JinKazama

Здравейте, разбирам. Няма нужда от ресет на браузерите. Благодаря Ви много за отделеното време. Може да приключим темата.

ОК, няма проблем. До по-късно

mbam-log-2016-09-03 (02-03-29).xml

Тази директория е моя Desktop. На него има един mbam-log-2016-09-03 (02-03-29).xml . Това ли е което ви е нужно? Malwarebytes не откри нищо. Направих ново сканиране за браузерни добавки с Avast. Въпросната Web Compat пак е там. Не съм пускал сканиране при рестарт. Желаете ли да пусна едно такова за да проверим дали ще мине този път?

Ами всичко изглежда наред. До колкото си спомням, не съм променял никакви настройки.

Да. Няма други.

Здравейте, явно нещо не съм направил както трябва. Прилагам скрийншот защото не мога да намеря това за което пишете:

1. Не намирам AdwCleaner[C1].txt. Публикувам съдържанието на AdwCleaner[C0].txt # AdwCleaner v6.010 - Logfile created 03/09/2016 at 01:51:12 # Updated on 12/08/2016 by ToolsLib # Database : 2016-09-01.2 [Server] # Operating System : Windows 7 Professional Service Pack 1 (X64) # Username : sotirov - SOTIROV-PC # Running from : D:\sotirov\Desktop\adwcleaner_6.010.exe # Mode: Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** [-] File deleted: C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\searchplugins\bingp.xml ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\Software\Mail.Ru [-] Key deleted: HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\Software\AppDataLow\Software\Mail.Ru [#] Key deleted on reboot: HKCU\Software\Mail.Ru [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Mail.Ru [-] Key deleted: HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} ***** [ Web browsers ] ***** [-] [ask.com] [Search Provider] Deleted: ask.com [-] [flock.en.softonic.com] [Search Provider] Deleted: flock.en.softonic.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1595 Bytes] - [03/09/2016 01:51:12] C:\AdwCleaner\AdwCleaner[S0].txt - [1903 Bytes] - [03/09/2016 01:50:20] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1741 Bytes] ########## 2. След края на програмата, файлът се отвори, но не беше на десктопа. Аз го сейвирах там със Save As... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 7 Professional x64 Ran by sotirov (Administrator) on 03.09.2016 at 1:56:47.52 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 69 Successfully deleted: C:\Users\sotirov\AppData\Local\pdfforge (Folder) Successfully deleted: C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\b4of7ua6.default-1450308215412\extensions\staged (Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09XHS3NT (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UVYXMP2 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4C6SXTLF (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C5TNLI9I (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CH2N7KWT (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLGA0XLW (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3AKGQT3 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FASVG1N5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD01ONQG (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJGI7I4D (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAS3WQR0 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GELXTQOP (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPW2J836 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IHXIYFI9 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQPE7ZE3 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LC9VQCM6 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3XJAVGY (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLNEZMS3 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\POSTP7Q8 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZEFHBWZ (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1QJ89J7 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TISDOBT2 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRB4I4K0 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9W708U3 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQ94OUH2 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRHUOQ07 (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XZO9NK6H (Temporary Internet Files Folder) Successfully deleted: C:\Users\sotirov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8V24FJ9 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09XHS3NT (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UVYXMP2 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4C6SXTLF (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C5TNLI9I (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CH2N7KWT (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLGA0XLW (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3AKGQT3 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FASVG1N5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD01ONQG (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJGI7I4D (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAS3WQR0 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GELXTQOP (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPW2J836 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IHXIYFI9 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQPE7ZE3 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LC9VQCM6 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3XJAVGY (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MLNEZMS3 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\POSTP7Q8 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZEFHBWZ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1QJ89J7 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TISDOBT2 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRB4I4K0 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9W708U3 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQ94OUH2 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRHUOQ07 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XZO9NK6H (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8V24FJ9 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\SysWOW64\REN61FD.tmp (File) Successfully deleted: C:\Windows\SysWOW64\RENDC2B.tmp (File) Successfully deleted: C:\Windows\SysWOW64\RENF91D.tmp (File) user_pref(browser.urlbar.suggest.searches, true); Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 03.09.2016 at 1:58:27.88 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3. След края на сканирането с Malwarebytes Anti-Malware, нямаше опция Apply Actions. Malwarebytes Anti-Malware www.malwarebytes.org Update, 03.09.2016 02:03 ч., SYSTEM, SOTIROV-PC, Manual, Remediation Database, 2016.2.12.1, 2016.8.31.1, Update, 03.09.2016 02:03 ч., SYSTEM, SOTIROV-PC, Manual, Rootkit Database, 2016.2.8.1, 2016.8.15.1, Update, 03.09.2016 02:03 ч., SYSTEM, SOTIROV-PC, Manual, IP Database, 2016.2.8.1, 2016.9.2.1, Update, 03.09.2016 02:03 ч., SYSTEM, SOTIROV-PC, Manual, Domain Database, 2016.2.16.8, 2016.9.2.5, Update, 03.09.2016 02:03 ч., SYSTEM, SOTIROV-PC, Manual, Malware Database, 2016.2.16.6, 2016.9.2.10, Scan, 03.09.2016 02:09 ч., SYSTEM, SOTIROV-PC, Manual, Start:03.09.2016 02:03 ч., Duration:5 min 51 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, (end) 4. Новите логове от FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016 Ran by sotirov (administrator) on SOTIROV-PC (03-09-2016 02:20:07) Running from D:\sotirov\Desktop Loaded Profiles: sotirov (Available Profiles: sotirov) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Firefox Developer Edition\firefox.exe" -osint -url "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\ProgramData\MobileBrServ\mbbService.exe (Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe () C:\Program Files (x86)\Common Files\LogiShrd\LogiSkypePlugin\LogiSkypePlugin.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Don HO [email protected]) C:\Program Files (x86)\Notepad++\notepad++.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [404376 2015-08-09] () HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107104 2016-09-01] (AVAST Software) HKLM-x32\...\Run: [LogiSkypePlugin] => C:\Program Files (x86)\Common Files\LogiShrd\LogiSkypePlugin\LogiSkypePlugin.exe [148280 2013-09-13] () HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech) HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\...