да не би проблема да е по-голям и за това не пробвам да я чистя , а директно пускам тук файловете от сканирането:
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
        Ran by User (administrator) on USER-PC (06-11-2017 14:32:42)
        Running from C:\Users\User\Desktop
        Loaded Profiles: User (Available Profiles: User & Guest)
        Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
        (AMD) C:\Windows\System32\atiesrxx.exe
        (AMD) C:\Windows\System32\atieclxx.exe
        (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
        (Microsoft Corporation) C:\Windows\System32\wlanext.exe
        (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
        (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
        () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
        (Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
        (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
        (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
        (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
        (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
        (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
        (Viber Media S.à r.l.) C:\Users\User\AppData\Local\Viber\Viber.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe
        (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
        (Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
        (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
        (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
        () C:\Program Files (x86)\SoundTouch\SoundTouchHelper\SoundTouchHelper.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Bose Corporation) C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Microsoft Corporation) C:\Windows\System32\dllhost.exe
        ==================== Registry (Whitelisted) ===========================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-16] (Dell Inc.)
        HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
        HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
        HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
        HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328 2007-09-20] (Nero AG)
        HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1611160 2011-03-28] (CANON INC.)
        HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
        HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
        HKLM-x32\...\Run: [SoundTouchHelper] => C:\Program Files (x86)\SoundTouch\SoundTouchHelper\SoundTouchHelper.exe [952832 2017-09-18] ()
        HKLM-x32\...\Run: [SoundTouch Music Server] => C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.lnk [2172 2017-09-26] ()
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [googletalk] => C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-30] (Google Inc.)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-09-20] (Nero AG)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Viber] => C:\Users\User\AppData\Local\Viber\Viber.exe [38871120 2017-10-24] (Viber Media S.à r.l.)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\Policies\Explorer: [] 
        HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\...\MountPoints2: {b89e904f-c580-11e0-ae91-806e6f6e6963} - E:\setup.exe
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
        Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
        Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{61285D62-0825-4C6A-8F7B-F187EF6B7C4E}: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{BEC2B3B5-8A62-4C8D-947B-942060F59681}: [NameServer] 10.250.238.3 10.250.238.4
        Tcpip\..\Interfaces\{E2C5FBF5-BC9E-4F83-8514-C9EC7DB41090}: [DhcpNameServer] 192.168.1.1
        Internet Explorer:
        ==================
        HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
        HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
        SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
        SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
        SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
        SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
        SearchScopes: HKU\S-1-5-21-2108872990-2365937994-3429966836-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ADFA_en
        SearchScopes: HKU\S-1-5-21-2108872990-2365937994-3429966836-1000 -> {01331362-9AB4-4EF8-B80F-17A753AABA26} URL = hxxps://www.google.com/search?q={searchTerms}
        SearchScopes: HKU\S-1-5-21-2108872990-2365937994-3429966836-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ADFA_en
        BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
        BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
        BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-08-19] (Oracle Corporation)
        Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
        DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://e-fibank.bg/EBank/CAPICOM/capicom.cab
        DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
        Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
        FireFox:
        ========
        FF DefaultProfile: 0nh7i0xu.default-1396792165575
        FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 [2017-10-19]
        FF DefaultSearchEngine: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> Bing 
        FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> Bing 
        FF SelectedSearchEngine: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> Bing 
        FF Homepage: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-us
        hxxps://www.malwarebytes.org/restorebrowser//?u=10b253f49536d7c82625e2601c9d32eb&c=1000_2&src=hp&inst=1471229042
        FF Keyword.URL: Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575 -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
        FF Extension: (Bing Search) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575\Extensions\bingsearch.full@microsoft.com.xpi [2017-09-10]
        FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575\searchplugins\bing-.xml [2017-09-10]
        FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0nh7i0xu.default-1396792165575\searchplugins\google-.xml [2016-05-02]
        FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
        FF Plugin-x32: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-08-19] (Oracle Corporation)
        FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\new_plugin\npjp2.dll [No File]
        FF Plugin-x32: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-08-19] (Oracle Corporation)
        FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
        FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
        FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
        FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
        FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
        FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
        FF Plugin HKU\S-1-5-21-2108872990-2365937994-3429966836-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
        FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
        Chrome: 
        =======
        CHR DefaultProfile: Profile 1
        CHR HomePage: Profile 1 -> msn.com
        CHR StartupUrls: Profile 1 -> "hxxp://www.google.com"
        CHR NewTab: Profile 1 ->  Active:"chrome-extension://fcfenmboojpjinhpgggodefccipikbpd/newTab.html", Not-active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/stubby.html"
        CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-07-03]
        CHR Extension: (Google Translate) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-20]
        CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
        CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
        CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
        CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-07]
        CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
        CHR Extension: (Dropbox for Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-01-31]
        CHR Extension: (Email Game) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbobaphhmjpchjknfpcnlhcbkjbclge [2015-07-19]
        CHR Extension: (Gmail Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-07-19]
        CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-14]
        CHR Extension: (Dnevnik.bg) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgpgbimpbapjogkgkgmdkcdimopnnljb [2015-07-19]
        CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
        CHR Extension: (Pin It Button) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-24]
        CHR Extension: (Facebook Invite All) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2016-01-31]
        CHR Extension: (Download Master) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2016-01-31]
        CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
        CHR Extension: (MultiHighlighter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifbglmlbpgpbflnkfpclkmckoollbn [2015-09-04]
        CHR Extension: (OokiCookie) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjmnhgnkikbajikhhbplekfmljhdhjm [2015-07-19]
        CHR Extension: (word highlight) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooabkmkhabkahcjbgpiajffckeibpdoa [2015-07-19]
        CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
        CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-03]
        CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-11-06]
        CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
        CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
        CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-02]
        CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20]
        CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-02]
        CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-26]
        CHR Extension: (Bing) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-11-06]
        CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
        CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
        CHR Extension: (FromDocToPDF) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2017-11-05]
        CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
        CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-30]
        CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-29]
        CHR Extension: (10b253f49536d7c82625e2601c9d32eb_2) - C:\Program Files (x86)\Google\Chrome\Application\10b253f49536d7c82625e2601c9d32eb_2 [2016-08-18]
        CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-03]
        CHR HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
        CHR HKU\S-1-5-21-2108872990-2365937994-3429966836-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
        S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-04-12] (Macrovision Europe Ltd.) [File not signed]
        R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
        R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
        R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
        R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
        R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
        R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
        S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
        R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-16] (Dell Inc.) [File not signed]
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [46960 2016-08-20] ()
        R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
        R1 MpKsl1dabfb16; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B742210-A60B-40E6-8C1C-30273624352C}\MpKsl1dabfb16.sys [58120 2017-11-06] (Microsoft Corporation)
        R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
        S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
        S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
        S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
        S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
        S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
