Премини към съдържанието

Препоръчан отговор


Правя тази тема във връзка с този съвет -

"Здравейте,
до вчера нямах проблеми, но днес като включих Google Chrome и се опитах да вляза в профила ми в един посещаван от мен сайт, забелязах, че нямам достъп до него, в последствие разбрах, че профила е откраднат от друг човек.. По принцип съм предпазлив и за пръв път ми се случва този проблем.
След това, забелязах че самия Google Chrome ми се струва някак променен и на мястото за линковете имам удивителна, става въпрос за това -
.gp1XYf3.jpg
___
BIn5YPe.jpg

Доста различно ми се струва и при писането на линкове и подсетката им под полето и т.н.
За щастие, както казах съм предпазлив и са успяли само този въпросен профил да откраднат, иначе видях, че са се опитали да "хакнат" и други мои профили, но не са успяли..


Ако съм пуснал темата в грешния раздел, се извинявам и моля да бъдете преместена в правилния.

Предварително благодаря за помощта."

и 

" Не въпроса не е там.. Нямам предвид самото предупреждение, ами че преди, да ми разберат паролата за профила, който ми откраднаха го нямаше и по-различен начин ми се изобразяваха примерно подсказките за линкове, под полето за въвеждане на линкове. Иначе профила в Google и други важни профили, не мисля че имат достъп до тях и не знаят паролите, тъй като на всеки профил във всеки сайт съм с различна парола и то паролите са ми СЛОЖНИ..

Като цяло, публикувах тази тема, за да разбера дали имам някакъв остатъчен проблем, защото нещата ми изглеждат различни.. 
Преинсталирах Chrome-а, трих историята и връщах настройките по Default, не си остава така, няма промяна. "

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2016
Ran by Maria (administrator) on MARIA-PC (18-09-2016 11:08:00)
Running from C:\Users\Maria\Downloads
Loaded Profiles: Maria (Available Profiles: Maria)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Български (България)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Viber Media S.à r.l.) C:\Users\Maria\AppData\Local\Viber\Viber.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2011-12-12] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-12-12] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-05] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-05] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-12] (Wistron Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-04-14] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [228448 2011-04-14] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1094404268-214187251-904566498-1000\...\Run: [Viber] => C:\Users\Maria\AppData\Local\Viber\Viber.exe [72586832 2016-08-10] (Viber Media S.à r.l.)
HKU\S-1-5-21-1094404268-214187251-904566498-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29544576 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1094404268-214187251-904566498-1000\...\MountPoints2: {36cbb134-6038-11e3-ab62-00262dcb26f7} - F:\SETUP.EXE
HKU\S-1-5-21-1094404268-214187251-904566498-1000\...\MountPoints2: {4339173f-600a-11e3-af29-00262dcb26f7} - F:\Start.exe
HKU\S-1-5-21-1094404268-214187251-904566498-1000\...\MountPoints2: {6968120d-d786-11dd-a6b3-00262dcb26f7} - I:\LGAutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177952 2016-05-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155768 2016-05-20] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2013-12-08]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{409DC300-28AF-468F-9624-1F3309701881}\SHCT_TRAY_STARTUP_F1540F35F9254DF584F2487D88448402.exe (Acresso Software Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4BCFF095-6E1B-4083-8FB3-35C41610CAF9}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1094404268-214187251-904566498-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE12&ocid=UE12DHP
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\dbbhtf5g.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml [2015-04-27]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2015-04-27]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml [2015-04-27]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2015-04-27]
FF Extension: (Video DownloadHelper) - C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\dbbhtf5g.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-08-12]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]

Chrome: 
=======
CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default [2016-09-18]
CHR Extension: (Google Презентации) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-17]
CHR Extension: (Google Документи) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-17]
CHR Extension: (Google Диск) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-17]
CHR Extension: (YouTube) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-17]
CHR Extension: (Електронни таблици от Google) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-17]
CHR Extension: (Google Документи офлайн) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-17]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-17]
CHR Extension: (Gmail) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-17]
CHR Extension: (Chrome Media Router) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-17]
CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-09-18]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-18]
CHR Extension: (Chrome Media Router) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-18]
CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\System Profile [2016-09-18] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2000-01-01] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-05-10] (The OpenVPN Project)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2011-12-12] () [File not signed]
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2011-10-07] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-05] (Wistron Corp.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [158464 2013-12-08] (ITE                      )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-17] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2000-01-01] (Realtek Semiconductor Corp.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-19] ()
S3 wtsmpadap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [56104 2009-07-20] (Swisscom)
S3 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [384808 2009-07-20] (Swisscom)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S1 ArcSec; system32\drivers\ArcSec.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\AMPPAL.sys 9C385432C11AECC647E8D0BC7663AB48
C:\Windows\System32\DRIVERS\amppal.sys 9C385432C11AECC647E8D0BC7663AB48
C:\Windows\system32\drivers\appid.sys 52F8C264D3BF90D2726FDE6642A381D4
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\clwvd.sys 50F92C943F18B070F166D019DFAB3D9A
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 3323F76352B0AF14B2CDC4DFBF3E980A
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 8C44E6B688790E2AD3846C97661C54F1
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys A5F7CEF8A939EBE270462EDEFD629F20
C:\Windows\System32\DRIVERS\IntcDAud.sys F5495B38BFB9149925F54F65AB40EFBF
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\Drivers\IT9135BDA.sys 00CB3B7A1B166B425F9A330CA51E3568
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys EB7BB4F58971F4FE099B3CE127346563
C:\Windows\System32\Drivers\ksecpkg.sys 6EBBA531A455E8F1092FD530A8682A97
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 6DD5383C9413AAE3113FAF89E345663D
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 772A1DEEDFDBC244183B5C805D1B7D85
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\System32\DRIVERS\MpFilter.sys DA0FAEE45D6F03D7647851A20977A7D0
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
C:\Windows\System32\DRIVERS\mrxsmb.sys 341C65D6D4E9AB705258AC83511F7ADD
C:\Windows\System32\DRIVERS\mrxsmb10.sys F93EDDF0B69760456C6E0D73405AC078
C:\Windows\System32\DRIVERS\mrxsmb20.sys A558D659B722FE5FB8C6E1BF288F7316
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\System32\DRIVERS\NETwsw00.sys 3184D1564F9970F4EC81AF0347AD42B7
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 6D79C8CB73187FBEAAD1F680FADF98D3
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys B67A5ECFA7043F3CE21CBA39B2682976
C:\Windows\System32\DRIVERS\nvpciflt.sys BA2E0DDBBF6CE6F0A8587AF789134DA2
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys DEF76B479C3525952D0BD71E881E07B0
C:\Windows\System32\drivers\nvvad64v.sys F37FE6B15A987AEEC08EEF531F2FAED7
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RTSUVSTOR.sys CE0A1D8A59410E698140821E4E69DA0D
C:\Windows\System32\DRIVERS\rtcrfilt64.sys E6458C9289160F440AC40D62926B39A6
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys EC666682FE8344CF7E6ED69E74FA9F4F
C:\Windows\System32\DRIVERS\srv2.sys E450C0318DCE8ED28ED272C8806B8495
C:\Windows\System32\DRIVERS\srvnet.sys 9C12C78AD36C23D925711A4640228225
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SWDUMon.sys 9CFEFD62D86DABFAC12D1C5ED72BA6A4
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys B3AD15FA10EBEAFC1275F34050E4E230
C:\Windows\System32\DRIVERS\tap0901.sys D765F43CBEA72D14C04AF3D2B9C8E54B
C:\Windows\System32\drivers\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\DRIVERS\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tihub3.sys DA632FAE7B5629032B2C24E1BE29168B
C:\Windows\System32\DRIVERS\tixhci.sys 6AAD465F69632931B6D8D61B287E6DE9
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wsvd.sys 82E8F5AA03DF7DBDB8A33F700D5D8CDA
C:\Windows\System32\DRIVERS\wtsmpadap.sys F7ADA10CF0F02435B1C9E5C6FD0EC3A4
C:\Windows\System32\DRIVERS\wtsmpflt.sys 4B604168F293A6AD8CE56B528E4DAD14
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\Drivers\x10hid.sys BAA813A76F5DB6CC3C2CEAB7D82B6972

