Премини към съдържанието

Препоръчан отговор


Здравейте, последно време се опитвам да се преборя с постоянно изкачащите рекламки в браузъра. Компютъра работи изключително бавно. Опитах с някои адблок програмки, но никаква полза. С всеки изминал ден имам чувството, че се влошават нещата. Бих бил изключително благодарен ако някой може да ми помогне. Благодаря предварително. Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by PCuser (administrator) on PCUSER-PC on 28-04-2015 09:26:14
Running from C:\Users\PCuser\Downloads
Loaded Profiles: PCuser & UpdatusUser (Available profiles: PCuser & UpdatusUser)
Platform: Windows 7 Professional (X64) OS Language: Български (България)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Cinema PlusV18.01) C:\Program Files (x86)\CinemaP-1.8cV18.01\37b2459c-00b4-410e-8598-7ea788db10b8-6.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\PCuser\AppData\Local\Viber\Viber.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(FileProperties_CompanyName) C:\Program Files (x86)\quiz games\quiz_games_notification_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778352 2014-12-24] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-04-03] (AVAST Software)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-12-24] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-1378838648-2550132987-283054567-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-1378838648-2550132987-283054567-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1378838648-2550132987-283054567-1000\...\Run: [Viber] => C:\Users\PCuser\AppData\Local\Viber\Viber.exe [776400 2015-02-25] ()
HKU\S-1-5-21-1378838648-2550132987-283054567-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1378838648-2550132987-283054567-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-1378838648-2550132987-283054567-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-1378838648-2550132987-283054567-1001\...\MountPoints2: {312d021b-8b82-11e4-acb2-9cad9754caa8} - G:\SETUP.EXE
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2014-01-07] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2014-01-07] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-12-24] (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.?type=hppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.?type=hppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1421627221&from=obw&uid=WDCXWD10JPVX-22JC3T0_WD-WX41E34TW369TW369&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.web/?type=dspp&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.?type=hppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.?type=hppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1421627221&from=obw&uid=WDCXWD10JPVX-22JC3T0_WD-WX41E34TW369TW369&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.web/?type=dspp&q={searchTerms}
HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.web/?type=dspp&q={searchTerms}
HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.?type=hppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.?type=hppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.web/?type=dspp&q={searchTerms}
HKU\S-1-5-21-1378838648-2550132987-283054567-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
HKU\S-1-5-21-1378838648-2550132987-283054567-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.web/?type=dspp&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.web/?type=dspp&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1378838648-2550132987-283054567-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.web/?type=dspp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1378838648-2550132987-283054567-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.web/?type=dspp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1378838648-2550132987-283054567-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150404__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1378838648-2550132987-283054567-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: No Name -> {11111111-1111-1111-1111-110611901163} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-24] (AVAST Software)
BHO-x32: No Name -> {11111111-1111-1111-1111-110611901163} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-24] (AVAST Software)
Toolbar: HKU\S-1-5-21-1378838648-2550132987-283054567-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: WSISAllmytubechrome - No CLSID Value
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 217.9.232.206
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1421627221&from=obw&uid=WDCXWD10JPVX-22JC3T0_WD-WX41E34TW369TW369

FireFox:
========
FF ProfilePath: C:\Users\PCuser\AppData\Roaming\Mozilla\Firefox\Profiles\897w92pg.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine:
FF Homepage: www.google.bg
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-12-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-12-24] (Intel Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF SearchPlugin: C:\Users\PCuser\AppData\Roaming\Mozilla\Firefox\Profiles\897w92pg.default\searchplugins\google-avast.xml [2015-04-28]
FF SearchPlugin: C:\Users\PCuser\AppData\Roaming\Mozilla\Firefox\Profiles\897w92pg.default\searchplugins\google-default.xml [2015-04-06]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\.xml [2015-04-28]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml [2015-04-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2015-04-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml [2015-04-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2015-04-03]
FF Extension: YouTube mp3 - C:\Users\PCuser\AppData\Roaming\Mozilla\Firefox\Profiles\897w92pg.default\Extensions\info@youtube-mp3.org.xpi [2015-01-20]
FF Extension: Google™ Translator Lite - C:\Users\PCuser\AppData\Roaming\Mozilla\Firefox\Profiles\897w92pg.default\Extensions\jid1-f3mYMbCpz2AZYl@jetpack.xpi [2015-04-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-24]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-04-24] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-04-24] <==== ATTENTION

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [319104 2014-02-25] (Windows ® Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-24] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-24] (Avast Software)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-02-08] (Macrovision Europe Ltd.) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-12-24] (Intel Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-19] (SysTool PasSame LIMITED) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ak27x64; C:\Windows\System32\DRIVERS\Ak27x64.sys [4057808 2013-09-04] (Qualcomm Atheros, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-24] ()
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-12-24] (Disc Soft Ltd)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-12-24] (Intel Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [466136 2014-12-24] (Realsil Semiconductor Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-24] (Avast Software)
R1 {921265c3-88e5-40e1-8d74-df5314572900}Gw64; C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys [48784 2015-01-18] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-28 09:26 - 2015-04-28 09:26 - 00018740 _____ () C:\Users\PCuser\Downloads\FRST.txt
2015-04-28 09:25 - 2015-04-28 09:26 - 00000000 ____D () C:\FRST
2015-04-28 09:24 - 2015-04-28 09:24 - 02100736 _____ (Farbar) C:\Users\PCuser\Downloads\FRST64.exe
2015-04-28 01:09 - 2015-04-28 01:09 - 00000197 _____ () C:\Windows\system32\2015-04-27-22-09-36.032-AvastVBoxSVC.exe-2436.log
2015-04-28 01:06 - 2015-04-28 01:06 - 00000930 _____ () C:\Windows\PFRO.log
2015-04-28 01:06 - 2015-04-28 01:06 - 00000056 _____ () C:\Windows\setupact.log
2015-04-28 01:06 - 2015-04-28 01:06 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-28 00:14 - 2015-04-28 00:15 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-28 00:14 - 2015-04-28 00:14 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-28 00:14 - 2015-04-28 00:14 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-28 00:14 - 2015-04-28 00:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-27 17:09 - 2015-04-27 17:09 - 00000197 _____ () C:\Windows\system32\2015-04-27-14-09-10.085-AvastVBoxSVC.exe-3136.log
2015-04-24 03:27 - 2015-04-28 00:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 16:53 - 2015-04-21 16:53 - 00000197 _____ () C:\Windows\system32\2015-04-21-13-53-19.036-AvastVBoxSVC.exe-3332.log
2015-04-18 22:41 - 2015-04-18 22:41 - 01128448 _____ () C:\Users\PCuser\Desktop\АТОМ-1.ppt
2015-04-18 22:09 - 2015-04-18 22:09 - 01111552 _____ () C:\Users\PCuser\Desktop\Атом3.ppt
2015-04-18 21:24 - 2015-04-18 21:29 - 02666800 _____ () C:\Users\PCuser\Desktop\Ключът-към-Космоса2.pptx
2015-04-16 00:09 - 2015-04-16 00:09 - 00000197 _____ () C:\Windows\system32\2015-04-15-21-09-04.010-AvastVBoxSVC.exe-2964.log
2015-04-15 23:54 - 2015-04-28 01:16 - 00001135 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-15 23:54 - 2015-04-28 01:16 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-15 23:53 - 2015-04-27 17:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-12 23:45 - 2015-04-12 23:45 - 00000197 _____ () C:\Windows\system32\2015-04-12-20-45-30.018-AvastVBoxSVC.exe-5312.log
2015-04-12 05:07 - 2015-04-12 05:08 - 00000000 ____D () C:\ProgramData\iSkysoft iTube Studio
2015-04-12 05:07 - 2015-04-12 05:07 - 00000000 ____D () C:\Users\PCuser\AppData\Local\iSkysoft
2015-04-12 05:07 - 2015-04-12 05:07 - 00000000 ____D () C:\ProgramData\iSkysoft Application Common Data
2015-04-12 05:07 - 2015-04-12 05:07 - 00000000 ____D () C:\Program Files\Common Files\iSkysoft
2015-04-12 02:01 - 2015-04-12 02:01 - 00000197 _____ () C:\Windows\system32\2015-04-11-23-01-46.093-AvastVBoxSVC.exe-5380.log
2015-04-09 20:13 - 2015-04-09 20:13 - 00000197 _____ () C:\Windows\system32\2015-04-09-17-13-50.048-AvastVBoxSVC.exe-5740.log
2015-04-09 15:47 - 2015-04-09 15:47 - 00000197 _____ () C:\Windows\system32\2015-04-09-12-47-53.088-AvastVBoxSVC.exe-4704.log
2015-04-09 14:52 - 2015-04-22 16:16 - 00000000 ____D () C:\AmericasCardroom
2015-04-09 14:52 - 2015-04-09 14:52 - 00001562 _____ () C:\Users\Public\Desktop\AmericasCardroom.lnk
2015-04-09 14:52 - 2015-04-09 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmericasCardroom
2015-04-09 14:50 - 2015-04-09 14:52 - 15600336 _____ () C:\Users\PCuser\Downloads\americascardroom_com.exe
2015-04-09 13:37 - 2015-04-09 13:37 - 00880208 _____ (Google Inc.) C:\Users\PCuser\Downloads\ChromeSetup.exe
2015-04-09 01:18 - 2015-04-16 00:01 - 00000000 ____D () C:\Users\PCuser\AppData\Roaming\TeamViewer
2015-04-09 01:18 - 2015-04-09 01:19 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-09 01:18 - 2015-04-09 01:18 - 00001043 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-09 01:18 - 2015-04-09 01:18 - 00001031 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-09 01:09 - 2015-04-09 01:09 - 07971440 _____ (TeamViewer GmbH) C:\Users\PCuser\Downloads\TeamViewer_Setup_bg.exe
2015-04-06 21:31 - 2015-04-28 01:31 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-06 20:32 - 2015-04-28 09:17 - 00000678 _____ () C:\Windows\Tasks\quiz_games_updating_service.job
2015-04-06 20:32 - 2015-04-06 20:32 - 00003706 _____ () C:\Windows\System32\Tasks\quiz_games_updating_service
2015-04-06 20:31 - 2015-04-28 09:17 - 00001316 _____ () C:\Windows\Tasks\quiz_games_notification_service.job
2015-04-06 20:31 - 2015-04-06 20:32 - 00004342 _____ () C:\Windows\System32\Tasks\quiz_games_notification_service
2015-04-06 20:31 - 2015-04-06 20:31 - 00000000 ____D () C:\Program Files (x86)\quiz games
2015-04-06 15:39 - 2015-04-06 15:39 - 00000197 _____ () C:\Windows\system32\2015-04-06-12-39-10.011-AvastVBoxSVC.exe-3196.log
2015-04-04 22:21 - 2015-03-12 11:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-04-04 22:21 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-04-04 22:18 - 2015-04-04 22:18 - 00000000 ____D () C:\Users\PCuser\AppData\Roaming\RecLib
2015-04-04 22:18 - 2015-04-04 22:18 - 00000000 ____D () C:\Users\PCuser\AppData\Roaming\{F194FD51-245F-4727-AF45-721B46A46794}
2015-04-04 01:09 - 2015-04-04 11:18 - 257648234 _____ () C:\Users\PCuser\Downloads\Untitled-1.psd
2015-04-03 23:18 - 2015-04-03 23:18 - 00000197 _____ () C:\Windows\system32\2015-04-03-20-18-28.050-AvastVBoxSVC.exe-2612.log
2015-04-03 23:17 - 2015-04-16 00:01 - 00000000 ____D () C:\Windows\Minidump
2015-04-03 14:09 - 2015-04-28 01:08 - 00000000 ____D () C:\Users\PCuser\AppData\Roaming\ViberPC
2015-04-03 14:09 - 2015-04-03 14:09 - 00000998 _____ () C:\Users\PCuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2015-04-03 14:09 - 2015-04-03 14:09 - 00000990 _____ () C:\Users\PCuser\Desktop\Viber.lnk
2015-04-03 14:08 - 2015-04-28 01:08 - 00000000 ____D () C:\Users\PCuser\AppData\Local\Viber
2015-04-03 13:55 - 2015-04-03 13:55 - 00000197 _____ () C:\Windows\system32\2015-04-03-10-55-08.051-AvastVBoxSVC.exe-2972.log
2015-04-01 15:10 - 2015-04-01 15:10 - 00000197 _____ () C:\Windows\system32\2015-04-01-12-10-22.064-AvastVBoxSVC.exe-2312.log
2015-03-31 11:14 - 2015-03-31 11:14 - 00004387 _____ () C:\Users\PCuser\AppData\Roaming\CC30ZgRZBATZdKt5NRUh0XuSkm
2015-03-31 11:14 - 2015-03-31 11:14 - 00004387 _____ () C:\Users\PCuser\AppData\Roaming\2dggzgqhG

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-28 09:24 - 2015-01-19 03:24 - 00005514 _____ () C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-6.job
2015-04-28 09:17 - 2015-01-19 03:24 - 00005178 _____ () C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-7.job
2015-04-28 09:17 - 2015-01-19 03:24 - 00003120 _____ () C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-1.job
2015-04-28 09:17 - 2015-01-19 03:24 - 00000976 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-04-28 09:17 - 2014-12-24 17:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-28 09:17 - 2014-12-24 17:13 - 00782728 _____ () C:\Windows\WindowsUpdate.log
2015-04-28 03:09 - 2009-07-14 07:45 - 00009792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-28 03:09 - 2009-07-14 07:45 - 00009792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-28 02:29 - 2015-01-19 03:24 - 00000972 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-04-28 01:07 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-28 00:17 - 2015-01-19 03:23 - 00000000 ____D () C:\Program Files (x86)\CinemaP-1.8cV18.01
2015-04-28 00:17 - 2014-12-25 00:07 - 00000000 ____D () C:\Users\PCuser\AppData\Local\CrashDumps
2015-04-28 00:15 - 2014-12-24 18:41 - 00000000 ____D () C:\Users\PCuser\AppData\Roaming\uTorrent
2015-04-28 00:04 - 2014-12-24 21:32 - 00000000 ____D () C:\Users\PCuser\AppData\Local\PokerStars.BG
2015-04-25 10:43 - 2014-12-24 21:31 - 00000000 ____D () C:\Program Files (x86)\PokerStars.BG
2015-04-22 10:18 - 2015-01-20 17:29 - 00000000 ____D () C:\ProgramData\Nero
2015-04-16 00:00 - 2014-12-24 17:37 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-09 16:21 - 2015-01-04 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-04-09 15:49 - 2009-07-14 08:13 - 00717892 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-09 15:44 - 2009-07-14 07:45 - 05311904 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-09 15:37 - 2014-12-24 18:41 - 00000000 ____D () C:\Users\PCuser\AppData\Roaming\Skype
2015-04-09 11:07 - 2014-12-24 17:36 - 00118960 _____ () C:\Users\PCuser\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-04 22:22 - 2014-12-24 22:42 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-04-04 22:19 - 2014-12-24 18:18 - 00000000 ____D () C:\Users\PCuser\AppData\Local\Adobe
2015-04-04 02:42 - 2014-12-24 17:59 - 00000000 ____D () C:\Users\PCuser\Documents\Bluetooth Folder
2015-04-02 10:26 - 2009-07-14 05:34 - 00000862 _____ () C:\Windows\win.ini
2015-04-02 10:25 - 2015-01-19 05:40 - 00000496 __RSH () C:\ProgramData\ntuser.pol

==================== Files in the root of some directories =======

2015-03-31 11:14 - 2015-03-31 11:14 - 0004387 _____ () C:\Users\PCuser\AppData\Roaming\2dggzgqhG
2015-03-31 11:14 - 2015-03-31 11:14 - 0004387 _____ () C:\Users\PCuser\AppData\Roaming\CC30ZgRZBATZdKt5NRUh0XuSkm
2014-09-01 11:18 - 2014-09-01 11:18 - 0001248 _____ () C:\Users\PCuser\AppData\Roaming\FMEUD
2015-02-13 09:48 - 2015-02-16 16:03 - 0000088 __RSH () C:\ProgramData\C45795A5EA.sys
2014-12-24 18:55 - 2014-12-24 18:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-13 09:48 - 2015-02-16 16:09 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-24 14:29

==================== End Of Log ============================

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Съжалявам, заповядайте.

