Премини към съдържанието

Marangoza

Потребител
  • Публикации

    46
  • Регистрация

  • Последно онлайн

Харесвания

98 Много добра репутация

Всичко за Marangoza

  • Титла
    Потребител
  • Рожден ден 29.02.1952

Информация

  • Пол
    Мъж
  • Град
    Пазарджик
  • Интереси
    Народна музика и дърворезба
  1. Marangoza

    Как да премахна isearch.omiga-plus.com

    Още веднъж сърдечно благодаря за бързата и компетентна помощ!!!
  2. Marangoza

    Как да премахна isearch.omiga-plus.com

    Открих ги най-после...! HitmanPro 3.7.9.234 www.hitmanpro.com Computer name . . . . : TOPEVI-PC Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : TOPEVI-PC\Topevi UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2015-02-05 06:50:44 Scan mode . . . . . . : Normal Scan duration . . . . : 4m 17s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 3 Traces . . . . . . . : 71 Objects scanned . . . : 1 422 532 Files scanned . . . . : 44 280 Remnants scanned . . : 383 712 files / 994 540 keys Malware _____________________________________________________________________ C:\FRST\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe Size . . . . . . . : 464 384 bytes Age . . . . . . . : 2.3 days (2015-02-02 22:39:14) Entropy . . . . . : 6.0 SHA-256 . . . . . : C46A29906457E925F215110F4DA3D9345C8E27472EDAD27B387847D1A89F43FF Product . . . . . : Windows SysTool Service Publisher . . . . : SysTool PasSame LIMITED Description . . . : Windows SysTool Service Version . . . . . : 20.0.0.1714 LanguageID . . . . : 2057 > Kaspersky . . . . : not-a-virus:AdWare.Win32.WProtManager.u Fuzzy . . . . . . : 102.0 Forensic Cluster -0.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\47\ -0.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\47\CE60B102E69E4EAF.dat -0.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CC2F03A8-7781-4556-A3EB-D4B93AB1F668} -0.1s C:\Users\Topevi\AppData\Local\Temp\WebDataJs -0.0s C:\FRST\Quarantine\C\ProgramData\WindowsMangerProtect\ 0.0s C:\FRST\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe 0.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{00307707-8B52-4E15-993D-9610F7054681} 0.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DF50B90B-D47F-41C1-AAB9-E453B2C1877D} 0.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{43BBD928-FDC8-4995-83EA-E766E319EAB4} 1.4s C:\FRST\Quarantine\C\ProgramData\WindowsMangerProtect\update\ 10.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\main.desktop.ie[1].css 10.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\require-2.1.2[1].js 10.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\mna1gzn[1].js 10.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\om-inline[1].js 11.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\satelliteLib-3a6a62a9abed917d6ac8ec111aa6345b32eb5139[1].js 11.2s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\dw[1].js 11.3s C:\Users\Topevi\AppData\Local\Microsoft\Internet Explorer\DOMStore\HVNY8ZP9\download.cnet[1].xml 11.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\f[5].txt 11.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\json2[1].js 11.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\selector[1].js 11.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\pubads_impl_56[1].js 11.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\container[2].htm 11.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\main.desktop[1].js 11.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\mna1gzn-i[1].css 11.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\html5shiv-printshiv[1].js 11.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\html5shiv[1].js 11.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\iconimg_98808[1].png 12.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\bg_dark[1].png 12.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\icons-s5a50e547b6[1].png 12.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\clicktale-bottom-1.0[1].js 12.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\mna1gzn-i-63847728-12093[1].eot 12.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\mna1gzn-i-63847728-12095[1].eot 13.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\mna1gzn-i-63847725-175[1].eot 13.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\mna1gzn-i-63847725-139[1].eot 13.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\bk-coretag[1].js 13.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\mna1gzn-i-63847725-5474[1].eot 13.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\mna1gzn-i-63847725-173[1].eot 13.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\mna1gzn-i-63847726-9882[1].eot 13.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\mna1gzn-i-63847726-9883[1].eot 13.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\8OCT0WFQ.txt 13.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\mna1gzn-i-63847726-9884[1].eot 13.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\mna1gzn-i-63847726-9886[1].eot 13.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\mna1gzn-i-63847726-9892[1].eot 13.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\m[1].gif 13.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\88d49b63-ca17-4da6-aaed-253f31231e22[1].js 13.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\mna1gzn-i-63847728-12094[1].eot 13.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\p[1].gif 13.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\WRe17[1].js 13.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\308749815[1].js 13.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\T93W422Y.txt 14.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\f[5].txt 14.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\pixel[1].gif 14.1s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\imgad[1].gif 14.1s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\imgad[1].gif 14.2s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\0[1].gif 14.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\1031221371[1].htm 14.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\offsitePopup[1].htm 14.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\urs[1].js 15.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\3001-8022_4-75959789[1].htm 15.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\security[1].png 15.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\browser[1].png 15.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\iconimg_284936[1].png 15.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\iconimg_74712[1].png 15.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\iconimg_97021[1].png 15.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\651728b09e590a0e79146ac9d606f4c0d4c3_icon-32x32_32x32[1].gif 15.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\iconimg_76404[1].png 15.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\iconimg_101915[1].png 15.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\iconimg_269182[1].png 15.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\iconimg_281012[1].png 15.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\iconimg_28657[1].png 15.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\Foreman_10532656_4688_adware_spyware_se-37665-1246960929_32x32[1].jpg 15.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\iconimg_81379[1].png 15.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\iconimg_249791[1].png 15.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\iconimg_11523[1].png 15.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\iconimg_78775[1].png 15.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\iconimg_87165[1].png 15.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\iconimg_99767[1].png 15.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\iconimg_278129[1].png 15.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\iconimg_101486[1].png 15.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\locate[1].png 15.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\iconimg_98891[1].png 15.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\iconimg_261322[1].png 15.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\netseerads[1].js 15.9s C:\Users\Topevi\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_13131049604DA2DEFB9E5743B33A97AE 15.9s C:\Users\Topevi\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_13131049604DA2DEFB9E5743B33A97AE 16.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\mna1gzn-d[1].css 16.1s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\syndication[1].js 16.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\0[1].htm 16.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\1[2].htm 16.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\render[1].js 16.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\pdlStepsBackground[1].png 16.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\gw[2].js 16.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\m[1].gif 16.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\f[7].txt 16.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\8MMSEV28.txt 16.