\Run: [Google Update] => C:\Users\sotirov\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-03-02] (Google Inc.) HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\...\Run: [Google Photos Backup] => C:\Users\sotirov\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-09] (Google, Inc) HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\...\MountPoints2: {2470548d-fa26-11e4-b056-74d435b9a847} - F:\AutoRun.exe HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\...\MountPoints2: {2607a047-6b05-11e4-ba28-806e6f6e6963} - D:\Run.exe HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\...\MountPoints2: {696837ee-c111-11e4-8ee4-74d435b9a847} - F:\startme.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-13] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-22] (AVAST Software) ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Connect.lnk [2016-01-07] ShortcutTarget: OpenVPN Connect.lnk -> C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 87.121.24.12 192.168.1.1 Tcpip\..\Interfaces\{13883DEE-D18F-4237-A17A-8A0A24C338BE}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{DF1895C5-CBE7-4F51-9114-B9E0CC020BE6}: [DhcpNameServer] 87.121.24.12 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/ BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-21] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-22] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-21] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-21] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-22] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-21] (Oracle Corporation) DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://www.dskdirect.bg/com/capicom.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default FF NewTab: about:newtab FF DefaultSearchEngine: Google FF DefaultSearchUrl: hxxps://www.google.com/search?bcutc=sp-006 FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: chrome://speeddial/content/speeddial.xul FF Keyword.URL: hxxps://www.google.com/search?bcutc=sp-006 FF NetworkProxy: "autoconfig_url", "data:text/plain, function FindProxyForURL(url, host) {if(isInNet(host, '192.168.0.0', '255.255.0.0')) return 'DIRECT'; \nif(host == 'us1-base.cd-n.net') return 'DIRECT'; \nif(host == 'us2-base.cd-n.net') return 'DIRECT'; \nif(host == 'us3-base.cd-n.net') return 'DIRECT'; \nif(host == 'us4-base.cd-n.net') return 'DIRECT'; \nif(host == 'jp1-base.cd-n.net') return 'DIRECT'; \nif(host == 'de1-base.cd-n.net') return 'DIRECT'; \nif(host == 'au1-base.cd-n.net') return 'DIRECT'; \nif(host == 'ca1-base.cd-n.net') return 'DIRECT'; \nif(host == 'ir1-base.cd-n.net') return 'DIRECT'; \nif(host == 'sg1-base.cd-n.net') return 'DIRECT'; \nif(host == 'kr1-base.cd-n.net') return 'DIRECT'; \nif(host == '127.0.0.1') return 'DIRECT'; \nif(host == 'localhost') return 'DIRECT'; \nif(host == 'de1-base.cd-n.net') return 'DIRECT'; \nreturn 'HTTPS GE4DKLRYGYXDCNBYFY2DQIZRGQ3DQOJXGI4DAMA.cd-n.net:443';}" FF NetworkProxy: "gopher", "" FF NetworkProxy: "gopher_port", 0 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] () FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-21] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-21] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3597007044-1801213058-1703319245-1000: @tools.google.com/Google Update;version=3 -> C:\Users\sotirov\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin HKU\S-1-5-21-3597007044-1801213058-1703319245-1000: @tools.google.com/Google Update;version=9 -> C:\Users\sotirov\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF SearchPlugin: C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\searchplugins\google-avast.xml [2016-09-02] FF SearchPlugin: C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\b4of7ua6.default-1450308215412\searchplugins\google-avast.xml [2016-09-02] FF SearchPlugin: C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\78heicwj.dev-edition-default\searchplugins\google-avast.xml [2016-09-02] FF Extension: (Speed Dial) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2015-09-13] FF Extension: (Hoxx VPN Proxy) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\Extensions\@hoxx-vpn.xpi [2016-08-29] FF Extension: (United States English Spellchecker) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\Extensions\[email protected] [2016-03-21] FF Extension: (signTextJS) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\Extensions\[email protected] [2016-08-05] FF Extension: (Lightshot (screenshot tool)) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2016-05-19] FF Extension: (gtranslate) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2016-05-16] FF Extension: (Adblock Plus) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF Extension: (Lightshot (screenshot tool)) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\b4of7ua6.default-1450308215412\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2015-12-17] FF Extension: (gtranslate) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\b4of7ua6.default-1450308215412\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2015-12-17] FF Extension: (Adblock Plus) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\b4of7ua6.default-1450308215412\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-17] FF Extension: (United States English Spellchecker) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\78heicwj.dev-edition-default\Extensions\[email protected] [2016-03-18] FF Extension: (Lightshot (screenshot tool)) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\78heicwj.dev-edition-default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2016-05-19] FF Extension: (Speed Dial) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\78heicwj.dev-edition-default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2015-12-17] FF Extension: (Selenium IDE) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\78heicwj.dev-edition-default\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2016-04-28] FF Extension: (gtranslate) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\78heicwj.dev-edition-default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2016-05-16] FF Extension: (Adblock Plus) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\78heicwj.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-22] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-22] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-01-18] [not signed] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Firefox Developer Edition\firefox.exe Chrome: ======= CHR HomePage: Default -> hxxp://www.bing.com/?mkt=en-US&pc=__PARAM__ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Преводач) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-03-14] CHR Extension: (Google Диск) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (Google Групи) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmbadcfdhiklafcdohpfphhhakmiakk [2015-02-11] CHR Extension: (YouTube) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Adblock Plus) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24] CHR Extension: (Google Търсене) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google+) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2015-12-10] CHR Extension: (Google Календар) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12] CHR Extension: (Електронни таблици от Google) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04] CHR Extension: (GAuth Authenticator) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcmgkikfgdbehjdajjdnebnnmmknfblm [2016-08-22] CHR Extension: (Google Hangouts) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-08-23] CHR Extension: (Google Карти) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-18] CHR Extension: (Разширение Google Keep за Chrome) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2016-08-06] CHR Extension: (Spaces) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddphfbicdnihfelkdldokplanidjhnl [2016-08-24] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04] CHR Extension: (Picasa) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-11-16] CHR Extension: (Gmail) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30] CHR Extension: (Chrome Media Router) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-02] CHR HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-22] (AVAST Software) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] () S3 MySQL56; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [13035008 2014-11-21] () [File not signed] R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [50600 2016-03-03] (Microsoft) R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2014-06-05] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-22] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-22] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-22] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-22] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-22] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-22] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-22] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-22] (AVAST Software) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [26624 2014-05-08] (The OpenVPN Project) S3 gdrv; \??