Addition.txt


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

Извинявам се за забавянето, но бях служебно ангажиран.

 

Изтеглете edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

Пишете след това как е положението. :)

 

 

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не сме приключили. Моля публикувайте съдържанието на лог файла FixLog.txt. :)

 

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2015 01
Ran by PCuser at 2015-04-30 02:55:28 Run:1
Running from C:\Users\PCuser\Downloads
Loaded Profiles: PCuser & UpdatusUser (Available profiles: PCuser & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1378838648-2550132987-283054567-1001\...\MountPoints2: {312d021b-8b82-11e4-acb2-9cad9754caa8} - G:\SETUP.EXE
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.websse...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...41E34TW369TW369
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-04-24] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-04-24] <==== ATTENTION
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-19] (SysTool PasSame LIMITED) [File not signed]
R1 {921265c3-88e5-40e1-8d74-df5314572900}Gw64; C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys [48784 2015-01-18] (StdLib)
C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys
2015-04-06 21:31 - 2015-04-28 01:31 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-06 20:32 - 2015-04-28 09:17 - 00000678 _____ () C:\Windows\Tasks\quiz_games_updating_service.job
2015-04-06 20:32 - 2015-04-06 20:32 - 00003706 _____ () C:\Windows\System32\Tasks\quiz_games_updating_service
2015-04-06 20:31 - 2015-04-28 09:17 - 00001316 _____ () C:\Windows\Tasks\quiz_games_notification_service.job
2015-04-06 20:31 - 2015-04-06 20:32 - 00004342 _____ () C:\Windows\System32\Tasks\quiz_games_notification_service
2015-04-06 20:31 - 2015-04-06 20:31 - 00000000 ____D () C:\Program Files (x86)\quiz games
2015-04-04 22:18 - 2015-04-04 22:18 - 00000000 ____D () C:\Users\PCuser\AppData\Roaming\RecLib
2015-04-04 22:18 - 2015-04-04 22:18 - 00000000 ____D () C:\Users\PCuser\AppData\Roaming\{F194FD51-245F-4727-AF45-721B46A46794}
2015-03-31 11:14 - 2015-03-31 11:14 - 00004387 _____ () C:\Users\PCuser\AppData\Roaming\CC30ZgRZBATZdKt5NRUh0XuSkm
2015-03-31 11:14 - 2015-03-31 11:14 - 00004387 _____ () C:\Users\PCuser\AppData\Roaming\2dggzgqhG
2015-04-28 09:24 - 2015-01-19 03:24 - 00005514 _____ () C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-6.job
2015-04-28 09:17 - 2015-01-19 03:24 - 00005178 _____ () C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-7.job
2015-04-28 09:17 - 2015-01-19 03:24 - 00003120 _____ () C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-1.job
2015-04-28 00:17 - 2015-01-19 03:23 - 00000000 ____D () C:\Program Files (x86)\CinemaP-1.8cV18.01
2014-09-01 11:18 - 2014-09-01 11:18 - 0001248 _____ () C:\Users\PCuser\AppData\Roaming\FMEUD
C:\ProgramData\WindowsMangerProtect
C:\Program Files (x86)\XTab
Task: {0C838C89-15C4-48C5-B7A0-105C2B8CA05F} - System32\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-6 => C:\Program Files (x86)\CinemaP-1.8cV18.01\37b2459c-00b4-410e-8598-7ea788db10b8-6.exe [2015-01-19] (Cinema PlusV18.01) <==== ATTENTION
Task: {101F66FE-79A6-49EC-999E-1B05866FC54E} - System32\Tasks\quiz_games_notification_service => C:\Program Files (x86)\quiz games\quiz_games_notification_service.exe [2015-04-06] (FileProperties_CompanyName) <==== ATTENTION
Task: {13C5A451-4D1F-405B-A7F3-A121BBCBDFBD} - System32\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-7 => C:\Program Files (x86)\CinemaP-1.8cV18.01\37b2459c-00b4-410e-8598-7ea788db10b8-7.exe <==== ATTENTION
Task: {66E97112-E04D-4B9E-98A3-E8752779E632} - System32\Tasks\quiz_games_updating_service => C:\Program Files (x86)\quiz games\quiz_games_updating_service.exe [2015-04-06] () <==== ATTENTION
Task: {BDC8E1A5-81B4-41CF-AABE-537F2FA1FA2A} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {D75C191B-A179-4082-B75E-033D48576427} - System32\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-1 => C:\Program Files (x86)\CinemaP-1.8cV18.01\CinemaP-1.8cV18.01-codedownloader.exe <==== ATTENTION
Task: {F6872351-81E4-470E-817F-47B9BDBC89E8} - System32\Tasks\{A55AC364-0CC7-45C6-9BDA-EB19F4DFEACA} => pcalua.exe -a C:\Users\PCuser\Downloads\SoftonicDownloader_for_daemon-tools-lite.exe -d C:\Users\PCuser\Downloads <==== ATTENTION
Task: {F756CB35-01FB-405D-88EF-0BEC1C6F0B0B} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-1.job => C:\Program Files (x86)\CinemaP-1.8cV18.01\CinemaP-1.8cV18.01-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-6.job => C:\Program Files (x86)\CinemaP-1.8cV18.01\37b2459c-00b4-410e-8598-7ea788db10b8-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-7.job => C:\Program Files (x86)\CinemaP-1.8cV18.01\37b2459c-00b4-410e-8598-7ea788db10b8-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\quiz_games_notification_service.job => C:\Program Files (x86)\quiz games\quiz_games_notification_service.exeж/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='quiz games' /appid='73143' /srcid='2913' /bic='dc3303d9dac691cbd71d71446ef16667' /verifier='bb7db6ab65b7efcd0ddfa7d09c9db7e6' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif <==== ATTENTION
Task: C:\Windows\Tasks\quiz_games_updating_service.job => C:\Program Files (x86)\quiz games\quiz_games_updating_service.exe« /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=quiz_games_updating_service /funurl=http:/stats.buildomserv.com <==== ATTENTION
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1378838648-2550132987-283054567-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{312d021b-8b82-11e4-acb2-9cad9754caa8}" => Key deleted successfully.
HKCR\CLSID\{312d021b-8b82-11e4-acb2-9cad9754caa8} => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKU\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901163}" => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110611901163} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901163}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611901163} => Key not found.
HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => Key deleted successfully.
C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js => Moved successfully.
C:\Program Files (x86)\mozilla firefox\my.cfg => Moved successfully.
IHProtect Service => Service deleted successfully.
WindowsMangerProtect => Service deleted successfully.
{921265c3-88e5-40e1-8d74-df5314572900}Gw64 => Service stopped successfully.
{921265c3-88e5-40e1-8d74-df5314572900}Gw64 => Service deleted successfully.
C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys => Moved successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
C:\Windows\Tasks\quiz_games_updating_service.job => Moved successfully.
C:\Windows\System32\Tasks\quiz_games_updating_service => Moved successfully.
C:\Windows\Tasks\quiz_games_notification_service.job => Moved successfully.
C:\Windows\System32\Tasks\quiz_games_notification_service => Moved successfully.
C:\Program Files (x86)\quiz games => Moved successfully.
C:\Users\PCuser\AppData\Roaming\RecLib => Moved successfully.
C:\Users\PCuser\AppData\Roaming\{F194FD51-245F-4727-AF45-721B46A46794} => Moved successfully.
C:\Users\PCuser\AppData\Roaming\CC30ZgRZBATZdKt5NRUh0XuSkm => Moved successfully.
C:\Users\PCuser\AppData\Roaming\2dggzgqhG => Moved successfully.
C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-6.job => Moved successfully.
C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-7.job => Moved successfully.
C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-1.job => Moved successfully.
C:\Program Files (x86)\CinemaP-1.8cV18.01 => Moved successfully.
C:\Users\PCuser\AppData\Roaming\FMEUD => Moved successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
C:\Program Files (x86)\XTab => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C838C89-15C4-48C5-B7A0-105C2B8CA05F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C838C89-15C4-48C5-B7A0-105C2B8CA05F}" => Key deleted successfully.
C:\Windows\System32\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-6 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\37b2459c-00b4-410e-8598-7ea788db10b8-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{101F66FE-79A6-49EC-999E-1B05866FC54E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{101F66FE-79A6-49EC-999E-1B05866FC54E}" => Key deleted successfully.
C:\Windows\System32\Tasks\quiz_games_notification_service not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\quiz_games_notification_service" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13C5A451-4D1F-405B-A7F3-A121BBCBDFBD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13C5A451-4D1F-405B-A7F3-A121BBCBDFBD}" => Key deleted successfully.
C:\Windows\System32\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-7 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\37b2459c-00b4-410e-8598-7ea788db10b8-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66E97112-E04D-4B9E-98A3-E8752779E632}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66E97112-E04D-4B9E-98A3-E8752779E632}" => Key deleted successfully.
C:\Windows\System32\Tasks\quiz_games_updating_service not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\quiz_games_updating_service" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BDC8E1A5-81B4-41CF-AABE-537F2FA1FA2A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDC8E1A5-81B4-41CF-AABE-537F2FA1FA2A}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D75C191B-A179-4082-B75E-033D48576427}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D75C191B-A179-4082-B75E-033D48576427}" => Key deleted successfully.
C:\Windows\System32\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\37b2459c-00b4-410e-8598-7ea788db10b8-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6872351-81E4-470E-817F-47B9BDBC89E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6872351-81E4-470E-817F-47B9BDBC89E8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{A55AC364-0CC7-45C6-9BDA-EB19F4DFEACA} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A55AC364-0CC7-45C6-9BDA-EB19F4DFEACA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F756CB35-01FB-405D-88EF-0BEC1C6F0B0B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F756CB35-01FB-405D-88EF-0BEC1C6F0B0B}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-1.job not found.
C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-6.job not found.
C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-7.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\quiz_games_notification_service.job not found.
C:\Windows\Tasks\quiz_games_updating_service.job not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {0453014B-2B00-480B-8189-0F66B8DA9167}.
{B9E5DE42-B250-4510-81B1-2EE43A8ED0EC} canceled.
{BA872D94-C0CC-4A1B-81BD-74CD12CC9E57} canceled.
2 out of 3 jobs canceled.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 62.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 02:56:55 ====

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Чудесно. Нека да проверим за остатъци:

 

 

 

СТЪПКА 1

 

  • Изтеглете и стартирайтe 6sv1DN9.jpgAdwCleaner.exe.
  • Натиснете бутона Scan.
  • AdwCleaner ще започне да проверява компютъра.
  • След като проверката приключи натиснете бутона Clean.
  • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
  • Ще се появи автоматично лог файл с името (AdwCleaner[s0].txt) в C:\Adwcleaner
  • Публикувайте съдържанието му в следващия си коментар.

 

 

СТЪПКА 2

 

 

Моля изтеглете icon1351185104.png Junkware Removal Tool на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

 

Колкото за проблема със скролването на страниците при сърфиране, за който ми споменахте на Л.С. вижте дали сте с последната версия на видео драйвера.

 

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

# AdwCleaner v4.203 - Logfile created 02/05/2015 at 11:28:46
# Updated 30/04/2015 by Xplode
# Database : 2015-04-30.2 [server]
# Operating system : Windows 7 Professional  (x64)
# Username : PCuser - PCUSER-PC
# Running from : C:\Users\PCuser\Downloads\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\apn
[!] Folder Deleted : C:\ProgramData\IHProtectUpDate
[!] Folder Deleted : C:\Users\PCuser\AppData\Local\globalUpdate
[!] Folder Deleted : C:\Users\PCuser\AppData\Roaming\OpenCandy
[!] Folder Deleted : C:\Users\PCuser\AppData\Roaming\webssearches
[!] Folder Deleted : C:\Users\PCuser\AppData\Roaming\IHlpr
File Deleted : C:\Users\PCuser\AppData\Roaming\Mozilla\Firefox\Profiles\897w92pg.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\29d74871-a79a-4278-802e-2abd6c78891f
Key Deleted : HKLM\SOFTWARE\9d3efcb5-425d-44d9-92db-f46c7505a507
Key Deleted : HKLM\SOFTWARE\b26a8cdc-bf61-4a18-b0b0-8ae10ce4e7dd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902263}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905563}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906663}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644904463}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D39539BB-F65E-4088-A9D1-6E5F01A42A3E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D39539BB-F65E-4088-A9D1-6E5F01A42A3E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902263}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905563}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906663}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\EFEE0228DC83E77358593193D847A0EC
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\EFEE0228DC83E77358593193D847A0EC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EFEE0228DC83E77358593193D847A0EC
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v37.0.2 (x86 bg)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [8478 bytes] - [02/05/2015 11:24:54]
AdwCleaner[s0].txt - [8406 bytes] - [02/05/2015 11:28:46]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8465  bytes] ##########
 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.7 (04.30.2015:1)
OS: Windows 7 Professional x64
Ran by PCuser on бкЎ 02.05.2015 Ј. at 11:33:08,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110611901163}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\PCuser\AppData\Roaming\mozilla\firefox\profiles\897w92pg.default\minidumps [11 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on бкЎ 02.05.2015 Ј. at 11:39:41,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

Извинявам се за забавянето, но бях служебно ангажиран. Как е сега положението? Обновихте ли и видео драйвера и оправи ли това проблема със скролването?

Ако ви се занимава да направим още малко проверки за да сме сигурни, че всичко е ок вече.

 

 

 

СТЪПКА 1

 

 

Моля изтеглете Malwarebytes Anti-Malware 2.1.6.1022 Final и я запазете на вашия десктоп.

  • Стартирайте файла mbam-setup-2.1.6.1022.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката.
  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.
  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

 

 

СТЪПКА 2

 

 

1.Изтеглете Hitman Pro.
За 32-битова система - dEMD6.gif.
За 64-битова система - Download-button3.gif


2.Стартирайте програмата.

3.След като сте стартирали програмата като кликнете върху иконата 5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).

4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.
 
Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:
 
6-scanfin-choose.jpg
 
Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:Programdata\HitmanPro\Logs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

 

 

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Malwarebytes Anti-Malware
www.malwarebytes.org

Дата на сканиране: 6.5.2015 г.
Час на сканиране: 03:52:19 ч.
Дневник:
Администратор: Да

Версия: 2.01.6.1022
База от данни за злонамерен софтуер: v2015.05.05.05
База от данни за рууткити: v2015.04.21.01
Лиценз: Пробен период
Защита от злонамерен софтуер: Разрешено
Защита от злонамерени страници: Разрешено
Самозащита: Забранено

ОС: Windows 7
Процесор: x64
Файлова система: NTFS
Потребител: PCuser

Тип сканиране: Сканиране за заплахи
Резултат: Завършено
Сканиране обекти: 344789
Изминало време: 14 мин. 31 сек.

