Journale 6

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Win 7 (administrator) on WIN7-PC (05-12-2017 01:11:43)
Running from C:\Users\Win 7\Downloads
Loaded Profiles: Win 7 (Available Profiles: Win 7)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-

how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop

Common\ElevationManager\AdobeUpdateService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common

Files\Adobe\AdobeGCClient\AGSService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files
(x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\FreeLAN\bin\freelan.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft

Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage

Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System

Speedup\Avira.SystemSpeedup.SpeedupService.exe

Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Valve Corporation) C:\Users\Win 7\Desktop\Steam\Steam.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(wifimouse.necta.us) C:\Program Files (x86)\Mouse Server\MouseServer.exe
(Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common

Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe

Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative

Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Electroneum LTD) C:\Users\Win 7\AppData\Roaming\Electroneum\electroneumpoolminer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will
not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common

Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems
Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative

Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Safe Shopping] => C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe
Shopping.exe [546960 2017-10-30] (Avira Operations Gmbh & Co. KG)
HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [Steam] => C:\Users\Win

7\Desktop\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)
HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [CCleaner Monitoring] => C:\Program

Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [MouseServer] => C:\Program Files

(x86)\Mouse Server\MouseServer.exe [493056 2017-10-24] (wifimouse.necta.us)
HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\MountPoints2: G - G:\stp-fm2017.exe
HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\MountPoints2: {d2c0facc-7de3-11e7-
85e9-4061861f71d2} - H:\Autoplay.exe -auto
HKU\S-1-5-21-2737374540-661935763-2935816294-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->

C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\cvsvcdcb.lnk [2010-11-21]
ShortcutTarget: cvsvcdcb.lnk -> C:\Users\Win 7\Desktop\C (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3CE472AA-17E2-4539-B1C3-1E219C176CF5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{415A21A2-38F7-4EE7-81E5-A1F56DBA3F78}: [DhcpNameServer] 172.18.12.1
Internet Explorer:
==================
HKU\S-1-5-21-2737374540-661935763-2935816294-1000\Software\Microsoft\Internet
Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2737374540-661935763-2935816294-1000 -> DefaultScope {0633EE93-

D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program

Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program

Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program

Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program

Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program

Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program

Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\bN6sIJQi.default [2017-09-
11]
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program

Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program

Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft

Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 ->

C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24]

(VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative

Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer ->

C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files

(x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files

(x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files

(x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 ->

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 ->

C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files
(x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader

DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default ->

"hxxp://www.google.com/search","hxxps://www.google.me/webhp?sourceid=chrome-
instant&ion=1&espv=2&ie=UTF-8","hxxp://www.google.me/"
CHR Profile: C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default [2017-12-05]
CHR Extension: (Slides) - C:\Users\Win 7\AppData\Local\Google\Chrome\User

Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Win 7\AppData\Local\Google\Chrome\User

Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Win 7\AppData\Local\Google\Chrome\User

Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-06]
CHR Extension: (Turn Off the Lights) - C:\Users\Win 7\AppData\Local\Google\Chrome\User

Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-10-25]
CHR Extension: (YouTube) - C:\Users\Win 7\AppData\Local\Google\Chrome\User

Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-06]
CHR Extension: (Avira Password Manager) - C:\Users\Win 7\AppData\Local\Google\Chrome\User

Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-10-07]
CHR Extension: (Home - New Tab Page) - C:\Users\Win 7\AppData\Local\Google\Chrome\User

Data\Default\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2017-08-09]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Win 7\AppData\Local\Google\Chrome\User
Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2017-08-09]
CHR Extension: (Sheets) - C:\Users\Win 7\AppData\Local\Google\Chrome\User

Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Instagram Stories Web) - C:\Users\Win 7\AppData\Local\Google\Chrome\User

Data\Default\Extensions\ffbdgldeelhagpbhoiafjgnbcnjkpgdp [2017-09-28]
CHR Extension: (Google Docs Offline) - C:\Users\Win 7\AppData\Local\Google\Chrome\User

Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-06]
CHR Extension: (Mate Translate: Select and Translate) - C:\Users\Win