\C:\Windows\gdrv.sys [X] S3 SNP2STD; system32\DRIVERS\snp2sxp.sys [X] U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-03 02:02 - 2016-09-03 02:02 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-09-03 01:58 - 2016-09-03 01:58 - 00011572 _____ C:\Users\sotirov\Desktop\JRT.txt 2016-09-03 01:49 - 2016-09-03 01:51 - 00000000 ____D C:\AdwCleaner 2016-09-02 19:01 - 2016-09-03 02:20 - 00000000 ____D C:\FRST 2016-09-01 16:27 - 2016-09-03 00:25 - 00000000 ____D C:\Program Files (x86)\Firefox Developer Edition 2016-08-28 17:18 - 2016-08-28 17:18 - 00000056 _____ C:\Users\sotirov\.gitconfig 2016-08-28 15:46 - 2016-08-28 18:53 - 00000000 ____D C:\Users\sotirov\git 2016-08-25 16:26 - 2016-08-26 16:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-08-22 23:31 - 2016-08-22 23:31 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-08-22 23:31 - 2016-08-22 23:31 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-08-21 18:22 - 2016-08-21 18:22 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll 2016-08-21 18:19 - 2016-07-07 18:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2016-08-21 18:19 - 2016-07-07 18:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2016-08-21 18:19 - 2016-07-07 18:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2016-08-21 18:19 - 2016-07-07 18:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2016-08-21 18:19 - 2016-07-01 18:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-08-21 18:19 - 2016-07-01 18:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2016-08-21 18:19 - 2016-07-01 18:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-08-21 18:19 - 2016-07-01 18:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll 2016-08-21 18:19 - 2016-07-01 17:56 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-08-21 18:19 - 2016-07-01 17:56 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-08-21 18:19 - 2016-07-01 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-08-19 04:15 - 2016-08-19 14:00 - 00000000 _____ C:\Windows\SysWOW64\last.dump 2016-08-17 01:52 - 2016-07-08 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-08-17 01:52 - 2016-07-08 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-08-09 22:58 - 2016-07-08 18:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-08-09 22:58 - 2016-07-08 18:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-08-09 22:58 - 2016-07-08 18:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-08-09 22:58 - 2016-07-08 18:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-08-09 22:58 - 2016-07-08 18:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-08-09 22:58 - 2016-07-08 18:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-08-09 22:58 - 2016-07-08 17:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-08-09 22:58 - 2016-07-08 17:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-08-09 22:58 - 2016-07-08 17:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-08-09 22:58 - 2016-07-08 17:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-08-09 22:58 - 2016-07-08 17:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-08-09 22:58 - 2016-07-08 17:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-08-09 22:55 - 2016-08-02 17:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-08-09 22:55 - 2016-08-02 17:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-08-09 22:55 - 2016-08-02 09:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-08-09 22:55 - 2016-08-02 09:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-08-09 22:55 - 2016-08-02 09:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-08-09 22:55 - 2016-08-02 09:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-08-09 22:55 - 2016-08-02 09:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-08-09 22:55 - 2016-08-02 09:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-08-09 22:55 - 2016-08-02 09:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-08-09 22:55 - 2016-08-02 09:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-08-09 22:55 - 2016-08-02 09:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-08-09 22:55 - 2016-08-02 09:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-08-09 22:55 - 2016-08-02 09:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-08-09 22:55 - 2016-08-02 09:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-08-09 22:55 - 2016-08-02 09:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-08-09 22:55 - 2016-08-02 09:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-08-09 22:55 - 2016-08-02 09:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-08-09 22:55 - 2016-08-02 09:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-08-09 22:55 - 2016-08-02 09:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-08-09 22:55 - 2016-08-02 09:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-08-09 22:55 - 2016-08-02 09:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-08-09 22:55 - 2016-08-02 09:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-08-09 22:55 - 2016-08-02 09:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-08-09 22:55 - 2016-08-02 08:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-08-09 22:55 - 2016-08-02 08:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-08-09 22:55 - 2016-08-02 08:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-08-09 22:55 - 2016-08-02 08:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-08-09 22:55 - 2016-08-02 08:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-08-09 22:55 - 2016-08-02 08:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-08-09 22:55 - 2016-08-02 08:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-08-09 22:55 - 2016-08-02 08:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-08-09 22:55 - 2016-08-02 08:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-08-09 22:55 - 2016-08-02 08:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-08-09 22:55 - 2016-08-02 08:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-08-09 22:55 - 2016-08-02 08:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-08-09 22:55 - 2016-08-02 08:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-08-09 22:55 - 2016-08-02 08:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-08-09 22:55 - 2016-08-02 08:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-08-09 22:55 - 2016-08-02 08:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-08-09 22:55 - 2016-08-02 08:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-08-09 22:55 - 2016-08-02 08:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-08-09 22:55 - 2016-08-02 08:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-08-09 22:55 - 2016-08-02 08:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-08-09 22:55 - 2016-08-02 08:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-08-09 22:55 - 2016-08-02 08:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-08-09 22:55 - 2016-08-02 08:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-08-09 22:55 - 2016-08-02 08:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-08-09 22:55 - 2016-08-02 08:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-08-09 22:55 - 