Памет: Разрешено
Начално стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
Рууткити: Разрешено
Евристика: Разрешено
ПНП: Разрешено
ПНИ: Разрешено

Процеси: 0
(Не бяха открити злонамерени обекти)

Модули: 0
(Не бяха открити злонамерени обекти)

Ключове в системния регистър: 8
PUP.Optional.Cinema.A, HKLM\SOFTWARE\CinemaP-1.8cV18.01-nv, Поставен под карантина, [3bce662a8bff96a0c2db45ab53b09d63],
PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.8cV18.01, Поставен под карантина, [c742b7d9acde7eb8f7a65a96d03330d0],
PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.8cV18.01-nv, Поставен под карантина, [7d8c9df3afdbc670c1dc08e8e51e7d83],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Поставен под карантина, [44c53f5165259e98be51eae39172de22],
PUP.Optional.Cinema.A, HKU\S-1-5-18\SOFTWARE\CinemaP-1.8cV18.01-nv, Поставен под карантина, [fc0db6daaedc63d377274aa6000350b0],
PUP.Optional.Cinema.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\CinemaP-1.8cV18.01, Поставен под карантина, [48c1f799a5e50630940b5a96c24127d9],
PUP.Optional.Cinema.A, HKU\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\CinemaP-1.8cV18.01-nv, Поставен под карантина, [42c7840ced9dc86ec9d52ec238cb06fa],
PUP.Optional.Cinema.A, HKU\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\APPDATALOW\SOFTWARE\CinemaP-1.8cV18.01, Поставен под карантина, [90796c24eb9f66d0980705eb857ec040],

Стойности в системния регистър: 0
(Не бяха открити злонамерени обекти)

Данни в системния регистър: 0
(Не бяха открити злонамерени обекти)

Папки: 0
(Не бяха открити злонамерени обекти)

Файлове: 4
PUP.Optional.Nova.A, C:\Program Files (x86)\27fbb95c-2d6b-4c2f-9684-a1c0a7ccb558\29d74871-a79a-4278-802e-2abd6c78891f.dll, Поставен под карантина, [da2f00907d0da6904c672ee2fa08aa56],
PUP.Optional.InstallCore.C, C:\Program Files (x86)\27fbb95c-2d6b-4c2f-9684-a1c0a7ccb558\8ede2a3a-46b3-49d8-a089-3c72480a29dc.dll, Поставен под карантина, [64a5aee2c4c61b1b4d81a1ad8c7a669a],
PUP.Optional.Nova.A, C:\Program Files (x86)\AGEIA Technologies\11de5d12-f845-413f-9bad-dd7d0e2954c4.dll, Поставен под карантина, [ca3fc2cec1c9b581189b3ed2b25042be],
PUP.Optional.InstallCore.C, C:\Program Files (x86)\AGEIA Technologies\27fbb95c-2d6b-4c2f-9684-a1c0a7ccb558.dll, Поставен под карантина, [8188306082089d9921ada4aa09fd51af],

Физически сектори: 0
(Не бяха открити злонамерени обекти)


(end)


Програмата Hitman Pro след като започне сканиране, windows ми я затваря и ми изписва, че търси решение онлайн. Не мога да открия от къде идва проблема... ? Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добре, да заменим Hitmanpro с EmsisoftEmergencyKit.

 

emsisoft_emergency_kit.pnglogo.png

  • Моля изтеглете EmsisoftEmergencyKit, стартирайте exe файла и посочете къде да се разархивира програмата - например в (C:\EEK), натискайки бутона Extract.
  • Стартирайте иконата на файла Start Emsisoft Emergency Kit от десктопа за да стартирате приложението.
  • Натиснете бутона"Yes", когато бъдете подканени да обновите дефинициите на програмата.

EKK.gif

  • След като процеса по обновяването на дефинициите приключи натиснете бутона "Scan".
  • Натиснете бутона "Yes", когато бъдете попитани дали да програмата да включи засичането на потенциално нежелани приложения (Potentially Unwanted Applications).
  • Сега вече изберете бутона Full Scan. Когато проверката приключи натиснете бутона View Report.
  • Копирайте съдържанието на лог файла в следващия си коментар.
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Emsisoft Emergency Kit - Version 9.0
Last update: 7.5.2015 г. 00:15:30
User account: PCuser-PC\PCuser

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    7.5.2015 г. 00:17:26
C:\Users\PCuser\AppData\Roaming\thinstall     detected: Application.AppInstall (A)
Value: HKEY_USERS\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\CONDUIT     detected: Application.InstallAd (A)
C:\FRST\Quarantine\C\Program Files (x86)\CinemaP-1.8cV18.01\37b2459c-00b4-410e-8598-7ea788db10b8-6.exe     detected: Gen:Application.Heur.xz1@mmYZCZpi (B)
C:\FRST\Quarantine\C\Program Files (x86)\quiz games\quiz_games_notification_service.exe     detected: Gen:Variant.Adware.Mikey.10000 (B)
C:\FRST\Quarantine\C\Program Files (x86)\quiz games\quiz_games_updating_service.exe     detected: Application.Toolbar (A)
C:\FRST\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll     detected: Application.Generic.1247189 (B)
C:\FRST\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe     detected: Adware.SearchProtect.W (B)
C:\FRST\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe     detected: Gen:Variant.Adware.Graftor.172099 (B)
C:\FRST\Quarantine\C\Users\PCuser\AppData\Roaming\2dggzgqhG.xBAD -> content/overlay.js     detected: Adware.Agent.PMG (B)
C:\FRST\Quarantine\C\Users\PCuser\AppData\Roaming\CC30ZgRZBATZdKt5NRUh0XuSkm.xBAD -> content/overlay.js     detected: Adware.Agent.PMG (B)
C:\FRST\Quarantine\C\Users\PCuser\AppData\Roaming\FMEUD.xBAD -> background.js     detected: Trojan.Script.Agent.FA (B)
C:\FRST\Quarantine\C\Windows\system32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys.xBAD     detected: Adware.SwiftBrowse.CH (B)
C:\Program Files (x86)\Photoshop\Check.exe     detected: Gen:Variant.Graftor.7067 (B)
C:\Program Files (x86)\Photoshop\x64\Check.exe     detected: Gen:Variant.Graftor.7067 (B)
C:\Users\PCuser\AppData\Roaming\Thinstall\Settings\11300002h\splwow64.exe     detected: Gen:Trojan.Heur.GZ.ciW@buEI9pl (B)
D:\Програми\COREL.CORELDRAW.GRAPHICS.SUITE.X5.WITH.SP3.V15.2.0.686.INCL.KEYGEN.ENGLISH-CORE\corel_app_keygen.exe     detected: Trojan.Generic.9986047 (B)

Scanned    224818
Found    18

Scan end:    7.5.2015 г. 01:09:40
Scan time:    0:52:14
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Привет...забравил съм да отговоря за което се извинявам.

 

За да изчистим и последните намерени неща от EmsisoftEmergencyKit направете следното:

 

Изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

 

 

Ето и няколко финални препоръки:

 

1. Проверете за стари приложения с помощта на PatchMyPC или с програмата Secunia Personal Software Inspector.

 

2. Инсталирайте Unchecky за да се предпазите от адуер по време на инсталацията на даден софтуер.

 

3. За да почистим използваните от нас инструменти направете следното:

 

Изтеглете OTC.exe и го стартирайте. Натиснете бутона CleanUp!.
Рестартирайте компютъра, ако ви попита!

 

Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools (трябва да има такава по-подразбиране, но все пак да си кажа) => натиснете бутона Run. Инструмента ще се самоизтрие след като приключи своята задача!

 

Ако има папки, които не са се изтрили след гореспоменатите процедури пишете и ще ги премахнем ръчно.

 

4. За защита от криптовирусите, освен обновяване на ОС и антивирусната програма е добре да имунизирате системата си с CryptoPrevent и профила Maximum Protection: (Не използвайте последната опция, защото още е бъгава и не работи коректно, но на ваш риск може да я пробвате да видите как ще се държи системата и с последната опция).

 

mtBkCIZ.jpg

 

Можете да погледнете и новата програма CryptoMonitor (но инструмента още се разработва и е доста бъгав).

 

Не забравяйте да изключите и Autorun в Windows, защото криптовирусите могат да се настанят и на външните дискове и флашки и да заразят информацията на тези носители при свързването им с инфектирана система и след това да заразят и други системи при свързването на външните дискове към други компютри (и така да го предадете и на тях). Microsoft са създали автоматичен инструмент за целта => MSFixIt. Добре е също така след като вкарате външния диск дори и при спрян Autorun просто да сканирате буквата на устройството с обновена антивирусна програма преди да започнете да прехвърляте данни от и към външния диск.

 

Има и други програми, но са главно за напреднали потребители и няма да се спирам много задълбочено на тях, защото са сравнително по-сложни за употреба на средностатистическите потребители.. Такива са Applocker, SecureAplus, VoodooShield, HitmanPro.Alert, EMET, Panda Internet Security (с опцията DataShield), Comodo Internet Security (с опциите auto-sandbox или Protected Files and Folders), sandboxie (някои от програмите са чисти антивирусни и не трябва да се инсталират повече от една антивирусна програма на една система - визирам Panda и Comodo, други са създадени за да допълват антивирусните програми и да работят в тандем с тях, но все пак трябва да се избира внимателно за да няма конфликти помежду им и да не хабят напразно системни ресурси). Добре е да не се спира System RestoreFile History в Windows 8), да не се спира UAC - User Account Control (даже да се направи на максималното ниво на защита), да не се спира SmartScreen (наличен само в Windows 8), да се внимава с прикачените файлове към електронната поща. Добра идея е и да забраните скриптовете, ако не използвате такива с помощта на инструмента - Noscript.exe. Стартирайте го и изберете Disable. Ако ви потрябва да стартирате някога (js или vbs файлове, просто стартирайте инструмента и го направете на Enable). Добре е да се внимава и с PDF файловете (повечето програми позволяват да се изключи java script в PDF четците, да се забрани на PDF файловете да стартират външни програми и да комуникират с интернет и прочие), да се внимава с офис файловете за макрос експлоити (пак може да се затегне сигурността от настройките на офис пакетите), добре е да се внимава за файлове с двойни разширения (например ако в My Computer => Tools => Folder Options => не е премахната отметката пред "Hide extensions for known file types" ако свалите даден файл от интернет с името image.exe.jpg, вие ще го видите като image.jpg, но всъщност файла ще е image.exe и щом го стартирате това ще задейства и вируса). Добра идея е да инсталирате Malwarebytes Anti-Exploit за да си осигурите спокойствие при сърфиране. Трудничко е, но просто няма как. Потребителите трябва да се научат да проявяват бдителност и хигиена при сърфиране.

 

5. За подобряване на производителността (ако системата ви се вижда мудна) вижте следните няколко теми:

 

Оптимизиране на Windows с цел по-добра производителност

Ръководство за поддръжка на Windows (XP, Vista и 7) [Revision 2.0]

Какво да направя, ако компютърът ми работи бавно

Профилактика на компютъра,как?

 

6. Проверете системата си актуални драйвери от сайтовете на производителите на компонентите ако ви се занимава (не използвайте програми за автоматично обновяване на драйверите за да си спестите главоболията после) и направете пълна проверка за гадини с наличната ви антивирусна програма за всеки случай.

 

7. Винаги правете бекъп на важните си документи на външни носители и за не толкова ценните неща на cloud услуги. Научете се да не инсталирате програми от съмнителни източници. Добра идея е да се научите да си създавате огледални образи на текущото работещо състояние на дяла на който се намира Операционната Система. Възстановяването на такъв образ при нужда в пъти по-лесен и бърз начин за връщане на работещото състояние на системата от преинсталация или опит за ръчно премахване на даден проблем. Такъв образ може да се създаде с вградения инструмент на Windows Vista, 7, 8 или с външна програма като Macrium Reflect Free

 

Поздрави и усмихната седмица! Ще маркирам случая като РЕШЕН! :bye1:

 

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2015 02
Ran by PCuser at 2015-05-14 23:44:19 Run:2
Running from C:\Users\PCuser\Downloads\iztegleni
Loaded Profiles: PCuser (Available profiles: PCuser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\PCuser\AppData\Roaming\thinstall
C:\Program Files (x86)\Photoshop\Check.exe
C:\Program Files (x86)\Photoshop\x64\Check.exe
Deletekey: HKEY_USERS\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\CONDUIT
end
*****************

C:\Users\PCuser\AppData\Roaming\thinstall => Moved successfully.
"C:\Program Files (x86)\Photoshop\Check.exe" => File/Directory not found.
"C:\Program Files (x86)\Photoshop\x64\Check.exe" => File/Directory not found.
HKEY_USERS\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\CONDUIT => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\CONDUIT => Key Deleted Successfully.

==== End of Fixlog 23:44:20 ====

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от Йорданка Т. Иванова
      Здравейте, при опит за възстановяване на системата към предишна дата, Avast направи пълно сканиране на компютъра и ми премести в клетка заразените файлове.
      Има ли възможност да се почисти компютъра от въпросните заплахи и съответно да си възстановя файловете, най-вече тези /ако има такива/, които са необходими за правилното функциониране на системата.
      П.П.: Пълен лаик съм на тема антивирусни програми.
      Нов Microsoft Office PowerPoint Presentation.pptx


