Премини към съдържанието

    Препоръчан отговор


    Компютъра ми се зарази с един от най-гадните вируси.
    Не ме интересува нищо освен информацията ми. (Лични снимки, клипове,музика и др.) 
    Има ли начин да си възстановя информацията ? Знам, че първо трябва да се премахне вируса, но изобщо как се маха ? Не искам да загубя дори и най-малката информация.
    Заразен е само единия хард диск (в който са ми личните снимки,музика и др.), а C-то не е. Информацията, която искам да възстановя е около 210 GB. Компютъра ми е с Windows XP. Заразен съм с Cryptowall 3.0
    Искам помощ, за да възстановя информацията си. Ако не е възможно да възстановя дори и малка част от информацията си, предпочитам да форматирам всичко, отколкото да се мъча, за да премахна вируса.

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
    Ran by Administrator (administrator) on AHMED-7CF62A979 on 15-06-2015 18:27:30
    Running from D:\Documents and Settings\Administrator\Desktop
    Loaded Profiles: UpdatusUser & Administrator (Available Profiles: UpdatusUser & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: IE)
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Enigma Software Group USA, LLC.) D:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
    (Avira Operations GmbH & Co. KG) D:\Program Files\Avira\Antivirus\sched.exe
    (Realtek Semiconductor Corp.) D:\WINDOWS\RTHDCPL.EXE
    (Microsoft Corporation) D:\WINDOWS\system32\rundll32.exe
    (VM305SNAP) D:\WINDOWS\vm305_sti.exe
    (Microsoft Corporation) D:\WINDOWS\system32\rundll32.exe
    (Pinnacle Systems GmbH) D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
    (Avira Operations GmbH & Co. KG) D:\Program Files\Avira\Antivirus\avgnt.exe
    (Enigma Software Group USA, LLC.) D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    (SlimWare Utilities, Inc.) D:\Program Files\SlimDrivers\SlimDrivers.exe
    (BitTorrent Inc.) D:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe
    (Skype Technologies S.A.) D:\Program Files\Skype\Phone\Skype.exe
    (© 2015 Microsoft Corporation) D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\BingSvc\BingSvc.exe
    (Piriform Ltd) D:\Program Files\CCleaner\CCleaner.exe
    (Avira Operations GmbH & Co. KG) D:\Program Files\Avira\Antivirus\avguard.exe
    (Avira Operations GmbH & Co. KG) D:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
    (NVIDIA Corporation) D:\WINDOWS\system32\nvsvc32.exe
    (NVIDIA Corporation) D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (www.shadowexplorer.com) D:\Program Files\ShadowExplorer\sesvc.exe
    (DEVGURU Co., LTD.) D:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
    (Avira Operations GmbH & Co. KG) D:\Program Files\Avira\Antivirus\avshadow.exe
    (Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [iMJPMIG8.1] => D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
    HKLM\...\Run: [MSPY2002] => D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
    HKLM\...\Run: [PHIME2002ASync] => D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
    HKLM\...\Run: [PHIME2002A] => D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
    HKLM\...\Run: [RTHDCPL] => D:\WINDOWS\RTHDCPL.EXE [20145368 2000-01-01] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [nwiz] => D:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2000-01-01] ()
    HKLM\...\Run: [bigDog305] => D:\WINDOWS\VM305_STI.EXE [57344 2007-04-09] (VM305SNAP)
    HKLM\...\Run: [bluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    HKLM\...\Run: [uSBToolTip] => D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
    HKLM\...\Run: [NeroFilterCheck] => D:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
    HKLM\...\Run: [KiesTrayAgent] => D:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)
    HKLM\...\Run: [Avira Systray] => D:\Program Files\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
    HKLM\...\Run: [avgnt] => D:\Program Files\Avira\Antivirus\avgnt.exe [730416 2015-05-27] (Avira Operations GmbH & Co. KG)
    HKLM\...\Run: [spyHunter Security Suite] => D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [7125376 2015-06-14] (Enigma Software Group USA, LLC.)
    HKU\S-1-5-21-583907252-1580818891-682003330-500\...\Run: [slimDrivers] => D:\Program Files\SlimDrivers\SlimDrivers.exe [29731096 2015-02-27] (SlimWare Utilities, Inc.)
    HKU\S-1-5-21-583907252-1580818891-682003330-500\...\Run: [uTorrent] => D:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe [1694560 2015-05-19] (BitTorrent Inc.)
    HKU\S-1-5-21-583907252-1580818891-682003330-500\...\Run: [skype] => D:\Program Files\Skype\Phone\Skype.exe [28787840 2015-06-02] (Skype Technologies S.A.)
    HKU\S-1-5-21-583907252-1580818891-682003330-500\...\Run: [bingSvc] => D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-583907252-1580818891-682003330-500\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
    SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
    Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2015-04-12]
    ShortcutTarget: Adobe Gamma Loader.lnk -> D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-583907252-1580818891-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-583907252-1580818891-682003330-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-583907252-1580818891-682003330-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1434311721&z=a86164c96954c6d4a544fe7g2zfc4zbc2g4gfq9t6e&from=amt&uid=SAMSUNGXHD321KJ_401511CQ132512&q={searchTerms}
    HKU\S-1-5-21-583907252-1580818891-682003330-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hp&ts=1434311721&z=a86164c96954c6d4a544fe7g2zfc4zbc2g4gfq9t6e&from=amt&uid=SAMSUNGXHD321KJ_401511CQ132512
    HKU\S-1-5-21-583907252-1580818891-682003330-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-583907252-1580818891-682003330-500\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1434311721&z=a86164c96954c6d4a544fe7g2zfc4zbc2g4gfq9t6e&from=amt&uid=SAMSUNGXHD321KJ_401511CQ132512&q={searchTerms}
    HKU\S-1-5-21-583907252-1580818891-682003330-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hp&ts=1434311721&z=a86164c96954c6d4a544fe7g2zfc4zbc2g4gfq9t6e&from=amt&uid=SAMSUNGXHD321KJ_401511CQ132512
    URLSearchHook: [s-1-5-21-583907252-1580818891-682003330-1003] ATTENTION ==> Default URLSearchHook is missing.
    SearchScopes: HKU\S-1-5-21-583907252-1580818891-682003330-500 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=SAMSUNGXHD321KJ_401511CQ132512&ts=1434311906&type=default&q={searchTerms}
    BHO: No Name -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} ->  No File
    Winsock: Catalog9 01 D:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-06-14] (Avira Operations GmbH & Co. KG)
    Winsock: Catalog9 02 D:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-06-14] (Avira Operations GmbH & Co. KG)
    Winsock: Catalog9 19 D:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-06-14] (Avira Operations GmbH & Co. KG)
    Tcpip\Parameters: [DhcpNameServer] 212.39.90.42 212.39.90.43
     
    FireFox:
    ========
    FF ProfilePath: D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rfGRZhIl.default
    FF Plugin: @microsoft.com/WPF,version=3.5 -> D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> D:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> D:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
    FF Extension: Avira Browser Safety - D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rfGRZhIl.default\Extensions\abs@avira.com [2015-06-14]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-04-12]
     
