Премини към съдържанието

Lyubomir Tsolov

Потребител
  • Публикации

    7
  • Регистрация

  • Последно онлайн

Харесвания

3 Неутрална репутация

Всичко за Lyubomir Tsolov

  • Титла
    Новобранец
  1. Ето дневника, искрени благодарности за съдействието! # DelFix v1.013 - Logfile created 01/03/2017 at 12:06:20 # Updated 17/04/2016 by Xplode # Username : Administrator - TSOLOV # Operating System : Windows 8.1 Pro (64 bits) ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\SecurityCheck Deleted : C:\Users\Administrator\Desktop\FRST-OlderVersion Deleted : C:\Users\Administrator\Desktop\Addition.txt Deleted : C:\Users\Administrator\Desktop\adwcleaner_6.043.exe Deleted : C:\Users\Administrator\Desktop\Fixlog.txt Deleted : C:\Users\Administrator\Desktop\FRST.txt Deleted : C:\Users\Administrator\Desktop\FRST64.exe Deleted : C:\Users\Administrator\Desktop\JRT.exe Deleted : C:\Users\Administrator\Desktop\JRT.txt Deleted : C:\Users\Administrator\Desktop\SecurityCheck.exe ~ Cleaning system restore ... Deleted : RP #40 [Scheduled Checkpoint | 02/20/2017 08:52:12] Deleted : RP #42 [Restore Point Created by FRST | 02/23/2017 16:39:05] Deleted : RP #43 [Removed Java 8 Update 101 (64-bit) | 02/24/2017 17:11:52] Deleted : RP #44 [JRT Pre-Junkware Removal | 02/24/2017 17:42:23] New restore point created ! ########## - EOF - ##########
  2. Привет, радвам се, че вече съм почистил лаптопа от всяккави вирусоподони , ето резултата от скана: # AdwCleaner v6.043 - Logfile created 27/02/2017 at 19:19:46 # Updated on 27/01/2017 by Malwarebytes # Database : 2017-02-27.1 [Server] # Operating System : Windows 8.1 Pro (X64) # Username : Administrator - TSOLOV # Running from : C:\Users\Administrator\Desktop\adwcleaner_6.043.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Freeware Sys\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegneaniplmfjcmohoclabblbahcbjoe ***** [ Files ] ***** [-] File deleted: C:\Users\Freeware Sys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hegneaniplmfjcmohoclabblbahcbjoe_0.localstorage [-] File deleted: C:\Users\Freeware Sys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hegneaniplmfjcmohoclabblbahcbjoe_0.localstorage-journal ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\OverlayIcon.MyOverlayIcon [-] Key deleted: HKLM\SOFTWARE\Classes\OverlayIcon.MyOverlayIcon.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OverlayIcon.MyOverlayIcon [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OverlayIcon.MyOverlayIcon.1 [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5} [-] Key deleted: HKU\.DEFAULT\Software\ByteFence [#] Key deleted on reboot: HKU\S-1-5-18\Software\ByteFence [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL ***** [ Web browsers ] ***** [-] [C:\Users\Freeware Sys\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\Freeware Sys\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com [-] [C:\Users\Freeware Sys\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: hegneaniplmfjcmohoclabblbahcbjoe [-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [2484 Bytes] - [27/02/2017 19:19:46] C:\AdwCleaner\AdwCleaner[S0].txt - [2685 Bytes] - [24/02/2017 19:35:32] C:\AdwCleaner\AdwCleaner[S1].txt - [2704 Bytes] - [27/02/2017 19:19:02] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2703 Bytes] ##########
  3. Привет, вече нямам проблеми при сърфирането и Аваста не ми блокира заплахи постоянно, както в началото. Инсталирах Javata. Като цяло всичко ми се вижда ОК, вече за в бъдеще ще внимавам какви програми инсталирам . Надявам се да нямам такива проблеми повече. Ще съм изключително благодарен, ако ми препоръчате софтуери за ефективна защита срещу нежеланите 'гости'. Ето резултатите: JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.0 (12.05.2016) Operating System: Windows 8.1 Pro x64 Ran by Administrator (Administrator) on Fri 02/24/2017 at 19:42:22.35 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 3 Successfully deleted: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder) Successfully deleted: C:\Users\Administrator\Desktop\ebay.lnk (Shortcut) Registry: 1 Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Jing (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 02/24/2017 at 19:49:42.88 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ADW Cleaner # AdwCleaner v6.043 - Logfile created 24/02/2017 at 19:35:32 # Updated on 27/01/2017 by Malwarebytes # Database : 2017-02-23.4 [Server] # Operating System : Windows 8.1 Pro (X64) # Username : Administrator - TSOLOV # Running from : C:\Users\Administrator\Desktop\adwcleaner_6.043.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** Folder Found: C:\Users\Freeware Sys\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegneaniplmfjcmohoclabblbahcbjoe ***** [ Files ] ***** File Found: C:\Users\Administrator\Desktop\eBay.lnk File Found: C:\Users\Freeware Sys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hegneaniplmfjcmohoclabblbahcbjoe_0.localstorage File Found: C:\Users\Freeware Sys\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hegneaniplmfjcmohoclabblbahcbjoe_0.localstorage-journal ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** Key Found: HKLM\SOFTWARE\Classes\OverlayIcon.MyOverlayIcon Key Found: HKLM\SOFTWARE\Classes\OverlayIcon.MyOverlayIcon.1 Key Found: [x64] HKLM\SOFTWARE\Classes\OverlayIcon.MyOverlayIcon Key Found: [x64] HKLM\SOFTWARE\Classes\OverlayIcon.MyOverlayIcon.1 Key Found: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5} Key Found: HKU\.DEFAULT\Software\ByteFence Key Found: HKU\S-1-5-18\Software\ByteFence Key Found: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL ***** [ Web browsers ] ***** No malicious Firefox based browser items found. Chrome pref Found: [C:\Users\Freeware Sys\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com Chrome pref Found: [C:\Users\Freeware Sys\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com Chrome pref Found: [C:\Users\Freeware Sys\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hegneaniplmfjcmohoclabblbahcbjoe Chrome pref Found: [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com Chrome pref Found: [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [2525 Bytes] - [24/02/2017 19:35:32] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2598 Bytes] ##########
  4. SecurityCheck by glax24 SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16] WebSite: www.safezone.cc DateLog: 23.02.2017 18:49:55 Path starting: C:\Users\Administrator\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Administrator VersionXML: 3.94is-22.02.2017 ___________________________________________________________________________ Windows 8.1(6.3.9600) (x64) Professional Lang: English(0409) Installation date OS: 31.07.2016 18:44:38 LicenseStatus: Windows(R), Professional edition Volume activation will expire : 255792 minutes Boot Mode: Normal Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe SystemDrive: C: FS: [NTFS] Capacity: [125.5 Gb] Used: [75.8 Gb] Free: [49.7 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.0.9600.18538 User Account Control enabled Automatically download and schedule installation Date install updates: 2017-02-23 07:28:44 Windows Update (wuauserv) - The service has stopped Security Center (wscsvc) - The service is running Remote Registry (RemoteRegistry) - The service has stopped SSDP Discovery (SSDPSRV) - The service is running Remote Desktop Services (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2010 x86 v.14.0.7015.1000 ---------------------------- [ Antivirus_WMI ] ---------------------------- Windows Defender (disabled and up to date) Avast Antivirus (enabled and up to date) Malwarebytes (disabled and up to date) --------------------------- [ FirewallWindows ] --------------------------- Windows Firewall (MpsSvc) - The service is running --------------------------- [ AntiSpyware_WMI ] --------------------------- Malwarebytes (disabled and up to date) Windows Defender (disabled and up to date) Avast Antivirus (enabled and up to date) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Avast Free Antivirus v.12.3.2280 McAfee WebAdvisor v.4.0.228 -------------------------- [ SecurityUtilities ] -------------------------- Malwarebytes version 3.0.6.1469 v.3.0.6.1469 Malwarebytes Anti-Malware version 2.2.0.1024 v.2.2.0.1024 --------------------------- [ OtherUtilities ] ---------------------------- WinRAR 5.40 (64-битова версия) v.5.40.0 --------------------------------- [ IM ] ---------------------------------- Viber v.6.5.5.1481 Skype™ 7.32 v.7.32.104 Warning! Download Update ^Optional update.