2016-08-02 08:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-08-09 22:55 - 2016-08-02 08:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-08-09 22:55 - 2016-08-02 08:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-08-09 22:55 - 2016-08-02 08:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-08-09 22:55 - 2016-08-02 08:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-08-09 22:55 - 2016-08-02 08:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-08-09 22:55 - 2016-08-02 08:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-08-09 22:55 - 2016-08-02 08:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-08-09 22:55 - 2016-08-02 08:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-08-09 22:55 - 2016-08-02 08:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-08-09 22:55 - 2016-08-02 08:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-08-09 22:55 - 2016-08-02 08:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-08-09 22:55 - 2016-08-02 08:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-08-09 22:55 - 2016-08-02 08:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-08-09 22:55 - 2016-08-02 07:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-08-09 22:55 - 2016-08-02 07:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-08-09 22:55 - 2016-08-02 07:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-08-09 22:55 - 2016-08-02 07:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-08-09 22:42 - 2016-07-08 18:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-08-05 14:51 - 2016-09-03 01:12 - 00000000 ____D C:\Users\sotirov\AppData\LocalLow\Mozilla ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-03 02:06 - 2016-03-02 20:00 - 00001016 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597007044-1801213058-1703319245-1000UA.job 2016-09-03 02:03 - 2016-01-26 02:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-09-03 02:02 - 2016-01-26 02:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-03 02:02 - 2016-01-26 02:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-09-03 02:00 - 2014-11-13 13:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-09-03 01:59 - 2009-07-14 07:45 - 00027776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-09-03 01:59 - 2009-07-14 07:45 - 00027776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-09-03 01:56 - 2009-07-14 08:13 - 00787758 _____ C:\Windows\system32\PerfStringBackup.INI 2016-09-03 01:56 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf 2016-09-03 01:52 - 2015-05-18 16:43 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS 2016-09-03 01:52 - 2014-11-13 10:43 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-03 01:52 - 2014-11-13 10:41 - 00000000 __SHD C:\Users\sotirov\IntelGraphicsProfiles 2016-09-03 01:51 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-03 01:49 - 2014-11-13 10:43 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-03 01:13 - 2014-11-13 14:07 - 00000000 ____D C:\Users\sotirov\AppData\Roaming\Skype 2016-09-03 01:11 - 2014-11-16 19:48 - 00000600 _____ C:\Users\sotirov\AppData\Local\PUTTY.RND 2016-09-03 01:06 - 2016-03-02 20:00 - 00000964 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597007044-1801213058-1703319245-1000Core.job 2016-09-02 21:07 - 2014-11-17 21:11 - 00000398 _____ C:\Users\sotirov\openvpn-connect.json 2016-09-02 20:04 - 2014-11-13 10:43 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-09-02 16:19 - 2014-12-02 01:08 - 00000000 ____D C:\Users\sotirov\AppData\Local\Zend Studio 2016-09-02 16:18 - 2014-11-24 17:39 - 00000000 ____D C:\Users\sotirov\AppData\Local\TSVNCache 2016-09-02 02:01 - 2014-11-13 10:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-09-02 01:44 - 2014-11-17 13:05 - 00000000 ____D C:\Users\sotirov\AppData\Roaming\vlc 2016-09-02 00:39 - 2015-11-04 17:29 - 00001209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk 2016-09-02 00:39 - 2014-11-13 10:42 - 00001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-09-01 01:44 - 2014-11-17 21:40 - 00000600 _____ C:\Users\sotirov\AppData\Roaming\winscp.rnd 2016-09-01 01:04 - 2016-03-29 02:14 - 00000000 ____D C:\Users\sotirov\.p2 2016-09-01 01:04 - 2014-12-02 00:25 - 00000000 ____D C:\Users\sotirov\AppData\Local\Eclipse 2016-08-29 19:38 - 2016-03-21 23:30 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-08-29 19:38 - 2014-11-13 14:07 - 00000000 ____D C:\ProgramData\Skype 2016-08-28 17:18 - 2014-11-13 10:20 - 00000000 ____D C:\Users\sotirov 2016-08-27 14:25 - 2016-04-07 21:00 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-08-25 23:31 - 2014-11-13 14:04 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-08-22 23:31 - 2016-03-23 01:06 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2016-08-22 23:31 - 2016-03-23 01:06 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458684416 2016-08-22 23:31 - 2014-11-13 14:04 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2016-08-22 23:31 - 2014-11-13 14:04 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2016-08-22 23:31 - 2014-11-13 14:04 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2016-08-22 23:31 - 2014-11-13 14:04 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2016-08-22 23:31 - 2014-11-13 14:04 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2016-08-22 23:31 - 2014-11-13 14:04 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2016-08-22 23:31 - 2014-11-13 14:04 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-08-22 23:31 - 2014-11-13 14:04 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-08-22 20:33 - 2014-11-17 20:52 - 00000000 ____D C:\Users\sotirov\AppData\Roaming\gauthauthenticator-78ef3156e1ca5b74c14beac161614be7 2016-08-22 20:26 - 2015-02-16 17:23 - 00000000 ____D C:\Users\sotirov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения в Chrome 2016-08-21 18:31 - 2014-11-17 21:38 - 00001077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk 2016-08-21 18:31 - 2014-11-17 21:38 - 00000000 ____D C:\Program Files (x86)\WinSCP 2016-08-21 18:23 - 2014-11-16 23:41 - 00000000 ____D C:\ProgramData\Oracle 2016-08-21 18:22 - 2015-10-21 14:35 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2016-08-21 18:22 - 2015-09-17 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2016-08-21 18:22 - 2015-08-27 15:25 - 00000000 ____D C:\Users\sotirov\.oracle_jre_usage 2016-08-21 18:22 - 2014-12-02 00:22 - 00000000 ____D C:\Program Files\Java 2016-08-21 18:22 - 2014-11-16 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-08-21 18:22 - 2014-11-16 23:41 - 00000000 ____D C:\Program Files (x86)\Java 2016-08-21 18:21 - 2016-01-22 17:13 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-08-18 03:43 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache 2016-08-18 03:02 - 2014-11-16 21:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2016-08-10 03:25 - 2009-07-14 07:45 - 00436576 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-10 03:09 - 2014-11-13 10:36 - 00000000 ____D C:\Windows\system32\MRT 2016-08-10 03:09 - 2009-07-14 05:34 - 00000487 _____ C:\Windows\win.ini 2016-08-10 03:01 - 2014-11-13 10:36 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-08-04 17:06 - 2016-06-09 21:10 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1417212913 2016-08-04 17:06 - 2014-11-29 01:14 - 00000000 ____D C:\Program Files (x86)\Opera 2016-08-04 16:18 - 2015-04-15 11:59 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Files in the root of some directories ======= 2014-11-17 21:40 - 2016-09-01 01:44 - 0000600 _____ () C:\Users\sotirov\AppData\Roaming\winscp.rnd 2015-03-02 22:24 - 2015-12-09 19:13 - 29380776 _____ (Sony Mobile Communications ) C:\Users\sotirov\AppData\Local\pcc.exe 2014-11-16 19:48 - 2016-09-03 01:11 - 0000600 _____ () C:\Users\sotirov\AppData\Local\PUTTY.RND Some files in TEMP: ==================== C:\Users\sotirov\AppData\Local\Temp\jre-8u101-windows-au.exe C:\Users\sotirov\AppData\Local\Temp\libeay32.dll C:\Users\sotirov\AppData\Local\Temp\msvcr120.dll C:\Users\sotirov\AppData\Local\Temp\SkypeSetup.exe C:\Users\sotirov\AppData\Local\Temp\sqlite3.dll C:\Users\sotirov\AppData\Local\Temp\_is5D9.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-26 18:25 ==================== End of FRST.txt ============================ Addition.txt

