Филтри за търсене

Добър ден имам упорит проблем с хрома . До сега чистих с adwcleaner не се маха реших ,че е сериозно . Променям първа страница да е www.google.bg затварям браузъра отварям го и вече е http://proekt-armata-igra.ru/search.com/index.html ето логовете : Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017 Ran by Gangosan (administrator) on GANGOSAN-PC (08-01-2017 15:56:33) Running from C:\Users\Gangosan\Desktop Loaded Profiles: Gangosan (Available Profiles: Gangosan) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AeroAdmin Inc.) D:\Program\AeroAdmin PRO.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe (AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (AeroAdmin Inc.) D:\Program\AeroAdmin PRO.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe () C:\Program Files (x86)\Localphone Ltd\Localphone\Localphone_mod.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (Softros Systems, Inc.) C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\iCareFone\TenorShareService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (AntGROUP) C:\Program Files (x86)\Ant Download Manager\antMR.exe (AntGROUP) C:\Program Files (x86)\Ant Download Manager\AntDM.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Viber Media S.Ã r.l.) C:\Users\Gangosan\AppData\Local\Viber\Viber.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe (mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (AntGROUP) C:\Program Files (x86)\Ant Download Manager\antCH\antCH.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-21] (Realtek Semiconductor) HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation) HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => c:\dolby pcee4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0 HKLM\...\Policies\Explorer: [NoRecentDocsMenu] 0 HKLM\...\Policies\Explorer: [NoNetworkConnections] 0 HKLM\...\Policies\Explorer: [NoSMMyDocs] 0 HKLM\...\Policies\Explorer: [NoSMMyPictures] 0 HKLM\...\Policies\Explorer: [NoStartMenuMyMusic] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Run: [Google Update] => C:\Users\Gangosan\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.) HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2016-07-08] (Glarysoft Ltd) HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Run: [MTELocker] => C:\Program Files\Encrypt4all Software\ADL Pro Edition\ADL.exe [663552 2016-10-29] (Encrypt4all Software 2004-2016) HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Run: [antMR] => C:\Program Files (x86)\Ant Download Manager\antMR.exe [132608 2016-09-25] (AntGROUP) HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Run: [AntDM] => C:\Program Files (x86)\Ant Download Manager\AntDM.exe [6358528 2016-11-12] (AntGROUP) HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Run: [Viber] => C:\Users\Gangosan\AppData\Local\Viber\Viber.exe [41548368 2017-01-03] (Viber Media S.Ã r.l.) HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoDispCPL] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoDispScrSavPage] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoVisualStyleChoice] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoColorChoice] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoSizeChoice] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\system: [NoTrayContextMenu] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoAddPrinter] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoThemesTab] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoChangeAnimation] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoSecurityTab] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoToolbarCustomize] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoBandCustomize] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoFileMenu] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoNetHood] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoStartMenuMyGames] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoCommonGroups] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0 HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Policies\Explorer: [NoSimpleStartMenu] 0 HKU\S-1-5-18\...\Run: [] => 0 HKLM\...\AppCertDlls: [ProcessBlocker] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib.dll [114176 2015-07-23] (Softros Systems, inc.) HKLM\...\AppCertDlls: [ProcessBlocker86] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib86.dll [95744 2015-07-23] (Softros Systems, inc.) ShellIconOverlayIdentifiers: [! IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => -> No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-04] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-03-15] () Startup: C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat [2017-01-08] () BootExecute: autocheck autochk * GroupPolicy: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-1996132808-4018277664-1723909242-1000] => http=127.0.0.1:8555;https=127.0.0.1:8555 Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{71426D83-D555-4D62-887F-397EC0699D4D}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/?pc=AVBR SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation) BHO: Ant Download Manager BHO -> {8ABC6AE5-74BD-4c73-BB34-44526792D2AE} -> C:\Program Files (x86)\Ant Download Manager\antIE\antIE64.dll [2016-10-20] (AntGROUP) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation) BHO-x32: Ant Download Manager BHO -> {8ABC6AE5-74BD-4c73-BB34-44526792D2AE} -> C:\Program Files (x86)\Ant Download Manager\antIE\antIE.dll [2016-10-20] (AntGROUP) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation) DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab FireFox: ======== FF DefaultProfile: ka0brvp7.default FF ProfilePath: C:\Users\Gangosan\AppData\Roaming\TomTom\HOME\Profiles\gcn8mbl0.default [2015-10-31] FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-10-31] [not signed] FF ProfilePath: C:\Users\Gangosan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ka0brvp7.default [2017-01-08] FF NetworkProxy: Mozilla\SeaMonkey\Profiles\ka0brvp7.default -> ftp", "89.208.212.2" FF NetworkProxy: Mozilla\SeaMonkey\Profiles\ka0brvp7.default -> ftp_port", 80 FF NetworkProxy: Mozilla\SeaMonkey\Profiles\ka0brvp7.default -> http", "89.208.212.2" FF NetworkProxy: Mozilla\SeaMonkey\Profiles\ka0brvp7.default -> http_port", 80 FF NetworkProxy: Mozilla\SeaMonkey\Profiles\ka0brvp7.default -> share_proxy_settings", true FF NetworkProxy: Mozilla\SeaMonkey\Profiles\ka0brvp7.default -> ssl", "89.208.212.2" FF NetworkProxy: Mozilla\SeaMonkey\Profiles\ka0brvp7.default -> ssl_port", 80 FF Extension: (Ad-Aware Ad Block) - C:\Users\Gangosan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ka0brvp7.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2017-01-08] FF Extension: (DOM Inspector) - C:\Users\Gangosan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ka0brvp7.default\Extensions\inspector@mozilla.org [2017-01-08] FF Extension: (Whois Lookup & Hosting & DNS & Site Flags Firefox) - C:\Users\Gangosan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ka0brvp7.default\Extensions\myipms@myip.ms [2017-01-08] FF Extension: (LastPass) - C:\Users\Gangosan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ka0brvp7.default\Extensions\support@lastpass.com [2017-01-08] FF Extension: (ChatZilla) - C:\Users\Gangosan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ka0brvp7.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2017-01-08] FF ProfilePath: C:\Users\Gangosan\AppData\Roaming\Mozilla\Firefox\Profiles\96z07rpk.default [2017-01-07] FF Homepage: Mozilla\Firefox\Profiles\96z07rpk.default -> about:home FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Gangosan\AppData\Roaming\Mozilla\Firefox\Profiles\96z07rpk.default\Extensions\firefox@zenmate.com.xpi [2016-10-04] FF Extension: (LavaFox V2) - C:\Users\Gangosan\AppData\Roaming\Mozilla\Firefox\Profiles\96z07rpk.default\Extensions\info@djzig.com [2016-12-03] FF Extension: (LastPass) - C:\Users\Gangosan\AppData\Roaming\Mozilla\Firefox\Profiles\96z07rpk.default\Extensions\support@lastpass.com [2017-01-07] FF Extension: (Nightly Tester Tools) - C:\Users\Gangosan\AppData\Roaming\Mozilla\Firefox\Profiles\96z07rpk.default\Extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}.xpi [2016-10-23] FF Extension: (Adblock Plus) - C:\Users\Gangosan\AppData\Roaming\Mozilla\Firefox\Profiles\96z07rpk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-03] FF Extension: (Block site) - C:\Users\Gangosan\AppData\Roaming\Mozilla\Firefox\Profiles\96z07rpk.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2017-01-06] FF Extension: (Bitdefender QuickScan) - C:\Users\Gangosan\AppData\Roaming\Mozilla\Firefox\Profiles\96z07rpk.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-10-04] FF Extension: (AntFF) - C:\Program Files (x86)\Ant Download Manager\antFF\antFF.xpi [2016-02-26] FF ProfilePath: C:\Users\Gangosan\AppData\Roaming\kompozer.net\KompoZer\Profiles\1stu6e8q.default [2015-08-16] FF HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\Firefox\Extensions: [antgroup@antdownloadmanager.com] - C:\Program Files (x86)\Ant Download Manager\antFF\antFF.xpi FF HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found FF HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\...\SeaMonkey\Extensions: [antgroup@antdownloadmanager.com] - C:\Program Files (x86)\Ant Download Manager\antFF\antFF.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_189.dll [2016-12-16] () FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_189.dll [2016-12-16] () FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin HKU\S-1-5-21-1996132808-4018277664-1723909242-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Gangosan\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-1996132808-4018277664-1723909242-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Gangosan\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-1996132808-4018277664-1723909242-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Gangosan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-10-29] Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.bg/" CHR Profile: C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default [2017-01-08] CHR Extension: (Adblock Plus) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-30] CHR Extension: (AntDM Integration Extension) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efglbgfnmenhnnflfpbnbldgmldnmifb [2016-12-06] CHR Extension: (Byrd IRC client) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\endimfdcgfnlmoankhocnkhgohmoecoi [2016-10-13] CHR Extension: (SSLTrust SSL Certificate Store) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fappknnhhggcjmeljjbjmibmhoninmem [2015-09-03] CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-11-10] CHR Extension: (Cloud SWF, Flash Player with Drive) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhhaadihgfcgmlefioblaahpnglnkbk [2015-12-16] CHR Extension: (Glowtxt) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkcilhknnakepbgkpmhhebooffgefidk [2016-10-30] CHR Extension: (Google Документи офлайн) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-06] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-06] CHR Extension: (VoiceNote II - Speech to text) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2016-02-16] CHR Extension: (Zalmos SSL Web Proxy for Free) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idefjamndcpplnamdlbodoebjgkpdmpn [2015-10-05] CHR Extension: (Lunapic Photo Editor) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifimmnanlabnljjnaegjmgnelmdmjabn [2015-09-03] CHR Extension: (Antivirus Online Scanner) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jckjbdbomnmbollkecaianifkigmgbjj [2016-10-30] CHR Extension: (Online PDF Tools) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfpnmfhodaljeelokfceepbeapgbdn [2015-09-03] CHR Extension: (IP адрес) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml [2016-08-27] CHR Extension: (Local SWF Player) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmbckedabpbgjagmkgcejooabcdnone [2016-03-13] CHR Extension: (Cloud9) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdmccoknlfggadpfkmcpnamfnbkmkcp [2016-03-19] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR Extension: (ScriptSafe) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2016-12-29] CHR Extension: (Как да използвате Skype уеб) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pabhdemifmkppnfkgfjifmimajhofcbh [2016-06-15] CHR Extension: (Weather Underground) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2015-09-03] CHR Extension: (Gmail) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-31] CHR Extension: (Chrome Media Router) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17] CHR Profile: C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-09-02] CHR Profile: C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-12-17] CHR Extension: (Google Презентации) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-30] CHR Extension: (Google Документи) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-30] CHR Extension: (Google Диск) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-30] CHR Extension: (YouTube) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-30] CHR Extension: (Google Търсене) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-30] CHR Extension: (Bitdefender Wallet) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fabcmochhfpldjekobfaaggijgohadih [2016-01-30] CHR Extension: (Електронни таблици от Google) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-30] CHR Extension: (Google Документи офлайн) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-30] CHR Extension: (IDM Integration Module) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-01-30] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-30] CHR Extension: (Gmail) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30] CHR Profile: C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile [2016-09-02] CHR Extension: (Google Презентации) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-07] CHR Extension: (Google Документи) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-07] CHR Extension: (Google Диск) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-07] CHR Extension: (YouTube) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-07] CHR Extension: (Google Търсене) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-07] CHR Extension: (Електронни таблици от Google) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-07] CHR Extension: (Bookmark Manager) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-07] CHR Extension: (IDM Integration Module) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-06-07] CHR Extension: (Google Wallet) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-07] CHR Extension: (Gmail) - C:\Users\Gangosan\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-07] CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found> CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found> CHR HKU\S-1-5-21-1996132808-4018277664-1723909242-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efglbgfnmenhnnflfpbnbldgmldnmifb] - C:\Program Files (x86)\Ant Download Manager\antCH\antCH.crx [2016-12-06] CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AeroadminService; D:\Program\AeroAdmin PRO.exe [2609432 2016-11-18] (AeroAdmin Inc.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2016-12-15] (AVG Technologies CZ, s.r.o.) R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [1824184 2016-12-15] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2016-12-15] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2016-12-15] (AVG Technologies CZ, s.r.o.) R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-09-15] (AOMEI Tech Co., Ltd.) [File not signed] S3 HideMyIpSRV; C:\Program Files (x86)\Hide My IP 6\HideMyIpSRV.exe [4375792 2015-10-07] (Hide My IP) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit) R2 LocalphoneWinService; C:\Program Files (x86)\Localphone Ltd\Localphone\Localphone_mod.exe [1046016 2013-08-22] () [File not signed] S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] () R2 Process Blocker; C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe [2198352 2015-07-23] (Softros Systems, Inc.) R2 TenorShareService; C:\Program Files (x86)\iCareFone\TenorShareService.exe [657848 2016-07-29] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [1000208 2011-05-02] (Intel(R) Corporation) S2 HssWd; no ImagePath ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-25] () [File not signed] R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-25] () [File not signed] S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] () [File not signed] S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] () [File not signed] R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-25] () [File not signed] R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [73992 2016-10-23] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.) R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.) S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [283480 2015-10-09] (Sysprogs OU) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-07-16] (DT Soft Ltd) R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [15968 2014-11-18] () R2 GdmWmPrt; C:\Windows\System32\DRIVERS\gdmwmprt.sys [32768 2009-08-17] (GCT Semiconductor, Inc.) R2 GdmWmPrt; C:\Windows\SysWOW64\DRIVERS\gdmwmprt.sys [32768 2009-08-17] (GCT Semiconductor, Inc.) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-06-16] (Glarysoft Ltd) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-03-28] (REALiX(tm)) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation) S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [47104 2016-05-20] () R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0102.sys [38432 2016-01-27] (SoftEther Corporation) S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project) R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32568 2015-07-24] (EldoS Corporation) S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12400 2016-08-31] (Macrovision Europe Ltd) [File not signed] S3 SEE; C:\Windows\System32\drivers\see.sys [50208 2016-01-27] (SoftEther Corporation) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.) S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X] S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X] U3 DfSdkS; no ImagePath S3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [X] S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-08 15:56 - 2017-01-08 15:57 - 00035145 _____ C:\Users\Gangosan\Desktop\FRST.txt 2017-01-08 15:55 - 2017-01-08 15:56 - 00000000 ____D C:\FRST 2017-01-08 15:55 - 2017-01-08 15:55 - 02419200 _____ (Farbar) C:\Users\Gangosan\Desktop\FRST64.exe 2017-01-08 15:03 - 2017-01-08 15:46 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZenGuard GmbH 2017-01-08 15:03 - 2017-01-08 15:03 - 00000000 ____D C:\Users\Gangosan\AppData\Local\SquirrelTemp 2017-01-08 15:02 - 2017-01-08 15:02 - 04017168 _____ (ZenGuard GmbH) C:\Users\Gangosan\Desktop\setup.exe 2017-01-08 00:07 - 2017-01-08 00:07 - 00001986 _____ C:\Users\Public\Desktop\SeaMonkey.lnk 2017-01-08 00:07 - 2017-01-08 00:07 - 00000000 ____D C:\Program Files (x86)\SeaMonkey 2017-01-07 23:46 - 2017-01-07 23:46 - 00000925 _____ C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk 2017-01-07 23:46 - 2017-01-07 23:46 - 00000923 _____ C:\Users\Gangosan\Desktop\Viber.lnk 2017-01-07 23:46 - 2017-01-07 23:46 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber 2017-01-07 23:46 - 2017-01-07 23:46 - 00000000 ____D C:\Users\Gangosan\AppData\Local\Viber 2017-01-07 23:46 - 2017-01-07 23:46 - 00000000 ____D C:\Users\Gangosan\AppData\Local\Package Cache 2017-01-07 23:44 - 2017-01-07 23:45 - 68087360 _____ (Viber Media Inc.) C:\Users\Gangosan\Desktop\ViberSetup.exe 2017-01-07 23:39 - 2017-01-07 23:39 - 00000000 ____D C:\Users\Gangosan\Tracing 2017-01-07 23:14 - 2017-01-07 23:14 - 00000000 ____D C:\Users\Public\Downloads\Norton 2017-01-07 22:59 - 2017-01-07 23:14 - 00000000 ____D C:\ProgramData\Norton 2017-01-07 22:59 - 2017-01-07 22:59 - 00000000 ____D C:\ProgramData\NortonInstaller 2017-01-06 23:43 - 2017-01-07 22:58 - 00000000 ____D C:\Users\Gangosan\AppData\LocalLow\Mozilla 2017-01-02 23:22 - 2017-01-02 23:22 - 00029296 _____ C:\Users\Gangosan\Downloads\79cc2d834946e3bf672f48d62fa13ca3.html 2017-01-02 14:33 - 2017-01-02 14:33 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software 2017-01-02 14:33 - 2017-01-02 14:33 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software 2017-01-01 13:31 - 2017-01-01 13:31 - 00062528 _____ C:\Users\Gangosan\Documents\invoice.pdf 2016-12-31 13:43 - 2016-12-31 13:43 - 00102809 _____ C:\Users\Gangosan\Desktop\One.com Annual Invoice - emo-upholstery.co.uk.eml 2016-12-31 13:40 - 2016-12-31 13:40 - 00062528 _____ C:\Users\Gangosan\Desktop\17131863.pdf 2016-12-29 21:07 - 2016-12-29 21:07 - 00000822 ____N C:\Users\Public\Desktop\CCleaner.lnk 2016-12-29 20:49 - 2016-12-29 20:49 - 00003073 ____N C:\Users\Gangosan\Desktop\ASUS PC Diagnostics.lnk 2016-12-29 20:49 - 2016-12-29 20:49 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS 2016-12-29 20:49 - 2016-12-29 20:49 - 00000000 ____D C:\Program Files (x86)\ASUS 2016-12-17 21:09 - 2017-01-07 00:32 - 00002204 ____R C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk 2016-12-17 17:45 - 2016-12-18 12:57 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\QTranslate 2016-12-17 17:45 - 2016-12-17 17:45 - 00001035 ____N C:\Users\Gangosan\Desktop\QTranslate.lnk 2016-12-17 17:45 - 2016-12-17 17:45 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QTranslate 2016-12-17 17:45 - 2016-12-17 17:45 - 00000000 ____D C:\Program Files (x86)\QTranslate 2016-12-17 17:30 - 2016-12-29 19:37 - 00000000 ____D C:\Program Files\Malwarebytes 2016-12-17 17:30 - 2016-12-17 17:30 - 51969976 _____ (Malwarebytes ) C:\Users\Gangosan\Desktop\malwarebytes_3.0.exe 2016-12-17 17:14 - 2016-12-17 17:14 - 03977168 _____ C:\Users\Gangosan\Desktop\adwcleaner_6.041.exe 2016-12-09 00:40 - 2016-12-09 00:40 - 00001408 ____N C:\Users\Public\Desktop\AceThinker Screen Grabber Pro.lnk 2016-12-09 00:40 - 2016-12-09 00:40 - 00000000 ____D C:\Users\Gangosan\Documents\AceThinker 2016-12-09 00:40 - 2016-12-09 00:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AceThinker 2016-12-09 00:40 - 2016-12-09 00:40 - 00000000 ____D C:\Program Files (x86)\AceThinker ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-08 15:55 - 2015-04-29 17:58 - 00000000 ____D C:\Users\Gangosan\AppData\LocalLow\LastPass 2017-01-08 15:47 - 2014-09-07 10:06 - 00000000 ____D C:\Users\Gangosan\AppData\Local\Deployment 2017-01-08 15:47 - 2009-07-14 04:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-08 15:47 - 2009-07-14 04:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-08 15:42 - 2015-07-06 10:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-01-08 15:41 - 2015-06-01 17:18 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\ViberPC 2017-01-08 15:39 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-08 15:31 - 2014-09-07 12:13 - 00000000 ____D C:\Users\Gangosan 2017-01-08 15:19 - 2016-11-22 12:30 - 00000000 ____D C:\ProgramData\MFAData 2017-01-08 15:16 - 2016-11-22 12:28 - 00003590 _____ C:\Windows\System32\Tasks\AVG EUpdate Task 2017-01-08 15:01 - 2014-09-07 09:57 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{91287D26-26EB-4B28-92DC-BD5F0F30A1C5} 2017-01-08 14:53 - 2014-09-26 19:12 - 00000000 ____D C:\ProgramData\ProductData 2017-01-08 00:09 - 2016-07-23 19:04 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\Skype 2017-01-07 23:57 - 2015-02-06 21:48 - 00000000 ____D C:\Users\Gangosan\AppData\Local\CrashDumps 2017-01-07 23:16 - 2015-06-04 21:55 - 00000000 ____D C:\Program Files\Java 2017-01-07 23:09 - 2014-11-29 19:10 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\Mozilla 2017-01-07 22:58 - 2015-08-25 20:33 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\QuickScan 2017-01-07 22:50 - 2014-09-26 18:59 - 00000000 ____D C:\ProgramData\Ashampoo 2017-01-07 22:49 - 2014-09-26 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2017-01-07 22:49 - 2014-09-26 18:59 - 00000000 ____D C:\Program Files (x86)\Ashampoo 2017-01-07 00:33 - 2016-12-08 00:19 - 00000000 ____D C:\Users\Gangosan\Compressed 2017-01-07 00:32 - 2016-10-21 11:47 - 00002216 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk 2017-01-07 00:32 - 2016-10-13 01:22 - 00001865 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk 2017-01-07 00:32 - 2016-09-02 00:09 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-01-07 00:32 - 2014-09-07 12:13 - 00002048 ____R C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk 2017-01-07 00:32 - 2014-09-07 12:13 - 00002048 ____R C:\Users\Gangosan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr (64-bit).lnk 2017-01-06 11:52 - 2016-08-31 10:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-01-04 10:54 - 2009-07-14 05:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-04 10:54 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf 2017-01-03 13:27 - 2015-03-30 13:46 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\vlc 2017-01-03 13:25 - 2016-12-06 01:17 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\AntDM 2017-01-02 14:33 - 2016-11-22 12:32 - 00000936 ____N C:\Users\Public\Desktop\AVG Protection.lnk 2017-01-02 14:33 - 2016-11-22 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2017-01-02 14:31 - 2016-11-22 12:26 - 00000000 ____D C:\Users\Gangosan\AppData\Local\Avg 2016-12-29 19:37 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\config\TxR 2016-12-18 12:57 - 2014-09-07 10:14 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\uTorrent 2016-12-18 11:02 - 2014-09-07 12:13 - 00000000 ____D C:\Users\Gangosan\AppData\Local\Microsoft 2016-12-18 10:38 - 2014-12-03 16:21 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-12-18 10:16 - 2014-12-03 19:44 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\TeamViewer 2016-12-17 17:35 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\drivers 2016-12-17 17:21 - 2014-09-07 22:05 - 00000000 ____D C:\Windows\Prefetch 2016-12-17 12:01 - 2016-11-12 16:58 - 00000000 ____D C:\Users\Gangosan\AppData\Local\Apps\2.0 2016-12-16 21:42 - 2015-07-06 10:58 - 00807000 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-12-16 21:42 - 2015-07-06 10:58 - 00144984 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-12-16 21:42 - 2015-07-06 10:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-12-16 21:42 - 2015-04-29 18:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-12-16 21:42 - 2015-04-29 18:01 - 00000000 ____D C:\Windows\system32\Macromed 2016-12-16 21:06 - 2015-06-05 16:34 - 00003614 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1996132808-4018277664-1723909242-1000UA 2016-12-16 21:06 - 2015-06-05 16:34 - 00003342 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1996132808-4018277664-1723909242-1000Core 2016-12-16 20:53 - 2016-10-21 11:46 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-16 20:53 - 2014-09-07 10:06 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-09 00:40 - 2015-06-05 10:22 - 00000000 ____D C:\Users\Gangosan\AppData\Roaming\Apowersoft ==================== Files in the root of some directories ======= 2014-09-26 18:59 - 2015-01-18 21:20 - 0001211 _____ () C:\Users\Gangosan\AppData\Roaming\Ashampoo Gadge It event.log 2015-12-26 13:43 - 2016-01-01 21:04 - 0000696 _____ () C:\Users\Gangosan\AppData\Roaming\burnaware.ini 2016-06-08 09:31 - 2016-06-08 09:31 - 0125000 _____ (TechApplet LLC) C:\Users\Gangosan\AppData\Roaming\USB Lock.exe 2015-10-19 21:18 - 2015-10-19 21:18 - 0011883 _____ () C:\Users\Gangosan\AppData\Local\HWVendorDetection.log 2014-09-26 18:53 - 2015-01-18 21:25 - 0000912 _____ () C:\Users\Gangosan\AppData\Local\mcset.cfg 2015-06-03 21:51 - 2015-12-02 01:42 - 0000600 _____ () C:\Users\Gangosan\AppData\Local\PUTTY.RND 2014-11-30 00:21 - 2015-06-19 07:46 - 0007597 _____ () C:\Users\Gangosan\AppData\Local\Resmon.ResmonCfg 2015-08-25 20:37 - 2015-08-25 20:37 - 0486342 _____ () C:\ProgramData\1440534830.bdinstall.bin ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-03 00:10 ==================== End of FRST.txt ============================ Addition.txt