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-18 11:08 - 2016-09-18 11:09 - 00037321 _____ C:\Users\Maria\Downloads\FRST.txt
2016-09-18 11:07 - 2016-09-18 11:08 - 00000000 ____D C:\FRST
2016-09-18 11:06 - 2016-09-18 11:06 - 02399232 _____ (Farbar) C:\Users\Maria\Downloads\FRST64.exe
2016-09-18 09:36 - 2016-09-18 10:41 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-18 09:36 - 2016-09-18 09:41 - 00000992 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-18 09:36 - 2016-09-18 09:36 - 00003992 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-18 09:36 - 2016-09-18 09:36 - 00003740 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-18 09:36 - 2016-09-18 09:36 - 00002265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-18 09:36 - 2016-09-18 09:36 - 00002253 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-18 09:36 - 2016-09-18 09:36 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-17 02:15 - 2016-09-17 02:20 - 00001456 _____ C:\Users\Maria\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-09-17 01:57 - 2016-09-17 01:57 - 00000000 ____D C:\Users\Maria\Documents\Adobe
2016-09-16 10:11 - 2016-09-16 10:11 - 00017007 _____ C:\Users\Maria\Downloads\Fucking The Feds (22.04.2016) 1080p (Rachel Starr & Charles Dera & Keiran Lee).mp4.torrent
2016-09-15 23:18 - 2016-09-15 23:18 - 00016731 _____ C:\Users\Maria\Downloads\Dead.Rising.Endgame.2016.WEBRip.x264.AAC-WAR.torrent
2016-09-15 23:16 - 2016-09-15 23:16 - 00014898 _____ C:\Users\Maria\Downloads\Dead.Rising.Endgame.2016.HDRip.XviD.AC3-EVO.torrent
2016-09-15 23:16 - 2016-09-15 23:16 - 00014898 _____ C:\Users\Maria\Downloads\Dead.Rising.Endgame.2016.HDRip.XviD.AC3-EVO (1).torrent
2016-09-14 22:18 - 2016-09-01 22:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-14 22:18 - 2016-09-01 21:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-14 22:18 - 2016-09-01 06:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-14 22:18 - 2016-09-01 06:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-14 22:18 - 2016-09-01 05:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-14 22:18 - 2016-09-01 05:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-14 22:18 - 2016-09-01 05:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-14 22:18 - 2016-09-01 05:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-14 22:18 - 2016-09-01 05:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-14 22:18 - 2016-09-01 05:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-14 22:18 - 2016-09-01 05:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-14 22:18 - 2016-09-01 05:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-14 22:18 - 2016-09-01 05:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-14 22:18 - 2016-09-01 05:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-14 22:18 - 2016-09-01 05:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-14 22:18 - 2016-09-01 05:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-14 22:18 - 2016-09-01 05:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-14 22:18 - 2016-09-01 04:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-14 22:18 - 2016-09-01 04:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-14 22:18 - 2016-09-01 04:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-14 22:18 - 2016-09-01 04:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-14 22:18 - 2016-09-01 04:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-14 22:18 - 2016-09-01 04:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-14 22:18 - 2016-09-01 04:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-14 22:18 - 2016-09-01 04:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-14 22:18 - 2016-09-01 04:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-14 22:18 - 2016-09-01 04:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-14 22:18 - 2016-09-01 04:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-14 22:18 - 2016-09-01 04:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-14 22:18 - 2016-09-01 03:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-14 22:18 - 2016-09-01 03:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-14 22:18 - 2016-09-01 03:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-14 22:18 - 2016-09-01 03:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-14 22:18 - 2016-09-01 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-14 22:18 - 2016-09-01 03:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-14 22:18 - 2016-09-01 03:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-14 22:18 - 2016-09-01 03:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-14 22:18 - 2016-09-01 03:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-14 22:18 - 2016-09-01 03:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-14 22:18 - 2016-09-01 03:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-14 22:18 - 2016-09-01 03:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-14 22:18 - 2016-09-01 03:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-14 22:18 - 2016-09-01 03:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-14 22:18 - 2016-09-01 03:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-14 22:18 - 2016-09-01 03:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-14 22:18 - 2016-09-01 03:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-14 22:18 - 2016-09-01 03:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-14 22:18 - 2016-09-01 03:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-14 22:18 - 2016-09-01 03:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-14 22:18 - 2016-09-01 03:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-14 22:18 - 2016-09-01 02:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-14 22:18 - 2016-09-01 02:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-14 22:18 - 2016-09-01 02:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-14 22:18 - 2016-09-01 02:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-14 22:18 - 2016-09-01 02:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-14 22:18 - 2016-09-01 02:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-14 22:18 - 2016-09-01 02:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-14 22:18 - 2016-09-01 02:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-14 22:18 - 2016-09-01 02:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-14 22:18 - 2016-09-01 02:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-14 22:18 - 2016-09-01 02:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-14 22:18 - 2016-09-01 02:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-14 22:18 - 2016-09-01 02:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-14 22:18 - 2016-09-01 02:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-14 22:18 - 2016-09-01 01:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-14 22:18 - 2016-09-01 01:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-14 22:18 - 2016-08-16 20:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-14 22:18 - 2016-08-16 05:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-14 22:18 - 2016-08-16 05:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-14 22:18 - 2016-08-12 19:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-14 22:18 - 2016-08-12 19:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-14 22:18 - 2016-08-12 19:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-14 22:17 - 2016-09-02 18:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-14 22:17 - 2016-09-02 18:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-14 22:17 - 2016-09-02 18:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-14 22:17 - 2016-09-02 18:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-14 22:17 - 2016-09-02 18:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-14 22:17 - 2016-09-02 18:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-14 22:17 - 2016-09-02 18:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-14 22:17 - 2016-09-02 18:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-14 22:17 - 2016-09-02 18:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-14 22:17 - 2016-09-02 18:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-14 22:17 - 2016-09-02 18:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-14 22:17 - 2016-09-02 18:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-14 22:17 - 2016-09-02 18:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-14 22:17 - 2016-09-02 18:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-14 22:17 - 2016-09-02 18:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-14 22:17 - 2016-09-02 18:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-14 22:17 - 2016-09-02 18:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 18:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-14 22:17 - 2016-09-02 18:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-14 22:17 - 2016-09-02 18:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-14 22:17 - 2016-09-02 17:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-14 22:17 - 2016-09-02 17:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-14 22:17 - 2016-09-02 17:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-14 22:17 - 2016-09-02 17:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-14 22:17 - 2016-09-02 17:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-14 22:17 - 2016-09-02 17:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-14 22:17 - 2016-09-02 17:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-14 22:17 - 2016-09-02 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-14 22:17 - 2016-09-02 17:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-14 22:17 - 2016-09-02 17:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-14 22:17 - 2016-09-02 17:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 22:17 - 2016-09-02 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-14 22:17 - 2016-06-06 19:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-14 22:17 - 2016-06-06 19:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-14 22:17 - 2016-06-06 19:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-14 22:17 - 2016-06-06 19:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-14 22:17 - 2016-06-06 18:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-14 22:17 - 2016-06-06 18:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-14 22:17 - 2016-06-06 18:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-09-14 22:17 - 2016-06-06 18:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-09-14 22:17 - 2016-05-14 01:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-14 22:17 - 2016-05-14 01:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-14 22:17 - 2016-05-14 01:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-14 22:17 - 2016-05-14 01:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-09-14 22:17 - 2016-05-14 00:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-14 22:17 - 2016-05-14 00:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-14 22:17 - 2016-05-14 00:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-14 22:17 - 2016-05-14 00:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-14 22:17 - 2016-05-14 00:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-09-14 22:17 - 2016-05-14 00:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-09-14 22:17 - 2016-05-14 00:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-09-14 22:17 - 2016-05-14 00:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-09-14 22:17 - 2016-05-14 00:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-09-14 22:17 - 2016-05-14 00:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-09-14 22:17 - 2016-05-14 00:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-09-14 22:17 - 2016-05-14 00:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-09-14 22:17 - 2016-05-12 20:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-09-14 22:17 - 2016-05-12 18:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-09-14 22:17 - 2016-05-12 18:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-09-14 22:17 - 2016-05-04 20:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-09-14 22:17 - 2016-05-04 20:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-09-14 22:17 - 2016-05-04 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-09-14 22:17 - 2016-05-04 20:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-14 22:17 - 2016-05-04 20:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-09-14 22:17 - 2016-05-04 20:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-14 22:17 - 2016-05-04 20:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-09-14 22:17 - 2016-05-04 18:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-09-14 22:17 - 2016-05-04 17:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-09-14 22:16 - 2016-09-02 18:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-14 22:16 - 2016-09-02 18:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-14 22:16 - 2016-09-02 18:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-14 22:16 - 2016-09-02 18:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-14 22:16 - 2016-09-02 18:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-14 22:16 - 2016-09-02 18:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-14 22:16 - 2016-09-02 18:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-14 22:16 - 2016-09-02 18:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-14 22:16 - 2016-09-02 18:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-14 22:16 - 2016-09-02 18:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-14 22:16 - 2016-09-02 18:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-14 22:16 - 2016-09-02 18:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-14 22:16 - 2016-09-02 18:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-14 22:16 - 2016-09-02 18:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-14 22:16 - 2016-09-02 18:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-14 22:16 - 2016-09-02 18:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-14 22:16 - 2016-09-02 18:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-14 22:16 - 2016-09-02 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-14 22:16 - 2016-09-02 17:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-14 22:16 - 2016-09-02 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-14 22:16 - 2016-08-06 18:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-14 22:16 - 2016-08-06 18:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-14 22:16 - 2016-07-07 18:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-14 22:16 - 2016-07-07 18:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-14 22:16 - 2016-07-07 18:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-14 22:16 - 2016-07-07 18:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-09-14 22:16 - 2016-07-01 18:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-14 22:16 - 2016-07-01 18:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-09-14 22:16 - 2016-07-01 18:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-14 22:16 - 2016-07-01 18:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-09-14 22:16 - 2016-05-04 20:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-09-14 22:16 - 2016-05-04 20:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-09-14 22:16 - 2016-05-04 20:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-09-14 22:00 - 2016-09-14 22:00 - 00010936 _____ C:\Users\Maria\Downloads\Dead.Rising.Watchtowe.2015.576p.BRRip.x264.DUAL-SiSO.torrent
2016-09-14 08:45 - 2016-09-14 08:45 - 00019535 _____ C:\Users\Maria\Downloads\[CFNMSecret] Dylan Daniels, Gabriella Ford, Liza Rowe, Jojo Kiss [Game of Cocks].torrent
2016-09-13 21:10 - 2016-09-13 21:10 - 00655568 _____ C:\Users\Maria\Downloads\Warcraft.2016.1080p.BluRay.x264-SPARKS.torrent
2016-09-12 09:41 - 2016-09-12 09:41 - 00015782 _____ C:\Users\Maria\Downloads\Marc Dorcel -  Novice Lawyer.torrent
2016-09-12 09:40 - 2016-09-12 09:40 - 00011719 _____ C:\Users\Maria\Downloads\RealityJunkies - Trisha Parks - DP Touchdown.torrent
2016-09-11 17:37 - 2016-09-12 16:49 - 00002499 _____ C:\Users\Maria\Desktop\vip extri d2.txt
2016-09-11 13:22 - 2016-09-11 13:22 - 00016663 _____ C:\Users\Maria\Downloads\BrazzersExxtra - Elsa Jean, Riley Reid (Licking Locked Up).torrent
2016-09-11 13:22 - 2016-09-11 13:22 - 00011603 _____ C:\Users\Maria\Downloads\BangBrosClips - Jillian Janson.torrent
2016-09-10 21:42 - 2016-09-10 21:42 - 00011840 _____ C:\Users\Maria\Downloads\The.Haunting.In.Connecticut.2009.EXTENDED.720p.BRRip.XviD.AC3-ViSiON.torrent
2016-09-10 21:38 - 2016-09-10 21:38 - 00034362 _____ C:\Users\Maria\Downloads\The.Pyramid.2014.1080p.BluRay.x264-GECKOS (1).torrent
2016-09-10 21:37 - 2016-09-10 21:37 - 00034362 _____ C:\Users\Maria\Downloads\The.Pyramid.2014.1080p.BluRay.x264-GECKOS.torrent
2016-09-09 11:23 - 2007-01-18 17:35 - 00000000 ____D C:\Program Files\cs1.6
2016-09-08 22:20 - 2016-09-08 22:20 - 00014819 _____ C:\Users\Maria\Downloads\Poltergeist.SCR.x265-WARHD.torrent
2016-09-08 21:42 - 2016-09-08 21:42 - 00013710 _____ C:\Users\Maria\Downloads\Poltergeist.2015.EXTENDED.720p.x265-WAR.torrent
2016-09-08 21:41 - 2016-09-08 21:41 - 00014468 _____ C:\Users\Maria\Downloads\Poltergeist.2015.EXTENDED.BRRip.XViD.AC3-ETRG.torrent
2016-09-08 21:40 - 2016-09-08 21:40 - 00013263 _____ C:\Users\Maria\Downloads\Poltergeist.2015.Extended.BDRip.XviD-WAR.torrent
2016-09-06 21:21 - 2016-09-06 21:21 - 00021908 _____ C:\Users\Maria\Downloads\The.Darkness.2016.720p.BluRay.x264.DTS-WAR.torrent
2016-09-06 20:06 - 2016-09-06 20:18 - 00000000 ____D C:\Users\Maria\Desktop\CHISTA Platforma ReHLDS
2016-09-06 10:24 - 2016-09-06 10:24 - 00010478 _____ C:\Users\Maria\Downloads\Boxtrucksex - Lien Parker .torrent
2016-09-06 10:22 - 2016-09-06 10:22 - 00011341 _____ C:\Users\Maria\Downloads\Boxtrucksex - Candee Licious.torrent
2016-09-05 11:10 - 2016-09-05 11:10 - 00013071 _____ C:\Users\Maria\Downloads\All Asian.torrent
2016-09-05 11:09 - 2016-09-05 11:09 - 00162552 _____ C:\Users\Maria\Downloads\Russian Institute 22 - Medical Exam.torrent
2016-09-05 11:08 - 2016-09-05 11:08 - 00011209 _____ C:\Users\Maria\Downloads\xart.16.09.03.jillian.janson.and.blake.eden.the.pussy.cat.burglar.torrent
2016-09-03 11:12 - 2016-09-03 11:12 - 00011752 _____ C:\Users\Maria\Downloads\ExxxtraSmall - Gabriella Ford - Gabriella Gets What She Wants.torrent
2016-09-03 11:11 - 2016-09-03 11:11 - 00045660 _____ C:\Users\Maria\Downloads\DARE DORM - Raver Party - College Teen Sex Orgy.torrent
2016-09-01 09:41 - 2016-09-01 09:41 - 00015477 _____ C:\Users\Maria\Downloads\[DoctorAdventures] Kelsi Monroe NEW 2016 XXX.torrent
2016-09-01 09:41 - 2016-09-01 09:41 - 00010552 _____ C:\Users\Maria\Downloads\RKPrime.Nekane.Penis.Games.XXX.28.08.2016.MP4-xET.torrent
2016-08-30 12:28 - 2016-08-30 12:28 - 00000290 _____ C:\Users\Maria\cancel_body.html
2016-08-30 02:13 - 2016-08-30 02:13 - 00005520 _____ C:\Users\Maria\common.php
2016-08-27 17:22 - 2016-09-10 22:34 - 00000000 ____D C:\Users\Maria\Desktop\stoicho  music NEW
2016-08-27 03:11 - 2016-08-27 03:11 - 00000000 ___RD C:\Users\Maria\OneDrive
2016-08-27 03:11 - 2016-08-27 03:11 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2016-08-27 03:09 - 2016-08-27 03:09 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-26 14:31 - 2016-08-26 14:32 - 06662856 _____ (Tim Kosse) C:\Users\Maria\Downloads\FileZilla_3.21.0_win64-setup.exe
2016-08-24 02:09 - 2016-08-24 02:09 - 00000565 _____ C:\Users\Maria\admin_notify_duplicates.txt
2016-08-23 16:07 - 2016-08-23 16:08 - 00000000 ____D C:\Users\Maria\AppData\Local\Viber
2016-08-18 01:33 - 2016-09-10 00:59 - 00000865 _____ C:\Users\Maria\Desktop\cs1.6.lnk
2016-08-18 01:29 - 2007-01-18 17:35 - 00000000 ____D C:\Program Files (x86)\cs1.6
2016-08-17 22:34 - 2016-08-18 01:07 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-08-17 14:48 - 2016-08-17 14:48 - 00000908 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
2016-08-17 14:45 - 2016-08-17 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2016-08-17 14:45 - 2016-08-17 14:48 - 00000000 ____D C:\Program Files\TAP-Windows
2016-08-17 14:45 - 2016-08-17 14:48 - 00000000 ____D C:\Program Files\OpenVPN
2016-08-17 14:45 - 2016-08-17 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-08-17 11:50 - 2016-07-08 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-17 11:50 - 2016-07-08 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-13 18:57 - 2016-08-13 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2016-08-05 10:36 - 2016-08-05 10:36 - 06647784 _____ (Tim Kosse) C:\Users\Maria\Downloads\FileZilla_3.20.1_win64-setup.exe
2016-07-24 15:53 - 2016-09-17 22:47 - 00000000 ____D C:\Users\Maria\Documents\Outlook Files
2016-07-20 00:23 - 2016-07-20 00:23 - 00000000 ____D C:\Windows\EOONotify
2016-07-16 19:54 - 2016-08-10 14:22 - 00001858 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-07-14 18:05 - 2016-07-14 18:05 - 08156072 _____ (TeamViewer GmbH) C:\Users\Maria\Desktop\TeamViewer_Setup.exe
2016-07-14 11:17 - 2016-06-26 03:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-14 11:17 - 2016-06-26 03:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-14 11:17 - 2016-06-26 03:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-14 11:17 - 2016-06-26 03:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-14 11:17 - 2016-06-26 03:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-14 11:17 - 2016-06-26 03:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-14 11:17 - 2016-06-26 03:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-14 11:17 - 2016-06-25 22:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-14 11:17 - 2016-06-25 22:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-14 11:17 - 2016-06-25 22:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-14 11:17 - 2016-06-25 22:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-14 11:17 - 2016-06-25 22:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-14 11:17 - 2016-06-22 16:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-14 11:17 - 2016-06-17 21:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-14 11:17 - 2016-06-17 21:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-14 11:17 - 2016-06-17 21:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-14 11:17 - 2016-06-17 21:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-14 11:17 - 2016-06-17 21:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-14 11:17 - 2016-06-17 21:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-04 23:17 - 2016-07-04 23:18 - 06569088 _____ (Tim Kosse) C:\Users\Maria\Downloads\FileZilla_3.19.0_win64-setup.exe
2016-06-24 22:26 - 2016-06-24 22:26 - 17061922 _____ C:\Users\Maria\Downloads\fizioterapiq2015.2016.pdf
2016-06-24 22:26 - 2016-06-24 22:26 - 05478111 _____ C:\Users\Maria\Downloads\oshte.fizioterapiq 2015.2016.pdf
2016-06-24 17:45 - 2016-06-24 17:45 - 04977231 _____ C:\Users\Maria\Downloads\protokol IOS 2016.pdf

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-18 10:49 - 2013-12-08 20:23 - 00000000 ____D C:\Users\Maria\AppData\Roaming\Skype
2016-09-18 10:42 - 2014-02-23 18:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-18 09:37 - 2009-07-14 07:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-18 09:37 - 2009-07-14 07:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-18 09:33 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-09-18 09:23 - 2015-08-24 01:28 - 00000000 ____D C:\Users\Maria\AppData\Roaming\ViberPC
2016-09-18 09:21 - 2013-12-08 00:06 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-18 09:21 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-18 01:07 - 2013-12-08 22:22 - 00000000 ____D C:\Users\Maria\AppData\Local\Mirillis
2016-09-17 23:46 - 2013-12-08 20:33 - 00000000 ____D C:\Users\Maria\AppData\Local\Google
2016-09-17 22:42 - 2014-12-28 22:29 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-17 22:33 - 2014-05-15 19:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-17 19:20 - 2015-08-24 01:29 - 00000000 ____D C:\Users\Maria\Documents\ViberDownloads
2016-09-17 13:27 - 2016-02-23 00:34 - 00000000 ____D C:\Users\Maria\AppData\Local\CrashDumps
2016-09-17 13:27 - 2016-02-13 11:09 - 00000000 ____D C:\Users\Maria\AppData\Roaming\FileZilla
2016-09-17 13:27 - 2013-12-08 22:24 - 00000000 ____D C:\Users\Maria\AppData\Roaming\uTorrent
2016-09-17 13:27 - 2013-12-08 20:28 - 00000000 ____D C:\Users\Maria\AppData\Roaming\AIMP3
2016-09-17 02:16 - 2015-02-10 19:50 - 00000132 _____ C:\Users\Maria\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-09-17 01:57 - 2013-12-08 06:58 - 00000000 ____D C:\Users\Maria\AppData\Roaming\Adobe
2016-09-17 01:26 - 2014-02-24 17:56 - 00000132 _____ C:\Users\Maria\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-09-15 23:28 - 2016-02-13 16:56 - 00000000 ____D C:\Users\Maria\Desktop\stoicho
2016-09-15 10:36 - 2009-07-14 08:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-15 10:29 - 2009-07-14 07:45 - 00422584 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-15 02:40 - 2014-01-19 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-15 02:39 - 2014-01-19 15:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-15 02:39 - 2014-01-19 15:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-15 02:37 - 2013-12-08 00:33 - 00000000 ____D C:\Windows\system32\MRT
2016-09-15 02:29 - 2013-12-08 00:33 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-13 21:42 - 2014-02-23 18:42 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-13 21:42 - 2014-02-23 18:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-13 21:42 - 2014-02-23 18:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-13 21:42 - 2014-02-23 18:42 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-13 21:42 - 2014-02-18 20:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-13 21:27 - 2016-06-04 16:02 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-07 00:12 - 2014-12-02 22:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-09-07 00:12 - 2013-12-08 20:23 - 00000000 ____D C:\ProgramData\Skype
2016-08-31 20:09 - 2016-03-06 22:21 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2016-08-30 21:20 - 2015-01-20 00:33 - 00000000 ____D C:\Users\Maria\Documents\Youcam
2016-08-30 12:28 - 2013-12-07 21:19 - 00000000 ____D C:\Users\Maria

==================== Files in the root of some directories =======

2015-01-14 22:16 - 2015-01-14 22:16 - 0000132 _____ () C:\Users\Maria\AppData\Roaming\Adobe BMP Format CS6 Prefs
2015-02-10 19:50 - 2016-09-17 02:16 - 0000132 _____ () C:\Users\Maria\AppData\Roaming\Adobe GIF Format CS6 Prefs
2014-02-24 17:56 - 2016-09-17 01:26 - 0000132 _____ () C:\Users\Maria\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-09-17 02:15 - 2016-09-17 02:20 - 0001456 _____ () C:\Users\Maria\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-05-28 19:30 - 2014-05-28 19:30 - 0004608 _____ () C:\Users\Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-08 15:02 - 2013-12-08 15:02 - 0001716 _____ () C:\Users\Maria\AppData\Local\FastClean.20131208.140235.txt
2013-12-08 15:43 - 2013-12-08 15:43 - 0000017 _____ () C:\Users\Maria\AppData\Local\resmon.resmoncfg
2013-12-08 16:07 - 2013-12-08 16:07 - 0017408 _____ () C:\Users\Maria\AppData\Local\WebpageIcons.db
2013-12-07 22:09 - 2013-12-07 22:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {1763d638-00d8-11e1-be2d-f67a1c702b8f}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {1763d636-00d8-11e1-be2d-f67a1c702b8f}
device                  ramdisk=[C:]\Recovery\1763d636-00d8-11e1-be2d-f67a1c702b8f\Winre.wim,{1763d637-00d8-11e1-be2d-f67a1c702b8f}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\1763d636-00d8-11e1-be2d-f67a1c702b8f\Winre.wim,{1763d637-00d8-11e1-be2d-f67a1c702b8f}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {1763d63a-00d8-11e1-be2d-f67a1c702b8f}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {1763d638-00d8-11e1-be2d-f67a1c702b8f}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {1763d63a-00d8-11e1-be2d-f67a1c702b8f}
device                  ramdisk=[C:]\Recovery\1763d63a-00d8-11e1-be2d-f67a1c702b8f\Winre.wim,{1763d63b-00d8-11e1-be2d-f67a1c702b8f}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\1763d63a-00d8-11e1-be2d-f67a1c702b8f\Winre.wim,{1763d63b-00d8-11e1-be2d-f67a1c702b8f}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {1763d638-00d8-11e1-be2d-f67a1c702b8f}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {1763d637-00d8-11e1-be2d-f67a1c702b8f}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\1763d636-00d8-11e1-be2d-f67a1c702b8f\boot.sdi

Device options
--------------
identifier              {1763d63b-00d8-11e1-be2d-f67a1c702b8f}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\1763d63a-00d8-11e1-be2d-f67a1c702b8f\boot.sdi

LastRegBack: 2016-09-15 13:40

==================== End of FRST.txt ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте.