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\790415849[1].js 16.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\38K7JV15.txt 16.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\9818[1].js 16.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\sync[1].gif 17.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\yad[1].js 17.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\BannerServer[1].htm 17.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\QHT2TS2F.txt 17.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\p[1].gif 17.1s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\adnl.min[1].js 17.2s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\3328[1].htm 17.2s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\7S1YCBTB.txt 17.2s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\bkdotclear[1].gif 17.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\adnl.min[1].js 17.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\match[1].gif 17.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\dil-2.0[1].js 17.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\adlens-1.0[1].js 17.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\yad-iframe.8ba63e9[1].htm 17.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\st.v2[1].js 17.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\ypa[1].htm 17.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\logo-download-dot-com[1].png 17.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\yad-widget.8ba63e9[1].js 17.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\01UCK8LW.txt 17.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\default[1].png 17.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\RJW6UNRM.txt 17.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\GT13V98S.txt 17.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\resizeads[1].js 17.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\16x16_100_5r8t5qG2xbA_vFiKpJT_lQ[1].png 17.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\190,1[1].js 17.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\220,1[1].js 17.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\X9376VDX.txt 18.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\dest4[1].htm 18.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\88d49b63-ca17-4da6-aaed-253f31231e22[1].js 18.1s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\f3b02e41-dc08-4178-8367-33f22e6ebcc6[1].png 18.1s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\190,1[1].js 18.1s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\PPFWPMST.txt 18.2s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\iconimg_93001[1].png 18.2s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\apex[1].js 18.2s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\2[1].gif 18.2s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\493cf14b-0844-46f5-a16a-cf3b8f39fb5a[1].gif 18.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\3U0LA2F4.txt 18.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\525b0772-710d-4145-8d60-58270050c25d[1].png 18.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\yet_another_cleaner_cnt[1].exe 18.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\U2S8IB9O.txt 18.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\language-pushdown-1.0[1].js 18.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\language-drop-down-1.0[1].js 18.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\2[2].gif 18.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\searchbar-dropdown-1.0[1].js 18.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\autosuggest-1.0[1].js 18.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\match[2].gif 18.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\watchlist-auto-add-1.0[1].js 18.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\2[1].gif 18.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\20C057B60EB376965F2FCB0D0483E9FF 18.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\dreCarousel-1.0[1].js 18.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\2[1].gif 18.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\2A12WTC1.txt 18.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\2[3].gif 18.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\pixel[1].gif 18.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\IDCW66TX.txt 18.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\QXJYKH7A.txt 18.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\SOOW1V64.txt 19.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\WU9NXTZ2.txt 19.1s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\apexTarget[1].js 19.2s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\VSSFRU73.txt 19.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8FB04A80-88E7-4728-94AA-26AC02BCD8D5} 19.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\377758[1].gif 21.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\01\ 21.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\01\F85C9B56A623F469.dat 21.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\XTab_4.0.2.1716[1].exe 23.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\36\10A3F60557218A94.dat 23.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\36\ 24.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\42\F01A8575604562C6.dat 36.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\ 36.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll 36.6s C:\FRST\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll 36.6s C:\FRST\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll 36.7s C:\FRST\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe 36.8s C:\FRST\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe 36.9s C:\FRST\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll 36.9s C:\FRST\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe 37.0s C:\FRST\Quarantine\C\Program Files (x86)\XTab\SupTab.dll 37.2s C:\FRST\Quarantine\C\Program Files (x86)\XTab\conf 37.2s C:\FRST\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi 37.2s C:\FRST\Quarantine\C\Program Files (x86)\XTab\msvcp110.dll 37.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A4E040DB-ADE8-4F59-BDA6-95A2CABF6FC5} 37.2s C:\FRST\Quarantine\C\Program Files (x86)\XTab\msvcr110.dll 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\searchProvider.xml 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\skin\ 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\skin\about.png 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\skin\about_bk.png 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\skin\btn.png 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\skin\btn_apply.png 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\skin\close.png 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\skin\conf.xml 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\skin\conf_back.png 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\skin\input_bk.png 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\skin\logo.png 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\skin\main.xml 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\skin\radio_1.png 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\skin\radio_2.png 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\skin\rigth_arrow.png 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\skin\settings.png 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\skin\image\ 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\ 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\data.html 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\indexIE.html 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\indexIE8.html 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\main.css 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\ver.txt 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\en-US\ 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\en-US\messages.json 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\ 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\es-419\ 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\es-419\messages.json 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\es-ES\ 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\es-ES\messages.json 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\fr-BE\ 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\fr-CA\ 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\fr-CH\ 37.3s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\fr-FR\ 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\fr-LU\ 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\it-CH\ 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\it-CH\messages.json 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\it-IT\ 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\it-IT\messages.json 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\pl\ 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\pl\messages.json 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\pt\ 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\pt\messages.json 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\pt-BR\ 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\ru\ 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\ru\messages.json 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\ru-MO\ 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\tr-TR\ 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\vi-VI\ 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\zh-CN\ 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\zh-TW\ 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\img\ 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\img\arrow.png 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\img\default_add_logo.png 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\img\default_add_logo_hover.png 37.4s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\img\default_logo.png 37.