НАП предупреждава, че се разпространява вирус от нейно име 06 Октомври 2016 Не отваряйте прикачени файлове Вирус от името на Национална агенция за приходите се разпространява чрез електронната поща. В колцентъра на приходната администрация, както и по електронен път, са получени множество сигнали за фалшиво съобщение, в което потребителите се приканват да отворят прикачен файл с разширение "rar". http://nap.bg/news?id=3060

Здравейте, преди седмица ъпгрейднах няколко приложения от гугъл плей и сега ми се появява тази реклама, когато отварям приложения... http://prikachi.com/images.php?images/364/8413364X.jpg

Вчера, когато си пуснах компютъра, забелязох, че нямам интернет. Рестартирах рутера и пак няма... Случайно на телефона си бях оставил Wifi включен и видях, че съм се свързал с интернета... Тогава реших да рестартирам компютъра и тогава дойде.... Бях си оставил цяла нощ компютъра влючен не е спрял, на сутринта, когато сядам на него интернета спря, рестартирах рутера, не стана и пак се наложи да рестартирам компютъра... тогава дойде. Викам си случва се... Но точно ей сега пак спря, пак рестартирах рутера... бля бля.... когато рестатирах компа дойде интернета. При всички случаи, когато нямах интернет на компютъра, имах на телефона...Възможно ли е да вирус или нещо от доставчика ?!