      Ето го резултата от файла FRST
       
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
      Ran by Rosko (administrator) on ROSKO-PC (28-10-2018 14:36:09)
      Running from C:\Users\Rosko\Downloads
      Loaded Profiles: Rosko (Available Profiles: Rosko)
      Platform: Windows 7 Ultimate (X64) Language: Български (България)
      Internet Explorer Version 8 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
      (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BAVSvc.exe
      (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BHipsSvc.exe
      (Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe
      (Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BavTray.exe
      (Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      () C:\Program Files (x86)\CalendarTool\2.0.0.1000176\CalendarServ.exe
      () C:\Program Files (x86)\CalendarTool\2.0.0.1000176\calendar.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\bavhm.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Intel Corporation) C:\Windows\System32\igfxHK.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
      () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Baidu Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavadvtools2\8C8AEEC1-5166-4CE7-BBAD-7C37409D0C73\tool\bdMiniDownloaderGB_BAV-Mini_32_1002.exe
      (Baidu Inc.) C:\Users\Rosko\AppData\Local\MiniService\MiniService.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Viber Media S.à r.l.) C:\Users\Rosko\AppData\Local\Viber\Viber.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778352 2014-01-24] (Synaptics Incorporated)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-18] (AVAST Software)
      HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BavTray.exe [2553328 2015-07-14] (Baidu, Inc.)
      HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [132856 2017-05-18] (Intel)
      HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Qualcomm®Atheros®)
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\...\Run: [Viber] => C:\Users\Rosko\AppData\Local\Viber\Viber.exe [36762184 2018-10-22] (Viber Media S.à r.l.)
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\...\MountPoints2: {c4a92fbb-e173-11e7-9426-f8a963743fcb} - G:\LG_PC_Programs.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 172.16.1.1
      Tcpip\..\Interfaces\{2FB69C23-4CBD-4252-994A-27D31EDC0D6D}: [DhcpNameServer] 172.16.1.1
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKU\S-1-5-21-749869763-3409154425-2811610640-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
      Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
      Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
      Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
      FireFox:
      ========
      FF DefaultProfile: 2csmqmsd.default
      FF ProfilePath: C:\Users\Rosko\AppData\Roaming\Mozilla\Firefox\Profiles\2csmqmsd.default [2018-07-05]
      FF Homepage: Mozilla\Firefox\Profiles\2csmqmsd.default -> about:blank
      FF Extension: (Avast SafePrice) - C:\Users\Rosko\AppData\Roaming\Mozilla\Firefox\Profiles\2csmqmsd.default\Extensions\sp@avast.com.xpi [2018-10-18]
      FF Extension: (Avast Online Security) - C:\Users\Rosko\AppData\Roaming\Mozilla\Firefox\Profiles\2csmqmsd.default\Extensions\wrc@avast.com.xpi [2018-10-18]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-09] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-09] ()
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
      FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2015-08-18] (Sun Microsystems, Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
      FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\enpsysau.js [2017-09-10]
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR Profile: C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default [2018-10-28]
      CHR Extension: (Презентации) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-02]
      CHR Extension: (Документи) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-02]
      CHR Extension: (Google Диск) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-02]
      CHR Extension: (YouTube) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-02]
      CHR Extension: (Adobe Acrobat) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-10-02]
      CHR Extension: (Avast SafePrice | Сравнение, сделки, купони) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-10-19]
      CHR Extension: (Таблици) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-02]
      CHR Extension: (Google Документи офлайн) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-08]
      CHR Extension: (АБВ Уведомител) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\glkfpmcniebkbeakjdpobddpjghbapec [2018-10-28]
      CHR Extension: (Avast Online Security) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-18]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-02]
      CHR Extension: (Gmail) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-02]
      CHR Extension: (Chrome Media Router) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-28]
      CHR Profile: C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey [2018-10-28] <==== ATTENTION
      CHR Extension: (Презентации) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-23]
      CHR Extension: (Документи) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-23]
      CHR Extension: (Google Диск) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
      CHR Extension: (YouTube) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
      CHR Extension: (Google Търсене) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
      CHR Extension: (АБВ Уведомител) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\cpbekonjicgkldkmopnamgglbfaiojje [2015-11-25]
      CHR Extension: (Adobe Acrobat) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-08]
      CHR Extension: (Таблици) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-11]
      CHR Extension: (Farmville2 X-Press) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\gbgjpdhhnbgmnafojckjmjogcpoinlim [2018-10-24]
      CHR Extension: (Google Документи офлайн) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
      CHR Extension: (Avast Online Security) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-18]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-12]
      CHR Extension: (Gmail) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-23]
      CHR Extension: (Chrome Media Router) - C:\Users\Rosko\AppData\Local\Google\Chrome\User Data\lejutplovshprohey\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-01]
      CHR HKU\S-1-5-21-749869763-3409154425-2811610640-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-10-18] (AVAST Software)
      R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows (R) Win 7 DDK provider) [File not signed]
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-18] (AVAST Software)
      R2 BavSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BavSvc.exe [2805208 2015-07-14] (Baidu, Inc.)
      S3 BdSandboxSrv; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BdSandboxSrv64.exe [490480 2015-04-29] (Baidu, Inc.)
      R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BHipsSvc.exe [544032 2015-07-14] (Baidu, Inc.)
      S3 BsrSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools2\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\tool\BsrSvc.exe [3503416 2015-07-08] (Baidu, Inc.)
      R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [21240 2017-05-18] (Intel)
      R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
      R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
      R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
      S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
      R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
      R2 MiniService; C:\Users\Rosko\AppData\Local\MiniService\MiniService.exe [103616 2018-10-28] (Baidu Inc.) [File not signed] <==== ATTENTION
      R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH)
      R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.1000176\CalendarServ.exe [152720 2017-08-09] ()
      S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201408 2018-10-18] (AVAST Software)
      S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230512 2018-10-18] (AVAST Software)
      S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201928 2018-10-18] (AVAST Software)
      S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346760 2018-10-18] (AVAST Software)
      S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59664 2018-10-18] (AVAST Software)
      R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [185240 2018-10-18] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47064 2018-10-18] (AVAST Software)
      R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42456 2018-10-18] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163376 2018-10-18] (AVAST Software)
      S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111968 2018-10-18] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88112 2018-10-18] (AVAST Software)
      S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028840 2018-10-18] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467904 2018-10-18] (AVAST Software)
      S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [208640 2018-10-18] (AVAST Software)
      S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381144 2018-10-18] (AVAST Software)
      U3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BdApiUtil64.sys [116936 2015-07-14] (Baidu, Inc.)
      R3 bdark64; C:\Windows\system32\drivers\bdark64.sys [78792 2015-04-20] ()
      U3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\BdCameraProtect64.sys [25000 2015-07-14] (Baidu, Inc.)
      S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [235976 2015-04-29] (Baidu, Inc.)
      R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [62920 2015-07-14] (Baidu, Inc.)
      R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38344 2015-07-14] (Baidu, Inc.)
      R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [62792 2015-07-14] (Baidu, Inc.)
      R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [487144 2015-07-14] (Baidu, Inc.)
      R3 Bnmon; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.6.2.147365.0\Bnmon64.sys [82376 2015-07-14] (Baidu, Inc.)
      R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [171464 2015-07-14] (Baidu, Inc.)
      S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
      R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-08-08] (REALiX(tm))
      R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
      R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
      R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
      U3 aswbdisk; no ImagePath
      U0 Partizan; system32\drivers\Partizan.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-10-28 14:35 - 2018-10-28 14:36 - 000000000 ____D C:\FRST
      2018-10-28 14:35 - 2018-10-28 14:35 - 002414592 _____ (Farbar) C:\Users\Rosko\Downloads\FRST64.exe
      2018-10-28 14:28 - 2018-10-28 14:36 - 000021836 _____ C:\Users\Rosko\Downloads\FRST.txt
      2018-10-28 14:26 - 2018-10-28 14:27 - 000020080 _____ C:\Users\Rosko\Downloads\Addition.txt
      2018-10-28 13:34 - 2018-10-28 13:34 - 000000000 ____D C:\Users\Rosko\AppData\Local\MiniService
      2018-10-28 13:29 - 2018-10-28 13:32 - 000000000 ____D C:\ProgramData\BsrSvc_exe
      2018-10-28 13:19 - 2018-10-28 13:20 - 000617400 _____ C:\Users\Rosko\Desktop\Нов Microsoft Office PowerPoint Presentation.pptx
      2018-10-28 12:40 - 2018-10-28 13:16 - 000000000 ____D C:\ProgramData\BavSvc_exe
      2018-10-28 12:37 - 2018-10-28 12:37 - 000000000 ____D C:\Users\Rosko\AppData\Local\Viber
      2018-10-28 09:17 - 2018-10-28 11:16 - 000000000 ____D C:\Users\Rosko\Desktop\официялни споразумения 2018-2019г
      2018-10-26 17:03 - 2018-10-26 17:03 - 000102327 _____ C:\Users\Rosko\Downloads\П-03001718127835-177-001_archive (1).zip
      2018-10-24 10:41 - 2018-10-24 10:41 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\AVAST Software
      2018-10-24 10:39 - 2018-10-24 10:39 - 000611358 _____ C:\Users\Rosko\Downloads\379984975 (1).pdf
      2018-10-24 10:32 - 2018-10-28 12:37 - 000000000 ____D C:\Users\Rosko\AppData\Local\AVAST Software
      2018-10-22 15:05 - 2018-10-22 15:06 - 000103383 _____ C:\Users\Rosko\Downloads\П-03001718185275-040-001_archive.zip
      2018-10-20 07:48 - 2018-10-20 07:48 - 000230931 _____ C:\Users\Rosko\Downloads\ЗП Ростислав Недков 19.10 (1).pdf
      2018-10-20 07:40 - 2018-10-20 07:40 - 000230931 _____ C:\Users\Rosko\Downloads\ЗП Ростислав Недков 19.10.pdf
      2018-10-19 08:51 - 2018-10-19 08:51 - 002437339 _____ C:\Users\Rosko\Downloads\dec92_2016_1010_баркод_с_ръководство_за_потребителя.rar
      2018-10-18 18:17 - 2018-10-18 18:17 - 000665976 _____ C:\Users\Rosko\Downloads\Re6enie_VAS_27.02.2018 (1).pdf
      2018-10-18 11:52 - 2018-10-18 11:52 - 000039854 _____ C:\Users\Rosko\Downloads\nlnazadyljenia[1] (1).pdf
      2018-10-18 10:16 - 2018-10-18 10:16 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2018-10-18 10:16 - 2018-10-18 10:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
      2018-10-18 10:15 - 2018-10-18 10:15 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
      2018-10-18 10:14 - 2018-10-26 00:45 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
      2018-10-18 10:13 - 2018-10-18 10:13 - 001142072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
      2018-10-18 10:13 - 2018-10-18 10:13 - 000467904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000381144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      2018-10-18 10:13 - 2018-10-18 10:13 - 000208640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000201408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000163376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000111968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000088112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000047064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      2018-10-18 10:13 - 2018-10-18 10:13 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
      2018-10-18 10:13 - 2018-10-18 10:12 - 001028840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 001001272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2018-10-18 10:13 - 2018-10-18 10:12 - 000346760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000230512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000201928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000185240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000059664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
      2018-10-18 10:13 - 2018-10-18 10:12 - 000042456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
      2018-10-18 10:11 - 2018-10-18 11:43 - 000000000 ____D C:\ProgramData\AVAST Software
      2018-10-18 10:11 - 2018-10-18 10:11 - 000000000 ____D C:\Program Files\AVAST Software
      2018-10-18 10:09 - 2018-10-18 16:40 - 000000000 ____D C:\Users\Rosko\Documents\ViberDownloads
      2018-10-18 10:09 - 2018-10-18 10:09 - 000000000 ____D C:\Users\Rosko\AppData\Local\Viber Media S.à r.l
      2018-10-18 10:08 - 2018-10-28 13:47 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\ViberPC
      2018-10-18 10:08 - 2018-10-18 10:08 - 000000956 _____ C:\Users\Rosko\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
      2018-10-18 10:08 - 2018-10-18 10:08 - 000000954 _____ C:\Users\Rosko\Desktop\Viber.lnk
      2018-10-18 10:08 - 2018-10-18 10:08 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
      2018-10-18 10:08 - 2018-10-18 10:08 - 000000000 ____D C:\Users\Rosko\AppData\Local\cache
      2018-10-18 10:07 - 2018-10-18 10:07 - 000000000 ____D C:\Users\Rosko\AppData\Local\Package Cache
      2018-10-18 10:06 - 2018-10-18 10:07 - 089186064 _____ (Viber Media Inc.) C:\Users\Rosko\Downloads\ViberSetup.exe
      2018-10-17 22:33 - 2018-10-17 22:33 - 000267977 _____ C:\Users\Rosko\Downloads\danuchno_oblagane_vnoski_na_zemedelski_proizvoditeli (4).pdf
      2018-10-17 22:08 - 2018-10-17 22:09 - 000749389 _____ C:\Users\Rosko\Downloads\Нов Презентация на Microsoft PowerPoint (2).pptx
      2018-10-17 21:41 - 2018-10-17 21:41 - 000749389 _____ C:\Users\Rosko\Downloads\Нов Презентация на Microsoft PowerPoint (1).pptx
      2018-10-17 21:14 - 2018-10-17 21:14 - 000267977 _____ C:\Users\Rosko\Downloads\danuchno_oblagane_vnoski_na_zemedelski_proizvoditeli (3).pdf
      2018-10-17 16:19 - 2018-10-17 16:19 - 000289368 _____ C:\Windows\Minidump\101718-14539-01.dmp
      2018-10-17 15:07 - 2018-10-17 15:07 - 003833305 _____ C:\Users\Rosko\Downloads\dec50_2017_19.03.2018.rar
      2018-10-17 14:45 - 2018-10-17 14:45 - 004074946 _____ C:\Users\Rosko\Downloads\dec50_2016_баркод_с_ръководство_за_потребителя.rar
      2018-10-17 12:55 - 2018-10-17 12:55 - 000648847 _____ C:\Users\Rosko\Downloads\DOM (2).pdf
      2018-10-17 07:52 - 2018-10-17 07:52 - 000012846 _____ C:\Users\Rosko\Downloads\Spravka vazstanovqvane (4).ods
      2018-10-17 07:52 - 2018-10-17 07:52 - 000000165 ____H C:\Users\Rosko\Downloads\~$Spravka vazstanovqvane (4).ods
      2018-10-16 13:59 - 2018-10-16 13:59 - 070935933 _____ C:\Users\Rosko\Downloads\wetransfer-a3a156.zip
      2018-10-16 12:10 - 2018-10-16 12:10 - 001266784 _____ C:\Users\Rosko\Downloads\statement (21).pdf
      2018-10-16 12:09 - 2018-10-16 12:09 - 001105420 _____ C:\Users\Rosko\Downloads\statement (20).pdf
      2018-10-16 10:58 - 2018-10-16 10:58 - 000648847 _____ C:\Users\Rosko\Downloads\DOM (1).pdf
      2018-10-16 08:14 - 2018-10-16 08:14 - 001939889 _____ C:\Users\Rosko\Downloads\95_09.pdf
      2018-10-15 16:01 - 2018-10-15 16:01 - 000749389 _____ C:\Users\Rosko\Downloads\Нов Презентация на Microsoft PowerPoint.pptx
      2018-10-15 15:57 - 2018-10-15 15:57 - 000102327 _____ C:\Users\Rosko\Downloads\П-03001718127835-177-001_archive.zip
      2018-10-15 13:54 - 2018-10-15 13:54 - 000648847 _____ C:\Users\Rosko\Downloads\Ползване на данъчни облекчения и наличие на задължения.pdf
      2018-10-15 13:47 - 2018-10-15 13:47 - 000648847 _____ C:\Users\Rosko\Downloads\DOM.pdf
      2018-10-12 13:49 - 2018-10-12 13:49 - 000009969 _____ C:\Users\Rosko\Downloads\РОСТИСЛАВ НЕДКОВ БОРИСОВ_2019_ЮПЕР.ZIP
      2018-10-12 13:49 - 2018-10-12 13:49 - 000001382 _____ C:\Users\Rosko\Downloads\НЕДКО БОРИСОВ КОЛЕВ_2019_ЮПЕР.ZIP
      2018-10-12 13:48 - 2018-10-12 13:48 - 000001499 _____ C:\Users\Rosko\Downloads\НЕДКО БОРИСОВ КОЛЕВ_2019_БОЖУРОВО.ZIP
      2018-10-12 09:23 - 2018-10-12 09:23 - 000075048 _____ C:\Users\Rosko\Downloads\Crystal Reports - sp_invoice_text_only_2007_5_l.rpt (1).pdf
      2018-10-10 12:50 - 2018-10-10 12:50 - 004808921 _____ C:\Users\Rosko\Downloads\П-03001718168660-004-001_archive.zip
      2018-10-06 15:09 - 2018-10-06 15:09 - 000611358 _____ C:\Users\Rosko\Downloads\379984975.pdf
      2018-10-04 13:28 - 2018-10-04 13:28 - 000156030 _____ C:\Users\Rosko\Downloads\П-03001718168660-040-001_archive.zip
      2018-10-01 18:27 - 2018-10-01 18:27 - 000143428 _____ C:\Users\Rosko\Downloads\Информационна брошура за бъдещите майки.pdf