Стъпка 1

  • Деинсталирайте следния софтуер от контролния панел:
Цитат

YTD Video Downloader 5.7.2

Google Chrome

Забележка: При деинсталиране на браузъра Google Chrome, ще загубите отметките, паролите, историята на сърфирането, приставки, теми и други. 

Стъпка 2

Изтеглете: 8864097u.png ADWCleaner.

  • Затворете всички браузъри и стартирайте AdwCleaner.exe.
  • Натиснете бутона SCAN.
  • След като приключи проверката натиснете бутона CLEAN.
  • Програмата ще затвори излишния софтуер и ще започне почистването.
  • След като приключи почистването ADWCleaner ще поиска рестарт. Съгласете се.
  • След зареждането на системата отидете до: C:\AdwCleaner и потърсете лог файл с името AdwCleaner[C1].txt.
  • Публикувайте съдържанието на "AdwCleaner[C0]" в следващия Ви коментар.

 

Стъпка 3

Изтеглете: 8864098w.png JRT.

  • Запазете файла на вашия десктоп.
  • Затворете всички браузъри.
  • Стартирайте JRT.exe.
  • След като се появи съобщението "Press any key to continue . . .". Натиснете което и да е копче от клавиатурата.
  • Програмата ще започне почистването. Не прекъсвайте работата и, и не използвайте системата докато протича почистването.
  • След като приключи почистването ще се отвори лог файл, който се намира на десктопа с име JRT.txt.
  • Копирайте съдържанието му и го поставете към следващия Ви коментар.

 

Стъпка 4

  • Направете нови логове с FRST и ги прикачете към следващия ви коментар.
  • Харесва ми 4

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте! :)

Файл "AdwCleaner[C1]" няма. Има следните файлове "AdwCleaner[C0]" и "AdwCleaner[S0]".
Съдържанието на AdwCleaner[C0] е следното:

# AdwCleaner v6.020 - Дневникът е създаден 18/09/2016 в 13:06:44
# Обновен на 14/09/2016 от ToolsLib
# База данни : 2016-09-17.1 [Сървърна]
# Операционна Система : Windows 7 Home Premium Service Pack 1 (X64)
# Потребителско име : Maria - MARIA-PC
# Изпълнява се от : C:\Users\Maria\Desktop\adwcleaner_6.020.exe
# Режим: Почистване
# Поддръжка : https://toolslib.net/forum

 

***** [ Услуги ] *****

[-] Услугата беше изтрита: swdumon


***** [ Папки ] *****

[-] Папката е изтрита: C:\Users\Maria\AppData\Local\slimware utilities inc
[-] Папката е изтрита: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[-] Папката е изтрита: C:\Users\Public\Documents\Downloaded Installers
[-] Папката е изтрита: C:\Program Files (x86)\DAEMON Tools Toolbar
[-] Папката е изтрита: C:\Program Files (x86)\GreenTree Applications
[-] Папката е изтрита: C:\Program Files (x86)\SlimDrivers


***** [ Файлове ] *****

[-] Файлът е изтрит: C:\Windows\SysNative\drivers\swdumon.sys
[#] Файлът е изтрит: C:\Windows\SysNative\drivers\SWDUMon.sys
[-] Файлът е изтрит: C:\Users\Public\Desktop\SlimDrivers.lnk


***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Преки пътища ] *****

 

***** [ Планирани Задачи ] *****

 

***** [ Регистър ] *****

[-] Ключът беше изтрит: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
[-] Ключът беше изтрит: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
[-] Ключът беше изтрит: HKU\S-1-5-21-1094404268-214187251-904566498-1000\Software\APN PIP
[-] Ключът беше изтрит: HKU\S-1-5-21-1094404268-214187251-904566498-1000\Software\SlimWare Utilities Inc
[-] Ключът беше изтрит: HKU\S-1-5-21-1094404268-214187251-904566498-1000\Software\WIN
[#] Ключът беше изтрит по време на рестартиране: HKCU\Software\APN PIP
[#] Ключът беше изтрит по време на рестартиране: HKCU\Software\SlimWare Utilities Inc
[#] Ключът беше изтрит по време на рестартиране: HKCU\Software\WIN
[-] Ключът беше изтрит: HKLM\SOFTWARE\SlimWare Utilities Inc
[#] Ключът беше изтрит по време на рестартиране: [x64] HKCU\Software\APN PIP
[#] Ключът беше изтрит по време на рестартиране: [x64] HKCU\Software\SlimWare Utilities Inc
[#] Ключът беше изтрит по време на рестартиране: [x64] HKCU\Software\WIN


***** [ Интернет Браузъри ] *****

 

*************************

:: "Tracing" ключовете бяха изтрити
:: Winsock настройките бяха изчистени

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3220 Байта] - [18/09/2016 13:06:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [3342 Байта] - [18/09/2016 13:02:43]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3376 Байта] ##########


Съдържанието на AdwCleaner[S0] е следното:

# AdwCleaner v6.020 - Дневникът е създаден 18/09/2016 в 13:02:43
# Обновен на 14/09/2016 от ToolsLib
# База данни : 2016-09-17.1 [Сървърна]
# Операционна Система : Windows 7 Home Premium Service Pack 1 (X64)
# Потребителско име : Maria - MARIA-PC
# Изпълнява се от : C:\Users\Maria\Desktop\adwcleaner_6.020.exe
# Режим: Сканиране
# Поддръжка : https://toolslib.net/forum

 

***** [ Услуги ] *****

Открита е услуга: swdumon


***** [ Папки ] *****

Открита е папка: C:\Users\Maria\AppData\Local\slimware utilities inc
Открита е папка: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
Открита е папка: C:\Users\Public\Documents\Downloaded Installers
Открита е папка: C:\Program Files (x86)\DAEMON Tools Toolbar
Открита е папка: C:\Program Files (x86)\GreenTree Applications
Открита е папка: C:\Program Files (x86)\SlimDrivers


***** [ Файлове ] *****

Открит е файл: C:\Windows\SysNative\drivers\swdumon.sys
Открит е файл: C:\Windows\SysNative\drivers\SWDUMon.sys
Открит е файл: C:\Users\Public\Desktop\SlimDrivers.lnk


***** [ DLL ] *****

Зловредни DLL библиотеки не бяха намерени.


***** [ WMI ] *****

Зловредни ключове в регистъра не бяха намерени.


***** [ Преки пътища ] *****

Не бяха намерени инфектирани преки пътища.


***** [ Планирани Задачи ] *****

Не бяха намерени злонамерени планирани задачи.


***** [ Регистър ] *****

Открит е ключ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Открит е ключ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Открит е ключ: HKU\S-1-5-21-1094404268-214187251-904566498-1000\Software\APN PIP
Открит е ключ: HKU\S-1-5-21-1094404268-214187251-904566498-1000\Software\SlimWare Utilities Inc
Открит е ключ: HKU\S-1-5-21-1094404268-214187251-904566498-1000\Software\WIN
Открит е ключ: HKCU\Software\APN PIP
Открит е ключ: HKCU\Software\SlimWare Utilities Inc
Открит е ключ: HKCU\Software\WIN
Открит е ключ: HKLM\SOFTWARE\SlimWare Utilities Inc
Открит е ключ: [x64] HKCU\Software\APN PIP
Открит е ключ: [x64] HKCU\Software\SlimWare Utilities Inc
Открит е ключ: [x64] HKCU\Software\WIN


***** [ Интернет браузъри ] *****

Зловредни настройки във всички Firefox базирани интернет браузъри не бяха намерени.
Зловредни настройки във всички Chrome базирани интернет браузъри не бяха намерени.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [3168 Байта] - [18/09/2016 13:02:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3246 Байта] #########


JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64
Ran by Maria (Administrator) on ­Ґ¤ 18.09.2016 Ј. at 13:16:07,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 16

Failed to delete: C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CH3JT17 (Temporary Internet Files Folder)
Failed to delete: C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPE3WCGQ (Temporary Internet Files Folder)
Failed to delete: C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ST1O0FSB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCF8LMAW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CH3JT17 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPE3WCGQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ST1O0FSB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCF8LMAW (Temporary Internet Files Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ­Ґ¤ 18.09.2016 Ј. at 13:19:40,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Addition.txt

FRST.txt

Редактирано от Stoicho.k7 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Прикачете следните файлове за сканиране във https://www.virustotal.com/bg/ и дайте линк към сканирането.

Цитат

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\Launch Manager\WisLMSvc.exe

C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe

C:\Windows\System32\DRIVERS\wtsmpadap.sys

C:\Windows\System32\DRIVERS\wtsmpflt.sys

Забележка: Някои от файловете може да са скрити!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 39 минути, Stoicho.k7 написа:

Тези са скрити, как мога да ги видя и кача за сканиране?:

C:\Windows\System32\DRIVERS\wtsmpadap.sys
C:\Windows\System32\DRIVERS\wtsmpflt.sys

Сега ми показва скритите файлове и папки, но тези 2 файла, ги няма, не мога да ги видя/намеря..

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стъпка 1

Изтеглете файла fixlist и го запазете на вашия десктоп.

  • Стартирайте FRST.exe и натиснете бутона FIX веднъж!
  • Почистването ще започне, не използвайте системата!
  • След като приключи, ако ви поиска рестартиране, съгласете се.
  • След като зареди системата публикувайте лог файла с име fixlog.txt, който се намира на десктопа Ви.

Забележка: Текущия фикс да не се използва на други системи!

 

Стъпка 2

Изтеглете: 8864095R.jpg Malwarebytes Anti-Malware.

  • Стартирайте инсталационния файл и следвайте съветника за инсталация.
  • Преди края на инсталацията премахнете отметката от: "Enable free trial of Malwarebytes Anti-Malware Premium" и се уверете че има отметка пред "Launch Malwarebytes Anti-Malware".
  • Отидете до табът Settings => Detection and Protection => сложете отметка на "Scan for rootkits".
  • Отидете до табът Dashboard => натиснете бутона "SCAN NOW".
  • Програмата автоматично ще провери за актуализации и ще започне сканирането.

Забележка: Ако видите съобщението "Could not load DDA driver" натиснете бутона "YES". След което разрешете на системата да се рестартира.

  • След като проверката приключи натиснете бутона "Apply Actions".
  • Системата ще поиска рестарт, съгласете се.
  • След като системата зареди MBAB ще зареди.
  • Отидете до табът History => Applications Logs.
  • Потърсете лог с име "SCAN LOG" с последната дата и час и натиснете върху него.
  • Натиснете бутона EXPORT => Copy to Clipboard.
  • Поставете съдържанието на лога с клавишната комбинация CTRL+V към следващия Ви коментар.

 

Стъпка 3

Изтеглете: 8864024K.jpgEmsissoft Emergency Kit

  • Стартирайте файла и посочете къде да се разархивира програмата - например в (C:\EEK), натискайки бутона Extract.
  • Стартирайте файла Start Emsisoft Emergency Kit от десктопа за да стартирате програмата.
  • Натиснете бутона "Yes", когато бъдете подканени да обновите дефинициите на програмата.
  • След като обновяването на дефинициите приключи натиснете бутона "Scan".
  • Програмата ще Ви попита дали искате да включите засичането на Potentially Unwanted Applications,  натиснете бутона "Yes".
  • Натиснете бутона "Custom Scan". Премахнете от списъка оставете само дял C:\.
  • Натиснете "Next" за да започне проверката.
  • Когато проверката приключи натиснете бутона "View Report".
  • Копирайте съдържанието на лог файла в следващия Ви коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Emsisoft Emergency Kit
 

Emsisoft Emergency Kit - Version 11.9
Last update: 19.9.2016 г. 11:32:20
User account: Maria-PC\Maria
Computer name: MARIA-PC
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    19.9.2016 г. 11:34:22
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP     detected: Application.Win32.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP     detected: Application.Win32.InstallAd (A)
C:\Program Files (x86)\Photoshop\Check.exe     detected: Gen:Variant.Graftor.7067 (B)
C:\Program Files (x86)\Photoshop\x64\Check.exe     detected: Gen:Variant.Graftor.7067 (B)

Scanned    409208
Found    4

Scan end:    19.9.2016 г. 13:51:10
Scan time:    2:16:48

 

Fixlog.txt

logmalwar.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изтеглете и инсталирайте Google Chrome от тук.

Към него(Chrome) е препоръчително да инсталирате следните добавки:

И пишете какво е положението до тук.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ми няма разлика, но днес видях, че и на компютъра в офиса е същото.. Явно е може би след някакъв UPDATE, който е станал горе-долу по едно и също време с открадването на профила и аз съм си помислил, че има нещо общо.

Както и да е.
Ще сканираме/поправяме ли нещо още? Чист ли е лаптопа вече?
:)

Редактирано от Stoicho.k7 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Чист е.

За да премахнем инструментите, с които почиствахме системата:

Изтеглете: 8864064T.png Delfix.