    Chrome: 
    =======
    CHR Profile: D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-12]
    CHR Extension: (Google Docs) - D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-12]
    CHR Extension: (Google Drive) - D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-12]
    CHR Extension: (YouTube) - D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-12]
    CHR Extension: (Google Search) - D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-12]
    CHR Extension: (Google Sheets) - D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-12]
    CHR Extension: (Google Wallet) - D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-12]
    CHR Extension: (Gmail) - D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-12]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-583907252-1580818891-682003330-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S2 AntiVirMailService; D:\Program Files\Avira\Antivirus\avmailc.exe [825136 2015-05-27] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; D:\Program Files\Avira\Antivirus\sched.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; D:\Program Files\Avira\Antivirus\avguard.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
    S2 AntiVirWebService; D:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [1187336 2015-05-27] (Avira Operations GmbH & Co. KG)
    R2 Avira.ServiceHost; D:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
    R2 sesvc; D:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
    R2 SpyHunter 4 Service; D:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [771456 2015-06-14] (Enigma Software Group USA, LLC.)
    R2 ss_conn_service; D:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R3 3xHybrid; D:\WINDOWS\System32\DRIVERS\3xHybrid.sys [1115392 2000-01-01] (NXP Semiconductors Germany GmbH)
    S3 Ambfilt; D:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2000-01-01] (Creative)
    R0 amdide; D:\WINDOWS\System32\DRIVERS\amdide.sys [11832 2010-06-30] (Advanced Micro Devices Inc.)
    R2 avgntflt; D:\WINDOWS\System32\DRIVERS\avgntflt.sys [108448 2015-05-27] (Avira Operations GmbH & Co. KG)
    R1 avipbb; D:\WINDOWS\System32\DRIVERS\avipbb.sys [136728 2015-05-27] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; D:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-05-27] (Avira Operations GmbH & Co. KG)
    S3 CCDECODE; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    S3 esgiguard; D:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-06-14] (Enigma Software Group USA, LLC.)
    S3 EsgScanner; D:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-06-14] ()
    R2 LANPkt; D:\WINDOWS\System32\DRIVERS\LANPkt.sys [8440 2003-09-17] (Windows ® 2000 DDK provider) [File not signed]
    R3 MarvinBus; D:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
    S3 Monfilt; D:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2000-01-01] (Creative Technology Ltd.)
    S3 MPE; D:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
    R0 mv61xxmm; D:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2012-11-15] (Marvell Semiconductor Inc.)
    R0 mv64xxmm; D:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2012-11-15] (Marvell Semiconductor Inc.) [File not signed]
    R0 mvxxmm; D:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2012-11-15] (Marvell Semiconductor Inc.)
    S3 NdisIP; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    R1 ssmdrv; D:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-05-27] (Avira Operations GmbH & Co. KG)
    S3 SWDUMon; D:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13368 2015-06-15] (SlimWare Utilities, Inc.)
    R3 ZSMC0305; D:\WINDOWS\System32\Drivers\usbVM305.sys [391688 2006-05-08] (Vimicro Corporation)
    S4 IntelIde; No ImagePath
    U1 WS2IFSL; No ImagePath
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2015-06-15 18:27 - 2015-06-15 18:28 - 00018159 _____ D:\Documents and Settings\Administrator\Desktop\FRST.txt
    2015-06-15 18:18 - 2015-06-15 18:27 - 00000000 ____D D:\FRST
    2015-06-15 18:18 - 2015-06-15 18:18 - 01148416 _____ (Farbar) D:\Documents and Settings\Administrator\Desktop\FRST.exe
    2015-06-15 15:26 - 2015-06-15 15:26 - 00000000 ____D D:\WINDOWS\LastGood
    2015-06-15 02:16 - 2015-06-15 02:17 - 00000000 ____D D:\Program Files\Recuva
    2015-06-15 02:16 - 2015-06-15 02:16 - 00001512 _____ D:\Documents and Settings\All Users\Desktop\Recuva.lnk
    2015-06-15 02:16 - 2015-06-15 02:16 - 00000000 ____D D:\Documents and Settings\All Users\Start Menu\Programs\Recuva
    2015-06-15 01:23 - 2015-06-15 01:23 - 00000000 ____D D:\Documents and Settings\Administrator\Application Data\www.shadowexplorer.com
    2015-06-15 01:22 - 2015-06-15 01:23 - 00000000 ____D D:\Program Files\ShadowExplorer
    2015-06-15 01:22 - 2015-06-15 01:22 - 00000000 ____D D:\Documents and Settings\All Users\Start Menu\Programs\ShadowExplorer
    2015-06-14 22:57 - 2015-06-14 22:57 - 00000000 _____ D:\WINDOWS\prleth.sys
    2015-06-14 22:57 - 2015-06-14 22:57 - 00000000 _____ D:\WINDOWS\hgfs.sys
    2015-06-14 22:54 - 2015-06-14 23:19 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\{f0ad618f-07a4-a25f-f0ad-d618f07a863c}
    2015-06-14 21:54 - 2015-06-14 21:54 - 00000000 _____ D:\autoexec.bat
    2015-06-14 21:53 - 2015-06-14 21:53 - 00000935 _____ D:\Documents and Settings\Administrator\Desktop\SpyHunter.lnk
    2015-06-14 21:53 - 2015-06-14 21:53 - 00000000 ____D D:\Documents and Settings\Administrator\Start Menu\Programs\SpyHunter
    2015-06-14 21:53 - 2015-06-14 21:53 - 00000000 ____D D:\Documents and Settings\Administrator\Application Data\Enigma Software Group
    2015-06-14 21:52 - 2015-06-14 21:53 - 00000000 ____D D:\sh4ldr
    2015-06-14 21:50 - 2015-06-14 21:50 - 00019984 _____ D:\WINDOWS\system32\Drivers\EsgScanner.sys
    2015-06-14 21:49 - 2015-06-14 21:49 - 00000000 ____D D:\Program Files\Enigma Software Group
    2015-06-14 17:32 - 2015-06-15 15:26 - 00012257 _____ D:\WINDOWS\setupapi.log
    2015-06-14 17:32 - 2015-06-14 23:40 - 00000000 ____D D:\WINDOWS\system32\NtmsData
    2015-06-14 16:44 - 2015-06-14 16:44 - 00000000 ____D D:\Documents and Settings\Administrator\Application Data\Mozilla
    2015-06-14 16:43 - 2015-06-14 16:43 - 00000000 ____D D:\Documents and Settings\LocalService\Application Data\Avira
    2015-06-14 16:43 - 2015-06-14 16:43 - 00000000 ____D D:\Documents and Settings\Administrator\Application Data\Avira
    2015-06-14 16:37 - 2015-05-27 13:08 - 00031848 _____ (Avira Operations GmbH & Co. KG) D:\WINDOWS\system32\Drivers\ssmdrv.sys
    2015-06-14 16:37 - 2015-05-27 13:07 - 00136728 _____ (Avira Operations GmbH & Co. KG) D:\WINDOWS\system32\Drivers\avipbb.sys
    2015-06-14 16:37 - 2015-05-27 13:07 - 00108448 _____ (Avira Operations GmbH & Co. KG) D:\WINDOWS\system32\Drivers\avgntflt.sys
    2015-06-14 16:37 - 2015-05-27 13:07 - 00037896 _____ (Avira Operations GmbH & Co. KG) D:\WINDOWS\system32\Drivers\avkmgr.sys
    2015-06-14 16:32 - 2015-06-14 16:32 - 00000841 _____ D:\Documents and Settings\All Users\Desktop\Avira.lnk
    2015-06-14 16:31 - 2015-06-14 16:41 - 00000000 ____D D:\Documents and Settings\All Users\Start Menu\Programs\Avira
    2015-06-14 16:30 - 2015-06-14 16:41 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\Avira
    2015-06-14 16:30 - 2015-06-14 16:36 - 00000000 ____D D:\Program Files\Avira
    2015-06-14 16:30 - 2015-06-14 16:30 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\Package Cache
    2015-06-13 12:14 - 2015-06-13 12:19 - 00000000 ___RD D:\Documents and Settings\Administrator\Desktop\MY MOVIE 1
    2015-06-12 18:39 - 2015-06-12 18:39 - 00026026 _____ D:\off_dib.bmp
    2015-06-12 18:36 - 2015-06-12 18:42 - 00000000 ___RD D:\Documents and Settings\Administrator\Desktop\155
    2015-06-12 18:36 - 2015-06-12 18:36 - 00000006 _____ D:\Documents and Settings\Administrator\Desktop\155..stx
    2015-06-09 19:39 - 2015-06-14 16:28 - 00000069 _____ D:\WINDOWS\NeroDigital.ini
    2015-05-20 00:38 - 2015-05-20 02:19 - 00000000 ___RD D:\Documents and Settings\Administrator\Desktop\MY MOVIE
    2015-05-20 00:38 - 2015-05-20 00:38 - 00000006 _____ D:\Documents and Settings\Administrator\Desktop\My Movie.stx
    2015-05-19 15:57 - 2014-10-13 08:57 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) D:\WINDOWS\system32\Drivers\ssudmdm.sys
    2015-05-19 15:57 - 2014-10-13 08:57 - 00089856 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) D:\WINDOWS\system32\Drivers\ssudbus.sys
    2015-05-19 15:42 - 2015-05-19 15:42 - 00000000 ____D D:\Documents and Settings\All Users\Start Menu\Programs\Samsung
    2015-05-19 15:42 - 2013-12-30 10:53 - 04659712 _____ (Dmitry Streblechenko) D:\WINDOWS\system32\Redemption.dll
    2015-05-19 15:42 - 2013-12-30 10:52 - 00821824 _____ (Devguru Co., Ltd.) D:\WINDOWS\system32\dgderapi.dll
    2015-05-19 15:42 - 2013-12-30 10:52 - 00319456 _____ (Microsoft Corporation) D:\WINDOWS\system32\DIFxAPI.dll
    2015-05-19 15:42 - 2013-12-30 10:52 - 00020032 _____ (Devguru Co., Ltd) D:\WINDOWS\system32\Drivers\dgderdrv.sys
    2015-05-19 15:41 - 2015-05-19 15:57 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\Samsung
    2015-05-19 15:27 - 2015-05-19 15:27 - 00000000 ____D D:\Documents and Settings\Administrator\Application Data\Samsung
    2015-05-19 15:27 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) D:\WINDOWS\system32\secman.dll
    2015-05-19 15:26 - 2015-05-19 15:57 - 00000000 ____D D:\Program Files\Samsung
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2015-06-15 18:28 - 2015-04-12 22:04 - 00000000 ____D D:\Documents and Settings\Administrator\Application Data\uTorrent
    2015-06-15 18:28 - 2015-04-12 18:08 - 00000000 ____D D:\Documents and Settings\Administrator\Local Settings\Temp
    2015-06-15 18:20 - 2015-04-12 20:10 - 00000986 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-06-15 17:33 - 2015-04-12 17:56 - 00000830 _____ D:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-06-15 17:12 - 2015-05-04 15:43 - 00000438 ____H D:\WINDOWS\Tasks\User_Feed_Synchronization-{F02999CF-576C-4500-9BFD-E94526DE5AA7}.job
    2015-06-15 16:20 - 2015-04-12 20:10 - 00000982 _____ D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-06-15 15:29 - 2015-04-12 20:41 - 00508956 _____ D:\WINDOWS\system32\PerfStringBackup.INI
    2015-06-15 15:21 - 2015-04-13 09:39 - 00000000 ____D D:\Documents and Settings\Administrator\Application Data\Skype
    2015-06-15 15:21 - 2015-04-12 17:54 - 00624284 _____ D:\WINDOWS\WindowsUpdate.log
    2015-06-15 15:20 - 2015-04-12 20:45 - 00000159 _____ D:\WINDOWS\wiadebug.log
    2015-06-15 15:20 - 2015-04-12 20:45 - 00000052 _____ D:\WINDOWS\wiaservc.log
    2015-06-15 15:20 - 2015-04-12 19:13 - 00013368 _____ (SlimWare Utilities, Inc.) D:\WINDOWS\system32\Drivers\SWDUMon.sys
    2015-06-15 15:20 - 2015-04-12 18:08 - 00000006 ____H D:\WINDOWS\Tasks\SA.DAT
    2015-06-15 02:40 - 2015-04-12 18:08 - 00032060 _____ D:\WINDOWS\SchedLgU.Txt
    2015-06-15 02:40 - 2015-04-12 18:08 - 00000178 ___SH D:\Documents and Settings\Administrator\ntuser.ini
    2015-06-15 02:40 - 2015-04-12 18:08 - 00000000 ____D D:\Documents and Settings\Administrator
    2015-06-14 23:34 - 2015-04-12 17:50 - 00000000 ____D D:\WINDOWS\Registration
    2015-06-14 23:23 - 2015-04-12 17:51 - 00000611 _____ D:\Documents and Settings\All Users\Start Menu\Microsoft Update Catalog.lnk
    2015-06-14 22:56 - 2015-04-12 20:19 - 00002087 _____ D:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2015-06-14 22:56 - 2015-04-12 18:10 - 00001079 _____ D:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
    2015-06-14 22:18 - 2015-04-12 19:42 - 00001599 _____ D:\Documents and Settings\UpdatusUser\Start Menu\Programs\Remote Assistance.lnk
    2015-06-14 22:18 - 2015-04-12 17:56 - 00001607 _____ D:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
    2015-06-14 22:18 - 2015-04-12 17:56 - 00001599 _____ D:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
    2015-06-14 22:18 - 2015-04-12 17:51 - 00001570 _____ D:\Documents and Settings\All Users\Start Menu\Microsoft Update.lnk
    2015-06-14 22:09 - 2015-04-12 18:08 - 00001599 _____ D:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
    2015-06-14 20:56 - 2015-04-12 20:56 - 00000672 _____ D:\WINDOWS\Tasks\klcp_update.job
    2015-06-14 19:03 - 2015-04-15 01:18 - 00000000 ____D D:\Documents and Settings\Administrator\Application Data\PhotoScape
    2015-06-14 17:32 - 2015-04-12 20:30 - 00000000 ____D D:\WINDOWS\repair
    2015-06-14 16:54 - 2015-04-19 16:54 - 00000000 ____D D:\Program Files\CCleaner
    2015-06-14 16:26 - 2008-04-14 16:00 - 00002206 _____ D:\WINDOWS\system32\wpa.dbl
    2015-06-13 12:31 - 2015-04-12 19:56 - 00421640 _____ D:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2015-06-13 12:18 - 2015-04-12 20:23 - 00000000 ____D D:\Documents and Settings\Administrator\Local Settings\Application Data\Pinnacle
    2015-06-13 12:16 - 2015-04-12 20:56 - 00025088 _____ D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-06-12 19:16 - 2015-04-12 19:16 - 00000382 _____ D:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Administrator).job
    2015-06-12 15:32 - 2015-04-21 15:09 - 00129536 ___SH D:\Documents and Settings\Administrator\Desktop\Thumbs.db
    2015-06-12 00:44 - 2008-04-14 16:00 - 00000928 _____ D:\WINDOWS\win.ini
    2015-06-09 14:02 - 2015-04-13 09:39 - 00000000 ____D D:\Documents and Settings\All Users\Application Data\Skype
    2015-06-08 17:35 - 2015-04-12 19:13 - 00002231 _____ D:\Documents and Settings\All Users\Desktop\SlimDrivers.lnk
    2015-05-19 23:49 - 2015-04-12 20:42 - 00000000 ____D D:\Documents and Settings\Administrator\My Documents\Pinnacle Studio
    2015-05-19 15:42 - 2015-04-12 19:16 - 00000000 ___HD D:\Program Files\InstallShield Installation Information
    2015-05-19 15:40 - 2015-04-12 20:24 - 00000000 ____D D:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations
     
