Премини към съдържанието

Препоръчан отговор


Здравейте, в браузърите постоянно ми се отварят нови подпрозорци с разни спам сайтове (efbet, bet365 и т.н)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by JUSTEX (05-12-2017 16:29:43)
Running from C:\Users\JUSTEX\Desktop
Windows 10 Pro Version 1703 15063.726 (X64) (2017-07-28 09:40:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-576454172-1670169836-3432802236-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-576454172-1670169836-3432802236-503 - Limited - Disabled)
Guest (S-1-5-21-576454172-1670169836-3432802236-501 - Limited - Disabled)
JUSTEX (S-1-5-21-576454172-1670169836-3432802236-1001 - Administrator - Enabled) => C:\Users\JUSTEX

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-576454172-1670169836-3432802236-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 388.00 - NVIDIA Corporation) Hidden
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.2 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
Attribute Changer 8.70 (HKLM\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 8.70 - Romain Petges)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.53 - ICEpower a/s)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.4.60 - Conexant)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
KB4023057 (HKLM\...\{27C6D60B-CAD4-4C70-A1F2-299C731EA8F7}) (Version: 2.0.0.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-576454172-1670169836-3432802236-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 bg) (HKLM\...\Mozilla Firefox 57.0 (x64 bg)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
NVIDIA GeForce Experience 3.9.0.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.97 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.00 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.332 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
UpdateAssistant (HKLM-x32\...\{61B90E2F-2DD9-4581-8856-C2441B61571A}) (Version: 1.7.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
YoutubeAdBlock (HKLM-x32\...\E3605470-291B-44EB-8648-745EE356599A) (Version: 2.0.0.395 - Company Inc.) <==== ATTENTION
Помощник за актуализация на Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2014-09-28] (Qualcomm®Atheros®)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Attribute Changer\acshell.dll [2017-07-28] (Romain Petges)
ContextMenuHandlers3: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Attribute Changer\acshell.dll [2017-07-28] (Romain Petges)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-07-18] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-12] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AF98FBE-B5A8-479D-8B65-4FEE68842A3D} - System32\Tasks\{76FF89E7-C154-3E4C-0CBA-0484549C9E8D} => C:\ProgramData\{DB862C77-6C2D-9BDC-FA13-A149C5C4514C}\A2C7CFD6-156C-787D-126A-7261B4F73911.exe [2017-11-02] () <==== ATTENTION
Task: {0B135B75-15CF-4A32-943A-40ABA6290C5E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-12] (NVIDIA Corporation)
Task: {1F87D42E-6C36-47E3-8A87-39367AA212DB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-12] (NVIDIA Corporation)
Task: {3358A8F2-0BB3-46A1-BB39-5529EBAF1619} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-09-11] (ASUSTek Computer Inc.)
Task: {392023FB-9E05-4905-BDCB-CBA1718A0462} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-02] (Google Inc.)
Task: {41796B23-98A5-4D77-A99B-DFF3835B4103} - System32\Tasks\{467E2A2F-F1D5-9D84-F077-64EFDAC7D6E4} => C:\ProgramData\{20944AA9-973F-FD02-D8E9-C5B2D52E427F}\E278674A-55D3-D0E1-B76D-370A5990DB11.exe [2017-11-02] () <==== ATTENTION
Task: {433DB194-E670-4140-B8BD-D79167770A00} - System32\Tasks\RVGhnaxmFNBLMgRMh => rundll32 "C:\Program Files (x86)\kIrFYxShKiCpXbfRrGR\yYBYWMr.dll",#1
Task: {4747C3BB-F7E8-43ED-8385-C810BF90CA56} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek)
Task: {47BC9BC9-4859-4DD0-BFCC-F7D4C519DAEA} - System32\Tasks\{04F25501-B359-E2AA-9A44-25EAC22EB760} => C:\ProgramData\{F27F9C8A-45D4-2B21-B049-AC2B51295F56}\1F428ACD-A8E9-3D66-B368-05818385EF21.exe [2017-11-02] () <==== ATTENTION
Task: {55846043-44B0-4FA5-B57B-E083925A251D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-12] (NVIDIA Corporation)
Task: {5836DE40-3B76-4A63-8D5F-D5D0ABD52651} - System32\Tasks\RVGhnaxmFNBLMgRMh2 => rundll32 "C:\Program Files (x86)\kIrFYxShKiCpXbfRrGR\yYBYWMr.dll",#1
Task: {5D1B2659-0224-4E15-BBA2-E77C88019A2A} - System32\Tasks\{C1B17256-761A-C5FD-A156-C414F38ED300} => C:\ProgramData\{D19ACD85-6631-7A2E-7C10-B29B76DAC65B}\97971F84-203C-A82F-FD7A-0B9BED3D2E16.exe [2017-11-02] () <==== ATTENTION
Task: {5E5721C1-0229-429E-918D-85CFA55BBE09} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-12] (NVIDIA Corporation)
Task: {683E3106-FAFA-4702-83A4-8FF4A2DBEEB5} - System32\Tasks\{C6694DFD-71C2-FA56-156C-3E6B20644EF7} => C:\ProgramData\{D332C16E-6499-76C5-29FB-05D75A2A7F14}\3D842F07-8A2F-98AC-F297-D08438F0366E.exe [2017-11-02] () <==== ATTENTION
Task: {69AA43A7-E817-4A83-A354-83C1B34D28BC} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-12] (NVIDIA Corporation)
Task: {79DF45B4-C02D-460B-9FC7-125E706EAD52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-02] (Google Inc.)
Task: {7B9A00EC-6DE2-4F70-8C5B-A3FA1C52858C} - System32\Tasks\{FC687ED7-14F9-535D-2F0A-D7C64726D444} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\98bb3dc6\d98c07d4.dll" <==== ATTENTION
Task: {813E36A5-51C5-4F53-BDF0-AC7067A64627} - System32\Tasks\gehNrNLHNpJuNXH2 => rundll32 "C:\Program Files (x86)\iVWtpKjQU\NNrVQI.dll",#1
Task: {85C2DC6F-1C95-41E2-B26D-C2F797BB2172} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-11] (ASUSTek Computer Inc.)
Task: {872DDD94-1142-4451-A463-50C6CA2B4A22} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {920A6EF9-4263-4FB3-894C-6D1BD4381615} - System32\Tasks\{0A7F7A47-0B04-7879-0B11-0D087A051109} => C:\WINDOWS\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAA7ADsAIAAgADsAOwA7ADsAOwAgADsAIAAgACAAIAAgADsAIAAgADsAIAA7ACAAIAAgADsAIAA7ACAAOwAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUA (the data entry has 9584 more characters). <==== ATTENTION
Task: {9B3BB560-C411-4128-89C2-600B563BDA84} - System32\Tasks\llCpcoVLqWZIcC => rundll32 "C:\Program Files (x86)\njQmmJkcvgIU2\ONNNBrwVsQZIJ.dll",#1
Task: {A24332D5-DDA9-4C3E-90DC-CB9D5A155169} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATTENTION
Task: {A4834E7E-17B0-407A-9C04-0F1DB7259949} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-12] (NVIDIA Corporation)
Task: {B975F9D8-8F98-4DE9-8A14-4A26219D85C7} - System32\Tasks\GoogleUpdateSecurityTaskMachine_UX => C:\Users\JUSTEX\AppData\Local\Temp\bcca19e1325b46f3b266340df278e632\chipset.exe exec hide YTDRHBBULQ.cmd  <==== ATTENTION
Task: {BBC58476-22E6-4383-94AF-D661D0E7369B} - System32\Tasks\GoogleUpdateSecurityTaskMachine_LH => C:\ProgramData\6348e885f0fa4cc3a0960ec8749cfa06\chipset.exe exec hide BYTTLGLXWR.cmd  <==== ATTENTION
Task: {C13E2DAB-AC7F-4972-A69B-F74320884A5A} - System32\Tasks\GoogleUpdateSecurityTaskMachine_ZW => C:\Users\JUSTEX\AppData\Local\640ca64abb7246b7b089005bc7376310\chipset.exe exec hide RZKKPGQRAR.cmd  <==== ATTENTION
Task: {CEB81E71-EB98-434F-B95B-1542EB8143D6} - System32\Tasks\gehNrNLHNpJuNXH => rundll32 "C:\Program Files (x86)\iVWtpKjQU\NNrVQI.dll",#1
Task: {D36FD9EB-E015-4EF9-BECC-75AC3C5FAB29} - System32\Tasks\GoogleUpdateSecurityTaskMachine_AM => C:\ProgramData\bbaeb197d2c848dea184207946e33bdf\chipset.exe exec hide IHWUMOGHTT.cmd  <==== ATTENTION
Task: {D995AA6C-5861-4251-A688-07D2B4902F45} - System32\Tasks\{C279975A-75D2-20F1-A03F-F1F7286C64A3} => C:\ProgramData\{032269FD-B489-DE56-5063-A96A6FFF4246}\8CA39662-3B08-21C9-408D-3986E4C0564D.exe [2017-11-02] () <==== ATTENTION
Task: {DF6E44BD-3D76-445A-88A1-426377790A12} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-12] (NVIDIA Corporation)
Task: {EB5BB0DD-4873-43FF-BF15-9ECC4F770580} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {F57DB2FE-5459-4E90-AA02-657D6CC2BBAC} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {F9670F39-1751-42BF-8542-AD157F5A9EB1} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-12] (NVIDIA Corporation)
Task: {FBBE2F17-E09A-4A29-97E3-555F17596AB2} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\gehNrNLHNpJuNXH.job => C:\Program Files (x86)\iVWtpKjQU\NNrVQI.dll
Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\RVGhnaxmFNBLMgRMh.job => C:\Program Files (x86)\kIrFYxShKiCpXbfRrGR\yYBYWMr.dll
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\JUSTEX\Desktop\Този компютър.lnk -> [LFPO :i+00Lz1SPS0%G`-">78 :><?NBJ@1!8AB5<=0 ?0?:01SPSjc(=Oe)::{20D04FE0-3AEA-1069-A2D8-08002B30309D}E1SPSOh+')><?NBJ@] <==== Cyrillic
Shortcut: C:\Users\JUSTEX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Опционални функции.lnk -> C:\Windows\System32\fodhelper.exe (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\Users\JUSTEX\AppData\Roaming\Microsoft\Windows\SendTo\Прехвърляне на файлове с Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) <==== Cyrillic

ShortcutWithArgument: C:\Users\JUSTEX\AppData\Roaming\Microsoft\Windows\SendTo\Получател на факса.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo <==== Cyrillic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Помощник за актуализация на Windows 10.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation) -> /ClientID "Win10Upgrade:VNL:Th1Eos:{}" <==== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll
2017-07-18 16:51 - 2017-07-18 16:51 - 000401888 _____ () C:\Windows\system32\igfxTray.exe
2011-03-16 23:07 - 2011-03-16 23:07 - 004297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-03-18 22:59 - 2017-03-20 05:22 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-30 21:01 - 2017-11-30 21:01 - 000087040 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-30 21:01 - 2017-11-30 21:01 - 000202752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-30 21:01 - 2017-11-30 21:01 - 025600000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-30 21:01 - 2017-11-30 21:01 - 002546176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\skypert.dll
2014-09-28 21:22 - 2014-09-28 21:22 - 000011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-09-28 21:18 - 2014-09-28 21:18 - 000086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-09-28 21:26 - 2014-09-28 21:26 - 000012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2017-07-29 01:48 - 2017-07-29 01:48 - 004679368 _____ () C:\Users\JUSTEX\AppData\Roaming\svchost local files\svchost.exe
2017-11-15 00:56 - 2017-11-10 11:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-15 00:56 - 2017-11-10 11:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-11-13 00:10 - 2017-12-04 20:53 - 002757120 _____ () C:\Users\JUSTEX\AppData\Local\Temp\wup\wupv.exe
2017-11-02 20:50 - 2017-11-02 20:50 - 002165248 _____ () C:\ProgramData\{D19ACD85-6631-7A2E-7C10-B29B76DAC65B}\97971F84-203C-A82F-FD7A-0B9BED3D2E16.exe
2017-11-02 20:50 - 2017-11-02 20:50 - 002165248 _____ () C:\ProgramData\{D332C16E-6499-76C5-29FB-05D75A2A7F14}\3D842F07-8A2F-98AC-F297-D08438F0366E.exe
2017-11-02 20:50 - 2017-11-02 20:50 - 002165248 _____ () C:\ProgramData\{20944AA9-973F-FD02-D8E9-C5B2D52E427F}\E278674A-55D3-D0E1-B76D-370A5990DB11.exe
2017-11-02 20:50 - 2017-11-02 20:50 - 002165248 _____ () C:\ProgramData\{F27F9C8A-45D4-2B21-B049-AC2B51295F56}\1F428ACD-A8E9-3D66-B368-05818385EF21.exe
2017-11-02 20:50 - 2017-11-02 20:50 - 002165248 _____ () C:\ProgramData\{032269FD-B489-DE56-5063-A96A6FFF4246}\8CA39662-3B08-21C9-408D-3986E4C0564D.exe
2017-11-02 20:50 - 2017-11-02 20:50 - 002165248 _____ () C:\ProgramData\{DB862C77-6C2D-9BDC-FA13-A149C5C4514C}\A2C7CFD6-156C-787D-126A-7261B4F73911.exe
2017-08-05 20:26 - 2017-08-05 20:26 - 001092608 _____ () C:\ProgramData\98bb3dc6\d98c07d4.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-31 00:42 - 2017-09-26 00:10 - 000014480 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 wemsofts.com
127.0.0.1 bongadoom.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 internalcampaigntargets.com
127.0.0.1 bongadoom.com
127.0.0.1 getthefilenow.com
127.0.0.1 bigpicturepop.com
127.0.0.1 wizzcaster.com
127.0.0.1 bestoffersfortoday.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 csdimonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 titiaredh.com
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 dl.smashdl.com
127.0.0.1 downloadmyhost.com
127.0.0.1 lapapahoster.com
127.0.0.1 bratitlamio.com
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.wizzuniquify.com
127.0.0.1 wizzmonetize.com
127.0.0.1 laserveradedomaina.com

There are 362 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-576454172-1670169836-3432802236-1001\Control Panel\Desktop\\Wallpaper -> E:\Нова папка\DCIM\Camera\IMG_20170506_000805.jpg
DNS Servers: 82.163.143.176 - 82.163.142.178
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4F684988-2E03-4E94-BF86-D19BC59936A8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8986B394-8468-46F7-B535-9EA07EBF71F6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2C1C90C5-C65C-4BBD-8694-21D2703698B7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{69581897-2AFC-4E3F-B42F-8EE5E92CC343}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EBB00C75-0D9E-4568-AA7A-76D41FE4F986}] => (Allow) C:\Users\JUSTEX\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A24DE744-B2EC-4A75-B70A-F3C28FB9324D}] => (Allow) C:\Users\JUSTEX\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1B72E377-D730-4361-8562-235C7550CB72}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{CB40D275-AB54-42B5-AE47-9B1578A5E922}] => (Allow) C:\Users\JUSTEX\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
FirewallRules: [{17450CD0-9D73-4672-9B30-15900B8814F4}] => (Allow) C:\WINDOWS\rss\csrss.exe
FirewallRules: [TCP Query User{33B80209-2CAC-4A72-B651-7F0BBB6C6683}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EF337011-9138-4828-8D53-D5CCB9457706}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5572AE73-83A9-4488-ADDC-2B208D4FD1C1}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{73F944BE-8A33-4496-8BAA-3F349BB747FF}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{54521FC0-82DC-43B8-868C-C3F287FA2CE8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{07A5C7B6-A9B5-4AF6-A418-4F3EE642C5D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5A0C41AA-6E04-4C3E-9F61-BFD406139364}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C7DABD47-28AB-48EA-82B9-7E0A91641B71}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{59F24405-9F55-4EED-8C38-15992DA70F07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F27BCB44-0AF5-4A8B-8234-C4B0CB879D38}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

28-10-2017 23:16:56 Scheduled Checkpoint
13-11-2017 00:05:26 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
30-11-2017 12:04:45 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2017 04:22:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/05/2017 04:22:15 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/05/2017 04:21:44 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/05/2017 12:26:27 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/04/2017 08:47:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/04/2017 08:43:47 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/04/2017 08:43:42 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (12/04/2017 08:21:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/04/2017 03:09:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/04/2017 03:09:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (12/05/2017 04:21:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/05/2017 12:28:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/04/2017 08:42:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/04/2017 08:42:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/04/2017 08:41:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Услуга CldFlt не може да бъде стартирана поради следната грешка:
The request is not supported.

Error: (12/04/2017 08:41:40 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Компютърът е рестартиран от проверка за грешки. Проверката е: 0x0000000a (0x0000000000000038, 0x0000000000000002, 0x0000000000000000, 0xfffff8018e897bbb). Разтоварването е записано в: C:\Windows\MEMORY.DMP. ИД на доклада: 3b04eb94-84e5-4e16-8561-bbd50e3cc5c9.

Error: (12/04/2017 08:41:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 20:34:37 on ‎4.‎12.‎2017 ‎г. was unexpected.

Error: (12/04/2017 08:21:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/04/2017 03:09:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/03/2017 11:24:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-11-14 18:16:50.856
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_1d639c807e0d61d9\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-08 12:59:18.307
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-29 00:01:53.456
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-18 13:08:36.168
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-11 10:52:56.519
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-22 22:05:09.244
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-13 20:07:52.992
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-01 03:01:37.100
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-28 04:07:42.521
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200H CPU @ 2.80GHz
Percentage of memory in use: 40%
Total physical RAM: 8081.15 MB
Available physical RAM: 4822.14 MB
Total Virtual: 9361.15 MB
Available Virtual: 4707.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:341.31 GB) (Free:274.84 GB) NTFS
Drive e: () (Fixed) (Total:585.94 GB) (Free:566.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 245C49C8)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=341.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=585.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

FRST.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте ....! Системата ви е сериозно заразена..! Мога да кажа че през последната година такава заразена система не съм срещал ..! Мисля че доста усилия трябва да положим за да я почистим и си мисля дали по удачно е да не я преинсталирате ...! Но това само вие можете да кажете ....аз лично се наемам ..но ви предупреждавам че мога да пиша само вечер...! Процедурите могат да се проточат доста във времето и доста усилия  ще се наложи да вложим както от моя страна ,така и от ваша..! Така че вие решете какво да предприемем ...!

Като за начало:

Изтеглете програмата GeekUninstaller и я запазете на десктопа.
Разархивирайте я и стартирайте файла geek.exe IxXO5oO.jpg  От списъка намерете и деинсталирайте всички програми които съм ви написал в карето:

Цитат

Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION

YoutubeAdBlock (HKLM-x32\...\E3605470-291B-44EB-8648-745EE356599A) (Version: 2.0.0.395 - Company Inc.) <==== ATTENTION

Кликнете с десен бутон върху програмата и изберете Uninstall
 
XhV2QLa.png
 
 
След края на всяка деинсталацията ще се отвори прозорец подканващ ви да премахнете всички остатъци от програмата (ако има такива, ако няма този прозорец няма да се появи).Натиснете бутона Finish за да изтриете останките от програмата.

 

Изтеглете [IMG]Malwarebytes Anti-Rootkit  и запомнете на вашия работен плот.

  • Щракнете двукратно върху иконата, за да инсталирате и стартирате инструмента.
  • Внимание! Malwarebytes Anti-Rootkit трябва да се стартира задължително  с администраторски права.
  • Кликнете в началния екран " next ", за да продължите.
  • Кликнете в следния екран "Update", за да получите най-новите дефиниции на злонамерен софтуер.
  • След като актуализирането завърши, изберете " Next " и кликнете върху " Scan ".
  • Когато сканирането приключи и не е намерен злонамерен софтуер, изберете " Exit ".
  • Ако е открит злонамерен софтуер, не забравяйте да проверите всички елементи и да кликнете върху " Cleanup ". Рестартирайте компютъра си.
  • Отворете папката MBAR и поставете съдържанието на следните файлове в следващия си отговор..!

 

+ нова проверка  с :

Сканиране с Farbar Recovery Scan

  • Моля изтеглете icon1337953436.pngFarbar Recovery Scan Tool (според версията на Windows изберете 32 битовата или 64 битовата версия) и го запазете надесктопа.
  • Стартирайте файла FRST.exe (или FRST64.exe)
  • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
  • Натиснете бутона YClYkft.jpg.
  • Изчакайте търпеливо проверката да приключи.
  • Ще се създадат два лог файла с името - FRST.txt и Addition.txt надесктопа.
  • Копирайте съдържанието на файла FRST.txt в следващия си пост.Прикачете Addition.txt в коментар си (погледнете опцията Прикачване на файлове, когато публикувате мнение).

 

 Дневници
 
В следващия си отговор, моля да включите (като копирате целите съдържания ) следните дневници:

  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"
  • FRST.txt (копирате цялото съдържание)
  • Addition.txt (прикачате..) 

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

От първата програмка не успях да деинсталирам Online Application, защото го няма в списъка.

"mbar-log-{date} (xx-xx-xx).txt" 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.12.05.11
  rootkit: v2017.10.14.01

Windows 10 x64 NTFS
Internet Explorer 11.726.15063.0
JUSTEX :: DESKTOP-NEIQN8V [administrator]

5.12.2017 г. 23:56:11
mbar-log-2017-12-05 (23-56-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 206392
Time elapsed: 14 minute(s), 23 second(s)