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\img\google_trends.png 37.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\img\googlelogo.png 37.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\img\googlelogo2.png 37.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\img\icon128.png 37.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\img\icon16.png 37.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\img\icon48.png 37.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\img\loading.gif 37.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\img\logo32.ico 37.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\img\weather\ 37.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\img\weather\0.png 37.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\js\ 37.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\js\common.js 37.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\js\ga.js 37.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\js\ie8.js 37.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js 37.5s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\js\jquery.autocomplete.js 37.6s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\js\js.js 37.6s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\js\library.js 37.6s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\js\xagainit-ie8.js 37.6s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\js\xagainit.js 37.6s C:\FRST\Quarantine\C\Program Files (x86)\XTab\web\js\xagainit2.0.js 38.1s C:\FRST\Quarantine\C\Program Files (x86)\XTab\install.data 47.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\92\D42CDEEA3F1EA19C.dat 55.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\ping2[1].htm 57.0s C:\FRST\Quarantine\C\ProgramData\IHProtectUpDate\ 57.0s C:\FRST\Quarantine\C\ProgramData\IHProtectUpDate\update\ 57.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{46DAB4BE-8C75-4B42-B508-3B3E964F11DA} 57.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\rebirth[1].htm 57.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5A739F8A-EF81-4D99-8B60-3DC64938FFBB} 57.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3EA111FA-4894-4B68-A748-134D80754A6D} 58.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\69\DF60ED7BABA19419.dat 60.0s C:\FRST\Quarantine\C\Program Files (x86)\XTab\uninstall.exe 60.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\07\C6966A51D738CCA7.dat 61.7s C:\FRST\Quarantine\C\ProgramData\WindowsMangerProtect\update\conf 67.4s C:\Windows\Prefetch\HPNOTIFY.EXE-4B267AB9.pf 88.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C38C9EDF-A692-4C67-B3E5-45C2D05106CB} 91.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\77\4DC970E2B1916F49.dat 91.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\77\ 91.2s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\utility[7].gif 91.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B90145E7-6026-41E6-AFAD-302A6542AE5A} 93.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\installer[2].gif 94.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\monetization[2].gif 94.2s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\utility[8].gif 94.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\utility[7].gif 95.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\utility[2].gif 98.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\utility[9].gif 100.2s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\utility[9].gif 101.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\utility[8].gif 101.4s C:\FRST\Quarantine\C\Users\Topevi\AppData\Roaming\TYDWJT.exe.xBAD 101.7s C:\FRST\Quarantine\C\Windows\Tasks\TYDWJT.job.xBAD 101.7s C:\FRST\Quarantine\C\Windows\System32\Tasks\TYDWJT.xBAD 102.2s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\utility[3].gif 102.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B346C56E-716C-4D63-98E3-568BA9BB9487} 105.3s C:\Users\Topevi\AppData\Local\Temp\MSIddc47.LOG 107.2s C:\Windows\Prefetch\GOOGLEUPDATE.EXE-874E9EF7.pf 107.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\manifest[2].xml 110.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\stats[2].gif 111.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\manifest[1].xml 113.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8C0E0254-B982-46A4-B6C1-598880D91042} 115.1s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\apps[2].gif 115.2s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\utility[4].gif 115.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\utility[10].gif 120.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\manifest[2].xml 123.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\00\21291481612EB6D4.dat 124.1s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\stats[1].gif 125.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1BC5C238-6D79-4FF8-8E26-A5FE9FE01DD1} 125.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\manifest[3].xml 128.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CEFA667C-11E4-4D01-9B34-F877F97E0EDC} 129.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\apps[1].gif 129.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\utility[10].gif 129.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\utility[9].gif 132.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\utility2FVINA39.gif 133.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\utilityEDHF3ZRK.gif 136.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\installer[1].gif 136.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\apps[2].gif 136.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\monetization[2].gif 160.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\22\F5EF9506863A6EE2.dat C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\TornTV4Pack[1].exe Size . . . . . . . : 305 680 bytes Age . . . . . . . : 2.3 days (2015-02-02 22:36:39) Entropy . . . . . : 7.9 SHA-256 . . . . . : 6AB070E9EE384EAEDA66142FBB4EE4AA13C9F53B218D37A4AA446CD043BF6ECC RSA Key Size . . . : 2048 Source URL . . . . : hxxp://cmpsmarter-downloader.maynemyltf.netdna-cdn.com/TornTV4Pack.exe Authenticode . . . : Valid > Kaspersky . . . . : not-a-virus:AdWare.NSIS.Yontoo.n Fuzzy . . . . . . : 109.0 Forensic Cluster -15.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C8A1154A-48AC-43FA-8E47-8F4817448A70} -14.5s C:\Users\Topevi\AppData\Local\Temp\nssACBF.tmp\ -14.5s C:\Users\Topevi\AppData\Local\Temp\nssACBF.tmp\nsProcess.dll -14.0s C:\Users\Topevi\AppData\Local\Temp\nsyAEB5.tmp -13.1s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\pingcln[1].htm -13.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\cdi[1].htm 0.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\TornTV4Pack[1].exe 5.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\45\B098D9A9FAC43B15.dat 5.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\45\ 5.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\utility[1].gif 5.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\utility[1].gif 6.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{FCF7FF08-1B27-44DF-8A6D-E257ECE53CAA} 6.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C726D91E-C90E-49AE-9A0C-3A51445409F6} 6.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D9CA1FFC-31E9-4CBE-9217-0CB9FFCD4668} 6.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\82\6DA91CBFB1734AD6.dat 6.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\utility[1].gif 6.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\setup[1].exe_a 6.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\setup[1].exe_c 6.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\setup[1].exe_e 6.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\setup[1].exe_b 6.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\setup[1].exe_d 11.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\utility[2].gif 12.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\utility[2].gif 12.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\utility[2].gif 14.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B63DD11E-3C66-4C04-821B-5E55D996E2E4} 14.3s C:\Windows\Prefetch\TORNTV DOWNLOADER.EXE-A39DDA7E.pf 14.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\66\440273C8218337F2.dat 15.