Здравейте, съмнението ми е породено от следните факти. Преди няколко дни сканирах с Avast за наличието на "зловредни" браузърни добавки. Avast намери една, която се казваше Web Compat и аз избрах опцията за изтриване. След няколко дни сканирах на ново и Avast откри същата добавка. Изтрих я пак. Вчера се повтори същото нещо. Вчера реших да направя едно сканиране при рестарт с Avast. Пробвах 2 пъти, като всеки път на около 4-5 процента, сканирането приключваше и компютъра се рестартираше. След това нямаше никакъв лог от сканирането. Ето и лога от FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016 Ran by sotirov (administrator) on SOTIROV-PC (02-09-2016 19:02:00) Running from D:\sotirov\Desktop Loaded Profiles: sotirov (Available Profiles: sotirov) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Firefox Developer Edition\firefox.exe" -osint -url "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\ProgramData\MobileBrServ\mbbService.exe (Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Windows\System32\igfxTray.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Outertech) C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe (Google, Inc) C:\Users\sotirov\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe () C:\Program Files (x86)\Common Files\LogiShrd\LogiSkypePlugin\LogiSkypePlugin.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe () C:\Program Files\Zend\Zend Studio 13.0.0\ZendStudio.exe (Mozilla Corporation) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Miranda NG Team) C:\Program Files\Miranda NG\Miranda64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE (Mozilla Corporation) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Workbench 6.3 CE\MySQLWorkbench.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [404376 2015-08-09] () HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107104 2016-09-01] (AVAST Software) HKLM-x32\...\Run: [LogiSkypePlugin] => C:\Program Files (x86)\Common Files\LogiShrd\LogiSkypePlugin\LogiSkypePlugin.exe [148280 2013-09-13] () HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech) HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\...\Run: [Google Update] => C:\Users\sotirov\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-03-02] (Google Inc.) HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\...\Run: [Google Photos Backup] => C:\Users\sotirov\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-09] (Google, Inc) HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\...\MountPoints2: {2470548d-fa26-11e4-b056-74d435b9a847} - F:\AutoRun.exe HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\...\MountPoints2: {2607a047-6b05-11e4-ba28-806e6f6e6963} - D:\Run.exe HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\...\MountPoints2: {696837ee-c111-11e4-8ee4-74d435b9a847} - F:\startme.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-13] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-22] (AVAST Software) ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Connect.lnk [2016-01-07] ShortcutTarget: OpenVPN Connect.lnk -> C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 87.121.24.12 192.168.1.1 Tcpip\..\Interfaces\{13883DEE-D18F-4237-A17A-8A0A24C338BE}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{DF1895C5-CBE7-4F51-9114-B9E0CC020BE6}: [DhcpNameServer] 87.121.24.12 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/ SearchScopes: HKU\S-1-5-21-3597007044-1801213058-1703319245-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-21] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-22] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-21] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-21] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-22] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-21] (Oracle Corporation) DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://www.dskdirect.bg/com/capicom.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default FF NewTab: about:newtab FF DefaultSearchEngine: Google FF DefaultSearchUrl: hxxps://www.google.com/search?bcutc=sp-006 FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: chrome://speeddial/content/speeddial.xul FF Keyword.URL: hxxps://www.google.com/search?bcutc=sp-006 FF NetworkProxy: "autoconfig_url", "data:text/plain, function FindProxyForURL(url, host) {if(isInNet(host, '192.168.0.0', '255.255.0.0')) return 'DIRECT'; \nif(host == 'us1-base.cd-n.net') return 'DIRECT'; \nif(host == 'us2-base.cd-n.net') return 'DIRECT'; \nif(host == 'us3-base.cd-n.net') return 'DIRECT'; \nif(host == 'us4-base.cd-n.net') return 'DIRECT'; \nif(host == 'jp1-base.cd-n.net') return 'DIRECT'; \nif(host == 'de1-base.cd-n.net') return 'DIRECT'; \nif(host == 'au1-base.cd-n.net') return 'DIRECT'; \nif(host == 'ca1-base.cd-n.net') return 'DIRECT'; \nif(host == 'ir1-base.cd-n.net') return 'DIRECT'; \nif(host == 'sg1-base.cd-n.net') return 'DIRECT'; \nif(host == 'kr1-base.cd-n.net') return 'DIRECT'; \nif(host == '127.0.0.1') return 'DIRECT'; \nif(host == 'localhost') return 'DIRECT'; \nif(host == 'de1-base.cd-n.net') return 'DIRECT'; \nreturn 'HTTPS GE4DKLRYGYXDCNBYFY2DQIZRGQ3DQOJXGI4DAMA.cd-n.net:443';}" FF NetworkProxy: "gopher", "" FF NetworkProxy: "gopher_port", 0 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] () FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-21] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-21] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3597007044-1801213058-1703319245-1000: @tools.google.com/Google Update;version=3 -> C:\Users\sotirov\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin HKU\S-1-5-21-3597007044-1801213058-1703319245-1000: @tools.google.com/Google Update;version=9 -> C:\Users\sotirov\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF SearchPlugin: C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\searchplugins\bingp.xml [2014-11-27] FF SearchPlugin: C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\searchplugins\google-avast.xml [2016-09-02] FF SearchPlugin: C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\b4of7ua6.default-1450308215412\searchplugins\google-avast.xml [2016-09-02] FF SearchPlugin: C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\78heicwj.dev-edition-default\searchplugins\google-avast.xml [2016-09-02] FF Extension: (Speed Dial) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2015-09-13] FF Extension: (Hoxx VPN Proxy) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\Extensions\@hoxx-vpn.xpi [2016-08-29] FF Extension: (United States English Spellchecker) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\Extensions\[email protected] [2016-03-21] FF Extension: (signTextJS) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\Extensions\[email protected] [2016-08-05] FF Extension: (Lightshot (screenshot tool)) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2016-05-19] FF Extension: (gtranslate) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2016-05-16] FF Extension: (Adblock Plus) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\vhlwv2yi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF Extension: (Lightshot (screenshot tool)) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\b4of7ua6.default-1450308215412\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2015-12-17] FF Extension: (gtranslate) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\b4of7ua6.default-1450308215412\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2015-12-17] FF Extension: (Adblock Plus) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\b4of7ua6.default-1450308215412\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-17] FF Extension: (United States English Spellchecker) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\78heicwj.dev-edition-default\Extensions\[email protected] [2016-03-18] FF Extension: (Lightshot (screenshot tool)) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\78heicwj.dev-edition-default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2016-05-19] FF Extension: (Speed Dial) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\78heicwj.dev-edition-default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2015-12-17] FF Extension: (Selenium IDE) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\78heicwj.dev-edition-default\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2016-04-28] FF Extension: (gtranslate) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\78heicwj.dev-edition-default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2016-05-16] FF Extension: (Adblock Plus) - C:\Users\sotirov\AppData\Roaming\Mozilla\Firefox\Profiles\78heicwj.