здравейте! регистрирах се тук, с надеждата, че някой може да ми помогне със следния проблем със скайпа ми: на 8 юли получих съобщение от приятел: "hi, (name), look this. линк" разпознах го като опасност и го игнорирах. 10 дена по-късно мой приятел ми писа вечерта в скайп "какво е това, което си ми пратил?" - аз казах, че не съм пращал нищо, а и не можеш да вися историята на съобщенията. той ми го копира и беше подобно на онова, пратено ми от приятел преди дни. оказа се, че подобно модифицирано за различните ми приятели е разпратено до всичките ми контакти от моя скайп. антивирусната ми е AVG, пуснах цялостен скан, но не хвана нищо. предупредих всичките си контакти да не цъкат на линка. мислех, че с това ще свърши всичко. обаче снощи се повтори цялата история. някой може ли да ме светне как да се освободя от тая напаст?

Таблета ми TURBOX от известно време включва нормално зарежда Андроида но не зарежда стартовия панел а постоянно реклами ,разни клипчета е тн глупости. При посещение на сервиз майстора каза , че е вирус той не може да помогне в случея. Да се чуе и друго мнение няма да навреди. Поздрави

В лентата на задачите ми се появи програма с име Search Protector. Видимо не създава никакви проблеми, освен, че ме мята от браузъра, но това се случва рядко. Иконата представлява буквата "е" в син цвят, подобно на Internet Explorer. Бих искал да я премахна, защото скоро си преинсталирах компютъра и не ми се преинсталира наново Благодаря предварително!

Здравейте, един приятел от вчера компютъра му страшно много забива. През 2-3 минути след като е включен забива и освен рестарт нищо друго не помага. С Avast free edition е май. Сега пробваме програмата от "системата ми е инфектирана" , но дава някаква грешка. Мишката му бъгва и като кликне веднъж отчита 30 кликвания Все едно е задържана. Помагайте.

Мишока се мести, отваря, маркира, затваря каквото си иска по екрана, понякога спира,но ... помагайте момчета.Уйн 7 64 бит, антивир на майкрософт, нещо друго трябва ли?

Здравейте, Вчера реших да сваля една игра, при инсталирането започнаха да изкачат разни реклами и осъзнах че съм се наиграл жестоко. Понеже не ми се преинсталира отново да питам за решение... Вируса който съм хванал инсталира постоянно разни приложения, включително firefox, chrome, които нямат нищо общо и просто като ги отвориш излизат различни търсачки. Вируса спира Windows Defender и не мога да го включа. Ъпдейтвам го и тръгва, след няколко часа пак. Сякаш трие ъпдейта и го изключва. Сложих Malwarebytes и хвана над 204 файла. Спря изчакащите прозорци и реклами, но продължават да се инсталират от време на време различни програми. Ще направя screen и на тях в последствие. Някаква идея как да се отърва от тази гадина или е изгубена кауза?

Здравейте хора от няколко дни леля ми има проблем с facebook профила си Наскоро имаше някъв пост за някъв нов вирус който го има в facebook в една страница в facebook но тя не знае и отворила някъв линк за някво приложение виж какво мислят приятелите ти за теб и сега всеки ден постоянно по стената и се публикуват някви линкове от нейно име Ето няколко поста които уж се постват от нея но всъщност са от вируса : Нова функция във Facebook да виждаш кой е гледал профила ти? Винаги ти се е искало да знаеш какво мислят хората за теб? Вече е възможно! Разбери сега Любопитно ли ти е какво мислят хората за теб?! Свали това приложение сега! Нова функция във Facebook да виждаш кой е гледал профила ти? Влез, за да разбереш и има един линк който води към изтегляне на приложението на всяка публикация която се постне на стената и но линка няма да го поставям тук !!! Някой знае ли начин как да блокирамe това приложение да спре да публикува от нейно име на стената и такива постове,защото тя ги изтрива и то след няколко минути поства наново и наново и затрупват цялата стена изтрива ги но те се постват по 5 10 пъти след това отново ?

Със телефонат ми се случва следното: има едни нахални програмки вътре някакви приложения които след задаване на заводски натройки веднага се самоинсталират на телефона на ново , някакви проложения които аз въобще не съм свалял и ми побъркват целият телефон там си стават , показват си се някакви неще , все едно някой ми управлява телефона , уайфая и данните на телефонат ми се включват автоматично нещо си ги пуска за да мойе да има интернет на телефона и да си сваля там някакви си приложения и да си ги инсталира стават наи различни грешки аз натискам да си влезна във снимките то ме кара на някакво приложение което за пръв път го виждам , постоянно ми дава там някакви си грешки телефонат ми e LG-D686

Здравейте, От известно време това съобщения се появява когато съм отворил Chrome. Телефона е samsung S5. Някой има ли идея какво точно е ....вирус или някакъв ъпдейт Мерси предварително

Здравейте, получих едно "Информационно съобщение" в панела на уведомленията, като го отворя излиза съобщение на странен език (Гугъл преводач го разпознава като албански). Мисля че е вирус, но не мога да го премахна от уведомленията. Някой знае ли как мога да го изтрия? Прилагам снимка на екрана.