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\utility[3].gif 15.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C25F7793-D980-4510-B259-1971403BC179} 17.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\installer[1].gif 18.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\monetization[3].gif 18.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\utility[4].gif 18.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\utility[3].gif 19.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\utility[3].gif 22.9s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\utility[5].gif 24.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\utility[4].gif 25.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\utility[4].gif 25.8s C:\FRST\Quarantine\C\Users\Topevi\AppData\Roaming\WSPT.exe.xBAD 26.2s C:\FRST\Quarantine\C\Windows\Tasks\WSPT.job.xBAD 26.3s C:\FRST\Quarantine\C\Windows\System32\Tasks\WSPT.xBAD 27.1s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\utility[6].gif 27.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B177F6B2-25FE-4051-B1BF-94BE65FC4A1B} 32.3s C:\Users\Topevi\AppData\Local\Temp\MSIa638b.LOG 32.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\manifest[2].xml 34.4s C:\Windows\Prefetch\GOOGLEUPDATE.EXE-402A6084.pf 34.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\83\899882517125F387.dat 35.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\stats[2].gif 37.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\manifest[3].xml 39.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{86A6A73F-A869-4662-A4CD-F71FBB1D4965} 40.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\apps[2].gif 41.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\utility[7].gif 41.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\utility[5].gif 42.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\61\827090686DC2B895.dat 46.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\manifest[4].xml 50.4s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\stats[1].gif 51.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\manifest[3].xml 53.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{154793C9-2667-4DFB-A552-8F508CDC2A97} 55.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\apps[2].gif 55.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\utility[5].gif 56.0s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\utility[1].gif 59.5s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\utility[6].gif 59.8s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\utility[6].gif 63.3s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\KRU4Q82A\installer[2].gif 63.6s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\apps[3].gif 63.7s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\GLALSUFN\monetization[1].gif 64.2s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\9LPG6YH7\utility[8].gif 68.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C3F4DB85-5064-4061-8690-CB0929365913} 70.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\60\ 70.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\60\DFB0E1C06D66B2A0.dat 93.2s C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCache\IE\8QKPYX47\1[1].zip 107.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3DA46E3A-F557-4165-A3F7-C72FD6B0746A} 109.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\48\C4C0D5C1AEF1E7E4.dat C:\Users\Topevi\AppData\Local\Temp\ttv.exe Size . . . . . . . : 530 696 bytes Age . . . . . . . : 2.3 days (2015-02-02 22:30:59) Entropy . . . . . : 7.9 SHA-256 . . . . . : 6F02AE4A118733C5872999DDE93D29E05808EE00885F090B86DBAD78672E8027 RSA Key Size . . . : 2048 Authenticode . . . : Valid > Kaspersky . . . . : not-a-virus:Downloader.Win32.TornTV.bdnh Fuzzy . . . . . . : 109.0 Forensic Cluster -0.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{95E2EF85-6D43-4B39-94E9-7625558BFFF8} -0.6s C:\Users\Topevi\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8E4E510F44A56B8C8ECFEC352907C373_2BC9F16E8E76298349EDCD3AA0F5C441 -0.6s C:\Users\Topevi\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8E4E510F44A56B8C8ECFEC352907C373_2BC9F16E8E76298349EDCD3AA0F5C441 -0.0s C:\Users\Topevi\AppData\Local\Temp\Runner2.exe -0.0s C:\Users\Topevi\AppData\Local\Temp\Runner4.exe 0.0s C:\Users\Topevi\AppData\Local\Temp\ttv.exe 0.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C74046E7-85F9-4542-B0D8-90C345732A65} 2.4s C:\Users\Topevi\AppData\Local\Temp\nsuBD03.tmp\ 2.4s C:\Users\Topevi\AppData\Local\Temp\nsuBD03.tmp\nsProcess.dll 3.9s C:\Users\Topevi\AppData\Local\Temp\nshC310.tmp 4.2s C:\Users\Topevi\AppData\Local\Temp\rund.log 4.2s C:\Users\Topevi\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\runner4.exe.log 4.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{34415DB3-8C2F-4346-8C0F-20DE3990380B} 4.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\38\7F31485E25D0A506.dat 5.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{13490959-59D8-4A76-ABA4-AD9165987979} Suspicious files ____________________________________________________________ C:\Users\Topevi\Downloads\Софтуер за чистене на шпиони\FRST64.exe Size . . . . . . . : 2 131 456 bytes Age . . . . . . . : 1.7 days (2015-02-03 14:37:55) Entropy . . . . . : 7.5 SHA-256 . . . . . : 75A43C7DCD832E78EE09AFE27A6C3C8EF33470D1323A781EEC04E13E4F3197A0 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -35.4s C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0197fa -35.0s C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0197fc -34.9s C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0197fd -34.8s C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0197fe -34.8s C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0197ff -34.4s C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_019801 -34.3s C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_019802 -34.1s C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_019804 -34.1s C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_019805 -33.8s C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_019806 -32.6s C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bleepingcomputer.com_0.localstorage -32.6s C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bleepingcomputer.com_0.localstorage-journal -9.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BACCA348-E38E-473E-A778-EA0EE570B550} -7.1s C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_019807 -6.6s C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_019808 -3.3s C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_019809 0.0s C:\Users\Topevi\Downloads\Софтуер за чистене на шпиони\FRST64.exe 21.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{EBD310F6-97C4-4EE1-B061-DEA1421EC4DF} 26.6s C:\Users\Topevi\Downloads\Софтуер за чистене на шпиони\ Potential Unwanted Programs _________________________________________________ HKU\S-1-5-21-1122275992-2765460205-3088440645-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{54739D49-AC03-4C57-9264-C5195596B3A1} (Linkey) Cookies _____________________________________________________________________ C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.petel.bg C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.sbb.bg C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adsrvmedia.net C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.betweendigital.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bg-mamma.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bta.bg C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.clipconverter.cc C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.doctiming.bg C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.fhl.bg C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.kaldata.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.novinar.bg C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ookla.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.servebom.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.standartnews.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.temadaily.bg C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trafficnews.bg C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.webcafe.bg C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.zajenata.bg C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.abv.bg C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertone.ru C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:diff3.smartadserver.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:gmeurope.112.2o7.net C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:survey.g.doubleclick.net C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\2PZNUKNA.txt C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\8MMSEV28.txt C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\8UQ8NN60.txt C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\BJCCVEW7.txt C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\PINE7N7H.txt C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\Q5IO5FDR.txt C:\Users\Topevi\AppData\Local\Microsoft\Windows\INetCookies\RD9Z9PQD.txt mbamb.txt
  3. Marangoza