^ --------------------------------- [ P2P ] --------------------------------- µTorrent v.3.4.9.43295 Warning! P2P-client. -------------------------------- [ Java ] --------------------------------- Java 8 Update 101 (64-bit) v.8.0.1010.13 Warning! Download Update Uninstall old version and install new one (jre-8u121-windows-x64.exe). --------------------------- [ AdobeProduction ] --------------------------- Adobe Flash Player 24 PPAPI v.24.0.0.221 Adobe Acrobat Reader DC v.15.023.20070 [+] ------------------------------- [ Browser ] ------------------------------- Google Chrome v.56.0.2924.87 Mozilla Firefox 50.1.0 (x86 bg) v.50.1.0 Warning! Download Update --------------------------- [ RunningProcess ] ---------------------------- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.56.0.2924.87 ------------------ [ AntivirusFirewallProcessServices ] ------------------- Avast Antivirus (avast! Antivirus) - The service is running C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.12.3.3154.0 C:\Program Files\AVAST Software\Avast\avastui.exe v.12.3.3154.23 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe v.2.3.125.0 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.912 MBAMScheduler (MBAMScheduler) - The service is running C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe v.3.1.6.0 MBAMService (MBAMService) - The service is running C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe v.3.2.19.0 McAfee SiteAdvisor Service (McAfee SiteAdvisor Service) - The service is running C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe v.4.0.4.228 Windows Defender Service (WinDefend) - The service has stopped Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped ----------------------------- [ End of Log ] ------------------------------ Fixlog.txt
  5. Teглене на пари от PayPal

    Аз имам две дебитни карти вързани към PayPal, нямам проблеми с тегленето на пари. В началото верификацията може да ти отнеме време (да ти дръпне парите и да потвърдиш картата). Ти преди колко време 'закачи' картата? Проблемът ти е технически, пропускаш нещи някъде, най-добре утре звънни един тел. на PayPal и те ще ти кажат дали имаш вързана карта и какъв е проблемът. Иначе ние можем само да гадаем . Успех!
  6. Привет и благодаря за отговора .Направих скан, лаптопът не успя да се рестартира, даде ми че има грешка, изчаках 6-7 минути и го изключих. След като го включих видях, че има няколко файла под "карантина" в софтуера, не знам дали да ги Delete-вам тези файлове? Ето резултатът: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2/22/2017 Scan Time: 22:31 Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2017.02.22.06 Rootkit Database: v2017.02.15.01 License: Trial Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Enabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Administrator Scan Type: Threat Scan Result: Completed Objects Scanned: 338904 Time Elapsed: 46 min, 5 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 2 PUP.Optional.InstallCore, HKU\S-1-5-21-3300430423-2398631023-3583367282-500\SOFTWARE\csastats, Quarantined, [e7173273b7f1bc7a80db7c4f70931de3], PUP.Optional.ProductSetup, HKU\S-1-5-21-3300430423-2398631023-3583367282-500\SOFTWARE\PRODUCTSETUP, Quarantined, [4ab4b4f1d4d41620d6a42566ea197090], Registry Values: 1 PUP.Optional.ProductSetup, HKU\S-1-5-21-3300430423-2398631023-3583367282-500\SOFTWARE\PRODUCTSETUP|tb, 0U1S1H0G1O1D1O2Y, Quarantined, [4ab4b4f1d4d41620d6a42566ea197090] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.AshampooRegistryCleaner, C:\ProgramData\Ashampoo\ico_ashampoo_marketplace.ico, Quarantined, [01fdb4f15454af8748c0359c768a8b75], Physical Sectors: 0 (No malicious items detected) (end) Сканиране с Farbar Recovery Scan Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2017 01 Ran by Administrator (administrator) on TSOLOV (22-02-2017 23:33:10) Running from C:\Users\Administrator\Desktop Loaded Profiles: Administrator (Available Profiles: Freeware Sys & Administrator) Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Windows\SysWOW64\SupportAppPT\cdrom_monEx.exe () C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe () C:\Program Files (x86)\MobileBrServ\mbbService.exe (Nitro PDF Software) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe () C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe (pCloud AG) C:\Program Files (x86)\pCloud Drive\pCloud.exe (Viber Media S.Ã r.l.) C:\Users\Administrator\AppData\Local\Viber\Viber.exe (IrisTech) C:\Users\Administrator\AppData\Local\Iris\Iris.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe () C:\Program Files\VIVACOM 3G USB MODEM\ModemListener.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor) HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6340312 2014-06-10] (Realtek semiconductor) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16093512 2016-07-31] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [8235848 2016-07-31] (Lenovo(beijing) Limited) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-06] (Microsoft Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software) HKLM-x32\...\Run: [ModemListener] => C:\Program Files\VIVACOM 3G USB MODEM\ModemListener.exe [98304 2010-01-27] () HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2911224 2015-09-12] (TechSmith Corporation) HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe [3204360 2016-06-30] (pCloud AG) HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\Run: [Viber] => C:\Users\Administrator\AppData\Local\Viber\Viber.exe [34978896 2017-02-15] (Viber Media S.Ã r.l.) <===== ATTENTION HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\Run: [Iris] => C:\Users\Administrator\AppData\Local\Iris\Iris.exe [7685872 2017-01-30] (IrisTech) <===== ATTENTION HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\Policies\Explorer: [NoCDBurning] 1 HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {116b6c53-6117-11e6-8259-a4c4945d0e70} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {1bb05e75-7d6a-11e6-8260-2e75887e5893} - "E:\AutoRun.exe" HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {1bb06803-7d6a-11e6-8260-2e75887e5893} - "E:\autorun.exe" HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {31f3c1ec-71fe-11e6-825e-a4c4945d0e70} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {5f1eac78-575a-11e6-8255-a4c4945d0e70} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {5f67aa72-e882-11e6-8288-a4c4945d0e70} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {5f67aa7b-e882-11e6-8288-a4c4945d0e70} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {638a240b-c6fc-11e6-827c-a4c4945d0e70} - "E:\AutoRun.exe" HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {84db4d26-9d00-11e6-826b-a4c4945d0e70} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-18\...