  • Стартирайте Delfix.exе.
  • По подразбиране трябва да има 2 отметки на "Remove disinfection tools" и "Purge system restore ". Ако липсват, ги сложете.
  • Натиснете бутона "Run". 
  • Инструмента ще се самоизтрие след като приключи своята задача.
  • Изтрийте лог файла от Delfix.
  • Ако има останали програми, които сме използвали и не са се изтрили, ги изтрийте ръчно.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход


  • Горещи теми в момента

  • Подобни теми

    • от Васил Джамбазов
      Както казва заглавието когато влизам в различни страници и трябва да ми излезе това captcha дето проверавя дали съм робот но не ми излиза нищо. Или само си върти или напълно нищо не показва. Пробвал съм със 4 различни браузъри и наквсякъде е същото. Рових в нета сумати време и нищо не ми помага. Де-инсталирах антивирусна, махах всички екстенжъни на браузърите и няма резултат. Мисля че проблема ми е в самия компютър някъде.  
      - Не разполагам с компакт диск за ОС. 
       
       
      Addition.txt
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
      Ran by userr (administrator) on USERR-PC (24-12-2017 01:13:05)
      Running from E:\scoped_dir3952_30355
      Loaded Profiles: userr (Available Profiles: userr)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Bulgarian (Bulgaria)
      Internet Explorer Version 11 (Default browser: Opera)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
      (Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      () C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      () C:\Windows\SysWOW64\PnkBstrA.exe
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
      () C:\Program Files (x86)\qBittorrent\qbittorrent.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Gaijin Entertainment) C:\Users\userr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
      (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
      HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
      HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-23] (AVAST Software)
      HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
      HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2014-01-30] (ABBYY Production LLC.)
      HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2016-03-03] ()
      HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "D:\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [15377920 2014-04-29] ()
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [Gaijin.Net Agent] => C:\Users\userr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2268232 2017-11-01] (Gaijin Entertainment)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\MountPoints2: {87819dae-0c57-11e4-9eea-d050991a0dfa} - G:\setup.exe
      AppInit_DLLs: C:\Users\userr\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => No File
      IFEO\bitguard.exe: [Debugger] tasklist.exe
      IFEO\bprotect.exe: [Debugger] tasklist.exe
      IFEO\bpsvc.exe: [Debugger] tasklist.exe
      IFEO\browserdefender.exe: [Debugger] tasklist.exe
      IFEO\browserprotect.exe: [Debugger] tasklist.exe
      IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
      IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
      IFEO\jumpflip: [Debugger] tasklist.exe
      IFEO\protectedsearch.exe: [Debugger] tasklist.exe
      IFEO\searchinstaller.exe: [Debugger] tasklist.exe
      IFEO\searchprotection.exe: [Debugger] tasklist.exe
      IFEO\searchprotector.exe: [Debugger] tasklist.exe
      IFEO\searchsettings.exe: [Debugger] tasklist.exe
      IFEO\searchsettings64.exe: [Debugger] tasklist.exe
      IFEO\snapdo.exe: [Debugger] tasklist.exe
      IFEO\stinst32.exe: [Debugger] tasklist.exe
      IFEO\stinst64.exe: [Debugger] tasklist.exe
      IFEO\umbrella.exe: [Debugger] tasklist.exe
      IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
      IFEO\volaro: [Debugger] tasklist.exe
      IFEO\vonteera: [Debugger] tasklist.exe
      IFEO\websteroids.exe: [Debugger] tasklist.exe
      IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
      Startup: C:\Users\userr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Изрязване на екран и стартиране на OneNote 2010.lnk [2017-04-19]
      ShortcutTarget: Изрязване на екран и стартиране на OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      AutoConfigURL: [S-1-5-21-845983760-1135253478-3104952537-1000] => hxxp://un-stop.net/wpad.dat?c88dfa84e125e454a786d466e2e3db8a7686672
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
      Tcpip\..\Interfaces\{5650381A-159B-4673-BC63-260706D9F749}: [DhcpNameServer] 192.168.100.1
      ManualProxies: 0hxxp://un-stop.net/wpad.dat?c88dfa84e125e454a786d466e2e3db8a7686672
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1431722435&z=60bd0491cc64661fd12a8edg0zcc0g3m0oeo1zbcat&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13800&tm=449&src=ds&p={searchTerms}
      SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13800&tm=449&src=ds&p={searchTerms}
      SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-15] (Oracle Corporation)
      BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-12-23] (AVAST Software)
      BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
      BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-15] (Oracle Corporation)
      BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-15] (Oracle Corporation)
      BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-12-23] (AVAST Software)
      BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-15] (Oracle Corporation)
      StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1431722400&z=cc566e9454f28cf2ca26295g0z7cdgamco6odz3eec&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX
      FireFox:
      ========
      FF ProfilePath: C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default [2017-12-24]
      FF user.js: detected! => C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\user.js [2016-03-15]
      FF Extension: (Avast SafePrice) - C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\Extensions\sp@avast.com.xpi [2017-12-23]
      FF Extension: (Avast Online Security) - C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\Extensions\wrc@avast.com.xpi [2017-12-23]
      FF SearchPlugin: C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\searchplugins\default-search.xml [2014-08-24]
      FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-15] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-15] (Oracle Corporation)
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-12-05] (Adobe Systems, Inc.)
      FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-15] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-15] (Oracle Corporation)
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-01] (NVIDIA Corporation)
      FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-01] (NVIDIA Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR Profile: C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default [2017-12-24]
      CHR Extension: (Assassin's Creed IV Black Flag) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibflpbghgmiinfaefgnldmfajdance [2017-06-01]
      CHR Extension: (Docs) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-19]
      CHR Extension: (YouTube) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-20]
      CHR Extension: (Google Docs Offline) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
      CHR Extension: (Gmail) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-19]
      CHR Extension: (Chrome Media Router) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\userr\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [2014-08-24]
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      Opera: 
      =======
      OPR Extension: (Adblock Plus) - C:\Users\userr\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-09-29]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC)
      S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-23] (AVAST Software)
      R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2015-09-25] (Autodesk) [File not signed]
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-23] (AVAST Software)
      S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-01-26] (BitRaider, LLC)
      S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6532664 2016-08-06] (GOG.com)
      S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
      R2 mi-raysat_3dsMax2009_64; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [65536 2008-03-09] () [File not signed]
      S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4121080 2011-06-13] (INCA Internet Co., Ltd.) [File not signed]
      R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
      S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
      R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-04-01] (NVIDIA Corporation)
      R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
      R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-24] ()
      S3 TunngleService; D:\Tunngle\TnglCtrl.exe [809424 2015-10-27] (Tunngle.net GmbH) [File not signed]
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      S2 Ds3Service; "D:\Downloads\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe" [X]
      S3 GalaxyClientService; "C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe" [X]
      S2 Hamachi2Svc; "D:\LogMeIn Hamachi\x64\hamachi-2.exe" -s [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2017-12-23] (AVAST Software)
      S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2017-12-23] (AVAST Software)
      S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2017-12-23] (AVAST Software)
      S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2017-12-23] (AVAST Software)
      S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2017-12-23] (AVAST Software)
      R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2017-12-23] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2017-12-23] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146664 2017-12-23] (AVAST Software)
      S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2017-12-23] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2017-12-23] (AVAST Software)
      S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2017-12-23] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457400 2017-12-23] (AVAST Software)
      S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2017-12-23] (AVAST Software)
      S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2017-12-23] (AVAST Software)
      S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2016-06-30] ()
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-07-15] (DT Soft Ltd)
      S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-01-24] ()
      R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2016-06-30] ()
      R3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2014-09-16] (MotioninJoy) [File not signed]
      S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
      R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
      R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-04-01] (NVIDIA Corporation)
      R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
      S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [21888 2006-01-29] (Syncrosoft GmbH) [File not signed]
      R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
      U3 aswbdisk; no ImagePath
      S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
      S3 dump_wmimmc; \??\D:\Phantasy Star Universe\PHANTASY STAR UNIVERSE\GameGuard\dump_wmimmc.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-24 01:12 - 2017-12-24 01:13 - 000000000 ____D C:\FRST
      2017-12-23 12:34 - 2017-12-23 12:34 - 000000000 ____D C:\ProgramData\SWCUTemp
      2017-12-23 03:20 - 2017-12-23 03:20 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-23 03:20 - 2017-12-23 03:20 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-23 03:20 - 2017-12-23 03:20 - 000004474 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
      2017-12-23 03:20 - 2017-12-23 03:20 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-23 02:44 - 2017-12-23 02:44 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
      2017-12-23 02:44 - 2017-12-23 02:44 - 000001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2017-12-23 02:44 - 2017-12-23 02:44 - 000000000 ____D C:\Users\userr\AppData\Roaming\AVAST Software
      2017-12-23 02:44 - 2017-12-23 02:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
      2017-12-23 02:43 - 2017-12-23 02:41 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      2017-12-23 02:43 - 2017-12-23 02:41 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
      2017-12-23 02:39 - 2017-12-23 02:39 - 000000000 ____D C:\Program Files\AVAST Software
      2017-12-23 02:30 - 2017-12-23 02:38 - 000000000 ____D C:\Users\userr\AppData\Local\AvgSetupLog
      2017-12-23 02:07 - 2017-12-24 01:10 - 000000000 ____D C:\Users\userr\AppData\LocalLow\Mozilla
      2017-12-23 02:06 - 2017-12-23 02:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-12-23 02:06 - 2017-12-23 02:06 - 000000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-12-10 18:50 - 2017-12-10 19:16 - 000000000 ____D C:\Users\userr\AppData\Roaming\Kodi
      2017-12-10 18:50 - 2017-12-10 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
      2017-12-10 18:49 - 2017-12-10 18:50 - 000000000 ____D C:\Program Files (x86)\Kodi
      2017-12-06 22:46 - 2017-12-06 22:46 - 000000000 ____D C:\Program Files\Common Files\Avast Software
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-24 00:38 - 2014-07-15 18:17 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-23 12:42 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 12:42 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 12:34 - 2014-07-15 17:50 - 000000000 ____D C:\ProgramData\NVIDIA
      2017-12-23 12:33 - 2014-08-24 19:53 - 000000000 ____D C:\Users\userr\AppData\Roaming\AVG
      2017-12-23 12:33 - 2014-08-24 19:53 - 000000000 ____D C:\Users\userr\AppData\Local\AVG
      2017-12-23 12:33 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-12-23 03:20 - 2014-08-26 10:46 - 000000000 ____D C:\Users\userr\AppData\Local\Adobe
      2017-12-23 03:20 - 2014-07-15 18:17 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-23 03:16 - 2016-01-03 00:01 - 000000000 ____D C:\Users\userr\AppData\Local\CrashDumps
      2017-12-23 02:38 - 2016-05-15 19:06 - 000000000 ____D C:\ProgramData\AVAST Software
      2017-12-23 02:38 - 2014-08-24 19:52 - 000000000 ____D C:\ProgramData\AVG
      2017-12-23 02:07 - 2014-07-15 18:21 - 000000000 ____D C:\Users\userr\AppData\Roaming\Mozilla
      2017-12-23 02:06 - 2014-07-15 18:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-21 04:29 - 2014-10-16 22:00 - 000003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1413489654
      2017-12-21 04:29 - 2014-07-15 18:15 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2017-12-21 04:29 - 2014-07-15 18:15 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2017-12-20 12:42 - 2014-07-15 22:11 - 000000000 ____D C:\Program Files (x86)\Opera
      2017-12-12 02:54 - 2014-07-15 18:15 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-10 19:02 - 2014-07-18 10:15 - 000000000 ____D C:\Program Files (x86)\Winamp
      2017-12-02 15:06 - 2016-02-27 13:58 - 000000000 ____D C:\Users\userr\AppData\Roaming\vlc
      2017-11-30 19:55 - 2009-07-14 07:13 - 000800086 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-11-30 19:55 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      ==================== Files in the root of some directories =======
      2015-06-28 11:25 - 2015-06-28 12:50 - 000003958 _____ () C:\Users\userr\AppData\Roaming\LTspiceIV.ini
      2016-01-01 23:01 - 2016-01-15 22:41 - 000007168 _____ () C:\Users\userr\AppData\Roaming\SQLiteManager3.pref
      2016-03-10 19:19 - 2016-03-10 19:19 - 000003584 _____ () C:\Users\userr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2014-07-23 18:59 - 2016-02-24 12:08 - 000000601 _____ () C:\Users\userr\AppData\Local\DialogChoices.xml
      2016-12-14 12:38 - 2016-12-14 12:38 - 000000600 _____ () C:\Users\userr\AppData\Local\PUTTY.RND
      2015-05-29 13:21 - 2015-05-29 13:21 - 000003992 _____ () C:\Users\userr\AppData\Local\recently-used.xbel
      2016-01-01 23:13 - 2009-09-24 21:36 - 000000486 _____ () C:\Users\userr\AppData\Local\uninstall.html
      Some files in TEMP:
      ====================
      2015-09-25 10:11 - 2014-07-31 18:54 - 000015752 _____ (Autodesk, Inc.) C:\Users\userr\AppData\Local\Temp\AcDeltree.exe
      2016-12-09 15:51 - 2016-12-09 15:51 - 000223744 _____ (Un4seen Developments) C:\Users\userr\AppData\Local\Temp\Bass.dll
      2016-12-09 15:51 - 2016-12-09 15:51 - 000647168 _____ (radio42) C:\Users\userr\AppData\Local\Temp\Bass.Net.dll
      2016-04-16 11:05 - 2016-04-16 11:05 - 000385024 _____ (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\Crysis_Patch_1_2_launcher.exe
      2016-04-22 16:02 - 2016-04-23 19:52 - 000208896 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7340014.dll
      2016-04-22 16:08 - 2016-04-23 19:41 - 000204800 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7370014.dll
      2016-04-23 19:57 - 2016-04-24 10:30 - 000204800 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7390004.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000027352 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\DseShExt-x64.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000029912 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\DseShExt-x86.dll
      2015-12-15 08:20 - 2015-12-15 08:20 - 000010240 _____ () C:\Users\userr\AppData\Local\Temp\fh2communityupdaterselfupdate.exe
      2016-06-13 18:37 - 2016-06-13 18:37 - 001962752 _____ (Flexera Software LLC) C:\Users\userr\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
      2015-01-29 15:58 - 2006-01-09 06:35 - 000159744 ____R () C:\Users\userr\AppData\Local\Temp\GMfc.dll
      2016-03-21 16:06 - 2016-03-21 16:06 - 001022043 _____ (                                                            ) C:\Users\userr\AppData\Local\Temp\ICReinstall_HDVideoPlayer.exe
      2016-07-28 09:16 - 2016-07-28 09:16 - 000741440 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u101-windows-au.exe
      2016-10-22 10:00 - 2016-10-22 10:00 - 000737856 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u111-windows-au.exe
      2017-01-21 09:41 - 2017-01-21 09:41 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u121-windows-au.exe
      2017-04-25 10:50 - 2017-04-25 10:50 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u131-windows-au.exe
      2017-07-21 08:54 - 2017-07-21 08:54 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u141-windows-au.exe
      2017-11-15 11:43 - 2017-11-15 11:43 - 001856576 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u151-windows-au.exe
      2016-03-27 09:48 - 2016-03-27 09:48 - 000736320 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u77-windows-au.exe
      2016-04-24 10:15 - 2016-04-24 10:15 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u91-windows-au.exe
      2015-01-29 15:58 - 1999-12-17 14:00 - 000995383 ____R (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\Mfc42.dll
      2015-01-29 15:58 - 1999-12-17 14:00 - 000295000 ____R (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\MSVCRT.dll
      2016-03-07 10:20 - 2016-03-07 10:20 - 005495448 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe
      2016-08-16 17:42 - 2016-08-16 17:42 - 006359496 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.23.exe
      2016-01-25 13:38 - 2016-01-25 13:38 - 006350128 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.6.exe
      2017-01-02 12:39 - 2017-01-02 12:39 - 006456560 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.63.11.exe