    Как да премахна isearch.omiga-plus.com

    Стъпка 1 - AdvCleaner[sO].txt - прикачен! Стъпка 2 - JRT.txt - прикачен! Стъпка 3 - Изпълнена според указанията,но не успях да открия къде се скри лог файла... Стъпка 4 - Изпълнена според указанията,също не успях да го открия...! Явно програмките свършиха работа,защото isearch.omiga-plus.com изчезна! Благодаря за помощта! AdwCleanerS0.txt JRT.txt
  4. Marangoza

    Как да премахна isearch.omiga-plus.com

    Ето го и лог файла... прикачен! Fixlog.txt
  5. Marangoza

    Как да премахна isearch.omiga-plus.com

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by Topevi (administrator) on TOPEVI-PC on 03-02-2015 14:42:52 Running from C:\Users\Topevi\Downloads\Софтуер за чистене на шпиони Loaded Profiles: Topevi (Available profiles: Topevi) Platform: Windows 8.1 Enterprise (X64) OS Language: Английски (Съединени щати) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (XTab system) C:\Program Files (x86)\XTab\ProtectService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (BitTorrent, Inc.) C:\Program Files\BitTorrent Sync\BTSync.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe () C:\Users\Topevi\AppData\Local\Viber\Viber.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-09-05] () HKU\S-1-5-21-1122275992-2765460205-3088440645-1001\...\Run: [bitTorrent Sync] => C:\Program Files\BitTorrent Sync\BTSync.exe [5034336 2014-11-16] (BitTorrent, Inc.) HKU\S-1-5-21-1122275992-2765460205-3088440645-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30526056 2014-11-06] (Skype Technologies S.A.) HKU\S-1-5-21-1122275992-2765460205-3088440645-1001\...\Run: [Viber] => C:\Users\Topevi\AppData\Local\Viber\Viber.exe [936656 2014-10-20] () HKU\S-1-5-21-1122275992-2765460205-3088440645-1001\...\Run: [TornTv Downloader] => C:\Users\Topevi\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup AppInit_DLLs: C:\Users\Topevi\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => C:\Users\Topevi\AppData\Local\Linkey\IEEXTE~1\iedll64.dll File Not Found Startup: C:\Users\Topevi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Topevi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk ShortcutTarget: TornTvDownloader.lnk -> C:\Users\Topevi\AppData\Roaming\TornTV.com\TornTV Downloader.exe (No File) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE&q={searchTerms} HKU\S-1-5-21-1122275992-2765460205-3088440645-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE&q={searchTerms} HKU\S-1-5-21-1122275992-2765460205-3088440645-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE HKU\S-1-5-21-1122275992-2765460205-3088440645-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-1122275992-2765460205-3088440645-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKU\S-1-5-21-1122275992-2765460205-3088440645-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE&q={searchTerms} HKU\S-1-5-21-1122275992-2765460205-3088440645-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=bg-BG&Src=WD8&Tid=0003295F&OHP=http%3A%2F%2Fwww.default%2Dsearch.net%3Fsid%3D503%26aid%3D100%26itype%3Dn%26ver%3D13986%26tm%3D533%26src%3Dhmp&OSP=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26sourceid%3Die7%26rls%3Dcom.microsoft%3A%7Blanguage%7D%3A%7Breferrer%3Asource%7D%26ie%3D%7BinputEncoding%3F%7D%26oe%3D%7BoutputEncoding%3F%7D HKU\S-1-5-21-1122275992-2765460205-3088440645-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE&q={searchTerms} SearchScopes: HKU\S-1-5-21-1122275992-2765460205-3088440645-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=ST3250318AS_9VMRSLGE&ts=1422909592&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1122275992-2765460205-3088440645-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=ST3250318AS_9VMRSLGE&ts=1422909592&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1122275992-2765460205-3088440645-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=ST3250318AS_9VMRSLGE&ts=1422909592&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1122275992-2765460205-3088440645-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=ST3250318AS_9VMRSLGE&ts=1422909592&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1122275992-2765460205-3088440645-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=ST3250318AS_9VMRSLGE&ts=1422909592&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1122275992-2765460205-3088440645-1001 -> {82E27AE9-D42C-42AA-8EC3-390724CF90E6} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=ST3250318AS_9VMRSLGE&ts=1422909592&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1122275992-2765460205-3088440645-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ild&utm_campaign=install_ie&utm_content=ds&from=ild&uid=ST3250318AS_9VMRSLGE&ts=1422909592&type=default&q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File Toolbar: HKLM-x32 - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 87.121.24.12 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) Chrome: ======= CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE CHR StartupUrls: Default -> "https://www.google.bg/","hxxp://www.google.bg/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Документи) - C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-16] CHR Extension: (Google Диск) - C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-16] CHR Extension: (YouTube) - C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-16] CHR Extension: (Google Търсене) - C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-16] CHR Extension: (Solitaire) - C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkbhppfbabandkdmgjmifahoabeodiep [2015-02-03] CHR Extension: (Google Wallet) - C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-16] CHR Extension: (Gmail) - C:\Users\Topevi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-16] StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=sc&ts=1422909507&from=ild&uid=ST3250318AS_9VMRSLGE Opera: ======= OPR Extension: (Radio Canyon) - C:\Users\Topevi\AppData\Roaming\Opera Software\Opera Stable\Extensions\bikofacodmhdpkfdeeocponfcgjcdfbk [2014-11-16] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system) R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-09-05] (NVIDIA Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-02-02] (SysTool PasSame LIMITED) [File not signed] S2 McShield; C:\PROGRA~2\McAfee\VIRUSS~1\mcshield.exe [X] S3 McSysmon; C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S1 mferkdk; C:\Program Files (x86)\McAfee\VirusScan\mferkdk.sys [33832 2007-11-22] (McAfee, Inc.) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S1 MpKsl0590610f; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A1040995-C775-4062-BA7B-AE80289232D9}\MpKsl0590610f.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 14:42 - 2015-02-03 14:42 - 00000000 ____D () C:\FRST 2015-02-03 14:38 - 2015-02-03 14:42 - 00000000 ____D () C:\Users\Topevi\Downloads\Софтуер за чистене на шпиони 2015-02-03 10:43 - 2015-02-03 10:43 - 00002357 _____ () C:\Users\Topevi\Desktop\Стартов панел с приложения за Chrome.lnk 2015-02-03 10:43 - 2015-02-03 10:43 - 00000000 ____D () C:\Users\Topevi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения в Chrome 2015-02-03 10:43 - 2015-02-03 10:43 - 00000000 ____D () C:\Users\Topevi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-02-02 22:40 - 2015-02-03 09:09 - 00001362 _____ () C:\Windows\Tasks\TYDWJT.job 2015-02-02 22:40 - 2015-02-02 22:40 - 02020824 _____ (HDPlus-3.1TotalV02.02) C:\Users\Topevi\AppData\Roaming\TYDWJT.exe 2015-02-02 22:40 - 2015-02-02 22:40 - 00004374 _____ () C:\Windows\System32\Tasks\TYDWJT 2015-02-02 22:40 - 2015-02-02 22:40 - 00000000 ____D () C:\ProgramData\IHProtectUpDate 2015-02-02 22:39 - 2015-02-02 22:40 - 00000000 ____D () C:\Program Files (x86)\XTab 2015-02-02 22:39 - 2015-02-02 22:39 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2015-02-02 22:37 - 2015-02-03 08:20 - 00001358 _____ () C:\Windows\Tasks\WSPT.job 2015-02-02 22:37 - 2015-02-02 22:37 - 01831384 _____ (Qwerty) C:\Users\Topevi\AppData\Roaming\WSPT.exe 2015-02-02 22:37 - 2015-02-02 22:37 - 00004368 _____ () C:\Windows\System32\Tasks\WSPT 2015-02-02 17:31 - 2014-04-16 01:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll 2015-02-02 17:31 - 2014-04-16 01:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll 2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\Topevi\AppData\Roaming\WSPT 2015-01-25 18:12 - 2015-01-25 18:12 - 00001248 _____ () C:\Users\Topevi\AppData\Roaming\TYDWJT 2015-01-19 10:17 - 2015-01-19 17:43 - 00002822 _____ () C:\Users\Topevi\Documents\CONDEMNED WORLD - Rank.ods 2015-01-14 07:58 - 2015-01-14 11:43 - 00005315 _____ () C:\Users\Topevi\Documents\CONDEMNED WORLD - RANK LIST LEVEL.odt 2015-01-14 06:46 - 2014-12-19 08:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 06:46 - 2014-12-12 04:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 06:46 - 2014-12-12 02:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys 2015-01-14 06:46 - 2014-12-09 03:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 06:46 - 2014-12-08 21:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2015-01-14 06:46 - 2014-12-08 21:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-01-14 06:46 - 2014-12-08 21:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2015-01-14 06:46 - 2014-12-08 21:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2015-01-14 06:46 - 2014-12-08 21:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2015-01-14 06:46 - 2014-12-08 21:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-01-14 06:46 - 2014-12-08 21:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2015-01-14 06:46 - 2014-12-08 21:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe 2015-01-14 06:46 - 2014-12-06 05:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-01-14 06:46 - 2014-12-06 03:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 06:46 - 2014-12-06 03:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2015-01-14 06:46 - 2014-10-29 06:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2015-01-14 06:46 - 2014-10-29 06:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2015-01-14 06:46 - 2014-10-29 05:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-01-14 06:46 - 2014-10-29 05:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-01-14 06:46 - 2014-10-29 05:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-01-14 06:46 - 2014-10-29 05:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-01-14 06:46 - 2014-10-29 05:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2015-01-14 06:46 - 2014-10-29 05:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2015-01-14 06:46 - 2014-10-29 05:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-01-14 06:46 - 2014-10-29 05:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-01-14 06:46 - 2014-10-29 05:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-01-14 06:46 - 2014-10-29 04:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-01-14 06:46 - 2014-10-29 03:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2015-01-14 06:46 - 2014-10-29 03:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-14 06:46 - 2014-10-29 03:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-01-14 06:46 - 2014-10-29 03:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-09 09:46 - 2015-01-09 09:46 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-09 09:43 - 2015-01-09 09:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Topevi\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-07 15:55 - 2015-01-08 09:09 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2015-01-04 21:46 - 2015-01-04 21:46 - 00000000 ____D () C:\Users\Topevi\Documents\АВТОРСКО ПРАВО 2015-01-04 21:46 - 2015-01-04 21:46 - 00000000 ____D () C:\Users\Topevi\Documents\VINO and RAKIYA 2015-01-04 21:45 - 2014-11-06 19:49 - 00003085 _____ () C:\Users\Topevi\Documents\Овесени бисквитки.txt 2015-01-04 21:45 - 2012-03-02 15:23 - 00005009 _____ () C:\Users\Topevi\Documents\ТАБЛИЦА БЯГАНЕ.txt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 14:40 - 2014-11-12 12:32 - 00000000 ____D () C:\Users\Topevi\AppData\Roaming\Skype 2015-02-03 14:33 - 2015-01-03 16:18 - 00000000 ____D () C:\Users\Topevi\AppData\Local\Viber 2015-02-03 14:26 - 2014-11-12 20:21 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1122275992-2765460205-3088440645-1001 2015-02-03 14:24 - 2014-11-16 10:07 - 00000000 ____D () C:\Users\Topevi\AppData\Roaming\BitTorrent Sync 2015-02-03 14:23 - 2014-11-12 20:50 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FA72B586-AFB6-4178-A077-DB708B7A9520} 2015-02-03 11:04 - 2014-11-15 21:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-03 11:04 - 2014-11-12 20:13 - 01845764 _____ () C:\Windows\WindowsUpdate.log 2015-02-03 11:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2015-02-03 10:47 - 2014-11-15 21:42 - 00001018 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-03 10:45 - 2014-11-16 22:36 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2015-02-03 10:33 - 2014-11-19 21:32 - 00000000 ____D () C:\Users\Topevi\AppData\Roaming\Dropbox 2015-02-03 10:32 - 2014-12-17 19:29 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2015-02-03 07:41 - 2015-01-03 16:19 - 00000000 ____D () C:\Users\Topevi\AppData\Roaming\ViberPC 2015-02-03 07:40 - 2014-11-15 21:42 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-03 07:40 - 2014-11-15 18:03 - 00000000 ____D () C:\Users\Topevi\OneDrive 2015-02-02 22:38 - 2014-11-15 21:42 - 00002377 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-02 22:38 - 2014-11-12 20:16 - 00001616 _____ () C:\Users\Topevi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-02 22:38 - 2014-11-12 20:16 - 00000000 ____D () C:\Users\Topevi\AppData\Local\Packages 2015-02-02 17:33 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-02 17:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-01-30 18:12 - 2014-11-17 20:02 - 00000000 ____D () C:\Users\Topevi\.gimp-2.8 2015-01-27 23:12 - 2014-11-15 17:37 - 00000000 ____D () C:\KMPlayer 2015-01-24 22:20 - 2014-11-12 21:54 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-24 22:20 - 2014-11-12 21:54 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-21 11:29 - 2014-03-18 12:01 - 00818732 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-16 10:45 - 2014-11-12 12:32 - 00000000 ____D () C:\ProgramData\Skype 2015-01-16 10:43 - 2014-03-18 11:51 - 00334698 _____ () C:\Windows\PFRO.log 2015-01-16 10:43 - 2013-08-22 16:46 - 00021340 _____ () C:\Windows\setupact.log 2015-01-16 10:43 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-16 10:42 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-01-14 07:04 - 2014-11-15 21:42 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-14 07:04 - 2014-11-12 21:11 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 07:00 - 2014-11-12 21:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-09 10:05 - 2014-11-16 22:32 - 00000000 ____D () C:\Program Files (x86)\Settings Manager 2015-01-09 09:23 - 2014-11-28 08:52 - 00006796 _____ () C:\Users\Topevi\Documents\Джон Гришам.odt 2015-01-04 21:45 - 2014-12-19 23:45 - 00000000 ____D () C:\Users\Topevi\Documents\ОХРАНИТЕЛИ ==================== Files in the root of some directories ======= 2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Topevi\AppData\Roaming\TYDWJT 2015-02-02 22:40 - 2015-02-02 22:40 - 2020824 _____ (HDPlus-3.1TotalV02.02) C:\Users\Topevi\AppData\Roaming\TYDWJT.exe 2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Topevi\AppData\Roaming\WSPT 2015-02-02 22:37 - 2015-02-02 22:37 - 1831384 _____ (Qwerty) C:\Users\Topevi\AppData\Roaming\WSPT.exe 2015-01-03 15:25 - 2015-01-03 15:29 - 0005632 _____ () C:\Users\Topevi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-17 20:05 - 2014-11-17 20:05 - 0001042 _____ () C:\Users\Topevi\AppData\Local\recently-used.xbel Some content of TEMP: ==================== C:\Users\Topevi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7bzjht.dll C:\Users\Topevi\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Topevi\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Topevi\AppData\Local\Temp\ochelper.dll C:\Users\Topevi\AppData\Local\Temp\ochelper.exe C:\Users\Topevi\AppData\Local\Temp\ose00000.exe C:\Users\Topevi\AppData\Local\Temp\PIPInstaller_PTV_.exe C:\Users\Topevi\AppData\Local\Temp\Runner2.exe C:\Users\Topevi\AppData\Local\Temp\Runner4.exe C:\Users\Topevi\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Topevi\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Topevi\AppData\Local\Temp\ttv.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-27 13:30 ==================== End Of Log ============================ Addition.txt
  6. Така и не разбрах откъде се появи това досадно нещо. Моля за помощ!
  7. Marangoza