\RunOnce: [WTK_IE_Google_Search] => REG ADD HKCU\Software\Microsoft\Internet Explorer\SearchScopes /v DefaultScope /t REG_SZ /d {637D6E3C-DF93-48A5-8362-159A8AC56B11} /f HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoCDBurning] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 SSODL: EldosMountNotificator-cbfs6 - {F676E56F-9371-4872-AEBE-9F872BE892EE} - C:\Windows\system32\cbfsMntNtf6.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator-cbfs6 - {F676E56F-9371-4872-AEBE-9F872BE892EE} - C:\Windows\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [ pCloudINPROGRESS] -> {D8BFAFBD-B670-4252-9C17-9CF1C64C2BAF} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2016-05-17] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ pCloudINSYNC] -> {8D0C0582-552A-4A6B-9455-DA63E1F329C0} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2016-05-17] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ pCloudNOSYNC] -> {3858ED1B-8F1C-42ED-A8A9-FDBF591E3C6B} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2016-05-17] (TODO: <Company name>) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-13] (AVAST Software) ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {58F84CE6-D694-4CD8-A3D9-09CF7E7507A1} => C:\Windows\system32\cbfsMntNtf6.dll [2016-06-13] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {58F84CE6-D694-4CD8-A3D9-09CF7E7507A1} => C:\Windows\SysWOW64\cbfsMntNtf6.dll [2016-06-13] (EldoS Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{874264E3-1671-4C96-9622-F930CE95FA21}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{97800F32-8760-4EBC-9CF2-37BFD25E90AF}: [NameServer] 77.70.79.1,89.190.192.248 Tcpip\..\Interfaces\{97800F32-8760-4EBC-9CF2-37BFD25E90AF}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{C5B7A033-CABD-4F8C-8EC0-CD0D52457C5B}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{E680DC06-695D-4030-BE16-A3DF6D6E0093}: [NameServer] 77.70.79.1,89.190.192.248 Tcpip\..\Interfaces\{E680DC06-695D-4030-BE16-A3DF6D6E0093}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3300430423-2398631023-3583367282-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.freewaresys.com SearchScopes: HKLM -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta= SearchScopes: HKU\.DEFAULT -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta= SearchScopes: HKU\S-1-5-21-3300430423-2398631023-3583367282-500 -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta= BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-31] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software) BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-31] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software) BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.) FireFox: ======== FF DefaultProfile: jkyltprx.default FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jkyltprx.default [2017-02-07] FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-24] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-13] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-13] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-31] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-31] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2016-03-03] (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3300430423-2398631023-3583367282-500: @citrixonline.com/appdetectorplugin -> C:\Users\Administrator\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-01-28] (Citrix Online) Chrome: ======= CHR HomePage: Default -> hxxp://avg.nation.com/avgtbavg/search/home?cid={4B9278AC-AE90-4516-BAFF-1BB4359E4035}&mid=38416ef74ac347d0829dd15020d0c756-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-30 08:26:31&v=17.0.1.9&pid=nation&sg=0&sap=hp&cmpid=0913b CHR StartupUrls: Default -> "hxxp://google.bg/" CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-02-22] CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-04] CHR Extension: (Bulk Resize Photos) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\addiiebmcbaoggjglpjjphnfnjkdjcac [2017-02-09] CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-04] CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-04] CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-04] CHR Extension: (Honey) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-02-22] CHR Extension: (Avast Online Security (BETA)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-02-22] CHR Extension: (Adobe Acrobat) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-31] CHR Extension: (Avast SafePrice) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-16] CHR Extension: (Avast SafePrice) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcoadmpfijfcmokecmkgolhbaeclfage [2016-11-16] CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-04] CHR Extension: (Readium) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2017-02-04] CHR Extension: (News Feed Eradicator for Facebook) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjcldmjmjhkklehbacihaiopjklihlgg [2016-12-15] CHR Extension: (Facebook™ Chat Privacy) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpgaanechfneiboempkfjghninbibjn [2017-01-02] CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-04] CHR Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16] CHR Extension: (Pinterest Save Button) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-02-22] CHR Extension: (Video Ad Blocker Plus) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegneaniplmfjcmohoclabblbahcbjoe [2016-08-04] CHR Extension: (DS Amazon Quick View) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkompbllimaoekaogchhkmkdogpkhojg [2017-02-22] CHR Extension: (Grammarly for Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-02-04] CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2017-02-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19] CHR Extension: (Simple EPUB Reader) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2016-08-13] CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-04] CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Autorun CDROM Monitor; C:\Windows\SysWOW64\SupportAppPT\cdrom_monEx.exe [86016 2007-12-21] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-13] (AVAST Software) R2 DeviceManager; C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe [40960 2009-11-17] () [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [125168 2014-12-13] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-11-21] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-06] (McAfee, Inc.) R2 Mobile Broadband HL Service; C:\Program Files (x86)\MobileBrServ\mbbservice.exe [242264 2016-03-24] () R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [327320 2016-03-03] (Nitro PDF Software) R2 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [417944 2016-03-03] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-13] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-13] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-13] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-13] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-13] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-25] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-13] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-14] (AVAST Software) R3 BthMtpEnum; C:\Windows\system32\DRIVERS\BthMtpEnum.sys [62976 2013-08-22] (Microsoft Corporation) R1 cbfs6; C:\Windows\system32\drivers\cbfs6.sys [460992 2016-06-13] (EldoS Corporation) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] () R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [231152 2014-12-13] (Intel Corporation) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [109272 2015-10-05] (Malwarebytes) S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-22] (Malwarebytes) S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-22] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [91584 2017-02-22] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2017-02-22] (Malwarebytes) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-26] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-24] (Realsil Semiconductor Corporation) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9121496 2014-06-10] (Realtek Semiconductor Corp.) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2016-06-13] (EldoS Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-22 23:33 - 2017-02-22 23:33 - 00000000 ____D C:\Users\Administrator\Desktop\FRST-OlderVersion 2017-02-22 22:29 - 2017-02-22 22:29 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2017-02-22 22:29 - 2017-02-22 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2017-02-22 22:28 - 2017-02-22 22:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-02-22 22:28 - 2017-02-22 22:28 - 22908888 _____ (Malwarebytes ) C:\Users\Administrator\Desktop\mbam-setup-2.2.0.1024.exe 2017-02-22 22:26 - 2017-02-22 22:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Geek Uninstaller 2017-02-22 22:25 - 2017-02-22 22:25 - 02793495 _____ C:\Users\Administrator\Desktop\geek.zip 2017-02-22 22:25 - 2017-01-26 10:08 - 06960664 _____ (Geek Unіnstaller) C:\Users\Administrator\Desktop\geek.exe 2017-02-22 09:29 - 2017-02-22 09:32 - 00034411 _____ C:\Users\Administrator\Desktop\Addition.txt 2017-02-22 09:27 - 2017-02-22 23:33 - 02423296 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe 2017-02-22 09:27 - 2017-02-22 23:33 - 00029665 _____ C:\Users\Administrator\Desktop\FRST.txt 2017-02-22 09:27 - 2017-02-22 23:33 - 00000000 ____D C:\FRST 2017-02-22 09:16 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2017-02-22 09:15 - 2017-02-22 23:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-02-22 09:15 - 2017-02-22 22:58 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-02-22 09:15 - 2017-02-22 09:53 - 00001927 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-02-22 09:15 - 2017-02-22 09:15 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-02-22 09:15 - 2017-02-22 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-02-22 09:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-02-22 09:14 - 2017-02-22 22:28 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-02-22 09:14 - 2017-02-22 09:14 - 00000000 ____D C:\Program Files\Malwarebytes 2017-02-22 09:14 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-02-21 22:08 - 2017-02-21 22:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Viber 2017-02-20 12:06 - 2017-02-20 12:06 - 00001139 _____ C:\Users\Freeware Sys\Desktop\Fast Photo Renamer.lnk 2017-02-20 12:06 - 2017-02-20 12:06 - 00001139 _____ C:\Users\Administrator\Desktop\Fast Photo Renamer.lnk 2017-02-20 12:06 - 2017-02-20 12:06 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Fast Photo Renamer 2017-02-20 12:06 - 2017-02-20 12:06 - 00000000 ____D C:\Program Files (x86)\Fast Photo Renamer 2017-02-20 11:40 - 2017-02-20 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility 2017-02-20 11:40 - 2017-02-20 11:40 - 00000000 ____D C:\Program Files\Bulk Rename Utility 2017-02-12 17:36 - 2017-02-12 17:36 - 00324956 _____ C:\Users\Administrator\Desktop\CSFollowup.pdf 2017-02-11 18:12 - 2017-02-14 10:55 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\uTorrent 2017-02-08 20:16 - 2017-02-08 20:16 - 00290293 _____ C:\Users\Administrator\Desktop\Ekhart_Tole_-_Nova_Zemja_-_Probuzhdane_za_tselta_na_vashija_zhivot-4875-b.epub 2017-02-08 16:24 - 2017-02-08 16:26 - 00023870 _____ C:\Users\Administrator\Desktop\Tih Trans, enero 2017.xlsx 2017-02-08 09:18 - 2017-02-11 09:44 - 00009027 _____ C:\Users\Administrator\Desktop\Books-2017.xlsx 2017-02-06 10:48 - 2017-02-10 12:37 - 00000112 _____ C:\Users\Administrator\Desktop\Iphone-4.txt 2017-02-04 17:37 - 2017-02-04 17:37 - 00000000 _____ C:\Users\Administrator\Desktop\New Text Document (3).txt 2017-02-04 16:29 - 2017-02-04 16:29 - 02625295 _____ C:\Users\Administrator\Desktop\Promotions_Manager_Seller_Tutorial_US_20142.pdf 2017-02-03 15:40 - 2017-02-03 15:40 - 00769250 _____ C:\Users\Administrator\Desktop\How to hide prices.pdf 2017-02-03 15:39 - 2017-02-03 15:39 - 00152078 _____ C:\Users\Administrator\Desktop\Supplier Scorecard.xlsx 2017-02-01 20:24 - 2017-02-05 15:21 - 00000438 _____ C:\Users\Administrator\Desktop\New Text Document (2).txt 2017-02-01 19:00 - 2017-02-01 19:00 - 00005594 _____ C:\Users\Administrator\Desktop\The eCommerce Masters Walmart items for free shipping.xlsx 2017-02-01 18:42 - 2017-02-01 18:42 - 03349726 _____ C:\Users\Administrator\Desktop\business_2.psd 2017-02-01 18:25 - 2017-02-01 18:25 - 01067439 _____ C:\Users\Administrator\Desktop\Business-presentation.zip 2017-01-31 12:48 - 2017-01-31 12:48 - 00000146 _____ C:\Users\Administrator\AppData\Roaming\gamma_ramp.reg 2017-01-31 12:46 - 2017-01-31 12:46 - 00017408 _____ C:\Users\Administrator\AppData\Local\WebpageIcons.db 2017-01-31 12:46 - 2017-01-31 12:46 - 00001048 _____ C:\Users\Administrator\Desktop\Iris.lnk 2017-01-31 12:46 - 2017-01-31 12:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iris 2017-01-31 12:46 - 2017-01-31 12:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\Iris 2017-01-30 18:42 - 2017-01-30 18:42 - 01953463 _____ C:\Users\Administrator\Desktop\How to Get Your First 10,000 Instagram Followers Ebook.pdf 2017-01-29 22:17 - 2017-01-29 22:17 - 27490191 _____ C:\Users\Administrator\Desktop\Predpriemachestvo_101.pdf 2017-01-29 15:01 - 2017-01-29 15:02 - 00000000 ____D C:\Users\Administrator\Desktop\Vlado 2017-01-28 20:53 - 2017-02-22 23:15 - 00000568 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3300430423-2398631023-3583367282-500.job 2017-01-28 20:53 - 2017-02-22 22:14 - 00000664 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3300430423-2398631023-3583367282-500.job 2017-01-28 20:53 - 2017-02-20 08:40 - 00003680 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3300430423-2398631023-3583367282-500 2017-01-28 20:53 - 2017-02-20 08:40 - 00003584 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3300430423-2398631023-3583367282-500 2017-01-28 20:53 - 2017-01-28 20:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\Citrix 2017-01-28 20:53 - 2017-01-28 20:53 - 00000000 ____D C:\Program Files (x86)\Citrix 2017-01-26 19:33 - 2017-01-26 19:33 - 00022517 _____ C:\Users\Administrator\Desktop\Tablica-za-Profit-Blank.xlsx 2017-01-23 22:33 - 2017-01-23 22:33 - 00304840 _____ C:\Windows\Minidump\012317-37531-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-22 23:31 - 2016-08-04 04:45 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3300430423-2398631023-3583367282-500 2017-02-22 23:28 - 2017-01-22 22:22 - 00000000 ____D C:\Users\Administrator\Documents\ViberDownloads 2017-02-22 23:27 - 2017-01-22 22:21 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ViberPC 2017-02-22 23:24 - 2016-09-16 07:56 - 00000000 ____D C:\Program Files (x86)\McAfee 2017-02-22 23:24 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-22 23:18 - 2016-07-31 21:29 - 00000000 ____D C:\ProgramData\Ashampoo 2017-02-22 23:18 - 2014-11-21 09:18 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents 2017-02-22 23:07 - 2016-07-31 21:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-02-22 22:26 - 2016-09-24 07:01 - 00309242 _____ C:\Users\Administrator\Desktop\eBay-Items.xlsx 2017-02-22 22:10 - 2016-08-04 04:45 