    ==================== Files in the root of some directories =======
     
    2015-04-12 20:56 - 2015-06-13 12:16 - 0025088 _____ () D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
    Some files in TEMP:
    ====================
    D:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    D:\WINDOWS\explorer.exe => File is digitally signed
    D:\WINDOWS\system32\winlogon.exe => File is digitally signed
    D:\WINDOWS\system32\svchost.exe => File is digitally signed
    D:\WINDOWS\system32\services.exe => File is digitally signed
    D:\WINDOWS\system32\User32.dll => File is digitally signed
    D:\WINDOWS\system32\userinit.exe => File is digitally signed
    D:\WINDOWS\system32\rpcss.dll => File is digitally signed
    D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    ==================== End of log ============================

    Addition.txt

    Редактирано от B-boy[StyLe] (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Посети, прочети и изпълни изискванията за линка:

    https://www.kaldata.com/forums/topic/132819-%d1%81%d0%b8%d1%81%d1%82%d0%b5%d0%bc%d0%b0%d1%82%d0%b0-%d0%bc%d0%b8-%d0%b5-%d0%b8%d0%bd%d1%84%d0%b5%d0%ba%d1%82%d0%b8%d1%80%d0%b0%d0%bd%d0%b0-%d0%ba%d0%b0%d0%ba%d0%b2%d0%be-%d0%b4%d0%b0-%d0%bf%d1%80%d0%b0%d0%b2%d1%8f-%d1%81%d0%b5%d0%b3%d0%b0/

    Въоръжи се с търпение и изчакай член на HJT екипа да напише инструкции. Психически се подготви за нулево възстановяване на личчни дикументи - документи, снимки, музика...

    Редактирано от ExaFlop (преглед на промените)
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Искам колкото се може дори и да е малка част, да възстановя това, което може....
    Ако не е възможно да си възстановя информацията, по-добре да форматирам целия компютър. Няма смисъл да се мъча,за да премахна вируса.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте..! Прочетете следната статия:
     
    http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information
     
    Ако по този начин не можете да възстановите част от файловете си..Просто е загубена кауза е естествено ако не си платите за декриптор..!
     
     

     

     
    How to restore files encrypted by CryptoWall
    If your files have become encrypted and you are not going to pay the ransom then there are a few methods you can try to restore your files.
     
    Method 1: Backups
    The first and best method is to restore your data from a recent backup. If you have been performing backups, then you should use your backups to restore your data.
     
    Method 2: File Recovery Software
    When CryptoWall encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you can use file recovery software such as R-Studio or Photorec to possibly recover some of your original files. It is important to note that the more you use your computer after the files are encrypted the more difficult it will be for file recovery programs to recover the deleted un-encrypted files.
     
    Method 3: Shadow Volume Copies
    As a last resort, you can try to restore your files via Shadow Volume Copies. Unfortunately, this infection will attempt to delete any Shadow Volume Copies on your computer, but sometimes it fails to do so and you can use them to restore your files. For more information on how to restore your files via Shadow Volume Copies, please see the link below:


    Method 4: Restore DropBox Folders
    If you had your dropbox account mapped as a drive letter then it is possible that its contents were encrypted by CryptoWall. If this is the case you can use the link below to learn how to restore your files.

     

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Може ли да споделите дали успяхте да се справите с вируса? И аз имам такъв проблем и сега открих този форум.


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Може ли да споделите дали успяхте да се справите с вируса? И аз имам такъв проблем и сега открих този форум.

    За съжаление НЕ!  Пробвах всички начини за възстановяване на информацията, но никакъв ефект... Последно един техник ме посъветва да извадя хард диска и да го вдигне някъде, известно време да не го използвам. Вируса се хранил, когато има връзка с интернет и когато се използва компютъра... И така след известно време можело да изчезне... Не ми се вярва да е истина, но ще видим дали е истина или просто МИТ ! 

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    За съжаление НЕ!  Пробвах всички начини за възстановяване на информацията, но никакъв ефект... Последно един техник ме посъветва да извадя хард диска и да го вдигне някъде, известно време да не го използвам. Вируса се хранил, когато има връзка с интернет и когато се използва компютъра... И така след известно време можело да изчезне... Не ми се вярва да е истина, но ще видим дали е истина или просто МИТ ! 

     

    Глупости на търкалета. Той вече си е свършил работата. Файловете са криптирани и единственият изход е да се декриптират. С изключване на компютъра това не се получава. Носи му много здраве на този БАШ майстор.

    • Харесва ми 3

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Глупости на търкалета. Той вече си е свършил работата. Файловете са криптирани и единственият изход е да се декриптират. С изключване на компютъра това не се получава. Носи му много здраве на този БАШ майстор.

    Няма такъв изход.. :/ Доколкото разбрах, освен да се пие една студена вода, друго не може... 

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    И студената вода не помага.До колкото разбрах всеки декриптор ползва различен начин за криптиране за това няма създаден универсален декриптор.Има шанс да ти създадат такъв и да ти го изпратят безплатно от dr.web  просто прикачи един криприран файл.  https://support.drweb.com/new/free_unlocker/?keyno=&for_decode=1

    Редактирано от KoiAzLiWe (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    И студената вода не помага.До колкото разбрах всеки декриптор ползва различен начин за криптиране за това няма създаден универсален декриптор.Има шанс да ти създадат такъв и да ти го изпратят безплатно от dr.web  просто прикачи един криприран файл.  https://support.drweb.com/new/free_unlocker/?keyno=&for_decode=1

     

    Глупости. За доста криптори си има декриптори. Просто не за всички и не за всички версии.

    Линк за декрипторите на Л.С. от съображение за сигурност срещу авторите на зловреден софтуер.