Memory Processes Detected: 10
C:\ProgramData\{D19ACD85-6631-7A2E-7C10-B29B76DAC65B}\97971F84-203C-A82F-FD7A-0B9BED3D2E16.exe (Adware.DNSUnlocker) -> 9608 -> Delete on reboot. [936c41e4affb76c07e1edaf808fa41bf]
C:\ProgramData\{20944AA9-973F-FD02-D8E9-C5B2D52E427F}\E278674A-55D3-D0E1-B76D-370A5990DB11.exe (Adware.DNSUnlocker) -> 9616 -> Delete on reboot. [b44bb2738525c670ccd0bc16d52da35d]
C:\ProgramData\{032269FD-B489-DE56-5063-A96A6FFF4246}\8CA39662-3B08-21C9-408D-3986E4C0564D.exe (Adware.DNSUnlocker) -> 9624 -> Delete on reboot. [0cf32500901aa29428747062b54d3bc5]
C:\ProgramData\{DB862C77-6C2D-9BDC-FA13-A149C5C4514C}\A2C7CFD6-156C-787D-126A-7261B4F73911.exe (Adware.DNSUnlocker) -> 9632 -> Delete on reboot. [906f9095a6044de91e7e00d21fe3c43c]
C:\ProgramData\{D332C16E-6499-76C5-29FB-05D75A2A7F14}\3D842F07-8A2F-98AC-F297-D08438F0366E.exe (Adware.DNSUnlocker) -> 9640 -> Delete on reboot. [54ab71b494161a1c6834686a5da5c33d]
C:\ProgramData\{F27F9C8A-45D4-2B21-B049-AC2B51295F56}\1F428ACD-A8E9-3D66-B368-05818385EF21.exe (Adware.DNSUnlocker) -> 9648 -> Delete on reboot. [14ebad78169488ae9b01d7fbb949cf31]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> 5652 -> Delete on reboot. [f708c263703a043228a9bab61ae7c739]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> 10072 -> Delete on reboot. [f708c263703a043228a9bab61ae7c739]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> 9312 -> Delete on reboot. [f708c263703a043228a9bab61ae7c739]
C:\Users\JUSTEX\AppData\Roaming\svchost local files\svchost.exe (Trojan.Agent.Gen) -> 6556 -> Delete on reboot. [f807ca5b8327af8782642ca6fc05b34d]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 113
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinDefender (Trojan.BitCoinMiner) -> Delete on reboot. [926dc95c109aef47e2ace2e281803ec2]
HKLM\SOFTWARE\CLASSES\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} (Adware.NeoBar) -> Delete on reboot. [e8170b1a6248e056da6a7817818049b7]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} (Adware.NeoBar) -> Delete on reboot. [e8170b1a6248e056da6a7817818049b7]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} (Adware.NeoBar) -> Delete on reboot. [e8170b1a6248e056da6a7817818049b7]
HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} (Adware.NeoBar) -> Delete on reboot. [e8170b1a6248e056da6a7817818049b7]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE (Spyware.Agent) -> Delete on reboot. [718e2401fcae62d41e64271bf709669a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE (Spyware.Agent) -> Delete on reboot. [718e2401fcae62d41e64271bf709669a]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPSvc (Trojan.ProxyAgent) -> Delete on reboot. [cf30a4816248053107ead4010cf48a76]
HKLM\SOFTWARE\MICROSOFT\NSaveA (Adware.Tuto4PC) -> Delete on reboot. [7788b075eac0c96d7218dfe68d7403fd]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [45ba03221c8eab8bd4170e8f1de4c13f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c23dbd68aefc2c0a2ee2b8ea629fc63a]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a55a26fff0ba71c52d13930b669b25db]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c33ce63f9d0d2f07f0ba0f90c33e5fa1]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e31ca87dcedc82b40862c5dad829cd33]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [cd3251d44862e4522cf83c6410f128d8]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fc039c89cfdb94a268843e630ef33bc5]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [748b3beafbaf2b0b4eef178a16ebe31d]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4bb41c09a20847ef7bde2875d928d927]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8b742500901ab1854c922877659c57a9]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [12eda87d64464ee8c99a2978bf42e917]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [32cdaf761397ff37e58fedb4d13019e7]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [916efa2b892179bd21c918855ba69c64]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9e6138ed684248eec17a8a17ab5654ac]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [37c82ef7c9e1d6605651b9e72dd4c739]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a35c0b1a7c2ec4720a8b7f1f37ca7b85]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ba45180de5c568ced038831d5fa256aa]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a85770b5931776c0d0fa8b157c8536ca]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f8074dd8cbdf44f2dac4e7b99d64b54b]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ba450f161c8e3bfb4d5c712eab566e92]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a25d5acb87237bbb79d2752d659c857b]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e51aed38c2e81b1b704f524d649d2ed2]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [758a899c4c5eda5cb7401f8034cdba46]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [de21a38267432e08caff0e93f60bf10f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [946b9a8baffbe94d8c179e03b34e6c94]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [887785a093171a1cf673aaf56c9509f7]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f40bc263c6e4c86e3297b5ebfe035fa1]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f906b66f3e6c1c1af95a3f612dd49a66]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d62933f2a901b87efdda4d5406fb5fa1]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ee117baa18922b0b480c2779b74ab64a]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d32c3fe605a5fc3aff91c5dc1ee37d83]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [758a0322b1f92115c3a3287853aee917]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f20d75b07b2feb4b820fa4fd56ab0cf4]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [807f67be3674bc7a03e8fba6956cce32]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [6c9330f5109a7eb8f733554d0df4916f]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [619ee441416923132c7af3ada958629e]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8e71ff264a603df932af8d13847df010]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ea15d550b9f1c5716995dfc2ce338d73]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e51aca5b991165d190ecacf3cc35d729]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e21dfd285f4b76c051e9306fb44d22de]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d02f84a1acfe80b60147148890718779]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1fe09f869317102620bc5d414cb55da3]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4ab549dc793116205dad7d2459a84cb4]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c83733f2f7b368ce6cd0861ba75a9967]
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [55aa9194129838fed7f4396711f04fb1]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B975F9D8-8F98-4DE9-8A14-4A26219D85C7} (Trojan.FakeGoogle) -> Delete on reboot. [e8174dd8604a1f17fc92634b8c7450b0]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BBC58476-22E6-4383-94AF-D661D0E7369B} (Trojan.FakeGoogle) -> Delete on reboot. [c03f82a3b8f2191d0d81b1fd3ac603fd]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C13E2DAB-AC7F-4972-A69B-F74320884A5A} (Trojan.FakeGoogle) -> Delete on reboot. [b748a481b2f874c23955bef0c33dcc34]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D36FD9EB-E015-4EF9-BECC-75AC3C5FAB29} (Trojan.FakeGoogle) -> Delete on reboot. [df20f233cbdf3df9751949654ab6f010]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_AM (Trojan.FakeGoogle) -> Delete on reboot. [ec132ef78822142241919913b947e31d]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_LH (Trojan.FakeGoogle) -> Delete on reboot. [00ffac79eebc87af25ad8725b749da26]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_UX (Trojan.FakeGoogle) -> Delete on reboot. [b04fe04564461e1889492c80b05014ec]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_ZW (Trojan.FakeGoogle) -> Delete on reboot. [56a97ea7c0eafe386270248802feb34d]
HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application (Adware.OnlineIO) -> Delete on reboot. [18e749dc109a56e0f0fd660a28d9af51]
HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online.io Application (Adware.OnlineIO) -> Delete on reboot. [f609b76eefbb74c2618c3e32cf3237c9]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [3cc367be416967cfc823316cb74af20e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f70875b0b8f2171fbe52b7eb53ae48b8]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2fd0db4a7f2be155043ce3bb11f009f7]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [24db1114ffab59ddedbd0f90f40dea16]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [e817250088221422204a9c03f01128d8]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2dd242e3e1c9e74f59cb7e22cf329a66]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d42b0e1708a252e431bb8f12f30e6d93]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [55aa5fc601a99f970e2f326f43be19e7]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [33ccf23364467fb74e0befae34cd7090]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a15e0b1a456550e608d697081ae7e21e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [29d642e30aa0b97dc2a1d9c8ae53cc34]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [5da2f332b4f658de3242b2efd928e61a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [807f54d103a767cf44a6fba22ed39f61]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [b44b0c199317c472053601a053aedb25]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f00ff92c882256e03374c1df28d99070]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a95681a4fdade84e4b4a3b6303fe42be]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [13ec899cfdadf34358b03c648180ab55]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [56a9f03505a5f93df3d7247c6b96916f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9c6343e28c1efe389608dbc5cf32cc34]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [4fb07ca91694350107a22e711ee35ba5]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [f708ec39feace94deb60079b1be6d52b]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [c23d081df6b43006506fc2dd37cad32d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [2dd21312edbd4beb0fe8cad5956c0ef2]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [ca3553d2adfd62d4efda366bba4709f7]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [df2071b4e1c92f07a6fddec334cd629e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [659af332ffab73c3b7b2acf3ea176c94]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [15ea39ec6c3e62d46267f4ac07fa1ae6]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [0bf44ed7f6b4201686cdffa1c23f37c9]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [25da0d18892100364196aef346bb12ee]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [0af539ecdad0e155d1835f414db442be]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [728d43e206a449eda6ea267b8081728e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [3cc38c99357579bd65013e629869936d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [6699cb5a5b4fa78f4d448b1670912bd5]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [bf4062c306a40d2924c7f4ad29d8619f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d32c41e4efbb003659d1bde51ce5c63a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [8b74d451c7e390a6cadc2d7336cb27d9]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [817ec263dcce7bbb11d0a7f9c140fe02]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [9c63c3625a505adc33cb148d54adee12]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [926de73e119982b4d6a65649a8598d73]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [1fe0cd58fcae181ee753bbe4f20fde22]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d02f79acacfede58df69c6d6f908768a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [a9569d88b9f188ae21bb4955f8097d83]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [fc03d4519e0c4ceaef1b950cbe439769]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [d32cf530901ad36356e6f9a87091fd03]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Trojan.DisabledAVSecurityCerts) -> Delete on reboot. [48b79e8766446dc912b9a4fc7190cf31]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564 (Adware.DNSUnlocker.ACMB2) -> Delete on reboot. [8c73c0655555082e44135b4a32ceaf51]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMON (Adware.Agent) -> Delete on reboot. [0ff080a5426874c20c6bbfcb15ecf907]
HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\EpicNet Inc. (RiskWare.BitCoinMiner) -> Delete on reboot. [ff00879e733732049d9b90380ff2f808]
HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\MICROSOFT\MPrForShutT (Adware.Tuto4PC) -> Delete on reboot. [fd0202237b2f5adc50c8c42707fb34cc]

Registry Values Detected: 17
HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|OldFeather (Adware.Agent) -> Data: "C:\WINDOWS\rss\csrss.exe" -> Delete on reboot. [ce31cf56f0ba77bf1f88dfe307fa23dd]
HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CloudNet (Trojan.BitCoinMiner) -> Data: "C:\Users\JUSTEX\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" 31337 -> Delete on reboot. [da25e14473370b2bb83106819e6325db]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B975F9D8-8F98-4DE9-8A14-4A26219D85C7}|Path (Trojan.FakeGoogle) -> Data: \GoogleUpdateSecurityTaskMachine_UX -> Delete on reboot. [e8174dd8604a1f17fc92634b8c7450b0]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BBC58476-22E6-4383-94AF-D661D0E7369B}|Path (Trojan.FakeGoogle) -> Data: \GoogleUpdateSecurityTaskMachine_LH -> Delete on reboot. [c03f82a3b8f2191d0d81b1fd3ac603fd]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C13E2DAB-AC7F-4972-A69B-F74320884A5A}|Path (Trojan.FakeGoogle) -> Data: \GoogleUpdateSecurityTaskMachine_ZW -> Delete on reboot. [b748a481b2f874c23955bef0c33dcc34]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D36FD9EB-E015-4EF9-BECC-75AC3C5FAB29}|Path (Trojan.FakeGoogle) -> Data: \GoogleUpdateSecurityTaskMachine_AM -> Delete on reboot. [df20f233cbdf3df9751949654ab6f010]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{CB40D275-AB54-42B5-AE47-9B1578A5E922} (RiskWare.BitCoinMiner) -> Data: v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\JUSTEX\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe|Name=CloudNet| -> Delete on reboot. [b04f59ccdbcf9a9cf88616c1a959d62a]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{17450CD0-9D73-4672-9B30-15900B8814F4} (Trojan.BitCoinMiner) -> Data: v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\rss\csrss.exe|Name=csrss| -> Delete on reboot. [e817eb3aa10947ef2d396845c83944bc]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{037cc185-9017-4a8b-8813-4647af43ffb9}|NameServer (Trojan.DNSChanger.ACMB2) -> Data: 82.163.143.176 82.163.142.178 -> Delete on reboot. [f20d68bda406162079382b695ea4fe02]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{990b585a-079e-4011-bd1b-b6e5ea7df010}|NameServer (Trojan.DNSChanger.ACMB2) -> Data: 82.163.143.176 82.163.142.178 -> Delete on reboot. [aa5583a2921870c6228f652f9c6658a8]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{9fec6220-33f4-4abf-b422-d4b7bc6e3401}|NameServer (Trojan.DNSChanger.ACMB2) -> Data: 82.163.143.176 82.163.142.178 -> Delete on reboot. [d52a4cd9ddcd96a0c3eec7cd679bef11]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{c7a70ae6-e6fc-44d8-bb83-ceb290aa684c}|NameServer (Trojan.DNSChanger.ACMB2) -> Data: 82.163.143.176 82.163.142.178 -> Delete on reboot. [798642e39416a19589284d47c2408d73]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPSVC|ImagePath (Trojan.ProxyAgent) -> Data: "C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\tor.exe" --nt-service --SocksPort 7050 --Log "notice file C:\WINDOWS\rss\t" -> Delete on reboot. [23dc72b3efbbbb7bc5aa6fb520e1b24e]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDEFENDER|ImagePath (Trojan.Agent) -> Data: C:\Windows\windefender.exe -> Delete on reboot. [49b682a366442a0c93c0d49ced13c43c]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMON|ImagePath (Adware.Agent) -> Data: \??\C:\Windows\System32\drivers\Winmon.sys -> Delete on reboot. [0ff080a5426874c20c6bbfcb15ecf907]
HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svchostws (Backdoor.Bot.E) -> Data: "%SystemRoot%\System32\WScript.exe" "C:\Users\JUSTEX\AppData\Roaming\svchost local files\start.vbs" "%1" %* -> Delete on reboot. [51ae80a59317cf676e2d92dc53ad4db3]
HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svchostst (Backdoor.Bot.E) -> Data: "%SystemRoot%\System32\WScript.exe" "C:\Users\JUSTEX\AppData\Roaming\svchost saved files\start.vbs" "%1" %* -> Delete on reboot. [43bca97c5d4d5bdbe5b6eb83e41c34cc]

Registry Data Items Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer (Trojan.DNSChanger.ACMB2) -> Bad: (82.163.143.176 82.163.142.178) Good: (8.8.8.8) -> Replace on reboot. [3ac5ba6b3e6cd165233f7b3b0ef402fe]

Folders Detected: 23
C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor (Trojan.ProxyAgent) -> Delete on reboot. [cf30a4816248053107ead4010cf48a76]
C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy (Trojan.ProxyAgent) -> Delete on reboot. [cf30a4816248053107ead4010cf48a76]
C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Data (Trojan.ProxyAgent) -> Delete on reboot. [cf30a4816248053107ead4010cf48a76]
C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Data\Tor (Trojan.ProxyAgent) -> Delete on reboot. [cf30a4816248053107ead4010cf48a76]
C:\Program Files (x86)\Microleaves\Online Application (Adware.OnlineIO) -> Delete on reboot. [f708c263703a043228a9bab61ae7c739]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0 (Adware.OnlineIO) -> Delete on reboot. [f708c263703a043228a9bab61ae7c739]
C:\Program Files (x86)\Microleaves (Adware.OnlineIO) -> Delete on reboot. [f708c263703a043228a9bab61ae7c739]
C:\ProgramData\6348e885f0fa4cc3a0960ec8749cfa06 (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [9c63d352c6e466d0378439768e73d030]
C:\ProgramData\bbaeb197d2c848dea184207946e33bdf (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [fa052ef7fbaff24419a25c5322dfb848]
C:\Users\JUSTEX\AppData\Local\Temp\bcca19e1325b46f3b266340df278e632 (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [9f60071e7e2c56e0623ed9d7af52d927]
C:\Users\JUSTEX\AppData\Local\640ca64abb7246b7b089005bc7376310 (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [807ff1341b8f77bfaff612a461a0fa06]
C:\Users\JUSTEX\AppData\Roaming\Microleaves (Adware.OnlineIO) -> Delete on reboot. [c936f530d7d3c571dc46294bca3714ec]
C:\Users\JUSTEX\AppData\Roaming\Microleaves\Online Application 2.6.0 (Adware.OnlineIO) -> Delete on reboot. [c936f530d7d3c571dc46294bca3714ec]
C:\Users\JUSTEX\AppData\Roaming\Microleaves\Online Application 2.6.0\install (Adware.OnlineIO) -> Delete on reboot. [c936f530d7d3c571dc46294bca3714ec]
C:\Users\JUSTEX\AppData\Roaming\Microleaves\Online Application 2.6.0\install\CFCBAA1 (Adware.OnlineIO) -> Delete on reboot. [c936f530d7d3c571dc46294bca3714ec]
C:\ProgramData\Microleaves (Adware.OnlineIO) -> Delete on reboot. [35ca62c3e7c3162031f1462eae53cc34]
C:\ProgramData\Microleaves\Online Application (Adware.OnlineIO) -> Delete on reboot. [35ca62c3e7c3162031f1462eae53cc34]
C:\ProgramData\Microleaves\Online Application\updates (Adware.OnlineIO) -> Delete on reboot. [35ca62c3e7c3162031f1462eae53cc34]
C:\Users\JUSTEX\AppData\LocalLow\zwMRXEuCYLuhR (Adware.NeoBar) -> Delete on reboot. [23dcc65f72388da9f94306a309f804fc]
C:\Users\JUSTEX\AppData\Roaming\EpicNet Inc (RiskWare.BitCoinMiner) -> Delete on reboot. [807f1015abff81b5a475fbcfde23d52b]
C:\Users\JUSTEX\AppData\Roaming\EpicNet Inc\CloudNet (RiskWare.BitCoinMiner) -> Delete on reboot. [807f1015abff81b5a475fbcfde23d52b]
C:\Users\JUSTEX\AppData\Roaming\svchost local files (Trojan.Agent.Gen) -> Delete on reboot. [f807ca5b8327af8782642ca6fc05b34d]
C:\Users\JUSTEX\AppData\Roaming\svchost saved files (Trojan.Agent.Gen) -> Delete on reboot. [9d62c560fdada39313d31ab86899f40c]

Files Detected: 83
C:\WINDOWS\SYSTEM32\drivers\Winmon.sys (Adware.Agent) -> Delete on reboot. [1dc9763edd29f9e5f36e728c4b17c0ab]
C:\ProgramData\{D19ACD85-6631-7A2E-7C10-B29B76DAC65B}\97971F84-203C-A82F-FD7A-0B9BED3D2E16.exe (Adware.DNSUnlocker) -> Delete on reboot. [936c41e4affb76c07e1edaf808fa41bf]
C:\ProgramData\{20944AA9-973F-FD02-D8E9-C5B2D52E427F}\E278674A-55D3-D0E1-B76D-370A5990DB11.exe (Adware.DNSUnlocker) -> Delete on reboot. [b44bb2738525c670ccd0bc16d52da35d]
C:\ProgramData\{032269FD-B489-DE56-5063-A96A6FFF4246}\8CA39662-3B08-21C9-408D-3986E4C0564D.exe (Adware.DNSUnlocker) -> Delete on reboot. [0cf32500901aa29428747062b54d3bc5]
C:\ProgramData\{DB862C77-6C2D-9BDC-FA13-A149C5C4514C}\A2C7CFD6-156C-787D-126A-7261B4F73911.exe (Adware.DNSUnlocker) -> Delete on reboot. [906f9095a6044de91e7e00d21fe3c43c]
C:\ProgramData\{D332C16E-6499-76C5-29FB-05D75A2A7F14}\3D842F07-8A2F-98AC-F297-D08438F0366E.exe (Adware.DNSUnlocker) -> Delete on reboot. [54ab71b494161a1c6834686a5da5c33d]
C:\ProgramData\{F27F9C8A-45D4-2B21-B049-AC2B51295F56}\1F428ACD-A8E9-3D66-B368-05818385EF21.exe (Adware.DNSUnlocker) -> Delete on reboot. [14ebad78169488ae9b01d7fbb949cf31]
C:\Windows\rss\csrss.exe (Adware.Agent) -> Delete on reboot. [ce31cf56f0ba77bf1f88dfe307fa23dd]
C:\Users\JUSTEX\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe (Trojan.BitCoinMiner) -> Delete on reboot. [da25e14473370b2bb83106819e6325db]
C:\Windows\windefender.exe (Trojan.BitCoinMiner) -> Delete on reboot. [926dc95c109aef47e2ace2e281803ec2]
C:\Program Files (x86)\KMSPico\KMSPico10.2.1__11516_il25.exe (Adware.IStartSurf) -> Delete on reboot. [38c774b1d3d75fd7eec5b4e5946dc63a]
C:\Users\JUSTEX\AppData\Local\Temp\13491421\ic-0.43002253d7589.exe (Trojan.BitCoinMiner) -> Delete on reboot. [58a71c09fdad5dd99b3466f9fd04c33d]
C:\Users\JUSTEX\AppData\Local\Temp\13491421\ic-0.93ca24ab623a7.exe (Adware.Agent) -> Delete on reboot. [15ea2ef73b6ffa3c6d86dc800df329d7]
C:\Users\JUSTEX\AppData\Local\Temp\1wbzxhsk.4vd\starter.exe (Adware.Linkury) -> Delete on reboot. [01fef53006a468cebdad4c2815ec5ca4]
C:\Users\JUSTEX\AppData\Local\Temp\l351n5xu.qcr\starter.exe (Adware.Linkury) -> Delete on reboot. [ad52170eeac0ad8999d1b1c3ba47be42]
C:\Users\JUSTEX\AppData\Local\Temp\csrss\cloudnet.exe (Trojan.BitCoinMiner) -> Delete on reboot. [bf4038ed2882f244e207e5a2b34ef808]
C:\Users\JUSTEX\AppData\Local\Temp\csrss\removemrha.exe (Adware.Agent) -> Delete on reboot. [e71823023c6e8aac5f486161db26d729]
C:\Users\JUSTEX\AppData\Local\Temp\d33x0bzy.bez\webfriend2.exe (Adware.Wdfload.Generic) -> Delete on reboot. [c837cd580d9d5ed8253932144bb647b9]
C:\Users\JUSTEX\AppData\Local\Temp\di2n4gtz.fzm\ytab_m_1_big.exe (Adware.Neoreklami) -> Delete on reboot. [4bb462c37a30a2949ccae9bd2dd42ed2]
C:\Users\JUSTEX\AppData\Local\Temp\DXBKCIZRHN\QIJZFAKCMZ.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [3fc045e045652412d4f4dc947988738d]
C:\Users\JUSTEX\AppData\Local\Temp\fl10th3g.uzi\g.exe (Adware.Agent) -> Delete on reboot. [4cb335f09b0ff640f65431660df426da]
C:\Users\JUSTEX\AppData\Local\Temp\p2bhmd0g.urz\svchost.exe (Spyware.Agent) -> Delete on reboot. [718e2401fcae62d41e64271bf709669a]
C:\Windows\Temp\gE10F.tmp.exe (Trojan.Wdfload) -> Delete on reboot. [46b936efa70362d49c95662619e8a65a]
C:\Windows\Temp\ieFYcOrvRDhDUnVO\hOnCEzfdJCQkoRJU.exe (Adware.Neoreklami) -> Delete on reboot. [847bc461d7d3a19585b8259d43bee818]
C:\Windows\Temp\SIQBliYBzGkTNBJH\ePKwDQZWwCHcNwIA.exe (Adware.Neoreklami) -> Delete on reboot. [7e8136efdecc9e98622580739e64b749]
C:\Users\JUSTEX\AppData\Local\640ca64abb7246b7b089005bc7376310\RZKKPGQRAR.exe (Adware.Amonetize) -> Delete on reboot. [fa0532f3c2e893a35b0d8535a45cb947]
C:\ProgramData\6348e885f0fa4cc3a0960ec8749cfa06\BYTTLGLXWR.exe (Adware.Tuto4PC.Generic) -> Delete on reboot. [b04f9194f5b5fc3aac1c4b25ca375ba5]
C:\ProgramData\Micro Foundation\Open.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [9867c0659119df577d921a870ff28d73]
C:\Users\JUSTEX\AppData\Roaming\svchost local files\start.vbs (Trojan.Agent.VBS) -> Delete on reboot. [18e7b86d72388caac64bf944c937db25]
C:\Users\JUSTEX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostws.vbs (Trojan.Agent.VBS) -> Delete on reboot. [25da988dcddd83b30464e35adc240000]
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_AM (Trojan.FakeGoogle) -> Delete on reboot. [a55a11141a9094a2ce451994837de020]
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_LH (Trojan.FakeGoogle) -> Delete on reboot. [9669ea3b31790f27b65dab02ae52c13f]
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_UX (Trojan.FakeGoogle) -> Delete on reboot. [7e8156cfb7f3d4624dc61796b947d62a]
C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_ZW (Trojan.FakeGoogle) -> Delete on reboot. [9867c06554562214c94ad8d535cba858]
C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\tor.exe (Trojan.ProxyAgent) -> Delete on reboot. [cf30a4816248053107ead4010cf48a76]
C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\libeay32.dll (Trojan.ProxyAgent) -> Delete on reboot. [cf30a4816248053107ead4010cf48a76]
C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\libevent-2-0-5.dll (Trojan.ProxyAgent) -> Delete on reboot. [cf30a4816248053107ead4010cf48a76]
C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\libevent_core-2-0-5.dll (Trojan.ProxyAgent) -> Delete on reboot. [cf30a4816248053107ead4010cf48a76]
C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\libevent_extra-2-0-5.dll (Trojan.ProxyAgent) -> Delete on reboot. [cf30a4816248053107ead4010cf48a76]
C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\libgcc_s_sjlj-1.dll (Trojan.ProxyAgent) -> Delete on reboot. [cf30a4816248053107ead4010cf48a76]
C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\libssp-0.dll (Trojan.ProxyAgent) -> Delete on reboot. [cf30a4816248053107ead4010cf48a76]
C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\ssleay32.dll (Trojan.ProxyAgent) -> Delete on reboot. [cf30a4816248053107ead4010cf48a76]
C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\tor-gencert.exe (Trojan.ProxyAgent) -> Delete on reboot. [cf30a4816248053107ead4010cf48a76]
C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\zlib1.dll (Trojan.ProxyAgent) -> Delete on reboot. [cf30a4816248053107ead4010cf48a76]
C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Data\Tor\geoip (Trojan.ProxyAgent) -> Delete on reboot. [cf30a4816248053107ead4010cf48a76]
C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Data\Tor\geoip6 (Trojan.ProxyAgent) -> Delete on reboot. [cf30a4816248053107ead4010cf48a76]
C:\Users\JUSTEX\AppData\Roaming\svchost saved files\start.vbs (Trojan.Agent.VBS) -> Delete on reboot. [a25dcd583b6fc86ee713aa4c31cf768a]
C:\Users\JUSTEX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostst.vbs (Trojan.Agent.VBS) -> Delete on reboot. [2fd027fe3a70d462dc627ba729d8c23e]
C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe (Adware.OnlineIO) -> Delete on reboot. [f708c263703a043228a9bab61ae7c739]
C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.ini (Adware.OnlineIO) -> Delete on reboot. [f708c263703a043228a9bab61ae7c739]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> Delete on reboot. [f708c263703a043228a9bab61ae7c739]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io EULA.url (Adware.OnlineIO) -> Delete on reboot. [f708c263703a043228a9bab61ae7c739]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io Privacy.url (Adware.OnlineIO) -> Delete on reboot. [f708c263703a043228a9bab61ae7c739]
C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Uninstall Online Application.lnk (Adware.OnlineIO) -> Delete on reboot. [f708c263703a043228a9bab61ae7c739]
C:\ProgramData\6348e885f0fa4cc3a0960ec8749cfa06\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [9c63d352c6e466d0378439768e73d030]
C:\ProgramData\6348e885f0fa4cc3a0960ec8749cfa06\BYTTLGLXWR.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [9c63d352c6e466d0378439768e73d030]
C:\ProgramData\6348e885f0fa4cc3a0960ec8749cfa06\BYTTLGLXWR.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [9c63d352c6e466d0378439768e73d030]
C:\ProgramData\bbaeb197d2c848dea184207946e33bdf\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [fa052ef7fbaff24419a25c5322dfb848]
C:\ProgramData\bbaeb197d2c848dea184207946e33bdf\IHWUMOGHTT.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [fa052ef7fbaff24419a25c5322dfb848]
C:\ProgramData\bbaeb197d2c848dea184207946e33bdf\IHWUMOGHTT.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [fa052ef7fbaff24419a25c5322dfb848]
C:\Users\JUSTEX\AppData\Local\Temp\bcca19e1325b46f3b266340df278e632\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [9f60071e7e2c56e0623ed9d7af52d927]
C:\Users\JUSTEX\AppData\Local\Temp\bcca19e1325b46f3b266340df278e632\YTDRHBBULQ.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [9f60071e7e2c56e0623ed9d7af52d927]
C:\Users\JUSTEX\AppData\Local\Temp\bcca19e1325b46f3b266340df278e632\YTDRHBBULQ.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [9f60071e7e2c56e0623ed9d7af52d927]
C:\Users\JUSTEX\AppData\Local\640ca64abb7246b7b089005bc7376310\chipset.exe (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [807ff1341b8f77bfaff612a461a0fa06]
C:\Users\JUSTEX\AppData\Local\640ca64abb7246b7b089005bc7376310\RZKKPGQRAR.cmd (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [807ff1341b8f77bfaff612a461a0fa06]
C:\Users\JUSTEX\AppData\Local\640ca64abb7246b7b089005bc7376310\RZKKPGQRAR.exe.config (Trojan.BitCoinMiner.TskLnk) -> Delete on reboot. [807ff1341b8f77bfaff612a461a0fa06]
C:\ProgramData\Microleaves\Online Application\updates\basic_updates.aiu (Adware.OnlineIO) -> Delete on reboot. [35ca62c3e7c3162031f1462eae53cc34]
C:\Users\JUSTEX\AppData\LocalLow\zwMRXEuCYLuhR\Storage.db (Adware.NeoBar) -> Delete on reboot. [23dcc65f72388da9f94306a309f804fc]
C:\Users\JUSTEX\AppData\Roaming\svchost local files\3.data (Trojan.Agent.Gen) -> Delete on reboot. [f807ca5b8327af8782642ca6fc05b34d]
C:\Users\JUSTEX\AppData\Roaming\svchost local files\data.exe (Trojan.Agent.Gen) -> Delete on reboot. [f807ca5b8327af8782642ca6fc05b34d]
C:\Users\JUSTEX\AppData\Roaming\svchost local files\license.pdf4.txt (Trojan.Agent.Gen) -> Delete on reboot. [f807ca5b8327af8782642ca6fc05b34d]
C:\Users\JUSTEX\AppData\Roaming\svchost local files\license.xml4.txt (Trojan.Agent.Gen) -> Delete on reboot. [f807ca5b8327af8782642ca6fc05b34d]
C:\Users\JUSTEX\AppData\Roaming\svchost local files\readme.pdf2.txt (Trojan.Agent.Gen) -> Delete on reboot. [f807ca5b8327af8782642ca6fc05b34d]
C:\Users\JUSTEX\AppData\Roaming\svchost local files\readme.pdf3.txt (Trojan.Agent.Gen) -> Delete on reboot. [f807ca5b8327af8782642ca6fc05b34d]
C:\Users\JUSTEX\AppData\Roaming\svchost local files\readme.xml2.txt (Trojan.Agent.Gen) -> Delete on reboot. [f807ca5b8327af8782642ca6fc05b34d]
C:\Users\JUSTEX\AppData\Roaming\svchost local files\readme.xml3.txt (Trojan.Agent.Gen) -> Delete on reboot. [f807ca5b8327af8782642ca6fc05b34d]
C:\Users\JUSTEX\AppData\Roaming\svchost local files\svchost.exe (Trojan.Agent.Gen) -> Delete on reboot. [f807ca5b8327af8782642ca6fc05b34d]
C:\Users\JUSTEX\AppData\Roaming\svchost saved files\3.data (Trojan.Agent.Gen) -> Delete on reboot. [9d62c560fdada39313d31ab86899f40c]
C:\Users\JUSTEX\AppData\Roaming\svchost saved files\license.pdf4.txt (Trojan.Agent.Gen) -> Delete on reboot. [9d62c560fdada39313d31ab86899f40c]
C:\Users\JUSTEX\AppData\Roaming\svchost saved files\readme.pdf2.txt (Trojan.Agent.Gen) -> Delete on reboot. [9d62c560fdada39313d31ab86899f40c]
C:\Users\JUSTEX\AppData\Roaming\svchost saved files\readme.pdf3.txt (Trojan.Agent.Gen) -> Delete on reboot. [9d62c560fdada39313d31ab86899f40c]
C:\Users\JUSTEX\AppData\Roaming\svchost saved files\svchost.exe (Trojan.Agent.Gen) -> Delete on reboot. [9d62c560fdada39313d31ab86899f40c]
C:\Users\JUSTEX\AppData\Local\InstallationConfiguration.xml (Adware.Linkury.TskLnk) -> Delete on reboot. [c63947debceea78f5848618cd52b10f0]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