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3BDAE857-4E24-438B-8C7F-8B00A5A6DDF0} 2017-02-22 21:20 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf 2017-02-22 09:53 - 2017-01-20 20:52 - 00000000 ____D C:\Users\Administrator\Desktop\eBay-Info 2017-02-22 09:45 - 2016-07-31 21:18 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-02-22 06:40 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2017-02-21 10:01 - 2016-07-31 20:44 - 00000000 ____D C:\ProgramData\KMSAutoS 2017-02-20 22:55 - 2016-12-18 08:20 - 00000000 ____D C:\Users\Administrator\Desktop\New folder (3) 2017-02-20 16:13 - 2014-11-21 09:38 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-19 14:13 - 2016-12-11 16:12 - 00000000 ____D C:\Users\Administrator\Desktop\HTML 2017-02-18 12:40 - 2016-07-31 21:44 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-02-18 12:40 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-02-16 01:24 - 2016-08-08 17:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\uTorrent 2017-02-15 12:07 - 2016-07-31 21:44 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-02-15 12:07 - 2016-07-31 21:44 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-02-15 12:07 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed 2017-02-15 10:12 - 2017-01-22 09:45 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps 2017-02-14 13:35 - 2016-07-31 21:54 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2017-02-07 11:12 - 2017-01-15 09:53 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla 2017-02-07 11:07 - 2017-01-15 09:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla 2017-02-07 11:07 - 2017-01-15 09:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-07 02:17 - 2016-07-31 20:54 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-07 02:17 - 2016-07-31 20:54 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-06 22:43 - 2016-08-04 04:33 - 00000000 ____D C:\Users\Administrator 2017-02-06 21:41 - 2016-11-11 13:22 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-02-06 21:41 - 2016-11-11 13:22 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-02-05 09:02 - 2016-08-09 09:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\pCloud 2017-02-04 10:53 - 2016-10-02 20:25 - 00001456 _____ C:\Users\Administrator\AppData\Local\Adobe Save for Web 13.0 Prefs 2017-02-03 14:54 - 2016-08-05 12:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype 2017-02-03 11:39 - 2016-07-31 21:31 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-02-03 11:39 - 2016-07-31 21:31 - 00000000 ____D C:\ProgramData\Skype 2017-02-03 10:46 - 2016-09-30 13:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics 2017-02-02 23:11 - 2017-01-20 21:02 - 07434483 _____ C:\Users\Administrator\Desktop\Timothy Ferriss-Tools of Titans.pdf 2017-02-02 11:26 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2017-02-01 16:17 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF 2017-02-01 15:16 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2017-01-28 21:27 - 2017-01-19 12:46 - 00000000 ____D C:\Users\Administrator\Documents\Camtasia Studio 2017-01-24 09:05 - 2016-09-16 08:10 - 00004547 _____ C:\Users\Administrator\AppData\Roaming\CamStudio.cfg 2017-01-24 09:05 - 2016-09-16 08:10 - 00000408 _____ C:\Users\Administrator\AppData\Roaming\CamShapes.ini 2017-01-24 09:05 - 2016-09-16 08:10 - 00000408 _____ C:\Users\Administrator\AppData\Roaming\CamLayout.ini 2017-01-24 09:05 - 2016-09-16 08:10 - 00000096 _____ C:\Users\Administrator\AppData\Roaming\Camdata.ini 2017-01-24 09:05 - 2016-09-16 07:59 - 00000096 _____ C:\Users\Administrator\AppData\Roaming\version2.xml 2017-01-23 22:33 - 2017-01-12 05:47 - 914106798 _____ C:\Windows\MEMORY.DMP 2017-01-23 22:33 - 2017-01-12 05:47 - 00000000 ____D C:\Windows\Minidump ==================== Files in the root of some directories ======= 2016-08-18 22:54 - 2016-10-22 18:55 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe AIFF Format CS6 Prefs 2016-08-08 10:51 - 2016-10-03 12:59 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS6 Prefs 2016-09-16 08:10 - 2017-01-24 09:05 - 0000096 _____ () C:\Users\Administrator\AppData\Roaming\Camdata.ini 2016-09-16 08:10 - 2017-01-24 09:05 - 0000408 _____ () C:\Users\Administrator\AppData\Roaming\CamLayout.ini 2016-09-16 08:10 - 2017-01-24 09:05 - 0000408 _____ () C:\Users\Administrator\AppData\Roaming\CamShapes.ini 2016-09-16 08:10 - 2017-01-24 09:05 - 0004547 _____ () C:\Users\Administrator\AppData\Roaming\CamStudio.cfg 2017-01-31 12:48 - 2017-01-31 12:48 - 0000146 _____ () C:\Users\Administrator\AppData\Roaming\gamma_ramp.reg 2016-09-16 07:59 - 2017-01-24 09:05 - 0000096 _____ () C:\Users\Administrator\AppData\Roaming\version2.xml 2016-10-02 20:25 - 2017-02-04 10:53 - 0001456 _____ () C:\Users\Administrator\AppData\Local\Adobe Save for Web 13.0 Prefs 2017-01-31 12:46 - 2017-01-31 12:46 - 0017408 _____ () C:\Users\Administrator\AppData\Local\WebpageIcons.db 2016-07-31 21:01 - 2016-07-31 21:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Files to move or delete: ==================== C:\Users\Administrator\AppData\Local\Viber\Viber.exe C:\Users\Administrator\AppData\Local\Iris\Iris.exe Some files in TEMP: ==================== 2017-02-22 22:26 - 2017-02-22 22:26 - 3957784 _____ (Geek Unіnstaller) C:\Users\Administrator\AppData\Local\Temp\geek64.exe 2016-11-22 20:39 - 2016-11-22 20:39 - 43887064 _____ (Skype Technologies S.A.) C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe 2016-07-31 21:38 - 2010-03-16 16:12 - 0149352 ____R (Microsoft Corporation) C:\Users\Freeware Sys\AppData\Local\Temp\ose00000.exe 2016-07-31 21:07 - 2006-05-24 06:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Freeware Sys\AppData\Local\Temp\_isBA6A.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-21 18:03 ==================== End of FRST.txt ============================ Addition.txt
  7. Здравейте, пазарувам доста онлайн и днес ми се появи проблем. Avast - а започна да ми блокира заплаха Vbs:malware-gen, преди не съм имал този проблем, а сега се появява много често. Реших да инсталирам Malwarebytes и да сканирам с нея. Резултатът е еднa заплаха, която е RiskWare.IStealer и няколко Potentially Unwanted Programs. Въпросът ми е как да почистя лаптопа си и какво да инсталирам за да се защитя от тези заплахи за в бъдеще? Ще се радвам, ако ми препоръчате работещи софтуери, дори и платени такива. Работата ми е онлайн и се притеснявам за проблеми с източване на пари от картите ми .Благодаря предварително ! Съгласно инструкциите направих скан с Farbar, ето инфото: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017 Ran by Administrator (administrator) on TSOLOV (22-02-2017 09:27:48) Running from C:\Users\Administrator\Desktop Loaded Profiles: Administrator (Available Profiles: Freeware Sys & Administrator) Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Windows\SysWOW64\SupportAppPT\cdrom_monEx.exe () C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe () C:\Program Files (x86)\MobileBrServ\mbbService.exe (Nitro PDF Software) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe () C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe (pCloud AG) C:\Program Files (x86)\pCloud Drive\pCloud.exe (Viber Media S.Ã r.l.) C:\Users\Administrator\AppData\Local\Viber\Viber.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (IrisTech) C:\Users\Administrator\AppData\Local\Iris\Iris.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\VIVACOM 3G USB MODEM\ModemListener.