     

    Шансът Kaspersky, Dr.Web и други да намерят такъв при анализ на файловете е нищожен, защото за разлика от предходните варианти в наши дни крипторите използват контролни сървъри с криптиран достъп, който се сменя доста често и само там се намира крипиращия ключ. Не помага и подслушване на трафика, а заплащането за декприптор вече е в биткойни за да се затрудни още повече проследяването на злосторниците...просто ако поради бъг в самия механизъм изтече някакъв ключ, то повечето антивирусни ще успеят да създадат инструмент за обръщане на процеса. Засега не е тествано, но само Webroot има такава опция заради мониторинга на системата в реално време. Но пък тя има бъг и папката WRData често набъбва доста...Засега методите са да се използват програми за защита като Comodo Protected Files and Folders, Panda Data Shield, 360 Total Security Hijack Data Protection, CryptoPrevent, CryptoMonitor, програми от сорта на SecureAplus или VoodooShield, програми против експлоити - HitmanPro.Alert, MBAE, да се спре Autorun-a и windows scripting host, да не се спира System Restore, File Monitor (в 8.1), UAC, SmartScreen (в 8.1), да се внимава с писмата по ел. поща, да се изключи java в PDF четците, да се внимава с макро документите в офис пакетите, да се обновява често Adobe Flash Player и т.н. и т.н.

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    • Горещи теми в момента

    • Подобни теми

      • от qqrr
        Здравейте.От няколко дни компютъра ми блокира по време на работа,отблокирването става само ,като включа task manager.Тръгва всичко нормално,но след няколко минути отново забива.С windows 8.1 съм.Mawlarebytes я инсталирам ,но не ми дава да се стартира.Очаквам помощ дали проблема е от вирус или проблем в хардуера.
        Addition.txt
        FRST.txt
      • от ForzaInter1908
        Добър вечер!
         
        Занимавах се с едни несигурни програми за gta и май сам прихванал вирус,постояно се товари се товари и забива на отваряне на папка
        Може ли да проверим регистрите дали има нещо защото имам много важни програми.
        Благодаря!
         
         
         