"system-log.txt"

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.15063 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.726.15063.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.794000 GHz
Memory total: 8473702400, free: 6002089984

Downloaded database version: v2017.12.05.11
Downloaded database version: v2017.11.28.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     12/05/2017 23:56:00
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlmp.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\IntelPcc.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{26A20D41-7E4E-40B6-90BB-0DEEA25B23F0}\MpKsld4bc2dbe.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{41D2CD6D-8B7B-4174-BCEA-CF45120B84D6}\MpKsl89ced9b9.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{321B2836-5AB6-4F04-B90B-76B53AD4682E}\MpKsl4c6eb1b2.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6C2DA16-21B6-4F6B-8519-239085659543}\MpKsl2bf11749.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AE438C59-C159-466F-80CC-DF3225ADED3D}\MpKsl1a5a8bef.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\CAD.sys
\SystemRoot\System32\DriverStore\FileRepository\nvami.inf_amd64_1d639c807e0d61d9\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPer.sys
\SystemRoot\System32\drivers\Rt630x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\AsusTP.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\AsHIDSwitch64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\ndisuio.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E53A435-8127-4297-BD37-7DC174F8EBD5}\MpKsl90b4e630.sys
\??\C:\Windows\System32\drivers\Winmon.sys
\??\C:\Windows\system32\drivers\663681EF.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.12.05.11
  rootkit: v2017.10.14.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffa68830437060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffa6882f35f9f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffa68830437060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffa6882d5af290, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffa6882d5a4060, DeviceName: \Device\00000035\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File C:\WINDOWS\SYSTEM32\drivers\Winmon.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\Winmon.sys --> [Adware.Agent]
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 245C49C8

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1024000
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1026048  Numsec = 715773952
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 716800000  Numsec = 1228800000
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcLayers.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msIso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERMGRCLI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STATEREPOSITORY.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9279_none_50939ec6bcb7c97c\msvcr90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SECURITYHEALTHSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthprops.cpl" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\avrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.608_none_9e9d5d4256d15def\GdiPlus.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9307_none_d0882a20442f72e4\msvcr80.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wscript.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1b2e7f5cc7171797d3aac21369bb10cf\MSCORLIB.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\3f854fedbadec6ad04ffdfd963fc7839\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\299c91c3c7076d39e8f80dc56d66cc7b\System.Drawing.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\039367fe3994ae89a2745666880d749c\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\b07c1108392e02d34fcd6f86665b4d8e\Accessibility.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\34fa564faa2e6798b1b9b3efe476d1bf\System.Runtime.Remoting.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.CxHef9fb4ae#\1b08df15383c7145c97f788870eab597\Interop.CxHDAudioAPILib.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dsound.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\d6f57e7a11891c60673915aaaae91581\UIAutomationTypes.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIASYMREADER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECSEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctfui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
Infected: C:\ProgramData\{D19ACD85-6631-7A2E-7C10-B29B76DAC65B}\97971F84-203C-A82F-FD7A-0B9BED3D2E16.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{D19ACD85-6631-7A2E-7C10-B29B76DAC65B}\97971F84-203C-A82F-FD7A-0B9BED3D2E16.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{20944AA9-973F-FD02-D8E9-C5B2D52E427F}\E278674A-55D3-D0E1-B76D-370A5990DB11.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{20944AA9-973F-FD02-D8E9-C5B2D52E427F}\E278674A-55D3-D0E1-B76D-370A5990DB11.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{032269FD-B489-DE56-5063-A96A6FFF4246}\8CA39662-3B08-21C9-408D-3986E4C0564D.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{032269FD-B489-DE56-5063-A96A6FFF4246}\8CA39662-3B08-21C9-408D-3986E4C0564D.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{DB862C77-6C2D-9BDC-FA13-A149C5C4514C}\A2C7CFD6-156C-787D-126A-7261B4F73911.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{DB862C77-6C2D-9BDC-FA13-A149C5C4514C}\A2C7CFD6-156C-787D-126A-7261B4F73911.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{D332C16E-6499-76C5-29FB-05D75A2A7F14}\3D842F07-8A2F-98AC-F297-D08438F0366E.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{D332C16E-6499-76C5-29FB-05D75A2A7F14}\3D842F07-8A2F-98AC-F297-D08438F0366E.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{F27F9C8A-45D4-2B21-B049-AC2B51295F56}\1F428ACD-A8E9-3D66-B368-05818385EF21.exe --> [Adware.DNSUnlocker]
Infected: C:\ProgramData\{F27F9C8A-45D4-2B21-B049-AC2B51295F56}\1F428ACD-A8E9-3D66-B368-05818385EF21.exe --> [Adware.DNSUnlocker]
File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wer.dll" is sparse (flags = 32768)
File "C:\Windows\System32\xmllite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cabinet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Faultrep.dll" is sparse (flags = 32768)
File "C:\Windows\System32\loadperf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pdh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mlang.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ROMETADATA.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SERVICES.TARGETEDCONTENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\taskschd.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FAMILYSAFETYEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\Wpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidprov.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\BACKGROUNDTASKHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
Infected: C:\Windows\rss\csrss.exe --> [Adware.Agent]
Infected: HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|OldFeather --> [Adware.Agent]
Infected: C:\Users\JUSTEX\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe --> [Trojan.BitCoinMiner]
Infected: HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CloudNet --> [Trojan.BitCoinMiner]
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppVStrm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rfcomm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MICROSOFT.BLUETOOTH.LEGACY.LEENUMERATOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthpan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\csc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cldflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssecflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPATIALGRAPHFILTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UEVAGENTDRIVER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\Spectrum.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tsusbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tunnel.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AGENTSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbvideo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
Infected: C:\Windows\windefender.exe --> [Trojan.BitCoinMiner]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinDefender --> [Trojan.BitCoinMiner]
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NATURALAUTH.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appmgmts.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXGIPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESFLOWBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dusmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\xbgmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPXLATCFG.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lpasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PEERDISTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEMgrSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TOKENBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WFDSCONMGRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Program Files (x86)\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} --> [Adware.NeoBar]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} --> [Adware.NeoBar]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} --> [Adware.NeoBar]
Infected: HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} --> [Adware.NeoBar]
Infected: C:\Program Files (x86)\KMSPico\KMSPico10.2.1__11516_il25.exe --> [Adware.IStartSurf]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\13491421\ic-0.43002253d7589.exe --> [Trojan.BitCoinMiner]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\13491421\ic-0.93ca24ab623a7.exe --> [Adware.Agent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\1wbzxhsk.4vd\starter.exe --> [Adware.Linkury]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\l351n5xu.qcr\starter.exe --> [Adware.Linkury]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\cloudnet.exe --> [Trojan.BitCoinMiner]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\removemrha.exe --> [Adware.Agent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\d33x0bzy.bez\webfriend2.exe --> [Adware.Wdfload.Generic]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\di2n4gtz.fzm\ytab_m_1_big.exe --> [Adware.Neoreklami]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\DXBKCIZRHN\QIJZFAKCMZ.exe --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\fl10th3g.uzi\g.exe --> [Adware.Agent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\p2bhmd0g.urz\svchost.exe --> [Spyware.Agent]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE --> [Spyware.Agent]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE --> [Spyware.Agent]
Infected: C:\Windows\Temp\gE10F.tmp.exe --> [Trojan.Wdfload]
Infected: C:\Windows\Temp\ieFYcOrvRDhDUnVO\hOnCEzfdJCQkoRJU.exe --> [Adware.Neoreklami]
Infected: C:\Windows\Temp\SIQBliYBzGkTNBJH\ePKwDQZWwCHcNwIA.exe --> [Adware.Neoreklami]
Infected: C:\Users\JUSTEX\AppData\Local\640ca64abb7246b7b089005bc7376310\RZKKPGQRAR.exe --> [Adware.Amonetize]
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Infected: C:\ProgramData\6348e885f0fa4cc3a0960ec8749cfa06\BYTTLGLXWR.exe --> [Adware.Tuto4PC.Generic]
Infected: C:\ProgramData\Micro Foundation\Open.exe --> [RiskWare.BitCoinMiner]
File "C:\ProgramData\Microsoft\Network\Downloader\qmgr.db" is sparse (flags = 32768)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-39D585819884E4384429B75B4F4C1FAB32BEB494.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-39D585819884E4384429B75B4F4C1FAB32BEB494.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-39D585819884E4384429B75B4F4C1FAB32BEB494.bin.83" is compressed (flags = 1)
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost local files\start.vbs --> [Trojan.Agent.VBS]
Infected: C:\Users\JUSTEX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostws.vbs --> [Trojan.Agent.VBS]
Infected: C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_AM --> [Trojan.FakeGoogle]
Infected: C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_LH --> [Trojan.FakeGoogle]
Infected: C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_UX --> [Trojan.FakeGoogle]
Infected: C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_ZW --> [Trojan.FakeGoogle]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\tor.exe --> [Trojan.ProxyAgent]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPSvc --> [Trojan.ProxyAgent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor --> [Trojan.ProxyAgent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\libeay32.dll --> [Trojan.ProxyAgent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\libevent-2-0-5.dll --> [Trojan.ProxyAgent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\libevent_core-2-0-5.dll --> [Trojan.ProxyAgent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\libevent_extra-2-0-5.dll --> [Trojan.ProxyAgent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\libgcc_s_sjlj-1.dll --> [Trojan.ProxyAgent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\libssp-0.dll --> [Trojan.ProxyAgent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\ssleay32.dll --> [Trojan.ProxyAgent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\tor-gencert.exe --> [Trojan.ProxyAgent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Tor\zlib1.dll --> [Trojan.ProxyAgent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy --> [Trojan.ProxyAgent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Data --> [Trojan.ProxyAgent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Data\Tor --> [Trojan.ProxyAgent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Data\Tor\geoip --> [Trojan.ProxyAgent]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\csrss\proxy\Data\Tor\geoip6 --> [Trojan.ProxyAgent]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost saved files\start.vbs --> [Trojan.Agent.VBS]
Infected: C:\Users\JUSTEX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostst.vbs --> [Trojan.Agent.VBS]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.ini --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0 --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io EULA.url --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io Privacy.url --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Uninstall Online Application.lnk --> [Adware.OnlineIO]
Infected: C:\Program Files (x86)\Microleaves --> [Adware.OnlineIO]
Infected: C:\ProgramData\6348e885f0fa4cc3a0960ec8749cfa06\chipset.exe --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\ProgramData\6348e885f0fa4cc3a0960ec8749cfa06 --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\ProgramData\6348e885f0fa4cc3a0960ec8749cfa06\BYTTLGLXWR.cmd --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\ProgramData\6348e885f0fa4cc3a0960ec8749cfa06\BYTTLGLXWR.exe.config --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\ProgramData\bbaeb197d2c848dea184207946e33bdf\chipset.exe --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\ProgramData\bbaeb197d2c848dea184207946e33bdf --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\ProgramData\bbaeb197d2c848dea184207946e33bdf\IHWUMOGHTT.cmd --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\ProgramData\bbaeb197d2c848dea184207946e33bdf\IHWUMOGHTT.exe.config --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\bcca19e1325b46f3b266340df278e632\chipset.exe --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\bcca19e1325b46f3b266340df278e632 --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\bcca19e1325b46f3b266340df278e632\YTDRHBBULQ.cmd --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\JUSTEX\AppData\Local\Temp\bcca19e1325b46f3b266340df278e632\YTDRHBBULQ.exe.config --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\JUSTEX\AppData\Local\640ca64abb7246b7b089005bc7376310\chipset.exe --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\JUSTEX\AppData\Local\640ca64abb7246b7b089005bc7376310 --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\JUSTEX\AppData\Local\640ca64abb7246b7b089005bc7376310\RZKKPGQRAR.cmd --> [Trojan.BitCoinMiner.TskLnk]
Infected: C:\Users\JUSTEX\AppData\Local\640ca64abb7246b7b089005bc7376310\RZKKPGQRAR.exe.config --> [Trojan.BitCoinMiner.TskLnk]
Infected: HKLM\SOFTWARE\MICROSOFT\NSaveA --> [Adware.Tuto4PC]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B975F9D8-8F98-4DE9-8A14-4A26219D85C7}|Path --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B975F9D8-8F98-4DE9-8A14-4A26219D85C7} --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BBC58476-22E6-4383-94AF-D661D0E7369B}|Path --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BBC58476-22E6-4383-94AF-D661D0E7369B} --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C13E2DAB-AC7F-4972-A69B-F74320884A5A}|Path --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C13E2DAB-AC7F-4972-A69B-F74320884A5A} --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D36FD9EB-E015-4EF9-BECC-75AC3C5FAB29}|Path --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D36FD9EB-E015-4EF9-BECC-75AC3C5FAB29} --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_AM --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_LH --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_UX --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSecurityTaskMachine_ZW --> [Trojan.FakeGoogle]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application --> [Adware.OnlineIO]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online.io Application --> [Adware.OnlineIO]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 --> [Trojan.DisabledAVSecurityCerts]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564 --> [Adware.DNSUnlocker.ACMB2]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{CB40D275-AB54-42B5-AE47-9B1578A5E922} --> [RiskWare.BitCoinMiner]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{17450CD0-9D73-4672-9B30-15900B8814F4} --> [Trojan.BitCoinMiner]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{037cc185-9017-4a8b-8813-4647af43ffb9}|NameServer --> [Trojan.DNSChanger.ACMB2]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{990b585a-079e-4011-bd1b-b6e5ea7df010}|NameServer --> [Trojan.DNSChanger.ACMB2]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{9fec6220-33f4-4abf-b422-d4b7bc6e3401}|NameServer --> [Trojan.DNSChanger.ACMB2]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{c7a70ae6-e6fc-44d8-bb83-ceb290aa684c}|NameServer --> [Trojan.DNSChanger.ACMB2]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPSVC|ImagePath --> [Trojan.ProxyAgent]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDEFENDER|ImagePath --> [Trojan.Agent]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMON|ImagePath --> [Adware.Agent]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMON --> [Adware.Agent]
Infected: HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\EpicNet Inc. --> [RiskWare.BitCoinMiner]
Infected: HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\MICROSOFT\MPrForShutT --> [Adware.Tuto4PC]
Infected: HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svchostws --> [Backdoor.Bot.E]
Infected: HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svchostst --> [Backdoor.Bot.E]
Infected: C:\Users\JUSTEX\AppData\Roaming\Microleaves --> [Adware.OnlineIO]
Infected: C:\Users\JUSTEX\AppData\Roaming\Microleaves\Online Application 2.6.0 --> [Adware.OnlineIO]
Infected: C:\Users\JUSTEX\AppData\Roaming\Microleaves\Online Application 2.6.0\install --> [Adware.OnlineIO]
Infected: C:\Users\JUSTEX\AppData\Roaming\Microleaves\Online Application 2.6.0\install\CFCBAA1 --> [Adware.OnlineIO]
Infected: C:\ProgramData\Microleaves --> [Adware.OnlineIO]
Infected: C:\ProgramData\Microleaves\Online Application --> [Adware.OnlineIO]
Infected: C:\ProgramData\Microleaves\Online Application\updates --> [Adware.OnlineIO]
Infected: C:\ProgramData\Microleaves\Online Application\updates\basic_updates.aiu --> [Adware.OnlineIO]
Infected: C:\Users\JUSTEX\AppData\LocalLow\zwMRXEuCYLuhR --> [Adware.NeoBar]
Infected: C:\Users\JUSTEX\AppData\LocalLow\zwMRXEuCYLuhR\Storage.db --> [Adware.NeoBar]
Infected: C:\Users\JUSTEX\AppData\Roaming\EpicNet Inc --> [RiskWare.BitCoinMiner]
Infected: C:\Users\JUSTEX\AppData\Roaming\EpicNet Inc\CloudNet --> [RiskWare.BitCoinMiner]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost local files --> [Trojan.Agent.Gen]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost local files\3.data --> [Trojan.Agent.Gen]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost local files\data.exe --> [Trojan.Agent.Gen]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost local files\license.pdf4.txt --> [Trojan.Agent.Gen]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost local files\license.xml4.txt --> [Trojan.Agent.Gen]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost local files\readme.pdf2.txt --> [Trojan.Agent.Gen]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost local files\readme.pdf3.txt --> [Trojan.Agent.Gen]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost local files\readme.xml2.txt --> [Trojan.Agent.Gen]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost local files\readme.xml3.txt --> [Trojan.Agent.Gen]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost local files\svchost.exe --> [Trojan.Agent.Gen]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost local files\svchost.exe --> [Trojan.Agent.Gen]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost saved files --> [Trojan.Agent.Gen]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost saved files\3.data --> [Trojan.Agent.Gen]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost saved files\license.pdf4.txt --> [Trojan.Agent.Gen]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost saved files\readme.pdf2.txt --> [Trojan.Agent.Gen]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost saved files\readme.pdf3.txt --> [Trojan.Agent.Gen]
Infected: C:\Users\JUSTEX\AppData\Roaming\svchost saved files\svchost.exe --> [Trojan.Agent.Gen]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer --> [Trojan.DNSChanger.ACMB2]
Infected: C:\Users\JUSTEX\AppData\Local\InstallationConfiguration.xml --> [Adware.Linkury.TskLnk]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action reg.exe...
Success!
Queuing an action reg.exe
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Queuing an action reg.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

 

FRST.txt (копирате цялото съдържание)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by JUSTEX (administrator) on DESKTOP-NEIQN8V (06-12-2017 00:16:39)
Running from C:\Users\JUSTEX\Desktop
Loaded Profiles: JUSTEX (Available Profiles: JUSTEX)
Platform: Windows 10 Pro Version 1703 15063.726 (X64) Language: Български (България)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17102.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [920280 2015-04-17] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-09-28] (Qualcomm®Atheros®)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-576454172-1670169836-3432802236-1001\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe /autostart <==== ATTENTION
HKU\S-1-5-21-576454172-1670169836-3432802236-1001\...\Run: [GoogleChromeAutoLaunch_E50B1C2255085F15E2119D351FA2B2D5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.)
HKU\S-1-5-21-576454172-1670169836-3432802236-1001\...\MountPoints2: {b32cce1d-a126-11e7-8d89-28c2dd547b06} - "D:\HiSuiteDownLoader.exe"
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{037cc185-9017-4a8b-8813-4647af43ffb9}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{990b585a-079e-4011-bd1b-b6e5ea7df010}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{9fec6220-33f4-4abf-b422-d4b7bc6e3401}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{c7a70ae6-e6fc-44d8-bb83-ceb290aa684c}: [DhcpNameServer] 82.163.143.176