7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke
[2017-12-04]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Win 7\AppData\Local\Google\Chrome\User

Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Win 7\AppData\Local\Google\Chrome\User

Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-02]
CHR Extension: (Gmail) - C:\Users\Win 7\AppData\Local\Google\Chrome\User

Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-06]
CHR Extension: (Chrome Media Router) - C:\Users\Win 7\AppData\Local\Google\Chrome\User

Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -

hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] -

CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] -

CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] -

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved
unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop

Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems
Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016

2017-08-23] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2017-12-01] (Avira

Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-12-01]

(Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-12-01] (Avira

S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2017-12-01] (Avira

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [413592 2017-11-02]

R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [332016 2017-10-25]

R2 AviraUpdaterService; C:\Program Files

(x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2017-12-01] (Avira
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072
2016-05-30] (Disc Soft Ltd)
R2 FreeLAN Service; C:\Program Files\FreeLAN\bin\freelan.exe [3486720 2015-05-07] () [File not signed]
R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-24] (SafeNet Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08]
(Realtek Semiconductor)
R2 SpeedupService; C:\Program Files (x86)\Avira\System

Speedup\Avira.SystemSpeedup.SpeedupService.exe [74256 2017-12-04] (Avira Operations GmbH & Co.
KG)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248

2017-09-06] ()
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn

Time) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-09-15] (Microsoft

Corporation)
===================== Drivers (Whitelisted) ======================
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-08-17] (Avira Operations

GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [194272 2017-09-28] (Avira Operations GmbH

& Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [151128 2017-08-17] (Avira Operations GmbH &

Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-08-17] (Avira Operations GmbH &

Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-08-17] (Avira Operations GmbH &

Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-08-17] (Avira Operations GmbH &

Co. KG)
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)

S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-08-10] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-08-10] (Disc Soft Ltd)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology

Inc)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-24] (SafeNet Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)
S3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-09-27] (The OpenVPN

Project)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN

Project)
S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [36792 2017-08-24] (The OpenVPN

Project)
S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-04-21]

(The OpenVPN Project)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\Win 7\Downloads\THE PAPER PEGASUS HEXAGON PS BRUSHES "
2017-12-05 01:11 - 2017-12-05 01:11 - 000045605 _____ C:\Users\Win 7\Desktop\Addition.txt
2017-12-05 01:11 - 2017-12-05 01:11 - 000029888 _____ C:\Users\Win 7\Desktop\FRST1.txt
2017-12-05 01:08 - 2017-12-05 01:11 - 000045602 _____ C:\Users\Win 7\Downloads\Addition.txt
2017-12-05 01:06 - 2017-12-05 01:12 - 000019743 _____ C:\Users\Win 7\Downloads\FRST.txt
2017-12-05 01:06 - 2017-12-05 01:11 - 000000000 ____D C:\FRST
2017-12-05 01:06 - 2017-12-05 01:06 - 000000000 _____ C:\Users\Win

7\Downloads\RogueKillerX64.exe
2017-12-05 01:04 - 2017-12-05 01:04 - 002391552 _____ (Farbar) C:\Users\Win

7\Downloads\FRST64.exe
2017-12-05 00:54 - 2017-12-05 00:54 - 000000098 _____ C:\Users\Win 7\Desktop\New Text

Document.txt
2017-12-05 00:53 - 2017-12-05 00:53 - 000832453 _____ C:\Users\Win

7\Downloads\Electroneum_Offline_Wallet (1).pdf
2017-12-05 00:52 - 2017-12-05 00:52 - 000299727 _____ C:\Users\Win

7\Downloads\Electroneum_Offline_Wallet.zip
2017-12-05 00:49 - 2017-12-05 00:49 - 000832453 _____ C:\Users\Win

7\Downloads\Electroneum_Offline_Wallet.pdf
2017-12-05 00:48 - 2017-12-05 00:48 - 000001935 _____ C:\Users\Win

7\Desktop\electroneumpoolminer.lnk
2017-12-05 00:48 - 2017-12-05 00:48 - 000001921 _____ C:\Users\Win