        f.txt
        HitmanPro_20171016_2331.log
        AdwCleaner[S0].txt
      • от unrealizable
        Здравейте,и двата шифта не работят както трябва.Работят с някои клавиши,но като цъкам тези клавиши и другите се оправят.Въпроса ми е да не би да е вирус,защото теглих autodata и след това мисля,че се получи проблема,а TS360 ми изпищя,че има троянец във торента,разбира се предполагах от краковете.Също и фпс-то на цс-а падна на 70-80 от 160-200.Прикачвам лог от FRST.
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-10-2017
        Ran by bobby (administrator) on BOBY (02-10-2017 13:00:48)
        Running from C:\Users\bobby\Downloads
        Loaded Profiles: bobby (Available Profiles: bobby)
        Platform: Windows 8.1 (Update) (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
        (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
        (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
        (Microsoft Corporation) C:\Windows\System32\wlanext.exe
        (Autodata Limited) C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
        (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
        (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
        (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
        (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
        (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
        (@ByELDI) D:\Downloads\KMSpico_10.2.0\KMSpico\Service_KMS.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
        (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
        (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
        (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
        (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
        (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
        (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
        (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
        (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
        (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
        (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
        (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
        (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
        (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
        (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
        (Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
        (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Microsoft Corporation) C:\Windows\System32\cmd.exe
        (Qihu 360 Software Co., Ltd.) C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        ==================== Registry (Whitelisted) ===========================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-10-13] (Conexant Systems, Inc.)
        HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
        HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft)
        HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [345000 2017-08-29] (QIHU 360 SOFTWARE CO. LIMITED)
        HKU\S-1-5-21-3041877358-191924833-3829036719-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-17] (Disc Soft Ltd)
        HKU\S-1-5-21-3041877358-191924833-3829036719-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074336 2017-09-27] (Valve Corporation)
        HKU\S-1-5-21-3041877358-191924833-3829036719-1001\...\MountPoints2: {0380623e-8e5a-11e7-8251-28c2dd571342} - "G:\Inst.exe" 
        HKU\S-1-5-21-3041877358-191924833-3829036719-1001\...\MountPoints2: {038063b1-8e5a-11e7-8251-28c2dd571342} - "H:\SETUP.EXE" 
        HKU\S-1-5-21-3041877358-191924833-3829036719-1001\...\MountPoints2: {23735b35-8e79-11e7-8253-28c2dd571342} - "I:\SETUP.EXE" 
        GroupPolicy: Restriction <==== ATTENTION
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
        Tcpip\Parameters: [DhcpNameServer] 192.168.31.1
        Tcpip\..\Interfaces\{9683ECB9-59D8-4E91-BF28-375C96FC72EE}: [DhcpNameServer] 192.168.31.1
        Tcpip\..\Interfaces\{9ADF9BFB-322E-4398-8E1F-99E9E89E7B3E}: [DhcpNameServer] 192.168.31.1
        Internet Explorer:
        ==================
        HKU\S-1-5-21-3041877358-191924833-3829036719-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
        BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
        BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
        BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
        BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2017-08-29] (Qihu 360 Software Co., Ltd.)
        BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
        BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
        BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
        BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
        BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2017-08-29] (Qihu 360 Software Co., Ltd.)
        BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft)
        Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
        Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
        FireFox:
        ========
        FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
        FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
        FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
        FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
        FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-31] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-31] (Google Inc.)
        Chrome: 
        =======
        CHR HomePage: Default -> hxxp://www.google.bg/
        CHR StartupUrls: Default -> "hxxps://www.google.bg/"
        CHR Profile: C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default [2017-10-02]
        CHR Extension: (Easy Auto Refresh) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2017-09-26]
        CHR Extension: (Steam Community SteamRep Integration) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaclmldkenecanphogeaacolljiphmnk [2017-08-31]
        CHR Extension: (Google Презентации) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-31]
        CHR Extension: (Google Документи) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-31]
        CHR Extension: (Google Диск) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-31]
        CHR Extension: (Unlocker for WakeLockDetector) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgeplmmblegmdackkcemjkpngngocgjp [2017-08-31]
        CHR Extension: (YouTube) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-31]
        CHR Extension: (Steam Inventory Helper) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-10-02]
        CHR Extension: (Lounge Assistant) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjonnlehciedbcidabdglnnihcncbml [2017-08-31]
        CHR Extension: (uBlock) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2017-08-31]
        CHR Extension: (Електронни таблици от Google) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-31]
        CHR Extension: (Отдалечен работен плот на Chrome) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-08-31]
        CHR Extension: (LoungeDestroyer) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2017-08-31]
        CHR Extension: (Google Документи офлайн) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-31]
        CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-09-15]
        CHR Extension: (360 Internet Protection) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2017-08-31]
        CHR Extension: (Invite All Friends on Facebook) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2017-09-27]
        CHR Extension: (CS:GO Lounge Bump Bot) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhfkidfnhjcjjamcbdepeohblphlamgk [2017-08-31]
        CHR Extension: (Floating for YouTube™) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2017-08-31]
        CHR Extension: (Message/Chat Downloader) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkinapjekllgfipphkgpmombekfclghe [2017-08-31]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-31]
        CHR Extension: (NeoBux AdAlert) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaepeijninfcgjdnighjnlgdkkgpnaen [2017-09-30]
        CHR Extension: (Gmail) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-31]
        CHR Extension: (Chrome Media Router) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-19]
        CHR Extension: (Abstract Blue) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2017-08-31]
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2017-09-28] (Autodata Limited) [File not signed]
        S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291392 2017-08-17] (Disc Soft Ltd)
        S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-09-15] (EasyAntiCheat Ltd)
        S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
        R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
        S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
        R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
        R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-09-19] (NVIDIA Corporation)
        S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-09-19] (NVIDIA Corporation)
        R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-22] (NVIDIA Corporation)
        R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-09-19] (NVIDIA Corporation)
        R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [929888 2017-08-29] (QIHU 360 SOFTWARE CO. LIMITED)
        R2 Service KMSELDI; D:\Downloads\KMSpico_10.2.0\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed]
        R3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-17] (TeamViewer GmbH)
        S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
        S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [175040 2017-08-29] (360.cn)
        R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2017-08-29] (360.cn)
        R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2017-08-29] (360.cn)
        R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2017-08-29] (360.cn)
        R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [49088 2017-08-29] (360.cn)
        R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [423360 2017-08-29] (360.cn)
        R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-12-31] (ASUS Corporation)
        R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [190400 2017-08-29] (360.cn)