        S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
        S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
        S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
        S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-11-06 14:32 - 2017-11-06 14:36 - 000022793 _____ C:\Users\User\Desktop\FRST.txt
        2017-11-06 14:32 - 2017-11-06 14:32 - 000000000 ____D C:\FRST
        2017-11-06 14:31 - 2017-11-06 14:31 - 002403328 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
        2017-10-29 13:08 - 2017-10-29 13:09 - 000000000 ____D C:\Users\User\AppData\Local\Viber
        2017-10-26 21:08 - 2017-10-26 21:08 - 000182233 _____ C:\Users\User\Desktop\Гръбначните изкривявания - Част VI_ Загуба на шийна лордоза (Forward Head Posture syndrome) _ Любомир Иванов.html
        2017-10-26 21:08 - 2017-10-26 21:08 - 000000000 ____D C:\Users\User\Desktop\Гръбначните изкривявания - Част VI_ Загуба на шийна лордоза (Forward Head Posture syndrome) _ Любомир Иванов_files
        2017-10-17 10:55 - 2017-10-17 10:55 - 000136163 _____ C:\Users\User\Desktop\Актуална цена за присъединяване.pdf
        2017-10-12 20:26 - 2017-10-12 20:26 - 000056320 _____ C:\Users\User\Desktop\Таксуване (1).xls
        2017-10-12 19:09 - 2017-10-12 19:09 - 000056320 _____ C:\Users\User\Desktop\Таксуване.xls
        2017-10-11 21:32 - 2017-09-13 17:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
        2017-10-11 21:32 - 2017-09-13 17:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
        2017-10-11 21:32 - 2017-09-13 17:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
        2017-10-11 21:32 - 2017-09-13 17:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
        2017-10-11 21:32 - 2017-09-13 17:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
        2017-10-11 21:32 - 2017-09-13 17:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
        2017-10-11 21:32 - 2017-09-13 17:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
        2017-10-11 21:32 - 2017-09-13 17:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
        2017-10-11 21:32 - 2017-09-13 17:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
        2017-10-11 21:32 - 2017-09-13 17:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 17:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
        2017-10-11 21:32 - 2017-09-13 17:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
        2017-10-11 21:32 - 2017-09-13 17:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
        2017-10-11 21:32 - 2017-09-13 17:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
        2017-10-11 21:32 - 2017-09-13 17:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
        2017-10-11 21:32 - 2017-09-13 16:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
        2017-10-11 21:32 - 2017-09-13 16:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
        2017-10-11 21:32 - 2017-09-13 16:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
        2017-10-11 21:32 - 2017-09-13 16:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
        2017-10-11 21:32 - 2017-09-13 16:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
        2017-10-11 21:32 - 2017-09-13 16:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
        2017-10-11 21:32 - 2017-09-13 16:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
        2017-10-11 21:32 - 2017-09-13 16:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
        2017-10-11 21:32 - 2017-09-13 16:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
        2017-10-11 21:32 - 2017-09-13 16:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
        2017-10-11 21:32 - 2017-09-13 16:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
        2017-10-11 21:32 - 2017-09-13 16:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
        2017-10-11 21:32 - 2017-09-09 02:45 - 000395984 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
        2017-10-11 21:32 - 2017-09-09 01:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
        2017-10-11 21:32 - 2017-09-08 17:34 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
        2017-10-11 21:32 - 2017-09-08 17:30 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
        2017-10-11 21:32 - 2017-09-08 17:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
        2017-10-11 21:32 - 2017-09-08 17:14 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
        2017-10-11 21:32 - 2017-09-08 17:13 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
        2017-10-11 21:32 - 2017-09-08 17:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
        2017-10-11 21:32 - 2017-09-08 17:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
        2017-10-11 21:32 - 2017-09-08 17:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
        2017-10-11 21:32 - 2017-09-08 17:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
        2017-10-11 21:32 - 2017-09-08 17:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
        2017-10-11 21:32 - 2017-09-08 17:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
        2017-10-11 21:32 - 2017-09-08 17:00 - 003222016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
        2017-10-11 21:32 - 2017-09-08 17:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
        2017-10-11 21:32 - 2017-09-08 17:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
        2017-10-11 21:32 - 2017-09-08 16:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
        2017-10-11 21:32 - 2017-09-08 16:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
        2017-10-11 21:32 - 2017-09-08 16:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
        2017-10-11 21:32 - 2017-09-08 16:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
        2017-10-11 21:32 - 2017-09-08 16:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
        2017-10-11 21:32 - 2017-09-07 23:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
        2017-10-11 21:32 - 2017-09-07 23:37 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
        2017-10-11 21:32 - 2017-09-07 23:19 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