7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\electroneumpoolminer.lnk
2017-12-05 00:48 - 2017-12-05 00:48 - 000001915 _____ C:\Users\Win

7\AppData\Roaming\Microsoft\Windows\Start Menu\electroneumpoolminer.lnk
2017-12-05 00:48 - 2017-12-05 00:48 - 000000000 ____D C:\Users\Win

7\AppData\Roaming\Electroneum
2017-12-05 00:47 - 2017-12-05 00:48 - 001689979 _____ C:\Users\Win

7\Downloads\Electroneum_Pool_Miner_v1.1_setup.exe
2017-12-04 17:26 - 2017-12-04 17:26 - 000015466 _____ C:\Users\Win 7\Downloads\Gomorra (2014) -

03x03 - Episodio 3.1080p.HDTVRip.DD5.1.x264-NovaRip.English.C.updated.Addic7ed.com.srt
03x03 - Episodio 3.HDTV.1080p.AAC.ITA.English.C.updated.Addic7ed.com.srt
2017-12-04 16:44 - 2017-12-05 01:02 - 000000000 ____D C:\Users\Public\Speedup Sessions

03x02 - Episodio 2.1080p.HDTVRip.DD5.1.x264-NovaRip.English.C.orig.Addic7ed.com.srt
2017-12-01 21:49 - 2017-12-01 21:57 - 162379766 _____ C:\Users\Win 7\Downloads\Gomorrah S03E01

720p HDTV DD5 1 x264-A PYLON 1.mp4

03x01 - Episodio 1.HDTV.x264-Bymonello78.English.C.orig.Addic7ed.com.srt
2017-12-01 20:58 - 2017-12-01 20:58 - 000015343 _____ C:\Users\Win

7\Downloads\Gomorra.La.Serie.S03E01.HDTV.ITA.AC3.XviD-Prometheus-en.srt
2017-11-18 00:12 - 2017-11-18 00:30 - 294757612 _____ C:\Users\Win 7\Downloads\Dunja Jovanov.zip
2017-11-16 22:01 - 2017-11-16 22:01 - 000001116 _____ C:\Users\Public\Desktop\Avira.lnk
2017-11-16 20:58 - 2016-02-08 02:24 - 000149180 _____ C:\Users\Win 7\Desktop\libel-suit-rg.ttf
2017-11-16 20:58 - 2014-02-25 11:50 - 000012590 _____ C:\Users\Win 7\Desktop\read-this.html
2017-11-16 20:58 - 2014-02-19 09:50 - 000071442 _____ C:\Users\Win 7\Desktop\typodermic-eula-02-

2014.pdf
2017-11-16 20:58 - 2012-07-20 02:06 - 000068656 _____ C:\Users\Win 7\Desktop\good times rg.ttf
2017-11-16 20:56 - 2017-11-16 20:56 - 000141565 _____ C:\Users\Win 7\Downloads\libel-suit.zip
2017-11-16 20:55 - 2017-11-16 20:55 - 000104082 _____ C:\Users\Win 7\Downloads\good-times.zip
2017-11-16 20:18 - 2017-11-16 20:18 - 000000000 ____D C:\Users\Win

7\AppData\Local\Tempzxpsign52fedccffce6ee51
2017-11-13 16:31 - 2017-11-13 16:36 - 042609152 _____ C:\Users\Win 7\Downloads\popcorn-time-

latest.msi
2017-11-13 16:30 - 2017-11-13 16:30 - 051919949 _____ (Popcorn Time ) C:\Users\Win

7\Downloads\PopcornTime-latest (1).exe
2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

7\Desktop\ScreenCapture20171109_302004_127.bmp
2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win
2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:19 - 2017-11-09 23:19 - 004177974 _____ C:\Users\Win

2017-11-09 22:20 - 2017-11-09 22:20 - 000648912 _____ (Necta Inc. ) C:\Users\Win

7\Downloads\MouseServer.exe
2017-11-09 22:20 - 2017-11-09 22:20 - 000001062 _____ C:\ProgramData\Microsoft\Windows\Start

