Премини към съдържанието

    Препоръчан отговор


    tombat    3

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015
    Ran by Toni (administrator) on TONI-PC (25-12-2015 14:43:06)
    Running from D:\dowloads
    Loaded Profiles: Toni (Available Profiles: Toni)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (BitTorrent Inc.) C:\Users\Toni\AppData\Roaming\uTorrent\uTorrent.exe
    (Spotify Ltd) C:\Users\Toni\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (BitTorrent Inc.) C:\Users\Toni\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
    (BitTorrent Inc.) C:\Users\Toni\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-28] (AVAST Software)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKU\S-1-5-21-1245008870-2349687684-1380508342-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-1245008870-2349687684-1380508342-1000\...\Run: [uTorrent] => C:\Users\Toni\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-05] (BitTorrent Inc.)
    HKU\S-1-5-21-1245008870-2349687684-1380508342-1000\...\Run: [Spotify Web Helper] => C:\Users\Toni\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-21] (Spotify Ltd)
    HKU\S-1-5-21-1245008870-2349687684-1380508342-1000\...\Run: [Spotify] => C:\Users\Toni\AppData\Roaming\Spotify\Spotify.exe [8387696 2015-12-21] (Spotify Ltd)
    HKU\S-1-5-21-1245008870-2349687684-1380508342-1000\...\MountPoints2: {70e0be1a-e692-11e4-87ce-bc5ff4850c03} - F:\setup.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-28] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 185.82.216.244 8.8.8.8
    Tcpip\..\Interfaces\{1300AF3A-A141-409B-B572-FD2A99CD5D65}: [DhcpNameServer] 185.82.216.244 8.8.8.8

    Internet Explorer:
    ==================
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-28] (AVAST Software)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-28] (AVAST Software)
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\7d29xaqh.default
    FF Homepage: hxxp://google.bg/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-05-20] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-05-20] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Extension: Bronze Aid - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\7d29xaqh.default\Extensions\{a5adbf96-6c85-4c15-8d79-21aa419d172c}.xpi [2015-12-24] [not signed]
    FF Extension: Adblock Plus - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\7d29xaqh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-28]
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-11-28]

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
            
    CHR Profile: C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-07]
    CHR Extension: (Avast Online Security) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-07]
    CHR Extension: (Google Wallet) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-07]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-28]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-28]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-28] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5554152 2015-11-28] (Avast Software)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-28] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-28] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-28] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-28] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-28] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-28] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-28] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-28] (AVAST Software)
    S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [268896 2015-04-19] (SysProgs.org)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-11-28] (AVAST Software)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-11-28] (Avast Software)
    R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-25 14:42 - 2015-12-25 14:43 - 00000000 ____D C:\FRST
    2015-12-25 14:24 - 2015-12-25 14:24 - 00000563 _____ C:\Users\Toni\Desktop\JRT.txt
    2015-12-25 14:13 - 2015-12-25 14:13 - 00004548 _____ C:\Windows\system32\.crusader
    2015-12-25 13:36 - 2015-12-25 13:52 - 00000080 _____ C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\чTorrent.lnk
    2015-12-25 13:07 - 2015-12-25 13:07 - 00000000 ____D C:\Users\Toni\AppData\Local\Flvto
    2015-12-23 13:33 - 2015-12-25 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-12-22 14:57 - 2015-12-22 14:57 - 00000000 ____D C:\Users\Toni\AppData\Roaming\dvdcss
    2015-12-21 17:51 - 2015-12-25 14:26 - 00000000 ____D C:\Users\Toni\AppData\Roaming\Spotify
    2015-12-21 17:51 - 2015-12-25 14:26 - 00000000 ____D C:\Users\Toni\AppData\Local\Spotify
    2015-12-21 17:51 - 2015-12-25 13:53 - 00001768 _____ C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    2015-12-21 17:51 - 2015-12-25 13:52 - 00001762 _____ C:\Users\Toni\Desktop\Spotify.lnk
    2015-12-21 17:51 - 2015-12-21 17:51 - 00000000 ____D C:\Users\Toni\AppData\Local\CEF
    2015-12-18 15:52 - 2015-12-18 16:23 - 00000000 ____D C:\Users\Toni\Desktop\New folder
    2015-12-18 11:52 - 2015-12-25 14:26 - 00000000 ____D C:\Users\Toni\AppData\LocalLow\uTorrent
    2015-12-14 01:44 - 2015-12-14 01:44 - 00000000 ___RD C:\Users\Toni\Documents\Scanned Documents
    2015-12-14 01:44 - 2015-12-14 01:44 - 00000000 ____D C:\Users\Toni\Documents\Fax
    2015-12-05 12:24 - 2015-12-05 12:24 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2015-12-05 12:24 - 2015-12-05 12:24 - 00000000 ____D C:\Program Files\Common Files\AV
    2015-11-28 16:22 - 2015-11-28 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2015-11-28 16:22 - 2015-11-28 16:22 - 00000000 ____D C:\ProgramData\Apple Computer
    2015-11-28 16:22 - 2015-11-28 16:22 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2015-11-28 16:02 - 2015-11-28 16:02 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2015-11-28 16:02 - 2015-11-28 16:02 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-25 14:43 - 2014-10-22 21:21 - 00000000 ____D C:\Users\Toni\AppData\Roaming\uTorrent
    2015-12-25 14:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows
    2015-12-25 14:34 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-12-25 14:34 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-12-25 14:31 - 2009-07-14 07:13 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-12-25 14:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
    2015-12-25 14:25 - 2014-11-03 21:15 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-12-25 14:25 - 2014-10-22 17:33 - 00000000 ____D C:\ProgramData\NVIDIA
    2015-12-25 14:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-12-25 14:23 - 2014-10-22 19:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-12-25 14:22 - 2014-11-03 21:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-12-25 14:15 - 2014-11-03 21:15 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2015-12-25 14:13 - 2014-11-02 18:41 - 00000000 ____D C:\ProgramData\HitmanPro
    2015-12-25 13:53 - 2014-10-23 03:01 - 00001423 _____ C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-12-25 13:53 - 2014-10-23 03:01 - 00001389 _____ C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    2015-12-25 13:52 - 2015-04-19 15:35 - 00000813 _____ C:\Users\Toni\Desktop\DiRT 3 Complete Edition.lnk
    2015-12-25 13:52 - 2015-02-02 19:38 - 00001239 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
    2015-12-25 13:52 - 2014-12-17 22:12 - 00002002 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-12-25 13:52 - 2014-10-30 16:15 - 00001221 _____ C:\Users\Public\Desktop\MPEG Video Wizard DVD 5.0.lnk
    2015-12-25 13:52 - 2014-10-23 18:47 - 00000733 _____ C:\Users\Public\Desktop\GRID Autosport.lnk
    2015-12-25 13:52 - 2014-10-23 02:59 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    2015-12-25 13:52 - 2014-10-22 21:50 - 00002837 _____ C:\Users\Public\Desktop\Nero Burning ROM 11.lnk
    2015-12-25 13:52 - 2014-10-22 19:13 - 00001110 _____ C:\Users\Toni\Desktop\Adobe Premiere Pro CS6.lnk
    2015-12-25 13:52 - 2014-10-22 18:34 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-12-25 13:52 - 2014-10-22 18:34 - 00001145 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-12-25 13:52 - 2014-10-22 18:27 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2015-12-25 13:52 - 2014-10-22 18:06 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
    2015-12-25 13:52 - 2009-07-14 07:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
    2015-12-25 13:52 - 2009-07-14 06:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-12-25 13:52 - 2009-07-14 06:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    2015-12-25 13:52 - 2009-07-14 06:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    2015-12-25 13:52 - 2009-07-14 06:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    2015-12-25 13:52 - 2009-07-14 06:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
    2015-12-25 13:45 - 2014-10-22 21:24 - 00000000 ____D C:\KMPlayer
    2015-12-25 13:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources
    2015-12-25 13:10 - 2014-12-29 21:27 - 00000000 ____D C:\Users\Toni\AppData\Local\Hotger
    2015-12-25 13:06 - 2014-12-29 21:27 - 00000000 ____D C:\Users\Toni\Documents\YouTubeDownloads
    2015-12-25 12:28 - 2014-10-22 18:02 - 00000000 ____D C:\Users\Toni\AppData\Local\Adobe
    2015-12-25 12:17 - 2014-10-22 18:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-12-22 14:57 - 2014-11-16 16:53 - 00000000 ____D C:\Users\Toni\AppData\Roaming\vlc
    2015-12-14 10:56 - 2014-10-23 03:01 - 00000000 ____D C:\Users\Toni\AppData\Local\VirtualStore
    2015-12-09 11:06 - 2014-10-22 17:27 - 00000000 ____D C:\Windows\SysWOW64\vbox
    2015-12-09 11:06 - 2014-10-22 17:27 - 00000000 ____D C:\Windows\system32\vbox
    2015-12-08 23:23 - 2014-10-22 19:28 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-12-08 23:23 - 2014-10-22 19:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-12-08 23:23 - 2014-10-22 19:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-12-07 13:13 - 2014-04-29 22:26 - 00000000 ___HD C:\Users\Toni\AppData\Local\Eg8lnRYWqJllIqj
    2015-12-05 13:17 - 2014-11-03 21:15 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-12-05 13:17 - 2014-11-03 21:15 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-11-28 16:02 - 2014-11-03 21:15 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2015-11-28 16:02 - 2014-11-03 21:15 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2015-11-28 16:02 - 2014-11-03 21:15 - 00154256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2015-11-28 16:02 - 2014-11-03 21:15 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-11-28 16:02 - 2014-11-03 21:15 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-11-28 16:02 - 2014-11-03 21:15 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2015-11-28 16:02 - 2014-11-03 21:15 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2015-11-28 16:01 - 2015-09-15 09:24 - 00147088 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
    2015-11-28 16:01 - 2014-11-03 21:15 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-21 18:44

    ==================== End of FRST.txt ============================

    Addition.txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    B-boy/StyLe/    19535

    Здравейте и Весела Коледа!

    Какъв е проблема за да знам къде да търся? В логовете на бърз преглед няма нищо зловредно...

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    tombat    3

    Изкачат ми реклами почити на целия екрани като се опитам да ги премахна и ми отваря сайтове с още реклами.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    B-boy/StyLe/    19535

    Само във Firefox ли е проблема?

    Изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
    Стартирайте FRST.exe и натиснете бутона Fix веднъж!
    След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
     
    Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

     

    След това задайте ръчно DNS-ите на Google:  (както са на снимката):

    8.8.8.8

    8.8.4.4

    При вас в момента само единия адрес е на Google - втория 8.8.8.8, но първия е на прокси и е добре да се премахне и да се замени с 8.8.8.8, а втория да стане 8.8.4.4

    Кликнете с десен бутон върху иконата на мрежовия адаптер в системния трей => Open network and sharing center => change adapter settings (линка вляво) => десен бутон върху мрежовия адаптер => properties => плъзнете плъзгача до Internet protocol version 4 (TCP/IPv4) =>   Properties и ще ги видите.

    K1zEE2t.jpg

    След това рестартирайте системата и пишете дали има подобрение.


    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    tombat    3

    Направих всичко както ми описахте и мисля че проблемът се решен. Не ми излизат вече реклами.

    Трябва ли сега да правя още някаква проверка или вече системата ми е чиста?

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    B-boy/StyLe/    19535

    Може ли все пак да видя лог файла от FRST - fixlog.txt? Изобщо преминахте ли през тази стъпка преди да смените DNS адреса?

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    B-boy/StyLe/    19535

    Не, този от първото стартиране. Това е лог файла от 2-второто такова:

    Цитат

    Run:2

    Други логове име ли в споменатите от мен папки?

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    B-boy/StyLe/    19535

    Това е друго нещо.

    Що се отнася дали да правим още проверки...видях, че вие вече сте проверили с Junkware Removal Tool, HitmanPro и Malwarebytes Anti-Malware...можем да направим 3 последни проверки, но не вярвам да открием нещо съществено...но за ваше успокоение ще ги направим.

     

    СТЪПКА 1

     

    icon_zps423a0d9f.jpgМоля изтеглете ZHPcleaner и я запазете на вашия десктоп.

    • Стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
    • Кликнете върху Ashampoo_Snap_20140819_13h09m50s_001__zp за да се съгласите с лицензионното споразумение.
    • Изберете бутона y3pI4LR.png.
    • Браузърите ще бъдат затворени автоматично.
    • Ще се отвори лог файл след прикючването на проверката.
    • Публикувайте лог файла в следващия си коментар.