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor) HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6340312 2014-06-10] (Realtek semiconductor) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16093512 2016-07-31] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [8235848 2016-07-31] (Lenovo(beijing) Limited) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-06] (Microsoft Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software) HKLM-x32\...\Run: [ModemListener] => C:\Program Files\VIVACOM 3G USB MODEM\ModemListener.exe [98304 2010-01-27] () HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2911224 2015-09-12] (TechSmith Corporation) HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe [3204360 2016-06-30] (pCloud AG) HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\Run: [Viber] => C:\Users\Administrator\AppData\Local\Viber\Viber.exe [34978896 2017-02-15] (Viber Media S.Ã r.l.) <===== ATTENTION HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\Run: [Iris] => C:\Users\Administrator\AppData\Local\Iris\Iris.exe [7685872 2017-01-30] (IrisTech) <===== ATTENTION HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\Run: [GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.) HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\Policies\Explorer: [NoCDBurning] 1 HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {116b6c53-6117-11e6-8259-a4c4945d0e70} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {1bb05e75-7d6a-11e6-8260-2e75887e5893} - "E:\AutoRun.exe" HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {1bb06803-7d6a-11e6-8260-2e75887e5893} - "E:\autorun.exe" HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {31f3c1ec-71fe-11e6-825e-a4c4945d0e70} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {5f1eac78-575a-11e6-8255-a4c4945d0e70} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {5f67aa72-e882-11e6-8288-a4c4945d0e70} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {5f67aa7b-e882-11e6-8288-a4c4945d0e70} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {638a240b-c6fc-11e6-827c-a4c4945d0e70} - "E:\AutoRun.exe" HKU\S-1-5-21-3300430423-2398631023-3583367282-500\...\MountPoints2: {84db4d26-9d00-11e6-826b-a4c4945d0e70} - "E:\HiSuiteDownLoader.exe" HKU\S-1-5-18\...\RunOnce: [WTK_IE_Google_Search] => REG ADD HKCU\Software\Microsoft\Internet Explorer\SearchScopes /v DefaultScope /t REG_SZ /d {637D6E3C-DF93-48A5-8362-159A8AC56B11} /f HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoCDBurning] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 SSODL: EldosMountNotificator-cbfs6 - {F676E56F-9371-4872-AEBE-9F872BE892EE} - C:\Windows\system32\cbfsMntNtf6.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator-cbfs6 - {F676E56F-9371-4872-AEBE-9F872BE892EE} - C:\Windows\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [ pCloudINPROGRESS] -> {D8BFAFBD-B670-4252-9C17-9CF1C64C2BAF} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2016-05-17] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ pCloudINSYNC] -> {8D0C0582-552A-4A6B-9455-DA63E1F329C0} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2016-05-17] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ pCloudNOSYNC] -> {3858ED1B-8F1C-42ED-A8A9-FDBF591E3C6B} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2016-05-17] (TODO: <Company name>) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-13] (AVAST Software) ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {58F84CE6-D694-4CD8-A3D9-09CF7E7507A1} => C:\Windows\system32\cbfsMntNtf6.dll [2016-06-13] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {58F84CE6-D694-4CD8-A3D9-09CF7E7507A1} => C:\Windows\SysWOW64\cbfsMntNtf6.dll [2016-06-13] (EldoS Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{874264E3-1671-4C96-9622-F930CE95FA21}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{97800F32-8760-4EBC-9CF2-37BFD25E90AF}: [NameServer] 77.70.79.1,89.190.192.248 Tcpip\..\Interfaces\{97800F32-8760-4EBC-9CF2-37BFD25E90AF}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{C5B7A033-CABD-4F8C-8EC0-CD0D52457C5B}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{E680DC06-695D-4030-BE16-A3DF6D6E0093}: [NameServer] 77.70.79.1,89.190.192.248 Tcpip\..\Interfaces\{E680DC06-695D-4030-BE16-A3DF6D6E0093}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3300430423-2398631023-3583367282-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.freewaresys.com SearchScopes: HKLM -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta= SearchScopes: HKU\.DEFAULT -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta= SearchScopes: HKU\S-1-5-21-3300430423-2398631023-3583367282-500 -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta= BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-31] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software) BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-31] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software) BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.) FireFox: ======== FF DefaultProfile: jkyltprx.default FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jkyltprx.default [2017-02-07] FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-20] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-13] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-13] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-31] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-31] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2016-03-03] (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3300430423-2398631023-3583367282-500: @citrixonline.com/appdetectorplugin -> C:\Users\Administrator\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-01-28] (Citrix Online) Chrome: ======= CHR HomePage: Default -> hxxp://avg.nation.com/avgtbavg/search/home?cid={4B9278AC-AE90-4516-BAFF-1BB4359E4035}&mid=38416ef74ac347d0829dd15020d0c756-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-30 08:26:31&v=17.0.1.9&pid=nation&sg=0&sap=hp&cmpid=0913b CHR StartupUrls: Default -> "hxxp://google.bg/" CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-02-22] CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-04] CHR Extension: (Bulk Resize Photos) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\addiiebmcbaoggjglpjjphnfnjkdjcac [2017-02-09] CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-04] CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-04] CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-04] CHR Extension: (Honey) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-02-22] CHR Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-12-08] CHR Extension: (Adobe Acrobat) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-31] CHR Extension: (Avast SafePrice) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-16] CHR Extension: (Avast SafePrice) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcoadmpfijfcmokecmkgolhbaeclfage [2016-11-16] CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-04] CHR Extension: (Readium) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2017-02-04] CHR Extension: (News Feed Eradicator for Facebook) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjcldmjmjhkklehbacihaiopjklihlgg [2016-12-15] CHR Extension: (Facebook™ Chat Privacy) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpgaanechfneiboempkfjghninbibjn [2017-01-02] CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-04] CHR Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16] CHR Extension: (Pinterest Save Button) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-02-22] CHR Extension: (Video Ad Blocker Plus) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegneaniplmfjcmohoclabblbahcbjoe [2016-08-04] CHR Extension: (DS Amazon Quick View) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkompbllimaoekaogchhkmkdogpkhojg [2016-11-08] CHR Extension: (Grammarly for Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-02-04] CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2017-02-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19] CHR Extension: (Simple EPUB Reader) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2016-08-13] CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-04] CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08] CHR Extension: (Ebay Keywords) - D:\New folder [2017-02-10] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 0100821486724068mcinstcleanup; C:\Windows\TEMP\010082~1.EXE [883024 2017-02-10] (McAfee, Inc.) R2 Autorun CDROM Monitor; C:\Windows\SysWOW64\SupportAppPT\cdrom_monEx.exe [86016 2007-12-21] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-13] (AVAST Software) R2 DeviceManager; C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe [40960 2009-11-17] () [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [125168 2014-12-13] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-11-21] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-01-09] (McAfee, Inc.) R2 Mobile Broadband HL Service; C:\Program Files (x86)\MobileBrServ\mbbservice.exe [242264 2016-03-24] () R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [327320 2016-03-03] (Nitro PDF Software) R2 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [417944 2016-03-03] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-01-31] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-13] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-13] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-13] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-13] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-13] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-25] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-13] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-14] (AVAST Software) R3 BthMtpEnum; C:\Windows\system32\DRIVERS\BthMtpEnum.sys [62976 2013-08-22] (Microsoft Corporation) R1 cbfs6; C:\Windows\system32\drivers\cbfs6.sys [460992 2016-06-13] (EldoS Corporation) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] () R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [231152 2014-12-13] (Intel Corporation) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-22] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-22] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-22] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-22] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2017-02-22] (Malwarebytes) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-26] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-24] (Realsil Semiconductor Corporation) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9121496 2014-06-10] (Realtek Semiconductor Corp.) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2016-06-13] (EldoS Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-22 09:27 - 2017-02-22 09:28 - 00030456 _____ C:\Users\Administrator\Desktop\FRST.txt 2017-02-22 09:27 - 2017-02-22 09:27 - 02422784 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe 2017-02-22 09:27 - 2017-02-22 09:27 - 00000000 ____D C:\FRST 2017-02-22 09:16 - 2017-02-22 09:16 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-02-22 09:15 - 2017-02-22 09:15 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-02-22 09:15 - 2017-02-22 09:15 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-02-22 09:15 - 2017-02-22 09:15 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-02-22 09:15 - 2017-02-22 09:15 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-02-22 09:15 - 2017-02-22 09:15 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-02-22 09:15 - 2017-02-22 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-02-22 09:14 - 2017-02-22 09:14 - 55566792 _____ (Malwarebytes ) C:\Users\Administrator\Desktop\mb3-setup-consumer-3.0.6.1469.exe 2017-02-22 09:14 - 2017-02-22 09:14 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-02-22 09:14 - 2017-02-22 09:14 - 00000000 ____D C:\Program Files\Malwarebytes 2017-02-22 09:14 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-02-21 22:08 - 2017-02-21 22:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Viber 2017-02-20 12:06 - 2017-02-20 12:06 - 00001139 _____ C:\Users\Freeware Sys\Desktop\Fast Photo Renamer.lnk 2017-02-20 12:06 - 2017-02-20 12:06 - 00001139 _____ C:\Users\Administrator\Desktop\Fast Photo Renamer.lnk 2017-02-20 12:06 - 2017-02-20 12:06 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Fast Photo Renamer 2017-02-20 12:06 - 2017-02-20 12:06 - 00000000 ____D C:\Program Files (x86)\Fast Photo Renamer 2017-02-20 11:40 - 2017-02-20 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility 2017-02-20 11:40 - 2017-02-20 11:40 - 00000000 ____D C:\Program Files\Bulk Rename Utility 2017-02-13 09:52 - 2017-02-13 09:52 - 00000000 ____D C:\Users\Administrator\Desktop\Amazon-Products 2017-02-12 17:36 - 2017-02-12 17:36 - 00324956 _____ C:\Users\Administrator\Desktop\CSFollowup.pdf 2017-02-11 18:12 - 2017-02-14 10:55 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\uTorrent 2017-02-11 09:50 - 2017-02-11 09:50 - 00017540 _____ C:\Users\Administrator\Desktop\35c7d2c59042def33f4a8d67078c5922fad5f01b_skytorrents.in.torrent 2017-02-08 20:16 - 2017-02-08 20:16 - 00290293 _____ C:\Users\Administrator\Desktop\Ekhart_Tole_-_Nova_Zemja_-_Probuzhdane_za_tselta_na_vashija_zhivot-4875-b.epub 2017-02-08 16:24 - 2017-02-08 16:26 - 00023870 _____ C:\Users\Administrator\Desktop\Tih Trans, enero 2017.xlsx 2017-02-08 09:18 - 2017-02-11 09:44 - 00009027 _____ C:\Users\Administrator\Desktop\Books-2017.xlsx 2017-02-06 10:48 - 2017-02-10 12:37 - 00000112 _____ C:\Users\Administrator\Desktop\Iphone-4.txt 2017-02-06 09:12 - 2017-02-20 22:55 - 00000000 ____D C:\Users\Administrator\Desktop\Card-Verification 2017-02-05 14:14 - 2017-02-09 12:46 - 00000000 ____D C:\Users\Administrator\Desktop\Orders 2017-02-04 17:37 - 2017-02-04 17:37 - 00000000 _____ C:\Users\Administrator\Desktop\New Text Document (3).txt 2017-02-04 16:29 - 2017-02-04 16:29 - 02625295 _____ C:\Users\Administrator\Desktop\Promotions_Manager_Seller_Tutorial_US_20142.pdf 2017-02-03 15:41 - 2017-02-20 22:55 - 00016730 _____ C:\Users\Administrator\Desktop\таблици.rar 2017-02-03 15:41 - 2017-02-03 15:41 - 00009260 _____ C:\Users\Administrator\Desktop\PayPal_.xlsx 2017-02-03 15:40 - 2017-02-03 15:40 - 00769250 _____ C:\Users\Administrator\Desktop\How to hide prices.pdf 2017-02-03 15:39 - 2017-02-03 15:39 - 00152078 _____ C:\Users\Administrator\Desktop\Supplier Scorecard.xlsx 2017-02-01 20:24 - 2017-02-05 15:21 - 00000438 _____ C:\Users\Administrator\Desktop\New Text Document (2).txt 2017-02-01 19:00 - 2017-02-01 19:00 - 00005594 _____ C:\Users\Administrator\Desktop\The eCommerce Masters Walmart items for free shipping.xlsx 2017-02-01 18:42 - 2017-02-01 18:42 - 03349726 _____ C:\Users\Administrator\Desktop\business_2.psd 2017-02-01 18:25 - 2017-02-01 18:25 - 01067439 _____ C:\Users\Administrator\Desktop\Business-presentation.zip 2017-01-31 12:48 - 2017-01-31 12:48 - 00000146 _____ C:\Users\Administrator\AppData\Roaming\gamma_ramp.reg 2017-01-31 12:46 - 2017-01-31 12:46 - 00017408 _____ C:\Users\Administrator\AppData\Local\WebpageIcons.db 2017-01-31 12:46 - 2017-01-31 12:46 - 00001048 _____ C:\Users\Administrator\Desktop\Iris.lnk 2017-01-31 12:46 - 2017-01-31 12:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iris 2017-01-31 12:46 - 2017-01-31 12:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\Iris 2017-01-30 18:42 - 2017-01-30 18:42 - 01953463 _____ C:\Users\Administrator\Desktop\How to Get Your First 10,000 Instagram