Menu\Programs\Mouse Server.lnk
2017-11-09 22:20 - 2017-11-09 22:20 - 000001050 _____ C:\Users\Public\Desktop\Mouse Server.lnk
2017-11-09 22:20 - 2017-11-09 22:20 - 000000000 ____D C:\Program Files (x86)\Mouse Server
2017-11-07 02:43 - 2017-11-07 02:43 - 008388257 _____ C:\Users\Win 7\Downloads\Budvanka.WMV
2017-11-06 02:02 - 2017-11-06 02:02 - 004624152 _____ C:\Users\Win 7\Downloads\Sara 03.AVI
2017-11-06 02:01 - 2017-11-06 02:03 - 042416432 _____ C:\Users\Win

7\Downloads\xhamster.com_7988235_tijana_blowjob_and_handjob_720p.avi
==================== One Month Modified files and folders ========
2017-12-05 01:10 - 2009-07-14 05:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-

B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-05 00:47 - 2017-09-28 00:11 - 000003292 _____

C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2017-12-04 17:07 - 2017-10-11 02:22 - 000000000 ___RD C:\Users\Win 7\Creative Cloud Files
2017-12-04 17:07 - 2017-10-03 22:37 - 000000000 ____D C:\Users\Win 7\Desktop\Steam

2017-12-04 17:07 - 2017-08-06 09:25 - 000000000 ____D C:\Users\Win 7\AppData\Local\Adobe
2017-12-04 16:44 - 2017-09-11 01:09 - 000003658 _____

C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate
2017-12-04 16:44 - 2017-09-11 01:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start

Menu\Programs\Avira
2017-12-04 16:44 - 2017-09-11 01:05 - 000000000 ____D C:\Program Files (x86)\Avira
2017-12-04 16:38 - 2017-08-06 09:22 - 000151552 _____ C:\Windows\KMSEmulator.exe
2017-12-04 16:38 - 2017-08-06 09:22 - 000002982 _____ C:\Windows\System32\Tasks\AutoKMS
2017-12-04 16:38 - 2017-08-06 09:22 - 000000292 _____ C:\Windows\Tasks\AutoKMS.job
2017-12-04 16:36 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-04 00:48 - 2017-10-20 02:38 - 000000000 ____D C:\Users\Win 7\AppData\Local\Popcorn-Time-

CE

Menu\Programs\Acrobat Reader DC.lnk
2017-12-01 19:10 - 2017-10-17 17:13 - 000003832 _____ C:\Windows\System32\Tasks\Opera

scheduled Autoupdate 1508256773
2017-12-01 19:10 - 2017-10-17 17:12 - 000000000 ____D C:\Program Files\Opera
2017-11-17 23:31 - 2017-08-10 20:41 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-17 23:11 - 2009-07-14 05:45 - 005009256 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-16 22:01 - 2017-09-11 01:05 - 000003122 _____ C:\Windows\System32\Tasks\Avira

SystrayStartTrigger
2017-11-16 21:45 - 2017-08-05 12:54 - 000085776 _____ C:\Users\Win

7\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-16 19:42 - 2017-08-06 09:28 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat

Update Task
2017-11-16 16:03 - 2009-07-14 06:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-16 16:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-11-15 15:25 - 2017-08-06 09:11 - 000003330 _____

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 15:25 - 2017-08-06 09:11 - 000003202 _____
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Menu\Programs\Google Chrome.lnk
2017-11-13 21:25 - 2017-08-06 09:12 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-13 16:38 - 2017-10-11 00:44 - 000000000 ____D C:\Users\Win 7\Downloads\PopcornTime
2017-11-13 16:37 - 2017-08-10 22:55 - 000001197 _____ C:\Users\Public\Desktop\Popcorn Time.lnk

Menu\Programs\Popcorn Time
2017-11-13 16:37 - 2017-08-10 22:55 - 000000000 ____D C:\Program Files (x86)\Popcorn Time
2017-11-10 13:01 - 2009-07-14 06:08 - 000032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2017-10-13 23:38 - 2017-10-14 00:05 - 000000112 _____ () C:\Users\Win 7\AppData\Roaming\JP2K CS6

Prefs
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signedScan result of Farbar Recovery Scan Tool
(FRST) (x64) Version: 30-11-2017
Boot Mode: Normal














not be moved.)