        R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-08-31] (Disc Soft Ltd)
        R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-08-31] (Disc Soft Ltd)
        R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79528 2014-10-16] (Intel Corporation)
        R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
        S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-09-19] (NVIDIA Corporation)
        R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-08-22] (NVIDIA Corporation)
        R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57976 2017-08-22] (NVIDIA Corporation)
        R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation)
        R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2014-10-07] (Realtek Semiconductor Corporation )
        S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
        S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
        S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-10-02 13:00 - 2017-10-02 13:01 - 000019333 _____ C:\Users\bobby\Downloads\FRST.txt
        2017-10-02 13:00 - 2017-10-02 13:00 - 000000000 ____D C:\FRST
        2017-10-02 12:59 - 2017-10-02 12:59 - 002399744 _____ (Farbar) C:\Users\bobby\Downloads\FRST64.exe
        2017-09-30 13:11 - 2017-09-30 13:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
        2017-09-30 11:40 - 2017-09-30 11:40 - 001790024 _____ (Malwarebytes) C:\Users\bobby\Downloads\Непотвърдено 889483.crdownload
        2017-09-30 11:39 - 2017-09-30 11:41 - 000000000 ____D C:\AdwCleaner
        2017-09-30 11:39 - 2017-09-30 11:39 - 008250832 _____ (Malwarebytes) C:\Users\bobby\Downloads\adwcleaner_7.0.3.1.exe
        2017-09-30 11:26 - 2017-09-30 11:26 - 000000000 ____D C:\ProgramData\Malwarebytes
        2017-09-30 11:25 - 2017-09-30 11:25 - 000000000 ____D C:\Windows\system32\Drivers\etc\BACKUP
        2017-09-30 11:25 - 2017-09-30 11:25 - 000000000 ____D C:\ProgramData\MB2Migration
        2017-09-30 11:24 - 2017-09-30 11:24 - 000011576 _____ C:\Users\bobby\Downloads\Malwarebytes Anti-Malware Premium v3.2.2.2029 RePack.torrent
        2017-09-28 18:00 - 2017-09-28 18:00 - 000000600 _____ C:\Users\Public\Desktop\Autodata CDA-3.lnk
        2017-09-28 18:00 - 2017-09-28 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodata
        2017-09-28 17:59 - 2017-09-28 18:00 - 000000000 ____D C:\ADCDA2
        2017-09-28 17:59 - 2017-09-28 17:59 - 000000000 ____D C:\ADCDTEMP
        2017-09-28 15:04 - 2017-09-28 18:00 - 000000000 ____D C:\Users\bobby\Documents\Autodata
        2017-09-28 15:04 - 2017-09-28 15:04 - 000003022 _____ C:\Windows\System32\Tasks\{F057C150-4601-40D5-93CB-FB66F88AA4FC}
        2017-09-28 14:59 - 2017-09-28 14:59 - 000018978 _____ C:\Users\bobby\Downloads\Autodata_3.18.iso.torrent
        2017-09-28 14:54 - 2017-09-28 14:54 - 000014138 _____ C:\Users\bobby\Downloads\AD3.38EN.torrent
        2017-09-27 20:01 - 2017-09-27 20:01 - 000017910 _____ C:\Users\bobby\Downloads\AutoData CDA 3.45.torrent
        2017-09-23 21:06 - 2017-09-23 21:06 - 082471739 _____ C:\Users\bobby\Downloads\facebook-bobito981.zip
        2017-09-18 17:58 - 2017-09-18 17:58 - 000001402 _____ C:\Users\bobby\Desktop\aida64 - Shortcut.lnk
        2017-09-18 17:57 - 2017-09-18 17:57 - 000000000 ____D C:\Program Files (x86)\AIDA64
        2017-09-18 17:12 - 2017-09-18 17:12 - 000007908 _____ C:\Users\bobby\Downloads\AIDA64-5.75.3900.torrent
        2017-09-15 22:08 - 2017-09-15 22:08 - 000000000 ____D C:\Users\bobby\AppData\Roaming\EasyAntiCheat
        2017-09-15 22:06 - 2017-09-15 22:07 - 000000000 ____D C:\Users\bobby\AppData\Local\HirezLauncherUI
        2017-09-15 22:05 - 2017-10-02 12:28 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
        2017-09-15 22:05 - 2017-09-30 13:11 - 000000000 ____D C:\ProgramData\Hi-Rez Studios
        2017-09-15 21:33 - 2017-09-15 21:33 - 000000222 _____ C:\Users\bobby\Desktop\Paladins.url
        2017-09-15 19:28 - 2017-09-15 19:28 - 000000222 _____ C:\Users\bobby\Desktop\PlanetSide 2.url
        2017-09-14 22:08 - 2017-09-14 22:08 - 000000000 ____D C:\Users\bobby\AppData\Roaming\Shooter
        2017-09-14 22:06 - 2017-09-15 22:08 - 000000000 ____D C:\Users\bobby\Documents\My Games
        2017-09-14 21:59 - 2017-09-15 21:33 - 000382504 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
        2017-09-14 20:32 - 2017-09-14 20:32 - 000000222 _____ C:\Users\bobby\Desktop\Dirty Bomb.url
        2017-09-13 11:06 - 2017-08-19 20:27 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
        2017-09-13 11:06 - 2017-08-19 19:48 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
        2017-09-13 11:06 - 2017-08-18 01:07 - 000537200 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
        2017-09-13 11:06 - 2017-08-18 01:07 - 000140016 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
        2017-09-13 11:06 - 2017-08-18 01:03 - 000450392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
        2017-09-13 11:06 - 2017-08-18 01:03 - 000136832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
        2017-09-13 11:06 - 2017-08-15 17:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
        2017-09-13 11:06 - 2017-08-15 17:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
        2017-09-13 11:06 - 2017-08-15 17:01 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
        2017-09-13 11:06 - 2017-08-15 17:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
        2017-09-13 11:06 - 2017-08-15 16:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
        2017-09-13 11:06 - 2017-08-13 21:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
        2017-09-13 11:06 - 2017-08-13 20:19 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
        2017-09-13 11:06 - 2017-08-13 20:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
        2017-09-13 11:06 - 2017-08-13 20:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
        2017-09-13 11:06 - 2017-08-13 19:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
        2017-09-13 11:06 - 2017-08-13 19:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
        2017-09-13 11:06 - 2017-08-13 19:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
        2017-09-13 11:06 - 2017-08-13 19:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
        2017-09-13 11:06 - 2017-08-13 19:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
        2017-09-13 11:06 - 2017-08-13 19:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
        2017-09-13 11:06 - 2017-08-13 19:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
        2017-09-13 11:06 - 2017-08-13 19:21 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
        2017-09-13 11:06 - 2017-08-13 19:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
        2017-09-13 11:06 - 2017-08-13 19:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
        2017-09-13 11:06 - 2017-08-13 19:15 - 007078912 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
        2017-09-13 11:06 - 2017-08-13 19:14 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
        2017-09-13 11:06 - 2017-08-13 19:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
        2017-09-13 11:06 - 2017-08-13 19:05 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
        2017-09-13 11:06 - 2017-08-13 19:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
        2017-09-13 11:06 - 2017-08-13 19:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
        2017-09-13 11:06 - 2017-08-13 19:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
        2017-09-13 11:06 - 2017-08-13 18:52 - 005274624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
        2017-09-13 11:06 - 2017-08-13 18:52 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
        2017-09-13 11:06 - 2017-08-13 18:51 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
        2017-09-13 11:06 - 2017-08-13 18:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
        2017-09-13 11:06 - 2017-08-13 18:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
        2017-09-13 11:06 - 2017-08-13 18:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
        2017-09-13 11:06 - 2017-08-13 18:44 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
        2017-09-13 11:06 - 2017-08-13 18:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
        2017-09-13 11:06 - 2017-08-13 18:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
        2017-09-13 11:06 - 2017-08-13 18:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
        2017-09-13 11:06 - 2017-08-13 18:25 - 007797248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
        2017-09-13 11:06 - 2017-08-13 18:18 - 005270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
        2017-09-13 11:06 - 2017-08-13 18:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
        2017-09-13 11:06 - 2017-08-13 18:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
        2017-09-13 11:06 - 2017-08-13 18:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
        2017-09-13 11:06 - 2017-08-13 18:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
        2017-09-13 11:06 - 2017-08-12 12:30 - 022361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
        2017-09-13 11:06 - 2017-08-12 12:26 - 019789736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
        2017-09-13 11:06 - 2017-08-12 03:39 - 001364552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
        2017-09-13 11:06 - 2017-08-12 02:59 - 007440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
        2017-09-13 11:06 - 2017-08-12 02:58 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
        2017-09-13 11:06 - 2017-08-12 02:58 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
        2017-09-13 11:06 - 2017-08-11 23:46 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
        2017-09-13 11:06 - 2017-08-11 23:29 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
        2017-09-13 11:06 - 2017-08-11 23:13 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
        2017-09-13 11:06 - 2017-08-11 06:30 - 004170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
        2017-09-13 11:06 - 2017-08-11 06:27 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
        2017-09-13 11:06 - 2017-08-11 06:27 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
        2017-09-13 11:06 - 2017-08-11 05:38 - 000477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
        2017-09-13 11:06 - 2017-08-11 05:08 - 001753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