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-10-28 14:23 - 2009-07-14 06:45 - 000016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-10-28 14:23 - 2009-07-14 06:45 - 000016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-10-28 14:19 - 2009-07-14 05:20 - 000000000 ____D C:\PerfLogs
      2018-10-28 14:11 - 2017-08-24 12:56 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\CalendarTool
      2018-10-28 12:42 - 2009-07-14 07:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-10-28 12:42 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2018-10-28 12:36 - 2017-06-10 14:47 - 000000000 __SHD C:\Users\Rosko\IntelGraphicsProfiles
      2018-10-28 12:36 - 2015-04-23 13:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-10-28 12:35 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-10-28 11:44 - 2016-08-08 17:51 - 000000000 ___HD C:\Program Files (x86)\m3yE3E0
      2018-10-28 10:43 - 2015-04-23 12:58 - 000000000 ____D C:\Users\Rosko\AppData\Local\Microsoft Help
      2018-10-28 10:29 - 2017-01-10 10:04 - 000000000 ____D C:\Users\Rosko\AppData\Local\CrashDumps
      2018-10-27 19:48 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\tracing
      2018-10-24 07:25 - 2015-04-24 13:10 - 000000000 ____D C:\Users\Rosko\AppData\Roaming\Skype
      2018-10-23 08:18 - 2017-02-01 21:07 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2018-10-18 09:43 - 2018-07-09 15:03 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
      2018-10-18 09:43 - 2016-02-04 18:11 - 000002998 _____ C:\Windows\wininit.ini
      2018-10-17 16:19 - 2015-06-12 12:20 - 000000000 ____D C:\Windows\Minidump
      2018-10-17 16:18 - 2015-06-12 12:20 - 375178840 _____ C:\Windows\MEMORY.DMP
      2018-10-15 10:59 - 2009-07-14 07:08 - 000032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2018-10-09 21:41 - 2018-03-14 11:33 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
      2018-10-09 21:41 - 2017-02-01 18:37 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2018-10-09 21:41 - 2017-02-01 18:37 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2018-10-09 21:41 - 2017-02-01 18:37 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2018-10-09 21:41 - 2017-02-01 18:37 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2018-10-09 21:41 - 2017-02-01 18:37 - 000000000 ____D C:\Windows\system32\Macromed
      2018-10-04 13:28 - 2015-11-03 22:05 - 000000000 ____D C:\Users\Rosko\AppData\LocalLow\Adobe
      2018-10-01 21:10 - 2015-04-23 13:18 - 000000000 ____D C:\KMPlayer
      2018-10-01 08:27 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
      ==================== Files in the root of some directories =======
      2015-10-10 07:33 - 2015-10-10 07:33 - 000229019 _____ () C:\ProgramData\KTLVGTHRCQSO.dat
      2017-06-08 17:31 - 2017-06-08 17:31 - 000000017 _____ () C:\Users\Rosko\AppData\Local\resmon.resmoncfg
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-10-26 08:40
      ==================== End of FRST.txt ============================
      Addition.txt
    • от Magnolia D
      Здравейте, 
      От два - три дни интернет връзката ми се влоши драматично - почти невъзможно беше да се зареди каквато и да е страница (отнемаше минути, ако въобще успееше да го направи). Анти вирусната показа, че има Троянец(нещо си ) - може би е трябвало да запомня какво точно нещо си, но аз просто натиснах да го изтрие. Повторната проверка показа, че всичко е наред, но не мисля че е точно така. Сега зарежда малко по-бързо, но като цяло е изключително бавно и не мисля, че е от връзката. Предполагам, че се разбира, че знанието за компютрите не е една от най-силните ми страни, но за всеки случай ще го подчертая, за да се опитам да оправдая глупостите , които евентуално съм направила  и елементарния си "компютърен изказ". Относно стъпките за публикуване - нямам диск с операционната система, прикачвам другите два файла. П.С. Предварително благодаря за времето и съдействието!
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11.11.2018
      Ran by Grigorovi (administrator) on DIDI (13-11-2018 15:39:12)
      Running from D:\Instal
      Loaded Profiles: Grigorovi (Available Profiles: Grigorovi)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Български (България)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
      (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
      (SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
      (Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [CL-22-D39888C9-D725-485F-B4A2-1AD9369147B7] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-22-4DEB32A9-F15E-4B9A-A7FB-125105229440\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-22-4DEB32A (the data entry has 44 more characters).
      HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)
      HKU\S-1-5-21-2744073735-3007959217-1321240149-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
      Tcpip\..\Interfaces\{3247EA78-9C23-40D4-AF6B-21088034F9BF}: [DhcpNameServer] 192.168.8.1 192.168.8.1
      Tcpip\..\Interfaces\{AE99D80D-ED5E-4FA1-8934-689D4319410D}: [DhcpNameServer] 192.168.8.1 192.168.8.1
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
      FireFox:
      ========
      FF DefaultProfile: ixj5pejf.default-1538731853205
      FF ProfilePath: C:\Users\Grigorovi\AppData\Roaming\Mozilla\Firefox\Profiles\ixj5pejf.default-1538731853205 [2018-11-12]
      FF Extension: (Firefox Monitor) - C:\Users\Grigorovi\AppData\Roaming\Mozilla\Firefox\Profiles\ixj5pejf.default-1538731853205\features\{a452a5ff-64b4-44fa-910c-c6debf5ffb1d}\fxmonitor@mozilla.org.xpi [2018-10-05]
      FF Extension: (Telemetry coverage) - C:\Users\Grigorovi\AppData\Roaming\Mozilla\Firefox\Profiles\ixj5pejf.default-1538731853205\features\{a452a5ff-64b4-44fa-910c-c6debf5ffb1d}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-05] [Legacy]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-14] ()
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-29] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-29] (Google Inc.)
      FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
      FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
      FF Plugin HKU\S-1-5-21-2744073735-3007959217-1321240149-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Grigorovi\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-08-10] (Zoom Video Communications, Inc.)
      Chrome: 
      =======
      CHR Profile: C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default [2018-11-13]
      CHR Extension: (Презентации) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Документи) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Диск) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
      CHR Extension: (YouTube) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-26]
      CHR Extension: (Adblock Plus) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-10-31]
      CHR Extension: (Adobe Acrobat) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
      CHR Extension: (Facebook Pixel Helper) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2018-10-23]
      CHR Extension: (Таблици) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Документи офлайн) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
      CHR Extension: (Pinterest Save Button) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-10-19]
      CHR Extension: (Grammar.com) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hamhaljjdpcgkelbadepgmnocknejief [2018-10-02]
      CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2018-09-19]
      CHR Extension: (Reasy) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfiiflbfkgfmeinikcgikgiijegkhgf [2017-12-09]
      CHR Extension: (Grammar and Spelling checker by Ginger) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh [2018-11-07]
      CHR Extension: (Tag Assistant (by Google)) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2018-09-27]
      CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-10-09]
      CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2018-07-23]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
      CHR Extension: (Gmail) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-26]
      CHR Extension: (Chrome Media Router) - C:\Users\Grigorovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-19]
      CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
      R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [114648 2018-11-12] (SurfRight B.V.)
      R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [4406408 2018-11-12] (SurfRight B.V.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
      R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
      R3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
      R1 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [263288 2018-11-12] (SurfRight B.V.)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [229568 2018-11-13] (Malwarebytes)
      R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
      R1 MpKsl5e3716e3; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EE32FF0-58AB-4EF4-90BC-B7873B344D95}\MpKsl5e3716e3.sys [49504 2018-11-13] (Microsoft Corporation)
      R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2099-10-22 18:57 - 30826-10-22 18:57 - 000186368 ____N (Microsoft Corporation) C:\Windows\foJiYOYp.exe
      2099-10-22 18:57 - 30826-10-22 18:57 - 000073216 ____N (Microsoft Corporation) C:\Windows\system32\rNZYYO.exe
      2099-10-22 18:57 - 30826-10-22 18:57 - 000073216 ____N (Microsoft Corporation) C:\Windows\system32\OmATowuMEtOu.exe
      2018-11-13 10:08 - 2018-11-13 10:08 - 000229568 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-11-12 18:25 - 2018-11-13 15:38 - 000000000 ____D C:\Windows\CryptoGuard
      2018-11-12 18:25 - 2018-11-13 10:06 - 000000000 ___DC C:\ProgramData\HitmanPro.Alert
      2018-11-12 18:25 - 2018-11-12 18:25 - 000875656 _____ (SurfRight B.V.) C:\Windows\system32\hmpalert.dll
      2018-11-12 18:25 - 2018-11-12 18:25 - 000263288 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpalert.sys
      2018-11-12 18:25 - 2018-11-12 18:25 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
      2018-11-12 18:25 - 2018-11-12 18:25 - 000000000 ___DC C:\Program Files\HitmanPro.Alert
      2018-11-12 18:14 - 2018-11-12 18:14 - 000001847 _____ C:\Users\Public\Desktop\HitmanPro.lnk
      2018-11-12 18:14 - 2018-11-12 18:14 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
      2018-11-12 18:13 - 2018-11-12 18:14 - 000000000 ___DC C:\Program Files\HitmanPro
      2018-11-07 09:29 - 2018-11-07 09:29 - 001292716 _____ C:\Users\Grigorovi\Desktop\ros.zip
      2018-11-07 02:23 - 2018-11-05 16:55 - 009162423 _____ C:\Users\Grigorovi\Desktop\139_da_badesh_bog2.zip
      2018-11-07 02:14 - 2018-11-07 02:14 - 001062670 _____ C:\Users\Grigorovi\Desktop\Ерик Бърн -Психология на човешките взаимоотношения.pdf
      2018-11-07 02:13 - 2018-11-07 02:13 - 000798148 _____ C:\Users\Grigorovi\Desktop\Игрите, които хората играят.pdf
      2018-11-01 17:09 - 2018-11-04 22:36 - 000000000 ____D C:\Users\Grigorovi\Desktop\WP-UnEducatedMermad
      2018-10-29 18:44 - 2018-10-29 18:44 - 001092248 _____ C:\Users\Grigorovi\Desktop\Quick-Start-Affiliate-Marketing-Report.pdf
      2018-10-26 22:52 - 2018-10-26 22:52 - 002583150 _____ C:\Users\Grigorovi\Desktop\lipton_spontanna.zip
      2018-10-26 22:51 - 2018-10-26 22:51 - 001290479 _____ C:\Users\Grigorovi\Desktop\24_lipton_honemoon.zip
      2018-10-20 16:07 - 2018-10-20 16:07 - 002677746 _____ C:\Users\Grigorovi\Desktop\unblock_your_abundance_by_christiemarie_sheldon_workbook_nsp2.pdf
      2018-10-17 01:23 - 2018-10-17 01:24 - 000507221 _____ C:\Users\Grigorovi\Desktop\shum_v_ushite.zip
      2018-10-16 18:55 - 2018-10-16 18:55 - 006273583 _____ C:\Users\Grigorovi\Desktop\Шакти Гуаейн-Пътят към истинското блоагоденствие.rar
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-11-13 15:39 - 2018-04-07 19:16 - 000000000 ___DC C:\FRST
      2018-11-13 10:15 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-11-13 10:15 - 2009-07-14 06:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-11-13 10:10 - 2018-04-10 19:56 - 000000386 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
      2018-11-13 10:06 - 2018-04-07 21:35 - 000065536 _____ C:\Windows\system32\Ikeext.etl
      2018-11-13 10:06 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-11-13 05:49 - 2017-04-26 17:00 - 000000000 ___DC C:\ProgramData\HitmanPro
      2018-11-12 19:59 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
      2018-11-12 18:48 - 2014-10-15 19:19 - 000000000 ____D C:\Windows\Minidump
      2018-11-12 18:34 - 2016-12-02 16:12 - 000000702 _____ C:\Users\Public\Desktop\System Ninja.lnk
      2018-11-12 18:34 - 2016-12-02 16:12 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja
      2018-11-09 18:05 - 2018-07-24 14:22 - 000000000 ___DC C:\Users\Grigorovi\AppData\Local\gtk-2.0
      2018-10-30 09:45 - 2016-10-28 18:07 - 000660594 _____ C:\Windows\system32\perfh01D.dat
      2018-10-30 09:45 - 2016-10-28 18:07 - 000144252 _____ C:\Windows\system32\perfc01D.dat
      2018-10-30 09:45 - 2016-10-28 17:31 - 000425298 _____ C:\Windows\system32\perfh012.dat
      2018-10-30 09:45 - 2016-10-28 17:31 - 000122162 _____ C:\Windows\system32\perfc012.dat
      2018-10-30 09:45 - 2016-10-28 16:02 - 000378044 _____ C:\Windows\system32\prfh0804.dat
      2018-10-30 09:45 - 2016-10-28 16:02 - 000121370 _____ C:\Windows\system32\prfc0804.dat
      2018-10-30 09:45 - 2016-10-28 15:29 - 000413652 _____ C:\Windows\system32\perfh011.dat
      2018-10-30 09:45 - 2016-10-28 15:29 - 000123878 _____ C:\Windows\system32\perfc011.dat
      2018-10-30 09:45 - 2016-10-28 15:09 - 000680628 _____ C:\Windows\system32\perfh00E.dat
      2018-10-30 09:45 - 2016-10-28 15:09 - 000173052 _____ C:\Windows\system32\perfc00E.dat
      2018-10-30 09:45 - 2016-10-28 14:49 - 000478376 _____ C:\Windows\system32\perfh00B.dat
      2018-10-30 09:45 - 2016-10-28 14:49 - 000103298 _____ C:\Windows\system32\perfc00B.dat
      2018-10-30 09:45 - 2016-10-28 14:25 - 000389218 _____ C:\Windows\system32\perfh00D.dat
      2018-10-30 09:45 - 2016-10-28 14:25 - 000086536 _____ C:\Windows\system32\perfc00D.dat
      2018-10-30 09:45 - 2016-10-28 13:57 - 000740372 _____ C:\Windows\system32\perfh013.dat
      2018-10-30 09:45 - 2016-10-28 13:57 - 000154880 _____ C:\Windows\system32\perfc013.dat
      2018-10-30 09:45 - 2016-10-28 13:42 - 000491388 _____ C:\Windows\system32\perfh014.dat
      2018-10-30 09:45 - 2016-10-28 13:42 - 000097182 _____ C:\Windows\system32\perfc014.dat
      2018-10-30 09:45 - 2016-10-28 13:17 - 000603862 _____ C:\Windows\system32\perfh008.dat
      2018-10-30 09:45 - 2016-10-28 13:17 - 000112906 _____ C:\Windows\system32\perfc008.dat
      2018-10-30 09:45 - 2016-10-28 12:51 - 000736920 _____ C:\Windows\system32\perfh010.dat
      2018-10-30 09:45 - 2016-10-28 12:51 - 000148624 _____ C:\Windows\system32\perfc010.dat
      2018-10-30 09:45 - 2016-10-28 12:37 - 000665714 _____ C:\Windows\system32\perfh005.dat
      2018-10-30 09:45 - 2016-10-28 12:37 - 000143204 _____ C:\Windows\system32\perfc005.dat
      2018-10-30 09:45 - 2016-10-28 12:18 - 000475888 _____ C:\Windows\system32\perfh001.dat
      2018-10-30 09:45 - 2016-10-28 12:18 - 000096550 _____ C:\Windows\system32\perfc001.dat
      2018-10-30 09:45 - 2016-10-28 12:05 - 000742590 _____ C:\Windows\system32\perfh00C.dat
      2018-10-30 09:45 - 2016-10-28 12:05 - 000151358 _____ C:\Windows\system32\perfc00C.dat
      2018-10-30 09:45 - 2016-10-28 11:52 - 000725892 _____ C:\Windows\system32\prfh0816.dat
      2018-10-30 09:45 - 2016-10-28 11:52 - 000154684 _____ C:\Windows\system32\prfc0816.dat
      2018-10-30 09:45 - 2016-10-28 11:36 - 000506288 _____ C:\Windows\system32\perfh006.dat
      2018-10-30 09:45 - 2016-10-28 11:36 - 000100436 _____ C:\Windows\system32\perfc006.dat
      2018-10-30 09:45 - 2016-10-28 11:24 - 000742330 _____ C:\Windows\system32\perfh00A.dat
      2018-10-30 09:45 - 2016-10-28 11:24 - 000160252 _____ C:\Windows\system32\perfc00A.dat
      2018-10-30 09:45 - 2016-10-28 11:11 - 000395216 _____ C:\Windows\system32\prfh0404.dat
      2018-10-30 09:45 - 2016-10-28 11:11 - 000116868 _____ C:\Windows\system32\prfc0404.dat
      2018-10-30 09:45 - 2016-10-28 10:59 - 000737232 _____ C:\Windows\system32\perfh015.dat
      2018-10-30 09:45 - 2016-10-28 10:59 - 000157650 _____ C:\Windows\system32\perfc015.dat
      2018-10-30 09:45 - 2016-10-28 10:44 - 000721474 _____ C:\Windows\system32\perfh019.dat
      2018-10-30 09:45 - 2016-10-28 10:44 - 000152620 _____ C:\Windows\system32\perfc019.dat
      2018-10-30 09:45 - 2016-10-28 10:25 - 000710754 _____ C:\Windows\system32\prfh0416.dat
      2018-10-30 09:45 - 2016-10-28 10:25 - 000149434 _____ C:\Windows\system32\prfc0416.dat
      2018-10-30 09:45 - 2016-10-28 09:57 - 000694082 _____ C:\Windows\system32\perfh007.dat
      2018-10-30 09:45 - 2016-10-28 09:57 - 000150894 _____ C:\Windows\system32\perfc007.dat
      2018-10-30 09:45 - 2016-10-28 09:41 - 000653556 _____ C:\Windows\system32\perfh01F.dat
      2018-10-30 09:45 - 2016-10-28 09:41 - 000141778 _____ C:\Windows\system32\perfc01F.dat
      2018-10-30 09:45 - 2016-10-28 09:41 - 000126256 _____ C:\Windows\system32\perfh002.dat
      2018-10-30 09:45 - 2016-10-28 09:41 - 000028684 _____ C:\Windows\system32\perfc002.dat
      2018-10-30 09:45 - 2010-11-20 23:01 - 017739850 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-10-26 11:12 - 2018-10-05 13:08 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
      2018-10-25 10:37 - 2018-04-10 18:45 - 000002093 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-10-25 10:37 - 2016-08-26 11:58 - 000002134 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-10-24 12:51 - 2018-04-15 10:33 - 000000000 ___DC C:\Users\Grigorovi\AppData\Local\ElevatedDiagnostics
      2018-10-23 08:50 - 2016-08-24 15:28 - 000002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2018-10-15 23:48 - 2014-10-15 19:37 - 000479504 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      ==================== Files in the root of some directories =======
      2017-11-23 15:47 - 2017-11-23 15:47 - 001276776 _____ () C:\Users\Grigorovi\AppData\Roaming\screenshot11Thursday1547301350000.png
      2018-05-17 11:44 - 2018-05-17 11:44 - 001302316 _____ () C:\Users\Grigorovi\AppData\Roaming\screenshot5Thursday1244426890000.png
      2018-05-17 11:44 - 2018-05-17 11:44 - 001299942 _____ () C:\Users\Grigorovi\AppData\Roaming\screenshot5Thursday1244446010000.png
      2016-09-01 09:53 - 2016-09-01 09:53 - 000000000 ____C () C:\Users\Grigorovi\AppData\Local\AtStart.txt
      2016-09-01 09:53 - 2016-09-01 09:53 - 000000000 ____C () C:\Users\Grigorovi\AppData\Local\DSwitch.txt
      2016-09-01 09:53 - 2016-09-01 09:53 - 000000000 ____C () C:\Users\Grigorovi\AppData\Local\QSwitch.txt
      2018-07-31 22:52 - 2018-07-31 22:52 - 000003292 ____C () C:\Users\Grigorovi\AppData\Local\recently-used.xbel
      2017-08-26 20:16 - 2017-08-26 20:16 - 000007597 ____C () C:\Users\Grigorovi\AppData\Local\Resmon.ResmonCfg
      2018-04-07 13:19 - 2018-04-07 13:19 - 000000003 ____C () C:\Users\Grigorovi\AppData\Local\wbem.ini
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-11-04 00:42
      ==================== End of FRST.txt ============================
       