     

    СТЪПКА 2

    • Изтеглете и стартирайтe 6sv1DN9.jpgAdwCleaner.exe.
    • От Options => сложете всички отметки (без последната).
    • Натиснете бутона Scan.
    • AdwCleaner ще започне да проверява компютъра.
    • След като проверката приключи натиснете бутона Clean.
    • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
    • Ще се появи автоматично лог файл с името (AdwCleaner[C0].txt) в C:\Adwcleaner
    • Публикувайте съдържанието му в следващия си коментар.

     

    СТЪПКА 3

     

    emsisoft_emergency_kit.pnglogo.png

    • Моля изтеглете EmsisoftEmergencyKit, стартирайте exe файла и посочете къде да се разархивира програмата - например в (C:\EEK), натискайки бутона Extract.
    • Стартирайте иконата на файла Start Emsisoft Emergency Kit от десктопа за да стартирате приложението.
    • Натиснете бутона"Yes", когато бъдете подканени да обновите дефинициите на програмата.

    EKK.gif

    • След като процеса по обновяването на дефинициите приключи натиснете бутона "Scan".
    • Натиснете бутона "Yes", когато бъдете попитани дали да програмата да включи засичането на потенциално нежелани приложения (Potentially Unwanted Applications).
    • Сега вече изберете бутона Custom Scan. Премахнете от списъка всички дялове без C:\ (т.е. нека да остане само дял C:\ в списъка).
    • Натиснете Next за да започне проверката.
    • Когато проверката приключи натиснете бутона View Report.
    • Копирайте съдържанието на лог файла в следващия си коментар.

     

    Поздрави!

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    tombat    3

    Emsisoft Emergency Kit - Version 10.0
    Last update: 26.12.2015 г. 21:45:39
    User account: Toni-PC\Toni

    Scan settings:

    Scan type: Custom Scan
    Objects: Rootkits, Memory, Traces, C:\

    Detect PUPs: Off
    Scan archives: On
    ADS Scan: On
    File extension filter: Off
    Advanced caching: On
    Direct disk access: Off

    Scan start:    26.12.2015 г. 21:48:10
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32     detected: Application.Win32.InstallExt (A)
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS     detected: Application.Win32.InstallExt (A)
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\BINGBAR_RASMANCS     detected: Application.Win32.InstallExt (A)

    Scanned    177799
    Found    3

    Scan end:    26.12.2015 г. 22:09:35
    Scan time:    0:21:25

     

    AdwCleaner[S1].txt

    ZHPCleaner-[S]-26122015-21_20_55.txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    B-boy/StyLe/    19535

    Повторете проверката със ZHPCleaner, но този път натиснете бутона Repair. Като се отвори списъка с намерените неща за почистване натиснете отново бутона Repair. Като приключи натиснете бутпна Report и запазете файла на десктопа и го публикувайте в следващия си коментар.

    За да изтрием намерените неща от Emsisoft направете следното:

    Изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
    Стартирайте FRST.exe и натиснете бутона Fix веднъж!
    След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
     
    Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

    След това сме готови...вижте финалните ми инструкции тук.

    Поздрави и приятни почивни дни! :despicable-me-2-minion-4:

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    • Подобни теми

      • от RudeBoy
        Здравейте,
        Направих една голяма глупост - изтеглих и опитах да отворя кийген за една програма. Явно е бил фалшив, защото компютърът ми се напълни с какво ли не. Сканирах с Panda, премахна много неща, но има още. Като браузвам в нета, постоянно ми се отварят рекламни страници, при кликване на всеки линк. Отварят се дори и от само себе си, при затворен браузър. Имам системен диск, в краен случай съм готов да преинсталирам, но ако мога да се справя с ваша помощ, ще е чудесно  .
        Прикачвам логовете:
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2017
        Ran by mcpph (administrator) on DESKTOP-P7903MO (17-09-2017 12:39:55)
        Running from C:\Users\mcpph\Desktop
        Loaded Profiles: mcpph (Available Profiles: mcpph)
        Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: Opera)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
        (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
        (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
        () C:\ProgramData\WinSxA.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
        (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Intel Corporation) C:\Program Files\Intel\STCServ\STCServ.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
        HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [144520 2017-07-19] (Panda Security, S.L.)
        HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
        HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
        HKU\S-1-5-21-3410296404-4140097037-1986194597-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
        HKU\S-1-5-21-3410296404-4140097037-1986194597-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ENDLES~1.SCR [5133824 2015-12-01] (Extreme Internet Software)
        BootExecute: 
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
        Tcpip\..\Interfaces\{399be296-21bc-4c44-b88b-015636c079a7}: [DhcpNameServer] 192.168.100.1
        Internet Explorer:
        ==================
        HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
        FireFox:
        ========
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        Opera: 
        =======
        OPR Extension: (Adguard AdBlocker) - C:\Users\mcpph\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2017-09-04]
        OPR Extension: (Quick Searcher) - C:\Users\mcpph\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-09-17]
        StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
        S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365040 2017-03-18] (Intel Corporation)
        S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
        S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
        R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-07-19] (Panda Security, S.L.)
        R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
        R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48784 2017-07-19] (Panda Security, S.L.)
        R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed]
        R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
        R2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
        S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
        S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
        R2 WinSxA; C:\ProgramData\WinSxA.exe [423080 2017-09-17] ()
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
        S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [33448 2016-12-07] ()
        S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
        S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
        S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
        R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
        S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-09-17] (Malwarebytes)
        S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
        R1 NNSALPC; C:\Windows\system32\DRIVERS\NNSALPC.sys [106976 2017-04-07] (Panda Security, S.L.)
        R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [211936 2017-04-07] (Panda Security, S.L.)
        R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [121312 2017-04-07] (Panda Security, S.L.)
        R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [125920 2017-04-07] (Panda Security, S.L.)
        R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [89960 2017-03-17] (Panda Security, S.L.)
        R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [118240 2017-04-07] (Panda Security, S.L.)
        R1 NNSPIHSW; C:\Windows\system32\DRIVERS\NNSPIHSW.sys [91104 2017-04-07] (Panda Security, S.L.)
        R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [135648 2017-04-07] (Panda Security, S.L.)
        R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [336352 2017-04-07] (Panda Security, S.L.)
        R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [226272 2017-04-07] (Panda Security, S.L.)
        R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [123360 2017-04-07] (Panda Security, S.L.)
        R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [280032 2017-04-07] (Panda Security, S.L.)
        R1 NNSTLSC; C:\Windows\system32\DRIVERS\NNSTLSC.sys [125408 2017-04-07] (Panda Security, S.L.)
        R2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [179168 2017-07-19] (Panda Security, S.L.)
        R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [140256 2017-07-19] (Panda Security, S.L.)
        R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [207328 2017-07-19] (Panda Security, S.L.)
        R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [133600 2017-07-19] (Panda Security, S.L.)
        R2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [146912 2017-07-19] (Panda Security, S.L.)
        R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [117216 2017-07-19] (Panda Security, S.L.)
        U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [72648 2017-05-22] (Panda Security, S.L.)
        R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
        S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
        S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
        S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
        S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
        S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-17 12:39 - 2017-09-17 12:40 - 000010125 _____ C:\Users\mcpph\Desktop\FRST.txt
        2017-09-17 12:39 - 2017-09-17 12:39 - 002398720 _____ (Farbar) C:\Users\mcpph\Desktop\FRST64.exe
        2017-09-17 12:39 - 2017-09-17 12:39 - 000000000 ____D C:\FRST
        2017-09-17 12:08 - 2017-09-17 12:13 - 000001024 _____ C:\Windows\system32\Drivers\etc\hosts.bak
        2017-09-17 12:04 - 2017-09-17 12:05 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Zara
        2017-09-17 12:04 - 2017-09-17 12:04 - 000423080 _____ C:\ProgramData\WinSxA.exe
        2017-09-17 12:04 - 2017-09-17 12:04 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\spbggb0is40
        2017-09-17 12:04 - 2017-09-17 12:04 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\0sziqug0wpx
        2017-09-17 12:03 - 2017-09-17 12:07 - 000001654 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа Вrоwsеr.lnk
        2017-09-16 08:28 - 2017-09-16 21:13 - 000000000 ____D C:\Users\mcpph\AppData\Local\Samsung
        2017-09-16 08:28 - 2017-09-16 08:28 - 000000000 ____D C:\Users\Public\Documents\NativeFus_Log
        2017-09-16 08:28 - 2017-09-16 08:28 - 000000000 ____D C:\Users\mcpph\Documents\samsung
        2017-09-16 08:27 - 2017-09-16 08:27 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
        2017-09-15 21:10 - 2017-09-16 21:13 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Samsung
        2017-09-15 21:10 - 2016-07-22 10:21 - 000164992 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
        2017-09-15 21:10 - 2016-07-22 10:21 - 000130688 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
        2017-09-15 21:09 - 2017-09-16 21:13 - 000000000 ____D C:\ProgramData\Samsung
        2017-09-15 21:09 - 2017-09-15 21:10 - 000000000 ____D C:\Program Files (x86)\Samsung
        2017-09-15 21:09 - 2016-05-18 14:49 - 004659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
        2017-09-15 21:09 - 2016-05-18 14:49 - 000144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
        2017-09-15 21:08 - 2017-09-15 21:08 - 000000000 ____D C:\Users\mcpph\AppData\Local\Downloaded Installations
        2017-09-12 15:13 - 2017-09-12 15:13 - 000000911 _____ C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ExifPro 2.1.lnk
        2017-09-12 09:35 - 2017-09-17 12:07 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
        2017-09-12 09:35 - 2017-09-12 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
        2017-09-12 09:35 - 2017-09-12 09:35 - 000000000 ____D C:\ProgramData\Malwarebytes
        2017-09-12 09:35 - 2017-09-12 09:35 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
        2017-09-12 09:35 - 2015-10-05 09:50 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
        2017-09-12 09:35 - 2015-10-05 09:50 - 000064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
        2017-09-12 09:35 - 2015-10-05 09:50 - 000025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files\Reference Assemblies
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files\MSBuild
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files (x86)\MSBuild
        2017-09-05 23:33 - 2017-02-10 11:26 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:26 - 000124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:26 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
        2017-09-05 23:33 - 2017-02-10 11:21 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:21 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:21 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
        2017-09-05 23:27 - 2017-09-05 23:27 - 000000000 ____D C:\Users\mcpph\AppData\Local\ElevatedDiagnostics
        2017-09-05 23:24 - 2017-09-05 23:24 - 000000000 ____D C:\Windows\SysWOW64\directx
        2017-09-05 23:21 - 2017-09-05 23:21 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\WinRAR
        2017-09-04 22:44 - 2017-09-04 22:45 - 000000000 _____ C:\Recovery.txt
        2017-09-04 19:29 - 2017-09-04 08:51 - 000000000 ____D C:\Windows\Panther
        2017-09-04 18:30 - 2017-09-04 18:30 - 000000000 _SHDL C:\Documents and Settings
        2017-09-04 18:29 - 2017-09-17 12:36 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-09-04 18:29 - 2017-09-17 09:31 - 000000000 ____D C:\Windows\system32\SleepStudy
        2017-09-04 18:29 - 2017-09-04 18:29 - 000000000 ____D C:\Windows\ServiceProfiles
        2017-09-04 18:29 - 2017-09-04 09:56 - 000267480 _____ C:\Windows\system32\FNTCACHE.DAT
        2017-09-04 17:53 - 2017-09-04 17:54 - 000000000 ____D C:\Users\mcpph\AppData\Local\Easy CD-DA Extractor
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\ProgramData\TEMP
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD-DA Extractor 16
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\ProgramData\Easy CD-DA Extractor
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\Program Files\Easy CD-DA Extractor 16
        2017-09-04 17:50 - 2017-09-04 17:50 - 000000000 ____D C:\Users\mcpph\AppData\Local\Kolor
        2017-09-04 17:50 - 2017-09-04 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolor
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Mozilla
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\IObit
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\LocalLow\Mozilla
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\Turbo.net
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\Mozilla
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\CrashDumps
        2017-09-04 14:36 - 2017-09-04 17:50 - 000000000 ____D C:\Program Files\Kolor
        2017-09-04 11:30 - 2017-09-04 11:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Yamicsoft
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamicsoft
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Users\mcpph\AppData\Local\DBG
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Program Files\Yamicsoft
        2017-09-04 10:15 - 2017-09-04 10:15 - 000000000 ____D C:\Users\mcpph\Documents\Adobe
        2017-09-04 10:13 - 2017-09-04 10:13 - 000000000 ____D C:\Program Files\Common Files\Adobe
        2017-09-04 10:08 - 2017-09-04 10:13 - 000000000 ____D C:\Program Files\Adobe
        2017-09-04 10:08 - 2017-09-04 10:08 - 000001029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
        2017-09-04 10:08 - 2017-09-04 10:08 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
        2017-09-04 10:07 - 2017-09-04 10:13 - 000000000 ____D C:\ProgramData\Adobe
        2017-09-04 10:07 - 2017-09-04 10:07 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Macromedia
        2017-09-04 10:04 - 2017-09-04 10:04 - 000000000 ____D C:\Users\mcpph\AppData\Local\4kdownload.com
        2017-09-04 10:04 - 2017-09-04 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
        2017-09-04 10:04 - 2017-09-04 10:04 - 000000000 ____D C:\Program Files (x86)\4KDownload
        2017-09-04 09:58 - 2017-09-04 09:58 - 000001531 ____H C:\Windows\EPMBatch.ept
        2017-09-04 09:55 - 2017-09-16 21:13 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ___HD C:\Program Files (x86)\Temp
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ____D C:\Program Files\Realtek
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ____D C:\Program Files (x86)\Realtek
        2017-09-04 09:55 - 2015-06-18 18:45 - 004496600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
        2017-09-04 09:55 - 2015-06-18 17:59 - 002862488 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
        2017-09-04 09:55 - 2015-06-17 19:47 - 002930904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
        2017-09-04 09:55 - 2015-06-17 14:45 - 003234520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
        2017-09-04 09:55 - 2015-06-15 17:39 - 001748184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
        2017-09-04 09:55 - 2015-05-27 17:38 - 002825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
        2017-09-04 09:55 - 2015-05-26 11:59 - 000166616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
        2017-09-04 09:55 - 2015-05-25 15:18 - 003195416 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
        2017-09-04 09:55 - 2015-05-18 14:47 - 002702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
        2017-09-04 09:55 - 2015-05-15 19:27 - 002918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
        2017-09-04 09:55 - 2015-05-15 16:32 - 001316056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
        2017-09-04 09:55 - 2014-11-11 13:44 - 000631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
        2017-09-04 09:55 - 2014-06-09 10:59 - 000560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
        2017-09-04 09:55 - 2014-04-10 12:19 - 002041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
        2017-09-04 09:55 - 2014-01-08 15:25 - 000397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
        2017-09-04 09:55 - 2013-10-11 12:47 - 000113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
        2017-09-04 09:55 - 2012-06-08 16:21 - 000897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
        2017-09-04 09:55 - 2012-06-08 16:21 - 000753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
        2017-09-04 09:55 - 2012-03-08 11:47 - 000108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
        2017-09-04 09:55 - 2011-12-20 15:32 - 000331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
        2017-09-04 09:55 - 2011-12-16 14:57 - 000065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