      2017-06-14 10:20 - 2017-06-14 10:20 - 006441096 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.63.14.exe
      2015-09-01 18:07 - 2016-08-25 22:50 - 000746088 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvSCPAPI.dll
      2015-11-22 12:40 - 2015-11-14 07:54 - 000835776 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvSCPAPI64.dll
      2015-10-13 12:53 - 2015-07-23 02:46 - 000783688 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvStInst.exe
      2015-08-04 14:25 - 2015-08-04 14:25 - 000032984 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\SDShelEx-win32.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000031960 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\SDShelEx-x64.dll
      2006-01-04 09:04 - 2006-01-04 09:04 - 000098304 ____R () C:\Users\userr\AppData\Local\Temp\Setup.exe
      2016-06-23 10:10 - 2016-07-05 21:28 - 000192512 _____ () C:\Users\userr\AppData\Local\Temp\sfamcc00001.dll
      2015-02-10 19:56 - 2015-02-10 19:56 - 000105984 _____ () C:\Users\userr\AppData\Local\Temp\sfextra.dll
      2016-09-12 19:41 - 2016-09-12 19:42 - 036634172 _____ (Bogdan Ureche                                               ) C:\Users\userr\AppData\Local\Temp\SQLiteExpertPersSetup.exe
      2015-01-29 15:58 - 2006-01-09 18:37 - 000393216 ____R () C:\Users\userr\AppData\Local\Temp\UnivUI.dll
      2015-12-20 20:03 - 2015-12-20 20:03 - 013977352 _____ (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\vcredist_2015_Update_1_x86.exe
      2016-09-02 18:27 - 2016-09-02 18:28 - 000003584 _____ () C:\Users\userr\AppData\Local\Temp\_j5iljyu.dll
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-19 00:16
      ==================== End of FRST.txt ============================
      FRST.txt
    • от Емилиян Радоев
      Лаптома ми се товарии загрява мисля, че имам вируси в системата
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
      Ran by Emiliyan (administrator) on WISE (20-12-2017 16:03:52)
      Running from C:\Users\Emiliyan\Downloads
      Loaded Profiles: Emiliyan (Available Profiles: Emiliyan)
      Platform: Windows 8 (X64) Language: English (United States)
      Internet Explorer Version 10 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AMD) C:\Windows\System32\atiesrxx.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
      (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
      (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
      (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
      (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
      (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [] => [X]
      HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
      HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
      HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
      HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
      HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
      HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
      HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
      HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-12-19] (AVAST Software)
      HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
      HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-22] (Pegatron Corporation)
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-17] (Disc Soft Ltd)
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\Run: [Chromium] => "c:\users\emiliyan\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\MountPoints2: {3200876f-a128-11e7-be97-74e543b067e1} - "E:\stp-fifa17.exe" 
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\MountPoints2: {5d49cdaf-cde8-11e7-bea2-74e543b067e1} - "F:\Install.exe" 
      Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Tcpip\..\Interfaces\{4162F2B5-AEAE-42DB-9CD1-CF34657B6E2D}: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Tcpip\..\Interfaces\{72560D0F-2D93-4ECB-9356-DBA41E983165}: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
      SearchScopes: HKU\S-1-5-21-3433298263-1705697951-3842491668-1001 -> DefaultScope {0117524D-8F49-4D9B-B308-983D78D06507} URL = 
      BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
      BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
      Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
      Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
      FireFox:
      ========
      FF DefaultProfile: 1dnbjirw.default
      FF ProfilePath: C:\Users\Emiliyan\AppData\Roaming\Mozilla\Firefox\Profiles\1dnbjirw.default [2017-12-20]
      FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
      FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-07-24] (Nero AG)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
      FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
      Chrome: 
      =======
      CHR Profile: C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default [2017-12-20]
      CHR Extension: (Slides) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Docs) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Google Drive) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-21]
      CHR Extension: (YouTube) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-21]
      CHR Extension: (Google Docs Offline) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-21]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-21]
      CHR Extension: (Gmail) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-21]
      CHR Extension: (Chrome Media Router) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-12-19] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-12-19] (AVAST Software)
      R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291392 2017-08-17] (Disc Soft Ltd)
      R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
      R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
      R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
      R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-08-03] (McAfee, Inc.)
      R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-08-03] (McAfee, Inc.)
      R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-08-03] (McAfee, Inc.)
      S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
      R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-05-26] (McAfee, Inc.)
      R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-05-26] (McAfee, Inc.)
      R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-05-26] (McAfee, Inc.)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
      S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-12-19] (AVAST Software)
      S1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-12-19] (AVAST Software s.r.o.)
      R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-12-19] (AVAST Software s.r.o.)
      R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-12-19] (AVAST Software s.r.o.)
      R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-12-19] (AVAST Software s.r.o.)
      S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-12-19] (AVAST Software)
      R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-12-19] (AVAST Software)
      R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-12-19] (AVAST Software)
      R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-12-19] (AVAST Software)
      R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-12-19] (AVAST Software)
      R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-12-19] (AVAST Software)
      R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-12-19] (AVAST Software)
      R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-12-19] (AVAST Software)
      R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
      S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [69672 2012-08-03] (McAfee, Inc.)
      S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
      R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-09-24] (Disc Soft Ltd)
      R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-09-24] (Disc Soft Ltd)
      R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [169320 2012-08-03] (McAfee, Inc.)
      R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [300392 2012-08-03] (McAfee, Inc.)
      S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [66736 2012-07-19] (McAfee, Inc.)
      R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [513456 2012-08-03] (McAfee, Inc.)
      R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [752672 2012-08-03] (McAfee, Inc.)
      S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [106112 2012-08-03] (McAfee, Inc.)
      R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [335784 2012-08-03] (McAfee, Inc.)
      R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
      R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
      S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-20 16:03 - 2017-12-20 16:04 - 000015501 _____ C:\Users\Emiliyan\Downloads\FRST.txt
      2017-12-20 16:03 - 2017-12-20 16:03 - 002392064 _____ (Farbar) C:\Users\Emiliyan\Downloads\FRST64.exe
      2017-12-20 16:03 - 2017-12-20 16:03 - 000000000 ____D C:\FRST
      2017-12-20 15:51 - 2017-12-20 15:51 - 001931969 _____ C:\Users\Emiliyan\Downloads\ProcessExplorer.zip
      2017-12-19 22:11 - 2017-12-20 00:14 - 000000000 ____D C:\Users\Emiliyan\Downloads\In.Time.2011.BRRip.XviD.BGAudio-SLSS
      2017-12-19 22:10 - 2017-12-19 22:23 - 000000000 ____D C:\Users\Emiliyan\Downloads\We're.the.Millers.2013.BDRip.XviD.BGAUDiO-SLSS
      2017-12-19 19:41 - 2017-12-19 19:42 - 000000000 ____D C:\Users\Emiliyan\Downloads\Spico
      2017-12-19 19:35 - 2017-12-19 19:44 - 000000000 ____D C:\Users\Emiliyan\Downloads\KMSpico 9.2.3
      2017-12-19 19:32 - 2017-12-19 19:32 - 000000000 ____D C:\ProgramData\SWCUTemp
      2017-12-19 19:27 - 2017-12-19 19:27 - 000000000 ____D C:\Users\Emiliyan\Downloads\KMSpico_10.2.0
      2017-12-19 19:12 - 2017-12-20 15:36 - 000000000 ____D C:\Program Files\KMSpico
      2017-12-19 19:12 - 2017-12-19 19:12 - 000003742 _____ C:\WINDOWS\System32\Tasks\Optimize Thumbnail Cache Files
      2017-12-19 19:12 - 2017-12-19 19:12 - 000003272 _____ C:\WINDOWS\System32\Tasks\InstallShield® Update Service Scheduler
      2017-12-19 18:45 - 2017-12-19 18:45 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\AVAST Software
      2017-12-19 18:43 - 2017-12-19 19:11 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
      2017-12-19 18:43 - 2017-12-19 18:43 - 000001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2017-12-19 18:43 - 2017-12-19 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
      2017-12-19 18:43 - 2017-12-19 18:43 - 000000000 ____D C:\Program Files\Common Files\Avast Software
      2017-12-19 18:42 - 2017-12-19 18:43 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
      2017-12-19 18:42 - 2017-12-19 18:42 - 000001087 _____ C:\Users\Emiliyan\Desktop\Your Unin-staller!.lnk
      2017-12-19 18:42 - 2017-12-19 18:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
      2017-12-19 18:42 - 2017-12-19 18:42 - 000000000 ____D C:\Program Files (x86)\Your Uninstaller! 7
      2017-12-19 18:42 - 2017-12-19 18:41 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
      2017-12-19 18:41 - 2017-12-20 15:36 - 000000000 ____D C:\Users\Emiliyan\AppData\Local\{F5EAC3B6-D142-AF0E-BCDA-8AE698B2767E}
      2017-12-19 18:41 - 2017-12-19 18:54 - 000000000 ____D C:\ProgramData\TEMP
      2017-12-19 18:41 - 2017-12-19 18:41 - 006822592 _____ (URSoft, Inc. ) C:\Users\Emiliyan\Downloads\your_uninstaller [1].exe
      2017-12-19 18:41 - 2017-12-19 18:41 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
      2017-12-19 18:41 - 2017-12-19 18:41 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\URSoft
      2017-12-19 18:39 - 2017-12-20 15:37 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Opera Software
      2017-12-19 18:39 - 2017-12-20 15:37 - 000000000 ____D C:\Users\Emiliyan\AppData\Local\Opera Software
      2017-12-19 18:39 - 2017-12-19 18:39 - 000000000 ____D C:\Program Files\AVAST Software
      2017-12-19 18:38 - 2017-12-19 18:38 - 007289800 _____ (URSoft, Inc. ) C:\Users\Emiliyan\Downloads\yusetup7.exe
      2017-12-19 18:38 - 2017-12-19 18:38 - 000002657 _____ C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk
      2017-12-19 13:42 - 2017-12-19 13:42 - 000281568 _____ C:\WINDOWS\Minidump\121917-26937-01.dmp
      2017-12-19 13:30 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\DigitalPlayground -  Janice Griffith (50 Ways To Fuck) 12 november 2014 [.mp4]
      2017-12-19 13:28 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\TeensLikeItBig - Elsa Jean, Gia Paige, Gina Valentina (The Cocksuckers Club)
      2017-12-19 13:27 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\Naughty Bookworms - Lexi Diamond
      2017-12-19 13:27 - 2017-12-19 13:27 - 000008240 _____ C:\Users\Emiliyan\Downloads\TeensLikeItBig - Elsa Jean, Gia Paige, Gina Valentina (The Cocksuckers Club).torrent
      2017-12-19 13:26 - 2017-12-19 13:26 - 000017308 _____ C:\Users\Emiliyan\Downloads\Naughty Bookworms - Lexi Diamond.torrent
      2017-12-19 13:26 - 2017-12-19 13:26 - 000013206 _____ C:\Users\Emiliyan\Downloads\DigitalPlayground -  Janice Griffith (50 Ways To Fuck) 12 november 2014 [.mp4].torrent
      2017-12-19 13:22 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\Tiny4K- Elsa Jean - Big Game Tiny Hole
      2017-12-19 13:22 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\KAYLEE HAZE aka Kylie Nicole - Break My Hymen
      2017-12-19 13:22 - 2017-12-19 13:22 - 000019856 _____ C:\Users\Emiliyan\Downloads\Tiny4K- Elsa Jean - Big Game Tiny Hole.torrent
      2017-12-19 13:22 - 2017-12-19 13:22 - 000016441 _____ C:\Users\Emiliyan\Downloads\KAYLEE HAZE aka Kylie Nicole - Break My Hymen.torrent
      2017-12-19 13:18 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\RKPrimeReality - Apolonia Lapiedra - Apolonias Blew Movie
      2017-12-19 13:17 - 2017-12-19 13:17 - 000013807 _____ C:\Users\Emiliyan\Downloads\RKPrimeReality - Apolonia Lapiedra - Apolonias Blew Movie.torrent
      2017-12-19 13:15 - 2017-12-19 13:15 - 000019694 _____ C:\Users\Emiliyan\Downloads\TeensLikeItBig - Janice Griffith.torrent
      2017-12-19 13:15 - 2017-12-19 13:15 - 000018341 _____ C:\Users\Emiliyan\Downloads\BangbrosClips - Piper Perri (Pipe Her!! And By Her, We Mean Pipeperr!) NEW February 19 2015 SD MP4s.torrent
      2017-12-19 13:08 - 2017-12-19 13:08 - 000014431 _____ C:\Users\Emiliyan\Downloads\RKPrime - Tiffany Watson (Naughty Trainer).torrent
      2017-12-19 12:57 - 2017-12-19 12:57 - 000016656 _____ C:\Users\Emiliyan\Downloads\Elsa Jean - Bubble Blonde.torrent
      2017-12-19 12:19 - 2017-12-19 12:19 - 018316917 _____ C:\Users\Emiliyan\Downloads\Drift Pack.rar
      2017-12-17 23:39 - 2017-12-17 23:39 - 000000627 _____ C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\arhiv.lnk
      2017-12-14 00:48 - 2017-12-14 00:48 - 000000000 _____ C:\Users\Emiliyan\Desktop\New Text Document (2).txt
      2017-12-12 14:12 - 2017-12-12 14:12 - 000281512 _____ C:\WINDOWS\Minidump\121217-37562-01.dmp
      2017-12-11 20:22 - 2017-12-11 20:22 - 000000000 ____D C:\Mu BattleZone Hard (No Sound)(1)
      2017-12-11 20:01 - 2017-12-11 20:02 - 092586941 _____ C:\Mu BattleZone Hard (No Sound)(1).rar
      2017-12-07 16:14 - 2017-12-07 16:14 - 000000000 ____D C:\Users\Emiliyan\Downloads\1231
      2017-12-07 16:13 - 2017-12-07 16:14 - 092586941 _____ C:\Users\Emiliyan\Downloads\1231.rar
      2017-12-07 13:12 - 2017-12-07 13:12 - 000015260 _____ C:\Users\Emiliyan\Downloads\ReVolt_17.1124a.exe.torrent
      2017-11-24 14:44 - 2017-11-24 14:44 - 016270006 _____ C:\Users\Emiliyan\Downloads\sa-mp-0.3.7-install (1).exe
      2017-11-24 14:38 - 2017-12-18 18:43 - 000000000 ____D C:\Users\Emiliyan\Documents\GTA San Andreas User Files
      2017-11-24 14:38 - 2017-11-24 14:38 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
      2017-11-24 14:38 - 2017-11-24 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
      2017-11-24 14:28 - 2017-11-24 14:28 - 000001914 _____ C:\Users\Public\Desktop\GTA San Andreas.lnk
      2017-11-24 14:28 - 2017-11-24 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
      2017-11-24 14:28 - 2017-11-24 14:28 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
      2017-11-24 14:04 - 2017-11-24 14:04 - 016270006 _____ C:\Users\Emiliyan\Downloads\sa-mp-0.3.7-install.exe
      2017-11-24 14:04 - 2017-11-24 14:04 - 000000000 ____D C:\Users\Emiliyan\Downloads\crack
      2017-11-24 14:03 - 2017-11-24 14:03 - 004811976 _____ C:\Users\Emiliyan\Downloads\crack.rar
      2017-11-24 14:03 - 2017-11-24 14:03 - 000162504 _____ C:\Users\Emiliyan\Downloads\[ArenaBG.com]-Grand Theft Auto (GTA) San Andreas-HOODLUM.torrent
      2017-11-23 17:55 - 2017-12-19 18:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-20 15:51 - 2017-06-22 01:33 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\uTorrent
      2017-12-20 15:46 - 2017-06-22 14:55 - 000000000 ____D C:\Users\Emiliyan\AppData\LocalLow\Mozilla
      2017-12-20 12:14 - 2017-06-22 14:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2017-12-19 19:37 - 2012-07-26 09:28 - 000848230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2017-12-19 19:37 - 2012-07-26 07:37 - 000000000 ____D C:\WINDOWS\Inf
      2017-12-19 19:31 - 2017-06-22 00:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
      2017-12-19 19:30 - 2012-07-26 09:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-12-19 19:12 - 2012-08-29 23:53 - 000000000 ____D C:\WINDOWS\System32\Tasks\Toshiba
      2017-12-19 19:10 - 2017-07-07 21:08 - 000000000 ____D C:\Users\Emiliyan\Downloads\simson
      2017-12-19 18:52 - 2012-08-30 09:14 - 000000000 ____D C:\WINDOWS\Panther
      2017-12-19 18:52 - 2012-07-26 10:12 - 000000000 ___HD C:\Program Files\WindowsApps
      2017-12-19 18:52 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\AUInstallAgent
      2017-12-19 18:41 - 2017-09-24 18:24 - 000000000 ____D C:\ProgramData\AVAST Software
      2017-12-19 13:56 - 2017-11-19 22:13 - 000000000 ____D C:\Users\Emiliyan\Downloads1
      2017-12-19 13:42 - 2017-06-22 12:00 - 000000000 ____D C:\WINDOWS\Minidump
      2017-12-19 13:42 - 2017-06-22 11:59 - 715990818 _____ C:\WINDOWS\MEMORY.DMP
      2017-12-18 21:49 - 2017-10-12 12:37 - 000222208 ___SH C:\Users\Emiliyan\Desktop\Thumbs.db
      2017-12-12 22:20 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
      2017-12-12 22:20 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2017-12-12 14:11 - 2017-06-22 14:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-12 08:49 - 2017-09-21 16:27 - 000002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-12 08:49 - 2017-09-21 16:27 - 000002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-12-11 00:40 - 2017-06-22 14:53 - 000000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-11-24 15:37 - 2017-09-25 19:03 - 000281088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2017-11-24 15:36 - 2012-07-26 07:26 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
      2017-11-24 14:28 - 2012-08-29 23:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
      2017-11-23 17:56 - 2017-06-22 14:55 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Mozilla
      2017-11-23 17:56 - 2017-06-22 14:53 - 000000935 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
      ==================== Files in the root of some directories =======
      2017-06-22 01:24 - 2017-06-22 01:24 - 000007606 _____ () C:\Users\Emiliyan\AppData\Local\Resmon.ResmonCfg
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-15 14:17
      ==================== End of FRST.txt ============================
      Addition.txt
    • от embolado
      Здравейте! От няколко дни NOD32 периодично ми изкарва съобщението от картинката, което ме кара да се съмянвам, че компютъра ми има вирус.