Incorporated)





Internet Explorer:
==================

D776-472f-A0FF-E1416B8B2E3A} URL =





FireFox:
========

11]





(VideoLAN)











Chrome:
=======












[2017-12-04]







Opera:
=======

Incorporated)









KG)

2017-09-06] ()


Corporation)

GmbH & Co. KG)
& Co. KG)

Co. KG)

Co. KG)

Co. KG)

Co. KG)

Inc)

Project)

Project)

Project)


2017-12-05 01:06 - 2017-12-05 01:11 - 000000000 ____D C:\FRST
2017-12-05 01:06 - 2017-12-05 01:06 - 000000000 _____ C:\Users\Win



Document.txt
2017-12-05 00:53 - 2017-12-05 00:53 - 000832453 _____ C:\Users\Win

2017-12-05 00:52 - 2017-12-05 00:52 - 000299727 _____ C:\Users\Win

2017-12-05 00:49 - 2017-12-05 00:49 - 000832453 _____ C:\Users\Win
2017-12-05 00:48 - 2017-12-05 00:48 - 000001935 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000001921 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000001915 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000000000 ____D C:\Users\Win

2017-12-05 00:47 - 2017-12-05 00:48 - 001689979 _____ C:\Users\Win






2017-12-01 20:58 - 2017-12-01 20:58 - 000015343 _____ C:\Users\Win


2014.pdf
2017-11-16 20:18 - 2017-11-16 20:18 - 000000000 ____D C:\Users\Win


latest.msi

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:19 - 2017-11-09 23:19 - 004177974 _____ C:\Users\Win



2017-11-06 02:01 - 2017-11-06 02:03 - 042416432 _____ C:\Users\Win


B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-05 00:47 - 2017-09-28 00:11 - 000003292 _____

2017-12-04 16:44 - 2017-09-11 01:09 - 000003658 _____


Menu\Programs\Avira

CE




SystrayStartTrigger
2017-11-16 21:45 - 2017-08-05 12:54 - 000085776 _____ C:\Users\Win


Update Task
2017-11-16 16:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-11-15 15:25 - 2017-08-06 09:11 - 000003330 _____

2017-11-15 15:25 - 2017-08-06 09:11 - 000003202 _____




Prefs
==================== Bamital & volsnap ======================
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signedScan result of Farbar Recovery Scan

Tool (FRST) (x64) Version: 30-11-2017

Boot Mode: Normal













not be moved.)

Incorporated)





Internet Explorer:
==================

D776-472f-A0FF-E1416B8B2E3A} URL =






FireFox:
========

11]





(VideoLAN)












Chrome:
=======












[2017-12-04]








Opera:
=======
Incorporated)










KG)

2017-09-06] ()

Corporation)

GmbH & Co. KG)

& Co. KG)

Co. KG)

Co. KG)

Co. KG)

Co. KG)

Inc)

Project)

Project)

Project)


2017-12-05 01:06 - 2017-12-05 01:11 - 000000000 ____D C:\FRST
2017-12-05 01:06 - 2017-12-05 01:06 - 000000000 _____ C:\Users\Win



Document.txt
2017-12-05 00:53 - 2017-12-05 00:53 - 000832453 _____ C:\Users\Win

2017-12-05 00:52 - 2017-12-05 00:52 - 000299727 _____ C:\Users\Win

2017-12-05 00:49 - 2017-12-05 00:49 - 000832453 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000001935 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000001921 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000001915 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000000000 ____D C:\Users\Win

2017-12-05 00:47 - 2017-12-05 00:48 - 001689979 _____ C:\Users\Win





2017-12-01 20:58 - 2017-12-01 20:58 - 000015343 _____ C:\Users\Win


2014.pdf
2017-11-16 20:18 - 2017-11-16 20:18 - 000000000 ____D C:\Users\Win


latest.msi

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:19 - 2017-11-09 23:19 - 004177974 _____ C:\Users\Win