        2017-10-11 21:32 - 2017-09-07 23:18 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
        2017-10-11 21:32 - 2017-09-07 23:18 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
        2017-10-11 21:32 - 2017-09-07 23:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
        2017-10-11 21:32 - 2017-09-07 23:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
        2017-10-11 21:32 - 2017-09-07 23:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
        2017-10-11 21:32 - 2017-09-07 23:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
        2017-10-11 21:32 - 2017-09-07 23:08 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
        2017-10-11 21:32 - 2017-09-07 23:07 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
        2017-10-11 21:32 - 2017-09-07 23:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
        2017-10-11 21:32 - 2017-09-07 23:01 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
        2017-10-11 21:32 - 2017-09-07 23:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
        2017-10-11 21:32 - 2017-09-07 23:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
        2017-10-11 21:32 - 2017-09-07 23:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
        2017-10-11 21:32 - 2017-09-07 22:52 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
        2017-10-11 21:32 - 2017-09-07 22:48 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
        2017-10-11 21:32 - 2017-09-07 22:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
        2017-10-11 21:32 - 2017-09-07 22:39 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
        2017-10-11 21:32 - 2017-09-07 22:38 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
        2017-10-11 21:32 - 2017-09-07 22:37 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
        2017-10-11 21:32 - 2017-09-07 22:33 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
        2017-10-11 21:32 - 2017-09-07 22:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
        2017-10-11 21:32 - 2017-09-07 22:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
        2017-10-11 21:32 - 2017-09-07 22:27 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
        2017-10-11 21:32 - 2017-09-07 22:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
        2017-10-11 21:32 - 2017-09-07 22:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
        2017-10-11 21:32 - 2017-09-07 22:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
        2017-10-11 21:32 - 2017-09-07 22:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
        2017-10-11 21:32 - 2017-09-07 22:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
        2017-10-11 21:32 - 2017-09-07 21:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
        2017-10-11 21:32 - 2017-09-07 21:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
        2017-10-11 21:32 - 2017-09-07 21:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
        2017-10-11 21:32 - 2017-09-07 21:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
        2017-10-11 21:32 - 2017-09-07 21:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
        2017-10-11 21:32 - 2017-09-07 21:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
        2017-10-11 21:32 - 2017-09-07 21:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
        2017-10-11 21:32 - 2017-09-07 21:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
        2017-10-11 21:32 - 2017-09-07 21:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
        2017-10-11 21:32 - 2017-09-07 21:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
        2017-10-11 21:32 - 2017-09-07 21:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
        2017-10-11 21:32 - 2017-09-07 21:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
        2017-10-11 21:32 - 2017-09-07 21:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
        2017-10-11 21:32 - 2017-09-07 21:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
        2017-10-11 21:32 - 2017-09-07 20:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
        2017-10-11 21:32 - 2017-09-07 20:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
        2017-10-11 21:32 - 2017-09-07 20:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
        2017-10-11 21:32 - 2017-09-07 20:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
        2017-10-11 21:32 - 2017-09-07 20:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
        2017-10-11 21:32 - 2017-09-07 20:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
        2017-10-11 21:32 - 2017-09-07 20:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
        2017-10-11 21:32 - 2017-09-07 20:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
        2017-10-11 21:32 - 2017-09-07 20:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
        2017-10-11 21:32 - 2017-09-07 20:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
        2017-10-11 21:32 - 2017-09-07 20:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
        2017-10-11 21:32 - 2017-09-07 20:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
        2017-10-11 21:32 - 2017-09-07 20:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
        2017-10-11 21:32 - 2017-09-07 20:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
        2017-10-11 21:32 - 2017-09-07 20:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
        2017-10-11 21:32 - 2017-09-07 20:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
        2017-10-11 21:32 - 2017-09-07 20:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
        2017-10-11 21:32 - 2017-09-07 20:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
        2017-10-11 21:32 - 2017-09-07 20:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
        2017-10-11 21:32 - 2017-09-07 19:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
        2017-10-11 21:32 - 2017-09-07 19:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
        2017-10-11 21:32 - 2017-09-07 17:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