        2017-09-13 11:06 - 2017-08-11 05:08 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
        2017-09-13 11:06 - 2017-08-11 05:02 - 001084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
        2017-09-13 11:06 - 2017-08-11 04:52 - 001491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
        2017-09-13 11:06 - 2017-08-11 04:49 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
        2017-09-13 11:06 - 2017-08-11 04:44 - 001095680 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
        2017-09-13 11:06 - 2017-08-11 04:43 - 000865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
        2017-09-13 11:06 - 2017-08-11 04:41 - 000307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
        2017-09-13 11:06 - 2017-08-07 00:20 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
        2017-09-13 11:06 - 2017-08-06 10:13 - 000530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
        2017-09-13 11:06 - 2017-07-22 21:34 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll
        2017-09-13 11:06 - 2017-07-22 20:32 - 000027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll
        2017-09-13 11:06 - 2017-07-17 22:53 - 004298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
        2017-09-13 11:06 - 2017-07-17 02:55 - 003551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
        2017-09-13 11:06 - 2017-07-14 02:03 - 002013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
        2017-09-13 11:06 - 2017-07-12 23:29 - 000420440 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll
        2017-09-13 11:06 - 2017-07-12 23:29 - 000075440 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
        2017-09-13 11:06 - 2017-07-12 23:25 - 000308872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtapi.dll
        2017-09-13 11:06 - 2017-07-12 23:25 - 000066112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
        2017-09-13 11:06 - 2017-07-08 22:03 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
        2017-09-13 11:06 - 2017-07-08 21:43 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
        2017-09-13 11:06 - 2017-07-08 21:30 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
        2017-09-13 11:06 - 2017-07-08 21:20 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
        2017-09-13 11:06 - 2017-07-08 20:25 - 001436160 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
        2017-09-13 11:06 - 2017-07-08 20:00 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
        2017-09-13 11:06 - 2017-07-08 06:14 - 000100184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
        2017-09-11 11:53 - 2017-09-11 11:53 - 000066783 _____ C:\Users\bobby\Downloads\CV - Български.pdf
        2017-09-08 16:21 - 2017-09-08 16:21 - 001130328 _____ (Google Inc.) C:\Users\bobby\Downloads\ChromeSetup.exe
        2017-09-08 12:11 - 2017-10-02 12:47 - 000000258 __RSH C:\ProgramData\ntuser.pol
        2017-09-06 11:27 - 2017-09-06 11:27 - 000000000 ____D C:\Users\bobby\AppData\Roaming\vlc
        2017-09-06 09:46 - 2017-09-06 09:46 - 000000000 ____D C:\Users\bobby\AppData\Roaming\dvdcss
        2017-09-04 13:20 - 2017-09-04 13:23 - 000000000 ____D C:\Users\bobby\Documents\ETS2MP
        2017-09-04 13:15 - 2017-09-04 13:17 - 000000000 ____D C:\ProgramData\TruckersMP
        2017-09-04 13:15 - 2017-09-04 13:15 - 000000901 _____ C:\Users\Public\Desktop\TruckersMP.lnk
        2017-09-04 13:15 - 2017-09-04 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TruckersMP Launcher
        2017-09-04 13:15 - 2017-09-04 13:15 - 000000000 ____D C:\Program Files\TruckersMP Launcher
        2017-09-04 13:14 - 2017-09-04 13:14 - 000667351 _____ C:\Users\bobby\Downloads\launcher_1004.zip
        2017-09-04 13:10 - 2017-09-04 23:19 - 000000000 ____D C:\Users\bobby\Documents\Euro Truck Simulator 2
        2017-09-03 19:02 - 2017-09-03 19:02 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-10-02 13:01 - 2017-08-31 21:18 - 000000000 ____D C:\Users\bobby\AppData\LocalLow\360WD
        2017-10-02 12:55 - 2017-09-01 19:51 - 000000000 ____D C:\Users\bobby\AppData\Roaming\TeamViewer
        2017-10-02 12:55 - 2017-09-01 04:04 - 000000000 ____D C:\Windows\Panther
        2017-10-02 12:55 - 2017-08-31 18:17 - 000000000 ____D C:\Users\bobby\AppData\Local\CrashDumps
        2017-10-02 12:55 - 2017-08-31 18:10 - 000000000 ____D C:\ProgramData\ClassicShell
        2017-10-02 12:55 - 2017-08-31 18:05 - 000000000 ____D C:\Program Files (x86)\Steam
        2017-10-02 12:55 - 2017-08-31 17:51 - 000000000 ____D C:\Users\bobby\AppData\Roaming\uTorrent
        2017-10-02 12:55 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Inf
        2017-10-02 12:54 - 2017-08-31 23:46 - 000000000 ____D C:\ProgramData\360Quarant
        2017-10-02 12:54 - 2017-08-31 18:18 - 000000000 ____D C:\Users\bobby\AppData\Local\ClassicShell
        2017-10-02 12:46 - 2017-08-31 17:18 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
        2017-10-02 12:46 - 2017-08-31 17:18 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
        2017-10-02 12:34 - 2017-08-31 17:20 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3041877358-191924833-3829036719-1001
        2017-10-02 12:32 - 2017-08-31 17:30 - 000000000 ____D C:\ProgramData\NVIDIA
        2017-10-02 12:32 - 2017-08-31 17:18 - 000003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C64354CA-BA3D-40EC-B714-8157E7D25B88}
        2017-10-02 12:28 - 2013-08-22 17:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-10-02 01:14 - 2017-08-31 17:49 - 000000000 ____D C:\Users\bobby\AppData\Roaming\AIMP
        2017-10-01 23:35 - 2014-11-21 11:44 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-10-01 12:32 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\AppReadiness
        2017-09-30 14:05 - 2017-08-31 21:18 - 000000000 ____D C:\Users\bobby\AppData\Roaming\360safe
        2017-09-30 13:11 - 2017-08-31 17:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
        2017-09-30 11:24 - 2017-08-31 21:23 - 000000000 ____D C:\Users\bobby\AppData\LocalLow\uTorrent
        2017-09-29 22:56 - 2017-08-31 23:48 - 000000000 __SHD C:\$360Section
        2017-09-29 22:56 - 2017-08-31 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
        2017-09-28 23:56 - 2017-08-31 17:14 - 000000000 ____D C:\Users\bobby
        2017-09-28 18:00 - 2013-08-22 16:25 - 000000240 _____ C:\Windows\win.ini
        2017-09-28 15:04 - 2017-08-31 17:14 - 000000000 ____D C:\Users\bobby\AppData\Local\VirtualStore
        2017-09-25 22:16 - 2017-08-31 17:24 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
        2017-09-23 14:41 - 2013-08-22 18:36 - 000000000 ___HD C:\Program Files\WindowsApps
        2017-09-22 12:52 - 2017-08-31 17:19 - 000002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2017-09-22 00:01 - 2017-08-31 17:31 - 000003740 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
        2017-09-22 00:01 - 2017-08-31 17:31 - 000003732 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
        2017-09-22 00:01 - 2017-08-31 17:31 - 000003556 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
        2017-09-21 22:18 - 2017-08-31 17:40 - 000000000 ____D C:\Users\bobby\AppData\Local\NVIDIA Corporation
        2017-09-21 22:18 - 2017-08-31 17:31 - 000003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
        2017-09-21 22:18 - 2017-08-31 17:31 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
        2017-09-21 22:18 - 2017-08-31 17:31 - 000001428 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
        2017-09-21 22:18 - 2017-08-31 17:23 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
        2017-09-21 22:17 - 2017-08-31 17:31 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
        2017-09-21 22:17 - 2017-08-31 17:31 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
        2017-09-21 22:17 - 2017-08-31 17:31 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
        2017-09-21 22:17 - 2017-08-31 17:23 - 000000000 ____D C:\Program Files\NVIDIA Corporation
        2017-09-19 10:23 - 2017-08-31 17:31 - 001923008 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
        2017-09-19 10:23 - 2017-08-31 17:31 - 001755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
        2017-09-19 10:23 - 2017-08-31 17:31 - 001505728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
        2017-09-19 10:23 - 2017-08-31 17:31 - 001317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
        2017-09-19 10:23 - 2017-08-31 17:31 - 000179136 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
        2017-09-19 10:23 - 2017-08-31 17:31 - 000146368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
        2017-09-19 10:23 - 2017-08-31 17:31 - 000121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll
        2017-09-19 00:29 - 2017-08-31 17:31 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
        2017-09-18 17:02 - 2017-08-31 21:18 - 000000000 _RSHD C:\360SANDBOX
        2017-09-16 14:29 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\rescache
        2017-09-15 22:06 - 2017-08-31 17:29 - 000000000 ____D C:\ProgramData\Package Cache
        2017-09-15 21:33 - 2017-08-31 20:17 - 000000000 ____D C:\Users\bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
        2017-09-15 00:22 - 2013-08-22 16:25 - 000262144 ___SH C:\Windows\system32\config\BBI
        2017-09-15 00:20 - 2013-08-22 18:36 - 000000000 ___RD C:\Windows\ToastData
        2017-09-13 13:27 - 2017-08-31 19:06 - 000000000 ____D C:\Windows\system32\MRT
        2017-09-13 13:25 - 2017-08-31 19:06 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
        2017-09-13 13:25 - 2013-08-22 18:20 - 000000000 ____D C:\Windows\CbsTemp
        2017-09-10 17:28 - 2017-08-31 18:14 - 000000000 ____D C:\Users\bobby\AppData\Local\Steam
        2017-09-08 12:11 - 2013-08-22 18:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy
        2017-09-08 12:11 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
        2017-09-04 11:03 - 2017-08-31 17:38 - 000000000 __SHD C:\Users\bobby\IntelGraphicsProfiles
        2017-09-03 19:09 - 2013-08-22 18:36 - 000000000 ____D C:\Program Files\Common Files\System
        2017-09-02 02:54 - 2017-08-31 20:27 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
        2017-09-02 02:54 - 2017-08-31 20:27 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-09-30 12:38
        ==================== End of FRST.txt ============================
         