2017-11-06 02:01 - 2017-11-06 02:03 - 042416432 _____ C:\Users\Win


B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-05 00:47 - 2017-09-28 00:11 - 000003292 _____

2017-12-04 16:44 - 2017-09-11 01:09 - 000003658 _____

Menu\Programs\Avira

CE



SystrayStartTrigger
2017-11-16 21:45 - 2017-08-05 12:54 - 000085776 _____ C:\Users\Win


Update Task
2017-11-16 16:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-11-15 15:25 - 2017-08-06 09:11 - 000003330 _____

2017-11-15 15:25 - 2017-08-06 09:11 - 000003202 _____



Prefs
==================== Bamital & volsnap ======================

C:\Windows\system32\User32.dll => File is digitally signedScan result of Farbar Recovery Scan Tool
(FRST) (x64) Version: 30-11-2017
Boot Mode: Normal














not be moved.)

Incorporated)







Internet Explorer:
==================

D776-472f-A0FF-E1416B8B2E3A} URL =






FireFox:
========
11]





(VideoLAN)











Chrome:
=======












[2017-12-04]








Opera:
=======


Incorporated)










KG)

2017-09-06] ()


Corporation)

GmbH & Co. KG)

& Co. KG)

Co. KG)

Co. KG)

Co. KG)

Co. KG)


Inc)

Project)

Project)

Project)


2017-12-05 01:06 - 2017-12-05 01:11 - 000000000 ____D C:\FRST
2017-12-05 01:06 - 2017-12-05 01:06 - 000000000 _____ C:\Users\Win



Document.txt
2017-12-05 00:53 - 2017-12-05 00:53 - 000832453 _____ C:\Users\Win

2017-12-05 00:52 - 2017-12-05 00:52 - 000299727 _____ C:\Users\Win

2017-12-05 00:49 - 2017-12-05 00:49 - 000832453 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000001935 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000001921 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000001915 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000000000 ____D C:\Users\Win

2017-12-05 00:47 - 2017-12-05 00:48 - 001689979 _____ C:\Users\Win





2017-12-01 20:58 - 2017-12-01 20:58 - 000015343 _____ C:\Users\Win


2014.pdf
2017-11-16 20:18 - 2017-11-16 20:18 - 000000000 ____D C:\Users\Win


latest.msi

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win
2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:19 - 2017-11-09 23:19 - 004177974 _____ C:\Users\Win



2017-11-06 02:01 - 2017-11-06 02:03 - 042416432 _____ C:\Users\Win


B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-05 00:47 - 2017-09-28 00:11 - 000003292 _____


2017-12-04 16:44 - 2017-09-11 01:09 - 000003658 _____


Menu\Programs\Avira

CE



SystrayStartTrigger
2017-11-16 21:45 - 2017-08-05 12:54 - 000085776 _____ C:\Users\Win


Update Task
2017-11-16 16:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-11-15 15:25 - 2017-08-06 09:11 - 000003330 _____

2017-11-15 15:25 - 2017-08-06 09:11 - 000003202 _____



Prefs
==================== Bamital & volsnap ======================

C:\Windows\system32\userinit.exe => File is digitally signedScan result of Farbar Recovery Scan Tool
(FRST) (x64) Version: 30-11-2017
Boot Mode: Normal












not be moved.)

Incorporated)






Internet Explorer:
==================

D776-472f-A0FF-E1416B8B2E3A} URL =





FireFox:
========

11]





(VideoLAN)











Chrome:
=======












[2017-12-04]








Opera:
=======

Incorporated)










KG)

2017-09-06] ()


Corporation)

GmbH & Co. KG)

& Co. KG)

Co. KG)

Co. KG)

Co. KG)
Co. KG)

Inc)

Project)

Project)

Project)

2017-12-05 01:06 - 2017-12-05 01:11 - 000000000 ____D C:\FRST
2017-12-05 01:06 - 2017-12-05 01:06 - 000000000 _____ C:\Users\Win