        2017-10-11 21:32 - 2017-09-07 17:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
        2017-10-11 21:32 - 2017-09-07 16:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
        2017-10-11 21:32 - 2017-09-07 16:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
        2017-10-11 21:32 - 2017-09-07 16:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
        2017-10-11 21:32 - 2017-08-19 17:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
        2017-10-11 21:32 - 2017-08-19 17:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
        2017-10-11 21:32 - 2017-08-19 17:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
        2017-10-11 21:32 - 2017-08-19 17:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
        2017-10-11 21:32 - 2017-08-19 17:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
        2017-10-11 21:32 - 2017-08-19 17:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
        2017-10-11 21:32 - 2017-08-19 17:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
        2017-10-11 21:32 - 2017-08-19 17:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
        2017-10-11 21:32 - 2017-08-19 16:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
        2017-10-11 21:32 - 2017-08-19 16:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
        2017-10-11 21:32 - 2017-08-14 19:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
        2017-10-11 21:32 - 2017-08-14 19:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
        2017-10-11 21:32 - 2017-08-14 19:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
        2017-10-11 21:32 - 2017-08-13 23:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-11-06 14:26 - 2015-06-24 14:51 - 000000000 ____D C:\Users\User\Documents\ViberDownloads
        2017-11-06 14:26 - 2011-04-12 10:47 - 000000000 ____D C:\Users\User\AppData\Roaming\Skype
        2017-11-06 14:17 - 2011-05-26 17:50 - 000001004 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2108872990-2365937994-3429966836-1000UA.job
        2017-11-06 13:32 - 2009-07-14 06:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2017-11-06 13:32 - 2009-07-14 06:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2017-11-06 13:22 - 2009-07-14 07:13 - 000785786 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-11-06 13:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
        2017-11-06 13:20 - 2016-04-14 22:13 - 000000000 ____D C:\Users\User\AppData\Roaming\ViberPC
        2017-11-06 13:17 - 2016-03-27 23:35 - 000065536 _____ C:\Windows\system32\Ikeext.etl
        2017-11-06 13:17 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-11-05 18:17 - 2011-05-26 17:50 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2108872990-2365937994-3429966836-1000Core.job
        2017-11-05 10:53 - 2017-04-13 22:27 - 000000000 ___RD C:\Program Files (x86)\Skype
        2017-11-05 10:53 - 2011-04-12 10:46 - 000000000 ____D C:\ProgramData\Skype
        2017-11-05 10:47 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\tracing
        2017-10-31 11:15 - 2011-04-12 20:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
        2017-10-26 19:48 - 2017-07-25 10:39 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
        2017-10-25 19:32 - 2017-07-22 20:42 - 000000000 ____D C:\Users\User\AppData\Roaming\SoundTouch
        2017-10-25 19:32 - 2017-07-22 20:41 - 000000000 ____D C:\Program Files (x86)\SoundTouch
        2017-10-24 15:23 - 2013-01-16 17:48 - 000000000 ____D C:\ProgramData\CanonIJPLM
        2017-10-19 09:39 - 2016-12-19 08:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
        2017-10-19 09:39 - 2016-12-05 20:28 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
        2017-10-12 17:12 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
        2017-10-12 16:22 - 2009-07-14 06:45 - 002338848 _____ C:\Windows\system32\FNTCACHE.DAT
        2017-10-11 22:02 - 2011-04-12 11:16 - 000762140 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
        ==================== Files in the root of some directories =======
        2011-07-27 22:59 - 2011-07-27 22:59 - 000000000 ____H () C:\Users\User\AppData\Local\BIT7DB1.tmp
        2011-11-10 16:05 - 2011-11-10 16:05 - 000004096 ____H () C:\Users\User\AppData\Local\keyfile3.drm
        2011-07-27 22:59 - 2011-07-27 22:59 - 000000000 _____ () C:\Users\User\AppData\Local\{BE08E1F6-7B92-4E51-B565-F383E741847C}
        2011-07-28 14:34 - 2011-07-28 14:35 - 000000000 _____ () C:\Users\User\AppData\Local\{D390E0A7-E0A7-4120-9348-F90CD935A202}
        2011-04-12 12:27 - 2011-04-12 12:27 - 000000056 ____H () C:\ProgramData\ezsidmv.dat
        2016-03-12 22:11 - 2016-03-12 22:11 - 000000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
        Some files in TEMP:
        ====================
        2017-09-10 14:36 - 2017-09-10 14:36 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Temp\BSvcProcessor.exe
        2017-09-10 14:36 - 2017-09-10 14:36 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Temp\BSvcUpdater.exe
        2017-08-05 17:18 - 2017-10-06 16:51 - 058881488 _____ (Skype Technologies S.A.) C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\SysWOW64\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-10-31 11:55
        ==================== End of FRST.txt ============================
         
        Благодаря предваротелно за съдействието
         
        Addition.txt
      • от N1K17Y
        Теглих съмнителни торенти и мисля, че системата ми е заразена 
         
        Addition.txt
      • от Wrath
        Добър ден ! Днес забелязах, че имам чужди опити за логини във всичките си абв акаунти. От Нидерландия, Алжир, Оман и така нататък. Верятно да е фалшвиш ип адрес, но винаги има все пак.  Опитите за влизане са несполучливи понеже няма как да ми улучат паролата , но все пак се притесних. Ще съм супер благодарен за малко помощ ! 
        Addition.txt
        FRST.txt
    • Разглеждащи в момента   0 потребители

      Няма регистрирани потребители разглеждащи тази страница.

    • Дарение

    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.