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://newtab.club
HKU\S-1-5-21-576454172-1670169836-3432802236-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://newtab.club
URLSearchHook: HKU\S-1-5-21-576454172-1670169836-3432802236-1001 - (No Name) - {2C6A44CB-AD42-4731-A544-3FBD3D83AB5B} - No File
SearchScopes: HKU\S-1-5-21-576454172-1670169836-3432802236-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.yahoo.com/search;_ylt=AhdgslCecv7o8tN0m55H3XSbvZx4?toggle=1&cop=mss&ei=UTF-8&fp=1&fr=vmn&type=systma__byd&p={searchTerms}
SearchScopes: HKU\S-1-5-21-576454172-1670169836-3432802236-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.yahoo.com/search;_ylt=AhdgslCecv7o8tN0m55H3XSbvZx4?toggle=1&cop=mss&ei=UTF-8&fp=1&fr=vmn&type=systma__byd&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 0701vbf4.default
FF ProfilePath: C:\Users\JUSTEX\AppData\Roaming\Mozilla\Firefox\Profiles\0701vbf4.default [2017-12-06]
FF Homepage: Mozilla\Firefox\Profiles\0701vbf4.default -> hxxps://newtab.club
FF Extension: (Disable Media WMF NV12 format) - C:\Users\JUSTEX\AppData\Roaming\Mozilla\Firefox\Profiles\0701vbf4.default\features\{b5433122-337e-426f-bc96-f0256afa0d98}\disable-media-wmf-nv12@mozilla.org.xpi [2017-11-23] [Lagacy]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://newtab.club/
CHR StartupUrls: Default -> "hxxps://newtab.club/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search;_ylt=AhdgslCecv7o8tN0m55H3XSbvZx4?toggle=1&cop=mss&ei=UTF-8&fp=1&fr=vmn&type=systma__byd&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default [2017-12-06]
CHR Extension: (Презентации) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-02]
CHR Extension: (Jaxx Blockchain Wallet) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ancbofgphhmhcchnaognahmjfajaecmo [2017-12-04]
CHR Extension: (Документи) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-02]
CHR Extension: (Google Диск) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-02]
CHR Extension: (YouTube) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-02]
CHR Extension: (Таблици) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-02]
CHR Extension: (Fea KeyLogger) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkghpghjcbfcflhoklkcincndlpobja [2017-11-02]
CHR Extension: (Google Документи офлайн) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-02]
CHR Extension: (Gumshoe) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mekpfngodchodemgmkhinohkfjefjeea [2017-11-02]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-02]
CHR Extension: (Gmail) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-02]
CHR Extension: (Chrome Media Router) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-09-28] (Windows (R) Win 7 DDK provider) [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373728 2017-07-18] (Intel Corporation)
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-10-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-10-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-12] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-10-12] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-28] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-09-28] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusTP; C:\Windows\System32\drivers\AsusTP.sys [124928 2017-03-09] (ASUS Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-09-28] (Qualcomm Atheros)
S3 FTDIBUS; C:\Windows\system32\drivers\ftdibus.sys [118160 2016-10-04] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\Windows\system32\drivers\ftser2k.sys [88752 2016-10-04] ()
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [88256 2017-07-18] (Intel Corporation)
R1 MpKsl1a5a8bef; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AE438C59-C159-466F-80CC-DF3225ADED3D}\MpKsl1a5a8bef.sys [58120 2017-11-22] (Microsoft Corporation)
R1 MpKsl2bf11749; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6C2DA16-21B6-4F6B-8519-239085659543}\MpKsl2bf11749.sys [58120 2017-11-30] (Microsoft Corporation)
R1 MpKsl4c6eb1b2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{321B2836-5AB6-4F04-B90B-76B53AD4682E}\MpKsl4c6eb1b2.sys [58120 2017-11-15] (Microsoft Corporation)
R1 MpKsl89ced9b9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{41D2CD6D-8B7B-4174-BCEA-CF45120B84D6}\MpKsl89ced9b9.sys [58120 2017-12-04] (Microsoft Corporation)
R1 MpKsld4bc2dbe; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{26A20D41-7E4E-40B6-90BB-0DEEA25B23F0}\MpKsld4bc2dbe.sys [58120 2017-11-18] (Microsoft Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_1d639c807e0d61d9\nvlddmkm.sys [16924088 2017-10-13] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48064 2017-10-12] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-10-12] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2017-07-19] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S1 abnoljoh; \??\C:\WINDOWS\system32\drivers\abnoljoh.sys [X]
S1 advxlkon; \??\C:\WINDOWS\system32\drivers\advxlkon.sys [X]
S1 autgmeea; \??\C:\WINDOWS\system32\drivers\autgmeea.sys [X]
S1 awzcobuy; \??\C:\WINDOWS\system32\drivers\awzcobuy.sys [X]
S1 bjhbbqpi; \??\C:\WINDOWS\system32\drivers\bjhbbqpi.sys [X]
S1 bqxkmjid; \??\C:\WINDOWS\system32\drivers\bqxkmjid.sys [X]
S1 bsoqelco; \??\C:\WINDOWS\system32\drivers\bsoqelco.sys [X]
S1 btqkktrg; \??\C:\WINDOWS\system32\drivers\btqkktrg.sys [X]
S1 bwlqsjnk; \??\C:\WINDOWS\system32\drivers\bwlqsjnk.sys [X]
S1 bylqddsc; \??\C:\WINDOWS\system32\drivers\bylqddsc.sys [X]
S1 cxevwmkm; \??\C:\WINDOWS\system32\drivers\cxevwmkm.sys [X]
S1 dardnvcd; \??\C:\WINDOWS\system32\drivers\dardnvcd.sys [X]
S1 dfwvwkxn; \??\C:\WINDOWS\system32\drivers\dfwvwkxn.sys [X]
S1 dpxtwtac; \??\C:\WINDOWS\system32\drivers\dpxtwtac.sys [X]
S1 dseqrtlf; \??\C:\WINDOWS\system32\drivers\dseqrtlf.sys [X]
S1 edjpcfxp; \??\C:\WINDOWS\system32\drivers\edjpcfxp.sys [X]
S1 enxiuowy; \??\C:\WINDOWS\system32\drivers\enxiuowy.sys [X]
S1 eogozevv; \??\C:\WINDOWS\system32\drivers\eogozevv.sys [X]
S1 eoyzdnjb; \??\C:\WINDOWS\system32\drivers\eoyzdnjb.sys [X]
S1 epbaipxs; \??\C:\WINDOWS\system32\drivers\epbaipxs.sys [X]
S1 eptrxjwj; \??\C:\WINDOWS\system32\drivers\eptrxjwj.sys [X]
S1 esbdqxsw; \??\C:\WINDOWS\system32\drivers\esbdqxsw.sys [X]
S1 eupftkpq; \??\C:\WINDOWS\system32\drivers\eupftkpq.sys [X]
S1 fbvmvgvf; \??\C:\WINDOWS\system32\drivers\fbvmvgvf.sys [X]
S1 fhhqubjr; \??\C:\WINDOWS\system32\drivers\fhhqubjr.sys [X]
S1 fhzgqssr; \??\C:\WINDOWS\system32\drivers\fhzgqssr.sys [X]
S1 fqvztkjx; \??\C:\WINDOWS\system32\drivers\fqvztkjx.sys [X]
S1 ghjhvmtk; \??\C:\WINDOWS\system32\drivers\ghjhvmtk.sys [X]
S1 gjxncydx; \??\C:\WINDOWS\system32\drivers\gjxncydx.sys [X]
S1 gkculstv; \??\C:\WINDOWS\system32\drivers\gkculstv.sys [X]
S1 glmqjbjb; \??\C:\WINDOWS\system32\drivers\glmqjbjb.sys [X]
S1 gmimzpfb; \??\C:\WINDOWS\system32\drivers\gmimzpfb.sys [X]
S1 grdkfjna; \??\C:\WINDOWS\system32\drivers\grdkfjna.sys [X]
S1 gthezups; \??\C:\WINDOWS\system32\drivers\gthezups.sys [X]
S1 gzbxeiga; \??\C:\Windows\system32\drivers\gzbxeiga.sys [X]
S1 hxutvoai; \??\C:\WINDOWS\system32\drivers\hxutvoai.sys [X]
S1 hzzonvzm; \??\C:\Windows\system32\drivers\hzzonvzm.sys [X]
S1 iayrrccr; \??\C:\Windows\system32\drivers\iayrrccr.sys [X]
S1 idkuyirm; \??\C:\WINDOWS\system32\drivers\idkuyirm.sys [X]
S1 ikyqkphb; \??\C:\WINDOWS\system32\drivers\ikyqkphb.sys [X]
S1 ildfezio; \??\C:\WINDOWS\system32\drivers\ildfezio.sys [X]
S1 iomarrtd; \??\C:\WINDOWS\system32\drivers\iomarrtd.sys [X]
S1 ivhtzjyn; \??\C:\WINDOWS\system32\drivers\ivhtzjyn.sys [X]
S1 iwlzymna; \??\C:\WINDOWS\system32\drivers\iwlzymna.sys [X]
S1 jfufcwda; \??\C:\WINDOWS\system32\drivers\jfufcwda.sys [X]
S1 jwvuskvr; \??\C:\WINDOWS\system32\drivers\jwvuskvr.sys [X]
S1 kodhfajf; \??\C:\WINDOWS\system32\drivers\kodhfajf.sys [X]
S1 kroipbpe; \??\C:\WINDOWS\system32\drivers\kroipbpe.sys [X]
S1 kyiienty; \??\C:\WINDOWS\system32\drivers\kyiienty.sys [X]
S1 lbpgfvor; \??\C:\WINDOWS\system32\drivers\lbpgfvor.sys [X]
S1 lfwbseta; \??\C:\WINDOWS\system32\drivers\lfwbseta.sys [X]
S1 lwkxtajq; \??\C:\WINDOWS\system32\drivers\lwkxtajq.sys [X]
S1 mcqewkpd; \??\C:\WINDOWS\system32\drivers\mcqewkpd.sys [X]
S1 mmrmbbtr; \??\C:\WINDOWS\system32\drivers\mmrmbbtr.sys [X]
S1 mozjjmqw; \??\C:\WINDOWS\system32\drivers\mozjjmqw.sys [X]
S1 mxsendkr; \??\C:\WINDOWS\system32\drivers\mxsendkr.sys [X]
S1 ndjhrcxy; \??\C:\WINDOWS\system32\drivers\ndjhrcxy.sys [X]
S1 ngyeailg; \??\C:\Windows\system32\drivers\ngyeailg.sys [X]
S1 noqiuiva; \??\C:\WINDOWS\system32\drivers\noqiuiva.sys [X]
S1 nqgflajf; \??\C:\WINDOWS\system32\drivers\nqgflajf.sys [X]
S1 ntagufua; \??\C:\WINDOWS\system32\drivers\ntagufua.sys [X]
S1 nytpgkah; \??\C:\WINDOWS\system32\drivers\nytpgkah.sys [X]
S1 odnmjvwg; \??\C:\WINDOWS\system32\drivers\odnmjvwg.sys [X]
S1 ofcosxmd; \??\C:\WINDOWS\system32\drivers\ofcosxmd.sys [X]
S1 pbkqtzoc; \??\C:\WINDOWS\system32\drivers\pbkqtzoc.sys [X]
S1 pfpdcyqe; \??\C:\WINDOWS\system32\drivers\pfpdcyqe.sys [X]
S1 pncybnmc; \??\C:\WINDOWS\system32\drivers\pncybnmc.sys [X]
S1 pnglpkqs; \??\C:\WINDOWS\system32\drivers\pnglpkqs.sys [X]
S1 ptppbhow; \??\C:\WINDOWS\system32\drivers\ptppbhow.sys [X]
S1 pwrqjztf; \??\C:\WINDOWS\system32\drivers\pwrqjztf.sys [X]
S1 qngtxuei; \??\C:\WINDOWS\system32\drivers\qngtxuei.sys [X]
S1 qnwrjiwd; \??\C:\WINDOWS\system32\drivers\qnwrjiwd.sys [X]
S1 qvarbcgv; \??\C:\WINDOWS\system32\drivers\qvarbcgv.sys [X]
S1 rdprhwxz; \??\C:\WINDOWS\system32\drivers\rdprhwxz.sys [X]
S1 rgzuemuw; \??\C:\WINDOWS\system32\drivers\rgzuemuw.sys [X]
S1 ricgdadd; \??\C:\WINDOWS\system32\drivers\ricgdadd.sys [X]
S1 rnilomtd; \??\C:\WINDOWS\system32\drivers\rnilomtd.sys [X]
S1 rqpkvtqr; \??\C:\WINDOWS\system32\drivers\rqpkvtqr.sys [X]
S1 ryprnkdl; \??\C:\WINDOWS\system32\drivers\ryprnkdl.sys [X]
S1 saavgwpr; \??\C:\Windows\system32\drivers\saavgwpr.sys [X]
S1 sesqtkvd; \??\C:\WINDOWS\system32\drivers\sesqtkvd.sys [X]
S1 siuvcjhn; \??\C:\WINDOWS\system32\drivers\siuvcjhn.sys [X]
S1 syoiyunh; \??\C:\WINDOWS\system32\drivers\syoiyunh.sys [X]
S1 szprrgbz; \??\C:\WINDOWS\system32\drivers\szprrgbz.sys [X]
S1 tbqhwrur; \??\C:\WINDOWS\system32\drivers\tbqhwrur.sys [X]
S1 toqmapob; \??\C:\WINDOWS\system32\drivers\toqmapob.sys [X]
S1 udjdwjbq; \??\C:\Windows\system32\drivers\udjdwjbq.sys [X]
S1 uilcbqrh; \??\C:\WINDOWS\system32\drivers\uilcbqrh.sys [X]
S1 uqlpurqb; \??\C:\WINDOWS\system32\drivers\uqlpurqb.sys [X]
S1 vqhgfgsv; \??\C:\WINDOWS\system32\drivers\vqhgfgsv.sys [X]
S1 vxtqeqfe; \??\C:\WINDOWS\system32\drivers\vxtqeqfe.sys [X]
S1 wwiptfpm; \??\C:\WINDOWS\system32\drivers\wwiptfpm.sys [X]
S1 xlczrqdi; \??\C:\WINDOWS\system32\drivers\xlczrqdi.sys [X]
S1 xolxsftx; \??\C:\WINDOWS\system32\drivers\xolxsftx.sys [X]
S1 xvkbnutx; \??\C:\WINDOWS\system32\drivers\xvkbnutx.sys [X]
S1 xvmvkhey; \??\C:\WINDOWS\system32\drivers\xvmvkhey.sys [X]
S1 xyhrvxgv; \??\C:\WINDOWS\system32\drivers\xyhrvxgv.sys [X]
S1 xzleboqv; \??\C:\WINDOWS\system32\drivers\xzleboqv.sys [X]
S1 yfkmzanm; \??\C:\WINDOWS\system32\drivers\yfkmzanm.sys [X]
S1 ytyrtzeb; \??\C:\WINDOWS\system32\drivers\ytyrtzeb.sys [X]
S1 yyivjvsg; \??\C:\WINDOWS\system32\drivers\yyivjvsg.sys [X]
S1 zntrdwbe; \??\C:\WINDOWS\system32\drivers\zntrdwbe.sys [X]
S1 zuvlekwj; \??\C:\WINDOWS\system32\drivers\zuvlekwj.sys [X]
S1 zwlawyhx; \??\C:\WINDOWS\system32\drivers\zwlawyhx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-05 23:56 - 2017-12-05 23:56 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\663681EF.sys
2017-12-05 23:56 - 2017-12-05 23:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-05 23:55 - 2017-12-06 00:11 - 000000000 ____D C:\Users\JUSTEX\Desktop\mbar
2017-12-05 23:52 - 2017-12-06 00:16 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-05 23:51 - 2017-12-05 23:52 - 014161479 _____ C:\Users\JUSTEX\Desktop\mbar-1.10.3.1001-nr.exe
2017-12-05 23:48 - 2017-12-05 23:51 - 000000000 ____D C:\Users\JUSTEX\AppData\Roaming\Geek Uninstaller
2017-12-05 23:48 - 2017-10-24 15:32 - 007152576 _____ (Geek Unіnstaller) C:\Users\JUSTEX\Desktop\geek.exe
2017-12-05 19:30 - 2017-12-05 19:31 - 000722460 _____ C:\Windows\Minidump\120517-25125-01.dmp
2017-12-05 16:29 - 2017-12-05 16:30 - 000038817 _____ C:\Users\JUSTEX\Desktop\Addition.txt
2017-12-05 16:27 - 2017-12-06 00:18 - 000022553 _____ C:\Users\JUSTEX\Desktop\FRST.txt
2017-12-05 16:27 - 2017-12-06 00:16 - 000000000 ____D C:\FRST
2017-12-05 16:26 - 2017-12-05 16:26 - 002391552 _____ (Farbar) C:\Users\JUSTEX\Desktop\FRST64.exe
2017-12-04 20:41 - 2017-12-04 20:41 - 000525660 _____ C:\Windows\Minidump\120417-28796-01.dmp
2017-11-24 18:56 - 2017-11-24 18:56 - 000000000 ____D C:\Users\JUSTEX\AppData\Local\CrashDumps
2017-11-17 21:32 - 2017-11-17 21:32 - 000000000 ____D C:\ProgramData\c6d70a2e-7397-0
2017-11-17 21:32 - 2017-11-17 21:32 - 000000000 ____D C:\ProgramData\c6d70a2e-3ad1-1
2017-11-15 01:21 - 2017-11-02 07:20 - 002032536 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-15 01:21 - 2017-11-02 07:16 - 008319384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-11-15 01:21 - 2017-11-02 07:16 - 002398696 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-11-15 01:21 - 2017-11-02 07:16 - 002327448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-15 01:21 - 2017-11-02 07:15 - 001239448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-11-15 01:21 - 2017-11-02 07:13 - 000546712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-11-15 01:21 - 2017-11-02 07:13 - 000212888 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2017-11-15 01:21 - 2017-11-02 07:13 - 000095640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2017-11-15 01:21 - 2017-11-02 07:12 - 000727336 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-11-15 01:21 - 2017-11-02 07:12 - 000654976 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2017-11-15 01:21 - 2017-11-02 07:12 - 000430848 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2017-11-15 01:21 - 2017-11-02 07:12 - 000412752 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2017-11-15 01:21 - 2017-11-02 07:12 - 000319384 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2017-11-15 01:21 - 2017-11-02 07:12 - 000144248 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2017-11-15 01:21 - 2017-11-02 07:10 - 006557520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-11-15 01:21 - 2017-11-02 07:05 - 000871408 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-11-15 01:21 - 2017-11-02 07:05 - 000187800 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-11-15 01:21 - 2017-11-02 07:04 - 001292360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-11-15 01:21 - 2017-11-02 07:03 - 000223640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2017-11-15 01:21 - 2017-11-02 06:49 - 001838848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-11-15 01:21 - 2017-11-02 06:45 - 000703056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-11-15 01:21 - 2017-11-02 06:45 - 000613136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-11-15 01:21 - 2017-11-02 06:45 - 000362144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2017-11-15 01:21 - 2017-11-02 06:45 - 000354360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2017-11-15 01:21 - 2017-11-02 06:45 - 000283544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2017-11-15 01:21 - 2017-11-02 06:45 - 000172952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-11-15 01:21 - 2017-11-02 06:45 - 000133896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2017-11-15 01:21 - 2017-11-02 06:44 - 023680000 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-11-15 01:21 - 2017-11-02 06:44 - 005808640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-11-15 01:21 - 2017-11-02 06:44 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2017-11-15 01:21 - 2017-11-02 06:43 - 020372896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-11-15 01:21 - 2017-11-02 06:37 - 003668992 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-11-15 01:21 - 2017-11-02 06:36 - 000099328 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll
2017-11-15 01:21 - 2017-11-02 06:35 - 000228352 _____ (Microsoft Corporation) C:\Windows\system32\VPNv2CSP.dll
2017-11-15 01:21 - 2017-11-02 06:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-15 01:21 - 2017-11-02 06:34 - 012803072 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-15 01:21 - 2017-11-02 06:34 - 000306176 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2017-11-15 01:21 - 2017-11-02 06:34 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2017-11-15 01:21 - 2017-11-02 06:34 - 000110592 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2017-11-15 01:21 - 2017-11-02 06:34 - 000095232 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-11-15 01:21 - 2017-11-02 06:34 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuautoappupdate.dll
2017-11-15 01:21 - 2017-11-02 06:32 - 008213504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-11-15 01:21 - 2017-11-02 06:31 - 020512256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-11-15 01:21 - 2017-11-02 06:31 - 000434176 _____ (Microsoft Corporation) C:\Windows\system32\msIso.dll
2017-11-15 01:21 - 2017-11-02 06:30 - 013381120 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-15 01:21 - 2017-11-02 06:30 - 007339008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-11-15 01:21 - 2017-11-02 06:30 - 002953216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-11-15 01:21 - 2017-11-02 06:30 - 000719872 _____ (Microsoft Corporation) C:\Windows\system32\FlightSettings.dll
2017-11-15 01:21 - 2017-11-02 06:30 - 000407040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2017-11-15 01:21 - 2017-11-02 06:30 - 000388096 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-15 01:21 - 2017-11-02 06:30 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-15 01:21 - 2017-11-02 06:30 - 000165888 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2017-11-15 01:21 - 2017-11-02 06:30 - 000155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2017-11-15 01:21 - 2017-11-02 06:29 - 019338240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-15 01:21 - 2017-11-02 06:29 - 000805888 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2017-11-15 01:21 - 2017-11-02 06:29 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2017-11-15 01:21 - 2017-11-02 06:29 - 000752640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-15 01:21 - 2017-11-02 06:29 - 000588800 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-15 01:21 - 2017-11-02 06:29 - 000415232 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-11-15 01:21 - 2017-11-02 06:28 - 023684096 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-15 01:21 - 2017-11-02 06:28 - 000939008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AccountsControl.dll
2017-11-15 01:21 - 2017-11-02 06:28 - 000799744 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2017-11-15 01:21 - 2017-11-02 06:28 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-11-15 01:21 - 2017-11-02 06:27 - 002078720 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-15 01:21 - 2017-11-02 06:27 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2017-11-15 01:21 - 2017-11-02 06:27 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-11-15 01:21 - 2017-11-02 06:27 - 000079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-11-15 01:21 - 2017-11-02 06:27 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertPKICmdlet.dll
2017-11-15 01:21 - 2017-11-02 06:26 - 008197120 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-11-15 01:21 - 2017-11-02 06:26 - 005963776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 01:21 - 2017-11-02 06:26 - 004445696 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-11-15 01:21 - 2017-11-02 06:26 - 003060224 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2017-11-15 01:21 - 2017-11-02 06:26 - 002671616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-15 01:21 - 2017-11-02 06:26 - 001937408 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2017-11-15 01:21 - 2017-11-02 06:26 - 000755712 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-15 01:21 - 2017-11-02 06:26 - 000371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2017-11-15 01:21 - 2017-11-02 06:26 - 000068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 01:21 - 2017-11-02 06:25 - 012227072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-15 01:21 - 2017-11-02 06:25 - 011888128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-15 01:21 - 2017-11-02 06:25 - 004727808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-15 01:21 - 2017-11-02 06:25 - 003377664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-15 01:21 - 2017-11-02 06:25 - 003307008 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-15 01:21 - 2017-11-02 06:25 - 000684544 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-11-15 01:21 - 2017-11-02 06:25 - 000370688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2017-11-15 01:21 - 2017-11-02 06:25 - 000364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2017-11-15 01:21 - 2017-11-02 06:25 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-15 01:21 - 2017-11-02 06:24 - 007598080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-11-15 01:21 - 2017-11-02 06:24 - 004707840 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-11-15 01:21 - 2017-11-02 06:24 - 000506368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-15 01:21 - 2017-11-02 06:24 - 000463872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
2017-11-15 01:21 - 2017-11-02 06:24 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.Launcher.dll
2017-11-15 01:21 - 2017-11-02 06:24 - 000358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2017-11-15 01:21 - 2017-11-02 06:23 - 002516480 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-11-15 01:21 - 2017-11-02 06:23 - 000680960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AccountsControl.dll
2017-11-15 01:21 - 2017-11-02 06:23 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-15 01:21 - 2017-11-02 06:23 - 000590336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2017-11-15 01:21 - 2017-11-02 06:23 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsreg.dll
2017-11-15 01:21 - 2017-11-02 06:22 - 006254080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-11-15 01:21 - 2017-11-02 06:22 - 002859520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-15 01:21 - 2017-11-02 06:22 - 002009600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-15 01:21 - 2017-11-02 06:22 - 001884160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2017-11-15 01:21 - 2017-11-02 06:22 - 001494528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2017-11-15 01:21 - 2017-11-02 06:21 - 004417024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-11-15 01:21 - 2017-11-02 06:21 - 003653120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-15 01:21 - 2017-11-02 06:21 - 000787456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-11-15 01:21 - 2017-11-02 06:21 - 000658432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-15 01:21 - 2017-10-25 09:40 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-15 01:21 - 2017-10-15 17:09 - 002259760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll
2017-11-15 01:21 - 2017-10-15 17:03 - 006765728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-15 01:21 - 2017-10-15 17:01 - 000583160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2017-11-15 01:21 - 2017-10-15 16:59 - 000923040 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2017-11-15 01:21 - 2017-10-15 16:55 - 007910960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2017-11-15 01:21 - 2017-10-15 16:53 - 002969880 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll
2017-11-15 01:21 - 2017-10-15 16:53 - 000387928 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2017-11-15 01:21 - 2017-10-15 16:51 - 000584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2017-11-15 01:21 - 2017-10-15 16:49 - 000094616 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-11-15 01:21 - 2017-10-15 16:49 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll
2017-11-15 01:21 - 2017-10-15 16:45 - 001292288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-11-15 01:21 - 2017-10-15 16:45 - 001248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-11-15 01:21 - 2017-10-15 16:44 - 000636416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2017-11-15 01:21 - 2017-10-15 16:44 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll
2017-11-15 01:21 - 2017-10-15 16:42 - 005225984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-11-15 01:21 - 2017-10-15 16:42 - 003667456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-11-15 01:21 - 2017-10-15 16:41 - 004559360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2017-11-15 01:21 - 2017-10-15 16:41 - 001019904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-11-15 01:21 - 2017-10-15 16:38 - 000089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-11-15 01:21 - 2017-10-15 16:15 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2017-11-15 01:21 - 2017-10-15 16:14 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\SEMgrPS.dll
2017-11-15 01:21 - 2017-10-15 16:13 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll
2017-11-15 01:21 - 2017-10-15 16:10 - 001303040 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2017-11-15 01:21 - 2017-10-15 16:09 - 001878016 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-11-15 01:21 - 2017-10-15 16:05 - 004396032 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-11-15 01:21 - 2017-10-15 16:04 - 005557760 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2017-11-15 01:21 - 2017-10-15 16:02 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\LocationFrameworkInternalPS.dll
2017-11-15 01:21 - 2017-10-15 16:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\vss_ps.dll
2017-11-15 01:20 - 2017-11-02 07:21 - 001578904 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-15 01:20 - 2017-11-02 07:21 - 000678808 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-15 01:20 - 2017-11-02 07:21 - 000612248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-15 01:20 - 2017-11-02 07:21 - 000379288 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-15 01:20 - 2017-11-02 07:21 - 000190360 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-15 01:20 - 2017-11-02 07:21 - 000136088 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-15 01:20 - 2017-11-02 07:20 - 001144728 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2017-11-15 01:20 - 2017-11-02 07:20 - 001015704 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2017-11-15 01:20 - 2017-11-02 07:20 - 000965016 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi
2017-11-15 01:20 - 2017-11-02 07:20 - 000821656 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe
2017-11-15 01:20 - 2017-11-02 07:20 - 000613784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-15 01:20 - 2017-11-02 07:20 - 000543640 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-11-15 01:20 - 2017-11-02 07:20 - 000484248 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2017-11-15 01:20 - 2017-11-02 07:20 - 000469568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-11-15 01:20 - 2017-11-02 07:20 - 000259992 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-15 01:20 - 2017-11-02 07:20 - 000034712 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2017-11-15 01:20 - 2017-11-02 07:15 - 000503704 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-11-15 01:20 - 2017-11-02 07:14 - 000667040 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2017-11-15 01:20 - 2017-11-02 07:14 - 000067992 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2017-11-15 01:20 - 2017-11-02 07:13 - 005477088 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2017-11-15 01:20 - 2017-11-02 07:13 - 002443672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-11-15 01:20 - 2017-11-02 07:13 - 001345600 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-11-15 01:20 - 2017-11-02 07:12 - 000714648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2017-11-15 01:20 - 2017-11-02 07:12 - 000643192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-11-15 01:20 - 2017-11-02 07:12 - 000038808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2017-11-15 01:20 - 2017-11-02 07:12 - 000026472 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-11-15 01:20 - 2017-11-02 07:11 - 021353200 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-11-15 01:20 - 2017-11-02 06:37 - 001278976 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2017-11-15 01:20 - 2017-11-02 06:37 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2017-11-15 01:20 - 2017-11-02 06:37 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2017-11-15 01:20 - 2017-11-02 06:37 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2017-11-15 01:20 - 2017-11-02 06:36 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2017-11-15 01:20 - 2017-11-02 06:35 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-11-15 01:20 - 2017-11-02 06:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpstorport.sys
2017-11-15 01:20 - 2017-11-02 06:35 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-11-15 01:20 - 2017-11-02 06:34 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\SharedPCCSP.dll
2017-11-15 01:20 - 2017-11-02 06:34 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\DataUsageLiveTileTask.exe
2017-11-15 01:20 - 2017-11-02 06:34 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
2017-11-15 01:20 - 2017-11-02 06:33 - 000529408 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2017-11-15 01:20 - 2017-11-02 06:33 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\DataUsageHandlers.dll
2017-11-15 01:20 - 2017-11-02 06:33 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\OnDemandConnRouteHelper.dll
2017-11-15 01:20 - 2017-11-02 06:33 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-11-15 01:20 - 2017-11-02 06:33 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\CertPKICmdlet.dll
2017-11-15 01:20 - 2017-11-02 06:32 - 000255488 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2017-11-15 01:20 - 2017-11-02 06:32 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Storage.dll
2017-11-15 01:20 - 2017-11-02 06:31 - 000411648 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2017-11-15 01:20 - 2017-11-02 06:31 - 000153088 _____ (Microsoft Corporation) C:\Windows\system32\RMapi.dll
2017-11-15 01:20 - 2017-11-02 06:30 - 000635392 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2017-11-15 01:20 - 2017-11-02 06:30 - 000601088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.Launcher.dll
2017-11-15 01:20 - 2017-11-02 06:30 - 000229888 _____ (Microsoft Corporation) C:\Windows\system32\SIHClient.exe
2017-11-15 01:20 - 2017-11-02 06:28 - 001468416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2017-11-15 01:20 - 2017-11-02 06:28 - 000772096 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2017-11-15 01:20 - 2017-11-02 06:27 - 000565248 _____ (Microsoft Corporation) C:\Windows\system32\dsreg.dll
2017-11-15 01:20 - 2017-11-02 06:27 - 000537600 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2017-11-15 01:20 - 2017-11-02 06:26 - 002809344 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-11-15 01:20 - 2017-11-02 06:26 - 000986624 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-11-15 01:20 - 2017-11-02 06:25 - 002052608 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-11-15 01:20 - 2017-11-02 06:25 - 001886208 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-11-15 01:20 - 2017-11-02 06:25 - 001713664 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2017-11-15 01:20 - 2017-11-02 06:25 - 000972288 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2017-11-15 01:20 - 2017-11-02 06:25 - 000877568 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2017-11-15 01:20 - 2017-11-02 06:23 - 002449408 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-11-15 01:20 - 2017-11-02 06:23 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-11-15 01:20 - 2017-11-02 06:19 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-15 01:20 - 2017-10-15 16:57 - 000712600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2017-11-15 01:20 - 2017-10-15 16:57 - 000409496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-11-15 01:20 - 2017-10-15 16:56 - 000872464 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2017-11-15 01:20 - 2017-10-15 16:09 - 000527360 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-11-15 01:20 - 2017-10-15 16:08 - 001260544 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2017-11-15 01:20 - 2017-10-15 16:08 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\cldapi.dll
2017-11-15 01:20 - 2017-10-15 16:07 - 000925696 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2017-11-15 01:20 - 2017-10-15 16:05 - 001293824 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-11-13 17:54 - 2017-11-13 17:54 - 000000000 ____D C:\Users\JUSTEX\AppData\Local\NVIDIA Corporation
2017-11-13 00:09 - 2017-11-13 00:09 - 000004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-13 00:09 - 2017-11-13 00:09 - 000003994 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-13 00:09 - 2017-11-13 00:09 - 000001413 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-11-13 00:09 - 2017-11-13 00:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-11-13 00:09 - 2017-10-12 23:38 - 001923008 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-11-13 00:09 - 2017-10-12 23:38 - 001755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-11-13 00:09 - 2017-10-12 23:38 - 001505728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-11-13 00:09 - 2017-10-12 23:38 - 001317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-11-13 00:09 - 2017-10-12 23:38 - 000121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-11-13 00:09 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-11-13 00:09 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-11-13 00:09 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-11-13 00:09 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-11-13 00:09 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-11-13 00:09 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-11-13 00:08 - 2017-11-13 00:08 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-13 00:08 - 2017-11-13 00:08 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-13 00:08 - 2017-11-13 00:08 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-13 00:08 - 2017-11-13 00:08 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-13 00:08 - 2017-11-13 00:08 - 000003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-13 00:08 - 2017-11-13 00:08 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-13 00:08 - 2017-11-13 00:08 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-13 00:08 - 2017-10-12 23:38 - 000179136 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-11-13 00:08 - 2017-10-12 23:38 - 000146368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-11-13 00:08 - 2017-10-12 23:38 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-11-13 00:08 - 2017-09-14 01:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-11-13 00:08 - 2017-09-14 01:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-11-13 00:08 - 2017-09-14 01:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2017-11-13 00:08 - 2017-09-14 01:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2017-11-13 00:07 - 2017-10-12 23:38 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-11-13 00:05 - 2017-11-13 00:05 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-13 00:04 - 2017-10-12 23:38 - 040237176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 036230080 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 035156600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 029263992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 023261440 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 019035344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 013863184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 013251240 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 010880856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 004482792 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 004201408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 003614328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 001988032 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438800.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 001606592 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438800.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 001321448 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 001135464 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 001098872 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 001038496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 001030080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 000980928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 000932288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 000794392 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 000632848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 000615360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 000505976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-11-13 00:04 - 2017-10-12 23:38 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-11-13 00:04 - 2017-10-12 23:38 - 000048064 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-11-13 00:04 - 2017-10-12 23:38 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-11-13 00:04 - 2017-10-12 23:38 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2017-11-13 00:00 - 2017-11-13 00:00 - 000000000 ____D C:\NVIDIA
2017-11-08 01:13 - 2017-11-08 01:13 - 000000000 ____D C:\ProgramData\{7a9f4111-012c-0}
2017-11-08 01:13 - 2017-11-08 01:13 - 000000000 ____D C:\ProgramData\{086b3f59-312c-1}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-06 00:16 - 2017-07-28 21:58 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-12-06 00:13 - 2017-07-28 03:05 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-12-06 00:13 - 2017-07-18 16:52 - 000000000 __SHD C:\Users\JUSTEX\IntelGraphicsProfiles
2017-12-06 00:12 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{F27F9C8A-45D4-2B21-B049-AC2B51295F56}
2017-12-06 00:12 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{DB862C77-6C2D-9BDC-FA13-A149C5C4514C}
2017-12-06 00:12 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{D332C16E-6499-76C5-29FB-05D75A2A7F14}
2017-12-06 00:12 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{D19ACD85-6631-7A2E-7C10-B29B76DAC65B}
2017-12-06 00:12 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{20944AA9-973F-FD02-D8E9-C5B2D52E427F}
2017-12-06 00:12 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{032269FD-B489-DE56-5063-A96A6FFF4246}
2017-12-06 00:12 - 2017-09-23 21:30 - 000000000 ____D C:\Windows\rss
2017-12-06 00:12 - 2017-07-28 03:20 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-06 00:12 - 2017-07-28 03:12 - 000000000 ____D C:\Users\JUSTEX
2017-12-06 00:12 - 2017-07-28 03:08 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-06 00:11 - 2017-07-29 01:48 - 000000000 ____D C:\ProgramData\Micro Foundation
2017-12-06 00:11 - 2017-07-29 01:47 - 000000000 ____D C:\Program Files (x86)\KMSPico
2017-12-05 23:52 - 2017-10-21 23:06 - 000000000 ____D C:\Users\JUSTEX\Downloads\сега
2017-12-05 23:45 - 2017-07-28 03:03 - 000000000 ____D C:\Windows\system32\SleepStudy
2017-12-05 23:28 - 2017-03-18 23:03 - 000000000 ____D C:\Windows\rescache
2017-12-05 23:05 - 2017-07-28 03:20 - 000003378 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-576454172-1670169836-3432802236-1001
2017-12-05 23:05 - 2017-07-18 16:49 - 000002394 _____ C:\Users\JUSTEX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-05 23:05 - 2017-07-18 16:49 - 000000000 ___RD C:\Users\JUSTEX\OneDrive
2017-12-05 19:34 - 2017-07-18 16:51 - 001277798 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-05 19:30 - 2017-07-28 22:03 - 800762520 _____ C:\Windows\MEMORY.DMP
2017-12-05 19:30 - 2017-07-28 22:03 - 000000000 ____D C:\Windows\Minidump
2017-12-05 16:25 - 2017-03-18 23:03 - 000000000 ____D C:\Windows\AppReadiness
2017-12-04 20:41 - 2017-03-18 23:01 - 000000000 ____D C:\Windows\INF
2017-12-03 16:06 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-01 17:15 - 2017-07-22 02:34 - 000000000 ___DC C:\Windows\Panther
2017-12-01 17:04 - 2017-07-28 03:22 - 000024768 _____ C:\Windows\diagwrn.xml
2017-12-01 17:04 - 2017-07-28 03:22 - 000024768 _____ C:\Windows\diagerr.xml
2017-12-01 16:44 - 2017-03-18 13:40 - 000032768 _____ C:\Windows\system32\config\ELAM
2017-12-01 16:38 - 2017-09-30 16:59 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-01 16:38 - 2017-03-18 23:03 - 000000000 ____D C:\Windows\Registration
2017-12-01 16:34 - 2017-10-23 10:38 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-30 20:57 - 2017-09-23 21:30 - 000003690 __RSH C:\ProgramData\ntuser.pol
2017-11-30 12:06 - 2017-10-10 22:48 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-30 12:06 - 2017-07-20 00:05 - 000000000 ____D C:\Windows\system32\MRT
2017-11-30 12:05 - 2017-07-20 00:05 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-21 18:05 - 2017-07-20 00:06 - 000545440 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-11-21 18:01 - 2017-07-18 16:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-21 18:01 - 2017-07-18 16:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-20 22:47 - 2017-03-18 22:51 - 000000000 ____D C:\Windows\CbsTemp
2017-11-17 20:00 - 2017-07-18 16:56 - 000000000 ____D C:\Users\JUSTEX\AppData\Roaming\Mozilla
2017-11-17 20:00 - 2017-07-18 16:55 - 000001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-17 15:48 - 2017-09-23 21:30 - 000000000 ____D C:\Users\JUSTEX\AppData\Roaming\gplyra
2017-11-17 15:45 - 2017-10-23 10:38 - 000004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-15 10:02 - 2015-09-10 07:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-15 10:00 - 2017-07-28 03:03 - 000399848 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-15 02:49 - 2017-03-18 23:03 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-15 02:49 - 2017-03-18 23:03 - 000000000 ____D C:\Windows\ShellExperiences
2017-11-15 02:49 - 2017-03-18 23:03 - 000000000 ____D C:\Windows\Provisioning
2017-11-15 02:49 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-15 02:49 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-15 02:49 - 2017-03-18 13:40 - 000786432 _____ C:\Windows\system32\config\BBI
2017-11-15 00:56 - 2017-11-02 15:16 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-15 00:50 - 2017-11-02 15:15 - 000003516 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 00:50 - 2017-11-02 15:15 - 000003392 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-13 17:54 - 2017-07-28 03:08 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-13 00:09 - 2017-07-28 03:07 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-13 00:09 - 2017-07-18 17:13 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-11-09 01:05 - 2017-11-02 15:15 - 000000000 ____D C:\Users\JUSTEX\AppData\Local\Google
2017-11-08 12:40 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{3d862c3a-312c-0}
2017-11-08 01:14 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{3b2d33e6-712c-1}
2017-11-08 01:13 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{73ef0e76-012c-0}
2017-11-08 01:13 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{73831fae-212c-1}
2017-11-08 01:13 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{614161d8-112c-0}
2017-11-08 01:13 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{11734f09-112c-1}
2017-11-08 01:13 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{0ae47fc7-612c-0}
2017-11-08 01:13 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{02ad244c-012c-1}