Добър вечер. Преди малко си изтеглих от интернет пиратскат версия на Bandicam (не е от голям български сайт, а от чужд торент сайт, на който уж се доверявах) Знам какво ще кажат повечето от вас, че сам съм си виновен и тн. и сте прави, но наистина нямам възможност да си закупя програмата. Сега относно проблема: Започнах да я инсталирам, спрях антивирусната си (Windows Defender) и докато се инсталираше още се случваха странни неща. В Task Bar-а ми изписа, че трябва да рестартирам, за да изключа Windows Firewall(не съм рестартирал и няма да изключвам компютъра си) и още други подобни съобщения свързани с сигурността. Когато инсталацията приключи Chrome се рестартира и ми бе променена страницата в нов раздел. На десктопа имам 3 нови икони на китайски/японски. Всичките тези програми работя и мога да ги видя в Taskbar-а. Когато се опитам да ги отворя или затворя се появяват само за 1 секунда и изчезват. От Task Managaer-а като се опитам да избера End Task нищо не става. Ето снимки на въпросните икони. http://imgur.com/Tryltt2 http://imgur.com/DlojcYF Изпълних инструкциите в темата " Системата ми е инфектирана - Какво да правя сега?" Ето текста от LOG файловете Ще съм ви много благодарен ако можете да ми помогнете Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 Ran by Rumbata (administrator) on RUMEN (27-03-2016 20:05:58) Running from C:\Users\Rumbata\Desktop Loaded Profiles: Rumbata (Available Profiles: Rumbata) Platform: Windows 8.1 Pro (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe () C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe (Spotify Ltd) C:\Users\Rumbata\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Gorenie) C:\Users\Rumbata\AppData\Local\Temp\dxdiag.exe () C:\ProgramData\CloudPrinter\CloudPrinter.exe (Microsoft Corporation) C:\Users\Rumbata\AppData\Local\Temp\237840968\ic-0.5ab50857551d4c.exe (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\QQPCRTP.exe (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\QQPCTray.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\QQPCTray.exe (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\plugins\QMNetMon\QQPCNetFlow.exe (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\QQPCRealTimeSpeedup.exe (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\QMDeskTopGC.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\QMUsbGuard.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA) HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-12-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation) HKLM-x32\...\Run: [chromebrowser] => "C:\Windows\chromebrowser.exe" HKLM-x32\...\Run: [ic-0.5ab50857551d4c.exe -start] => C:\Users\Rumbata\AppData\Local\Temp\237840968\ic-0.5ab50857551d4c.exe [2289664 2016-03-27] (Microsoft Corporation) <===== ATTENTION HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\QQPCTray.exe [362304 2016-03-27] (Tencent) HKU\S-1-5-21-1115206490-3046242634-1650409085-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15] (Disc Soft Ltd) HKU\S-1-5-21-1115206490-3046242634-1650409085-1001\...\Run: [NvLedServiceHost] => C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe [87160 2016-02-17] () HKU\S-1-5-21-1115206490-3046242634-1650409085-1001\...\Run: [Spotify Web Helper] => C:\Users\Rumbata\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-03-18] (Spotify Ltd) HKU\S-1-5-21-1115206490-3046242634-1650409085-1001\...\MountPoints2: {6715ffbe-c4f6-11e5-825b-902b34dd74a4} - "D:\MAXON-Start.exe" ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] () ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\QMGCShellExt64.dll [2016-03-27] (Tencent) Startup: C:\Users\Rumbata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-01-27] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{8C563269-DA83-4E81-B457-C5BCBD68B46D}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838 HKU\S-1-5-21-1115206490-3046242634-1650409085-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88PjQBy7Ls0nrLBntlTfrlgidBQv2l5BgLmzYAyQyIhpvFWkkTiSichL4gtAS8AuBr4aCaPWhYyFH0bBKOZn-YOB9BD33-dEDRTkk2MJGpSsm3XPRvycmmiT80hJJz3qqtEMcgUBj7nDTdYi4r2d-RYTgfmdAg,,&q={searchTerms} HKU\S-1-5-21-1115206490-3046242634-1650409085-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88PjQBy7Ls0nrLBntlTfrlgidBQv2l5BgLmzYAyQyIhpvFWkkTiSichL4gtAS8AuBr4aCaPWhYyFH0bBKOZn-YOB9BD33-dEDRTkk2MJGpSsm3XPRvycmmiT80hJJz3qqtEMcgUBj7nDTdYi4r2d-RYTgfmdAg,,&q={searchTerms} HKU\S-1-5-21-1115206490-3046242634-1650409085-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88PjQBy7Ls0nrLBntlTfrlgidBQv2l5BgLmzYAyQyIhpvFWkkTiSichL4gtAS8AuBr4aCaPWhYyFH0bBKOZn-YOB9BD33-dEDRTkk2MJGpSsm3XPRvycmmiT80hJJz3qqtEMcgUBj7nDTdYi4r2d-RYTgfmdAg,,&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88PjQBy7Ls0nrLBntlTfrlgidBQv2l5BgLmzYAyQyIhpvFWkkTiSichL4gtAS8AuBr4aCaPWhYyFH0bBKOZn-YOB9BD33-dEDRTkk2MJGpSsm3XPRvycmmiT80hJJz3qqtEMcgUBj7nDTdYi4r2d-RYTgfmdAg,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-1115206490-3046242634-1650409085-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88PjQBy7Ls0nrLBntlTfrlgidBQv2l5BgLmzYAyQyIhpvFWkkTiSichL4gtAS8AuBr4aCaPWhYyFH0bBKOZn-YOB9BD33-dEDRTkk2MJGpSsm3XPRvycmmiT80hJJz3qqtEMcgUBj7nDTdYi4r2d-RYTgfmdAg,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-1115206490-3046242634-1650409085-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88PjQBy7Ls0nrLBntlTfrlgidBQv2l5BgLmzYAyQyIhpvFWkkTiSichL4gtAS8AuBr4aCaPWhYyFH0bBKOZn-YOB9BD33-dEDRTkk2MJGpSsm3XPRvycmmiT80hJJz3qqtEMcgUBj7nDTdYi4r2d-RYTgfmdAg,,&q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-05-21] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-09] (Oracle Corporation) BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\TSWebMon64.dat [2016-03-27] (Tencent) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-05-14] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-09] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-05-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-09] (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-05-14] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-09] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-09] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-09] (Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-12-15] (Adobe Systems) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-09] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-09] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-23] (NVIDIA Corporation) FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\npQMExtensionsMozilla.dll [2016-03-27] (Tencent Technology (Shenzhen) Company Limited) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-12-15] (Adobe Systems) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-21] (Microsoft Corporation) Chrome: ======= CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88PjQBy7Ls0nrLBntlTfrlgidBQv2l5BgLmzYAyQyIhpvFWkkTiSichL4gtAS8AuBr4aEl9Je68zteLVO1kT_ZToTsP0YDwV3JsmLNSBKT0Yc_tb41x9085jQdwyHavzTMQNWW7gIqqTg4EnCVqElp9a6TKyVw,, CHR StartupUrls: Default -> "hxxp://google.bg/" CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88PjQBy7Ls0nrLBntlTfrlgidBQv2l5BgLmzYAyQyIhpvFWkkTiSichL4gtAS8AuBr4aHo4U3hL7_-8l4jodwUGOmiurNF1OrL-1SJPYR7H2WeFgox7E6VRGxxGPoAlvQlAxqM_az9PPUSNS847kTRrmyW6CzA,,&q={searchTerms} CHR DefaultSearchKeyword: Default -> feed.sonic-search.com CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms} CHR Profile: C:\Users\Rumbata\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Презентации) - C:\Users\Rumbata\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-28] CHR Extension: (Google Документи) - C:\Users\Rumbata\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-28] CHR Extension: (Google Диск) - C:\Users\Rumbata\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-28] CHR Extension: (YouTube) - C:\Users\Rumbata\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-28] CHR Extension: (Google Търсене) - C:\Users\Rumbata\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-28] CHR Extension: (Електронни таблици от Google) - C:\Users\Rumbata\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-28] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Rumbata\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-28] CHR Extension: (Gmail) - C:\Users\Rumbata\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-28] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated) R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [1029632 2016-03-27] () [File not signed] R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-03] (Electronic Arts) R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\QQPCRTP.exe [313936 2016-03-27] (Tencent) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-04-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-04-21] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-01-26] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-01-26] (Disc Soft Ltd) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation) R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [46016 2016-02-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation) R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\QMUdisk64.sys [184536 2016-03-02] (Tencent) R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\QQSysMonX64.sys [152184 2016-03-27] (电脑管家) R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\softaal64.sys [44664 2016-03-27] (Tencent) R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [99480 2016-03-27] (Tencent) R2 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernelEx64.sys [141944 2016-03-27] (Tencent Technology(Shenzhen) Company Limited) R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [97400 2016-03-27] (电脑管家) S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\TSDefenseBT64.sys [28984 2016-03-27] (Tencent) R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\TsNetHlpX64.sys [57976 2016-03-27] () R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\TSSysKit64.sys [96888 2016-03-27] (电脑管家) R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2013-08-12] (VIA Technologies, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-04-21] (Microsoft Corporation) R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-04-21] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-04-21] (Microsoft Corporation) R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [295424 2013-08-12] (VIA Technologies, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-27 20:05 - 2016-03-27 20:06 - 00021506 _____ C:\Users\Rumbata\Desktop\FRST.txt 2016-03-27 20:05 - 2016-03-27 20:05 - 00000000 ____D C:\FRST 2016-03-27 20:05 - 2016-03-27 20:00 - 02374144 _____ (Farbar) C:\Users\Rumbata\Desktop\FRST64.exe 2016-03-27 19:42 - 2016-03-27 20:00 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\Tencent 2016-03-27 19:42 - 2016-03-27 19:48 - 00000000 ____D C:\ProgramData\Tencent 2016-03-27 19:42 - 2016-03-27 19:42 - 00141944 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernelEx64.sys 2016-03-27 19:42 - 2016-03-27 19:42 - 00099480 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys 2016-03-27 19:42 - 2016-03-27 19:42 - 00097400 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys 2016-03-27 19:42 - 2016-03-27 19:42 - 00005120 _____ C:\Users\Rumbata\AppData\Roaming\GiftBag.db 2016-03-27 19:42 - 2016-03-27 19:42 - 00002286 _____ C:\Users\Public\Desktop\软件管理.lnk 2016-03-27 19:42 - 2016-03-27 19:42 - 00002261 _____ C:\Users\Public\Desktop\电脑管家.lnk 2016-03-27 19:42 - 2016-03-27 19:42 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\Mozilla 2016-03-27 19:42 - 2016-03-27 19:42 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2016-03-27 19:42 - 2016-03-27 19:42 - 00000000 ____D C:\Users\Public\Thunder Network 2016-03-27 19:42 - 2016-03-27 19:42 - 00000000 ____D C:\ProgramData\TXQMPC 2016-03-27 19:42 - 2016-03-27 19:42 - 00000000 ____D C:\ProgramData\Thunder Network 2016-03-27 19:42 - 2016-03-27 19:42 - 00000000 ____D C:\Program Files\Common Files\Tencent 2016-03-27 19:42 - 2016-03-27 19:42 - 00000000 ____D C:\Program Files (x86)\Tencent 2016-03-27 19:42 - 2016-03-27 19:42 - 00000000 _____ C:\Users\Rumbata\Desktop\$电脑管家-清理垃圾$.qmgc 2016-03-27 19:41 - 2016-03-27 19:41 - 06493696 _____ C:\Users\Rumbata\AppData\Roaming\agent.dat 2016-03-27 19:41 - 2016-03-27 19:41 - 02570371 _____ C:\Windows\chromebrowser.exe 2016-03-27 19:41 - 2016-03-27 19:41 - 01621131 _____ C:\Users\Rumbata\AppData\Roaming\Warm-Tom.tst 2016-03-27 19:41 - 2016-03-27 19:41 - 01029632 _____ C:\Users\Rumbata\AppData\Roaming\Warm-Tom.exe 2016-03-27 19:41 - 2016-03-27 19:41 - 01029632 _____ C:\Users\Rumbata\AppData\Roaming\Hot-Tone.exe 2016-03-27 19:41 - 2016-03-27 19:41 - 00848437 _____ C:\Users\Rumbata\AppData\Roaming\Duo-Lab.bin 2016-03-27 19:41 - 2016-03-27 19:41 - 00130240 _____ C:\Users\Rumbata\AppData\Roaming\inst.lat 2016-03-27 19:41 - 2016-03-27 19:41 - 00127488 _____ C:\Users\Rumbata\AppData\Roaming\Installer.dat 2016-03-27 19:41 - 2016-03-27 19:41 - 00126464 _____ C:\Users\Rumbata\AppData\Roaming\noah.dat 2016-03-27 19:41 - 2016-03-27 19:41 - 00126464 _____ C:\Users\Rumbata\AppData\Roaming\lobby.dat 2016-03-27 19:41 - 2016-03-27 19:41 - 00072706 _____ C:\Users\Rumbata\AppData\Roaming\Hot-Tone.tst 2016-03-27 19:41 - 2016-03-27 19:41 - 00065424 _____ C:\Users\Rumbata\AppData\Roaming\Config.xml 2016-03-27 19:41 - 2016-03-27 19:41 - 00054272 _____ C:\Users\Rumbata\AppData\Roaming\ApplicationHosting.dat 2016-03-27 19:41 - 2016-03-27 19:41 - 00018432 _____ C:\Users\Rumbata\AppData\Roaming\Main.dat 2016-03-27 19:41 - 2016-03-27 19:41 - 00015840 _____ C:\Users\Rumbata\AppData\Roaming\InstallationConfiguration.xml 2016-03-27 19:41 - 2016-03-27 19:41 - 00005568 _____ C:\Users\Rumbata\AppData\Roaming\md.xml 2016-03-27 19:41 - 2016-03-27 19:41 - 00002397 _____ C:\Windows\SysWOW64\findit.xml 2016-03-27 19:41 - 2016-03-27 19:41 - 00000000 ____D C:\ProgramData\Quoteexs 2016-03-27 19:41 - 2016-03-27 19:41 - 00000000 ____D C:\ProgramData\CloudPrinter 2016-03-24 00:41 - 2016-03-24 00:42 - 00000012 _____ C:\Users\Rumbata\Desktop\IMP S LMA CO.txt 2016-03-18 18:35 - 2016-03-23 17:46 - 00000080 _____ C:\Users\Rumbata\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 2016-03-18 18:35 - 2016-03-18 18:35 - 00000000 ____D C:\Users\Rumbata\Documents\Rockstar Games 2016-03-18 18:35 - 2016-03-18 18:35 - 00000000 ____D C:\Users\Rumbata\AppData\Local\Rockstar Games 2016-03-18 18:35 - 2016-03-18 18:35 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2016-03-18 18:34 - 2016-03-18 18:34 - 00000000 ____D C:\Program Files\Rockstar Games 2016-03-17 20:23 - 2016-03-27 03:22 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server 2016-03-17 20:23 - 2016-03-17 20:23 - 00000000 ___HD C:\Windows\msdownld.tmp 2016-03-17 20:23 - 2016-03-17 20:23 - 00000000 ____D C:\Windows\SysWOW64\directx 2016-03-17 20:23 - 2016-03-17 20:23 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server 2016-03-15 22:13 - 2016-03-15 22:13 - 00000132 _____ C:\Users\Rumbata\AppData\Roaming\Adobe PNG Format CC Prefs 2016-03-14 01:22 - 2016-03-14 01:22 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\�Adobe 2016-03-13 21:40 - 2016-03-13 21:41 - 00000000 ____D C:\Program Files (x86)\Red Giant Link 2016-03-13 21:06 - 2016-03-13 21:06 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\ֳAdobe 2016-03-13 18:19 - 2016-03-13 18:36 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\Audacity 2016-03-13 18:19 - 2016-03-13 18:19 - 00000000 ____D C:\Users\Rumbata\AppData\Local\Audacity 2016-03-13 18:17 - 2016-03-13 18:17 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2016-03-13 18:16 - 2016-03-13 18:19 - 00000000 ____D C:\Program Files (x86)\Audacity 2016-03-12 21:22 - 2016-03-12 21:22 - 00002818 _____ C:\Users\Rumbata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\µTorrent.lnk 2016-03-12 00:16 - 2016-03-12 00:16 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\HD Tune Pro 2016-03-12 00:15 - 2016-03-12 00:18 - 00000000 ____D C:\Program Files (x86)\HD Tune Pro 2016-03-12 00:13 - 2016-03-12 00:13 - 00000000 ____D C:\Windows\XSxS 2016-03-11 22:43 - 2016-03-11 22:43 - 00000000 ____D C:\Users\Rumbata\Documents\Bandicam 2016-03-11 22:43 - 2016-03-11 22:43 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\BANDISOFT 2016-03-11 17:24 - 2016-03-27 18:55 - 00000000 ____D C:\Users\Rumbata\Documents\American Truck Simulator 2016-03-08 18:37 - 2016-03-08 18:37 - 00000000 ____D C:\Users\Rumbata\AppData\Local\UnrealEngine 2016-03-08 18:37 - 2016-03-08 18:37 - 00000000 ____D C:\Users\Rumbata\AppData\Local\MC 2016-03-08 18:37 - 2015-06-04 16:28 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2016-03-08 18:37 - 2015-06-04 16:28 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:28 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:28 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:28 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:28 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:28 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:28 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:28 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:28 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:28 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:28 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:28 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:28 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:28 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:28 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:26 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2016-03-08 18:37 - 2015-06-04 16:26 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:26 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:26 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:26 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:26 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:26 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:26 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:26 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:26 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:26 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:26 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:26 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:26 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:26 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2016-03-08 18:37 - 2015-06-04 16:26 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2016-03-07 20:44 - 2016-03-07 20:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2016-03-04 20:01 - 2016-03-04 20:27 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\foobar2000 2016-03-04 20:01 - 2016-03-04 20:01 - 00001129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk 2016-03-04 20:01 - 2016-03-04 20:01 - 00000000 ____D C:\Program Files (x86)\foobar2000 2016-03-04 19:39 - 2016-03-04 19:39 - 00000000 ____D C:\Users\Rumbata\AppData\Local\JimsApps 2016-03-04 19:39 - 2016-03-04 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snaz 2016-03-04 19:39 - 2016-03-04 19:39 - 00000000 ____D C:\Program Files (x86)\Snaz 2016-03-03 16:09 - 2016-03-03 16:09 - 00000000 ____D C:\Users\Rumbata\Documents\PVZ Garden Warfare 2016-03-03 12:08 - 2016-03-03 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare 2016-03-03 04:20 - 2016-02-23 23:39 - 00111672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2016-03-03 04:18 - 2016-02-24 02:58 - 42983992 _____ C:\Windows\system32\nvcompiler.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 37616184 _____ C:\Windows\SysWOW64\nvcompiler.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 31081920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 24914880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 21193032 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 20733832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 17625136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 17218792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 16995384 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 16328088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 12381632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2016-03-03 04:18 - 2016-02-24 02:58 - 03143616 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 02722872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436200.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436200.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 00950328 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 00880576 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 00879000 _____ C:\Windows\system32\nvmcumd.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 00747064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 00689600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 00468960 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 00423080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 00388560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 00377792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 00126008 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll 2016-03-03 04:18 - 2016-02-24 02:58 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys 2016-03-03 04:02 - 2016-03-03 04:02 - 00000098 _____ C:\Windows\MSUTIL.INI 2016-03-03 04:02 - 2016-03-03 04:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GenArts Sapphire AE 2016-03-03 04:02 - 2016-03-03 04:02 - 00000000 ____D C:\ProgramData\GenArts 2016-03-03 04:02 - 2016-03-03 04:02 - 00000000 ____D C:\Program Files (x86)\GenArts 2016-03-03 04:02 - 2010-02-04 08:58 - 00584376 _____ (Intel Corporation) C:\Windows\system32\libiomp5md.dll 2016-03-03 04:02 - 2010-02-04 08:40 - 00575672 _____ (Intel Corporation) C:\Windows\SysWOW64\libiomp5md.dll 2016-03-03 03:04 - 2016-03-03 03:04 - 00000000 ____D C:\Program Files (x86)\LooksBuilder 2016-03-03 03:04 - 2014-07-28 15:10 - 19939328 _____ (Red Giant LLC) C:\Windows\system32\MBLooksUI_x64.dll 2016-03-03 03:04 - 2014-03-06 22:30 - 04769280 _____ C:\Windows\system32\ColoristaRenderer_x64.dll 2016-03-03 03:04 - 2014-02-27 16:52 - 04228096 _____ C:\Windows\system32\CosmoRenderer_x64.dll 2016-03-03 02:49 - 2016-03-03 02:49 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\Red Giant 2016-03-03 02:49 - 2016-03-03 02:49 - 00000000 ____D C:\ProgramData\Red Giant 2016-03-03 02:48 - 2016-03-13 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant 2016-03-03 02:48 - 2016-03-13 21:40 - 00000000 ____D C:\Program Files (x86)\Red Giant 2016-03-03 02:38 - 2016-03-03 02:38 - 00000000 ____D C:\ProgramData\RedGiant 2016-03-01 18:11 - 2016-03-01 18:11 - 00000000 ____D C:\Users\Rumbata\Desktop\screenshots 2016-03-01 01:36 - 2016-03-01 01:36 - 10800128 _____ C:\Users\Rumbata\Desktop\Пролет.ppt 2016-02-29 07:12 - 2016-02-29 07:12 - 00000000 ____D C:\Users\Rumbata\Desktop\Alpha Squad 2016-02-28 16:41 - 2016-03-27 19:40 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\Spotify 2016-02-28 16:41 - 2016-03-27 19:40 - 00000000 ____D C:\Users\Rumbata\AppData\Local\Spotify 2016-02-28 16:41 - 2016-02-28 16:41 - 00001809 _____ C:\Users\Rumbata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2016-02-26 11:07 - 2016-02-26 11:07 - 00000082 _____ C:\Users\Rumbata\Desktop\Paypal Donate Button.txt 2016-02-26 01:09 - 2016-02-26 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ut Video Codec Suite 2016-02-26 01:09 - 2016-02-26 01:09 - 00000000 ____D C:\Program Files\utvideo 2016-02-26 01:09 - 2016-01-10 00:34 - 00286720 _____ C:\Windows\system32\utv_core.dll 2016-02-26 01:09 - 2016-01-10 00:34 - 00223232 _____ (TODO: <会社名>) C:\Windows\system32\utv_dmo.dll 2016-02-26 01:09 - 2016-01-10 00:34 - 00180224 _____ (TODO: <会社名>) C:\Windows\SysWOW64\utv_dmo.dll 2016-02-26 01:09 - 2016-01-10 00:34 - 00111104 _____ C:\Windows\system32\utv_vcm.dll 2016-02-26 01:09 - 2016-01-10 00:34 - 00094720 _____ C:\Windows\SysWOW64\utv_vcm.dll 2016-02-26 01:09 - 2016-01-10 00:33 - 00211456 _____ C:\Windows\SysWOW64\utv_core.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-27 20:01 - 2016-01-26 16:27 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1115206490-3046242634-1650409085-1001 2016-03-27 19:50 - 2016-01-28 14:40 - 00001018 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-27 19:48 - 2016-01-27 02:09 - 00000000 ____D C:\Windows\Panther 2016-03-27 19:48 - 2016-01-26 21:39 - 00000000 ____D C:\Users\Rumbata\AppData\Local\CrashDumps 2016-03-27 19:48 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Inf 2016-03-27 19:46 - 2016-01-26 20:10 - 00000000 ____D C:\Program Files (x86)\Steam 2016-03-27 19:45 - 2016-01-26 20:28 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\Skype 2016-03-27 19:44 - 2016-01-26 16:22 - 00000000 ____D C:\Users\Rumbata\AppData\Local\VirtualStore 2016-03-27 19:41 - 2016-01-28 14:40 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-27 19:41 - 2016-01-26 16:22 - 00001434 _____ C:\Users\Rumbata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-03-27 19:40 - 2016-01-26 19:37 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\uTorrent 2016-03-27 19:35 - 2016-02-09 22:48 - 00001130 _____ C:\Users\Rumbata\Desktop\nativelog.txt 2016-03-27 16:54 - 2016-01-27 16:42 - 00004954 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Rumen-Rumbata Rumen 2016-03-27 15:33 - 2016-02-09 22:44 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\.minecraft 2016-03-27 14:50 - 2016-01-28 14:40 - 00001014 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-27 14:44 - 2016-01-26 16:22 - 00000000 ____D C:\Users\Rumbata\AppData\Local\Packages 2016-03-27 12:33 - 2016-01-26 17:21 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS 2016-03-26 15:55 - 2016-01-28 01:33 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-03-25 16:45 - 2014-11-21 10:38 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-25 16:03 - 2013-08-22 18:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-03-25 16:03 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\AppReadiness 2016-03-25 01:37 - 2016-01-26 16:58 - 00000000 ____D C:\ProgramData\NVIDIA 2016-03-25 01:37 - 2013-08-22 17:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-23 01:35 - 2016-01-26 20:28 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-03-23 01:35 - 2016-01-26 20:28 - 00000000 ____D C:\ProgramData\Skype 2016-03-18 18:27 - 2013-08-22 16:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-03-17 22:27 - 2016-01-26 19:55 - 00000000 ____D C:\ProgramData\Origin 2016-03-16 21:10 - 2016-02-09 21:39 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\OBS 2016-03-15 19:58 - 2016-02-09 21:41 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\obs-studio 2016-03-14 01:50 - 2016-01-26 20:39 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\HandBrake 2016-03-11 17:24 - 2016-01-28 13:10 - 00000000 ____D C:\Users\Rumbata\Desktop\Games 2016-03-11 17:05 - 2016-01-26 21:05 - 00000000 ____D C:\Users\Rumbata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-03-08 18:37 - 2016-01-26 16:57 - 00000000 ____D C:\ProgramData\Package Cache 2016-03-08 18:37 - 2013-08-22 18:20 - 00000000 ____D C:\Windows\CbsTemp 2016-03-08 02:43 - 2016-02-20 02:51 - 00000000 ____D C:\Users\Rumbata\AppData\Local\Battle.net 2016-03-08 00:42 - 2016-02-20 02:51 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-03-04 16:57 - 2016-01-26 17:00 - 00000000 ____D C:\Users\Rumbata\AppData\Local\NVIDIA Corporation 2016-03-03 16:09 - 2016-01-26 19:55 - 00000000 ____D C:\ProgramData\Electronic Arts 2016-03-03 11:33 - 2016-01-26 20:02 - 00000000 ____D C:\Program Files (x86)\Origin Games 2016-03-03 04:20 - 2016-01-26 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-03-03 04:20 - 2016-01-26 16:58 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-03-03 04:03 - 2016-01-27 15:47 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-03-03 03:04 - 2016-01-27 15:44 - 00000000 ____D C:\Program Files\Adobe 2016-02-26 13:07 - 2016-01-26 16:59 - 00000000 ____D C:\Users\Rumbata\AppData\Local\NVIDIA ==================== Files in the root of some directories ======= 2016-03-15 22:13 - 2016-03-15 22:13 - 0000132 _____ () C:\Users\Rumbata\AppData\Roaming\Adobe PNG Format CC Prefs 2016-03-27 19:41 - 2016-03-27 19:41 - 6493696 _____ () C:\Users\Rumbata\AppData\Roaming\agent.dat 2016-03-27 19:41 - 2016-03-27 19:41 - 0054272 _____ () C:\Users\Rumbata\AppData\Roaming\ApplicationHosting.dat 2016-03-27 19:41 - 2016-03-27 19:41 - 0065424 _____ () C:\Users\Rumbata\AppData\Roaming\Config.xml 2016-03-27 19:41 - 2016-03-27 19:41 - 0848437 _____ () C:\Users\Rumbata\AppData\Roaming\Duo-Lab.bin 2016-03-27 19:42 - 2016-03-27 19:42 - 0005120 _____ () C:\Users\Rumbata\AppData\Roaming\GiftBag.db 2016-03-27 19:41 - 2016-03-27 19:41 - 1029632 _____ () C:\Users\Rumbata\AppData\Roaming\Hot-Tone.exe 2016-03-27 19:41 - 2016-03-27 19:41 - 0072706 _____ () C:\Users\Rumbata\AppData\Roaming\Hot-Tone.tst 2016-03-27 19:41 - 2016-03-27 19:41 - 0130240 _____ () C:\Users\Rumbata\AppData\Roaming\inst.lat 2016-03-27 19:41 - 2016-03-27 19:41 - 0015840 _____ () C:\Users\Rumbata\AppData\Roaming\InstallationConfiguration.xml 2016-03-27 19:41 - 2016-03-27 19:41 - 0127488 _____ () C:\Users\Rumbata\AppData\Roaming\Installer.dat 2016-03-27 19:41 - 2016-03-27 19:41 - 0126464 _____ () C:\Users\Rumbata\AppData\Roaming\lobby.dat 2016-03-27 19:41 - 2016-03-27 19:41 - 0018432 _____ () C:\Users\Rumbata\AppData\Roaming\Main.dat 2016-03-27 19:41 - 2016-03-27 19:41 - 0005568 _____ () C:\Users\Rumbata\AppData\Roaming\md.xml 2016-03-27 19:41 - 2016-03-27 19:41 - 0126464 _____ () C:\Users\Rumbata\AppData\Roaming\noah.dat 2016-02-11 18:13 - 2016-02-11 18:27 - 0005573 _____ () C:\Users\Rumbata\AppData\Roaming\SpeedRunnersLog.txt 2016-03-27 19:41 - 2016-03-27 19:41 - 0032038 _____ () C:\Users\Rumbata\AppData\Roaming\uninstall_temp.ico 2016-03-27 19:41 - 2016-03-27 19:41 - 1029632 _____ () C:\Users\Rumbata\AppData\Roaming\Warm-Tom.exe 2016-03-27 19:41 - 2016-03-27 19:41 - 1621131 _____ () C:\Users\Rumbata\AppData\Roaming\Warm-Tom.tst 2016-01-26 16:30 - 2016-01-26 16:30 - 0007605 _____ () C:\Users\Rumbata\AppData\Local\Resmon.ResmonCfg Files to move or delete: ==================== C:\Users\Rumbata\AppData\Local\Temp\237840968\ic-0.5ab50857551d4c.exe Some files in TEMP: ==================== C:\Users\Rumbata\AppData\Local\Temp\7za.exe C:\Users\Rumbata\AppData\Local\Temp\bdcamsetup.exe C:\Users\Rumbata\AppData\Local\Temp\bdcam_0.dll C:\Users\Rumbata\AppData\Local\Temp\CodecFixDivx.exe C:\Users\Rumbata\AppData\Local\Temp\dxdiag.exe C:\Users\Rumbata\AppData\Local\Temp\mesox.exe C:\Users\Rumbata\AppData\Local\Temp\qqpcmgr_v11.4.17347.218_45287_Silence.exe C:\Users\Rumbata\AppData\Local\Temp\setdd.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-03-19 11:08 ==================== End of FRST.txt ============================ Addition.txt