Document.txt
2017-12-05 00:53 - 2017-12-05 00:53 - 000832453 _____ C:\Users\Win

2017-12-05 00:52 - 2017-12-05 00:52 - 000299727 _____ C:\Users\Win

2017-12-05 00:49 - 2017-12-05 00:49 - 000832453 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000001935 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000001921 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000001915 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000000000 ____D C:\Users\Win
2017-12-05 00:47 - 2017-12-05 00:48 - 001689979 _____ C:\Users\Win






2017-12-01 20:58 - 2017-12-01 20:58 - 000015343 _____ C:\Users\Win


2014.pdf
2017-11-16 20:18 - 2017-11-16 20:18 - 000000000 ____D C:\Users\Win


latest.msi
2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:19 - 2017-11-09 23:19 - 004177974 _____ C:\Users\Win



2017-11-06 02:01 - 2017-11-06 02:03 - 042416432 _____ C:\Users\Win


B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-05 00:47 - 2017-09-28 00:11 - 000003292 _____

2017-12-04 16:44 - 2017-09-11 01:09 - 000003658 _____


Menu\Programs\Avira

CE



SystrayStartTrigger
2017-11-16 21:45 - 2017-08-05 12:54 - 000085776 _____ C:\Users\Win

Update Task
2017-11-16 16:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-11-15 15:25 - 2017-08-06 09:11 - 000003330 _____

2017-11-15 15:25 - 2017-08-06 09:11 - 000003202 _____




Prefs
==================== Bamital & volsnap ======================

C:\Windows\system32\dnsapi.dll => File is digitally signedScan result of Farbar Recovery Scan Tool
(FRST) (x64) Version: 30-11-2017
Boot Mode: Normal












not be moved.)

Incorporated)





Internet Explorer:
==================

D776-472f-A0FF-E1416B8B2E3A} URL =






FireFox:
========

11]





(VideoLAN)











Chrome:
=======













[2017-12-04]







Opera:
=======

Incorporated)









KG)

2017-09-06] ()


Corporation)

GmbH & Co. KG)

& Co. KG)

Co. KG)

Co. KG)

Co. KG)

Co. KG)

Inc)

Project)

Project)

Project)

2017-12-05 01:06 - 2017-12-05 01:11 - 000000000 ____D C:\FRST
2017-12-05 01:06 - 2017-12-05 01:06 - 000000000 _____ C:\Users\Win


Document.txt
2017-12-05 00:53 - 2017-12-05 00:53 - 000832453 _____ C:\Users\Win

2017-12-05 00:52 - 2017-12-05 00:52 - 000299727 _____ C:\Users\Win

2017-12-05 00:49 - 2017-12-05 00:49 - 000832453 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000001935 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000001921 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000001915 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000000000 ____D C:\Users\Win

2017-12-05 00:47 - 2017-12-05 00:48 - 001689979 _____ C:\Users\Win






2017-12-01 20:58 - 2017-12-01 20:58 - 000015343 _____ C:\Users\Win

2014.pdf
2017-11-16 20:18 - 2017-11-16 20:18 - 000000000 ____D C:\Users\Win


latest.msi

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:19 - 2017-11-09 23:19 - 004177974 _____ C:\Users\Win


2017-11-06 02:01 - 2017-11-06 02:03 - 042416432 _____ C:\Users\Win


B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-05 00:47 - 2017-09-28 00:11 - 000003292 _____

2017-12-04 16:44 - 2017-09-11 01:09 - 000003658 _____


Menu\Programs\Avira


CE



SystrayStartTrigger
2017-11-16 21:45 - 2017-08-05 12:54 - 000085776 _____ C:\Users\Win


Update Task
2017-11-16 16:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-11-15 15:25 - 2017-08-06 09:11 - 000003330 _____

2017-11-15 15:25 - 2017-08-06 09:11 - 000003202 _____




Prefs
==================== Bamital & volsnap ======================

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signedScan result of Farbar Recovery Scan

Tool (FRST) (x64) Version: 30-11-2017
Boot Mode: Normal













not be moved.)