==================== Files in the root of some directories =======

2017-09-23 21:30 - 2017-09-23 21:30 - 000140800 _____ () C:\Users\JUSTEX\AppData\Local\installer.dat

Some files in TEMP:
====================
2017-09-23 21:30 - 2017-09-23 21:30 - 001527488 _____ (Microsoft Corporation) C:\Users\JUSTEX\AppData\Local\Temp\dbghelp.dll
2017-12-05 23:48 - 2017-12-05 23:48 - 004052928 _____ (Geek Unіnstaller) C:\Users\JUSTEX\AppData\Local\Temp\geek64.exe
2017-07-29 01:47 - 2017-07-29 01:47 - 000061440 _____ (The Gentee Group) C:\Users\JUSTEX\AppData\Local\Temp\genteert.dll
2017-09-23 21:30 - 2017-09-23 21:30 - 000167616 _____ (Microsoft Corporation) C:\Users\JUSTEX\AppData\Local\Temp\symsrv.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION

LastRegBack: 2017-12-05 19:41

==================== End of FRST.txt ============================

 

 

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

До тук добре....! Продължаваме....:

Фикс с Farbar Recovery Scan Tool
 
icon13.gif Изтеглете прикачения файл
fixlist.txt  и го запазете там, където сте свалили FRST.exe
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.

Press%20the%20FIX%20button_zpsdd5zi3mt.p


Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.
 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

pfNZP4A.png  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • FixLog.txt
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Чудесно..! Има ли подобрение в работата на системата..? Наблюдавате ли първоначалните проблеми...?

 

GfiJrQ9.png&key=c8330b952021a3c1e5ae3771  Сканиране с Malwarebytes Anti-Malware (MBAM)

Моля изтеглете Malwarebytes Anti-Malware 3.2.2.2018 Final и я запазете на вашиядесктоп.

  • Стартирайте файла mb3-setup-consumer-3.2.2.2018.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи програмата ще стартира автоматично.
  • Отидете до табът Settings => Protection > и под категорията Scan Options включете опцията "Scan for rootkits" като преместите плъзгача надясно.

xTvORSF.png

  • Отидете до табът Scan, и изберете Threat Scan и след това натиснете бутона Start Scan.

RUSrqgW.png

  • Ще започне проверка за зловреден софтуер.

4CJ90KI.png

  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи ще се появи списъка с резултатите (ако има намерени обекти). Ако програмата е минимизирана докато сканира ще се появи следното съобщение ако има открити заплахи. Натиснете бутона View Scan Results.

37b.png

  • . Натиснете бутона Quarantine Selected.

2CfXEk1.png

  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.

8Jc9dl9.png

  • След рестарта, стартирайте отново Malwarebytes Anti-Malware.
  • Отидете то табът Reports и отворете лог файла с името Scan Report.

X0ha4sd.png

  • Натиснете бутона Export и след това =>  "Copy to Clipboard"

fE9qzai.png

  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + Vи го публикувайте в следващия си коментар.

 

 

 

BY4dvz9.png Сканиране с AdwCleaner

 
Моля, изтеглете и стартирайте програмата Malwarebytes AdwCleaner (by Xplode):

  • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте A49sxPr.pngScan (провери).
  • След завършване, кликнете на 6cyn5v5.pngLogfile (дневник).Ще се отвори прозорец в който се намира дневника (AdwCleaner [S0] .txt).Кликнете два пъти върх реда и ще се отвори съдържанието на дневника.Публикувайте го в следващия си пост
  • Върнете се към основния прозорец на AdwCleaner .маркирайте MqHawIb.pngClean (Почисти)
  • Следвайте указанията и разрешете на компютъра да се рестартира.
  • След рестарта ще се отвори дневник AdwCleaner[C0].txt . Моля копирайте съдържанието на лог файла в следващия си пост.

 

pfNZP4A.png&key=0a487e0a7cff89c690a32d13  Дневници 

В следващия си отговор, моля да включите (като копирате целите съдържания ) следните дневници:

  • Дневник от Malwarebytes Anti -Malware
  • AdwCleaner.txt

 

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Има подобрения, началния проблем го няма.

Malwarebytes
www.malwarebytes.com

-Детайли за регистъра-
Дата на сканиране: 14.12.17 г.
Час на сканиране: 20:41
Файл на регистъра: 64fec87e-e0fe-11e7-bd83-14dda90d793b.json
Администратор: Да

-Информация за софтуера-
Версия: 3.2.2.2018
Версия на компонентите: 1.0.188
Актуализирай версията на пакета: 1.0.3490
Лиценз: Пробен период

-Системна информация-
OS: Windows 10 (Build 15063.726)
CPU: x64
Файлова система: NTFS
Потребител: DESKTOP-NEIQN8V\JUSTEX

-Резюме на сканирането-
Тип сканиране: Threat Scan
Резултат: Завършено
Сканирани обекти: 274241
Открити заплахи: 92
Заплахи под карантина: 92
Изтекло време: 3 мин, 8 сек

-Опции за сканиране-
Памет: Разрешено
Стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
руткитове: Забранено
Евристика: Разрешено
PUP: Открий
PUM: Открий

-Детайли за сканирането-
Процес: 0
(Не бяха открити зловредни елементи)

Модул: 0
(Не бяха открити зловредни елементи)

Ключ на регистъра: 14
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-576454172-1670169836-3432802236-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, Под карантина, [5076], [425124],1.0.3490
PUP.Optional.SpeeDownloader, HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\Speedownloader0099, Под карантина, [7665], [453126],1.0.3490
PUP.Optional.YeaDesktop, HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\YeaDesktop, Под карантина, [1454], [391400],1.0.3490
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-576454172-1670169836-3432802236-1001\CONSOLE\TASKENG.EXE, Под карантина, [5076], [425125],1.0.3490
PUP.Optional.SpeeDownloader, HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\WOW6432NODE\Speedownloader0099, Под карантина, [7665], [453126],1.0.3490
PUP.Optional.SpeeDownloader, HKLM\SOFTWARE\WOW6432NODE\Speedownloader0099, Под карантина, [7665], [384272],1.0.3490
PUP.Optional.SpeeDownloader, HKLM\SOFTWARE\Speedownloader0099, Под карантина, [7665], [384272],1.0.3490
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{98bb3dc6}, Под карантина, [21], [260250],1.0.3490
PUP.Optional.YeaDesktop, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\YeaDesktop_RASAPI32, Под карантина, [1454], [409418],1.0.3490
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Под карантина, [518], [321304],1.0.3490
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Под карантина, [21], [260247],1.0.3490
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Под карантина, [518], [339688],1.0.3490
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Под карантина, [21], [260247],1.0.3490
PUP.Optional.NeoBar, HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2C6A44CB-AD42-4731-A544-3FBD3D83AB5B}, Под карантина, [113], [411842],1.0.3490

Стойност на регистъра: 7
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-576454172-1670169836-3432802236-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, Под карантина, [5076], [425124],1.0.3490
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-576454172-1670169836-3432802236-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Под карантина, [5076], [425126],1.0.3490
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-576454172-1670169836-3432802236-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Под карантина, [5076], [425125],1.0.3490
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{98bb3dc6}|1, Под карантина, [21], [260250],1.0.3490
PUP.Optional.YeaDesktop.ClnShrt, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|YEADESKTOP.EXE, Под карантина, [1302], [396226],1.0.3490
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|CONTACT, Под карантина, [518], [333852],1.0.3490
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|URLINFOABOUT, Под карантина, [518], [321304],1.0.3490

Данни на регистъра: 10
PUP.Optional.NewTabClub, HKU\S-1-5-21-576454172-1670169836-3432802236-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Сменен, [8600], [448278],1.0.3490
PUP.Optional.NewTabClub, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Сменен, [8600], [448278],1.0.3490
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Сменен, [21], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Сменен, [21], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{037cc185-9017-4a8b-8813-4647af43ffb9}|DhcpNameServer, Сменен, [21], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{6b246332-2beb-482f-ab51-4db0863e5d41}|NameServer, Сменен, [21], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{990b585a-079e-4011-bd1b-b6e5ea7df010}|DhcpNameServer, Сменен, [21], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9fec6220-33f4-4abf-b422-d4b7bc6e3401}|DhcpNameServer, Сменен, [21], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{a472971b-8435-4511-aead-907167eb2c85}|NameServer, Сменен, [21], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{c7a70ae6-e6fc-44d8-bb83-ceb290aa684c}|DhcpNameServer, Сменен, [21], [-1],0.0.0

Поток данни: 0
(Не бяха открити зловредни елементи)

Папка: 46
PUP.Optional.BitCoinMiner, C:\USERS\JUSTEX\APPDATA\ROAMING\GPLYRA, Под карантина, [164], [316518],1.0.3490
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Под карантина, [518], [391425],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{00d203b4-712c-0}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{02ad244c-012c-1}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{034524d7-612c-0}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{04ae685f-212c-1}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{086b3f59-312c-1}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{0ae47fc7-612c-0}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{0c711812-012c-1}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{0eb67557-512c-0}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{0fe1357a-312c-1}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{11734f09-112c-1}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{18c07f41-712c-1}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{1af612e4-312c-1}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{295f700d-712c-0}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{3b2d33e6-712c-1}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{3d862c3a-312c-0}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{3f8e768e-412c-1}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{414f079c-612c-0}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{4c2068bb-712c-0}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{614161d8-112c-0}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{6a983a24-012c-0}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{73831fae-212c-1}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{73ef0e76-012c-0}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{7593244c-212c-0}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{776a24da-012c-1}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{7a9f4111-012c-0}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{7bb0439f-112c-1}, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\49dca0f4-16f3-0, Под карантина, [7891], [407181],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\49dca0f4-7273-1, Под карантина, [7891], [407181],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\c6d70a2e-0355-0, Под карантина, [7891], [407181],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\c6d70a2e-14d3-0, Под карантина, [7891], [407181],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\c6d70a2e-2d81-1, Под карантина, [7891], [407181],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\c6d70a2e-3ad1-1, Под карантина, [7891], [407181],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\c6d70a2e-4773-1, Под карантина, [7891], [407181],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\c6d70a2e-49b5-1, Под карантина, [7891], [407181],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\c6d70a2e-4f95-0, Под карантина, [7891], [407181],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\c6d70a2e-52a5-1, Под карантина, [7891], [407181],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\c6d70a2e-56a1-1, Под карантина, [7891], [407181],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\c6d70a2e-5d47-0, Под карантина, [7891], [407181],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\c6d70a2e-5d91-0, Под карантина, [7891], [407181],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\c6d70a2e-6013-0, Под карантина, [7891], [407181],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\c6d70a2e-6761-0, Под карантина, [7891], [407181],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\c6d70a2e-7397-0, Под карантина, [7891], [407181],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\c6d70a2e-7633-1, Под карантина, [7891], [407181],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\c6d70a2e-7ab7-1, Под карантина, [7891], [407181],1.0.3490

Файл: 15
PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\c6d70a2e-3ad1-1\BIT735D.tmp, Под карантина, [13598], [257931],1.0.3490
PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\c6d70a2e-7397-0\BIT738D.tmp, Под карантина, [13598], [257931],1.0.3490
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Под карантина, [518], [391431],1.0.3490
PUP.Optional.BitCoinMiner, C:\Users\JUSTEX\AppData\Roaming\gplyra\config.json, Под карантина, [164], [316518],1.0.3490
PUP.Optional.BitCoinMiner, C:\Users\JUSTEX\AppData\Roaming\gplyra\gplyra-uninst.exe, Под карантина, [164], [316518],1.0.3490
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Под карантина, [518], [391425],1.0.3490
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Под карантина, [518], [391425],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{00d203b4-712c-0}\BIT73B9.tmp, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{00d203b4-712c-0}\BIT7495.tmp, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{086b3f59-312c-1}\BITE153.tmp, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{1af612e4-312c-1}\BIT6FFE.tmp, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{1af612e4-312c-1}\BIT704D.tmp, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\{7a9f4111-012c-0}\BITE3D5.tmp, Под карантина, [7891], [407180],1.0.3490
PUP.Optional.InstallCore, C:\PROGRAM FILES (X86)\KMSPICO\KMSPICO_PATCH.EXE, Под карантина, [2], [386655],1.0.3490
Adware.EoRezo.Gen, C:\USERS\JUSTEX\DOWNLOADS\KMSPICO 10.2.0UPDATE.ZIP, Под карантина, [7236], [100059],1.0.3490

Физически сектор: 0
(Не бяха открити зловредни елементи)


(end)

 

 

------------------------------------------

 

 

# AdwCleaner 7.0.5.0 - Logfile created on Thu Dec 14 18:59:08 2017

# Updated on 2017/29/11 by Malwarebytes

# Database: 12-13-2017.2

# Running on Windows 10 Pro (X64)

# Mode: scan

# Support: https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

No malicious services found.

 

***** [ Folders ] *****

 

PUP.Optional.Legacy, C:\Users\JUSTEX\AppData\Local\AdvinstAnalytics

PUP.Optional.UpService, C:\Users\JUSTEX\AppData\Local\AdService

Trojan.Agent, C:\Windows\rss

Adware.InstallCore, C:\ProgramData\Micro Foundation

Adware.InstallCore, C:\Users\All Users\Micro Foundation

PUP.Adware.Heuristic, C:\ProgramData\98bb3dc6

 

 

***** [ Files ] *****

 

No malicious files found.

 

***** [ DLL ] *****

 

No malicious DLLs found.

 

***** [ WMI ] *****

 

No malicious WMI found.

 

***** [ Shortcuts ] *****

 

No malicious shortcuts found.

 

***** [ Tasks ] *****

 

No malicious tasks found.

 

***** [ Registry ] *****

 

PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d19tqk5t6qcjac.cloudfront.net

PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it

PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d19tqk5t6qcjac.cloudfront.net

PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}

PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-576454172-1670169836-3432802236-1001\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}

PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-576454172-1670169836-3432802236-1001\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}

PUP.Optional.FastDataX, [Key] - HKU\S-1-5-21-576454172-1670169836-3432802236-1001\Software\FastDataX

PUP.Optional.FastDataX, [Key] - HKCU\Software\FastDataX

PUP.Optional.DiskPower, [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}

PUP.Optional.DiskPower, [Key] - HKU\S-1-5-21-576454172-1670169836-3432802236-1001\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}

PUP.Optional.DiskPower, [Key] - HKCU\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}

PUP.Optional.UpService, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | AdsServiceGroup

Adware.OnlineIO, [Key] - HKLM\SOFTWARE\Microleaves

PUP.Optional.WeatherAlerts, [Key] - HKU\S-1-5-21-576454172-1670169836-3432802236-1001\Software\Microsoft\APreSam

PUP.Optional.WeatherAlerts, [Key] - HKCU\Software\Microsoft\APreSam

PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}

PUP.Optional.WeatherAlerts, [Key] - HKU\S-1-5-21-576454172-1670169836-3432802236-1001\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}

PUP.Optional.WeatherAlerts, [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}

PUP.Optional.AdService, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | AdsServiceGroup

PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A

PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A

PUP.Optional.Microleaves, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A

PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\Online Application\

PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\

PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\

 

 

***** [ Firefox (and derivatives) ] *****

 

No malicious Firefox entries.