        2017-09-04 09:55 - 2011-11-22 16:28 - 000014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
        2017-09-04 09:55 - 2010-09-27 09:34 - 000318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
        2017-09-04 09:55 - 2009-11-18 07:13 - 000060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
        2017-09-04 09:54 - 2017-09-13 19:40 - 000000000 ____D C:\Program Files\Recuva
        2017-09-04 09:54 - 2017-09-04 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
        2017-09-04 09:51 - 2017-09-17 12:32 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\vlc
        2017-09-04 09:51 - 2017-09-04 09:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
        2017-09-04 09:51 - 2017-09-04 09:51 - 000000000 ____D C:\Program Files (x86)\VideoLAN
        2017-09-04 09:50 - 2017-09-04 09:50 - 000000000 ____D C:\Users\mcpph\AppData\Local\Foxit Reader
        2017-09-04 09:49 - 2017-09-04 09:50 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Foxit Software
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\Users\Public\Foxit Software
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Foxit AgentInformation
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\ProgramData\Foxit Software
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\Program Files (x86)\Foxit Software
        2017-09-04 09:48 - 2017-09-04 09:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\Viber
        2017-09-04 09:47 - 2017-09-16 12:23 - 000000000 ____D C:\Users\mcpph\Documents\ViberDownloads
        2017-09-04 09:45 - 2017-09-16 12:22 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\ViberPC
        2017-09-04 09:45 - 2017-09-04 09:45 - 000001033 _____ C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
        2017-09-04 09:45 - 2017-09-04 09:45 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
        2017-09-04 09:45 - 2017-09-04 09:45 - 000000000 ____D C:\Users\mcpph\AppData\Local\Viber Media S.à r.l
        2017-09-04 09:45 - 2017-09-04 09:45 - 000000000 ____D C:\Users\mcpph\AppData\Local\Package Cache
        2017-09-04 09:41 - 2017-09-04 09:41 - 000000691 _____ C:\Users\mcpph\Desktop\VIDEO.lnk
        2017-09-04 09:40 - 2017-09-04 09:40 - 000000716 _____ C:\Users\mcpph\Desktop\DOWNLOAD.lnk
        2017-09-04 09:40 - 2017-09-04 09:40 - 000000691 _____ C:\Users\mcpph\Desktop\AUDIO.lnk
        2017-09-04 09:40 - 2017-09-04 09:40 - 000000000 ____D C:\ProgramData\ShellIcons
        2017-09-04 09:39 - 2017-09-04 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
        2017-09-04 09:39 - 2017-09-04 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 12.5
        2017-09-04 09:39 - 2017-09-04 09:39 - 000000000 ____D C:\Program Files\Speccy
        2017-09-04 09:38 - 2017-09-04 09:38 - 000000000 ____D C:\Program Files (x86)\EaseUS
        2017-09-04 09:38 - 2017-08-08 17:49 - 004027072 _____ C:\Windows\system32\BootMan.exe
        2017-09-04 09:38 - 2017-08-08 17:49 - 003037376 _____ C:\Windows\SysWOW64\BootMan.exe
        2017-09-04 09:38 - 2016-12-07 13:26 - 000033448 _____ C:\Windows\system32\epmntdrv.sys
        2017-09-04 09:38 - 2016-07-11 10:01 - 000101984 _____ C:\Windows\system32\setupempdrvx64.exe
        2017-09-04 09:38 - 2016-07-11 10:01 - 000088160 _____ C:\Windows\SysWOW64\setupempdrv03.exe
        2017-09-04 09:38 - 2016-07-11 10:01 - 000010848 _____ C:\Windows\system32\EuGdiDrv.sys
        2017-09-04 09:38 - 2016-07-11 10:01 - 000010208 _____ C:\Windows\SysWOW64\EuGdiDrv.sys
        2017-09-04 09:38 - 2016-07-08 15:28 - 000248832 _____ C:\Windows\SysWOW64\epmntdrv.pdb
        2017-09-04 09:38 - 2016-01-14 10:05 - 000021496 _____ C:\Windows\SysWOW64\epmntdrv.sys
        2017-09-04 09:38 - 2014-11-18 14:46 - 000021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
        2017-09-04 09:38 - 2014-11-18 14:46 - 000017504 _____ C:\Windows\system32\EuEpmGdi.dll
        2017-09-04 09:37 - 2017-09-04 09:37 - 000000000 ____D C:\Users\mcpph\AppData\Local\FastStone
        2017-09-04 09:37 - 2017-09-04 09:37 - 000000000 ____D C:\ProgramData\FastStone
        2017-09-04 09:36 - 2017-09-04 09:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture
        2017-09-04 09:36 - 2017-09-04 09:38 - 000000000 ____D C:\Program Files (x86)\FastStone Capture
        2017-09-04 09:31 - 2017-09-12 22:12 - 000004650 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
        2017-09-04 09:31 - 2017-09-12 21:38 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
        2017-09-04 09:30 - 2017-09-12 22:12 - 000000000 ____D C:\Users\mcpph\AppData\Local\Adobe
        2017-09-04 09:27 - 2017-09-04 09:37 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\FastStone
        2017-09-04 09:26 - 2017-09-04 09:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
        2017-09-04 09:26 - 2017-09-04 09:26 - 000000000 ____D C:\Program Files (x86)\FastStone Image Viewer
        2017-09-04 09:14 - 2017-09-09 17:38 - 000000000 ____D C:\Program Files\Opera
        2017-09-04 09:14 - 2017-09-09 07:08 - 000003958 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1504505679
        2017-09-04 09:14 - 2017-09-04 09:14 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Opera Software
        2017-09-04 09:14 - 2017-09-04 09:14 - 000000000 ____D C:\Users\mcpph\AppData\Local\Opera Software
        2017-09-04 09:12 - 2017-09-04 10:04 - 000003834 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
        2017-09-04 09:12 - 2017-09-04 09:12 - 000003604 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
        2017-09-04 09:12 - 2017-09-04 09:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
        2017-09-04 09:12 - 2017-09-04 09:12 - 000000000 ____D C:\ProgramData\Intel(R) Update Manager
        2017-09-04 09:11 - 2017-09-06 10:25 - 000000000 ____D C:\Users\mcpph\AppData\Local\Share Link
        2017-09-04 09:11 - 2017-09-04 10:04 - 000000000 ____D C:\ProgramData\Intel
        2017-09-04 09:11 - 2017-09-04 09:11 - 000003394 _____ C:\Windows\System32\Tasks\IntelBootstrapCCDashExe
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Connect Center
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\Program Files\WinRAR
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\Program Files (x86)\ASUS
        2017-09-04 09:09 - 2017-09-12 15:13 - 000000000 ____D C:\Program Files\ExifPro 2.1
        2017-09-04 09:09 - 2017-09-04 09:09 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\MiK
        2017-09-04 09:09 - 2017-09-04 09:09 - 000000000 ____D C:\Users\mcpph\AppData\Local\MicrosoftEdge
        2017-09-04 09:09 - 2017-09-04 09:09 - 000000000 ____D C:\ProgramData\MiK
        2017-09-04 09:06 - 2017-09-04 09:25 - 000000551 _____ C:\Users\mcpph\Desktop\PHOTOS.lnk
        2017-09-04 09:06 - 2017-09-04 09:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Endless Slideshow Screensaver
        2017-09-04 09:06 - 2017-09-04 09:06 - 000000000 ____D C:\Program Files (x86)\Endless Slideshow Screensaver
        2017-09-04 09:06 - 2015-12-01 16:11 - 005133824 _____ (Extreme Internet Software) C:\Windows\Endless-Slideshow.scr
        2017-09-04 09:06 - 2013-02-06 18:30 - 000337408 _____ (www.imageen.com) C:\Windows\dcrawlib.dll
        2017-09-04 09:06 - 2012-05-21 13:43 - 001274880 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\libeay32.dll
        2017-09-04 09:06 - 2012-05-21 13:43 - 000330752 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\ssleay32.dll
        2017-09-04 09:06 - 2007-06-23 08:29 - 000084992 _____ C:\Windows\jbiglib.dll
        2017-09-04 09:06 - 2005-08-30 07:00 - 003919872 _____ C:\Windows\imagemagick.dll
        2017-09-04 08:59 - 2017-09-04 14:36 - 000000000 ____D C:\ProgramData\Package Cache
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ___RD C:\Program Files (x86)\Skype
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ____D C:\Users\mcpph\Tracing
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ____D C:\ProgramData\Skype
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
        2017-09-04 08:49 - 2017-09-04 08:49 - 000002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
        2017-09-04 08:49 - 2017-09-04 08:49 - 000002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Protection.lnk
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Panda Security
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Protection
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\Program Files\CCleaner
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\Program Files (x86)\Panda Security
        2017-09-04 08:49 - 2017-07-19 05:31 - 000207328 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINKNC.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000179168 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINAflt.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000146912 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProt.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000140256 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINFile.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000133600 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProc.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000117216 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINReg.sys
        2017-09-04 08:49 - 2017-05-22 08:01 - 000072648 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
        2017-09-04 08:48 - 2017-09-04 08:49 - 000000000 ____D C:\ProgramData\Panda Security
        2017-09-04 08:43 - 2017-09-04 08:43 - 000000716 _____ C:\Users\mcpph\Desktop\SOFTWARE.lnk
        2017-09-04 08:40 - 2017-09-09 18:51 - 000000000 ____D C:\Wallpaper
        2017-09-04 08:37 - 2017-09-04 08:37 - 000004608 _____ C:\Windows\SECOH-QAD.exe
        2017-09-04 08:37 - 2017-09-04 08:37 - 000003584 _____ C:\Windows\SECOH-QAD.dll
        2017-09-04 08:37 - 2017-09-04 08:37 - 000003476 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
        2017-09-04 08:37 - 2017-09-04 08:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
        2017-09-04 08:37 - 2017-09-04 08:37 - 000000000 ____D C:\Program Files\KMSpico
        2017-09-04 08:37 - 2010-12-06 05:16 - 000090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
        2017-09-04 08:36 - 2017-09-17 12:39 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Skype
        2017-09-04 08:36 - 2017-09-17 12:20 - 001259196 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-09-04 08:36 - 2017-09-04 08:51 - 000000000 ___RD C:\Users\mcpph\OneDrive
        2017-09-04 08:36 - 2017-09-04 08:36 - 000000000 ____D C:\Users\mcpph\AppData\Local\Comms
        2017-09-04 08:35 - 2017-09-04 09:12 - 000000000 ____D C:\Program Files (x86)\Intel
        2017-09-04 08:35 - 2017-09-04 09:11 - 000000000 ____D C:\Program Files\Intel
        2017-09-04 08:35 - 2017-09-04 08:36 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
        2017-09-04 08:35 - 2017-09-04 08:35 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
        2017-09-04 08:35 - 2017-09-04 08:35 - 000000000 ____D C:\Intel
        2017-09-04 08:35 - 2017-09-04 08:35 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
        2017-09-04 08:35 - 2017-09-04 08:23 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
        2017-09-04 08:35 - 2017-09-04 08:23 - 000000000 __SHD C:\Users\mcpph\IntelGraphicsProfiles
        2017-09-04 08:35 - 2017-03-18 08:35 - 000095216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
        2017-09-04 08:35 - 2017-03-18 08:35 - 000091120 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
        2017-09-04 08:34 - 2017-09-04 17:49 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Adobe
        2017-09-04 08:34 - 2017-09-04 17:47 - 000000000 ____D C:\Users\mcpph\AppData\Local\Packages
        2017-09-04 08:34 - 2017-09-04 08:35 - 000000000 ____D C:\Users\mcpph\AppData\Local\ConnectedDevicesPlatform
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 __RHD C:\Users\Public\AccountPictures
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 ____D C:\Users\mcpph\AppData\Local\VirtualStore
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 ____D C:\Users\mcpph\AppData\Local\TileDataLayer
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 ____D C:\Users\mcpph\AppData\Local\Publishers
        2017-09-04 08:33 - 2017-09-13 19:41 - 000000000 ____D C:\Users\mcpph
        2017-09-04 08:33 - 2017-09-04 08:33 - 000000020 ___SH C:\Users\mcpph\ntuser.ini
        2017-09-04 08:33 - 2017-09-04 08:33 - 000000000 ____D C:\ProgramData\USOShared
        2017-09-04 08:32 - 2017-07-12 07:39 - 000942592 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
        2017-09-04 08:32 - 2017-03-18 23:56 - 002233344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
        2017-09-04 08:32 - 2017-03-18 07:59 - 004164608 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0002.dll
        2017-09-04 08:32 - 2017-03-18 07:55 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0002.dll
        2017-09-04 08:32 - 2017-03-18 07:54 - 001914368 _____ (Microsoft Corporation) C:\Windows\system32\MLS2.dll
        2017-09-04 08:32 - 2017-03-18 07:43 - 004164608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons0002.dll
        2017-09-04 08:32 - 2017-03-18 07:40 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsData0002.dll
        2017-09-04 08:32 - 2017-03-18 07:39 - 001868288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MLS2.dll
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-17 12:36 - 2017-03-18 14:40 - 000524288 _____ C:\Windows\system32\config\BBI
        2017-09-17 12:22 - 2017-03-19 00:01 - 000000000 ____D C:\Windows\INF
        2017-09-12 22:12 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed
        2017-09-12 22:12 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\Macromed
        2017-09-05 23:33 - 2017-03-18 23:51 - 000000000 ____D C:\Windows\CbsTemp
        2017-09-05 08:03 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\appcompat
        2017-09-04 19:28 - 2017-03-19 00:03 - 000028672 _____ C:\Windows\system32\config\BCD-Template
        2017-09-04 18:30 - 2017-03-18 14:40 - 000000000 ____D C:\Windows\system32\Sysprep
        2017-09-04 18:29 - 2017-03-19 05:31 - 000000000 ____D C:\Windows\HoloShell
        2017-09-04 18:29 - 2017-03-19 00:03 - 000000000 ___RD C:\Windows\PrintDialog
        2017-09-04 18:29 - 2017-03-19 00:03 - 000000000 ___RD C:\Windows\MiracastView
        2017-09-04 18:29 - 2017-03-19 00:03 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
        2017-09-04 18:29 - 2017-03-18 14:40 - 000032768 _____ C:\Windows\system32\config\ELAM
        2017-09-04 17:47 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\AppReadiness
        2017-09-04 11:34 - 2017-03-19 00:03 - 000000000 ___HD C:\Program Files\WindowsApps
        2017-09-04 10:07 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
        2017-09-04 08:49 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
        2017-09-04 08:49 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\GroupPolicy
        2017-09-04 08:47 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\Cursors
        2017-09-04 08:33 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\WinBioDatabase
        2017-09-04 08:33 - 2017-03-19 00:03 - 000000000 ____D C:\ProgramData\USOPrivate
        2017-09-04 08:32 - 2017-03-19 05:30 - 000000000 ____D C:\Windows\OCR
        2017-09-04 08:32 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\spool
        2017-09-04 08:32 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\FxsTmp
        2017-09-04 08:31 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\rescache
        2017-09-04 08:31 - 2017-03-19 00:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
        ==================== Files in the root of some directories =======
        2017-09-17 12:04 - 2017-09-17 12:04 - 000423080 _____ () C:\ProgramData\WinSxA.exe
        Files to move or delete:
        ====================
        C:\ProgramData\WinSxA.exe