Здравейте, Разполагам със 32 бит версия на Уин. Компютърът не е профилирам доста дълго време (не е мой) и реших да го изпробвам днес. Аутпут от Фарбар: FRST Addition Както казах, не е профилиран от дълго време. Бих оценил каквато и да било помощ. Благодаря предварително

Здравейте, Тези дни се появи нов криптовирус (link) и като при всяка масова атака, някой капацитет в офиса, вземе че се нахендри. За съжаление, meilа e стигнал до 10% от служебните пощи. Попаднах на него, още преди два дни, като една колежка ме пита, да го отварям ли това. Казах и да ми го препрати. Служебната ми поща се отваря от gmail а не от Outlook и съответно, от gmail като има вирус ми казват, че съобщението е оставено на сървъра. Казах и да го изтрие и предупредих колегите, ако срещнат подобен мейл, да не го отварят. Е да ама, в счетоводството са решили да го отворят, а там е още по-голяма греда, тъй кат всички по-важни транзакции, минават от там. Да дойдем на въпроса, някой запознат ли е какво точно прави гадината, тъй като от прочетеното из новинарските сайтове, не ми стана много ясно. Съответно, някакъв вариант да се разкара или направо да се преинсталира? Може ли да стигне до всички по локалната мрежа? Поздрави,

Имам малко съмнение за проникване в лаптопа ми. Може би заразени драйвъри за камерата ? Като я пусна и се активира понякога това: И ако му дадеш "View the massage" се пуска камерата и се съмняваме да не ми е заразен латопа и да пускат камерата. Сканирал съм с NOD32 и с Malwarebytes Anti-Malware Premium и не открих нищо заплашително в системата. Като натисна оттук за пускане на камерата тогава започва да се активизира това запитване..