 

***** [ Chromium (and derivatives) ] *****

 

No malicious Chromium entries.

 

*************************

 

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

------------------------------------------------------

 

# AdwCleaner 7.0.5.0 - Logfile created on Thu Dec 14 19:00:07 2017
# Updated on 2017/29/11 by Malwarebytes
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\JUSTEX\AppData\Local\AdvinstAnalytics
Deleted: C:\Users\JUSTEX\AppData\Local\AdService
Deleted: C:\Windows\\rss
Deleted: C:\ProgramData\Micro Foundation
Deleted: C:\Users\All Users\Micro Foundation
Deleted: C:\ProgramData\98bb3dc6


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d19tqk5t6qcjac.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d19tqk5t6qcjac.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKU\S-1-5-21-576454172-1670169836-3432802236-1001\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKU\S-1-5-21-576454172-1670169836-3432802236-1001\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKU\S-1-5-21-576454172-1670169836-3432802236-1001\Software\FastDataX
Deleted: [Key] - HKCU\Software\FastDataX
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKU\S-1-5-21-576454172-1670169836-3432802236-1001\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKCU\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|AdsServiceGroup
Deleted: [Key] - HKLM\SOFTWARE\Microleaves
Deleted: [Key] - HKU\S-1-5-21-576454172-1670169836-3432802236-1001\Software\Microsoft\APreSam
Deleted: [Key] - HKCU\Software\Microsoft\APreSam
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted: [Key] - HKU\S-1-5-21-576454172-1670169836-3432802236-1001\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted: [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|AdsServiceGroup
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

 

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [5001 B] - [2017/12/14 18:59:8]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 5 минути, Ивайло Михаилов написа:

Има подобрения, началния проблем го няма.

Чудесно...Рестартирайте компютъра си ...След това за контрол подгответе  нова проверка  с :

 

Сканиране с Farbar Recovery Scan

  • Моля изтеглете icon1337953436.pngFarbar Recovery Scan Tool (според версията на Windows изберете 32 битовата или 64 битовата версия) и го запазете надесктопа.
  • Стартирайте файла FRST.exe (или FRST64.exe)
  • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
  • Натиснете бутона YClYkft.jpg.
  • Изчакайте търпеливо проверката да приключи.
  • Ще се създадат два лог файла с името - FRST.txt и Addition.txt надесктопа.
  • Копирайте съдържанието на файла FRST.txt в следващия си пост.Прикачете Addition.txt в коментар си (погледнете опцията Прикачване на файлове, когато публикувате мнение).

 

 Дневници
 
В следващия си отговор, моля да включите (като копирате целите съдържания ) следните дневници:

  • FRST.txt (копирате цялото съдържание)
  • Addition.txt (прикачате..) 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Според Вас, защо лаптопа ми работи бавно. Бавно зарежда ОС, забива при браузване и като цяло не работи бързо. Сравнително нов е, дори е още в гаранция. Според характеристиките мисля че трябва да работи доста по-бързо...

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2017
Ran by JUSTEX (administrator) on DESKTOP-NEIQN8V (14-12-2017 21:27:45)
Running from C:\Users\JUSTEX\Desktop
Loaded Profiles: JUSTEX (Available Profiles: JUSTEX)
Platform: Windows 10 Pro Version 1703 15063.786 (X64) Language: Български (България)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.12111.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [920280 2015-04-17] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-09-28] (Qualcomm®Atheros®)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{037cc185-9017-4a8b-8813-4647af43ffb9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{037cc185-9017-4a8b-8813-4647af43ffb9}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6b246332-2beb-482f-ab51-4db0863e5d41}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{990b585a-079e-4011-bd1b-b6e5ea7df010}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{990b585a-079e-4011-bd1b-b6e5ea7df010}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{9fec6220-33f4-4abf-b422-d4b7bc6e3401}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9fec6220-33f4-4abf-b422-d4b7bc6e3401}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{a472971b-8435-4511-aead-907167eb2c85}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c7a70ae6-e6fc-44d8-bb83-ceb290aa684c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c7a70ae6-e6fc-44d8-bb83-ceb290aa684c}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{d874b4c2-7338-11e7-915f-806e6f6e6963}: [NameServer] 8.8.8.8

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-576454172-1670169836-3432802236-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.yahoo.com/search;_ylt=AhdgslCecv7o8tN0m55H3XSbvZx4?toggle=1&cop=mss&ei=UTF-8&fp=1&fr=vmn&type=systma__byd&p={searchTerms}
SearchScopes: HKU\S-1-5-21-576454172-1670169836-3432802236-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.yahoo.com/search;_ylt=AhdgslCecv7o8tN0m55H3XSbvZx4?toggle=1&cop=mss&ei=UTF-8&fp=1&fr=vmn&type=systma__byd&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 0701vbf4.default
FF ProfilePath: C:\Users\JUSTEX\AppData\Roaming\Mozilla\Firefox\Profiles\0701vbf4.default [2017-12-14]
FF Homepage: Mozilla\Firefox\Profiles\0701vbf4.default -> hxxps://newtab.club
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://newtab.club/
CHR StartupUrls: Default -> "hxxps://newtab.club/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search;_ylt=AhdgslCecv7o8tN0m55H3XSbvZx4?toggle=1&cop=mss&ei=UTF-8&fp=1&fr=vmn&type=systma__byd&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default [2017-12-14]
CHR Extension: (Презентации) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-02]
CHR Extension: (Jaxx Blockchain Wallet) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ancbofgphhmhcchnaognahmjfajaecmo [2017-12-14]
CHR Extension: (Документи) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-02]
CHR Extension: (Google Диск) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-02]
CHR Extension: (YouTube) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-02]
CHR Extension: (Таблици) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-02]
CHR Extension: (Fea KeyLogger) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkghpghjcbfcflhoklkcincndlpobja [2017-11-02]
CHR Extension: (Google Документи офлайн) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-02]
CHR Extension: (Gumshoe) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mekpfngodchodemgmkhinohkfjefjeea [2017-11-02]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-02]
CHR Extension: (Gmail) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-02]
CHR Extension: (Chrome Media Router) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-09-28] (Windows (R) Win 7 DDK provider) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2017-07-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-10-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-10-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-12] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-10-12] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-11] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-11] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-09-28] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [124928 2017-03-09] (ASUS Corporation)
S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2014-09-28] (Qualcomm Atheros)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-12-14] ()
S3 FTDIBUS; C:\WINDOWS\system32\drivers\ftdibus.sys [118160 2016-10-04] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [88752 2016-10-04] ()
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2017-07-18] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-12-14] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-14] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-12-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-12-14] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-14] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_1d639c807e0d61d9\nvlddmkm.sys [16924088 2017-10-13] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-10-12] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-10-12] (NVIDIA Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2017-07-19] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-11] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-11] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-14 21:24 - 2017-12-14 21:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-14 20:57 - 2017-12-14 21:25 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-14 20:57 - 2017-12-14 21:25 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-14 20:57 - 2017-12-14 21:25 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-14 20:57 - 2017-12-14 21:00 - 000000000 ____D C:\AdwCleaner
2017-12-14 20:57 - 2017-12-14 20:57 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-12-14 20:55 - 2017-12-14 20:56 - 008187336 _____ (Malwarebytes) C:\Users\JUSTEX\Desktop\adwcleaner_7.0.5.0.exe
2017-12-14 20:48 - 2017-12-14 20:48 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-12-14 20:40 - 2017-12-14 21:25 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-12-14 20:40 - 2017-12-14 20:57 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-14 20:40 - 2017-12-14 20:40 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-14 20:40 - 2017-12-14 20:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-14 20:40 - 2017-12-14 20:40 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-14 20:39 - 2017-12-14 20:39 - 066347240 _____ (Malwarebytes ) C:\Users\JUSTEX\Desktop\mb3-setup-consumer-3.2.2.2018.exe
2017-12-14 19:48 - 2017-11-30 05:33 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-14 19:48 - 2017-11-30 05:33 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-14 19:48 - 2017-11-30 05:33 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-12-14 19:48 - 2017-11-30 05:29 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-14 19:48 - 2017-11-30 05:26 - 002647216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-14 19:48 - 2017-11-30 05:24 - 000870896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-14 19:48 - 2017-11-30 05:23 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-14 19:48 - 2017-11-30 05:23 - 001194248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-14 19:48 - 2017-11-30 05:00 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-14 19:48 - 2017-11-30 04:59 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-14 19:48 - 2017-11-30 04:58 - 006763128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-14 19:48 - 2017-11-30 04:58 - 000702032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-14 19:48 - 2017-11-30 04:57 - 001123968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-14 19:48 - 2017-11-30 04:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-14 19:48 - 2017-11-30 04:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-14 19:48 - 2017-11-30 04:44 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-14 19:48 - 2017-11-30 04:44 - 019334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-14 19:48 - 2017-11-30 04:44 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-14 19:48 - 2017-11-30 04:44 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-14 19:48 - 2017-11-30 04:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-14 19:48 - 2017-11-30 04:43 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-14 19:48 - 2017-11-30 04:43 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-14 19:48 - 2017-11-30 04:43 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-14 19:48 - 2017-11-30 04:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-14 19:48 - 2017-11-30 04:42 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-12-14 19:48 - 2017-11-30 04:42 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-14 19:48 - 2017-11-30 04:42 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-14 19:48 - 2017-11-30 04:42 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-14 19:48 - 2017-11-30 04:42 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-14 19:48 - 2017-11-30 04:42 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-14 19:48 - 2017-11-30 04:42 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-14 19:48 - 2017-11-30 04:41 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-12-14 19:48 - 2017-11-30 04:41 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-14 19:48 - 2017-11-30 04:41 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-12-14 19:48 - 2017-11-30 04:41 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-14 19:48 - 2017-11-30 04:41 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-14 19:48 - 2017-11-30 04:40 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-14 19:48 - 2017-11-30 04:40 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-14 19:48 - 2017-11-30 04:40 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-14 19:48 - 2017-11-30 04:40 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-14 19:48 - 2017-11-30 04:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-14 19:48 - 2017-11-30 04:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-14 19:48 - 2017-11-30 04:39 - 003206656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-14 19:48 - 2017-11-30 04:39 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-14 19:48 - 2017-11-30 04:39 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-12-14 19:48 - 2017-11-30 04:38 - 008195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-14 19:48 - 2017-11-30 04:38 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-12-14 19:48 - 2017-11-30 04:38 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-14 19:48 - 2017-11-30 04:38 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-12-14 19:48 - 2017-11-30 04:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-14 19:48 - 2017-11-30 04:37 - 006252544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-14 19:48 - 2017-11-30 04:37 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-14 19:48 - 2017-11-30 04:37 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-14 19:48 - 2017-11-30 04:37 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-12-14 19:48 - 2017-11-30 04:36 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-12-14 19:48 - 2017-11-30 04:36 - 004726784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-14 19:48 - 2017-11-30 04:36 - 003652096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-14 19:48 - 2017-11-30 04:36 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-14 19:48 - 2017-11-30 04:36 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-14 19:48 - 2017-11-30 04:36 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-12-14 19:48 - 2017-11-30 04:36 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-14 19:48 - 2017-11-30 04:36 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-14 19:48 - 2017-11-30 04:35 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-14 19:48 - 2017-11-30 04:34 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-12-14 19:48 - 2017-11-17 11:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-12-14 19:48 - 2017-11-17 11:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-14 19:48 - 2017-11-17 11:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-12-14 19:48 - 2017-11-17 11:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-14 19:48 - 2017-11-17 11:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-14 19:48 - 2017-11-17 11:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-14 19:48 - 2017-11-17 11:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-12-14 19:48 - 2017-11-17 11:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-12-14 19:48 - 2017-11-17 11:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-12-14 19:48 - 2017-11-17 11:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-14 19:48 - 2017-11-17 11:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-12-14 19:48 - 2017-11-17 11:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-12-14 19:48 - 2017-11-17 11:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-12-14 19:48 - 2017-11-17 11:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-12-14 19:48 - 2017-11-17 11:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-12-14 19:48 - 2017-11-17 11:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-14 19:48 - 2017-11-17 11:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-14 19:48 - 2017-11-17 11:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-12-14 19:48 - 2017-11-17 11:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-14 19:48 - 2017-11-17 11:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-14 19:48 - 2017-11-17 10:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-12-14 19:48 - 2017-11-17 10:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-06 22:13 - 2017-12-14 21:27 - 000000000 ____D C:\Users\JUSTEX\Desktop\FRST-OlderVersion
2017-12-06 22:13 - 2017-12-06 22:17 - 000037367 _____ C:\Users\JUSTEX\Desktop\Fixlog.txt
2017-12-05 23:56 - 2017-12-14 20:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-05 23:56 - 2017-12-05 23:56 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\663681EF.sys
2017-12-05 23:55 - 2017-12-06 00:11 - 000000000 ____D C:\Users\JUSTEX\Desktop\mbar
2017-12-05 23:52 - 2017-12-06 22:19 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-05 23:51 - 2017-12-05 23:52 - 014161479 _____ C:\Users\JUSTEX\Desktop\mbar-1.10.3.1001-nr.exe
2017-12-05 23:48 - 2017-12-05 23:51 - 000000000 ____D C:\Users\JUSTEX\AppData\Roaming\Geek Uninstaller
2017-12-05 23:48 - 2017-10-24 15:32 - 007152576 _____ (Geek Unіnstaller) C:\Users\JUSTEX\Desktop\geek.exe
2017-12-05 19:30 - 2017-12-05 19:31 - 000722460 _____ C:\WINDOWS\Minidump\120517-25125-01.dmp
2017-12-05 16:29 - 2017-12-06 00:19 - 000033773 _____ C:\Users\JUSTEX\Desktop\Addition.txt
2017-12-05 16:27 - 2017-12-14 21:29 - 000014799 _____ C:\Users\JUSTEX\Desktop\FRST.txt
2017-12-05 16:27 - 2017-12-14 21:27 - 000000000 ____D C:\FRST
2017-12-05 16:26 - 2017-12-14 21:27 - 002392064 _____ (Farbar) C:\Users\JUSTEX\Desktop\FRST64.exe
2017-12-04 20:41 - 2017-12-04 20:41 - 000525660 _____ C:\WINDOWS\Minidump\120417-28796-01.dmp
2017-11-24 18:56 - 2017-11-24 18:56 - 000000000 ____D C:\Users\JUSTEX\AppData\Local\CrashDumps
2017-11-15 01:21 - 2017-11-02 07:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-15 01:21 - 2017-11-02 07:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 01:21 - 2017-11-02 07:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-15 01:21 - 2017-11-02 07:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 01:21 - 2017-11-02 07:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-15 01:21 - 2017-11-02 07:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-15 01:21 - 2017-11-02 07:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-15 01:21 - 2017-11-02 07:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-15 01:21 - 2017-11-02 07:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-15 01:21 - 2017-11-02 07:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-15 01:21 - 2017-11-02 07:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-15 01:21 - 2017-11-02 07:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-15 01:21 - 2017-11-02 07:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 01:21 - 2017-11-02 07:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-15 01:21 - 2017-11-02 07:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 01:21 - 2017-11-02 06:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-15 01:21 - 2017-11-02 06:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-15 01:21 - 2017-11-02 06:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-15 01:21 - 2017-11-02 06:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-15 01:21 - 2017-11-02 06:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-15 01:21 - 2017-11-02 06:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-15 01:21 - 2017-11-02 06:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-15 01:21 - 2017-11-02 06:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 01:21 - 2017-11-02 06:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-15 01:21 - 2017-11-02 06:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-15 01:21 - 2017-11-02 06:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-15 01:21 - 2017-11-02 06:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-15 01:21 - 2017-11-02 06:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-15 01:21 - 2017-11-02 06:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-15 01:21 - 2017-11-02 06:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-15 01:21 - 2017-11-02 06:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-15 01:21 - 2017-11-02 06:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-15 01:21 - 2017-11-02 06:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-15 01:21 - 2017-11-02 06:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-15 01:21 - 2017-11-02 06:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 01:21 - 2017-11-02 06:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-15 01:21 - 2017-11-02 06:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-15 01:21 - 2017-11-02 06:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-15 01:21 - 2017-11-02 06:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 01:21 - 2017-11-02 06:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-15 01:21 - 2017-11-02 06:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-15 01:21 - 2017-11-02 06:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-15 01:21 - 2017-11-02 06:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 01:21 - 2017-11-02 06:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-15 01:21 - 2017-11-02 06:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-15 01:21 - 2017-11-02 06:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-15 01:21 - 2017-11-02 06:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 01:21 - 2017-11-02 06:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-15 01:21 - 2017-11-02 06:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-15 01:21 - 2017-11-02 06:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-15 01:21 - 2017-11-02 06:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 01:21 - 2017-11-02 06:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-15 01:21 - 2017-11-02 06:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-15 01:21 - 2017-11-02 06:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 01:21 - 2017-11-02 06:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-15 01:21 - 2017-11-02 06:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-15 01:21 - 2017-11-02 06:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 01:21 - 2017-11-02 06:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 01:21 - 2017-11-02 06:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 01:21 - 2017-11-02 06:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-15 01:21 - 2017-11-02 06:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-15 01:21 - 2017-11-02 06:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 01:21 - 2017-11-02 06:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-15 01:21 - 2017-11-02 06:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-15 01:21 - 2017-11-02 06:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-15 01:21 - 2017-11-02 06:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-15 01:21 - 2017-11-02 06:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-15 01:21 - 2017-11-02 06:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 01:21 - 2017-11-02 06:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-15 01:21 - 2017-11-02 06:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 01:21 - 2017-11-02 06:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 01:21 - 2017-11-02 06:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-15 01:21 - 2017-11-02 06:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 01:21 - 2017-11-02 06:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-15 01:21 - 2017-11-02 06:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-15 01:21 - 2017-11-02 06:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-15 01:21 - 2017-11-02 06:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-15 01:21 - 2017-10-25 09:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 01:21 - 2017-10-15 17:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-15 01:21 - 2017-10-15 17:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-15 01:21 - 2017-10-15 16:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-15 01:21 - 2017-10-15 16:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-15 01:21 - 2017-10-15 16:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-15 01:21 - 2017-10-15 16:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-15 01:21 - 2017-10-15 16:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-15 01:21 - 2017-10-15 16:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-15 01:21 - 2017-10-15 16:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-15 01:21 - 2017-10-15 16:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-15 01:21 - 2017-10-15 16:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-15 01:21 - 2017-10-15 16:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-15 01:21 - 2017-10-15 16:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-15 01:21 - 2017-10-15 16:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-15 01:21 - 2017-10-15 16:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-15 01:21 - 2017-10-15 16:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-15 01:21 - 2017-10-15 16:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-15 01:21 - 2017-10-15 16:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-15 01:21 - 2017-10-15 16:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-15 01:21 - 2017-10-15 16:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-15 01:20 - 2017-11-02 07:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-15 01:20 - 2017-11-02 07:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-15 01:20 - 2017-11-02 07:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 01:20 - 2017-11-02 07:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 01:20 - 2017-11-02 07:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 01:20 - 2017-11-02 07:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 01:20 - 2017-11-02 07:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-15 01:20 - 2017-11-02 07:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-15 01:20 - 2017-11-02 07:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-15 01:20 - 2017-11-02 06:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-15 01:20 - 2017-11-02 06:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-15 01:20 - 2017-11-02 06:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-15 01:20 - 2017-11-02 06:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-15 01:20 - 2017-11-02 06:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-15 01:20 - 2017-11-02 06:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-15 01:20 - 2017-11-02 06:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-15 01:20 - 2017-11-02 06:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-15 01:20 - 2017-11-02 06:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-15 01:20 - 2017-11-02 06:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-15 01:20 - 2017-11-02 06:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-15 01:20 - 2017-11-02 06:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-15 01:20 - 2017-11-02 06:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-15 01:20 - 2017-11-02 06:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-15 01:20 - 2017-11-02 06:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-15 01:20 - 2017-11-02 06:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-15 01:20 - 2017-11-02 06:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-15 01:20 - 2017-11-02 06:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-15 01:20 - 2017-11-02 06:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-15 01:20 - 2017-11-02 06:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-15 01:20 - 2017-11-02 06:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-15 01:20 - 2017-11-02 06:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-15 01:20 - 2017-11-02 06:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 01:20 - 2017-11-02 06:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-15 01:20 - 2017-11-02 06:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-15 01:20 - 2017-11-02 06:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-15 01:20 - 2017-11-02 06:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 01:20 - 2017-11-02 06:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-15 01:20 - 2017-11-02 06:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-15 01:20 - 2017-11-02 06:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-15 01:20 - 2017-11-02 06:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-15 01:20 - 2017-11-02 06:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 01:20 - 2017-11-02 06:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 01:20 - 2017-11-02 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 01:20 - 2017-10-15 16:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-15 01:20 - 2017-10-15 16:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-15 01:20 - 2017-10-15 16:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-15 01:20 - 2017-10-15 16:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-15 01:20 - 2017-10-15 16:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-14 21:25 - 2017-07-28 21:58 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-12-14 21:25 - 2017-07-28 03:05 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-12-14 21:25 - 2017-07-18 16:52 - 000000000 __SHD C:\Users\JUSTEX\IntelGraphicsProfiles
2017-12-14 21:24 - 2017-07-28 03:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-14 21:24 - 2017-07-28 03:08 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-14 21:24 - 2017-03-18 13:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-12-14 21:23 - 2017-09-23 21:23 - 000000000 ____D C:\Users\JUSTEX\AppData\Roaming\uTorrent
2017-12-14 21:20 - 2017-09-30 16:59 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-14 21:20 - 2017-07-22 02:34 - 000000000 ___DC C:\WINDOWS\Panther
2017-12-14 21:14 - 2017-10-10 21:53 - 000000000 ____D C:\Users\JUSTEX\AppData\LocalLow\uTorrent
2017-12-14 21:10 - 2017-07-18 16:51 - 001332350 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-14 20:57 - 2017-10-21 23:06 - 000000000 ____D C:\Users\JUSTEX\Downloads\сега
2017-12-14 20:53 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-14 20:52 - 2015-09-10 07:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-14 20:50 - 2017-07-28 03:03 - 000399848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-14 20:49 - 2017-07-28 03:12 - 000000000 ____D C:\Users\JUSTEX
2017-12-14 20:48 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-14 20:48 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-14 20:46 - 2017-07-29 01:47 - 000000000 ____D C:\Program Files (x86)\KMSPico
2017-12-14 20:46 - 2017-07-18 16:55 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-14 20:38 - 2017-07-28 03:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-14 19:53 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-14 19:51 - 2017-07-20 00:05 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-14 19:50 - 2017-10-10 22:48 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-14 19:50 - 2017-07-20 00:05 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-14 19:50 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-14 19:22 - 2017-07-18 16:47 - 000000000 ____D C:\Users\JUSTEX\AppData\Local\Packages
2017-12-12 16:27 - 2017-07-18 16:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-12 16:27 - 2017-07-18 16:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-11 00:57 - 2017-11-02 15:16 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-06 22:45 - 2017-09-23 21:34 - 000000008 __RSH C:\Users\JUSTEX\ntuser.pol
2017-12-06 22:20 - 2017-09-23 21:30 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-12-06 22:16 - 2017-07-29 01:31 - 000000000 ____D C:\Users\JUSTEX\AppData\LocalLow\Temp
2017-12-06 22:14 - 2015-07-31 00:42 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-12-06 00:12 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{F27F9C8A-45D4-2B21-B049-AC2B51295F56}
2017-12-06 00:12 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{DB862C77-6C2D-9BDC-FA13-A149C5C4514C}
2017-12-06 00:12 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{D332C16E-6499-76C5-29FB-05D75A2A7F14}
2017-12-06 00:12 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{D19ACD85-6631-7A2E-7C10-B29B76DAC65B}
2017-12-06 00:12 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{20944AA9-973F-FD02-D8E9-C5B2D52E427F}
2017-12-06 00:12 - 2017-11-02 20:50 - 000000000 ____D C:\ProgramData\{032269FD-B489-DE56-5063-A96A6FFF4246}
2017-12-05 23:28 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\rescache
2017-12-05 23:05 - 2017-07-28 03:20 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-576454172-1670169836-3432802236-1001
2017-12-05 23:05 - 2017-07-18 16:49 - 000002394 _____ C:\Users\JUSTEX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-05 23:05 - 2017-07-18 16:49 - 000000000 ___RD C:\Users\JUSTEX\OneDrive
2017-12-05 19:30 - 2017-07-28 22:03 - 800762520 _____ C:\WINDOWS\MEMORY.DMP
2017-12-05 19:30 - 2017-07-28 22:03 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-02 04:25 - 2017-03-18 23:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-02 04:25 - 2017-03-18 23:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-01 17:04 - 2017-07-28 03:22 - 000024768 _____ C:\WINDOWS\diagwrn.xml
2017-12-01 17:04 - 2017-07-28 03:22 - 000024768 _____ C:\WINDOWS\diagerr.xml
2017-12-01 16:44 - 2017-03-18 13:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-12-01 16:38 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\Registration
2017-12-01 16:34 - 2017-10-23 10:38 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-21 18:05 - 2017-07-20 00:06 - 000545440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-17 20:00 - 2017-07-18 16:56 - 000000000 ____D C:\Users\JUSTEX\AppData\Roaming\Mozilla
2017-11-17 15:45 - 2017-10-23 10:38 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-15 02:49 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 02:49 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-15 02:49 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-15 02:49 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-15 02:49 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-15 00:50 - 2017-11-02 15:15 - 000003516 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 00:50 - 2017-11-02 15:15 - 000003392 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2017-09-23 21:30 - 2017-09-23 21:30 - 000140800 _____ () C:\Users\JUSTEX\AppData\Local\installer.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-05 19:41

==================== End of FRST.txt ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Дневниците са чисти...огромна разлика от първоначалното състояние..!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Всъщност остана само да премахнем програмите които използвахме:

Изтеглете DelFix и го стартирайте. Сложете отметка пред:

  • Remove disinfection tools <----- това ще премахне инструментите които сме използвали
  • Create registry backup <----- тази опция ще създадете резервно копие от регистъра на Windows
  • Purge system restore <---  това ще премахне всички предишни точки за възстановяване, ще бъде създадена нова точка  на състоянието на системата в момента.
  • Reset system settings <--- това ще нулира всички настройки на системата и по подразбиране, които са били променени или от нас по време на почистването или от зловреден софтуер / инфекция

DelFix.png

..и след това натиснете бутона Run

  • След като операцията е завърши,ще се създаде дневник
  • Копирате го и го поставите в следващия си отговор

Инструмента ще се самоизтрие след като приключи своята задача!