        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-09-04 18:29
        ==================== End of FRST.txt ============================
        Addition.txt
        Panda_report.txt
      • от pesho66
        Привет Имам проблем с дяловете на хард дисковете , вероятно става въпрос за някои вирус .Темата е пренасочена от Инфо за проблема
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
        Ran by BigUser (administrator) on BIGUSER-PC (03-09-2017 11:52:48)
        Running from C:\Users\BigUser\Downloads
        Loaded Profiles: BigUser (Available Profiles: BigUser)
        Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
        Internet Explorer Version 8 (Default browser: FF)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (AMD) C:\Windows\System32\atiesrxx.exe
        (AMD) C:\Windows\System32\atieclxx.exe
        (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
        (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
        (Transaction Software, D 81737 Munich) C:\BMWgroup\ETKLokal\transbase\tbmux32.exe
        (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
        (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
        (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\...\Run: [Viber] => C:\Users\BigUser\AppData\Local\Viber\Viber.exe [30896208 2017-08-22] (Viber Media S.à r.l.)
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17420464 2012-07-13] (Skype Technologies S.A.)
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\...\MountPoints2: G - G:\setup.exe
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{0C599813-3678-49A7-B4FE-517D8BC490A4}: [DhcpNameServer] 192.168.0.1
        Internet Explorer:
        ==================
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yandex.ru/?win=260&clid=2255931
        SearchScopes: HKU\S-1-5-21-2627889718-3068437435-1976458178-1000 -> DefaultScope d2356acc-c842-11e6-bdf2-00262d527177 URL = hxxps://yandex.ru/search/?win=260&clid=2255932&text={searchTerms}
        SearchScopes: HKU\S-1-5-21-2627889718-3068437435-1976458178-1000 -> d2356acc-c842-11e6-bdf2-00262d527177 URL = hxxps://yandex.ru/search/?win=260&clid=2255932&text={searchTerms}
        BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
        BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
        BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
        BHO-x32: Instair -> {0D778FDC-FAD7-4B1D-AB88-7A76A562D65C} -> C:\Program Files\Instair\Instair.dll [2016-12-23] ()
        BHO-x32: QuickStores-Toolbar -> {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
        BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
        BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
        Toolbar: HKLM-x32 - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
        Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
        Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
        Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
        Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
        Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
        FireFox:
        ========
        FF ProfilePath: C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2017-09-03]
        FF NewTab: Mozilla\Firefox\Profiles\nahd6ha2.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
        FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Яндекс
        FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Яндекс
        FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
        FF Extension: (AdBlocker Ultimate) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-12-28]
        FF Extension: (Instair) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\contact@instair.net [2016-12-23] [not signed]
        FF Extension: (Nimbus Screen Capture - editable screenshots.) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2016-12-23]
        FF Extension: (Speed Dial [FVD] - New Tab Page, Sync...) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\pavel.sherbakov@gmail.com [2017-09-02]
        FF Extension: (Save as PDF) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2016-12-23]
        FF Extension: (Google Translator for Firefox) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\translator@zoli.bod.xpi [2017-02-12]
        FF Extension: (Google  Image Search) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2016-12-23]
        FF Extension: (DownThemAll!) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-12-23]
        FF SearchPlugin: C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-143319.xml [2016-12-22]
        FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
        FF Plugin: @videolan.org/vlc,version=3.0.0-git -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-06-17] (VideoLAN)
        FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-27] (Google, Inc.)
        FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
        FF Plugin-x32: @mobilityflow.com/tvp,version=1.0.1 -> C:\Program Files (x86)\Mobilityflow\Torrent Video Player\npvlc.dll [2012-11-19] (VideoLAN)
        FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2007-05-10] (Adobe Systems Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
        Chrome:
        =======
        CHR DefaultProfile: Default
        CHR HomePage: Default -> yandex.ru/?__PARAM__from=chromehp
        CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT2481034&SearchSource=48","hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={6189A548-5277-11E2-A19C-005056C00008}","hxxp://www.delta-search.com/?affID=119292&babsrc=HP_ss&mntrId=6ada26500000000000002eeee680fd43","hxxp://www.yandex.ru/?win=125&clid=2041421","hxxp://isearch.omiga-plus.com/?type=hp&ts=1405529599&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ATNSAF254578V","hxxp://isearch.omiga-plus.com/?type=hp&ts=1405530061&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ATNSAF254578V","hxxp://www.mystartsearch.com/?type=hp&ts=1418069766&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ATNSAF254578V"
        CHR DefaultSearchURL: Default -> hxxps://yandex.ru/search/?__PARAM__from=chromesearch&text={searchTerms}
        CHR DefaultSearchKeyword: Default -> yandex.ru
        CHR DefaultSuggestURL: Default -> hxxps://suggest.yandex.net/suggest-ff.cgi?uil=ru&part={searchTerms}
        CHR Session Restore: Default -> is enabled.
        CHR Profile: C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default [2017-01-11]
        CHR Extension: (Google Презентации) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-22]
        CHR Extension: (Google Диск) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-22]
        CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-12-22]
        CHR Extension: (YouTube) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-22]
        CHR Extension: (Adblock Plus) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-22]
        CHR Extension: (Google Търсене) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-12-22]
        CHR Extension: (Електронни таблици от Google) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-22]
        CHR Extension: (Google Документи офлайн) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-22]
        CHR Extension: (AdBlock) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-07]
        CHR Extension: (Запазване в Google Диск) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2016-12-22]
        CHR Extension: (Numerics Calculator & Converter) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2016-12-22]
        CHR Extension: (Google Карти) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-12-22]
        CHR Extension: (Save to Pocket) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-12-22]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-22]
        CHR Extension: (Gmail) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-22]
        CHR Extension: (Chrome Media Router) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-22]
        CHR HKLM-x32\...\Chrome\Extension: [geidjeefddhgefeplhdlegoldlgiodon] - hxxp://clients2.google.com/service/update2/crx
        CHR HKLM-x32\...\Chrome\Extension: [lgdnilodcpljomelbbnpgdogdbmclbni] - hxxp://clients2.google.com/service/update2/crx
        CHR HKLM-x32\...\Chrome\Extension: [pjfkgjlnocfakoheoapicnknoglipapd] - hxxp://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
        S2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2011-05-28] (Airytec) [File not signed]
        S2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2011-05-28] (Airytec) [File not signed]
        R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
        R2 Transbase; C:\BMWgroup\ETKLokal\transbase\tbmux32.exe [385024 2004-08-05] (Transaction Software, D 81737 Munich) [File not signed]
        S2 Transbase TECDOC CD 1_2015 Service; F:\TECDOC_CD\1_2015\db\tbmux32.exe [360448 2014-05-08] (Transaction Software, D 81829 Munich) [File not signed]
        R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
        R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
        R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
        S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 esgiguard; F:\My Programs\Антиспам-програми Firewalls\SpyHunter\esgiguard.sys [15920 2016-08-25] (Enigma Software Group USA, LLC.)
        S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
        S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2014-07-23] (Windows (R) Win 7 DDK provider)
        U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
        S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-04-19] (Western Digital Technologies)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-03 11:52 - 2017-09-03 11:53 - 000015913 _____ C:\Users\BigUser\Downloads\FRST.txt
        2017-09-03 11:52 - 2017-09-03 11:52 - 000000000 ____D C:\FRST
        2017-09-03 11:50 - 2017-09-03 11:50 - 002395648 _____ (Farbar) C:\Users\BigUser\Downloads\FRST64.exe
        2017-09-03 11:45 - 2017-09-03 11:46 - 000008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
        2017-09-02 21:11 - 2017-09-02 21:11 - 000002515 _____ C:\Users\Public\Desktop\Skype.lnk
        2017-09-02 21:11 - 2017-09-02 21:11 - 000000000 ___RD C:\Program Files (x86)\Skype
        2017-09-02 21:11 - 2017-09-02 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
        2017-09-02 21:08 - 2017-09-02 21:08 - 000000000 ____D C:\Windows\system32\appmgmt
        2017-09-02 20:54 - 2017-09-02 21:07 - 000000000 ____D C:\Users\BigUser\Desktop\b
        2017-09-02 16:04 - 2017-09-02 16:05 - 000000000 ____D C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Pro
        2017-09-02 16:04 - 2017-09-02 16:04 - 000002007 _____ C:\Users\BigUser\AppData\Roaming\Microsoft\Windows\Start Menu\ScreenHunter 5.1 Pro.lnk
        2017-09-02 16:04 - 2017-09-02 16:04 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Pro
        2017-09-02 16:04 - 2017-09-02 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Pro
        2017-09-01 13:25 - 2017-09-01 13:25 - 000000000 ____D C:\Users\BigUser\AppData\Local\Viber Media S.à r.l
        2017-09-01 13:24 - 2017-09-01 13:25 - 000000000 ____D C:\Users\BigUser\AppData\Local\Viber
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-03 11:52 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2017-09-03 11:52 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2017-09-03 11:48 - 2009-07-14 08:13 - 000781782 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-09-03 11:48 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
        2017-09-03 11:45 - 2016-12-22 15:11 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\ViberPC
        2017-09-03 11:44 - 2016-12-22 15:11 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\Skype
        2017-09-03 11:44 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-09-03 10:59 - 2016-12-22 14:56 - 000000000 ____D C:\Program Files (x86)\Steam
        2017-09-03 10:24 - 2016-12-23 21:46 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\Nitro PDF
        2017-09-03 10:06 - 2017-03-05 01:31 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\vlc
        2017-09-02 21:20 - 2016-12-22 14:40 - 000000000 ____D C:\Users\BigUser\Documents\ViberDownloads
        2017-09-02 21:11 - 2016-12-22 15:11 - 000000000 ____D C:\ProgramData\Skype
        2017-09-02 20:54 - 2016-12-22 14:25 - 000000000 ____D C:\Users\BigUser
        2017-09-02 11:19 - 2016-12-26 23:20 - 000000000 ____D C:\BMWScan140
        2017-09-01 17:37 - 2017-02-26 23:56 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\uTorrent
        2017-09-01 17:37 - 2017-02-26 23:56 - 000000000 ____D C:\Users\BigUser\AppData\LocalLow\uTorrent
        2017-09-01 13:20 - 2016-12-22 14:50 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2017-09-01 13:20 - 2016-12-22 14:50 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
        2017-09-01 13:13 - 2016-12-22 14:50 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
        2017-09-01 13:13 - 2016-12-22 14:50 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
        ==================== Files in the root of some directories =======
        2016-12-22 15:25 - 2014-04-29 18:36 - 000000036 _____ () C:\Users\BigUser\AppData\Local\installLang.ini
        2016-12-25 21:14 - 2016-12-26 20:40 - 012390794 _____ () C:\ProgramData\OfflineCatalogue_1_2015_TECDOC_CD.log
        Some files in TEMP:
        ====================
        2010-11-18 23:27 - 2010-11-18 23:27 - 000587776 _____ (Igor Pavlov) C:\Users\BigUser\AppData\Local\Temp\7za.exe
        2016-12-26 18:35 - 2013-09-04 16:01 - 023454528 ____N (                                   ) C:\Users\BigUser\AppData\Local\Temp\AdbeRdr_en_US.exe
        2016-12-22 15:29 - 2016-12-22 15:29 - 000059904 _____ () C:\Users\BigUser\AppData\Local\Temp\bitool.dll
        2013-07-29 01:22 - 2013-07-29 01:22 - 000107520 _____ () C:\Users\BigUser\AppData\Local\Temp\KEYGEN-FFF.exe
        2016-12-22 15:27 - 2013-10-16 23:55 - 000036864 _____ (noOrg) C:\Users\BigUser\AppData\Local\Temp\lanbox.exe
        2015-07-31 07:06 - 2015-07-31 07:06 - 000242864 ____R (Microsoft Corporation) C:\Users\BigUser\AppData\Local\Temp\ose00000.exe
        2014-11-08 11:33 - 2015-01-08 00:48 - 000601088 _____ () C:\Users\BigUser\AppData\Local\Temp\Quarantine.exe
        2010-03-31 22:17 - 2010-03-31 22:17 - 000435544 _____ (AB-Tools.com                                                ) C:\Users\BigUser\AppData\Local\Temp\QuickStores_Unlocker.exe
        2012-11-02 12:08 - 2012-11-02 12:08 - 000118784 _____ () C:\Users\BigUser\AppData\Local\Temp\xmlUpdater.exe
        2016-12-22 15:33 - 2016-09-08 18:01 - 000237920 _____ () C:\Users\BigUser\AppData\Local\Temp\YandexWorking.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\SysWOW64\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-04-04 01:52
        ==================== End of FRST.txt ============================
         