      Addition.txt
    • от Venci Velikov
      Здравейте от няколко дни имам няколко процеса без име ,не използват диск или интернет само рам .
      От както те се появиха започнаха да ми излизат реклами директно ми отваря опера браузърът с някоко таба с реклами.
      Свързах се с майкрософт но те казаха да си изтрия всичко от компютъра и да инсталирам windows наново ...това е невъзможно. 
      Когато дам дясното копче и отиди на детайли всеки от процесите води към 1 svchost.exe 
      Един от 3те процеса е винаги suspended ...незнам дали е съвпадение но компютъра ми забиваше  точно преди да цъкна download на adw cleaner и по време на сканирането успях да мина през сканирате и почистването  като постоянно прекратявах процесите ,но това не помогна все още са в компютъра ми и моля за помощ. 
      От майкрософт ме караха и да правя offline scan със windows defender ,но тази програма я нямам за нищо ,както и всяка друга антивирусна затова не използвам.
      Не разполагам с диск или флашка както и не желая да преинсталирам защото не искам да презаписвам толкова голямо количество на SSD .... благодаря за разбирането.
      edit : операционна система windows 10 x64 bit pro
      Не успях да изтегля FRST.exe ....опера спира да отговаря а компютъра ми започва да работи супер бавно и е нужен пълен рестарт за подобрение 
      Edit успях да го подкарам ,извинявам се че е много редактирано ,ноо знаете ...
      Addition.txt
      FRST.txt
    • от D101149
      Здравейте! Съмнявам се, че система ми е заразена ако може да ми помогнете ще съм ви благодарен (за пореден път)  Първите 3-4 минути изобщо хрома не зарежда страниците..
       