      Ето и логовете от FRST
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
      Ran by USER (administrator) on USER-PC (23-12-2017 17:16:05)
      Running from C:\Users\USER\Desktop
      Loaded Profiles: USER (Available Profiles: USER)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
      Internet Explorer Version 10 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
      (Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
      (Node.js) C:\Windows\Prey\versions\1.7.2\bin\node.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
      () D:\Install\Testing Tools\quietHDD\quietHDD.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
      (Fork, Ltd.) C:\Windows\Prey\versions\1.7.2\node_modules\triggers\bin\lightevt.exe
      (HP) C:\Windows\System32\HPSIsvc.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
      (ESET) C:\Program Files\ESET\ESET Security\egui.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [324352 2017-12-21] (ESET)
      HKLM-x32\...\Run: [] => [X]
      HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
      HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [322432 2012-04-04] (Hewlett-Packard Company)
      HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-05-14] (IVT Corporation)
      Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
      Winlogon\Notify\WgaLogon:
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {027c0954-011d-11e7-92c7-b4b52f788ef4} - F:\DriverPack.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {95871b5f-00b7-11e7-8cf1-b4b52f788ef4} - F:\DriverPack.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {d96b13d4-6d84-11e5-92f1-b4b52f788ef4} - H:\setup.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {e6bf35c6-0111-11e7-8df9-b4b52f788ef4} - F:\DriverPack.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {e80d797e-c983-11e5-bc97-b4b52f788ef4} - F:\setup.exe
      AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2014-05-16] (Jaksta Technologies Pty Ltd)
      Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quietHDD.lnk [2013-03-09]
      ShortcutTarget: quietHDD.lnk -> D:\Install\Testing Tools\quietHDD\quietHDD.exe ()
      GroupPolicy: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      ProxyServer: [S-1-5-21-2316775370-2964681540-2297035872-1000] => https=127.0.0.1:54745
      Hosts: 127.0.0.1   www.martau.com
      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{3D41CC7B-1CA0-4A34-B378-EF83D183B83F}: [NameServer] 8.8.8.8,8.8.4.4
      Tcpip\..\Interfaces\{42A1B73C-2FD5-4744-A1AC-DD4C68DBB756}: [DhcpNameServer] 192.168.1.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.bg/
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      SearchScopes: HKU\S-1-5-21-2316775370-2964681540-2297035872-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
      BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
      BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
      Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
      Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
      FireFox:
      ========
      FF DefaultProfile: bx4xcpl7.default
      FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default [2017-12-23]
      FF Homepage: Mozilla\Firefox\Profiles\bx4xcpl7.default -> google.bg
      FF NewTabOverride: Mozilla\Firefox\Profiles\bx4xcpl7.default -> Enabled: "id":"{66E978CD-981F-47DF-AC42-E3CF417C1467
      FF Extension: (MEGA) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\firefox@mega.co.nz.xpi [2017-11-17]
      FF Extension: (New Tab Homepage) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2017-11-18]
      FF Extension: (image-save) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{6f99b5da-d696-4a33-8cc4-072873422204}.xpi [2017-11-17]
      FF Extension: (Adblock Plus) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-13] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1630456 2013-06-07] (IVT Corporation)
      R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-05-14] (IVT Corporation)
      R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2017-11-22] (Fork, Ltd.) [File not signed]
      R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1940584 2017-12-21] (ESET)
      R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [368512 2012-04-04] (Hewlett-Packard Company)
      S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
      S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
      S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-09-06] (DEVGURU Co., LTD.)
      S4 STacSV; C:\Program Files\IDT\WDM\stacsv64.exe [323072 2012-09-20] (IDT, Inc.) [File not signed]
      S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [283480 2017-03-04] (Sysprogs OU)
      U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
      R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
      R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24840 2009-01-07] (IVT Corporation.)
      S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
      S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [35848 2008-12-07] ()
      S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-06] (Samsung Electronics Co., Ltd.)
      S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-06-04] (Disc Soft Ltd)
      S3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-10-08] (DT Soft Ltd)
      R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [134368 2017-12-08] (ESET)
      R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180088 2017-12-08] (ESET)
      R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [106304 2017-12-08] (ESET)
      S1 ISODrive; C:\Windows\SysWOW64\Drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
      S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [31624 2008-07-02] (IVT Corporation.)
      S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
      R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1162952 2013-07-13] (Ralink Technology, Corp.)
      R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1864328 2012-10-03] ()
      S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-06] (Samsung Electronics Co., Ltd.)
      U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
      U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
      S3 BT; system32\DRIVERS\btnetdrv.sys [X]
      S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
      S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
      S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
      S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
      S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
      S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
      S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
      S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
      S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
      S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
      S3 VComm; system32\DRIVERS\VComm.sys [X]
      S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
      S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-23 17:16 - 2017-12-23 17:16 - 000012226 _____ C:\Users\USER\Desktop\FRST.txt
      2017-12-23 17:15 - 2017-12-23 17:16 - 000000000 ____D C:\FRST
      2017-12-23 16:58 - 2017-12-23 16:58 - 002392064 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
      2017-12-14 23:52 - 2017-12-14 23:52 - 000000000 ____D C:\Users\USER\AppData\Local\Viber
      2017-11-29 17:30 - 2017-11-29 17:30 - 000000000 ____D C:\Users\USER\AppData\Roaming\ABBYY
      2017-11-28 23:28 - 2017-11-28 23:28 - 000002697 _____ C:\Users\Public\Desktop\Skype.lnk
      2017-11-28 23:28 - 2017-11-28 23:28 - 000000000 ___RD C:\Program Files (x86)\Skype
      2017-11-28 23:28 - 2017-11-28 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      2017-11-24 13:58 - 2017-12-11 17:13 - 000001438 _____ C:\Users\USER\Desktop\Mozilla Firefox.lnk
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-23 17:15 - 2017-03-03 19:29 - 000000000 ____D C:\Users\USER\AppData\LocalLow\Mozilla
      2017-12-23 17:14 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 17:14 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 17:09 - 2017-05-08 00:51 - 000000000 ____D C:\Users\USER\AppData\Roaming\Skype
      2017-12-23 17:08 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2017-12-23 17:06 - 2017-11-22 20:05 - 000000000 ____D C:\Windows\Prey
      2017-12-23 17:06 - 2013-09-13 16:20 - 000001017 _____ C:\Windows\SysWOW64\bscs.ini
      2017-12-23 17:06 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-12-23 16:55 - 2009-07-14 07:13 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-12-23 02:05 - 2013-04-26 22:50 - 000000000 ____D C:\Users\USER\AppData\Local\CrashDumps
      2017-12-23 00:51 - 2017-11-22 19:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
      2017-12-22 18:37 - 2014-11-03 20:17 - 000004096 _____ C:\Users\USER\AppData\Local\keyfile3.drm
      2017-12-22 01:38 - 2017-07-11 22:53 - 000000000 ____D C:\Users\USER\AppData\Roaming\uTorrent
      2017-12-21 21:59 - 2013-11-26 22:18 - 000000000 ____D C:\Users\USER\AppData\Roaming\vlc
      2017-12-18 15:30 - 2016-03-18 02:15 - 000012288 ___SH C:\Users\USER\AppData\Roaming\Thumbs.db
      2017-12-17 10:12 - 2017-10-21 08:34 - 000000000 ____D C:\Users\USER\AppData\Roaming\ViberPC
      2017-12-13 01:23 - 2017-11-17 22:38 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-13 01:23 - 2017-11-17 22:38 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-13 01:23 - 2017-11-17 22:38 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-13 01:23 - 2013-03-28 20:01 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-13 01:23 - 2012-12-29 22:02 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-09 11:17 - 2017-11-17 21:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-08 23:22 - 2017-11-17 21:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-12-08 20:25 - 2017-11-02 09:02 - 000134368 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
      2017-12-08 20:25 - 2017-10-09 16:49 - 000180088 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
      2017-12-08 20:25 - 2017-09-19 09:05 - 000106304 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
      2017-11-28 23:28 - 2012-12-30 00:31 - 000000000 ____D C:\ProgramData\Skype
      ==================== Files in the root of some directories =======
      2016-03-18 02:15 - 2017-12-18 15:30 - 000012288 ___SH () C:\Users\USER\AppData\Roaming\Thumbs.db
      2016-02-08 01:25 - 2016-02-08 01:25 - 000006529 _____ () C:\Users\USER\AppData\Roaming\UserTile.png
      2015-06-08 18:55 - 2015-08-20 17:08 - 000000031 _____ () C:\Users\USER\AppData\Local\burnaware.ini
      2013-04-18 15:40 - 2015-08-23 12:48 - 000007680 _____ () C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2017-09-25 20:21 - 2017-09-25 20:21 - 000000036 _____ () C:\Users\USER\AppData\Local\housecall.guid.cache
      2014-11-03 20:17 - 2017-12-22 18:37 - 000004096 _____ () C:\Users\USER\AppData\Local\keyfile3.drm
      2013-02-05 23:18 - 2013-02-05 23:18 - 000000001 _____ () C:\Users\USER\AppData\Local\llftool.4.25.agreement
      2015-06-19 18:43 - 2015-06-19 18:43 - 000000001 _____ () C:\Users\USER\AppData\Local\llftool.4.40.agreement
      2017-06-20 18:27 - 2017-06-20 18:27 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.1.10.agreement
      2017-08-28 22:48 - 2017-08-28 22:48 - 000000013 _____ () C:\Users\USER\AppData\Local\RawCopy.savedialog.dir
      2017-08-28 22:48 - 2017-08-28 22:48 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.savedialog.filterindex
      2017-06-20 18:27 - 2017-08-29 12:08 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.sourcedisk.index
      2013-02-18 20:48 - 2017-11-11 20:47 - 000007652 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-19 02:06
      ==================== End of FRST.txt ============================
       