         
         
        Addition.txt
      • от Филипов
        Не е мой. Поради това мога да се забавя с реакцията. Нещо иска да поправя компютъра / упдейтва драйвери.
        Едното го премахмах от Add/Remove Programs и се замени от друг подобен боклук.
        Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
        Ran by User 1 (administrator) on HOME-5D870EAA9B (01-09-2017 21:38:43)
        Running from C:\Documents and Settings\User 1\Desktop
        Loaded Profiles: User 1 & UpdatusUser (Available Profiles: User 1 & UpdatusUser)
        Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
        Internet Explorer Version 8 (Default browser: FF)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
        (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
        (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
        () C:\Documents and Settings\User 1\Application Data\System Monitor\sm.exe
        (Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
        (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
        (Jawego) C:\Program Files\PC Protector Plus\PCProtectorPlus.exe
        (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
        (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
        (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
        (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [AudioDeck] => C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [528384 2007-08-09] (VIA Technologies, Inc.)
        HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
        HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
        HKLM\...\Run: [PC Protector Plus_startup] => C:\Program Files\PC Protector Plus\PCProtectorPlus.exe [6239680 2016-09-26] (Jawego)
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [25479680 2017-03-20] (Skype Technologies S.A.)
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\Run: [SMReminder] => C:\Documents and Settings\User 1\Application Data\System Monitor\sm.exe [2959312 2017-08-30] ()
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\Run: [securedriverupdaterDUReminder] => C:\Program Files\Secure Driver Updater\SDU.exe -rem
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\MountPoints2: {350a9c3e-b665-11e6-a11e-0008c7399231} - D:\LGAutoRun.exe
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\MountPoints2: {c9e26fc6-0281-11e3-9c1b-000b6a1cfcf7} - CMD /C START SysConfig.{645FF040-5081-101B-9F08-00AA002F954E}\sysconfig-x932851.dat
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
        Tcpip\..\Interfaces\{ED529269-1461-4DBF-ADAD-F0E66CE70B2A}: [DhcpNameServer] 192.168.1.1
        Internet Explorer:
        ==================
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://gbg.bg/
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
        URLSearchHook: [S-1-5-21-1757981266-1275210071-1644491937-1004] ATTENTION => Default URLSearchHook is missing
        BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
        DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
        Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
        FireFox:
        ========
        FF ProfilePath: C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750 [2017-09-01]
        FF Session Restore: C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750 -> is enabled.
        FF Extension: (Enhancer for YouTube™) - C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2017-06-19]
        FF Extension: (YouTube Video and Audio Downloader) - C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-06-20]
        FF Extension: (Low Quality Flash) - C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750\Extensions\low_quality_flash@pie2k.com [2017-06-19]
        FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
        FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-18] [not signed]
        FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-09-01] ()
        FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
        FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
        FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
        FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
        FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
        Chrome:
        =======
        CHR DefaultProfile: Default
        CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
        CHR HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-01] (Adobe Systems Incorporated) [File not signed]
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
        S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2013-08-17] (Phoenix Technologies) [File not signed]
        S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
        R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
        R3 N100; C:\WINDOWS\System32\DRIVERS\n100325.sys [128000 2001-08-17] (Compaq Computer Corporation)
        S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
        S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2013-02-14] (AnchorFree Inc)
        R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.)
        R3 VIAudio; C:\WINDOWS\System32\drivers\vinyl97.sys [207488 2007-06-27] (VIA Technologies, Inc.)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-01 21:38 - 2017-09-01 21:39 - 000008769 _____ C:\Documents and Settings\User 1\Desktop\FRST.txt
        2017-09-01 21:38 - 2017-09-01 21:38 - 000000000 ____D C:\FRST
        2017-09-01 21:32 - 2017-09-01 21:32 - 001792512 _____ (Farbar) C:\Documents and Settings\User 1\Desktop\FRST.exe
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000780 _____ C:\Documents and Settings\All Users\Desktop\PC Protector Plus.lnk
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000326 _____ C:\WINDOWS\Tasks\PC Protector Plus_runnag.job
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Program Files\PC Protector Plus
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\User 1\Local Settings\Application Data\Jawego
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\PCPRJ
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\Jawego
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PC Protector Plus
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Jawego
        2017-09-01 20:57 - 2016-09-26 17:26 - 000022464 _____ C:\WINDOWS\system32\pcplusnative32.exe
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-01 21:39 - 2013-08-11 14:47 - 000000000 ____D C:\Documents and Settings\User 1\Local Settings\Temp
        2017-09-01 21:37 - 2013-08-11 16:29 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\Skype
        2017-09-01 21:23 - 2013-08-11 15:11 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
        2017-09-01 21:15 - 2015-01-05 17:01 - 000000986 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
        2017-09-01 20:57 - 2017-06-20 16:22 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\System Monitor
        2017-09-01 20:53 - 2014-02-16 19:52 - 000003564 _____ C:\WINDOWS\wincmd.ini
        2017-09-01 20:52 - 2016-12-17 02:04 - 000000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d257f0bb9fdf30.job
        2017-09-01 20:52 - 2015-01-05 17:01 - 000000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
        2017-09-01 20:52 - 2014-06-19 14:26 - 000000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
        2017-09-01 20:52 - 2013-08-11 14:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
        2017-09-01 20:52 - 2008-04-14 12:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
        2017-09-01 20:51 - 2013-08-11 14:47 - 000000178 ___SH C:\Documents and Settings\User 1\ntuser.ini
        2017-09-01 20:51 - 2013-08-11 14:43 - 000032540 _____ C:\WINDOWS\SchedLgU.Txt
        2017-09-01 16:23 - 2017-08-01 10:23 - 005763072 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
        2017-09-01 16:23 - 2013-08-11 15:11 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
        2017-09-01 16:23 - 2013-08-11 15:11 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
        2017-09-01 16:23 - 2013-08-11 14:34 - 000000000 ____D C:\WINDOWS\system32\Macromed
        2017-08-08 15:00 - 2014-06-19 14:26 - 000000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
        ==================== Files in the root of some directories =======
        2014-12-11 13:44 - 2014-12-11 13:44 - 000031611 ____C () C:\Program Files\third-party_attributions.txt
        2015-09-20 04:55 - 2017-05-03 22:21 - 000009728 _____ () C:\Documents and Settings\User 1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\WINDOWS\explorer.exe => File is digitally signed
        C:\WINDOWS\system32\winlogon.exe => File is digitally signed
        C:\WINDOWS\system32\svchost.exe => File is digitally signed
        C:\WINDOWS\system32\services.exe => File is digitally signed
        C:\WINDOWS\system32\User32.dll => File is digitally signed
        C:\WINDOWS\system32\userinit.exe => File is digitally signed
        C:\WINDOWS\system32\rpcss.dll => File is digitally signed
        C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
        C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
        ==================== End of FRST.txt ============================
        Addition.txt
      • от мирослав24
        Здравейте,
        имам проблеми с компютъра-много трудно използвам клавиатурата,особено ако пиша директно в браузъра,за да се напише буква трябва да натискам няколко пъти съответния бутон и често не се изписва съответната буква а се изпълнява друга функция-или се отваря някоя икона от десктопа или се затваря браузъра.Така е с виртуалната и с наличната и с външна.Много трудно се отварят програмите по причина че се отварят за части от секундата и се затварят сами.Успях частично да сканирам с ЕСЕТ онлайн скенер,като заби почти на привършване,ето и лога :
        C:\ProgramData\Panda Security\Panda Cloud Antivirus\Download\0x04011000\CloudAntivirus.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of Win64/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.C potentially unwanted application,a variant of Win32/Toolbar.Visicom.E potentially unwanted application,a variant of Win64/NetFilter.A potentially unsafe application,a variant of Win32/NetFilter.A potentially unsafe application    
        C:\Users\All Users\Panda Security\Panda Cloud Antivirus\Download\0x04011000\CloudAntivirus.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of Win64/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.C potentially unwanted application,a variant of Win32/Toolbar.Visicom.E potentially unwanted application,a variant of Win64/NetFilter.A potentially unsafe application,a variant of Win32/NetFilter.A potentially unsafe application    
        C:\Users\GERGANA\AppData\Roaming\uTorrent\uTorrent.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    
        C:\Users\GERGANA\Desktop\avc-free.exe    a variant of Win32/FusionCore.L potentially unwanted application    
        Успях да подкарам и FRST
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2017
        Ran by GERGANA (administrator) on GERGANA-PC (13-08-2017 17:35:14)
        Running from C:\Users\GERGANA\Desktop
        Loaded Profiles: GERGANA (Available Profiles: GERGANA)
        Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
        (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
        (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
        (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
        (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
        (BitTorrent Inc.) C:\Users\GERGANA\AppData\Roaming\uTorrent\uTorrent.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [SBRegRebootCleaner] => C:\VIPRERESCUE\SBRC.exe [202128 2013-09-30] (ThreatTrack Security, Inc.)
        HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [2154592 2017-07-31] (QIHU 360 SOFTWARE CO. LIMITED)
        Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
        Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2015-01-08]
        ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
        BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 84.54.128.100 84.54.128.9
        Tcpip\..\Interfaces\{050FEA5C-3630-4D0F-A8E4-8EC183BF8AE8}: [DhcpNameServer] 84.54.128.100 84.54.128.9
        Tcpip\..\Interfaces\{94C064C5-8139-44AB-810C-1E9D0A2F024F}: [DhcpNameServer] 84.54.128.100 84.54.128.9
        Tcpip\..\Interfaces\{C9DE01DF-38AF-422C-8292-00BF45A44DE5}: [DhcpNameServer] 217.18.252.131 87.246.20.11
        Internet Explorer:
        ==================
        BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2017-07-26] (Qihu 360 Software Co., Ltd.)
        BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation)
        BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
        FireFox:
        ========
        FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
        FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
        FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
        FF Plugin-x32: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
        FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
        FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
        Chrome: 
        =======
        CHR DefaultProfile: Default
        CHR Profile: C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default [2017-08-13]
        CHR Extension: (Adblock Plus) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
        CHR Extension: (AdBlocker Ultimate) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2017-01-22]
        CHR Extension: (Chrome Media Router) - C:\Users\GERGANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-04]
        CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
        Opera: 
        =======
        OPR StartupUrls: "hxxp://google.bg/"
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
        S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
        R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
        R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [929888 2017-07-26] (QIHU 360 SOFTWARE CO. LIMITED)
        S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
        R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [175040 2017-06-09] (360.cn)
        R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2017-07-26] (360.cn)
        R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2017-07-26] (360.cn)
        R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2017-07-26] (360.cn)
        R3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [49088 2017-06-09] (360.cn)
        R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [423360 2017-06-09] (360.cn)
        R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [190400 2017-06-09] (360.cn)
        R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
        S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
        S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
        R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-11] (Intel Corporation)
        S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [119680 2009-11-17] (TCT International Mobile Ltd)
        R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.)
        S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-08-13 17:35 - 2017-08-13 17:35 - 000008280 _____ C:\Users\GERGANA\Desktop\FRST.txt
        2017-08-13 17:34 - 2017-08-13 17:35 - 000000000 ____D C:\FRST
        2017-08-13 17:32 - 2017-08-13 17:32 - 002395648 _____ (Farbar) C:\Users\GERGANA\Desktop\FRST64.exe
        2017-08-13 17:20 - 2017-08-13 17:20 - 000002738 _____ C:\Users\GERGANA\Desktop\есет сканиране.txt
        2017-08-13 16:54 - 2017-08-13 16:54 - 006754944 _____ (ESET spol. s r.o.) C:\Users\GERGANA\Desktop\esetonlinescanner_enu.exe
        2017-08-13 16:54 - 2017-08-13 16:54 - 000000000 ____D C:\Users\GERGANA\AppData\Local\ESET
        2017-08-09 18:00 - 2017-08-09 18:00 - 391386202 _____ C:\Windows\MEMORY.DMP
        2017-08-09 18:00 - 2017-08-09 18:00 - 000281272 _____ C:\Windows\Minidump\080917-15880-01.dmp
        2017-08-06 22:30 - 2017-08-06 22:30 - 000109864 _____ C:\Users\GERGANA\AppData\Local\GDIPFONTCACHEV1.DAT
        2017-08-06 20:52 - 2017-08-06 20:52 - 000409576 _____ C:\Windows\system32\FNTCACHE.DAT
        2017-08-04 22:57 - 2017-08-04 22:57 - 000002071 _____ C:\Users\GERGANA\Desktop\Cleanup.lnk
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-08-13 17:35 - 2013-12-11 15:23 - 000000000 ____D C:\Users\GERGANA\AppData\Roaming\uTorrent
        2017-08-13 17:34 - 2016-05-09 19:36 - 000000000 __SHD C:\$360Section
        2017-08-13 17:34 - 2016-05-09 19:32 - 000000000 ____D C:\ProgramData\360Quarant
        2017-08-13 12:59 - 2016-05-09 19:30 - 000000000 ____D C:\Users\GERGANA\AppData\LocalLow\360WD
        2017-08-13 12:54 - 2009-07-14 07:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2017-08-13 12:54 - 2009-07-14 07:45 - 000021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2017-08-13 12:48 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-08-09 18:00 - 2014-10-14 19:33 - 000000000 ____D C:\Windows\Minidump
        2017-08-09 17:56 - 2016-05-27 01:36 - 000000000 ____D C:\Users\GERGANA\AppData\Roaming\Skype
        2017-08-09 17:41 - 2016-05-08 15:52 - 000594316 _____ C:\Windows\system32\perfh002.dat
        2017-08-09 17:41 - 2016-05-08 15:52 - 000096648 _____ C:\Windows\system32\perfc002.dat
        2017-08-09 17:41 - 2009-07-14 08:13 - 001365408 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-08-09 17:41 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
        2017-08-08 09:50 - 2016-06-30 21:37 - 000001149 _____ C:\Users\Public\Desktop\360 Total Security.lnk
        2017-08-08 09:50 - 2016-05-09 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
        2017-08-06 19:41 - 2014-05-30 07:32 - 000003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
        2017-08-06 19:41 - 2014-05-30 07:32 - 000003476 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
        2017-08-06 19:41 - 2013-12-11 16:41 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
        2017-08-06 19:41 - 2013-12-11 16:41 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
        2017-08-03 22:08 - 2013-12-11 16:42 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2017-07-27 09:04 - 2009-07-14 08:08 - 000032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
        2017-07-26 13:36 - 2016-05-09 19:30 - 000086248 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
        2017-07-26 13:36 - 2016-05-09 19:29 - 000330472 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
        2017-07-26 13:36 - 2016-05-09 19:29 - 000086248 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
        ==================== Files in the root of some directories =======
        2014-03-20 23:13 - 2017-05-28 13:47 - 000011776 _____ () C:\Users\GERGANA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        2016-06-16 17:44 - 2016-06-16 17:44 - 000000036 _____ () C:\Users\GERGANA\AppData\Local\housecall.guid.cache
        2013-12-17 20:46 - 2014-09-03 23:44 - 000007668 _____ () C:\Users\GERGANA\AppData\Local\resmon.resmoncfg
        2014-02-02 00:20 - 2014-02-02 00:20 - 000000000 _____ () C:\ProgramData\0x0304A000.sfl
        Some files in TEMP:
        ====================
        2017-08-06 21:00 - 2017-08-07 18:05 - 058782680 _____ (Skype Technologies S.A.) C:\Users\GERGANA\AppData\Local\Temp\SkypeSetup.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\SysWOW64\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-08-13 16:40
        ==================== End of FRST.txt ============================
        Addition.txt
      • от alexalm
        Здравейте,
        имам лаптоп Lenovo IdeaPad Y700-15ISK
        вчера вечерта забелязах, че докато съм в интерент системата зпочна да се забавя, да мисли много докато отврая нещо... Пуснах windows defender  да сканира и намери 4 вируса - изтрих ги, като цяло всичко изглежда добре но днес пак ми намери един троянски кон + мисля че може да вижда като вируси кейгени, които съм използвала за инсталиране на Photoshop и Illustartor - HackTool:Win32/Keygen.
        Нямам диск за операционната система.
        Моля да проверим дали системата ми е чиста.
         