Incorporated)







Internet Explorer:
==================

D776-472f-A0FF-E1416B8B2E3A} URL =






FireFox:
========

11]





(VideoLAN)











Chrome:
=======












[2017-12-04]








Opera:
=======

Incorporated)











KG)

2017-09-06] ()


Corporation)

GmbH & Co. KG)

& Co. KG)

Co. KG)

Co. KG)

Co. KG)

Co. KG)

Inc)

Project)

Project)

Project)


2017-12-05 01:06 - 2017-12-05 01:11 - 000000000 ____D C:\FRST
2017-12-05 01:06 - 2017-12-05 01:06 - 000000000 _____ C:\Users\Win



Document.txt
2017-12-05 00:53 - 2017-12-05 00:53 - 000832453 _____ C:\Users\Win

2017-12-05 00:52 - 2017-12-05 00:52 - 000299727 _____ C:\Users\Win

2017-12-05 00:49 - 2017-12-05 00:49 - 000832453 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000001935 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000001921 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000001915 _____ C:\Users\Win

2017-12-05 00:48 - 2017-12-05 00:48 - 000000000 ____D C:\Users\Win

2017-12-05 00:47 - 2017-12-05 00:48 - 001689979 _____ C:\Users\Win





2017-12-01 20:58 - 2017-12-01 20:58 - 000015343 _____ C:\Users\Win


2014.pdf
2017-11-16 20:18 - 2017-11-16 20:18 - 000000000 ____D C:\Users\Win


latest.msi

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win
2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:20 - 2017-11-09 23:20 - 004177974 _____ C:\Users\Win

2017-11-09 23:19 - 2017-11-09 23:19 - 004177974 _____ C:\Users\Win



2017-11-06 02:01 - 2017-11-06 02:03 - 042416432 _____ C:\Users\Win


B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-05 00:47 - 2017-09-28 00:11 - 000003292 _____

2017-12-04 16:44 - 2017-09-11 01:09 - 000003658 _____


Menu\Programs\Avira

CE



SystrayStartTrigger
2017-11-16 21:45 - 2017-08-05 12:54 - 000085776 _____ C:\Users\Win


Update Task
2017-11-16 16:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf

2017-11-15 15:25 - 2017-08-06 09:11 - 000003330 _____
2017-11-15 15:25 - 2017-08-06 09:11 - 000003202 _____




Prefs
==================== Bamital & volsnap ======================

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-08-05 21:12
==================== End of FRST.txt ============================
LastRegBack: 2017-08-05 21:12
==================== End of FRST.txt ============================
LastRegBack: 2017-08-05 21:12

==================== End of FRST.txt ============================
LastRegBack: 2017-08-05 21:12
==================== End of FRST.txt ============================
LastRegBack: 2017-08-05 21:12
==================== End of FRST.txt ============================
LastRegBack: 2017-08-05 21:12
==================== End of FRST.txt ============================

LastRegBack: 2017-08-05 21:12
==================== End of FRST.txt ============================

Journale 6

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Journale 6

Uploaded by

Copyright:

Available Formats

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017

Ran by Win 7 (administrator) on WIN7-PC (05-12-2017 01:11:43)

Running from C:\Users\Win 7\Downloads

Loaded Profiles: Win 7 (Available Profiles: Win 7)

Internet Explorer Version 10 (Default browser: Opera)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(SafeNet Inc.) C:\Windows\System32\hasplms.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe

(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\Steam.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(wifimouse.necta.us) C:\Program Files (x86)\Mouse Server\MouseServer.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop

() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe

(Valve Corporation) C:\Users\Win 7\Desktop\Steam\bin\cef\cef.win7\steamwebhelper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative

(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Electroneum LTD) C:\Users\Win 7\AppData\Roaming\Electroneum\electroneumpoolminer.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [Steam] => C:\Users\Win

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [CCleaner Monitoring] => C:\Program

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\...\Run: [MouseServer] => C:\Program Files

HKU\S-1-5-21-2737374540-661935763-2935816294-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->