         
        Addition_02-10-2017 13.01.49.txt
      • от D101149
        Здравейте! Нещо имам проблем с игрите, но проблемът не се дължи на хардуера. След преинсталация се оправя, но не мога през месец да го преинсталирам просто не ми се занимава Съмнява ме нещо вирус или някакви временни файлове. Много пъти съм се доверявал на вашата помощ. Благодаря
        Addition.txt
        FRST.txt
      • от ivan_pop
        Здравейте!
        Имах вируси на USB флашки и на един лаптоп.Там проблемите мисля че ги реших.За това бях писал в една друга тема.
        Имам една стара машина декстоп,която ползвам всеки ден.Тази машина работи нормално според мен.Проблема е,че като включа флашка на този декстоп,на флашката се качва някакъв вирус.Флашката проверявам на един лаптоп с MCShield в параноиден режим.Качих на заразения декстоп MCShield,тази програма не намира проблеми там.
        Сканирах декстопа с Farbar Recovery Scan Tool.Накрая на сканирането тулчето изписа някаква грешка.
        Прилагам двата файла от сканирането.Ако може да окажете помощ ще съм благодарен!
        Благодаря за вниманието!
        FRST.txt
        Addition.txt
    • Разглеждащи в момента   0 потребители

      Няма регистрирани потребители разглеждащи тази страница.

    • Дарение

    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.