        Благодаря предварително!
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
        Ran by Vesi (administrator) on DESKTOP-KT0311H (26-08-2017 11:22:49)
        Running from C:\Users\Vesi\Desktop
        Loaded Profiles: Vesi (Available Profiles: Vesi)
        Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: FF)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
        (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
        () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
        (Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
        (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
        (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
        (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
        (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
        (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
        (Intel Corporation) C:\Windows\System32\igfxEM.exe
        (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
        (Intel Corporation) C:\Windows\System32\igfxHK.exe
        () C:\Windows\System32\igfxTray.exe
        (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
        (Viber Media S.à r.l.) C:\Users\Vesi\AppData\Local\Viber\Viber.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
        () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
        (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
        () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
        (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
        () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
        () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17072.13111.0_x64__8wekyb3d8bbwe\Video.UI.exe
        (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.41055.0_x64__8wekyb3d8bbwe\HxOutlook.exe
        (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.41055.0_x64__8wekyb3d8bbwe\HxTsr.exe
        () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1862.0_x64__8wekyb3d8bbwe\Calculator.exe
        (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
        (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
        (Microsoft Corporation) C:\Windows\System32\dllhost.exe
        (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
        (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
        (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
        (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
        (Microsoft Corporation) C:\Windows\System32\dllhost.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
        HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-01-22] (Realtek Semiconductor)
        HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-01-22] (Realtek Semiconductor)
        HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-01-22] (Realtek Semiconductor)
        HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-01-22] (Realtek Semiconductor)
        HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
        HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
        HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
        HKU\S-1-5-21-3436498861-2500663078-494777252-1001\...\Run: [uTorrent] => C:\Users\Vesi\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-07-03] (BitTorrent Inc.)
        HKU\S-1-5-21-3436498861-2500663078-494777252-1001\...\Run: [Viber] => C:\Users\Vesi\AppData\Local\Viber\Viber.exe [30867536 2017-08-03] (Viber Media S.à r.l.)
        HKU\S-1-5-21-3436498861-2500663078-494777252-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
        HKU\S-1-5-21-3436498861-2500663078-494777252-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-07-03] (Disc Soft Ltd)
        HKU\S-1-5-21-3436498861-2500663078-494777252-1001\...\MountPoints2: {5543fe8a-5cfb-11e7-82e3-ccb0daa79f6a} - "E:\Autoplay.exe" -auto
        IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
        Tcpip\Parameters: [DhcpNameServer] 172.16.1.1
        Tcpip\..\Interfaces\{69341f9f-82fc-48be-8c8d-204136e485b0}: [DhcpNameServer] 172.16.1.1
        Internet Explorer:
        ==================
        BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-15] (Microsoft Corporation)
        Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
        Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
        Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
        Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
        FireFox:
        ========
        FF DefaultProfile: gpgj94ro.default
        FF ProfilePath: C:\Users\Vesi\AppData\Roaming\Mozilla\Firefox\Profiles\gpgj94ro.default [2017-08-26]
        FF Homepage: Mozilla\Firefox\Profiles\gpgj94ro.default -> hxxps://www.google.bg
        FF Extension: (Adblock Plus) - C:\Users\Vesi\AppData\Roaming\Mozilla\Firefox\Profiles\gpgj94ro.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
        FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-26] ()
        FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
        FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
        FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-26] ()
        FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
        FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
        FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
        FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
        FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
        R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
        R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [347064 2016-08-12] (Windows (R) Win 7 DDK provider)
        S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [623072 2016-06-01] (Intel Corporation)
        R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [176640 2015-09-22] () [File not signed]
        S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-07-03] (Disc Soft Ltd)
        R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
        R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373736 2016-06-01] (Intel Corporation)
        S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-12-27] () [File not signed]
        R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
        R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
        R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
        S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
        R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
        S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
        R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed]
        R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [267360 2017-01-23] (Synaptics Incorporated)
        R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10884848 2017-05-23] (TeamViewer GmbH)
        R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
        R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-12-27] (Disc Soft Ltd)
        R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-12-27] (Disc Soft Ltd)
        R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
        R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-08-26] (Malwarebytes)
        R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-08-26] (Malwarebytes)
        R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-08-26] (Malwarebytes)
        R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-08-26] (Malwarebytes)
        R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-08-26] (Malwarebytes)
        R1 MpKsl40c82695; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{461EC048-3160-430F-8E36-C01F014B6662}\MpKsl40c82695.sys [44928 2017-08-25] (Microsoft Corporation)
        R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
        S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
        R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
        R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2344448 2017-03-18] (Qualcomm Atheros, Inc.)
        R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
        R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3128600 2016-08-18] (Realtek Semiconductor Corp.)
        S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
        R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72800 2017-01-23] (Synaptics Incorporated)
        S3 TTDrv; D:\Programs\KOPLAYER\vbox\TTDrv.sys [261104 2015-12-22] (Oracle Corporation)
        S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
        R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
        R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
        U4 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2016-12-28] (Basil Projects)
        R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-08-26 11:22 - 2017-08-26 11:23 - 000015866 _____ C:\Users\Vesi\Desktop\FRST.txt
        2017-08-26 11:22 - 2017-08-26 11:22 - 002395648 _____ (Farbar) C:\Users\Vesi\Desktop\FRST64.exe
        2017-08-26 11:22 - 2017-08-26 11:22 - 000000000 ____D C:\FRST
        2017-08-26 10:33 - 2017-08-26 10:33 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
        2017-08-26 10:33 - 2017-08-26 10:33 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
        2017-08-26 10:33 - 2017-08-26 10:33 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
        2017-08-26 10:33 - 2017-08-26 10:33 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
        2017-08-26 10:32 - 2017-08-26 10:32 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
        2017-08-26 10:32 - 2017-08-26 10:32 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
        2017-08-26 10:32 - 2017-08-26 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
        2017-08-26 10:32 - 2017-08-26 10:32 - 000000000 ____D C:\ProgramData\Malwarebytes
        2017-08-26 10:32 - 2017-08-26 10:32 - 000000000 ____D C:\Program Files\Malwarebytes
        2017-08-26 10:32 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
        2017-08-26 10:30 - 2017-08-26 10:31 - 066347240 _____ (Malwarebytes ) C:\Users\Vesi\Downloads\mb3-setup-consumer-3.2.2.2018.exe
        2017-08-26 10:21 - 2017-08-26 10:21 - 000000000 ____D C:\ProgramData\McAfee
        2017-08-20 15:21 - 2017-08-20 15:22 - 000000000 ____D C:\Users\Vesi\Documents\rexultati izsledvaniq
        2017-08-20 15:20 - 2017-08-20 15:20 - 000000696 _____ C:\Users\Vesi\Desktop\vayana - Shortcut.lnk
        2017-08-20 15:15 - 2017-08-20 15:17 - 000000000 ____D C:\Users\Vesi\Desktop\sait pictures
        2017-08-19 20:07 - 2017-08-19 20:07 - 005833448 _____ C:\Users\Vesi\Desktop\cover.pdf
        2017-08-13 22:05 - 2017-08-01 05:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
        2017-08-13 22:05 - 2017-08-01 05:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
        2017-08-13 22:05 - 2017-08-01 05:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
        2017-08-13 22:05 - 2017-08-01 05:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
        2017-08-13 22:05 - 2017-08-01 05:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
        2017-08-13 22:05 - 2017-08-01 05:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
        2017-08-13 22:05 - 2017-08-01 05:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
        2017-08-13 22:05 - 2017-08-01 05:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
        2017-08-13 22:05 - 2017-08-01 05:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
        2017-08-13 22:05 - 2017-08-01 05:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
        2017-08-13 22:05 - 2017-08-01 05:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
        2017-08-13 22:05 - 2017-08-01 05:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
        2017-08-13 22:05 - 2017-08-01 05:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
        2017-08-13 22:05 - 2017-08-01 05:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
        2017-08-13 22:05 - 2017-08-01 05:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
        2017-08-13 22:05 - 2017-08-01 05:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
        2017-08-13 22:05 - 2017-08-01 05:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
        2017-08-13 22:05 - 2017-08-01 05:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
        2017-08-13 22:05 - 2017-08-01 05:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
        2017-08-13 22:05 - 2017-08-01 05:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
        2017-08-13 22:05 - 2017-08-01 05:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
        2017-08-13 22:05 - 2017-08-01 05:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
        2017-08-13 22:05 - 2017-08-01 05:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
        2017-08-13 22:05 - 2017-08-01 05:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
        2017-08-13 22:05 - 2017-08-01 05:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
        2017-08-13 22:05 - 2017-08-01 05:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
        2017-08-13 22:05 - 2017-08-01 05:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
        2017-08-13 22:05 - 2017-08-01 05:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
        2017-08-13 22:05 - 2017-08-01 05:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
        2017-08-13 22:05 - 2017-08-01 05:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
        2017-08-13 22:05 - 2017-08-01 05:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
        2017-08-13 22:05 - 2017-08-01 05:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
        2017-08-13 22:05 - 2017-08-01 05:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
        2017-08-13 22:05 - 2017-08-01 05:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
        2017-08-13 22:05 - 2017-08-01 05:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
        2017-08-13 22:05 - 2017-08-01 05:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
        2017-08-13 22:05 - 2017-08-01 05:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
        2017-08-13 22:05 - 2017-08-01 04:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
        2017-08-13 22:05 - 2017-08-01 04:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
        2017-08-13 22:05 - 2017-08-01 04:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
        2017-08-13 22:05 - 2017-08-01 04:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
        2017-08-13 22:05 - 2017-08-01 04:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
        2017-08-13 22:05 - 2017-08-01 04:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
        2017-08-13 22:05 - 2017-08-01 04:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
        2017-08-13 22:05 - 2017-08-01 04:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
        2017-08-13 22:05 - 2017-08-01 04:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
        2017-08-13 22:05 - 2017-08-01 04:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
        2017-08-13 22:05 - 2017-08-01 01:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
        2017-08-13 22:05 - 2017-07-28 08:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
        2017-08-13 22:05 - 2017-07-28 08:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
        2017-08-13 22:05 - 2017-07-28 08:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
        2017-08-13 22:05 - 2017-07-28 08:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
        2017-08-13 22:05 - 2017-07-28 08:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
        2017-08-13 22:05 - 2017-07-28 08:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
        2017-08-13 22:05 - 2017-07-28 08:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
        2017-08-13 22:05 - 2017-07-28 08:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
        2017-08-13 22:05 - 2017-07-28 08:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
        2017-08-13 22:05 - 2017-07-28 08:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
        2017-08-13 22:05 - 2017-07-28 08:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
        2017-08-13 22:05 - 2017-07-28 08:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
        2017-08-13 22:05 - 2017-07-28 08:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
        2017-08-13 22:05 - 2017-07-28 08:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
        2017-08-13 22:05 - 2017-07-28 07:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
        2017-08-13 22:05 - 2017-07-28 07:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
        2017-08-13 22:05 - 2017-07-28 07:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
        2017-08-13 22:05 - 2017-07-28 07:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
        2017-08-13 22:05 - 2017-07-28 07:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
        2017-08-13 22:05 - 2017-07-28 07:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
        2017-08-13 22:05 - 2017-07-28 07:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
        2017-08-13 22:05 - 2017-07-28 07:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
        2017-08-13 22:05 - 2017-07-28 07:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
        2017-08-13 22:05 - 2017-07-28 07:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
        2017-08-13 22:05 - 2017-07-28 07:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
        2017-08-13 22:05 - 2017-07-28 07:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
        2017-08-13 22:05 - 2017-07-28 07:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
        2017-08-13 22:05 - 2017-07-28 07:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
        2017-08-13 22:05 - 2017-07-28 07:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
        2017-08-13 22:05 - 2017-07-28 07:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
        2017-08-13 22:05 - 2017-07-28 07:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
        2017-08-13 22:05 - 2017-07-28 07:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
        2017-08-13 22:05 - 2017-07-28 07:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
        2017-08-13 22:05 - 2017-07-28 07:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
        2017-08-13 22:05 - 2017-07-28 07:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
        2017-08-13 22:05 - 2017-07-28 07:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
        2017-08-13 22:05 - 2017-07-28 07:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
        2017-08-13 22:05 - 2017-07-28 07:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
        2017-08-13 22:05 - 2017-07-28 07:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
        2017-08-13 22:05 - 2017-07-28 07:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
        2017-08-13 22:05 - 2017-07-28 07:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
        2017-08-13 22:05 - 2017-07-28 07:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
        2017-08-13 22:05 - 2017-07-28 07:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
        2017-08-13 22:05 - 2017-07-28 07:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
        2017-08-13 22:05 - 2017-07-28 07:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
        2017-08-13 22:05 - 2017-07-28 07:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
        2017-08-13 22:05 - 2017-07-28 07:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
        2017-08-13 22:05 - 2017-07-28 07:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
        2017-08-13 22:05 - 2017-07-28 07:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
        2017-08-13 22:05 - 2017-07-28 07:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
        2017-08-13 22:05 - 2017-07-28 07:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
        2017-08-13 22:05 - 2017-07-28 07:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
        2017-08-13 22:05 - 2017-07-28 07:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
        2017-08-13 22:05 - 2017-07-28 07:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
        2017-08-13 22:05 - 2017-07-28 07:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
        2017-08-13 22:05 - 2017-07-28 07:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
        2017-08-13 22:05 - 2017-07-28 07:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
        2017-08-13 22:05 - 2017-07-28 07:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
        2017-08-13 22:05 - 2017-07-28 07:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
        2017-08-13 22:05 - 2017-07-28 07:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
        2017-08-13 22:05 - 2017-07-28 07:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
        2017-08-13 22:05 - 2017-07-28 07:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
        2017-08-13 22:05 - 2017-07-28 07:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
        2017-08-13 22:05 - 2017-07-28 07:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
        2017-08-13 22:05 - 2017-07-28 07:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