       
      Addition.txt
    • от D101149
      Здравейте! Имам проблеми със системата си, за пореден път се обръщам към вас с надеждата отново да ми помогнете.  Просто искам да кажа, че направих голяма глупост и се нахаках с куп вируси, ако ударите едно рамо ще съм ви много благодарен за пореден път
      FRST.txt
      Addition.txt
    • от Tania Simeonova
      Нямам представа какъв е вирусът, но компютърът не работи правилно, не се отварят напълно страниците, голяма част от изображенията не се зареждат!
      резултатите от сканирането: FRST.txt
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2017
      Ran by krasi (administrator) on KRASI-PC (13-12-2017 18:19:54)
      Running from C:\Users\krasi\Downloads
      Loaded Profiles: krasi (Available Profiles: krasi)
      Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
      Internet Explorer Version 11 (Default browser not detected!)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      (AMD) C:\Windows\System32\atiesrxx.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (阿里巴巴(中国)有限公司) C:\Program Files (x86)\AliSafeEngine\5.0.2\AliSafeEngine.exe
      (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
      () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
      () C:\Windows\SysWOW64\PnkBstrA.exe
      (Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
      (Alibaba (China) Co., LTD. All rights reserved.) C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe
      (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      (Alibaba Group) C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe
      (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
      (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
      (阿里巴巴(中国)有限公司) C:\Users\krasi\AppData\Roaming\TaobaoProtect\TaobaoProtect.exe
      (Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
      (© 2015 Microsoft Corporation) C:\Users\krasi\AppData\Local\Microsoft\BingSvc\BingSvc.exe
      () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      () C:\Users\krasi\AppData\Local\Ivideon\IvideonServer\IvideonServer.exe
      (Alibaba (China) Co., Ltd.) C:\Program Files (x86)\TradeManager\AliIM.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
      (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
      () C:\Program Files (x86)\STDU Viewer\STDUViewerApp.exe
      (阿里巴巴(中国)有限公司) C:\Program Files (x86)\AliSafeEngine\5.0.2\AliIMSafeUI.exe
      (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
      () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
      (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
      () C:\Users\krasi\AppData\Local\Ivideon\IvideonServer\IvideonServerWatchDog.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      () C:\Program Files (x86)\TradeManager\AliApp.exe
      () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
      () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
      () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
      (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
      HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
      HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
      HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
      HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
      HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
      HKLM-x32\...\Run: [] => [X]
      HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
      HKLM-x32\...\Run: [zenvpn] => C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\zenvpn.exe
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Software Informer] => C:\Program Files\Software Informer\softinfo.exe [1634304 2015-06-26] (Informer Technologies, Inc.)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Facebook Update] => C:\Users\krasi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-20] (Facebook Inc.)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [BingSvc] => C:\Users\krasi\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-17] (© 2015 Microsoft Corporation)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] ()
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Ivideon Server] => C:\Users\krasi\AppData\Local\Ivideon\IvideonServer\IvideonServer.exe [2745384 2016-04-06] ()
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Auto Hide IP] => C:\Program Files (x86)\AutoHideIP\AutoHideIP.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [ProxyFirewall] => C:\Program Files (x86)\ProxyFirewall\ProxyFirewall.exe************************************************************************************************************************************************** (the data entry has 59 more characters).
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Vidalia] => "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [aliim] => C:\Program Files (x86)\TradeManager\AliIM.exe [556472 2017-09-21] (Alibaba (China) Co., Ltd.)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\MountPoints2: {360dbedc-faa0-11e6-8f8e-002215d5bbf6} - F:\HTC_Sync_Manager_PC.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\MountPoints2: {601ad4bf-24f1-11e3-9659-002215d5bbf6} - E:\Autorun.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\MountPoints2: {ad78493c-8f26-11e7-a40c-002215d5bbf6} - F:\HTC_Sync_Manager_PC.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\MountPoints2: {c6bba659-6e94-11e3-b0c9-002215d5bbf6} - F:\HTC_Sync_Manager_PC.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-11-15]
      ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
      Startup: C:\Users\krasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Изрязване на екран и стартиране на OneNote 2010.lnk [2017-01-10]
      ShortcutTarget: Изрязване на екран и стартиране на OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
      GroupPolicy\User: Restriction <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 31.211.159.254 31.211.159.253
      Tcpip\..\Interfaces\{4E2EDFE8-1AE1-40D1-8B42-FACE1D9B1466}: [DhcpNameServer] 31.211.159.254 31.211.159.253
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
      BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
      BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-20] (Oracle Corporation)
      BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
      BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.2.18\AVG Web TuneUp.dll => No File
      BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-20] (Oracle Corporation)
      Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
      Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
      Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe
      FireFox:
      ========
      FF ProfilePath: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default [2017-12-13]
      FF Homepage: Mozilla\Firefox\Profiles\8979hrxg.default -> hxxps://www.google.bg/
      FF NetworkProxy: Mozilla\Firefox\Profiles\8979hrxg.default -> http", "1.160.3.133"
      FF Extension: (Best Proxy Switcher) - C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\Extensions\bestproxyswitcher@bestproxyswitcher.com.xpi [2017-10-16]
      FF Extension: (Firebug) - C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\Extensions\firebug@software.joehewitt.com.xpi [2017-10-24] [Legacy]
      FF Extension: (Fox Web Security) - C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\Extensions\s3fox@security.xpi [2017-10-16] [Legacy]
      FF Extension: (Test Pilot) - C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\Extensions\testpilot@labs.mozilla.com.xpi [2016-09-08] [Legacy]
      FF Extension: (NoScript) - C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-12-04]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\aol-search.xml [2013-06-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-1.xml [2015-02-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-10.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-100.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-101.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-102.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-103.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-104.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-105.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-106.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-107.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-108.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-109.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-11.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-110.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-111.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-112.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-113.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-114.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-115.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-116.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-117.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-118.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-119.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-12.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-120.xml [2015-07-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-121.xml [2015-07-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-122.xml [2015-07-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-123.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-124.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-125.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-126.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-127.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-128.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-129.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-13.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-130.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-131.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-132.xml [2015-08-12]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-133.xml [2015-08-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-134.xml [2015-08-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-135.xml [2015-08-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-136.xml [2015-08-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-137.xml [2015-08-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-138.xml [2015-08-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-139.xml [2015-08-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-14.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-140.xml [2015-08-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-141.xml [2015-08-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-142.xml [2015-08-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-143.xml [2015-08-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-144.xml [2015-08-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-145.xml [2015-08-30]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-146.xml [2015-08-30]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-147.xml [2015-08-30]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-148.xml [2015-08-30]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-149.xml [2015-08-30]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-15.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-150.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-151.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-152.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-153.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-154.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-155.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-156.xml [2015-09-10]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-157.xml [2015-09-10]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-16.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-17.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-18.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-19.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-2.xml [2015-02-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-20.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-21.xml [2015-02-25]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-22.xml [2015-02-25]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-23.xml [2015-02-25]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-24.xml [2015-02-25]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-25.xml [2015-03-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-26.xml [2015-03-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-27.xml [2015-03-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-28.xml [2015-03-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-29.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-3.xml [2015-02-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-30.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-31.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-32.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-33.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-34.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-35.xml [2015-03-27]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-36.xml [2015-03-27]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-37.xml [2015-03-27]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-38.xml [2015-03-27]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-39.xml [2015-03-27]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-4.xml [2015-02-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-40.xml [2015-04-05]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-41.xml [2015-04-05]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-42.xml [2015-04-05]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-43.xml [2015-04-05]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-44.xml [2015-04-14]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-45.xml [2015-04-14]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-46.xml [2015-04-14]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-47.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-48.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-49.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-5.xml [2015-02-17]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-50.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-51.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-52.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-53.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-54.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-55.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-56.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-57.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-58.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-59.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-6.xml [2015-02-17]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-60.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-61.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-62.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-63.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-64.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-65.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-66.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-67.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-68.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-69.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-7.xml [2015-02-17]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-70.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-71.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-72.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-73.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-74.xml [2015-04-21]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-75.xml [2015-04-21]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-76.xml [2015-04-21]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-77.xml [2015-04-21]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-78.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-79.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-8.xml [2015-02-17]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-80.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-81.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-82.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-83.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-84.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-85.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-86.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-87.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-88.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-89.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-9.xml [2015-02-17]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-90.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-91.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-92.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-93.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-94.xml [2015-05-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-95.xml [2015-05-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-96.xml [2015-05-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-97.xml [2015-05-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-98.xml [2015-05-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-99.xml [2015-05-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1.xml [2015-02-15]
      FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
      FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
      FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-03-21] (Adobe Systems)
      FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 -> C:\Program Files (x86)\TradeManager\nptrademanager.dll [2017-09-21] ( )
      FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\TradeManager\npwangwang.dll [2017-09-21] ( )
      FF Plugin-x32: @alipay.com/npaliedit -> C:\Program Files (x86)\alipay\aliedit\4.0.0.101\npaliedit.dll [2015-03-24] (Alipay.com co.,ltd)
      FF Plugin-x32: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\4.0.0.101\npAliSecCtrl.dll [2015-03-24] (Alipay.com Inc. )
      FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
      FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
      FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-10-28] (DivX, LLC)
      FF Plugin-x32: @inhatch.com,version=0.7.5 -> C:\Program Files (x86)\InhatchTeam\Inhatch\npinhatch.dll [2010-12-04] (Inhatch)
      FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-20] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-20] (Oracle Corporation)
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
      FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-09-20] (RocketLife, LLP)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
      FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-03-21] (Adobe Systems)
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll [2014-10-08] (Alibaba software (Shanghai) Corporation.)
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @alipay.com/npalicert -> C:\Users\krasi\AppData\Roaming\alipay\cf\npalicdo.dll [2014-10-21] (alipay.com)
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\krasi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\krasi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-01] (Unity Technologies ApS)
      Chrome: 
      =======
      CHR Profile: C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default [2017-12-13]
      CHR Extension: (Google Диск) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-10]
      CHR Extension: (Adobe Acrobat) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-12-10]
      CHR Extension: (Google Документи офлайн) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-10]
      CHR Extension: (Skype) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-10]
      CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-12-10]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-10]
      CHR Extension: (Chrome Media Router) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-10]
      CHR Profile: C:\Users\krasi\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-17]
      CHR HKU\S-1-5-21-237019498-3253715406-2815218077-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\krasi\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-07-29]
      CHR HKU\S-1-5-21-237019498-3253715406-2815218077-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\serach.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gnfaiijpfcmdehcgcnnippmnhjjnbllp] - C:\Program Files (x86)\Blingee Plus\blingee_plus_nt.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
      Opera: 
      =======
      StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-07-29] (Adobe Systems) [File not signed]
      R2 AliSafeEngine Service; C:\Program Files (x86)\AliSafeEngine\5.0.2\AliSafeEngine.exe [594080 2016-05-10] (阿里巴巴(中国)有限公司)
      R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
      R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2770312 2017-09-05] (ESET)
      S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-08-07] (Macrovision Europe Ltd.) [File not signed]
      R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [850128 2015-10-12] ()
      S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
      R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
      R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2013-12-15] ()
      R2 TBSecSvc; C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe [227296 2017-02-05] (Alibaba (China) Co., LTD. All rights reserved.)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
      R2 wwbizsrv; C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe [2904176 2016-07-14] (Alibaba Group)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-27] (Disc Soft Ltd)
      R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2017-09-05] (ESET)
      R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2017-09-05] (ESET)
      R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [181384 2017-09-05] (ESET)
      S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
      R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
      S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
      R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-03-01] (Anchorfree Inc.)
      S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-13 18:14 - 2017-12-13 18:19 - 000071574 _____ C:\Users\krasi\Downloads\Addition.txt
      2017-12-13 18:11 - 2017-12-13 18:20 - 000050702 _____ C:\Users\krasi\Downloads\FRST.txt
      2017-12-13 18:10 - 2017-12-13 18:19 - 000000000 ____D C:\FRST
      2017-12-13 18:09 - 2017-12-13 18:10 - 002392064 _____ (Farbar) C:\Users\krasi\Downloads\FRST64.exe
      2017-12-12 20:58 - 2017-11-17 06:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2017-12-12 20:58 - 2017-11-15 03:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2017-12-12 20:58 - 2017-11-15 02:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