      Addition.txt
      FRST.txt
    • от mordikai
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.09.2018
      Ran by Dellssd (administrator) on DELLSSD-PC (29-09-2018 16:54:29)
      Running from C:\Users\Dellssd\Downloads
      Loaded Profiles: Dellssd (Available Profiles: Dellssd)
      Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
      Internet Explorer Version 11 (Default browser: IE)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
      (Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
      (Intel Corporation) C:\Windows\System32\igfxtray.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.805\SSScheduler.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
      (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
      (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
      (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\splwow64.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (BitTorrent Inc.) C:\Users\Dellssd\AppData\Roaming\uTorrent\uTorrent.exe
      (BitTorrent Inc.) C:\Users\Dellssd\AppData\Roaming\uTorrent\updates\3.4.6_42178\utorrentie.exe
      (BitTorrent Inc.) C:\Users\Dellssd\AppData\Roaming\uTorrent\updates\3.4.6_42178\utorrentie.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-08-30] (AVAST Software)
      HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
      HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
      HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
      Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-21-477188782-2465529923-3270759937-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [1447936 2018-07-13] (Adobe Systems Incorporated)
      HKU\S-1-5-21-477188782-2465529923-3270759937-1000\...\MountPoints2: {6e61377d-2802-11e7-81ae-1c659d02e554} - G:\AutoRun.exe
      HKU\S-1-5-21-477188782-2465529923-3270759937-1000\...\MountPoints2: {76ec0a4f-0d2e-11e6-8287-1c659d02e554} - F:\SETUP.EXE
      HKU\S-1-5-21-477188782-2465529923-3270759937-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
      HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
      Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-09-26]
      ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.805\SSScheduler.exe (McAfee, Inc.)
      GroupPolicy: Restriction ? <==== ATTENTION
      GroupPolicy\User: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      ProxyEnable: [S-1-5-21-477188782-2465529923-3270759937-1000] => Proxy is enabled.
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{645E12D2-5740-463F-B063-09C024155032}: [DhcpNameServer] 192.168.8.1 192.168.8.1
      Tcpip\..\Interfaces\{B0D854A2-9D35-438A-98DE-EE2EB8CFFC94}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
      HKU\S-1-5-21-477188782-2465529923-3270759937-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-477188782-2465529923-3270759937-1000 -> 9845cd48-2779-11e7-bbbc-1c659d02e554 URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-477188782-2465529923-3270759937-1000 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://yandex.ru/search/?win=277&clid=2262092-3&text={searchTerms}
      SearchScopes: HKU\S-1-5-21-477188782-2465529923-3270759937-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10041_spdf_opdfs_all_b_doc2pdf_170414__yaie&p={searchTerms}
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-03-10] (Google Inc.)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-03-10] (Google Inc.)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-03-10] (Google Inc.)
      Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-03-10] (Google Inc.)
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Google\Google Desktop Search\Plugins\gdSkype\skype4com.dll No File
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe
      FireFox:
      ========
      FF DefaultProfile: yk7fki5l.default
      FF ProfilePath: C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default [2018-09-26]
      FF Homepage: Mozilla\Firefox\Profiles\yk7fki5l.default -> hxxps://search.avast.com/AV772/
      FF NewTab: Mozilla\Firefox\Profiles\yk7fki5l.default -> about:newtab
      FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\Extensions\homepage@mail.ru.xpi [2018-08-10]
      FF Extension: (Поиск Mail.Ru) - C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\Extensions\search@mail.ru.xpi [2018-04-12]
      FF Extension: (Советник Яндекс.Маркета) - C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\Extensions\sovetnik@metabar.ru.xpi [2018-09-19]
      FF Extension: (Avast SafePrice) - C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\Extensions\sp@avast.com.xpi [2018-08-10]
      FF Extension: (Визуальные закладки) - C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\Extensions\vb@yandex.ru.xpi [2018-05-06]
      FF Extension: (Avast Online Security) - C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\Extensions\wrc@avast.com.xpi [2018-05-30]
      FF Extension: (Пульт) - C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.xpi [2017-12-03]
      FF Extension: (Telemetry coverage) - C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\features\{02617030-72af-413d-a344-376f30098954}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-09-19] [Legacy]
      FF SearchPlugin: C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\searchplugins\avast-search.xml [2017-08-25]
      FF SearchPlugin: C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\searchplugins\yahoo-lavasoft.xml [2017-04-14]
      FF SearchPlugin: C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\searchplugins\Yahoo®-20173422.xml [2017-04-22]
      FF SearchPlugin: C:\Users\Dellssd\AppData\Roaming\Mozilla\Firefox\Profiles\yk7fki5l.default\searchplugins\yandex.ru-20173422.xml [2017-04-22]
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
      FF Plugin-x32: Soda PDF Desktop -> C:\Program Files (x86)\Soda PDF Desktop\np-previewer.dll [2017-03-23] (LULU Software)
      FF Plugin HKU\S-1-5-21-477188782-2465529923-3270759937-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Dellssd\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-01-25] (Zoom Video Communications, Inc.)
      Chrome: 
      =======
      CHR HomePage: Default -> yandex.ru
      CHR NewTab: Default ->  Active:"chrome-extension://fehhbdbmfjboomkmkflbaekjkhkklbnh/newtabproduct.html", Active:"chrome-extension://ceopoaldcnmhechacafgagdkklcogkgd/newtabproduct.html", Not-active:"chrome-extension://hcckjhfbahlnihggjcbadkgfjcghcibl/newtab/newtab.html", Not-active:"chrome-extension://mebpengldpmmlnaeehejppajiakgpbek/redirect.html", Not-active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/stubby.html", Not-active:"chrome-extension://agibagflppafhfonkefpklndlohkclcb/index.html", Not-active:"chrome-extension://ghfmhofojkkfdnlfefhkckbflohgiicn/index.html"
      CHR DefaultSearchURL: Default -> hxxp://musix.searchalgo.com/search/?category=web&s=wmds&q={searchTerms}
      CHR DefaultSearchKeyword: Default -> WowMusix
      CHR DefaultSuggestURL: Default -> hxxp://sug.searchalgo.com/search/index_sg.php?q={searchTerms}
      CHR Profile: C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default [2018-09-29]
      CHR Extension: (Slides) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
      CHR Extension: (Docs) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-19]
      CHR Extension: (Skype Calling) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-10-25]
      CHR Extension: (YouTube) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-19]
      CHR Extension: (OnlineMapFinder) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd [2018-04-26]
      CHR Extension: (Tampermonkey) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-08-24]
      CHR Extension: (Стартовая — Яндекс) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkekdlkmdpipihonapoleopfekmapadh [2017-06-14]
      CHR Extension: (Adobe Acrobat) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-14]
      CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-09-20]
      CHR Extension: (MyImageConverter) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\fehhbdbmfjboomkmkflbaekjkhkklbnh [2018-08-23]
      CHR Extension: (Sheets) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Search App - Music) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\flohajbbpjlbphjgeffnhlopdhoonghc [2017-09-13]
      CHR Extension: (Google Docs Offline) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
      CHR Extension: (Avast Online Security) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-26]
      CHR Extension: (Яндекс) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfblcbjfojmgagikhldeppgmgdpjkpl [2017-06-20]
      CHR Extension: (Ask Web Search) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmengapaekgmapkcophhdmppmjinpogo [2018-09-21]
      CHR Extension: (Ask Web Search) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkmodlfcmmnhhlofndkhdcembjaefbb [2018-09-21]
      CHR Extension: (FromDocToPDF) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2018-08-24]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
      CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\odijcgafkhpobjlnfdgiacpdenpmbgme [2016-10-19]
      CHR Extension: (Parity to Affinity) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\peagbbjfdfkkfcehfbddelhhppflbgla [2017-03-13]
      CHR Extension: (Mail.Ru) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkdcinmmljblpnkohlipaiodlonpinf [2016-10-19]
      CHR Extension: (SearchApp - Entertainment) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\phlbjnedeghkgaeghaiocogfofoicbpg [2018-01-16]
      CHR Extension: (Gmail) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-19]
      CHR Extension: (Chrome Media Router) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-19]
      CHR Extension: (Pulse) - C:\Users\Dellssd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmpoaahleccaibbhfjfimigepmfmmbbk [2018-06-06]
      CHR HKLM-x32\...\Chrome\Extension: [dkekdlkmdpipihonapoleopfekmapadh] - hxxp://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [jkfblcbjfojmgagikhldeppgmgdpjkpl] - hxxp://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [odijcgafkhpobjlnfdgiacpdenpmbgme] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [phkdcinmmljblpnkohlipaiodlonpinf] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [pmpoaahleccaibbhfjfimigepmfmmbbk] - hxxps://clients2.google.com/service/update2/crx
      Opera: 
      =======
      OPR StartupUrls: "hxxps://www.yandex.ru/?win=277&clid=2262091-3"
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
      R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7994520 2018-08-30] (AVAST Software)
      S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-23] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-30] (AVAST Software)
      S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-23] (AVAST Software)
      S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo Uninstaller 2017\DfSdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
      S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.805\McCHSvc.exe [405392 2018-09-24] (McAfee, Inc.)
      R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [51112 2017-02-22] (Microsoft)
      S2 Soda PDF Desktop Creator; C:\Program Files\Soda PDF Desktop\creator-ws.exe [755048 2017-03-23] (LULU Software)
      S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
      R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25192 2017-04-14] ()
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
      S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\Kingsoft Office\wpscloudsvr.exe [220288 2018-03-28] (Zhuhai Kingsoft Office Software Co.,Ltd)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [199712 2018-08-30] (AVAST Software)
      R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [229384 2018-08-30] (AVAST Software)
      R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201320 2018-08-30] (AVAST Software)
      R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346664 2018-08-30] (AVAST Software)
      R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59568 2018-08-30] (AVAST Software)
      R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [249016 2018-08-30] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-08-30] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163392 2018-09-12] (AVAST Software)
      R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111864 2018-08-30] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87904 2018-08-30] (AVAST Software)
      R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-08-30] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467320 2018-09-05] (AVAST Software)
      R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215920 2018-09-12] (AVAST Software)
      R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381560 2018-08-30] (AVAST Software)
      R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [103088 2015-02-26] (STMicroelectronics)
      R2 UI5IFS; C:\Program Files (x86)\Ashampoo\Ashampoo Uninstaller 2017\IFS64.sys [31320 2015-12-07] ()
      S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
      S3 btwaudio; system32\drivers\btwaudio.sys [X]
      S3 btwavdt; system32\drivers\btwavdt.sys [X]
      S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
      S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-29 16:54 - 2018-09-29 16:54 - 000026700 _____ C:\Users\Dellssd\Downloads\FRST.txt
      2018-09-29 16:54 - 2018-09-29 16:54 - 000000000 ____D C:\FRST
      2018-09-29 16:53 - 2018-09-29 16:53 - 002414080 _____ (Farbar) C:\Users\Dellssd\Downloads\FRST64.exe
      2018-09-29 16:19 - 2018-09-29 16:19 - 004279416 _____ (ESET) C:\Users\Dellssd\Downloads\eset_internet_security_live_installer.exe
      2018-09-29 15:16 - 2018-09-29 15:16 - 000017773 _____ C:\Users\Dellssd\Downloads\American.Horror.Story.S08E03.720p.WEBRip.x264-TBS.torrent
      2018-09-29 11:31 - 2018-09-29 11:31 - 000001191 _____ C:\Users\Dellssd\AppData\Roaming\uni.txt
      2018-09-29 08:39 - 2018-09-29 08:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
      2018-09-29 08:30 - 2018-09-29 08:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      2018-09-27 23:29 - 2018-09-27 23:29 - 005193216 _____ ( ) C:\Users\Dellssd\Downloads\wspsetup.exe
      2018-09-26 14:31 - 2018-09-26 14:31 - 000001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
      2018-09-26 14:31 - 2018-09-26 14:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
      2018-09-26 14:31 - 2018-09-26 14:31 - 000000000 ____D C:\ProgramData\McAfee Security Scan
      2018-09-25 11:26 - 2018-09-28 11:38 - 000109568 ____H C:\Users\Dellssd\Desktop\~WRL1409.tmp
      2018-09-25 11:26 - 2018-09-27 10:53 - 000094208 ____H C:\Users\Dellssd\Desktop\~WRL1082.tmp
      2018-09-25 11:26 - 2018-09-26 13:19 - 000084480 ____H C:\Users\Dellssd\Desktop\~WRL1831.tmp
      2018-09-24 22:25 - 2018-09-24 22:25 - 000014480 _____ C:\Users\Dellssd\Downloads\Preacher.S03E10.HDTV.x264-KILLERS.mkv (2).torrent
      2018-09-24 09:39 - 2018-09-24 09:39 - 000014480 _____ C:\Users\Dellssd\Downloads\Preacher.S03E10.HDTV.x264-KILLERS.mkv (1).torrent
      2018-09-23 22:48 - 2018-09-23 22:48 - 000014480 _____ C:\Users\Dellssd\Downloads\Preacher.S03E10.HDTV.x264-KILLERS.mkv.torrent
      2018-09-23 22:46 - 2018-09-23 22:46 - 000011432 _____ C:\Users\Dellssd\Downloads\Preacher.S03E09.HDTV.x264-SVA (2).torrent
      2018-09-23 08:18 - 2018-09-23 08:18 - 000011432 _____ C:\Users\Dellssd\Downloads\Preacher.S03E09.HDTV.x264-SVA (1).torrent
      2018-09-22 20:53 - 2018-09-22 20:53 - 000011432 _____ C:\Users\Dellssd\Downloads\Preacher.S03E09.HDTV.x264-SVA.torrent
      2018-09-22 19:56 - 2018-09-22 19:56 - 000018281 _____ C:\Users\Dellssd\Downloads\Preacher.S03E08.720p.HEVC.x265-MeGusta.torrent
      2018-09-22 19:03 - 2018-09-22 19:03 - 000017384 _____ C:\Users\Dellssd\Downloads\Preacher.S03E07.720p.HEVC.x265-MeGusta.torrent
      2018-09-22 10:02 - 2018-09-22 10:02 - 000010528 _____ C:\Users\Dellssd\Downloads\American.Horror.Story.S08E01.HDTV.x264-SVA (1).torrent
      2018-09-21 18:54 - 2018-09-21 18:54 - 000010528 _____ C:\Users\Dellssd\Downloads\American.Horror.Story.S08E01.HDTV.x264-SVA.torrent
      2018-09-21 18:52 - 2018-09-21 18:52 - 000017830 _____ C:\Users\Dellssd\Downloads\American.Horror.Story.S08E02.WEBRip.x264-TBS.torrent
      2018-09-19 10:10 - 2018-09-19 10:10 - 000262144 _____ C:\Windows\Minidump\091918-9126-01.dmp
      2018-09-16 10:43 - 2018-09-16 10:43 - 000218836 _____ C:\Users\Dellssd\Desktop\a.psd
      2018-09-16 10:20 - 2018-09-16 10:21 - 000024235 _____ C:\Users\Dellssd\Desktop\a.jpf
      2018-09-08 16:34 - 2018-09-08 16:34 - 000152887 _____ C:\Users\Dellssd\Desktop\5.jpeg
      2018-09-06 20:51 - 2018-09-06 20:51 - 000015001 _____ C:\Users\Dellssd\Downloads\[kinozal.tv]id1604058.torrent
      2018-08-30 23:30 - 2018-08-30 23:29 - 000379608 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-09-29 16:53 - 2016-04-28 15:06 - 000000000 ____D C:\Users\Dellssd\AppData\Roaming\uTorrent
      2018-09-29 16:43 - 2017-05-15 14:15 - 000000378 _____ C:\Windows\Tasks\WpsNotifyTask_Dellssd.job
      2018-09-29 16:39 - 2018-02-11 22:39 - 000000994 _____ C:\Windows\Tasks\Chromium nefil.job
      2018-09-29 16:12 - 2016-10-21 06:34 - 000000000 ____D C:\Users\Dellssd\AppData\Roaming\vlc
      2018-09-29 15:16 - 2017-09-30 23:37 - 000000000 ____D C:\Users\Dellssd\AppData\LocalLow\uTorrent
      2018-09-29 13:22 - 2016-04-28 19:38 - 000000392 _____ C:\Windows\Tasks\update-sys.job
      2018-09-29 12:57 - 2016-04-28 19:38 - 000000392 _____ C:\Windows\Tasks\update-S-1-5-21-477188782-2465529923-3270759937-1000.job
      2018-09-29 08:39 - 2016-04-28 19:38 - 000003270 _____ C:\Windows\System32\Tasks\update-S-1-5-21-477188782-2465529923-3270759937-1000
      2018-09-29 08:38 - 2009-07-14 07:45 - 000014448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-09-29 08:38 - 2009-07-14 07:45 - 000014448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-09-29 08:30 - 2017-08-13 12:16 - 000001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
      2018-09-29 08:30 - 2017-03-11 18:15 - 000001306 _____ C:\Users\Public\Desktop\Skype.lnk
      2018-09-29 08:30 - 2017-03-11 18:15 - 000000000 ___RD C:\Program Files (x86)\Skype
      2018-09-29 08:30 - 2016-04-28 15:22 - 000000000 ____D C:\ProgramData\Skype
      2018-09-29 08:28 - 2009-07-14 08:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-09-29 08:28 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
      2018-09-29 08:21 - 2016-04-28 15:19 - 000000204 _____ C:\Windows\Tasks\AutoKMS.job
      2018-09-29 08:21 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-09-27 23:33 - 2018-03-23 00:37 - 000000000 ____D C:\Users\Dellssd\AppData\Local\AVAST Software
      2018-09-27 10:13 - 2016-12-02 22:36 - 000000000 ____D C:\Users\Dellssd\Desktop\преводи
      2018-09-26 14:31 - 2018-07-13 15:01 - 000000000 ____D C:\Program Files\McAfee Security Scan
      2018-09-24 09:29 - 2017-04-13 09:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2018-09-24 09:29 - 2016-08-18 13:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2018-09-23 23:46 - 2016-12-01 16:09 - 000000000 ____D C:\Users\Dellssd\AppData\LocalLow\Mozilla
      2018-09-23 08:33 - 2017-07-27 09:56 - 000003180 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-477188782-2465529923-3270759937-1000
      2018-09-23 08:33 - 2017-05-14 12:21 - 000002164 _____ C:\Users\Dellssd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
      2018-09-23 08:33 - 2017-05-14 12:21 - 000000000 ___RD C:\Users\Dellssd\OneDrive
      2018-09-22 17:35 - 2018-08-29 08:46 - 000501760 ____H C:\Users\Dellssd\Desktop\~WRL1243.tmp
      2018-09-21 18:56 - 2016-10-30 19:56 - 000000000 ____D C:\Users\Dellssd\Desktop\subtitri
      2018-09-21 14:57 - 2018-08-29 08:46 - 000493568 ____H C:\Users\Dellssd\Desktop\~WRL3209.tmp
      2018-09-20 12:11 - 2016-09-26 11:57 - 000119544 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
      2018-09-20 10:36 - 2017-04-14 13:23 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
      2018-09-20 10:36 - 2017-04-14 13:23 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2018-09-19 23:21 - 2018-03-23 00:38 - 000002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
      2018-09-19 10:10 - 2017-01-14 08:33 - 000000000 ____D C:\Windows\Minidump
      2018-09-18 23:46 - 2016-09-19 00:17 - 000002430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-09-18 23:46 - 2016-09-19 00:17 - 000002389 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-09-18 12:47 - 2018-08-29 08:46 - 000419328 ____H C:\Users\Dellssd\Desktop\~WRL1414.tmp
      2018-09-17 12:36 - 2018-08-29 08:46 - 000396288 ____H C:\Users\Dellssd\Desktop\~WRL2232.tmp