Здравейте,и двата шифта не работят както трябва.Работят с някои клавиши,но като цъкам тези клавиши и другите се оправят.Въпроса ми е да не би да е вирус,защото теглих autodata и след това мисля,че се получи проблема,а TS360 ми изпищя,че има троянец във торента,разбира се предполагах от краковете.Също и фпс-то на цс-а падна на 70-80 от 160-200.Прикачвам лог от FRST. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-10-2017 Ran by bobby (administrator) on BOBY (02-10-2017 13:00:48) Running from C:\Users\bobby\Downloads Loaded Profiles: bobby (Available Profiles: bobby) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Autodata Limited) C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (@ByELDI) D:\Downloads\KMSpico_10.2.0\KMSpico\Service_KMS.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Qihu 360 Software Co., Ltd.) C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-10-13] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft) HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [345000 2017-08-29] (QIHU 360 SOFTWARE CO. LIMITED) HKU\S-1-5-21-3041877358-191924833-3829036719-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-17] (Disc Soft Ltd) HKU\S-1-5-21-3041877358-191924833-3829036719-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074336 2017-09-27] (Valve Corporation) HKU\S-1-5-21-3041877358-191924833-3829036719-1001\...\MountPoints2: {0380623e-8e5a-11e7-8251-28c2dd571342} - "G:\Inst.exe" HKU\S-1-5-21-3041877358-191924833-3829036719-1001\...\MountPoints2: {038063b1-8e5a-11e7-8251-28c2dd571342} - "H:\SETUP.EXE" HKU\S-1-5-21-3041877358-191924833-3829036719-1001\...\MountPoints2: {23735b35-8e79-11e7-8253-28c2dd571342} - "I:\SETUP.EXE" GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.31.1 Tcpip\..\Interfaces\{9683ECB9-59D8-4E91-BF28-375C96FC72EE}: [DhcpNameServer] 192.168.31.1 Tcpip\..\Interfaces\{9ADF9BFB-322E-4398-8E1F-99E9E89E7B3E}: [DhcpNameServer] 192.168.31.1 Internet Explorer: ================== HKU\S-1-5-21-3041877358-191924833-3829036719-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2017-08-29] (Qihu 360 Software Co., Ltd.) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2017-08-29] (Qihu 360 Software Co., Ltd.) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft) FireFox: ======== FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-31] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-31] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.bg/ CHR StartupUrls: Default -> "hxxps://www.google.bg/" CHR Profile: C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default [2017-10-02] CHR Extension: (Easy Auto Refresh) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2017-09-26] CHR Extension: (Steam Community SteamRep Integration) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaclmldkenecanphogeaacolljiphmnk [2017-08-31] CHR Extension: (Google Презентации) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-31] CHR Extension: (Google Документи) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-31] CHR Extension: (Google Диск) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-31] CHR Extension: (Unlocker for WakeLockDetector) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgeplmmblegmdackkcemjkpngngocgjp [2017-08-31] CHR Extension: (YouTube) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-31] CHR Extension: (Steam Inventory Helper) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-10-02] CHR Extension: (Lounge Assistant) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjonnlehciedbcidabdglnnihcncbml [2017-08-31] CHR Extension: (uBlock) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2017-08-31] CHR Extension: (Електронни таблици от Google) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-31] CHR Extension: (Отдалечен работен плот на Chrome) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-08-31] CHR Extension: (LoungeDestroyer) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2017-08-31] CHR Extension: (Google Документи офлайн) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-31] CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-09-15] CHR Extension: (360 Internet Protection) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2017-08-31] CHR Extension: (Invite All Friends on Facebook) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2017-09-27] CHR Extension: (CS:GO Lounge Bump Bot) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhfkidfnhjcjjamcbdepeohblphlamgk [2017-08-31] CHR Extension: (Floating for YouTube™) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2017-08-31] CHR Extension: (Message/Chat Downloader) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkinapjekllgfipphkgpmombekfclghe [2017-08-31] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-31] CHR Extension: (NeoBux AdAlert) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaepeijninfcgjdnighjnlgdkkgpnaen [2017-09-30] CHR Extension: (Gmail) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-31] CHR Extension: (Chrome Media Router) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-19] CHR Extension: (Abstract Blue) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2017-08-31] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2017-09-28] (Autodata Limited) [File not signed] S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291392 2017-08-17] (Disc Soft Ltd) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-09-15] (EasyAntiCheat Ltd) S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-09-19] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-09-19] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-22] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-09-19] (NVIDIA Corporation) R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [929888 2017-08-29] (QIHU 360 SOFTWARE CO. LIMITED) R2 Service KMSELDI; D:\Downloads\KMSpico_10.2.0\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed] R3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-17] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [175040 2017-08-29] (360.cn) R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2017-08-29] (360.cn) R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2017-08-29] (360.cn) R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2017-08-29] (360.cn) R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [49088 2017-08-29] (360.cn) R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [423360 2017-08-29] (360.cn) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-12-31] (ASUS Corporation) R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [190400 2017-08-29] (360.cn) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-08-31] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-08-31] (Disc Soft Ltd) R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79528 2014-10-16] (Intel Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-09-19] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-08-22] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57976 2017-08-22] (NVIDIA Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2014-10-07] (Realtek Semiconductor Corporation ) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-02 13:00 - 2017-10-02 13:01 - 000019333 _____ C:\Users\bobby\Downloads\FRST.txt 2017-10-02 13:00 - 2017-10-02 13:00 - 000000000 ____D C:\FRST 2017-10-02 12:59 - 2017-10-02 12:59 - 002399744 _____ (Farbar) C:\Users\bobby\Downloads\FRST64.exe 2017-09-30 13:11 - 2017-09-30 13:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2017-09-30 11:40 - 2017-09-30 11:40 - 001790024 _____ (Malwarebytes) C:\Users\bobby\Downloads\Непотвърдено 889483.crdownload 2017-09-30 11:39 - 2017-09-30 11:41 - 000000000 ____D C:\AdwCleaner 2017-09-30 11:39 - 2017-09-30 11:39 - 008250832 _____ (Malwarebytes) C:\Users\bobby\Downloads\adwcleaner_7.0.3.1.exe 2017-09-30 11:26 - 2017-09-30 11:26 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-09-30 11:25 - 2017-09-30 11:25 - 000000000 ____D C:\Windows\system32\Drivers\etc\BACKUP 2017-09-30 11:25 - 2017-09-30 11:25 - 000000000 ____D C:\ProgramData\MB2Migration 2017-09-30 11:24 - 2017-09-30 11:24 - 000011576 _____ C:\Users\bobby\Downloads\Malwarebytes Anti-Malware Premium v3.2.2.2029 RePack.torrent 2017-09-28 18:00 - 2017-09-28 18:00 - 000000600 _____ C:\Users\Public\Desktop\Autodata CDA-3.lnk 2017-09-28 18:00 - 2017-09-28 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodata 2017-09-28 17:59 - 2017-09-28 18:00 - 000000000 ____D C:\ADCDA2 2017-09-28 17:59 - 2017-09-28 17:59 - 000000000 ____D C:\ADCDTEMP 2017-09-28 15:04 - 2017-09-28 18:00 - 000000000 ____D C:\Users\bobby\Documents\Autodata 2017-09-28 15:04 - 2017-09-28 15:04 - 000003022 _____ C:\Windows\System32\Tasks\{F057C150-4601-40D5-93CB-FB66F88AA4FC} 2017-09-28 14:59 - 2017-09-28 14:59 - 000018978 _____ C:\Users\bobby\Downloads\Autodata_3.18.iso.torrent 2017-09-28 14:54 - 2017-09-28 14:54 - 000014138 _____ C:\Users\bobby\Downloads\AD3.38EN.torrent 2017-09-27 20:01 - 2017-09-27 20:01 - 000017910 _____ C:\Users\bobby\Downloads\AutoData CDA 3.45.torrent 2017-09-23 21:06 - 2017-09-23 21:06 - 082471739 _____ C:\Users\bobby\Downloads\facebook-bobito981.zip 2017-09-18 17:58 - 2017-09-18 17:58 - 000001402 _____ C:\Users\bobby\Desktop\aida64 - Shortcut.lnk 2017-09-18 17:57 - 2017-09-18 17:57 - 000000000 ____D C:\Program Files (x86)\AIDA64 2017-09-18 17:12 - 2017-09-18 17:12 - 000007908 _____ C:\Users\bobby\Downloads\AIDA64-5.75.3900.torrent 2017-09-15 22:08 - 2017-09-15 22:08 - 000000000 ____D C:\Users\bobby\AppData\Roaming\EasyAntiCheat 2017-09-15 22:06 - 2017-09-15 22:07 - 000000000 ____D C:\Users\bobby\AppData\Local\HirezLauncherUI 2017-09-15 22:05 - 2017-10-02 12:28 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2017-09-15 22:05 - 2017-09-30 13:11 - 000000000 ____D C:\ProgramData\Hi-Rez Studios 2017-09-15 21:33 - 2017-09-15 21:33 - 000000222 _____ C:\Users\bobby\Desktop\Paladins.url 2017-09-15 19:28 - 2017-09-15 19:28 - 000000222 _____ C:\Users\bobby\Desktop\PlanetSide 2.url 2017-09-14 22:08 - 2017-09-14 22:08 - 000000000 ____D C:\Users\bobby\AppData\Roaming\Shooter 2017-09-14 22:06 - 2017-09-15 22:08 - 000000000 ____D C:\Users\bobby\Documents\My Games 2017-09-14 21:59 - 2017-09-15 21:33 - 000382504 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe 2017-09-14 20:32 - 2017-09-14 20:32 - 000000222 _____ C:\Users\bobby\Desktop\Dirty Bomb.url 2017-09-13 11:06 - 2017-08-19 20:27 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2017-09-13 11:06 - 2017-08-19 19:48 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2017-09-13 11:06 - 2017-08-18 01:07 - 000537200 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2017-09-13 11:06 - 2017-08-18 01:07 - 000140016 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2017-09-13 11:06 - 2017-08-18 01:03 - 000450392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2017-09-13 11:06 - 2017-08-18 01:03 - 000136832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2017-09-13 11:06 - 2017-08-15 17:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-09-13 11:06 - 2017-08-15 17:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2017-09-13 11:06 - 2017-08-15 17:01 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2017-09-13 11:06 - 2017-08-15 17:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2017-09-13 11:06 - 2017-08-15 16:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-09-13 11:06 - 2017-08-13 21:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-09-13 11:06 - 2017-08-13 20:19 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys 2017-09-13 11:06 - 2017-08-13 20:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-09-13 11:06 - 2017-08-13 20:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-09-13 11:06 - 2017-08-13 19:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-09-13 11:06 - 2017-08-13 19:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-09-13 11:06 - 2017-08-13 19:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-09-13 11:06 - 2017-08-13 19:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2017-09-13 11:06 - 2017-08-13 19:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2017-09-13 11:06 - 2017-08-13 19:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2017-09-13 11:06 - 2017-08-13 19:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2017-09-13 11:06 - 2017-08-13 19:21 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2017-09-13 11:06 - 2017-08-13 19:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2017-09-13 11:06 - 2017-08-13 19:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2017-09-13 11:06 - 2017-08-13 19:15 - 007078912 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll 2017-09-13 11:06 - 2017-08-13 19:14 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2017-09-13 11:06 - 2017-08-13 19:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2017-09-13 11:06 - 2017-08-13 19:05 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2017-09-13 11:06 - 2017-08-13 19:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-09-13 11:06 - 2017-08-13 19:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-09-13 11:06 - 2017-08-13 19:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2017-09-13 11:06 - 2017-08-13 18:52 - 005274624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll 2017-09-13 11:06 - 2017-08-13 18:52 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll 2017-09-13 11:06 - 2017-08-13 18:51 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2017-09-13 11:06 - 2017-08-13 18:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-09-13 11:06 - 2017-08-13 18:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2017-09-13 11:06 - 2017-08-13 18:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2017-09-13 11:06 - 2017-08-13 18:44 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2017-09-13 11:06 - 2017-08-13 18:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2017-09-13 11:06 - 2017-08-13 18:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-09-13 11:06 - 2017-08-13 18:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-09-13 11:06 - 2017-08-13 18:25 - 007797248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2017-09-13 11:06 - 2017-08-13 18:18 - 005270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2017-09-13 11:06 - 2017-08-13 18:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-09-13 11:06 - 2017-08-13 18:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-09-13 11:06 - 2017-08-13 18:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2017-09-13 11:06 - 2017-08-13 18:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-09-13 11:06 - 2017-08-12 12:30 - 022361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2017-09-13 11:06 - 2017-08-12 12:26 - 019789736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2017-09-13 11:06 - 2017-08-12 03:39 - 001364552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2017-09-13 11:06 - 2017-08-12 02:59 - 007440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-09-13 11:06 - 2017-08-12 02:58 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2017-09-13 11:06 - 2017-08-12 02:58 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2017-09-13 11:06 - 2017-08-11 23:46 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll 2017-09-13 11:06 - 2017-08-11 23:29 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll 2017-09-13 11:06 - 2017-08-11 23:13 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll 2017-09-13 11:06 - 2017-08-11 06:30 - 004170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-09-13 11:06 - 2017-08-11 06:27 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2017-09-13 11:06 - 2017-08-11 06:27 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2017-09-13 11:06 - 2017-08-11 05:38 - 000477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2017-09-13 11:06 - 2017-08-11 05:08 - 001753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2017-09-13 11:06 - 2017-08-11 05:08 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll 2017-09-13 11:06 - 2017-08-11 05:02 - 001084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2017-09-13 11:06 - 2017-08-11 04:52 - 001491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2017-09-13 11:06 - 2017-08-11 04:49 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll 2017-09-13 11:06 - 2017-08-11 04:44 - 001095680 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2017-09-13 11:06 - 2017-08-11 04:43 - 000865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2017-09-13 11:06 - 2017-08-11 04:41 - 000307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll 2017-09-13 11:06 - 2017-08-07 00:20 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2017-09-13 11:06 - 2017-08-06 10:13 - 000530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2017-09-13 11:06 - 2017-07-22 21:34 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll 2017-09-13 11:06 - 2017-07-22 20:32 - 000027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll 2017-09-13 11:06 - 2017-07-17 22:53 - 004298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2017-09-13 11:06 - 2017-07-17 02:55 - 003551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2017-09-13 11:06 - 2017-07-14 02:03 - 002013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2017-09-13 11:06 - 2017-07-12 23:29 - 000420440 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll 2017-09-13 11:06 - 2017-07-12 23:29 - 000075440 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2017-09-13 11:06 - 2017-07-12 23:25 - 000308872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtapi.dll 2017-09-13 11:06 - 2017-07-12 23:25 - 000066112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2017-09-13 11:06 - 2017-07-08 22:03 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2017-09-13 11:06 - 2017-07-08 21:43 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2017-09-13 11:06 - 2017-07-08 21:30 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2017-09-13 11:06 - 2017-07-08 21:20 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2017-09-13 11:06 - 2017-07-08 20:25 - 001436160 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-09-13 11:06 - 2017-07-08 20:00 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2017-09-13 11:06 - 2017-07-08 06:14 - 000100184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys 2017-09-11 11:53 - 2017-09-11 11:53 - 000066783 _____ C:\Users\bobby\Downloads\CV - Български.pdf 2017-09-08 16:21 - 2017-09-08 16:21 - 001130328 _____ (Google Inc.) C:\Users\bobby\Downloads\ChromeSetup.exe 2017-09-08 12:11 - 2017-10-02 12:47 - 000000258 __RSH C:\ProgramData\ntuser.pol 2017-09-06 11:27 - 2017-09-06 11:27 - 000000000 ____D C:\Users\bobby\AppData\Roaming\vlc 2017-09-06 09:46 - 2017-09-06 09:46 - 000000000 ____D C:\Users\bobby\AppData\Roaming\dvdcss 2017-09-04 13:20 - 2017-09-04 13:23 - 000000000 ____D C:\Users\bobby\Documents\ETS2MP 2017-09-04 13:15 - 2017-09-04 13:17 - 000000000 ____D C:\ProgramData\TruckersMP 2017-09-04 13:15 - 2017-09-04 13:15 - 000000901 _____ C:\Users\Public\Desktop\TruckersMP.lnk 2017-09-04 13:15 - 2017-09-04 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TruckersMP Launcher 2017-09-04 13:15 - 2017-09-04 13:15 - 000000000 ____D C:\Program Files\TruckersMP Launcher 2017-09-04 13:14 - 2017-09-04 13:14 - 000667351 _____ C:\Users\bobby\Downloads\launcher_1004.zip 2017-09-04 13:10 - 2017-09-04 23:19 - 000000000 ____D C:\Users\bobby\Documents\Euro Truck Simulator 2 2017-09-03 19:02 - 2017-09-03 19:02 - 000000000 ____D C:\Program Files\Common Files\DESIGNER ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-02 13:01 - 2017-08-31 21:18 - 000000000 ____D C:\Users\bobby\AppData\LocalLow\360WD 2017-10-02 12:55 - 2017-09-01 19:51 - 000000000 ____D C:\Users\bobby\AppData\Roaming\TeamViewer 2017-10-02 12:55 - 2017-09-01 04:04 - 000000000 ____D C:\Windows\Panther 2017-10-02 12:55 - 2017-08-31 18:17 - 000000000 ____D C:\Users\bobby\AppData\Local\CrashDumps 2017-10-02 12:55 - 2017-08-31 18:10 - 000000000 ____D C:\ProgramData\ClassicShell 2017-10-02 12:55 - 2017-08-31 18:05 - 000000000 ____D C:\Program Files (x86)\Steam 2017-10-02 12:55 - 2017-08-31 17:51 - 000000000 ____D C:\Users\bobby\AppData\Roaming\uTorrent 2017-10-02 12:55 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Inf 2017-10-02 12:54 - 2017-08-31 23:46 - 000000000 ____D C:\ProgramData\360Quarant 2017-10-02 12:54 - 2017-08-31 18:18 - 000000000 ____D C:\Users\bobby\AppData\Local\ClassicShell 2017-10-02 12:46 - 2017-08-31 17:18 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-10-02 12:46 - 2017-08-31 17:18 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-10-02 12:34 - 2017-08-31 17:20 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3041877358-191924833-3829036719-1001 2017-10-02 12:32 - 2017-08-31 17:30 - 000000000 ____D C:\ProgramData\NVIDIA 2017-10-02 12:32 - 2017-08-31 17:18 - 000003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C64354CA-BA3D-40EC-B714-8157E7D25B88} 2017-10-02 12:28 - 2013-08-22 17:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-10-02 01:14 - 2017-08-31 17:49 - 000000000 ____D C:\Users\bobby\AppData\Roaming\AIMP 2017-10-01 23:35 - 2014-11-21 11:44 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI 2017-10-01 12:32 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\AppReadiness 2017-09-30 14:05 - 2017-08-31 21:18 - 000000000 ____D C:\Users\bobby\AppData\Roaming\360safe 2017-09-30 13:11 - 2017-08-31 17:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-09-30 11:24 - 2017-08-31 21:23 - 000000000 ____D C:\Users\bobby\AppData\LocalLow\uTorrent 2017-09-29 22:56 - 2017-08-31 23:48 - 000000000 __SHD C:\$360Section 2017-09-29 22:56 - 2017-08-31 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico 2017-09-28 23:56 - 2017-08-31 17:14 - 000000000 ____D C:\Users\bobby 2017-09-28 18:00 - 2013-08-22 16:25 - 000000240 _____ C:\Windows\win.ini 2017-09-28 15:04 - 2017-08-31 17:14 - 000000000 ____D C:\Users\bobby\AppData\Local\VirtualStore 2017-09-25 22:16 - 2017-08-31 17:24 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-09-23 14:41 - 2013-08-22 18:36 - 000000000 ___HD C:\Program Files\WindowsApps 2017-09-22 12:52 - 2017-08-31 17:19 - 000002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-09-22 00:01 - 2017-08-31 17:31 - 000003740 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-09-22 00:01 - 2017-08-31 17:31 - 000003732 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-09-22 00:01 - 2017-08-31 17:31 - 000003556 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-09-21 22:18 - 2017-08-31 17:40 - 000000000 ____D C:\Users\bobby\AppData\Local\NVIDIA Corporation 2017-09-21 22:18 - 2017-08-31 17:31 - 000003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-09-21 22:18 - 2017-08-31 17:31 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-09-21 22:18 - 2017-08-31 17:31 - 000001428 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2017-09-21 22:18 - 2017-08-31 17:23 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2017-09-21 22:17 - 2017-08-31 17:31 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-09-21 22:17 - 2017-08-31 17:31 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-09-21 22:17 - 2017-08-31 17:31 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-09-21 22:17 - 2017-08-31 17:23 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2017-09-19 10:23 - 2017-08-31 17:31 - 001923008 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2017-09-19 10:23 - 2017-08-31 17:31 - 001755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2017-09-19 10:23 - 2017-08-31 17:31 - 001505728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2017-09-19 10:23 - 2017-08-31 17:31 - 001317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2017-09-19 10:23 - 2017-08-31 17:31 - 000179136 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2017-09-19 10:23 - 2017-08-31 17:31 - 000146368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2017-09-19 10:23 - 2017-08-31 17:31 - 000121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll 2017-09-19 00:29 - 2017-08-31 17:31 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat 2017-09-18 17:02 - 2017-08-31 21:18 - 000000000 _RSHD C:\360SANDBOX 2017-09-16 14:29 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\rescache 2017-09-15 22:06 - 2017-08-31 17:29 - 000000000 ____D C:\ProgramData\Package Cache 2017-09-15 21:33 - 2017-08-31 20:17 - 000000000 ____D C:\Users\bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-09-15 00:22 - 2013-08-22 16:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2017-09-15 00:20 - 2013-08-22 18:36 - 000000000 ___RD C:\Windows\ToastData 2017-09-13 13:27 - 2017-08-31 19:06 - 000000000 ____D C:\Windows\system32\MRT 2017-09-13 13:25 - 2017-08-31 19:06 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-09-13 13:25 - 2013-08-22 18:20 - 000000000 ____D C:\Windows\CbsTemp 2017-09-10 17:28 - 2017-08-31 18:14 - 000000000 ____D C:\Users\bobby\AppData\Local\Steam 2017-09-08 12:11 - 2013-08-22 18:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2017-09-08 12:11 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy 2017-09-04 11:03 - 2017-08-31 17:38 - 000000000 __SHD C:\Users\bobby\IntelGraphicsProfiles 2017-09-03 19:09 - 2013-08-22 18:36 - 000000000 ____D C:\Program Files\Common Files\System 2017-09-02 02:54 - 2017-08-31 20:27 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-09-02 02:54 - 2017-08-31 20:27 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-09-30 12:38 ==================== End of FRST.txt ============================ Addition_02-10-2017 13.01.49.txt