      2017-12-12 20:58 - 2017-11-14 05:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2017-12-12 20:58 - 2017-11-14 05:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2017-12-12 20:58 - 2017-11-14 05:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2017-12-12 20:58 - 2017-11-14 05:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2017-12-12 20:58 - 2017-11-14 05:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2017-12-12 20:58 - 2017-11-14 05:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2017-12-12 20:58 - 2017-11-14 05:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2017-12-12 20:58 - 2017-11-14 05:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2017-12-12 20:58 - 2017-11-14 05:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2017-12-12 20:58 - 2017-11-14 05:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2017-12-12 20:58 - 2017-11-14 05:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2017-12-12 20:58 - 2017-11-14 05:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2017-12-12 20:58 - 2017-11-14 05:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2017-12-12 20:58 - 2017-11-14 05:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2017-12-12 20:58 - 2017-11-14 05:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2017-12-12 20:58 - 2017-11-14 05:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2017-12-12 20:58 - 2017-11-14 05:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2017-12-12 20:58 - 2017-11-14 05:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2017-12-12 20:58 - 2017-11-14 05:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2017-12-12 20:58 - 2017-11-14 05:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2017-12-12 20:58 - 2017-11-14 05:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2017-12-12 20:58 - 2017-11-14 05:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2017-12-12 20:58 - 2017-11-14 05:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2017-12-12 20:58 - 2017-11-14 05:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2017-12-12 20:58 - 2017-11-14 05:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2017-12-12 20:58 - 2017-11-14 04:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2017-12-12 20:58 - 2017-11-14 04:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2017-12-12 20:58 - 2017-11-14 04:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2017-12-12 20:58 - 2017-11-14 04:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2017-12-12 20:58 - 2017-11-14 04:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2017-12-12 20:58 - 2017-11-14 04:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2017-12-12 20:58 - 2017-11-14 04:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2017-12-12 20:58 - 2017-11-14 04:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2017-12-12 20:58 - 2017-11-14 04:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2017-12-12 20:58 - 2017-11-14 04:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2017-12-12 20:58 - 2017-11-14 03:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
      2017-12-12 20:58 - 2017-11-14 03:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
      2017-12-12 20:58 - 2017-11-14 03:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
      2017-12-12 20:58 - 2017-11-14 03:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
      2017-12-12 20:58 - 2017-11-14 03:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
      2017-12-12 20:58 - 2017-11-14 02:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
      2017-12-12 20:58 - 2017-11-14 02:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
      2017-12-12 20:58 - 2017-11-07 22:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
      2017-12-12 20:58 - 2017-11-07 22:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
      2017-12-12 20:58 - 2017-11-07 22:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
      2017-12-12 20:58 - 2017-11-07 22:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
      2017-12-12 20:58 - 2017-11-07 22:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
      2017-12-12 20:58 - 2017-11-07 22:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
      2017-12-12 20:58 - 2017-11-07 22:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
      2017-12-12 20:58 - 2017-11-07 22:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
      2017-12-12 20:58 - 2017-11-07 22:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
      2017-12-12 20:58 - 2017-11-07 22:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
      2017-12-12 20:58 - 2017-11-07 22:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
      2017-12-12 20:58 - 2017-11-07 22:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
      2017-12-12 20:58 - 2017-11-07 22:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
      2017-12-12 20:58 - 2017-11-07 22:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
      2017-12-12 20:58 - 2017-11-07 22:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
      2017-12-12 20:58 - 2017-11-07 22:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
      2017-12-12 20:58 - 2017-11-07 22:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
      2017-12-12 20:58 - 2017-11-07 22:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
      2017-12-12 20:58 - 2017-11-07 22:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
      2017-12-12 20:58 - 2017-11-07 22:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
      2017-12-12 20:58 - 2017-11-07 22:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
      2017-12-12 20:58 - 2017-11-07 22:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
      2017-12-12 20:58 - 2017-11-07 22:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
      2017-12-12 20:58 - 2017-11-07 21:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
      2017-12-12 20:58 - 2017-11-07 18:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
      2017-12-12 20:58 - 2017-11-07 18:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
      2017-12-12 20:58 - 2017-11-04 17:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
      2017-12-12 20:58 - 2017-11-04 17:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
      2017-12-12 20:58 - 2017-11-04 17:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
      2017-12-12 20:58 - 2017-11-04 17:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
      2017-12-12 20:58 - 2017-11-02 18:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
      2017-12-12 20:58 - 2017-11-02 18:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
      2017-12-12 20:58 - 2017-11-02 18:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
      2017-12-12 20:58 - 2017-11-02 18:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
      2017-12-12 20:58 - 2017-11-02 17:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
      2017-12-12 20:58 - 2017-11-02 17:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
      2017-12-12 20:58 - 2017-11-02 17:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
      2017-12-12 20:58 - 2017-11-02 16:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
      2017-12-12 20:58 - 2017-10-17 01:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
      2017-12-12 20:58 - 2017-10-17 00:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
      2017-12-12 20:58 - 2017-10-12 02:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
      2017-12-12 07:23 - 2017-12-12 07:23 - 002989952 _____ C:\Users\krasi\Downloads\ZHPCleaner (2).exe
      2017-12-12 06:50 - 2017-12-12 06:50 - 000605424 _____ (Reimage) C:\Users\krasi\Downloads\ReimageRepair (2).exe
      2017-12-12 06:15 - 2017-12-12 06:15 - 000605424 _____ (Reimage) C:\Users\krasi\Downloads\ReimageRepair (1).exe
      2017-12-11 16:29 - 2017-12-13 07:47 - 000000000 ____D C:\AdwCleaner
      2017-12-11 16:26 - 2017-12-11 16:29 - 008187336 _____ (Malwarebytes) C:\Users\krasi\Downloads\adwcleaner_7.0.5.0.exe
      2017-12-11 14:20 - 2017-12-11 14:21 - 002989952 _____ C:\Users\krasi\Downloads\ZHPCleaner (1).exe
      2017-12-10 16:31 - 2017-12-11 14:39 - 000002450 _____ C:\Users\krasi\Desktop\ZHPCleaner.txt
      2017-12-10 16:12 - 2017-12-13 06:25 - 000000830 _____ C:\Users\krasi\Desktop\ZHPCleaner.lnk
      2017-12-10 16:12 - 2017-12-13 06:25 - 000000000 ____D C:\Users\krasi\AppData\Roaming\ZHP
      2017-12-10 16:12 - 2017-12-10 16:12 - 000000000 ____D C:\Users\krasi\AppData\Local\ZHP
      2017-12-10 16:09 - 2017-12-10 16:11 - 002988416 _____ C:\Users\krasi\Downloads\ZHPCleaner.exe
      2017-12-09 10:41 - 2017-12-09 10:41 - 000262144 ____N C:\Windows\Minidump\120917-31761-01.dmp
      2017-12-06 15:41 - 2017-12-06 15:41 - 002694408 _____ C:\Users\krasi\Downloads\13-0392-5-Prog_ovoshtni (3).pdf
      2017-12-05 16:11 - 2017-12-05 16:11 - 000262144 ____N C:\Windows\Minidump\120517-27565-01.dmp
      2017-12-04 11:18 - 2017-12-04 11:18 - 000190568 _____ C:\Users\krasi\Downloads\ECCNET-complaint (1).pdf
      2017-12-03 16:25 - 2017-12-03 16:25 - 000262144 ____N C:\Windows\Minidump\120317-15553-01.dmp
      2017-12-03 11:45 - 2017-12-03 11:45 - 000262144 ____N C:\Windows\Minidump\120317-17206-01.dmp
      2017-12-03 09:19 - 2017-12-03 09:19 - 000190568 _____ C:\Users\krasi\Downloads\ECCNET-complaint.pdf
      2017-12-03 08:51 - 2017-12-03 08:51 - 002694408 _____ C:\Users\krasi\Downloads\13-0392-5-Prog_ovoshtni (2).pdf
      2017-12-03 07:45 - 2017-12-03 07:45 - 000262144 ____N C:\Windows\Minidump\120317-20482-01.dmp
      2017-11-26 16:42 - 2017-11-26 16:42 - 000262144 ____N C:\Windows\Minidump\112617-157389-01.dmp
      2017-11-25 17:37 - 2017-12-12 20:36 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-11-25 17:36 - 2017-12-12 20:36 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-11-25 17:36 - 2017-12-12 20:36 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-11-20 06:22 - 2017-11-20 06:24 - 141015434 _____ C:\Users\krasi\Downloads\AdbeRdr11000_mui_Std (1).zip
      2017-11-20 06:22 - 2017-11-20 06:23 - 040116224 _____ C:\Users\krasi\Downloads\AdbeRdrUpd11021_MUI.msp
      2017-11-18 10:51 - 2017-11-18 10:53 - 141015434 _____ C:\Users\krasi\Downloads\AdbeRdr11000_mui_Std.zip
      2017-11-18 07:16 - 2017-11-18 07:16 - 020771800 _____ (Adobe Systems Incorporated) C:\Users\krasi\Downloads\install_flash_player (1).exe
      2017-11-18 07:16 - 2017-11-18 07:16 - 020250592 _____ (Adobe Systems Incorporated) C:\Users\krasi\Downloads\install_flash_player_ax.exe
      2017-11-18 07:15 - 2017-11-18 07:16 - 020732888 _____ (Adobe Systems Incorporated) C:\Users\krasi\Downloads\install_flash_player_ppapi.exe
      2017-11-17 08:25 - 2017-11-17 08:26 - 010849904 _____ (Piriform Ltd) C:\Users\krasi\Downloads\ccsetup537.exe
      2017-11-17 08:22 - 2017-11-17 08:23 - 048123704 _____ (TuneUp Software) C:\Users\krasi\Downloads\TuneUpUtilities2014_en-US.exe
      2017-11-16 08:01 - 2017-11-16 08:01 - 001205232 _____ (Adobe Systems Incorporated) C:\Users\krasi\Downloads\flashplayer27pp_id_install.exe
      2017-11-16 07:45 - 2017-11-16 07:45 - 020771840 _____ (Adobe Systems Incorporated) C:\Users\krasi\Downloads\install_flash_player.exe
      2017-11-16 07:34 - 2017-11-16 07:35 - 000311248 _____ (Mozilla) C:\Users\krasi\Downloads\Firefox Installer(1).exe
      2017-11-15 19:32 - 2017-11-15 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
      2017-11-15 19:32 - 2017-11-15 19:32 - 000000000 ____D C:\ProgramData\McAfee Security Scan
      2017-11-15 19:32 - 2017-11-15 19:32 - 000000000 ____D C:\Program Files\McAfee Security Scan
      2017-11-15 19:01 - 2017-11-15 19:32 - 000001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
      2017-11-15 19:01 - 2017-11-15 19:32 - 000000000 ____D C:\Program Files (x86)\McAfee Security Scan
      2017-11-15 13:22 - 2017-11-15 13:22 - 000000000 ____D C:\Users\krasi\AppData\Local\ElevatedDiagnostics
      2017-11-15 09:01 - 2017-11-15 09:01 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Opera Software
      2017-11-15 09:01 - 2017-11-15 09:01 - 000000000 ____D C:\Users\krasi\AppData\Local\Opera Software
      2017-11-15 08:59 - 2017-11-19 12:49 - 000000000 ____D C:\Program Files\Opera
      2017-11-15 08:58 - 2017-11-15 08:59 - 001258640 _____ (Opera Software) C:\Users\krasi\Downloads\OperaSetup.exe
      2017-11-15 02:16 - 2017-10-18 04:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
      2017-11-15 02:16 - 2017-10-17 01:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
      2017-11-15 02:16 - 2017-10-16 23:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
      2017-11-15 02:16 - 2017-10-12 02:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
      2017-11-15 02:16 - 2017-10-12 02:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
      2017-11-15 02:16 - 2017-10-12 02:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
      2017-11-15 02:16 - 2017-10-12 02:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
      2017-11-15 02:16 - 2017-10-12 02:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
      2017-11-15 02:16 - 2017-10-12 02:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
      2017-11-15 02:16 - 2017-10-12 02:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
      2017-11-15 02:16 - 2017-10-12 02:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
      2017-11-15 02:16 - 2017-10-12 02:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
      2017-11-15 02:16 - 2017-10-12 02:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
      2017-11-15 02:16 - 2017-10-12 02:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
      2017-11-15 02:16 - 2017-10-12 02:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
      2017-11-15 02:16 - 2017-10-12 02:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
      2017-11-15 02:16 - 2017-10-12 02:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
      2017-11-15 02:16 - 2017-10-12 02:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
      2017-11-15 02:16 - 2017-10-12 02:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
      2017-11-15 02:16 - 2017-10-12 02:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
      2017-11-15 02:16 - 2017-10-12 02:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
      2017-11-15 02:13 - 2017-10-18 04:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
      2017-11-15 02:13 - 2017-10-18 04:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
      2017-11-15 02:13 - 2017-10-16 00:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
      2017-11-15 02:13 - 2017-10-04 15:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
      2017-11-13 15:49 - 2017-11-13 15:49 - 025614068 _____ C:\Users\krasi\Downloads\php-7.2.0RC6-Win32-VC15-x64.zip
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-13 18:19 - 2014-03-20 15:14 - 000000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-237019498-3253715406-2815218077-1001UA.job
      2017-12-13 18:18 - 2013-12-23 16:04 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Software Informer
      2017-12-13 18:08 - 2017-02-07 06:02 - 000000000 ____D C:\ProgramData\AliAntiVirusED
      2017-12-13 18:08 - 2017-02-05 17:01 - 000000000 ____D C:\Users\krasi\AppData\Roaming\TaobaoProtect
      2017-12-13 18:01 - 2015-08-28 17:56 - 000000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e1aaf219f40.job
      2017-12-13 18:01 - 2015-07-16 00:56 - 000000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf516b0a7118.job
      2017-12-13 18:00 - 2015-05-17 02:50 - 000000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0903b82a18cc0.job
      2017-12-13 17:55 - 2013-01-18 09:54 - 000000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
      2017-12-13 17:55 - 2013-01-05 12:16 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Skype
      2017-12-13 17:52 - 2013-12-23 12:25 - 000000338 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
      2017-12-13 17:43 - 2014-03-16 16:21 - 000000398 _____ C:\Windows\Tasks\WpsUpdateTask_krasi.job
      2017-12-13 16:02 - 2009-07-14 06:45 - 000025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-12-13 16:02 - 2009-07-14 06:45 - 000025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-12-13 15:19 - 2014-03-20 15:14 - 000000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-237019498-3253715406-2815218077-1001Core.job
      2017-12-13 15:01 - 2015-08-28 17:56 - 000000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e1aae22cce0.job
      2017-12-13 11:11 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
      2017-12-13 07:55 - 2015-11-29 13:07 - 000000000 ___RD C:\Users\krasi\Google Drive
      2017-12-13 07:54 - 2017-02-05 16:36 - 000000000 ____D C:\Program Files (x86)\TradeManager
      2017-12-13 07:53 - 2017-02-05 17:00 - 000000000 ____D C:\ProgramData\boost_interprocess
      2017-12-13 07:50 - 2015-07-16 00:55 - 000000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf516a17d3b8.job
      2017-12-13 07:50 - 2015-05-17 02:50 - 000000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0903b81e14a00.job
      2017-12-13 07:50 - 2013-01-18 09:54 - 000000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
      2017-12-13 07:49 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-12-13 07:36 - 2015-03-06 07:46 - 000000058 _____ C:\Users\krasi\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
      2017-12-13 03:42 - 2009-07-14 06:45 - 005445240 _____ C:\Windows\system32\FNTCACHE.DAT
      2017-12-13 03:35 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
      2017-12-13 03:35 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\Setup
      2017-12-13 03:14 - 2013-08-03 02:00 - 000000000 ____D C:\Windows\system32\MRT
      2017-12-13 03:06 - 2017-10-12 02:17 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
      2017-12-13 03:06 - 2013-01-03 13:48 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2017-12-12 20:36 - 2013-01-03 13:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-12 20:36 - 2013-01-03 13:06 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-11 16:43 - 2013-01-03 10:40 - 000000000 ____D C:\Users\krasi
      2017-12-11 16:41 - 2013-09-22 12:58 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Yahoo!
      2017-12-10 23:54 - 2013-12-24 06:52 - 000000000 ____D C:\Users\krasi\AppData\Local\CrashDumps
      2017-12-09 15:38 - 2016-11-30 07:32 - 000000000 ____D C:\Users\krasi\AppData\LocalLow\Mozilla
      2017-12-09 10:43 - 2013-06-18 06:30 - 000000048 _____ C:\RB.rdat
      2017-12-09 10:43 - 2013-06-18 06:30 - 000000048 _____ C:\License_Time.rdat
      2017-12-09 10:41 - 2013-01-06 07:08 - 000000000 ____D C:\Windows\Minidump
      2017-12-08 00:03 - 2017-11-03 11:04 - 000002000 _____ C:\Users\Public\Desktop\Google Sheets.lnk
      2017-12-08 00:03 - 2017-09-14 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
      2017-12-08 00:03 - 2015-11-29 13:04 - 000002002 _____ C:\Users\Public\Desktop\Google Slides.lnk
      2017-12-08 00:03 - 2015-11-29 13:04 - 000001990 _____ C:\Users\Public\Desktop\Google Docs.lnk
      2017-12-04 10:31 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\PolicyDefinitions
      2017-12-04 09:34 - 2014-05-17 08:26 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
      2017-12-03 12:43 - 2009-07-14 07:13 - 000784210 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-12-03 12:43 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2017-12-01 09:40 - 2017-02-05 17:00 - 000000000 ____D C:\Users\krasi\AppData\Local\aef
      2017-11-30 19:01 - 2015-11-17 12:02 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2017-11-26 16:40 - 2016-12-20 07:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-11-26 16:40 - 2016-09-25 14:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-11-25 17:37 - 2013-03-27 09:34 - 000000000 ____D C:\Users\krasi\AppData\Local\Adobe
      2017-11-17 12:26 - 2015-11-29 05:55 - 000000000 ____D C:\Users\krasi\AppData\Roaming\PhotoScape
      2017-11-17 12:26 - 2014-01-09 09:29 - 000000000 ____D C:\Users\krasi\Tracing
      2017-11-17 12:26 - 2013-09-27 10:29 - 000000000 ____D C:\Users\krasi\AppData\Roaming\DAEMON Tools Lite
      2017-11-17 12:26 - 2013-09-22 17:19 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Media Player Classic
      2017-11-17 10:39 - 2013-01-03 20:33 - 000000000 ____D C:\Windows\Panther
      2017-11-17 08:23 - 2015-04-21 13:28 - 000000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
      2017-11-16 07:36 - 2016-09-25 14:24 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-11-16 07:36 - 2016-09-25 14:24 - 000000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
      2017-11-16 07:15 - 2013-01-03 10:47 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Mozilla
      2017-11-16 04:08 - 2013-01-18 09:54 - 000002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-11-16 04:08 - 2013-01-18 09:54 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-11-15 19:00 - 2013-01-03 13:06 - 000000000 ____D C:\ProgramData\McAfee
      2017-11-15 17:42 - 2014-05-28 17:53 - 000000000 ____D C:\Users\krasi\AppData\Roaming\uTorrent
      2017-11-15 13:31 - 2013-01-05 12:15 - 000000000 ____D C:\ProgramData\Skype
      2017-11-15 13:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
      2017-11-15 10:55 - 2014-12-27 14:50 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
      2017-11-15 07:09 - 2016-04-20 16:11 - 000000000 ____D C:\Users\krasi\Documents\Файлове на Outlook
      2017-11-15 03:32 - 2014-12-11 03:28 - 000000000 ____D C:\Windows\system32\appraiser
      2017-11-15 03:09 - 2013-12-23 16:24 - 000768076 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
      2017-11-14 17:01 - 2015-09-17 13:56 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0f13fdda07310
      2017-11-14 17:01 - 2015-09-17 13:56 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0f13fdca9de10
      ==================== Files in the root of some directories =======
      2009-05-10 17:40 - 2000-06-09 01:00 - 000995383 _____ (Microsoft Corporation) C:\Users\krasi\Mfc42.dll
      2009-05-10 17:40 - 2001-05-04 20:05 - 000290869 _____ (Microsoft Corporation) C:\Users\krasi\MSVCRT.DLL
      2009-05-10 17:40 - 1999-12-07 20:00 - 000253952 _____ (Microsoft Corporation) C:\Users\krasi\MSVCRT20.DLL
      2009-05-10 17:40 - 2001-05-04 20:05 - 000431376 _____ (Microsoft Corporation) C:\Users\krasi\RICHED20.DLL
      2009-05-10 17:40 - 1999-12-07 20:00 - 000003856 _____ (Microsoft Corporation) C:\Users\krasi\RICHED32.DLL
      2009-05-10 17:40 - 2005-04-03 17:16 - 000126976 _____ () C:\Users\krasi\Setup.exe
      2013-09-17 15:15 - 2014-06-22 23:58 - 000003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
      2013-09-17 15:28 - 2017-08-13 15:16 - 000000387 _____ () C:\Users\krasi\AppData\Roaming\burnaware.ini
      2015-01-25 18:12 - 2015-01-25 18:12 - 000001248 _____ () C:\Users\krasi\AppData\Roaming\PKEISIJ
      2015-01-25 18:12 - 2015-01-25 18:12 - 000002086 _____ () C:\Users\krasi\AppData\Roaming\QBBYB
      2015-03-06 07:46 - 2017-12-13 07:36 - 000000058 _____ () C:\Users\krasi\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
      Some files in TEMP:
      ====================
      2017-10-26 10:07 - 2017-10-26 10:07 - 000488960 _____ () C:\Users\krasi\AppData\Local\Temp\sqlite3.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-09 00:46
      ==================== End of FRST.txt ============================
       
       
      Addition.txt
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.