Ако има нещо което използвахме в лечението до тук и не се е премахнало след последните инструкции го премахнете ръчно ,по стандартните методи..!

 

i_arrow-r.gif&key=65f9fbaa716d42178fcd1eОстана само Malwarebytes...Тук има два варианта ..или да оставите програмата на вашия компютър и периодично да сканирате системата си с нея (поне един -два пъти в седмицата),като не забравяйте да обновите дефинициите и преди всяко сканиране..както и да изключите защитата в реално време на програмата. Другия е да я деинсталирате:

 

i_arrow-r.gif&key=65f9fbaa716d42178fcd1e  Mоля, използвайте инструмента  Malwarebytes Clean Uninstall Tool .Естествено ако искате да премахнете програмата  Този инструмент е създаден, за да премахне напълно всички следи от програмата  от вашия компютър. 

  1. Изтеглете и стартирайте  mb_clean.exe
  2. Когато инструмента приключи работата си, рестартирайте компютъра 

Забележка : Този инструмент ще премахне напълно всички настройки, които сте конфигурирали, лицензионната информация и всичко останало свързано с Malwarebytes.

 

pfNZP4A.png&key=0a487e0a7cff89c690a32d13  Дневници :

В следващия си отговор, моля да включите следните дневници:

  • DelFix
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 11 часа, Ивайло Михаилов написа:

Благодаря много! А на въпроса от горния ми коментар имате ли някакъв отговор?

Това забавяне  не мога да кажа защо е ...знам със сигурност че вече не се дължи на зловреден софтуер ..! Причините могат да бъдат много...хардуерен проблем , софтуерен конфликт ...некоректно инсталирана  операционна система..! Можете да стартирате машината в безопасен режим и да видите дали забавянето ще продължи...! 

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от Plamen_ruse
      От известно време ми се появи този проблем. Докато браузвам (независимо от браузера) ми се отварят допълнителни прозорци с реклами. Нямам усещане, че компютъра работи по-бавно от преди. 
       