    Търся една песен, но не й знам името

    Голяма работа си deliverme Безкрайно благодаря!Бях загубил надежда...!
  8. Marangoza

    Търся една песен, но не й знам името

    На немски език пее мъж.За него знам,че е загинал при катастрофа с мотор. В припева на песента пее за жена на име Тиле,Филе или Циле/поне аз така чувам/ или нещо такова.Пускат я от време на време по радиата...
  9. Marangoza

    Линк: Онлайн игри

    Аз играя тук http://www.djidjibidji.com/index.php?option=com_joomlaflashgames&Itemid=187&task=view&id=396 и си падам по Mahjong! Има ги в изобилие.Може да се играе и без регистрация.
  10. Marangoza

    Запис на Видео SMS по Skype

    Не ми се отваря линка!
  11. Marangoza

    Запис на Видео SMS по Skype

    Тук има указания,но съм зле с английския - в четвъртия отговор са указанията - http://community.skype.com/t5/Windows-desktop-client/Download-a-video-message/td-p/1440237 Копнах ги: The easiest way is to: [*]Open the video in Google Chrome. Enter the Code (in one of the most dramatic prompts know to man, "it is time") and click play. [*]Once the video is well underway in playing, press F12 to bring up the Developer pane. Under "Frames" click on the header with a jumble of letters and numbers, then scroll down to XHR. [*]Right click the "flvs-play" resource reference, then either "Open link in new tab" or "Copy link location". [*]Press CTRL+S then save that file to whatever name you want. Before clicking OK, add the suffix ".flv" ("add that to the end of the name" is what I am trying to say).
  12. Marangoza

    Запис на Видео SMS по Skype

    Снимал го е таткото на детето и ми го праща като видео съобщение.Това е някаква нова опция на Скайпа.Клипчето го има там някъде,имам линк и код - винаги мога да го отворя и видя,искам го като съхранен файл на компа! Тук има инфо - http://www.skype.com/bg/features/video-messaging/
  13. Marangoza

    Запис на Видео SMS по Skype

    https://vm.skype.com/mail/името на изпращача/и много цифри и букви - 32 общо...Доколкото успях да разбера,клипчетата се съхраняват в сървър на Скайп
  14. Получих видео SMS по Skype - със линк и кода за отваряне. Мога да гледам клипчето без проблеми,но не знам как да си го запиша на компа.Оказа се,че и този който ми го прати,го няма в телефона си. Помагайте...! Много държа на това клипче - внучето прави първите си крачки
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.