      2018-09-17 09:55 - 2016-04-28 15:19 - 000000202 _____ C:\Windows\Tasks\AutoKMSDaily.job
      2018-09-16 22:22 - 2018-07-13 14:31 - 000004482 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
      2018-09-16 22:22 - 2018-06-17 11:13 - 000003138 _____ C:\Windows\System32\Tasks\{810AB3C2-34D4-499B-B4BB-9D38D546FA12}
      2018-09-16 22:22 - 2018-05-05 14:25 - 000003944 _____ C:\Windows\System32\Tasks\WpsUpdateTask_Dellssd
      2018-09-16 22:22 - 2017-08-07 09:24 - 000004192 _____ C:\Windows\System32\Tasks\WpsExternal_Dellssd_20170807092444
      2018-09-16 22:22 - 2017-05-15 14:15 - 000004196 _____ C:\Windows\System32\Tasks\WpsKtpcntrQingTask_Dellssd
      2018-09-16 22:22 - 2017-05-15 14:15 - 000003362 _____ C:\Windows\System32\Tasks\WpsNotifyTask_Dellssd
      2018-09-16 22:22 - 2017-04-16 19:21 - 000004308 _____ C:\Windows\System32\Tasks\Opera scheduled suite Autoupdate 1492359678
      2018-09-16 22:22 - 2017-04-16 19:21 - 000004086 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1492359677
      2018-09-16 22:22 - 2017-04-14 13:19 - 000003572 _____ C:\Windows\System32\Tasks\doPDF Update
      2018-09-16 22:22 - 2017-03-11 18:01 - 000003154 _____ C:\Windows\System32\Tasks\{F75FB1AB-3FC6-4CCB-8E59-EFFFE1750F20}
      2018-09-16 22:22 - 2017-03-11 17:59 - 000003154 _____ C:\Windows\System32\Tasks\{CEDD031E-67BD-4005-BC8D-F936A030F0BA}
      2018-09-16 22:22 - 2017-03-10 11:47 - 000003154 _____ C:\Windows\System32\Tasks\{54495718-5171-4E02-8AE9-0C0BA73E7D7F}
      2018-09-16 22:22 - 2017-03-10 11:46 - 000003154 _____ C:\Windows\System32\Tasks\{E1C2E6E7-851E-4C71-BE27-06A41080DD86}
      2018-09-16 22:22 - 2017-03-08 15:35 - 000003154 _____ C:\Windows\System32\Tasks\{380FC156-4700-48BE-8B5A-FBA1286DCE61}
      2018-09-16 22:22 - 2017-03-07 19:54 - 000003154 _____ C:\Windows\System32\Tasks\{B59123EA-C895-4329-A7B1-CB325A18760F}
      2018-09-16 22:22 - 2017-03-07 19:53 - 000003154 _____ C:\Windows\System32\Tasks\{1B3678E0-0EBD-4B19-8557-0E961136459F}
      2018-09-16 22:22 - 2017-03-07 19:23 - 000003152 _____ C:\Windows\System32\Tasks\{C3112054-5422-446C-8C6A-CBF71C0F1362}
      2018-09-16 22:22 - 2017-03-07 19:18 - 000003154 _____ C:\Windows\System32\Tasks\{2A7E9ED5-EA5D-44CE-A690-23D3D3057CA2}
      2018-09-16 22:22 - 2017-03-07 19:14 - 000003154 _____ C:\Windows\System32\Tasks\{E3C65BC8-A75A-427C-B27F-42C9BBE41C62}
      2018-09-16 22:22 - 2016-10-20 13:50 - 000003112 _____ C:\Windows\System32\Tasks\{35511907-B4BB-42B6-B5D5-1DEA4D518FE5}
      2018-09-16 22:22 - 2016-10-20 13:36 - 000003164 _____ C:\Windows\System32\Tasks\{CF456C35-60A1-4F96-848F-0062539D31D4}
      2018-09-16 22:22 - 2016-10-20 13:08 - 000003164 _____ C:\Windows\System32\Tasks\{286D155D-B077-4884-A3BD-71EBE307BEF5}
      2018-09-16 22:22 - 2016-10-20 13:07 - 000003164 _____ C:\Windows\System32\Tasks\{295B979B-F0EA-40DA-9832-C45D45FC859B}
      2018-09-16 22:22 - 2016-10-19 13:20 - 000003164 _____ C:\Windows\System32\Tasks\{B72E12E4-120A-46A7-B0FC-AED00851297F}
      2018-09-16 22:22 - 2016-10-19 12:55 - 000003164 _____ C:\Windows\System32\Tasks\{A7EABB03-E8E6-444E-9C70-01DEA803DBEC}
      2018-09-16 22:22 - 2016-10-19 12:53 - 000003164 _____ C:\Windows\System32\Tasks\{D6E5F4DF-91E3-4ECA-B09F-9DCF123E1030}
      2018-09-16 22:22 - 2016-09-19 00:16 - 000003432 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2018-09-16 22:22 - 2016-09-19 00:16 - 000003304 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2018-09-16 22:22 - 2016-04-28 19:38 - 000003400 _____ C:\Windows\System32\Tasks\update-sys
      2018-09-16 22:22 - 2016-04-28 15:19 - 000002740 _____ C:\Windows\System32\Tasks\AutoKMSDaily
      2018-09-16 22:22 - 2016-04-28 15:19 - 000002436 _____ C:\Windows\System32\Tasks\AutoKMS
      2018-09-16 22:22 - 2016-04-28 15:14 - 000003148 _____ C:\Windows\System32\Tasks\{5A5A1497-EAC4-4683-9946-09144759EE3B}
      2018-09-16 22:22 - 2016-04-28 13:36 - 000003254 _____ C:\Windows\System32\Tasks\{CD225CD4-3990-439E-8F36-78EB3BDEE4E1}
      2018-09-16 20:22 - 2018-08-29 08:46 - 000370688 ____H C:\Users\Dellssd\Desktop\~WRL3793.tmp
      2018-09-15 19:37 - 2018-08-29 08:46 - 000344576 ____H C:\Users\Dellssd\Desktop\~WRL1766.tmp
      2018-09-14 18:54 - 2018-08-29 08:46 - 000297984 ____H C:\Users\Dellssd\Desktop\~WRL2266.tmp
      2018-09-13 15:27 - 2018-08-29 08:46 - 000268288 ____H C:\Users\Dellssd\Desktop\~WRL2379.tmp
      2018-09-12 23:30 - 2016-04-28 15:24 - 000215920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2018-09-12 12:59 - 2018-08-29 08:46 - 000251904 ____H C:\Users\Dellssd\Desktop\~WRL1812.tmp
      2018-09-12 12:19 - 2016-04-28 15:24 - 000163392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2018-09-09 09:00 - 2018-08-29 08:46 - 000212992 ____H C:\Users\Dellssd\Desktop\~WRL1160.tmp
      2018-09-08 11:36 - 2018-08-29 08:46 - 000209920 ____H C:\Users\Dellssd\Desktop\~WRL3129.tmp
      2018-09-07 13:25 - 2018-08-29 08:46 - 000199168 ____H C:\Users\Dellssd\Desktop\~WRL0459.tmp
      2018-09-05 11:53 - 2016-04-28 15:24 - 000467320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2018-09-04 13:41 - 2018-08-29 08:46 - 000154624 ____H C:\Users\Dellssd\Desktop\~WRL0358.tmp
      2018-09-03 23:58 - 2017-03-11 17:50 - 000000000 _____ C:\Windows\SysWOW64\last.dump
      2018-09-03 10:30 - 2018-08-29 08:46 - 000122368 ____H C:\Users\Dellssd\Desktop\~WRL1632.tmp
      2018-09-01 12:16 - 2018-08-29 08:46 - 000114688 ____H C:\Users\Dellssd\Desktop\~WRL0845.tmp
      2018-08-31 12:46 - 2018-08-29 08:46 - 000098304 ____H C:\Users\Dellssd\Desktop\~WRL3568.tmp
      2018-08-30 23:30 - 2017-04-04 12:54 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
      2018-08-30 23:30 - 2016-04-28 15:24 - 000087904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2018-08-30 23:29 - 2017-12-23 19:29 - 000249016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
      2018-08-30 23:29 - 2017-11-13 11:28 - 000199712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2018-08-30 23:29 - 2017-04-04 12:54 - 000346664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
      2018-08-30 23:29 - 2017-04-04 12:54 - 000229384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
      2018-08-30 23:29 - 2017-04-04 12:54 - 000201320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
      2018-08-30 23:29 - 2017-04-04 12:54 - 000059568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
      2018-08-30 23:29 - 2016-04-28 15:24 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2018-08-30 23:29 - 2016-04-28 15:24 - 000381560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2018-08-30 23:29 - 2016-04-28 15:24 - 000111864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2018-08-30 23:29 - 2016-04-28 15:24 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      2018-08-30 13:39 - 2018-08-29 08:46 - 000077824 ____H C:\Users\Dellssd\Desktop\~WRL3210.tmp
      ==================== Files in the root of some directories =======
      2015-10-21 18:11 - 2015-10-21 18:11 - 130502551 _____ () C:\Program Files\openoffice1.cab
      2015-10-21 18:10 - 2015-10-21 18:10 - 002310144 _____ () C:\Program Files\openoffice412.msi
      2015-10-21 18:10 - 2015-10-21 18:10 - 000478720 _____ () C:\Program Files\setup.exe
      2015-10-21 18:10 - 2015-10-21 18:10 - 000000279 _____ () C:\Program Files\setup.ini
      2016-12-08 14:00 - 2017-03-04 10:53 - 000000132 _____ () C:\Users\Dellssd\AppData\Roaming\Adobe AIFF Format CS6 Prefs
      2016-12-07 08:29 - 2016-12-07 08:29 - 000000146 _____ () C:\Users\Dellssd\AppData\Roaming\gamma_ramp.reg
      2018-09-29 11:31 - 2018-09-29 11:31 - 000001191 _____ () C:\Users\Dellssd\AppData\Roaming\uni.txt
      2017-04-08 21:19 - 2016-03-31 21:40 - 000145792 _____ () C:\Users\Dellssd\AppData\Local\downloader.exe
      2016-04-28 19:38 - 2016-04-28 19:38 - 000000003 ____H () C:\Users\Dellssd\AppData\Local\updater.log
      2016-04-28 19:38 - 2016-04-28 19:38 - 000000424 ____H () C:\Users\Dellssd\AppData\Local\UserProducts.xml
      2016-10-29 12:23 - 2016-10-29 12:23 - 000017408 _____ () C:\Users\Dellssd\AppData\Local\WebpageIcons.db
      2017-02-10 09:00 - 2017-02-10 09:00 - 000000000 _____ () C:\Users\Dellssd\AppData\Local\{DC54C818-2F39-4DF4-A54B-09F3D3BE3CC3}
      Some files in TEMP:
      ====================
      2018-04-09 11:51 - 2018-08-20 12:55 - 062983128 _____ (Softland) C:\Users\Dellssd\AppData\Local\Temp\dopdf-full.exe
      2017-05-15 14:12 - 2017-05-15 14:12 - 003463288 _____ (Gadomotus                                                   ) C:\Users\Dellssd\AppData\Local\Temp\ICReinstall_microsoft_office (1).exe
      2016-10-29 19:52 - 2016-10-30 14:18 - 037642072 _____ (PandoraTV) C:\Users\Dellssd\AppData\Local\Temp\KMP_4.1.3.3.exe
      2017-12-16 10:25 - 2017-12-16 10:25 - 039544976 _____ (PandoraTV) C:\Users\Dellssd\AppData\Local\Temp\KMP_4.2.2.5.exe
      2016-12-06 13:30 - 2016-12-07 08:28 - 048947193 _____ () C:\Users\Dellssd\AppData\Local\Temp\new_version.exe
      2017-10-10 23:42 - 2017-10-10 23:42 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201710104236545.dll
      2017-10-12 10:00 - 2017-10-12 10:00 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017101208259.dll
      2017-10-13 10:42 - 2017-10-13 10:42 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201710134229437.dll
      2017-10-13 10:47 - 2017-10-13 10:47 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171013479979.dll
      2017-10-16 10:13 - 2017-10-16 10:13 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201710161342290.dll
      2017-10-19 23:59 - 2017-10-19 23:59 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201710195926616.dll
      2017-10-24 10:14 - 2017-10-24 10:14 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201710241457563.dll
      2017-10-24 10:09 - 2017-10-24 10:09 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171024911435.dll
      2017-10-02 08:58 - 2017-10-02 08:58 - 002163200 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171025819305.dll
      2017-10-28 08:06 - 2017-10-28 08:06 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171028622139.dll
      2017-10-04 09:31 - 2017-10-04 09:31 - 002163200 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171043113370.dll
      2017-10-05 09:53 - 2017-10-05 09:53 - 002163200 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017105532580.dll
      2017-10-06 09:16 - 2017-10-06 09:16 - 002163200 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171061623730.dll
      2017-10-06 23:52 - 2017-10-06 23:52 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171065224505.dll
      2017-10-07 09:54 - 2017-10-07 09:54 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171075447890.dll
      2017-10-09 10:23 - 2017-10-09 10:23 - 002163712 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171092328422.dll
      2017-11-10 11:43 - 2017-11-10 11:43 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201711104321386.dll
      2017-11-01 10:23 - 2017-11-01 10:23 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171112339856.dll
      2017-11-02 00:52 - 2017-11-02 00:52 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171115225368.dll
      2017-11-17 12:11 - 2017-11-17 12:11 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171117111267.dll
      2017-11-18 19:17 - 2017-11-18 19:17 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201711181734927.dll
      2017-11-21 00:46 - 2017-11-21 00:46 - 002230784 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017112046238.dll
      2017-11-23 00:46 - 2017-11-23 00:46 - 002230784 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201711224618694.dll
      2017-11-25 09:12 - 2017-11-25 09:12 - 002230784 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201711251244928.dll
      2017-11-27 10:16 - 2017-11-27 10:16 - 002230784 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201711271659784.dll
      2017-11-06 09:42 - 2017-11-06 09:42 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171164236192.dll
      2017-11-08 10:10 - 2017-11-08 10:10 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017118103184.dll
      2017-11-09 00:50 - 2017-11-09 00:50 - 002172416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171185049290.dll
      2017-12-11 11:10 - 2017-12-11 11:10 - 002230784 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171211109386.dll
      2017-12-16 10:08 - 2017-12-16 10:08 - 002230784 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171216841406.dll
      2017-12-20 10:30 - 2017-12-20 10:30 - 002230784 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171220300768.dll
      2017-12-21 09:59 - 2017-12-21 09:59 - 002228736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171221599557.dll
      2017-12-25 11:52 - 2017-12-25 11:52 - 002228736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201712255220697.dll
      2017-12-27 10:46 - 2017-12-27 10:46 - 002228736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201712274620418.dll
      2017-12-28 10:30 - 2017-12-28 10:30 - 002228736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20171228304823.dll
      2017-12-30 09:54 - 2017-12-30 09:54 - 002228736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201712305435151.dll
      2017-12-06 11:04 - 2017-12-06 11:04 - 002230784 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017126459962.dll
      2017-05-16 23:45 - 2017-05-16 23:45 - 001980416 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20175164533688.dll
      2017-05-19 08:44 - 2017-05-19 08:44 - 002008064 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20175194420141.dll
      2017-05-20 06:44 - 2017-05-20 06:44 - 002008064 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20175204459667.dll
      2017-05-24 09:17 - 2017-05-24 09:17 - 002008064 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017524175694.dll
      2017-05-29 08:07 - 2017-05-29 08:07 - 002008064 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20175297735.dll
      2017-06-13 07:40 - 2017-06-13 07:40 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20176134013374.dll
      2017-06-13 23:42 - 2017-06-13 23:42 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017613428192.dll
      2017-06-16 08:07 - 2017-06-16 08:07 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017616745230.dll
      2017-06-17 20:54 - 2017-06-17 20:54 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20176175444375.dll
      2017-06-20 12:39 - 2017-06-20 12:39 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017620392713.dll
      2017-06-22 07:31 - 2017-06-22 07:31 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20176223128826.dll
      2017-06-30 08:43 - 2017-06-30 08:43 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017630439814.dll
      2017-06-05 13:34 - 2017-06-05 13:34 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017653419350.dll
      2017-06-06 23:39 - 2017-06-06 23:39 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017663958437.dll
      2017-06-08 18:49 - 2017-06-08 18:49 - 002011648 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017684938352.dll
      2017-07-10 18:05 - 2017-07-10 18:05 - 001972736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017710548407.dll
      2017-07-14 18:41 - 2017-07-14 18:41 - 001973248 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017714411279.dll
      2017-07-18 23:54 - 2017-07-18 23:54 - 001973248 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20177185419573.dll
      2017-07-21 05:15 - 2017-07-21 05:15 - 001973760 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20177211525566.dll
      2017-07-27 09:55 - 2017-07-27 09:55 - 001973760 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20177275517760.dll
      2017-07-28 04:57 - 2017-07-28 04:57 - 001973760 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20177285736189.dll
      2017-07-03 08:19 - 2017-07-03 08:19 - 001972736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017731946996.dll
      2017-07-04 09:07 - 2017-07-04 09:07 - 001972736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201774732193.dll
      2017-08-01 08:38 - 2017-08-01 08:38 - 001973760 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201781381180.dll
      2017-08-16 05:06 - 2017-08-16 05:06 - 001973760 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017816647150.dll
      2017-08-18 04:56 - 2017-08-18 04:56 - 001999360 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20178185624580.dll
      2017-08-20 07:53 - 2017-08-20 07:53 - 001999360 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20178205358978.dll
      2017-08-23 09:46 - 2017-08-23 09:46 - 001999360 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20178234653479.dll
      2017-08-26 09:05 - 2017-08-26 09:05 - 001999360 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017826549919.dll
      2017-08-31 08:56 - 2017-08-31 08:56 - 001999872 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017831561686.dll
      2017-08-05 07:40 - 2017-08-05 07:40 - 001973760 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017854013409.dll
      2017-08-06 22:28 - 2017-08-06 22:28 - 001973760 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017862837477.dll
      2017-08-09 09:31 - 2017-08-09 09:31 - 001973760 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017893159204.dll
      2017-09-14 08:52 - 2017-09-14 08:52 - 001999872 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20179145250727.dll
      2017-09-20 08:56 - 2017-09-20 08:56 - 001999872 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20179205616444.dll
      2017-09-02 09:04 - 2017-09-02 09:04 - 001999872 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201792421331.dll
      2017-09-26 11:48 - 2017-09-26 11:48 - 001999872 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20179264854497.dll
      2017-09-28 00:05 - 2017-09-28 00:05 - 001999872 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017927529360.dll
      2017-09-07 04:56 - 2017-09-07 04:56 - 001999872 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2017975639972.dll
      2018-01-16 10:06 - 2018-01-16 10:06 - 002329600 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_201811662581.dll
      2018-01-18 00:32 - 2018-01-18 00:32 - 002329600 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20181173214934.dll
      2018-01-19 00:31 - 2018-01-19 00:31 - 002329600 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20181183124471.dll
      2018-01-21 11:17 - 2018-01-21 11:17 - 002329600 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_20181211757955.dll
      2018-01-04 11:38 - 2018-01-04 11:38 - 002228736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2018143847667.dll
      2018-01-07 08:59 - 2018-01-07 08:59 - 002228736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2018175955849.dll
      2018-01-09 10:29 - 2018-01-09 10:29 - 002228736 _____ (Opera Software) C:\Users\Dellssd\AppData\Local\Temp\Opera_installer_2018192959337.dll
      2010-06-17 17:09 - 2010-06-17 17:09 - 000149352 ____R (Microsoft Corporation) C:\Users\Dellssd\AppData\Local\Temp\ose00000.exe
      2012-11-10 21:20 - 2012-11-10 21:20 - 000150600 ____R (Microsoft Corporation) C:\Users\Dellssd\AppData\Local\Temp\ose00001.exe
      2008-11-16 13:38 - 2008-11-16 13:38 - 000145184 ____R (Microsoft Corporation) C:\Users\Dellssd\AppData\Local\Temp\ose00002.exe
      2010-06-17 17:09 - 2010-06-17 17:09 - 000149352 ____R (Microsoft Corporation) C:\Users\Dellssd\AppData\Local\Temp\ose00003.exe
      2016-08-16 10:48 - 2016-08-16 10:48 - 000488960 _____ () C:\Users\Dellssd\AppData\Local\Temp\sqlite3.exe
      2017-04-22 19:34 - 2017-04-22 19:34 - 000181544 _____ () C:\Users\Dellssd\AppData\Local\Temp\ubar-yadownloader.exe
      2017-03-15 22:10 - 2017-03-15 22:10 - 014456872 _____ (Microsoft Corporation) C:\Users\Dellssd\AppData\Local\Temp\vc_redist.x86.exe
      2017-08-13 12:15 - 2017-08-13 12:15 - 030950664 _____ () C:\Users\Dellssd\AppData\Local\Temp\vlc-2.2.6-win32.exe
      2017-04-14 13:05 - 2017-04-14 13:05 - 000349280 _____ (Lavasoft) C:\Users\Dellssd\AppData\Local\Temp\WcInstaller.exe
      2017-04-22 21:17 - 2017-03-27 12:10 - 000237920 _____ () C:\Users\Dellssd\AppData\Local\Temp\YandexWorking.exe
      2017-03-30 21:07 - 2017-03-30 21:07 - 061980664 _____ (YANDEX LLC) C:\Users\Dellssd\AppData\Local\Temp\{13BD144E-5CAE-445E-ACAC-B02F6DDCF43E}.exe
      2016-10-20 12:07 - 2016-10-20 12:07 - 044295032 _____ (Google Inc.) C:\Users\Dellssd\AppData\Local\Temp\{486E4B52-BB14-452C-9A04-353419ACD5E8}-54.0.2840.71_chrome_installer.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-09-25 14:59
      ==================== End of FRST.txt ============================
      Addition.txt
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.