       
      can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.01.2019 01
      Ran by User (administrator) on DESKTOP-9A6KV1O (10-01-2019 21:03:43)
      Running from D:\Downloads
      Loaded Profiles: User (Available Profiles: User)
      Platform: Windows 10 Pro Version 1803 17134.523 (X64) Language: Български (България)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
      (AMD) C:\Windows\System32\atiesrxx.exe
      (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
      (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
      (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe
      () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
      () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (ESET) C:\Program Files\ESET\ESET Security\egui.exe
      (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      (Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe
      (Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe
      (Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe
      (Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
      () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18112.17430.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
      HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
      HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [177928 2018-10-12] (ESET)
      HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-21-619769886-4034110463-2982145271-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.96.181.0_x86__zpdnekdrzrea0\Spotify.exe [25972968 2018-12-22] (Spotify Ltd)
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-13] (Google Inc.)
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 89.207.131.8 8.8.8.8
      Tcpip\..\Interfaces\{d4f7e68d-b074-4387-bb66-200a4cfcbb5d}: [DhcpNameServer] 89.207.131.8 8.8.8.8
      Tcpip\..\Interfaces\{dd5152f7-fb4e-44ba-b531-9721fa95320d}: [DhcpNameServer] 10.0.0.1
      Internet Explorer:
      ==================
      BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-12-16] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-19] (Oracle Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-19] (Oracle Corporation)
      BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
      BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
      Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
      Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-01] (Microsoft Corporation)
      Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-01] (Microsoft Corporation)
      Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-01] (Microsoft Corporation)
      Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-01] (Microsoft Corporation)
      FireFox:
      ========
      FF DefaultProfile: 5zp7ongo.default
      FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5zp7ongo.default [2019-01-06]
      FF Homepage: Mozilla\Firefox\Profiles\5zp7ongo.default -> www.google.bg
      FF Extension: (Video DownloadHelper) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5zp7ongo.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-17]
      FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
      FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2017-07-28] [Legacy] [not signed]
      FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-08] ()
      FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-08] ()
      FF Plugin-x32: @huawei.com/NPPlugin -> C:\Program Files (x86)\Web_TV\WebTVPlugin\NPPlugin.dll [2015-07-02] ()
      FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-11] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
      FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
      FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR HomePage: Default -> hxxp://www.google.com/
      CHR StartupUrls: Default -> "hxxp://www.google.com/"
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-01-10]
      CHR Extension: (Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Theme Creator) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2017-07-21]
      CHR Extension: (Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-21]
      CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-21]
      CHR Extension: (Таблици) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
      CHR Extension: (Отдалечен работен плот на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-10]
      CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
      CHR Extension: (Floating for YouTube™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2018-12-23]
      CHR Extension: (Video DownloadHelper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-08-01]
      CHR Extension: (IP домейн флаг) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlpapfcfoakknnhkfpencomejbcecdfp [2017-12-29]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
      CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-21]
      CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-16]
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-12-13]
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-01-06]
      CHR Extension: (ProxFlow) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aakchaleigkohafkfjfjbblobjifikek [2018-09-13]
      CHR Extension: (Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-24]
      CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-24]
      CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-08]
      CHR Extension: (Таблици) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Отдалечен работен плот на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-11-01]
      CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-01]
      CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-16]
      CHR Extension: (Google Hangouts) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-12-16]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-05]
      CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-24]
      CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-16]
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-01-10]
      CHR Extension: (Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-13]
      CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-13]
      CHR Extension: (Таблици) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
      CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
      CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-13]
      CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-17]
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3 [2019-01-09]
      CHR Extension: (Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-11]
      CHR Extension: (Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-11]
      CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-16]
      CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-16]
      CHR Extension: (Таблици) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-11]
      CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-26]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-13]
      CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-16]
      CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-18]
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4 [2018-06-20]
      CHR Extension: (Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-10]
      CHR Extension: (Документи) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-10]
      CHR Extension: (Google Диск) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-10]
      CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-10]
      CHR Extension: (Таблици) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-10]
      CHR Extension: (Google Документи офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-10]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-20]
      CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-10]
      CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-20]
      CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2018-08-12]
      CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc.)
      R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9646240 2018-12-07] (Microsoft Corporation)
      R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2302152 2018-10-12] (ESET)
      R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2302152 2018-10-12] (ESET)
      S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-09-16] (Microsoft Corporation)
      R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [740544 2015-11-01] (@ByELDI) [File not signed]
      S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation)
      S3 Disc Soft Lite Bus Service; "C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe" [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-07-21] (Disc Soft Ltd)
      R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [143448 2018-10-09] (ESET)
      R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107896 2018-10-09] (ESET)
      S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-08-27] (ESET)
      R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [188832 2018-08-27] (ESET)
      R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50144 2018-08-27] (ESET)
      R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [82304 2018-08-27] (ESET)
      R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [109864 2018-08-27] (ESET)
      R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
      R3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [26880 2016-07-11] (TPMX Electronics Ltd.)
      R3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [33048 2016-07-11] ()
      R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
      R3 RTL8023x64; C:\WINDOWS\System32\drivers\Rtnic64.sys [51712 2018-04-12] (Realtek Semiconductor Corporation )
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
      S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2019-01-10 21:03 - 2019-01-10 21:03 - 000000000 ____D C:\FRST
      2019-01-08 20:52 - 2019-01-01 15:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
      2019-01-08 20:52 - 2019-01-01 15:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
      2019-01-08 20:52 - 2019-01-01 15:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
      2019-01-08 20:52 - 2019-01-01 15:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
      2019-01-08 20:52 - 2019-01-01 15:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
      2019-01-08 20:52 - 2019-01-01 15:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
      2019-01-08 20:52 - 2019-01-01 15:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
      2019-01-08 20:52 - 2019-01-01 15:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
      2019-01-08 20:52 - 2019-01-01 15:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
      2019-01-08 20:52 - 2019-01-01 15:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
      2019-01-08 20:52 - 2019-01-01 09:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
      2019-01-08 20:52 - 2019-01-01 09:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
      2019-01-08 20:52 - 2019-01-01 09:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
      2019-01-08 20:52 - 2019-01-01 09:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
      2019-01-08 20:52 - 2019-01-01 09:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
      2019-01-08 20:52 - 2019-01-01 09:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
      2019-01-08 20:52 - 2019-01-01 09:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
      2019-01-08 20:52 - 2019-01-01 09:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
      2019-01-08 20:52 - 2019-01-01 09:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
      2019-01-08 20:52 - 2019-01-01 09:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
      2019-01-08 20:52 - 2019-01-01 09:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
      2019-01-08 20:52 - 2019-01-01 09:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
      2019-01-08 20:52 - 2019-01-01 09:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
      2019-01-08 20:52 - 2019-01-01 09:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
      2019-01-08 20:52 - 2019-01-01 09:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
      2019-01-08 20:52 - 2019-01-01 09:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
      2019-01-08 20:52 - 2019-01-01 09:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
      2019-01-08 20:52 - 2019-01-01 09:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
      2019-01-08 20:52 - 2019-01-01 09:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
      2019-01-08 20:52 - 2019-01-01 09:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
      2019-01-08 20:52 - 2019-01-01 08:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
      2019-01-08 20:52 - 2019-01-01 08:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
      2019-01-08 20:52 - 2019-01-01 08:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
      2019-01-08 20:52 - 2019-01-01 08:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
      2019-01-08 20:52 - 2019-01-01 08:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
      2019-01-08 20:52 - 2019-01-01 08:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
      2019-01-08 20:52 - 2019-01-01 08:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
      2019-01-08 20:52 - 2019-01-01 08:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
      2019-01-08 20:52 - 2019-01-01 08:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
      2019-01-08 20:52 - 2019-01-01 08:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
      2019-01-08 20:52 - 2019-01-01 08:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
      2019-01-08 20:52 - 2019-01-01 08:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
      2019-01-08 20:52 - 2019-01-01 08:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
      2019-01-08 20:52 - 2019-01-01 08:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
      2019-01-08 20:52 - 2019-01-01 08:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
      2019-01-08 20:52 - 2019-01-01 08:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
      2019-01-08 20:52 - 2019-01-01 08:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
      2019-01-08 20:52 - 2019-01-01 08:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
      2019-01-08 20:52 - 2019-01-01 08:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
      2019-01-08 20:52 - 2019-01-01 08:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
      2019-01-08 20:52 - 2019-01-01 08:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
      2019-01-08 20:52 - 2019-01-01 08:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
      2019-01-08 20:52 - 2019-01-01 08:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
      2019-01-08 20:52 - 2019-01-01 08:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
      2019-01-08 20:52 - 2019-01-01 08:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
      2019-01-08 20:52 - 2019-01-01 08:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
      2019-01-08 20:52 - 2019-01-01 08:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
      2019-01-08 20:52 - 2019-01-01 08:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
      2019-01-08 20:52 - 2019-01-01 08:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
      2019-01-08 20:52 - 2019-01-01 08:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
      2019-01-08 20:52 - 2019-01-01 08:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
      2019-01-08 20:52 - 2019-01-01 08:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
      2019-01-08 20:52 - 2019-01-01 08:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
      2019-01-08 20:52 - 2019-01-01 08:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
      2019-01-08 20:52 - 2019-01-01 08:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
      2019-01-08 20:52 - 2019-01-01 08:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
      2019-01-08 20:52 - 2019-01-01 08:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
      2019-01-08 20:52 - 2019-01-01 08:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
      2019-01-08 20:52 - 2019-01-01 08:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
      2019-01-08 20:52 - 2019-01-01 08:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
      2019-01-08 20:52 - 2019-01-01 08:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
      2019-01-08 20:52 - 2019-01-01 08:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
      2019-01-08 20:52 - 2019-01-01 08:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
      2019-01-08 20:52 - 2019-01-01 08:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
      2019-01-08 20:52 - 2019-01-01 08:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
      2019-01-08 20:52 - 2019-01-01 08:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
      2019-01-08 20:52 - 2019-01-01 08:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
      2019-01-08 20:52 - 2019-01-01 08:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
      2019-01-08 20:52 - 2019-01-01 08:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
      2019-01-08 20:52 - 2019-01-01 08:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
      2019-01-08 20:52 - 2019-01-01 08:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
      2019-01-08 20:52 - 2019-01-01 08:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
      2019-01-08 20:52 - 2019-01-01 08:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
      2019-01-08 20:52 - 2019-01-01 08:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
      2019-01-08 20:52 - 2019-01-01 08:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
      2019-01-08 20:52 - 2019-01-01 07:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
      2019-01-08 20:52 - 2018-12-19 06:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
      2019-01-06 00:59 - 2019-01-06 00:59 - 000141434 _____ C:\TDSSKiller.3.1.0.25_06.01.2019_00.59.11_log.txt
      2019-01-06 00:47 - 2019-01-06 00:47 - 000000000 ____D C:\Users\User\AppData\Local\mbamtray
      2019-01-06 00:47 - 2019-01-06 00:47 - 000000000 ____D C:\Users\User\AppData\Local\mbam
      2018-12-19 20:41 - 2018-12-14 09:29 - 001130760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
      2018-12-19 20:41 - 2018-12-14 09:25 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
      2018-12-19 20:41 - 2018-12-14 09:21 - 001457240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
      2018-12-19 20:41 - 2018-12-14 09:21 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
      2018-12-19 20:41 - 2018-12-14 09:21 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
      2018-12-19 20:41 - 2018-12-14 09:21 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
      2018-12-19 20:41 - 2018-12-14 09:21 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
      2018-12-19 20:41 - 2018-12-14 09:10 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
      2018-12-19 20:41 - 2018-12-14 09:07 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
      2018-12-19 20:41 - 2018-12-14 08:55 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
      2018-12-19 20:41 - 2018-12-14 08:55 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
      2018-12-19 20:41 - 2018-12-14 08:54 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
      2018-12-19 20:41 - 2018-12-14 08:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
      2018-12-19 20:41 - 2018-12-14 08:52 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
      2018-12-19 20:41 - 2018-12-14 08:52 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
      2018-12-19 20:41 - 2018-12-14 08:51 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
      2018-12-19 20:41 - 2018-12-14 08:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
      2018-12-16 16:30 - 2018-12-16 16:30 - 000002527 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
      2018-12-16 16:30 - 2018-12-16 16:30 - 000002496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
      2018-12-16 16:30 - 2018-12-16 16:30 - 000002490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
      2018-12-16 16:30 - 2018-12-16 16:30 - 000002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
      2018-12-16 16:30 - 2018-12-16 16:30 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
      2018-12-16 16:30 - 2018-12-16 16:30 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
      2018-12-16 16:30 - 2018-12-16 16:30 - 000002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
      2018-12-16 16:30 - 2018-12-16 16:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Инструменти на Microsoft Office
      2018-12-13 23:56 - 2018-12-13 23:56 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-12-13 23:56 - 2018-12-13 23:56 - 000002330 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-12-13 18:52 - 2018-09-05 00:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
      2018-12-12 21:25 - 2018-12-08 14:47 - 001786896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
      2018-12-12 21:25 - 2018-12-08 14:42 - 004527800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
      2018-12-12 21:25 - 2018-12-08 14:42 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
      2018-12-12 21:25 - 2018-12-08 14:41 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
      2018-12-12 21:25 - 2018-12-08 14:40 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
      2018-12-12 21:25 - 2018-12-08 14:29 - 013572608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
      2018-12-12 21:25 - 2018-12-08 14:28 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
      2018-12-12 21:25 - 2018-12-08 14:28 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
      2018-12-12 21:25 - 2018-12-08 14:27 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
      2018-12-12 21:25 - 2018-12-08 14:25 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
      2018-12-12 21:25 - 2018-12-08 14:23 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
      2018-12-12 21:25 - 2018-12-08 14:23 - 002892288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
      2018-12-12 21:25 - 2018-12-08 10:07 - 005625352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
      2018-12-12 21:25 - 2018-12-08 10:06 - 001017168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
      2018-12-12 21:25 - 2018-12-08 10:05 - 007436216 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
      2018-12-12 21:25 - 2018-12-08 10:05 - 002822656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
      2018-12-12 21:25 - 2018-12-08 10:04 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
      2018-12-12 21:25 - 2018-12-08 10:04 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
      2018-12-12 21:25 - 2018-12-08 10:04 - 001943328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
      2018-12-12 21:25 - 2018-12-08 10:04 - 001188512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
      2018-12-12 21:25 - 2018-12-08 10:04 - 000416024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
      2018-12-12 21:25 - 2018-12-08 09:47 - 000861744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
      2018-12-12 21:25 - 2018-12-08 09:46 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
      2018-12-12 21:25 - 2018-12-08 09:46 - 000457056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
      2018-12-12 21:25 - 2018-12-08 09:45 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
      2018-12-12 21:25 - 2018-12-08 09:45 - 004789952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
      2018-12-12 21:25 - 2018-12-08 09:45 - 002307240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
      2018-12-12 21:25 - 2018-12-08 09:45 - 001620472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
      2018-12-12 21:25 - 2018-12-08 09:45 - 001379816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
      2018-12-12 21:25 - 2018-12-08 09:42 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
      2018-12-12 21:25 - 2018-12-08 09:41 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
      2018-12-12 21:25 - 2018-12-08 09:40 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
      2018-12-12 21:25 - 2018-12-08 09:38 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
      2018-12-12 21:25 - 2018-12-08 09:38 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
      2018-12-12 21:25 - 2018-12-08 09:37 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
      2018-12-12 21:25 - 2018-12-08 09:36 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
      2018-12-12 21:25 - 2018-12-08 09:36 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
      2018-12-12 21:25 - 2018-12-08 09:36 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
      2018-12-12 21:25 - 2018-12-08 09:36 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
      2018-12-12 21:25 - 2018-12-08 09:35 - 002126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
      2018-12-12 21:25 - 2018-12-08 09:33 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
      2018-12-12 21:25 - 2018-12-08 09:33 - 001457152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
      2018-12-12 21:25 - 2018-12-08 09:33 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
      2018-12-12 21:25 - 2018-12-08 09:32 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
      2018-12-12 21:25 - 2018-12-08 09:30 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
      2018-12-12 21:25 - 2018-12-08 09:29 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
      2018-12-12 21:25 - 2018-12-08 09:29 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
      2018-12-12 21:25 - 2018-12-08 09:28 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
      2018-12-12 21:25 - 2018-11-09 08:15 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
      2018-12-12 21:25 - 2018-11-09 07:59 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
      2018-12-12 21:25 - 2018-11-09 07:57 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
      2018-12-12 21:25 - 2018-11-09 07:55 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
      2018-12-12 21:25 - 2018-11-09 07:55 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
      2018-12-12 21:25 - 2018-11-09 07:32 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
      2018-12-12 21:25 - 2018-11-09 07:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
      2018-12-12 21:25 - 2018-11-09 04:56 - 001213472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
      2018-12-12 21:25 - 2018-11-09 04:48 - 003179760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
      2018-12-12 21:25 - 2018-11-09 04:48 - 001613288 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
      2018-12-12 21:25 - 2018-11-09 04:47 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
      2018-12-12 21:25 - 2018-11-09 04:21 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
      2018-12-12 21:25 - 2018-11-09 04:21 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
      2018-12-12 21:25 - 2018-11-09 04:18 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
      2018-12-12 21:25 - 2018-11-09 04:18 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
      2018-12-12 21:25 - 2018-11-09 04:16 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
      2018-12-12 21:25 - 2018-11-09 04:16 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
      2018-12-12 21:25 - 2018-11-09 04:15 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
      2018-12-12 21:25 - 2018-11-09 04:07 - 002417976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
      2018-12-12 21:25 - 2018-11-09 03:46 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
      2018-12-12 21:25 - 2018-11-09 03:29 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
      2018-12-12 21:25 - 2018-11-09 03:28 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
      2018-12-12 21:24 - 2018-12-08 14:48 - 000034104 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
      2018-12-12 21:24 - 2018-12-08 14:47 - 001627656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 001422864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 001048712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 001038352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000954384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000830480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000825352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000750096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000670224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000652296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000645320 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000495632 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000399880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000258064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000231440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
      2018-12-12 21:24 - 2018-12-08 14:47 - 000228368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000201744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
      2018-12-12 21:24 - 2018-12-08 14:47 - 000180752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
      2018-12-12 21:24 - 2018-12-08 14:47 - 000173072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
      2018-12-12 21:24 - 2018-12-08 14:46 - 000549760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
      2018-12-12 21:24 - 2018-12-08 14:43 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
      2018-12-12 21:24 - 2018-12-08 14:42 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
      2018-12-12 21:24 - 2018-12-08 14:41 - 000481880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
      2018-12-12 21:24 - 2018-12-08 14:39 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
      2018-12-12 21:24 - 2018-12-08 14:27 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.SecureAssessment.dll
      2018-12-12 21:24 - 2018-12-08 14:27 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
      2018-12-12 21:24 - 2018-12-08 14:27 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
      2018-12-12 21:24 - 2018-12-08 14:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
      2018-12-12 21:24 - 2018-12-08 14:23 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
      2018-12-12 21:24 - 2018-12-08 14:23 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
      2018-12-12 21:24 - 2018-12-08 14:23 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
      2018-12-12 21:24 - 2018-12-08 14:23 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
      2018-12-12 21:24 - 2018-12-08 14:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
      2018-12-12 21:24 - 2018-12-08 14:22 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
      2018-12-12 21:24 - 2018-12-08 14:22 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
      2018-12-12 21:24 - 2018-12-08 10:12 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
      2018-12-12 21:24 - 2018-12-08 10:12 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
      2018-12-12 21:24 - 2018-12-08 10:12 - 000092688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
      2018-12-12 21:24 - 2018-12-08 10:07 - 001328632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
      2018-12-12 21:24 - 2018-12-08 10:06 - 000777512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
      2018-12-12 21:24 - 2018-12-08 10:06 - 000491416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
      2018-12-12 21:24 - 2018-12-08 10:06 - 000433168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
      2018-12-12 21:24 - 2018-12-08 10:06 - 000249088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
      2018-12-12 21:24 - 2018-12-08 10:05 - 001935008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
      2018-12-12 21:24 - 2018-12-08 10:05 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
      2018-12-12 21:24 - 2018-12-08 10:05 - 001018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
      2018-12-12 21:24 - 2018-12-08 10:05 - 000793592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
      2018-12-12 21:24 - 2018-12-08 10:05 - 000706040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
      2018-12-12 21:24 - 2018-12-08 10:05 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
      2018-12-12 21:24 - 2018-12-08 10:05 - 000421176 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll
      2018-12-12 21:24 - 2018-12-08 10:05 - 000413920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
      2018-12-12 21:24 - 2018-12-08 10:05 - 000130312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
      2018-12-12 21:24 - 2018-12-08 10:05 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fileinfo.sys
      2018-12-12 21:24 - 2018-12-08 10:04 - 002590296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
      2018-12-12 21:24 - 2018-12-08 10:04 - 001150312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
      2018-12-12 21:24 - 2018-12-08 10:04 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
      2018-12-12 21:24 - 2018-12-08 10:04 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
      2018-12-12 21:24 - 2018-12-08 10:04 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
      2018-12-12 21:24 - 2018-12-08 10:04 - 000413176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
      2018-12-12 21:24 - 2018-12-08 10:04 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
      2018-12-12 21:24 - 2018-12-08 10:04 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
      2018-12-12 21:24 - 2018-12-08 10:04 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
      2018-12-12 21:24 - 2018-12-08 10:04 - 000158624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
      2018-12-12 21:24 - 2018-12-08 10:04 - 000058168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
      2018-12-12 21:24 - 2018-12-08 09:47 - 000785760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
      2018-12-12 21:24 - 2018-12-08 09:46 - 001397104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
      2018-12-12 21:24 - 2018-12-08 09:46 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
      2018-12-12 21:24 - 2018-12-08 09:46 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
      2018-12-12 21:24 - 2018-12-08 09:45 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
      2018-12-12 21:24 - 2018-12-08 09:45 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
      2018-12-12 21:24 - 2018-12-08 09:45 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
      2018-12-12 21:24 - 2018-12-08 09:45 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
      2018-12-12 21:24 - 2018-12-08 09:45 - 000129296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
      2018-12-12 21:24 - 2018-12-08 09:39 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnsruprov.dll
      2018-12-12 21:24 - 2018-12-08 09:38 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\eeprov.dll
      2018-12-12 21:24 - 2018-12-08 09:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
      2018-12-12 21:24 - 2018-12-08 09:38 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
      2018-12-12 21:24 - 2018-12-08 09:38 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
      2018-12-12 21:24 - 2018-12-08 09:38 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
      2018-12-12 21:24 - 2018-12-08 09:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
      2018-12-12 21:24 - 2018-12-08 09:37 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
      2018-12-12 21:24 - 2018-12-08 09:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
      2018-12-12 21:24 - 2018-12-08 09:37 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
      2018-12-12 21:24 - 2018-12-08 09:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
      2018-12-12 21:24 - 2018-12-08 09:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
      2018-12-12 21:24 - 2018-12-08 09:37 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
      2018-12-12 21:24 - 2018-12-08 09:37 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
      2018-12-12 21:24 - 2018-12-08 09:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
      2018-12-12 21:24 - 2018-12-08 09:36 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
      2018-12-12 21:24 - 2018-12-08 09:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
      2018-12-12 21:24 - 2018-12-08 09:36 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
      2018-12-12 21:24 - 2018-12-08 09:36 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
      2018-12-12 21:24 - 2018-12-08 09:36 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
      2018-12-12 21:24 - 2018-12-08 09:36 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mmcss.sys
      2018-12-12 21:24 - 2018-12-08 09:35 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
      2018-12-12 21:24 - 2018-12-08 09:34 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
      2018-12-12 21:24 - 2018-12-08 09:34 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
      2018-12-12 21:24 - 2018-12-08 09:34 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
      2018-12-12 21:24 - 2018-12-08 09:34 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
      2018-12-12 21:24 - 2018-12-08 09:34 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
      2018-12-12 21:24 - 2018-12-08 09:33 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
      2018-12-12 21:24 - 2018-12-08 09:33 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
      2018-12-12 21:24 - 2018-12-08 09:33 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
      2018-12-12 21:24 - 2018-12-08 09:33 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
      2018-12-12 21:24 - 2018-12-08 09:32 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
      2018-12-12 21:24 - 2018-12-08 09:32 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
      2018-12-12 21:24 - 2018-12-08 09:32 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
      2018-12-12 21:24 - 2018-12-08 09:30 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
      2018-12-12 21:24 - 2018-12-08 09:30 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
      2018-12-12 21:24 - 2018-12-08 09:29 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
      2018-12-12 21:24 - 2018-12-08 09:29 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
      2018-12-12 21:24 - 2018-12-08 09:28 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
      2018-12-12 21:24 - 2018-12-08 09:28 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
      2018-12-12 21:24 - 2018-12-08 09:27 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
      2018-12-12 21:24 - 2018-12-08 09:27 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
      2018-12-12 21:24 - 2018-12-08 09:27 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
      2018-12-12 21:24 - 2018-12-08 09:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
      2018-12-12 21:24 - 2018-12-08 09:26 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
      2018-12-12 21:24 - 2018-12-08 09:26 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
      2018-12-12 21:24 - 2018-12-08 09:25 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
      2018-12-12 21:24 - 2018-12-08 09:25 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
      2018-12-12 21:24 - 2018-12-08 09:25 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
      2018-12-12 21:24 - 2018-12-08 09:25 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
      2018-12-12 21:24 - 2018-12-08 09:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
      2018-12-12 21:24 - 2018-12-08 09:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
      2018-12-12 21:24 - 2018-12-08 09:24 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
      2018-12-12 21:24 - 2018-12-08 09:24 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
      2018-12-12 21:24 - 2018-11-09 08:00 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
      2018-12-12 21:24 - 2018-11-09 07:58 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
      2018-12-12 21:24 - 2018-11-09 07:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
      2018-12-12 21:24 - 2018-11-09 07:56 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
      2018-12-12 21:24 - 2018-11-09 07:56 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
      2018-12-12 21:24 - 2018-11-09 07:56 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
      2018-12-12 21:24 - 2018-11-09 07:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
      2018-12-12 21:24 - 2018-11-09 07:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
      2018-12-12 21:24 - 2018-11-09 07:20 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
      2018-12-12 21:24 - 2018-11-09 07:20 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
      2018-12-12 21:24 - 2018-11-09 07:19 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
      2018-12-12 21:24 - 2018-11-09 07:18 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
      2018-12-12 21:24 - 2018-11-09 07:18 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
      2018-12-12 21:24 - 2018-11-09 04:49 - 000723416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
      2018-12-12 21:24 - 2018-11-09 04:49 - 000565048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
      2018-12-12 21:24 - 2018-11-09 04:49 - 000368656 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
      2018-12-12 21:24 - 2018-11-09 04:48 - 002719736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
      2018-12-12 21:24 - 2018-11-09 04:48 - 000899920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
      2018-12-12 21:24 - 2018-11-09 04:48 - 000766704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
      2018-12-12 21:24 - 2018-11-09 04:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
      2018-12-12 21:24 - 2018-11-09 04:48 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
      2018-12-12 21:24 - 2018-11-09 04:47 - 002062392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
      2018-12-12 21:24 - 2018-11-09 04:47 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
      2018-12-12 21:24 - 2018-11-09 04:47 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
      2018-12-12 21:24 - 2018-11-09 04:47 - 000537912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
      2018-12-12 21:24 - 2018-11-09 04:22 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
      2018-12-12 21:24 - 2018-11-09 04:22 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
      2018-12-12 21:24 - 2018-11-09 04:21 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
      2018-12-12 21:24 - 2018-11-09 04:21 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
      2018-12-12 21:24 - 2018-11-09 04:21 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
      2018-12-12 21:24 - 2018-11-09 04:20 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
      2018-12-12 21:24 - 2018-11-09 04:20 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
      2018-12-12 21:24 - 2018-11-09 04:20 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
      2018-12-12 21:24 - 2018-11-09 04:20 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
      2018-12-12 21:24 - 2018-11-09 04:19 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
      2018-12-12 21:24 - 2018-11-09 04:19 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
      2018-12-12 21:24 - 2018-11-09 04:18 - 000573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
      2018-12-12 21:24 - 2018-11-09 04:18 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
      2018-12-12 21:24 - 2018-11-09 04:18 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
      2018-12-12 21:24 - 2018-11-09 04:17 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
      2018-12-12 21:24 - 2018-11-09 04:17 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
      2018-12-12 21:24 - 2018-11-09 04:16 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
      2018-12-12 21:24 - 2018-11-09 04:16 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
      2018-12-12 21:24 - 2018-11-09 04:15 - 000933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
      2018-12-12 21:24 - 2018-11-09 04:15 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
      2018-12-12 21:24 - 2018-11-09 04:07 - 001299704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
      2018-12-12 21:24 - 2018-11-09 03:48 - 000550728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
      2018-12-12 21:24 - 2018-11-09 03:47 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
      2018-12-12 21:24 - 2018-11-09 03:46 - 002161008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
      2018-12-12 21:24 - 2018-11-09 03:46 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
      2018-12-12 21:24 - 2018-11-09 03:46 - 000721024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
      2018-12-12 21:24 - 2018-11-09 03:46 - 000573504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
      2018-12-12 21:24 - 2018-11-09 03:31 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
      2018-12-12 21:24 - 2018-11-09 03:31 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
      2018-12-12 21:24 - 2018-11-09 03:30 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
      2018-12-12 21:24 - 2018-11-09 03:30 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
      2018-12-12 21:24 - 2018-11-09 03:29 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
      2018-12-12 21:24 - 2018-11-09 03:29 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
      2018-12-12 21:24 - 2018-11-09 03:27 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
      2018-12-12 21:24 - 2018-11-09 03:26 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
      2018-12-12 21:24 - 2018-11-09 03:26 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
      2018-12-12 21:24 - 2018-11-09 03:25 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
      2018-12-12 21:24 - 2018-11-09 03:25 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2019-01-10 20:59 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
      2019-01-10 19:30 - 2018-09-16 16:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
      2019-01-09 18:35 - 2018-09-16 16:27 - 001532434 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2019-01-09 18:35 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
      2019-01-09 18:35 - 2017-07-30 15:50 - 000536072 _____ C:\WINDOWS\system32\perfh002.dat
      2019-01-09 18:35 - 2017-07-30 15:50 - 000162902 _____ C:\WINDOWS\system32\perfc002.dat
      2019-01-09 18:29 - 2018-09-16 16:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2019-01-08 23:43 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
      2019-01-08 23:42 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
      2019-01-08 23:42 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
      2019-01-08 21:01 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
      2019-01-08 20:25 - 2018-09-16 16:31 - 000004550 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
      2019-01-08 20:25 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
      2019-01-08 20:25 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2019-01-08 20:21 - 2018-09-16 16:31 - 000004586 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
      2019-01-07 22:18 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
      2019-01-06 23:41 - 2017-12-25 22:05 - 000000000 ____D C:\Users\User\Desktop\1
      2019-01-06 00:54 - 2017-07-19 15:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2019-01-06 00:54 - 2017-07-19 15:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2019-01-06 00:39 - 2017-07-19 16:04 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
      2019-01-06 00:39 - 2017-07-19 15:57 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
      2019-01-05 19:20 - 2017-07-19 16:01 - 000000000 ____D C:\Users\User\AppData\Roaming\TeamViewer
      2019-01-05 18:45 - 2017-07-20 10:24 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2019-01-04 19:10 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
      2019-01-03 22:12 - 2017-08-09 19:30 - 000001456 _____ C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
      2019-01-02 21:41 - 2018-04-12 01:41 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
      2019-01-02 21:41 - 2018-04-12 01:41 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
      2019-01-01 20:39 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
      2018-12-25 00:42 - 2017-07-21 09:01 - 000000000 ____D C:\Users\User\AppData\Roaming\qBittorrent
      2018-12-23 23:24 - 2018-02-23 22:15 - 000000000 ____D C:\Users\User\AppData\Local\Packages
      2018-12-23 10:06 - 2017-07-21 21:21 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения в Chrome
      2018-12-20 20:04 - 2018-09-16 16:31 - 000003518 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
      2018-12-20 20:04 - 2018-09-16 16:31 - 000003394 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
      2018-12-20 19:17 - 2018-09-16 16:31 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-619769886-4034110463-2982145271-1001
      2018-12-20 19:17 - 2018-09-16 16:16 - 000002388 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      2018-12-20 19:17 - 2017-07-19 09:25 - 000000000 ___RD C:\Users\User\OneDrive
      2018-12-16 17:01 - 2017-07-21 09:02 - 000000000 ____D C:\ProgramData\TEMP
      2018-12-16 16:29 - 2017-07-20 10:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
      2018-12-14 00:22 - 2017-09-16 08:33 - 000000000 ____D C:\Program Files (x86)\Audacity
      2018-12-13 23:56 - 2017-07-19 15:57 - 000000000 ____D C:\Program Files (x86)\Google
      2018-12-13 23:54 - 2018-09-09 15:45 - 000000000 ___DC C:\WINDOWS\Panther
      2018-12-13 18:42 - 2018-02-23 22:31 - 000000000 ___RD C:\Users\User\3D Objects
      2018-12-13 18:42 - 2016-11-21 09:30 - 000000000 __RHD C:\Users\Public\AccountPictures
      2018-12-13 18:40 - 2018-09-16 16:13 - 000401856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2018-12-12 22:57 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
      2018-12-12 22:57 - 2018-04-12 01:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
      2018-12-12 22:57 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents
      ==================== Files in the root of some directories =======
      2017-12-25 22:02 - 2017-12-25 22:02 - 000000128 ____H () C:\Users\User\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
      2017-08-09 19:30 - 2019-01-03 22:12 - 000001456 _____ () C:\Users\User\AppData\Local\Adobe Save for Web 13.0 Prefs
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-09-16 16:12
      ==================== End of FRST.txt ============================
      Addition.txt
    • от B0rn T0 P0rN (Forest*)
      Нещо не схванах каква е цялата схема на раздела, но моето не е чак толкова голям проблем. Изтеглих си Bandicam от "някакъв" сайт, но когато тръгнах да го инсталирам ми изкара прозорче, в което искаше да му дам достъп като админ, за да продължи инсталацията. Направи ми впечатление, че искаше да инсталира някакъв друг software и направо му цъкнах Cancel, след това компютъра заби за около 1-2 секунди, отворих Task manager-a, поне над 6-7 процеса (непознати) работеха, както и да е, инсталира ми някакви програмки, премахнах ги, всичко ток ама без жицата. Остана един друг проблееем.. Сега от цялата история остана един AD който не намирам начин да го премахна.. Гледах, суках, струвах, изтеглих Junkware Removal Tool-a дето уж щял да помогне но уви, не помогна. Ето ей таз глупост не успявам да я премахна > ЦЪК < На антивирустни изобщо не се доверявам, хем компютъра цикли повече от тях, хем двойно повече вируси се бъкат.. Абе като дъвка са за вирусите. Ето и log-a след края на JRT; 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 7 Ultimate x64 Ran by idk (Administrator) on ўв 15.01.2019 Ј. at 3:38:08,89 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 17 Failed to delete: C:\Program Files (x86)\proxygate (Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F68ZGOQX (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIQK8NQU (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HML355FN (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\idk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1LRYOEA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F68ZGOQX (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIQK8NQU (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HML355FN (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1LRYOEA (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on ўв 15.01.2019 Ј. at 3:40:09,86 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Само ми направи впечатление ей това > "Failed to delete: C:\Program Files (x86)\proxygate (Folder)", нещо ми е много мерак да го изтрия ръчно?
    • от legolas69
      Здравейте, въпросният лаптоп се използва от майка ми за ежедневни дейности и то рядко. При стартирането на системата ESET засича PUP.Optional.Reimage, позволих си да сканирам с Malwarebytes, БЕЗ да предприемам действия. Каква е тази папка и има ли нещо притеснително ? Благодаря предварително. 
      Addition.txt
      FRST.txt
      malwarebytes.txt
    • от v3cko
      Здравейте и за много години,моят проблем хром бавно отваря забива и се срива- отварят се по няколко страници . В момента съм safe mode иначе забива
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2019
      Ran by ВЕС (administrator) on WIN-SKFJ6HLGST2 (03-01-2019 20:43:32)
      Running from C:\Users\ВЕС\Downloads
      Loaded Profiles: ВЕС (Available Profiles: ВЕС)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
      Internet Explorer Version 8 (Default browser: Chrome)
      Boot Mode: Safe Mode (with Networking)
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [DHY0GM3ATCSFE7M] => "C:\Program Files\x0h1djdcnoe\3OQCH.exe"
      HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
      HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\MountPoints2: {41be252d-0f82-11e9-a624-002713343a56} - F:\Lenovo_Suite.exe
      HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
      HKLM\Software\Microsoft\Active Setup\Installed Components: [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> C:\Windows\System32\iedkcs32.dll [2010-11-20] (Microsoft Corporation)
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-03] (Google Inc.)
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{840DEA2A-8553-4D25-A5FB-7DB86C5BFBE5}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{EE11610E-0BCC-42A7-A0AC-89B4A3B92BF1}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
      SearchScopes: HKU\S-1-5-21-3512987231-521144983-709920193-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10477_754_190103&q={searchTerms}
      BHO: YoutubeAdBlock -> {984AFA40-4BEC-457F-AEDE-FE3404A646FA} -> C:\Program Files\VKkhWVSisIE\kwTiXoR.dll => No File
      FireFox:
      ========
      FF ProfilePath: C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default [2019-01-03]
      FF user.js: detected! => C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default\user.js [2006-04-06]
      FF Extension: (NewsFox) - C:\Users\ВЕС\Downloads\k-meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed]
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
      Chrome: 
      =======
      CHR HomePage: Default -> hxxp://google.bg/
      CHR Profile: C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default [2019-01-03]
      CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2019-01-03]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-03]
      CHR Extension: (Chrome Media Router) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-03]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      "qamplvkj" => service was unlocked. <==== ATTENTION
      S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-12] (Google Inc.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
      S2 qamplvkj; C:\Windows\system32\qamplvkj\dfaricjc.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
      S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
      S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2019-01-03] (Malwarebytes)
      S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [106144 2019-01-03] (Malwarebytes)
      S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63760 2019-01-03] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2019-01-03] (Malwarebytes)
      S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [83648 2019-01-03] (Malwarebytes)
      U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2019-01-04 03:15 - 2019-01-04 03:15 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
      2019-01-04 03:15 - 2019-01-04 03:15 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
      2019-01-04 03:14 - 2019-01-04 03:14 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
      2019-01-04 03:10 - 2019-01-03 18:31 - 000000000 ____D C:\Windows\Panther
      2019-01-04 03:03 - 2019-01-04 03:03 - 000000000 ____D C:\Windows.old
      2019-01-03 20:43 - 2019-01-03 20:43 - 001783808 _____ (Farbar) C:\Users\ВЕС\Downloads\FRST.exe
      2019-01-03 20:43 - 2019-01-03 20:43 - 000007564 _____ C:\Users\ВЕС\Downloads\FRST.txt
      2019-01-03 20:43 - 2019-01-03 20:43 - 000000000 ____D C:\FRST
      2019-01-03 20:18 - 2019-01-03 20:18 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2019-01-03 20:18 - 2019-01-03 20:18 - 000083648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2019-01-03 20:18 - 2019-01-03 20:18 - 000063760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2019-01-03 20:03 - 2019-01-03 20:03 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbam
      2019-01-03 20:02 - 2019-01-03 20:42 - 000172280 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2019-01-03 20:02 - 2019-01-03 20:02 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2019-01-03 20:02 - 2019-01-03 20:02 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbamtray
      2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\ProgramData\Malwarebytes
      2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Program Files\Malwarebytes
      2019-01-03 20:02 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
      2019-01-03 20:00 - 2019-01-03 20:01 - 081227760 _____ (Malwarebytes ) C:\Users\ВЕС\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
      2019-01-03 19:40 - 2019-01-03 20:03 - 000000000 ____D C:\ProgramData\RogueKiller
      2019-01-03 19:40 - 2019-01-03 19:40 - 029162424 _____ (Adlice Software ) C:\Users\ВЕС\Downloads\RogueKiller_setup.exe
      2019-01-03 19:40 - 2019-01-03 19:40 - 000001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
      2019-01-03 19:40 - 2019-01-03 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
      2019-01-03 19:40 - 2019-01-03 19:40 - 000000000 ____D C:\Program Files\RogueKiller
      2019-01-03 19:34 - 2019-01-03 20:42 - 000265284 _____ C:\Windows\ntbtlog.txt
      2019-01-03 19:30 - 2019-01-03 19:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
      2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\teiqv2gvtfm
      2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\imgn0qmwmwh
      2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\acysy1vaoki
      2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ C:\Users\ВЕС\AppData\Local\dump007.dat
      2019-01-03 19:09 - 2019-01-03 19:09 - 000000009 _____ C:\Users\ВЕС\rstr1.ini
      2019-01-03 19:08 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\3zxuksmazmq
      2019-01-03 19:07 - 2019-01-03 19:07 - 000000258 __RSH C:\Users\ВЕС\ntuser.pol
      2019-01-03 19:04 - 2019-01-03 19:04 - 000000000 ____D C:\Windows\system32\qamplvkj
      2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\vi5lm2mflim
      2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\sq0zlve2tqj
      2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\qc1oa2vrskn
      2019-01-03 19:02 - 2019-01-03 19:02 - 000000000 ____D C:\Users\ВЕС\AppData\LocalLow\yHNPHHIzKpsCK
      2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\423viiu5lfu
      2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Michael
      2019-01-03 19:01 - 2019-01-03 19:19 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ShopMore
      2019-01-03 19:01 - 2019-01-03 19:07 - 000002964 __RSH C:\ProgramData\ntuser.pol
      2019-01-03 19:01 - 2019-01-03 19:01 - 000493800 _____ (VideoDriver) C:\Windows\D04DE5140B2D.sys
      2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ C:\Users\ВЕС\AppData\Local\installer.dat
      2019-01-03 19:01 - 2019-01-03 19:01 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Python
      2019-01-03 19:00 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ezc3lfxnx4j
      2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ C:\Users\ВЕС\AppData\Local\wbem.ini
      2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{AC10FE2E-1A46-0496-3E07-15883EE04CD9}
      2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{59403C6F-D807-F1C6-7FC5-457D7F221C2C}
      2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\Users\NYBMYXMIG-DECRYPT.txt
      2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\NYBMYXMIG-DECRYPT.txt
      2019-01-03 18:57 - 2019-01-03 18:57 - 000000000 ____H C:\d85105b2d85102533b.lock
      2019-01-03 18:56 - 2019-01-03 18:56 - 000000000 ____D C:\ProgramData\HCRGWPOIZH4OHCKX91M2
      2019-01-03 18:56 - 2015-08-03 08:53 - 000384000 _____ (SafeIP) C:\Windows\system32\SafeIPs.dll
      2019-01-03 18:55 - 2019-01-03 20:05 - 000000000 ____D C:\Program Files\KMSPico 10.2.1 Final
      2019-01-03 18:53 - 2018-12-10 23:04 - 000499424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      2019-01-03 18:48 - 2019-01-03 18:48 - 001259736 _____ (Plarium) C:\Users\ВЕС\Downloads\PlariumPlaySetup (1).exe
      2019-01-03 18:46 - 2019-01-03 18:46 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Package Cache
      2019-01-03 18:45 - 2019-01-03 19:03 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Mozilla
      2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\K-Meleon
      2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Local\K-Meleon
      2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Plarium
      2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\CEF
      2019-01-03 18:39 - 2019-01-03 18:39 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Google
      2019-01-03 18:38 - 2019-01-03 19:53 - 000002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2019-01-03 18:38 - 2019-01-03 19:53 - 000002161 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2019-01-03 18:37 - 2019-01-03 19:02 - 000000000 ____D C:\Program Files\Google
      2019-01-03 18:37 - 2019-01-03 19:00 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Google
      2019-01-03 18:37 - 2019-01-03 18:37 - 000057560 _____ C:\Users\ВЕС\AppData\Local\GDIPFONTCACHEV1.DAT
      2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Deployment
      2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Apps\2.0
      2019-01-03 18:36 - 2014-05-14 17:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
      2019-01-03 18:36 - 2014-05-14 17:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
      2019-01-03 18:36 - 2014-05-14 17:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
      2019-01-03 18:36 - 2014-05-14 17:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
      2019-01-03 18:36 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
      2019-01-03 18:36 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
      2019-01-03 18:33 - 2019-01-03 19:53 - 000001335 _____ C:\Users\ВЕС\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2019-01-03 18:33 - 2019-01-03 19:09 - 000000000 ____D C:\Users\ВЕС
      2019-01-03 18:33 - 2019-01-03 18:33 - 000000020 ___SH C:\Users\ВЕС\ntuser.ini
      2019-01-03 18:33 - 2019-01-03 18:33 - 000000000 ____D C:\Users\ВЕС\AppData\Local\VirtualStore
      2019-01-03 18:33 - 2010-11-21 01:46 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Media Center Programs
      2019-01-03 16:27 - 2019-01-03 16:27 - 000000000 ____D C:\My Drivers
      2018-12-30 08:50 - 2018-12-30 08:50 - 005183296 _____ (Marcin Szeniak ) C:\Users\ВЕС\Downloads\BCUninstaller_4.12.1_setup.exe
      2018-12-29 13:35 - 2018-12-29 13:35 - 000000000 ____D C:\SWSetup
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2019-01-04 03:15 - 2009-07-14 05:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2019-01-04 03:15 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\sysprep
      2019-01-04 03:12 - 2010-11-21 01:46 - 000000000 ____D C:\Windows\CSC
      2019-01-04 03:10 - 2009-07-14 05:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
      2019-01-03 20:30 - 2010-11-20 22:01 - 000713888 _____ C:\Windows\system32\PerfStringBackup.INI
      2019-01-03 20:30 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
      2019-01-03 20:18 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2019-01-03 20:17 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2019-01-03 20:17 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2019-01-03 19:01 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\GroupPolicy
      2019-01-03 18:57 - 2018-08-11 19:54 - 000000000 ____D C:\Intel
      2019-01-03 18:57 - 2017-10-21 13:53 - 000000000 ____D C:\LFS
      2019-01-03 18:57 - 2017-09-25 20:50 - 000000000 ___RD C:\BECKO-PC
      2019-01-03 18:57 - 2017-04-14 15:10 - 000036892 ____H C:\iCS Source.suo.nybmyxmig
      2019-01-03 18:33 - 2009-07-14 05:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT
      2019-01-03 18:31 - 2009-07-14 03:37 - 000000000 __RHD C:\Users\Public\Libraries
      2019-01-03 17:30 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache
      2019-01-03 15:34 - 2018-08-11 14:17 - 000000000 ____D C:\Users\ВЕС\Downloads\k-meleon
      2019-01-01 13:09 - 2018-09-02 13:32 - 000000000 ____D C:\Users\ВЕС\Documents\TalkHelper
      ==================== Files in the root of some directories =======
      1601-01-03 21:26 - 1601-01-03 21:26 - 000186368 ____N (Microsoft Corporation) C:\Users\ВЕС\AppData\Local\aIQEonJ.exe
      2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ () C:\Users\ВЕС\AppData\Local\dump007.dat
      2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ () C:\Users\ВЕС\AppData\Local\installer.dat
      2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ () C:\Users\ВЕС\AppData\Local\wbem.ini
      Some files in TEMP:
      ====================
      2019-01-03 18:56 - 2019-01-03 18:56 - 000710464 _____ () C:\Users\ВЕС\AppData\Local\Temp\3.exe
      2019-01-03 19:00 - 2019-01-03 19:00 - 001312696 _____ (                                                            ) C:\Users\ВЕС\AppData\Local\Temp\fastdatax.exe
      2019-01-03 19:09 - 2019-01-03 20:19 - 000000000 ____D () C:\Users\ВЕС\AppData\Local\Temp\IEShims.dll
      2019-01-03 19:00 - 2019-01-03 19:00 - 003520512 _____ () C:\Users\ВЕС\AppData\Local\Temp\installer_mi.exe
      2019-01-03 18:56 - 2019-01-03 18:56 - 002715792 _____ (SafeIP, LLC.                                                ) C:\Users\ВЕС\AppData\Local\Temp\update.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2019-01-04 03:11
      ==================== End of FRST.txt ===========================
      Addition.txt

    • от Шабан Талипов
      Някой може ли дами помогне, тази грешка забранява достъпа на обновление на windows-a и не позволява включването на защитната стена. Пробвах с антивирусна програма bitdefender без успех
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.