        2017-08-13 22:05 - 2017-07-28 07:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
        2017-08-13 22:05 - 2017-07-28 07:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
        2017-08-13 22:05 - 2017-07-28 07:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
        2017-08-13 22:05 - 2017-07-28 07:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
        2017-08-13 22:05 - 2017-07-28 07:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
        2017-08-13 22:05 - 2017-07-28 07:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
        2017-08-13 22:05 - 2017-07-28 07:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
        2017-08-13 22:05 - 2017-07-28 07:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
        2017-08-13 22:05 - 2017-07-28 07:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
        2017-08-13 22:05 - 2017-07-28 07:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
        2017-08-13 22:05 - 2017-07-28 07:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
        2017-08-13 22:04 - 2017-08-01 05:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
        2017-08-13 22:04 - 2017-08-01 05:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
        2017-08-13 22:04 - 2017-08-01 05:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
        2017-08-13 22:04 - 2017-08-01 05:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
        2017-08-13 22:04 - 2017-08-01 05:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
        2017-08-13 22:04 - 2017-08-01 05:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
        2017-08-13 22:04 - 2017-08-01 05:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
        2017-08-13 22:04 - 2017-08-01 05:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
        2017-08-13 22:04 - 2017-08-01 05:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
        2017-08-13 22:04 - 2017-08-01 05:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
        2017-08-13 22:04 - 2017-08-01 05:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
        2017-08-13 22:04 - 2017-08-01 05:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
        2017-08-13 22:04 - 2017-08-01 05:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
        2017-08-13 22:04 - 2017-08-01 05:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
        2017-08-13 22:04 - 2017-08-01 04:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
        2017-08-13 22:04 - 2017-08-01 04:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
        2017-08-13 22:04 - 2017-08-01 04:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
        2017-08-13 22:04 - 2017-08-01 04:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
        2017-08-13 22:04 - 2017-08-01 04:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
        2017-08-13 22:04 - 2017-08-01 04:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
        2017-08-13 22:04 - 2017-08-01 04:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
        2017-08-13 22:04 - 2017-08-01 04:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
        2017-08-13 22:04 - 2017-08-01 04:41 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
        2017-08-13 22:04 - 2017-08-01 04:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
        2017-08-13 22:04 - 2017-08-01 04:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
        2017-08-13 22:04 - 2017-08-01 04:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
        2017-08-13 22:04 - 2017-08-01 04:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
        2017-08-13 22:04 - 2017-08-01 04:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
        2017-08-13 22:04 - 2017-08-01 04:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
        2017-08-13 22:04 - 2017-08-01 04:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
        2017-08-13 22:04 - 2017-08-01 04:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
        2017-08-13 22:04 - 2017-08-01 04:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
        2017-08-13 22:04 - 2017-08-01 04:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
        2017-08-13 22:04 - 2017-08-01 04:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
        2017-08-13 22:04 - 2017-08-01 04:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
        2017-08-13 22:04 - 2017-08-01 04:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
        2017-08-13 22:04 - 2017-08-01 04:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
        2017-08-13 22:04 - 2017-08-01 04:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
        2017-08-13 22:04 - 2017-08-01 04:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
        2017-08-13 22:04 - 2017-08-01 04:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
        2017-08-13 22:04 - 2017-08-01 04:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
        2017-08-13 22:04 - 2017-08-01 04:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
        2017-08-13 22:04 - 2017-08-01 04:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
        2017-08-13 22:04 - 2017-08-01 04:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
        2017-08-13 22:04 - 2017-08-01 04:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
        2017-08-13 22:04 - 2017-08-01 04:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
        2017-08-13 22:04 - 2017-08-01 04:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
        2017-08-13 22:04 - 2017-08-01 04:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
        2017-08-13 22:04 - 2017-08-01 04:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
        2017-08-13 22:04 - 2017-07-28 08:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
        2017-08-13 22:04 - 2017-07-28 08:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
        2017-08-13 22:04 - 2017-07-28 08:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
        2017-08-13 22:04 - 2017-07-28 08:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
        2017-08-13 22:04 - 2017-07-28 08:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
        2017-08-13 22:04 - 2017-07-28 08:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
        2017-08-13 22:04 - 2017-07-28 08:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
        2017-08-13 22:04 - 2017-07-28 08:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
        2017-08-13 22:04 - 2017-07-28 08:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
        2017-08-13 22:04 - 2017-07-28 08:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
        2017-08-13 22:04 - 2017-07-28 08:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
        2017-08-13 22:04 - 2017-07-28 08:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
        2017-08-13 22:04 - 2017-07-28 08:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
        2017-08-13 22:04 - 2017-07-28 08:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
        2017-08-13 22:04 - 2017-07-28 08:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
        2017-08-13 22:04 - 2017-07-28 08:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
        2017-08-13 22:04 - 2017-07-28 08:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
        2017-08-13 22:04 - 2017-07-28 08:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
        2017-08-13 22:04 - 2017-07-28 08:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
        2017-08-13 22:04 - 2017-07-28 08:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
        2017-08-13 22:04 - 2017-07-28 08:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
        2017-08-13 22:04 - 2017-07-28 08:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
        2017-08-13 22:04 - 2017-07-28 07:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
        2017-08-13 22:04 - 2017-07-28 07:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
        2017-08-13 22:04 - 2017-07-28 07:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
        2017-08-13 22:04 - 2017-07-28 07:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
        2017-08-13 22:04 - 2017-07-28 07:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
        2017-08-13 22:04 - 2017-07-28 07:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
        2017-08-13 22:04 - 2017-07-28 07:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
        2017-08-13 22:04 - 2017-07-28 07:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
        2017-08-13 22:04 - 2017-07-28 07:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
        2017-08-13 22:04 - 2017-07-28 07:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
        2017-08-13 22:04 - 2017-07-28 07:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
        2017-08-13 22:04 - 2017-07-28 07:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
        2017-08-13 22:04 - 2017-07-28 07:25 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
        2017-08-13 22:04 - 2017-07-28 07:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
        2017-08-13 22:04 - 2017-07-28 07:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
        2017-08-13 22:04 - 2017-07-28 07:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
        2017-08-13 22:04 - 2017-07-28 07:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
        2017-08-13 22:04 - 2017-07-28 07:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
        2017-08-13 22:04 - 2017-07-28 07:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
        2017-08-13 22:04 - 2017-07-28 07:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
        2017-08-13 22:04 - 2017-07-28 07:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
        2017-08-13 22:04 - 2017-07-28 07:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
        2017-08-13 22:04 - 2017-07-28 07:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
        2017-08-13 22:04 - 2017-07-28 07:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
        2017-08-13 22:04 - 2017-07-28 07:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
        2017-08-13 22:04 - 2017-07-28 07:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
        2017-08-13 22:04 - 2017-07-28 07:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
        2017-08-13 22:04 - 2017-07-28 07:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
        2017-08-13 22:04 - 2017-07-28 07:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
        2017-08-13 22:04 - 2017-07-28 07:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
        2017-08-13 22:04 - 2017-07-28 07:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
        2017-08-13 22:04 - 2017-07-28 07:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
        2017-08-13 22:04 - 2017-07-28 07:20 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
        2017-08-13 22:04 - 2017-07-28 07:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
        2017-08-13 22:04 - 2017-07-28 07:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
        2017-08-13 22:04 - 2017-07-28 07:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
        2017-08-13 22:04 - 2017-07-28 07:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
        2017-08-13 22:04 - 2017-07-28 07:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
        2017-08-13 22:04 - 2017-07-28 07:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
        2017-08-13 22:04 - 2017-07-28 07:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
        2017-08-13 22:04 - 2017-07-28 07:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
        2017-08-13 22:04 - 2017-07-28 07:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
        2017-08-13 22:04 - 2017-07-28 07:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
        2017-08-13 22:04 - 2017-07-28 07:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
        2017-08-13 22:04 - 2017-07-28 07:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
        2017-08-13 22:04 - 2017-07-28 07:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
        2017-08-13 22:04 - 2017-07-28 07:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
        2017-08-13 22:04 - 2017-07-28 07:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
        2017-08-13 22:04 - 2017-07-28 07:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
        2017-08-13 22:04 - 2017-07-28 07:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
        2017-08-13 22:04 - 2017-07-28 07:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
        2017-08-13 22:04 - 2017-07-28 07:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
        2017-08-13 22:04 - 2017-07-28 07:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
        2017-08-13 22:04 - 2017-07-28 07:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
        2017-08-13 22:04 - 2017-07-28 07:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
        2017-08-13 22:04 - 2017-07-28 07:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
        2017-08-13 22:04 - 2017-07-28 07:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
        2017-08-13 22:04 - 2017-07-28 07:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
        2017-08-13 22:04 - 2017-07-28 07:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
        2017-08-13 22:04 - 2017-07-28 07:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
        2017-08-13 22:04 - 2017-07-28 07:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
        2017-08-13 22:04 - 2017-07-28 07:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
        2017-08-13 22:04 - 2017-07-28 07:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
        2017-08-13 22:04 - 2017-07-28 07:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
        2017-08-13 22:04 - 2017-07-28 07:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
        2017-08-13 22:04 - 2017-07-28 07:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
        2017-08-13 22:04 - 2017-07-28 07:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
        2017-08-13 22:04 - 2017-07-28 07:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
        2017-08-13 22:04 - 2017-07-28 07:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
        2017-08-13 22:04 - 2017-07-28 07:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
        2017-08-13 22:04 - 2017-07-28 07:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
        2017-08-13 22:04 - 2017-07-28 07:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
        2017-08-13 22:04 - 2017-07-28 07:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
        2017-08-13 22:04 - 2017-07-28 07:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
        2017-08-13 22:04 - 2017-07-28 07:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
        2017-08-13 22:04 - 2017-07-28 07:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
        2017-08-13 22:04 - 2017-07-28 07:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
        2017-08-13 22:04 - 2017-07-28 07:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
        2017-08-13 22:04 - 2017-07-28 07:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
        2017-08-13 21:39 - 2017-08-13 21:41 - 000000000 ____D C:\Users\Vesi\AppData\Local\Viber
        2017-07-27 20:00 - 2017-07-27 20:00 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3436498861-2500663078-494777252-1001
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-08-26 11:21 - 2016-12-26 14:48 - 000000000 ____D C:\Users\Vesi\AppData\Roaming\Skype
        2017-08-26 10:00 - 2017-07-02 21:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
        2017-08-26 09:58 - 2016-12-26 18:40 - 000000000 ____D C:\Users\Vesi\AppData\Local\Adobe
        2017-08-26 09:57 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
        2017-08-26 09:57 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
        2017-08-26 09:54 - 2016-12-29 16:44 - 000000000 ____D C:\Users\Vesi\AppData\LocalLow\Mozilla
        2017-08-26 09:53 - 2017-05-31 20:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
        2017-08-26 09:36 - 2016-12-27 19:22 - 000000000 ____D C:\Users\Vesi\AppData\Local\Microsoft Windows
        2017-08-26 09:33 - 2017-02-16 19:16 - 000000000 ____D C:\Users\Vesi\AppData\Roaming\ViberPC
        2017-08-26 09:32 - 2017-05-31 20:06 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
        2017-08-26 09:32 - 2016-12-26 15:11 - 000000000 __SHD C:\Users\Vesi\IntelGraphicsProfiles
        2017-08-25 23:17 - 2016-12-26 15:00 - 000000000 ____D C:\Users\Vesi\AppData\Roaming\uTorrent
        2017-08-25 19:54 - 2017-02-16 19:16 - 000000000 ____D C:\Users\Vesi\Documents\ViberDownloads
        2017-08-25 17:51 - 2017-03-19 00:03 - 000000000 ___HD C:\Program Files\WindowsApps
        2017-08-25 17:51 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\AppReadiness
        2017-08-18 19:10 - 2016-12-26 17:05 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
        2017-08-16 22:50 - 2017-07-19 19:58 - 006963200 _____ C:\Users\Vesi\Desktop\Vayana_edited.indd
        2017-08-16 21:45 - 2017-07-22 21:01 - 001377627 _____ C:\Users\Vesi\Desktop\identichnost.pdf
        2017-08-16 19:42 - 2017-01-01 17:17 - 000017290 _____ C:\Users\Vesi\Desktop\Сметки апартамент.xlsx
        2017-08-14 18:40 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\rescache
        2017-08-14 18:30 - 2017-05-31 20:22 - 000897226 _____ C:\WINDOWS\system32\PerfStringBackup.INI
        2017-08-14 18:30 - 2017-03-19 00:01 - 000000000 ____D C:\WINDOWS\INF
        2017-08-14 18:26 - 2016-04-27 08:37 - 000000000 __RHD C:\Users\Public\AccountPictures
        2017-08-14 18:24 - 2017-05-31 20:02 - 005058928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
        2017-08-14 18:22 - 2017-05-31 20:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
        2017-08-14 18:22 - 2016-12-29 12:10 - 000000000 ____D C:\ProgramData\NVIDIA
        2017-08-13 22:56 - 2017-03-18 14:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\oobe
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
        2017-08-13 22:55 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
        2017-08-13 22:12 - 2017-03-18 23:51 - 000000000 ____D C:\WINDOWS\CbsTemp
        2017-08-13 22:09 - 2016-12-27 18:48 - 000000000 ____D C:\WINDOWS\system32\MRT
        2017-08-13 22:07 - 2016-12-27 18:48 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
        2017-08-13 21:47 - 2017-05-31 20:21 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
        2017-08-13 21:46 - 2016-12-30 17:24 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
        2017-08-13 21:41 - 2016-12-26 23:18 - 000000000 ____D C:\ProgramData\Skype
        2017-08-07 19:11 - 2016-12-26 14:44 - 000000000 ____D C:\Users\Vesi\AppData\Local\Packages
        2017-07-31 18:15 - 2017-03-19 00:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
        2017-07-31 18:15 - 2017-03-19 00:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
        2017-07-27 20:00 - 2016-12-26 14:47 - 000002360 _____ C:\Users\Vesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
        2017-07-27 20:00 - 2016-12-26 14:47 - 000000000 ___RD C:\Users\Vesi\OneDrive
        ==================== Files in the root of some directories =======
        2016-12-26 19:39 - 2017-07-24 22:24 - 000000034 _____ () C:\Users\Vesi\AppData\Roaming\AdobeWLCMCache.dat
        2017-01-07 22:47 - 2017-07-23 14:23 - 000000112 _____ () C:\Users\Vesi\AppData\Roaming\JP2K CS6 Prefs
        2016-12-27 19:05 - 2017-04-12 19:49 - 000007597 _____ () C:\Users\Vesi\AppData\Local\Resmon.ResmonCfg
        2017-05-31 20:06 - 2017-05-31 20:06 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
        2017-05-31 20:07 - 2017-05-31 20:07 - 000000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
        Some files in TEMP:
        ====================
        2017-07-04 20:43 - 2017-07-04 20:43 - 000790488 _____ (Disc Soft Ltd.) C:\Users\Vesi\AppData\Local\Temp\dt_B73C.tmp.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\WINDOWS\system32\winlogon.exe => File is digitally signed
        C:\WINDOWS\system32\wininit.exe => File is digitally signed
        C:\WINDOWS\explorer.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
        C:\WINDOWS\system32\svchost.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
        C:\WINDOWS\system32\services.exe => File is digitally signed
        C:\WINDOWS\system32\User32.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
        C:\WINDOWS\system32\userinit.exe => File is digitally signed
        C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
        C:\WINDOWS\system32\rpcss.dll => File is digitally signed
        C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
        C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
        C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-08-25 20:24
        ==================== End of FRST.txt ============================
        Addition.txt
    • Разглеждащи в момента   0 потребители

      Няма регистрирани потребители разглеждащи тази страница.

    • Дарение

    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.