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-22] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-22] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-01-18] [not signed] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Firefox Developer Edition\firefox.exe Chrome: ======= CHR HomePage: Default -> hxxp://www.bing.com/?mkt=en-US&pc=__PARAM__ CHR StartupUrls: Default -> "hxxp://www.google.com" CHR Profile: C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Преводач) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-03-14] CHR Extension: (Google Диск) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (Google Групи) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmbadcfdhiklafcdohpfphhhakmiakk [2015-02-11] CHR Extension: (YouTube) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Adblock Plus) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24] CHR Extension: (Google Търсене) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google+) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2015-12-10] CHR Extension: (Google Календар) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12] CHR Extension: (Електронни таблици от Google) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04] CHR Extension: (GAuth Authenticator) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcmgkikfgdbehjdajjdnebnnmmknfblm [2016-08-22] CHR Extension: (Google Hangouts) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-08-23] CHR Extension: (Google Карти) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-18] CHR Extension: (Разширение Google Keep за Chrome) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2016-08-06] CHR Extension: (Spaces) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddphfbicdnihfelkdldokplanidjhnl [2016-08-24] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04] CHR Extension: (Picasa) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-11-16] CHR Extension: (Gmail) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30] CHR Extension: (Chrome Media Router) - C:\Users\sotirov\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29] CHR HKU\S-1-5-21-3597007044-1801213058-1703319245-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-22] (AVAST Software) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] () S3 MySQL56; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [13035008 2014-11-21] () [File not signed] R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [50600 2016-03-03] (Microsoft) R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2014-06-05] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-22] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-22] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-22] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-22] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-22] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-22] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-22] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-22] (AVAST Software) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [26624 2014-05-08] (The OpenVPN Project) S3 gdrv; \??\C:\Windows\gdrv.sys [X] S3 SNP2STD; system32\DRIVERS\snp2sxp.sys [X] U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-02 19:01 - 2016-09-02 19:02 - 00000000 ____D C:\FRST 2016-09-01 16:27 - 2016-09-02 02:01 - 00000000 ____D C:\Program Files (x86)\Firefox Developer Edition 2016-08-28 17:18 - 2016-08-28 17:18 - 00000056 _____ C:\Users\sotirov\.gitconfig 2016-08-28 15:46 - 2016-08-28 18:53 - 00000000 ____D C:\Users\sotirov\git 2016-08-25 16:26 - 2016-08-26 16:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-08-22 23:31 - 2016-08-22 23:31 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-08-22 23:31 - 2016-08-22 23:31 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-08-21 18:22 - 2016-08-21 18:22 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll 2016-08-21 18:19 - 2016-07-07 18:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2016-08-21 18:19 - 2016-07-07 18:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2016-08-21 18:19 - 2016-07-07 18:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2016-08-21 18:19 - 2016-07-07 18:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2016-08-21 18:19 - 2016-07-01 18:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-08-21 18:19 - 2016-07-01 18:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2016-08-21 18:19 - 2016-07-01 18:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-08-21 18:19 - 2016-07-01 18:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll 2016-08-21 18:19 - 2016-07-01 17:56 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-08-21 18:19 - 2016-07-01 17:56 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-08-21 18:19 - 2016-07-01 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-08-19 04:15 - 2016-08-19 14:00 - 00000000 _____ C:\Windows\SysWOW64\last.dump 2016-08-17 01:52 - 2016-07-08 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-08-17 01:52 - 2016-07-08 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-08-09 22:58 - 2016-07-08 18:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-08-09 22:58 - 2016-07-08 18:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-08-09 22:58 - 2016-07-08 18:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-08-09 22:58 - 2016-07-08 18:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-08-09 22:58 - 2016-07-08 18:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-08-09 22:58 - 2016-07-08 18:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-08-09 22:58 - 2016-07-08 18:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-08-09 22:58 - 2016-07-08 18:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-08-09 22:58 - 2016-07-08 17:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-08-09 22:58 - 2016-07-08 17:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-08-09 22:58 - 2016-07-08 17:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-08-09 22:58 - 2016-07-08 17:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-08-09 22:58 - 2016-07-08 17:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-08-09 22:58 - 2016-07-08 17:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-08-09 22:55 - 2016-08-02 17:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-08-09 22:55 - 2016-08-02 17:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-08-09 22:55 - 2016-08-02 09:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-08-09 22:55 - 2016-08-02 09:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-08-09 22:55 - 2016-08-02 09:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-08-09 22:55 - 2016-08-02 09:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-08-09 22:55 - 2016-08-02 09:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-08-09 22:55 - 2016-08-02 09:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-08-09 22:55 - 2016-08-02 09:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-08-09 22:55 - 2016-08-02 09:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-08-09 22:55 - 2016-08-02 09:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-08-09 22:55 - 2016-08-02 09:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-08-09 22:55 - 2016-08-02 09:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-08-09 22:55 - 2016-08-02 09:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-08-09 22:55 - 2016-08-02 09:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-08-09 22:55 - 2016-08-02 09:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-08-09 22:55 - 2016-08-02 09:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-08-09 22:55 - 2016-08-02 09:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-08-09 22:55 - 2016-08-02 09:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-08-09 22:55 - 2016-08-02 09:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-08-09 22:55 - 2016-08-02 09:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-08-09 22:55 - 2016-08-02 09:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-08-09 22:55 - 2016-08-02 09:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-08-09 22:55 - 2016-08-02 08:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-08-09 22:55 - 2016-08-02 08:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-08-09 22:55 - 2016-08-02 08:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-08-09 22:55 - 2016-08-02 08:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-08-09 22:55 - 2016-08-02 08:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-08-09 22:55 - 2016-08-02 08:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-08-09 22:55 - 2016-08-02 08:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-08-09 22:55 - 2016-08-02 08:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-08-09 22:55 - 2016-08-02 08:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-08-09 22:55 - 2016-08-02 08:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-08-09 22:55 - 2016-08-02 08:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-08-09 22:55 - 2016-08-02 08:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-08-09 22:55 - 2016-08-02 08:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-08-09 22:55 - 2016-08-02 08:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-08-09 22:55 - 2016-08-02 08:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-08-09 22:55 - 2016-08-02 08:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-08-09 22:55 - 2016-08-02 08:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-08-09 22:55 - 2016-08-02 08:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-08-09 22:55 - 2016-08-02 08:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-08-09 22:55 - 2016-08-02 08:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-08-09 22:55 - 2016-08-02 08:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-08-09 22:55 - 2016-08-02 08:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-08-09 22:55 - 2016-08-02 08:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-08-09 22:55 - 2016-08-02 08:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-08-09 22:55 - 2016-08-02 08:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-08-09 22:55 - 2016-08-02 08:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-08-09 22:55 - 2016-08-02 08:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-08-09 22:55 - 2016-08-02 08:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-08-09 22:55 - 2016-08-02 08:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-08-09 22:55 - 2016-08-02 08:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-08-09 22:55 - 2016-08-02 08:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-08-09 22:55 - 2016-08-02 08:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-08-09 22:55 - 2016-08-02 08:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-08-09 22:55 - 2016-08-02 08:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-08-09 22:55 - 2016-08-02 08:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-08-09 22:55 - 2016-08-02 08:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-08-09 22:55 - 2016-08-02 08:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-08-09 22:55 - 2016-08-02 08:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-08-09 22:55 - 2016-08-02 08:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-08-09 22:55 - 2016-08-02 07:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-08-09 22:55 - 2016-08-02 07:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-08-09 22:55 - 2016-08-02 07:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-08-09 22:55 - 2016-08-02 07:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-08-09 22:42 - 2016-07-08 18:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-08-05 14:51 - 2016-09-02 16:18 - 00000000 ____D C:\Users\sotirov\AppData\LocalLow\Mozilla ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-02 19:00 - 2014-11-13 14:07 - 00000000 ____D C:\Users\sotirov\AppData\Roaming\Skype 2016-09-02 19:00 - 2014-11-13 13:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-09-02 18:49 - 2014-11-13 10:43 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-02 18:32 - 2014-11-17 21:11 - 00000398 _____ C:\Users\sotirov\openvpn-connect.json 2016-09-02 18:06 - 2016-03-02 20:00 - 00001016 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597007044-1801213058-1703319245-1000UA.job 2016-09-02 16:26 - 2009-07-14 07:45 - 00027776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-09-02 16:26 - 2009-07-14 07:45 - 00027776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-09-02 16:22 - 2009-07-14 08:13 - 00787758 _____ C:\Windows\system32\PerfStringBackup.INI 2016-09-02 16:22 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf 2016-09-02 16:19 - 2015-05-18 16:43 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS 2016-09-02 16:19 - 2014-12-02 01:08 - 00000000 ____D C:\Users\sotirov\AppData\Local\Zend Studio 2016-09-02 16:18 - 2014-11-24 17:39 - 00000000 ____D C:\Users\sotirov\AppData\Local\TSVNCache 2016-09-02 16:18 - 2014-11-13 10:43 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-02 16:18 - 2014-11-13 10:41 - 00000000 __SHD C:\Users\sotirov\IntelGraphicsProfiles 2016-09-02 16:18 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-02 02:34 - 2016-01-26 02:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-09-02 02:19 - 2016-01-26 02:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-02 02:19 - 2016-01-26 02:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-09-02 02:01 - 2014-11-13 10:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-09-02 01:44 - 2014-11-17 13:05 - 00000000 ____D C:\Users\sotirov\AppData\Roaming\vlc 2016-09-02 01:44 - 2014-11-16 19:48 - 00000600 _____ C:\Users\sotirov\AppData\Local\PUTTY.RND 2016-09-02 01:06 - 2016-03-02 20:00 - 00000964 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597007044-1801213058-1703319245-1000Core.job 2016-09-02 00:39 - 2015-11-04 17:29 - 00001209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk 2016-09-02 00:39 - 2014-11-13 10:42 - 00001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-09-01 01:44 - 2014-11-17 21:40 - 00000600 _____ C:\Users\sotirov\AppData\Roaming\winscp.rnd 2016-09-01 01:04 - 2016-03-29 02:14 - 00000000 ____D C:\Users\sotirov\.p2 2016-09-01 01:04 - 2014-12-02 00:25 - 00000000 ____D C:\Users\sotirov\AppData\Local\Eclipse 2016-08-29 19:38 - 2016-03-21 23:30 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-08-29 19:38 - 2014-11-13 14:07 - 00000000 ____D C:\ProgramData\Skype 2016-08-28 17:18 - 2014-11-13 10:20 - 00000000 ____D C:\Users\sotirov 2016-08-27 14:25 - 2016-04-07 21:00 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-08-25 23:31 - 2014-11-13 14:04 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-08-22 23:31 - 2016-03-23 01:06 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2016-08-22 23:31 - 2016-03-23 01:06 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458684416 2016-08-22 23:31 - 2014-11-13 14:04 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2016-08-22 23:31 - 2014-11-13 14:04 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2016-08-22 23:31 - 2014-11-13 14:04 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2016-08-22 23:31 - 2014-11-13 14:04 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2016-08-22 23:31 - 2014-11-13 14:04 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2016-08-22 23:31 - 2014-11-13 14:04 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2016-08-22 23:31 - 2014-11-13 14:04 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-08-22 23:31 - 2014-11-13 14:04 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-08-22 20:33 - 2014-11-17 20:52 - 00000000 ____D C:\Users\sotirov\AppData\Roaming\gauthauthenticator-78ef3156e1ca5b74c14beac161614be7 2016-08-22 20:26 - 2015-02-16 17:23 - 00000000 ____D C:\Users\sotirov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения в Chrome 2016-08-21 18:31 - 2014-11-17 21:38 - 00001077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk 2016-08-21 18:31 - 2014-11-17 21:38 - 00000000 ____D C:\Program Files (x86)\WinSCP 2016-08-21 18:23 - 2014-11-16 23:41 - 00000000 ____D C:\ProgramData\Oracle 2016-08-21 18:22 - 2015-10-21 14:35 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2016-08-21 18:22 - 2015-09-17 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2016-08-21 18:22 - 2015-08-27 15:25 - 00000000 ____D C:\Users\sotirov\.oracle_jre_usage 2016-08-21 18:22 - 2014-12-02 00:22 - 00000000 ____D C:\Program Files\Java 2016-08-21 18:22 - 2014-11-16 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-08-21 18:22 - 2014-11-16 23:41 - 00000000 ____D C:\Program Files (x86)\Java 2016-08-21 18:21 - 2016-01-22 17:13 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-08-18 03:43 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache 2016-08-18 03:02 - 2014-11-16 21:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2016-08-10 03:25 - 2009-07-14 07:45 - 00436576 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-10 03:09 - 2014-11-13 10:36 - 00000000 ____D C:\Windows\system32\MRT 2016-08-10 03:09 - 2009-07-14 05:34 - 00000487 _____ C:\Windows\win.ini 2016-08-10 03:01 - 2014-11-13 10:36 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-08-08 21:49 - 2014-11-13 10:43 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-04 17:06 - 2016-06-09 21:10 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1417212913 2016-08-04 17:06 - 2014-11-29 01:14 - 00000000 ____D C:\Program Files (x86)\Opera 2016-08-04 16:18 - 2015-04-15 11:59 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Files in the root of some directories ======= 2014-11-17 21:40 - 2016-09-01 01:44 - 0000600 _____ () C:\Users\sotirov\AppData\Roaming\winscp.rnd 2015-03-02 22:24 - 2015-12-09 19:13 - 29380776 _____ (Sony Mobile Communications ) C:\Users\sotirov\AppData\Local\pcc.exe 2014-11-16 19:48 - 2016-09-02 01:44 - 0000600 _____ () C:\Users\sotirov\AppData\Local\PUTTY.RND Some files in TEMP: ==================== C:\Users\sotirov\AppData\Local\Temp\jre-8u101-windows-au.exe C:\Users\sotirov\AppData\Local\Temp\SkypeSetup.exe C:\Users\sotirov\AppData\Local\Temp\_is5D9.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-26 18:25 ==================== End of FRST.txt ============================ Addition.txt