Followers Ebook.pdf 2017-01-29 22:17 - 2017-01-29 22:17 - 27490191 _____ C:\Users\Administrator\Desktop\Predpriemachestvo_101.pdf 2017-01-29 15:01 - 2017-01-29 15:02 - 00000000 ____D C:\Users\Administrator\Desktop\Vlado 2017-01-28 20:53 - 2017-02-22 09:15 - 00000568 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3300430423-2398631023-3583367282-500.job 2017-01-28 20:53 - 2017-02-22 06:14 - 00000664 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3300430423-2398631023-3583367282-500.job 2017-01-28 20:53 - 2017-02-20 08:40 - 00003680 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3300430423-2398631023-3583367282-500 2017-01-28 20:53 - 2017-02-20 08:40 - 00003584 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3300430423-2398631023-3583367282-500 2017-01-28 20:53 - 2017-01-28 20:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\Citrix 2017-01-28 20:53 - 2017-01-28 20:53 - 00000000 ____D C:\Program Files (x86)\Citrix 2017-01-26 19:33 - 2017-01-26 19:33 - 00022517 _____ C:\Users\Administrator\Desktop\Tablica-za-Profit-Blank.xlsx 2017-01-23 22:33 - 2017-01-23 22:33 - 00304840 _____ C:\Windows\Minidump\012317-37531-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-22 09:17 - 2017-01-22 22:22 - 00000000 ____D C:\Users\Administrator\Documents\ViberDownloads 2017-02-22 09:15 - 2016-09-24 07:01 - 00307540 _____ C:\Users\Administrator\Desktop\eBay-Items.xlsx 2017-02-22 09:07 - 2016-07-31 21:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-02-22 06:40 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2017-02-22 06:13 - 2016-08-04 04:45 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3300430423-2398631023-3583367282-500 2017-02-22 06:05 - 2016-08-04 04:45 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3BDAE857-4E24-438B-8C7F-8B00A5A6DDF0} 2017-02-22 06:03 - 2017-01-22 22:21 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ViberPC 2017-02-21 21:53 - 2017-01-20 20:52 - 00000000 ____D C:\Users\Administrator\Desktop\eBay-Info 2017-02-21 10:01 - 2016-07-31 20:44 - 00000000 ____D C:\ProgramData\KMSAutoS 2017-02-20 22:55 - 2016-12-18 08:20 - 00000000 ____D C:\Users\Administrator\Desktop\New folder (3) 2017-02-20 16:13 - 2014-11-21 09:38 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-20 16:13 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf 2017-02-19 14:13 - 2016-12-11 16:12 - 00000000 ____D C:\Users\Administrator\Desktop\HTML 2017-02-18 12:40 - 2016-07-31 21:44 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-02-18 12:40 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-02-16 01:24 - 2016-08-08 17:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\uTorrent 2017-02-15 12:07 - 2016-07-31 21:44 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-02-15 12:07 - 2016-07-31 21:44 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-02-15 12:07 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed 2017-02-15 10:12 - 2017-01-22 09:45 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps 2017-02-14 13:35 - 2016-07-31 21:54 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2017-02-10 12:54 - 2016-09-16 07:56 - 00000000 ____D C:\Program Files (x86)\McAfee 2017-02-07 11:12 - 2017-01-15 09:53 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla 2017-02-07 11:07 - 2017-01-15 09:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla 2017-02-07 11:07 - 2017-01-15 09:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-07 02:17 - 2016-07-31 20:54 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-07 02:17 - 2016-07-31 20:54 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-06 22:43 - 2016-08-04 04:33 - 00000000 ____D C:\Users\Administrator 2017-02-06 21:41 - 2016-11-11 13:22 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-02-06 21:41 - 2016-11-11 13:22 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-02-05 09:02 - 2016-08-09 09:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\pCloud 2017-02-05 09:01 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-04 10:53 - 2016-10-02 20:25 - 00001456 _____ C:\Users\Administrator\AppData\Local\Adobe Save for Web 13.0 Prefs 2017-02-03 14:54 - 2016-08-05 12:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype 2017-02-03 11:39 - 2016-07-31 21:31 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-02-03 11:39 - 2016-07-31 21:31 - 00000000 ____D C:\ProgramData\Skype 2017-02-03 10:46 - 2016-09-30 13:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics 2017-02-02 23:11 - 2017-01-20 21:02 - 07434483 _____ C:\Users\Administrator\Desktop\Timothy Ferriss-Tools of Titans.pdf 2017-02-02 11:26 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2017-02-01 16:17 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF 2017-02-01 15:16 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2017-01-31 06:22 - 2016-09-16 07:56 - 00000000 ____D C:\Program Files\ByteFence 2017-01-28 21:27 - 2017-01-19 12:46 - 00000000 ____D C:\Users\Administrator\Documents\Camtasia Studio 2017-01-24 09:05 - 2016-09-16 08:10 - 00004547 _____ C:\Users\Administrator\AppData\Roaming\CamStudio.cfg 2017-01-24 09:05 - 2016-09-16 08:10 - 00000408 _____ C:\Users\Administrator\AppData\Roaming\CamShapes.ini 2017-01-24 09:05 - 2016-09-16 08:10 - 00000408 _____ C:\Users\Administrator\AppData\Roaming\CamLayout.ini 2017-01-24 09:05 - 2016-09-16 08:10 - 00000096 _____ C:\Users\Administrator\AppData\Roaming\Camdata.ini 2017-01-24 09:05 - 2016-09-16 07:59 - 00000096 _____ C:\Users\Administrator\AppData\Roaming\version2.xml 2017-01-23 22:33 - 2017-01-12 05:47 - 914106798 _____ C:\Windows\MEMORY.DMP 2017-01-23 22:33 - 2017-01-12 05:47 - 00000000 ____D C:\Windows\Minidump ==================== Files in the root of some directories ======= 2016-08-18 22:54 - 2016-10-22 18:55 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe AIFF Format CS6 Prefs 2016-08-08 10:51 - 2016-10-03 12:59 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS6 Prefs 2016-09-16 08:10 - 2017-01-24 09:05 - 0000096 _____ () C:\Users\Administrator\AppData\Roaming\Camdata.ini 2016-09-16 08:10 - 2017-01-24 09:05 - 0000408 _____ () C:\Users\Administrator\AppData\Roaming\CamLayout.ini 2016-09-16 08:10 - 2017-01-24 09:05 - 0000408 _____ () C:\Users\Administrator\AppData\Roaming\CamShapes.ini 2016-09-16 08:10 - 2017-01-24 09:05 - 0004547 _____ () C:\Users\Administrator\AppData\Roaming\CamStudio.cfg 2017-01-31 12:48 - 2017-01-31 12:48 - 0000146 _____ () C:\Users\Administrator\AppData\Roaming\gamma_ramp.reg 2016-09-16 07:59 - 2017-01-24 09:05 - 0000096 _____ () C:\Users\Administrator\AppData\Roaming\version2.xml 2016-10-02 20:25 - 2017-02-04 10:53 - 0001456 _____ () C:\Users\Administrator\AppData\Local\Adobe Save for Web 13.0 Prefs 2017-01-31 12:46 - 2017-01-31 12:46 - 0017408 _____ () C:\Users\Administrator\AppData\Local\WebpageIcons.db 2016-07-31 21:01 - 2016-07-31 21:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Files to move or delete: ==================== C:\Users\Administrator\AppData\Local\Viber\Viber.exe C:\Users\Administrator\AppData\Local\Iris\Iris.exe Some files in TEMP: ==================== 2016-11-22 20:39 - 2016-11-22 20:39 - 43887064 _____ (Skype Technologies S.A.) C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe 2016-07-31 21:38 - 2010-03-16 16:12 - 0149352 ____R (Microsoft Corporation) C:\Users\Freeware Sys\AppData\Local\Temp\ose00000.exe 2016-07-31 21:07 - 2006-05-24 06:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Freeware Sys\AppData\Local\Temp\_isBA6A.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-21 18:03 ==================== End of FRST.txt ============================ Addition.txt
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.