Здравейте , тези дни получих e-mail в АБВ от непознат със съдържащ файл за сваляне . Не съм чакал от никого файл и не го отворих , а направо го изтрих . Да но от тогава изтривам всички писма от кошчето а като погледнеш към надписа КОШЧЕ винаги стои цифрата 1 . Ето така Кошче 1 . Все едно има нещо . И това няма триене . Все пак си мисля че има нещо вкарано вътре . Как мога да почистя това за да стане както преди ?

Днес си купих сд картата сложих я на телефона и се опитах да сваля едни приложения на нея нов един момент тя блокира и я сложих на компа итам нище ма се е заразила въпроа ми е как да я поистя сканирамя с аваста но показва че няма вирус ако ми помогнете ще се радвам. Благодаря ви предварително!

Здравейте HiJack Team, Имам следният проблем, когато си включа компютъра мисли на десктопа около 3 минути докато започне да зарежда каквото и да е, понякога дори чакам около 10 мин за да започне да отваря програми и т.н. освен това интернета му спира примерно а дефакто ако съм отворил някой страница в нея продължава да има интернет, това е конфигурацията, не съм сигурен дали е вирус, но направих всички стъпки описани от екипа като DISC CLEANUP, Дефрагмент на диска, всичко е точно, а проблемът си остава и е нещо софтуерно. Благодаря ви! Addition.txt FRST: ______________________________________________________ Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015 Ran by Chistalishte (administrator) on BRATSTVO on 16-02-2015 12:22:14 Running from C:\Documents and Settings\Chistalishte\Desktop Loaded Profiles: Chistalishte (Available profiles: Chistalishte) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (DeviceVM, Inc.) C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (BitTorrent Inc.) C:\Documents and Settings\Chistalishte\Application Data\uTorrent\uTorrent.exe (DeviceVM, Inc.) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Georgi Yordanov Ganchev © 2000 - 2013 GogoX@Yahoo.com) C:\Program Files\SERVER1\ComputerClubManager2.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\wmiadap.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bCU] => C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-15] (DeviceVM, Inc.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19523616 2010-04-30] (Realtek Semiconductor Corp.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2029640 2009-05-12] (ESET) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation) HKLM\...\Run: [MP10_EnsureFileVer] => C:\WINDOWS\inf\unregmp2.exe [208896 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated) HKU\S-1-5-21-1123561945-2147263017-1801674531-1003\...\Run: [uTorrent] => C:\Documents and Settings\Chistalishte\Application Data\uTorrent\uTorrent.exe [1377872 2015-01-22] (BitTorrent Inc.) SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1123561945-2147263017-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1123561945-2147263017-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp URLSearchHook: HKU\S-1-5-21-1123561945-2147263017-1801674531-1003 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) SearchScopes: HKU\S-1-5-21-1123561945-2147263017-1801674531-1003 -> DefaultScope {C1590D1C-4F41-4c5d-859B-95944D1207ED} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD SearchScopes: HKU\S-1-5-21-1123561945-2147263017-1801674531-1003 -> {139C04C9-32D6-491a-88AC-FA065408999F} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms} SearchScopes: HKU\S-1-5-21-1123561945-2147263017-1801674531-1003 -> {C1590D1C-4F41-4c5d-859B-95944D1207ED} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-12-18] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-12-18] Chrome: ======= CHR StartupUrls: Default -> "https://www.google.bg/" CHR Profile: C:\Documents and Settings\Chistalishte\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Документи) - C:\Documents and Settings\Chistalishte\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-18] CHR Extension: (Google Диск) - C:\Documents and Settings\Chistalishte\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-18] CHR Extension: (YouTube) - C:\Documents and Settings\Chistalishte\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-18] CHR Extension: (Google Търсене) - C:\Documents and Settings\Chistalishte\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-18] CHR Extension: (Google Wallet) - C:\Documents and Settings\Chistalishte\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-18] CHR Extension: (Gmail) - C:\Documents and Settings\Chistalishte\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-18] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 BCUService; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [223464 2009-10-15] (DeviceVM, Inc.) S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [20680 2009-05-12] (ESET) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [731840 2009-05-12] (ESET) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-12-18] (Macrovision Europe Ltd.) [File not signed] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed] S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed] R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] () R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [114472 2009-05-12] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [107256 2009-05-12] (ESET) R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [94360 2009-05-12] (ESET) R3 HPFXBULK; C:\WINDOWS\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard) R3 HPFXFAX; C:\WINDOWS\System32\drivers\hpfxfax.sys [20504 2007-07-16] (Hewlett Packard) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [13616 2012-07-12] (Marvell Semiconductor Inc.) R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2012-07-12] (Marvell Semiconductor Inc.) [File not signed] R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [13616 2012-07-12] (Marvell Semiconductor Inc.) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [71936 2010-08-12] (NVIDIA Corporation) R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation) R0 nvlegacy; C:\WINDOWS\system32\Drivers\nvlegacy.sys [100736 2012-07-12] (NVIDIA Corporation) [File not signed] R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2014-12-18] () [File not signed] U3 ar4uqysj; C:\WINDOWS\system32\Drivers\ar4uqysj.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder) U2 CertPropSvc; No ImagePath S4 IntelIde; No ImagePath U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-16 12:22 - 2015-02-16 12:22 - 00013012 _____ () C:\Documents and Settings\Chistalishte\Desktop\FRST.txt 2015-02-16 12:21 - 2015-02-16 12:22 - 00000000 ____D () C:\FRST 2015-02-16 12:21 - 2015-02-16 12:21 - 01125888 _____ (Farbar) C:\Documents and Settings\Chistalishte\Desktop\FRST.exe 2015-02-13 11:11 - 2015-02-13 11:11 - 00000000 ____D () C:\Documents and Settings\Chistalishte\Desktop\Autoruns 2015-02-13 11:10 - 2015-02-13 11:10 - 00573697 _____ () C:\Documents and Settings\Chistalishte\Desktop\Autoruns.zip 2015-02-06 13:34 - 2015-02-11 09:29 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-06 13:34 - 2015-02-06 13:37 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2015-02-06 13:34 - 2015-02-06 13:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2015-02-06 13:33 - 2015-02-06 13:37 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2015-02-06 13:33 - 2015-02-06 13:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2015-02-06 13:33 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-06 13:33 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-04 11:27 - 2015-02-09 12:07 - 00000000 ____D () C:\Documents and Settings\Chistalishte\Desktop\5 лева брат 2015-02-03 16:42 - 2015-02-03 16:42 - 00000000 ____D () C:\Documents and Settings\Chistalishte\Desktop\Music DANCE 2015-02-03 16:40 - 2014-10-13 07:57 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2015-01-29 16:01 - 2015-02-06 17:09 - 00000000 ____D () C:\Documents and Settings\Chistalishte\Desktop\kavaleto 2015-01-28 10:06 - 2015-01-28 10:06 - 00000497 _____ () C:\Documents and Settings\Chistalishte\Desktop\Пряк път до netscan.lnk 2015-01-27 10:39 - 2015-01-27 10:39 - 00000000 ____D () C:\Program Files\Common Files\Java 2015-01-24 09:13 - 2015-01-15 15:47 - 00000032 _____ () C:\Documents and Settings\Chistalishte\Desktop\keyy.txt 2015-01-23 09:30 - 2015-02-06 17:09 - 00201728 ___SH () C:\Documents and Settings\Chistalishte\Desktop\Thumbs.db 2015-01-22 10:11 - 2015-01-22 10:11 - 00016702 _____ () C:\WINDOWS\KB2936068-IE8.log 2015-01-22 10:11 - 2015-01-22 10:11 - 00012039 _____ () C:\WINDOWS\KB2909921-IE8.log 2015-01-22 10:11 - 2015-01-22 10:11 - 00000000 ____D () C:\WINDOWS\ie8updates 2015-01-22 10:10 - 2015-01-22 10:10 - 00008623 _____ () C:\WINDOWS\ie8.log 2015-01-22 10:10 - 2009-01-07 18:20 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll 2015-01-22 09:49 - 2015-01-22 10:56 - 00114281 _____ () C:\WINDOWS\ie8_main.log 2015-01-22 09:49 - 2014-03-06 19:59 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll 2015-01-22 09:49 - 2014-03-06 19:59 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll 2015-01-22 09:49 - 2014-03-06 19:59 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2015-01-22 09:49 - 2014-03-06 19:59 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll 2015-01-22 09:49 - 2014-03-06 19:59 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2015-01-22 09:49 - 2014-03-06 19:59 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2015-01-22 09:49 - 2014-03-06 19:59 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2015-01-22 09:49 - 2014-03-06 19:59 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2015-01-22 09:48 - 2015-01-22 09:48 - 00000000 ____D () C:\Documents and Settings\Chistalishte\Desktop\Internet Explorer 8.00.6001.18702 - Final 2015-01-19 13:54 - 2015-01-19 14:14 - 00000000 ____D () C:\Documents and Settings\Chistalishte\Desktop\Petrovs 2015-01-19 12:35 - 2015-01-19 12:35 - 88004888 _____ () C:\Documents and Settings\Chistalishte\Desktop\ДЕТСКИ ОТДЕЛ ГРАМОТА ДЕЦА.psd ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-16 12:22 - 2014-12-18 12:24 - 00000000 ____D () C:\Documents and Settings\Chistalishte\Application Data\uTorrent 2015-02-16 12:22 - 2014-12-18 11:02 - 00000000 ____D () C:\Documents and Settings\Chistalishte\Local Settings\Temp 2015-02-16 12:17 - 2014-12-18 12:53 - 00512214 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-16 12:17 - 2014-12-18 12:53 - 00122710 _____ () C:\WINDOWS\iis6.log 2015-02-16 12:17 - 2014-12-18 12:53 - 00048592 _____ () C:\WINDOWS\ocgen.log 2015-02-16 12:17 - 2014-12-18 12:53 - 00047318 _____ () C:\WINDOWS\FaxSetup.log 2015-02-16 12:17 - 2014-12-18 12:53 - 00030290 _____ () C:\WINDOWS\tsoc.log 2015-02-16 12:17 - 2014-12-18 12:53 - 00028720 _____ () C:\WINDOWS\comsetup.log 2015-02-16 12:17 - 2014-12-18 12:53 - 00027554 _____ () C:\WINDOWS\msmqinst.log 2015-02-16 12:17 - 2014-12-18 12:53 - 00016701 _____ () C:\WINDOWS\ntdtcsetup.log 2015-02-16 12:17 - 2014-12-18 12:53 - 00009283 _____ () C:\WINDOWS\netfxocm.log 2015-02-16 12:17 - 2014-12-18 12:53 - 00004566 _____ () C:\WINDOWS\imsins.log 2015-02-16 12:17 - 2014-12-18 12:53 - 00004394 _____ () C:\WINDOWS\MedCtrOC.log 2015-02-16 12:17 - 2014-12-18 12:53 - 00002807 _____ () C:\WINDOWS\tabletoc.log 2015-02-16 12:17 - 2014-12-18 10:56 - 00058375 _____ () C:\WINDOWS\wmsetup.log 2015-02-16 12:16 - 2014-12-18 12:52 - 00177081 _____ () C:\WINDOWS\setupact.log 2015-02-16 11:56 - 2014-12-18 10:57 - 01916043 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-16 11:55 - 2014-12-18 12:54 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-02-16 11:55 - 2014-12-18 12:54 - 00000052 _____ () C:\WINDOWS\wiaservc.log 2015-02-16 11:55 - 2014-12-18 11:20 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-16 11:55 - 2014-12-18 11:00 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-16 11:55 - 2010-03-16 03:37 - 00276202 _____ () C:\WINDOWS\system32\NvApps.xml 2015-02-16 11:54 - 2014-12-18 11:00 - 00032628 _____ () C:\WINDOWS\SchedLgU.Txt 2015-02-16 11:30 - 2014-12-18 11:20 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-16 11:27 - 2014-12-18 13:56 - 06482659 _____ () C:\WINDOWS\system32\Mscpnad.dll 2015-02-16 11:27 - 2014-12-18 13:56 - 00274079 _____ () C:\WINDOWS\system32\Mscps.dll 2015-02-16 11:22 - 2014-12-18 12:07 - 00000000 ____D () C:\Documents and Settings\Chistalishte\Application Data\Skype 2015-02-16 11:19 - 2014-12-18 13:55 - 00000000 ____D () C:\Program Files\SERVER1 2015-02-16 10:20 - 2008-04-14 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2015-02-13 11:21 - 2014-12-18 11:02 - 00000178 ___SH () C:\Documents and Settings\Chistalishte\ntuser.ini 2015-02-11 11:52 - 2014-12-18 12:52 - 00584655 _____ () C:\WINDOWS\setupapi.log 2015-02-11 11:52 - 2014-12-18 11:10 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups 2015-02-10 16:52 - 2014-12-18 13:23 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini 2015-02-10 16:52 - 2014-12-18 11:24 - 00014848 _____ () C:\Documents and Settings\Chistalishte\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-06 13:26 - 2014-12-18 11:00 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp 2015-01-27 10:39 - 2015-01-14 13:33 - 00000000 ____D () C:\Program Files\Java 2015-01-27 10:39 - 2015-01-14 13:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle 2015-01-27 10:38 - 2015-01-14 13:34 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2015-01-27 10:38 - 2015-01-14 13:34 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2015-01-23 09:30 - 2015-01-16 14:46 - 00000000 ____D () C:\Documents and Settings\Chistalishte\Desktop\snimki momche 2015-01-23 09:30 - 2014-12-19 14:02 - 00000000 ____D () C:\Documents and Settings\Chistalishte\Desktop\snimki kushta 2015-01-23 09:30 - 2014-12-19 10:55 - 00000000 ____D () C:\Documents and Settings\Chistalishte\Desktop\neli 2015-01-22 11:00 - 2014-12-18 11:05 - 00044154 _____ () C:\WINDOWS\spupdsvc.log 2015-01-22 10:11 - 2015-01-15 10:58 - 00006217 _____ () C:\WINDOWS\updspapi.log 2015-01-22 10:11 - 2014-12-18 12:53 - 00001374 _____ () C:\WINDOWS\imsins.BAK ==================== Files in the root of some directories ======= 2014-12-18 11:24 - 2015-02-10 16:52 - 0014848 _____ () C:\Documents and Settings\Chistalishte\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some content of TEMP: ==================== C:\Documents and Settings\Chistalishte\Local Settings\Temp\ose00000.exe C:\Documents and Settings\Chistalishte\Local Settings\Temp\xXqUANhNBmFNTfqqEcWM.DLL ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================

Здравейте имам следният проблем кмпютърът ми създава постоянно "нова папака". Благодаря предварително за отделеното внимание. П.С.: Незанам защо но когато копирам и поставя съдържанието на файла "FRST.txt" ми излиза съобщение, че коментара ми е много дълъг. FRST.txt Addition.txt

Здравейте, тъй като не съм достатъчно сигурен дали това е вирус правя тази тема дали и вие се съмнявате за това. Процесът, който ми излезе е msi. Не съм сигурен дали е 100% вирус и затова не съм го качил в HJT.

Здравейте преди 3 месеца си взех нов компютър, струваше ми към 1020лв.Наскоро преди 2-3 дена ми влезе някакъв вирус и мисля, че е mail.ru след като инсталирах една програма и се инсталираха други 3-4 програми. С която и антивирусна да сканирам вирусите се махат за 2 минути и пак се появяват, антивирусната ги засича, уж ги трие но съвсем не е така. Колкото и клипове да гледам не става. Не искам да го преинсталирам защото ми е нов с Windows 10 съм. Събирах много време за да го взема. Много ви се моля помогнете ми !!