Да. Същия тулбар като на 3-тата картинка. Само че вички бутони си седяха неактивни. И няма махане Махам го, на следващия старт на оутлука тулбара пак е там. Съжалявам че не направих скрийншот преди да го махна. Относно цитирането ... нищо лично. Просто реагирах на написаното там.

Не знам какво са фиксвали с Outllok-а , но от както Avasta се ъпдейта до поледната версия, Outllok-a полудя. Постоянно крашва. Показа се някакъв неприятен и неработещ Avast тулбар отгоре и най-гадното е че не мога да го махна. Освен всичко друго, мейлите ми вече не се маркираха като прочетени след като ги отворя. Седяха си непрочетени. На няколко пъти показваше съобщение за грешка и при стратиране ... направо ужас !!! Почетох във форума на аваст и намерих следното решение на проблема: http://forum.avast.com/index.php?topic=100431.msg802844#msg802844 След като изпълних това което пише, всичко се оправи, но на другия ден аваст поиска да се ъпдейтне пак. Не погледнах версията и помислих че са оправили нещата и го ъпдейтнах ... и познайте --> проблема се появи пак. Сега влязох пак в директорията и изтрих пак двата файла които са описани във форума. Но ми прилича на омагьосан кръг Дано да не е така. Някой друг има ли подобен проблем ? P.S. Ползвам аваст хоум едишън от поне 7-8 години и съм много доволен до момента.

Здравейте. Стария Gnome не е инсталиран в новата версия 11.04 . Но за да се върнете към него, много лесно можете да го инсталирате с тези команди: sudo apt-get install gnome-session-fallback #за Gnome classic with panel # или sudo apt-get install gnome-shell #за Gnome shell Също така липсва и стария Synaptic. За да го инсталирате и върнете използвайте това: sudo apt-get install synaptic

Просто като вариант може да пробвате Аваст Интернет Секюрити. Скоро имаше промоция до 18,04,2012 Има тема във форума за тази промоция. Може да го пробвате и след това да решите дали да го закупите. Той предлага опцията "Сигурна Зона", която би ви вършила идеално работа при банкиране. Аваст е една от най-леките антивирусни и предполагам, няма да ви пречи на игрите.

Ами при инсталиране на някои програми аваст ги слага в така-наречения snadbox и ги огражда с тази червена линия отстрани. Така се избягва инсталирането на вреден софтуер на системате. Ето линк с повече информация: http://support.avast...leid=455#idt_09

това ми прилича на виртуалната кутия на аваст.