Премини към съдържанието

Препоръчан отговор


Здравейте,
От извесно време съм нападната от разни рекламни прозорци които се опитват да ми продават разни неща или да ми казват как да забогатея. Когато вляза в торент тракера арена например при всяко едно кликване върху страницата им и ми се отваря по един нов прозорец с реклами. Не казвам че сайта им е виновен, просто го давам за пример. И колкото и да се опитвах да се справя сама с проблема  нещо все не ми се получава. Сканирах със AdwCleaner и с JRT и съм ви прикачила резултатите, а също и снимка на един файл който ми се струва съмнителен. Сканирането го направих под сейфмод, незнам дали има значение. Преди това бях сканирала и със демоверсия на кашперски , но не ми се реши проблема. Също и със SpyHunter, всеки път намира някакъв мувис толбар но не успява да го премахне,  намерих регистрите и се опитах да ги изтрия ръчно, но не ми позволява, изписва ми грешка в изтриването.
 
 
Ето и резултатите от сканирането с FRST64 - FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by Катето (administrator) on GEIZER on 24-06-2015 18:27:32
Running from C:\Users\Катето\Desktop
Loaded Profiles: Катето (Available Profiles: Катето)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Английски (Съединени щати)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(BitTorrent Inc.) C:\Users\Катето\AppData\Roaming\uTorrent\uTorrent.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Registry Cleaner\RegistryCleaner.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(eMing Software Inc.) C:\Program Files (x86)\PrivateFolder\PF_Pass.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [PrivateFolder] => C:\Program Files (x86)\PrivateFolder\PF_Pass.exe [253504 2012-12-31] (eMing Software Inc.)
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\Run: [CONNMGRTRAY] => C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe [363112 2011-03-03] ()
HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\Run: [uTorrent] => C:\Users\Катето\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3198224 2014-04-28] (Disc Soft Ltd)
HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\Run: [NETGATERegistryCleaner] => C:\Program Files\NETGATE\Registry Cleaner\RegistryCleaner.exe [2303824 2013-07-11] (NETGATE Technologies s.r.o.)
HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785280 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\RunOnce: [Adobe Speed Launcher] => 1435156549
HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\MountPoints2: G - G:\Lucius_setup.exe
HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\MountPoints2: {584a3890-02fa-11e4-bdda-dc0ea157be6c} - G:\Lucius_setup.exe
HKU\S-1-5-21-1385416505-2382510173-1187103659-1000\...\MountPoints2: {606f82a9-2f38-11e4-9658-dc0ea157be6c} - G:\Startme.exe
BootExecute: autocheck autochk * sh4native Sh4Removal
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {3B5800D1-67B0-464E-BE7D-8CB5FE3ABC2A} ->  No File
BHO: No Name -> {3BF8D9AD-FE6F-4677-BA4A-2CE8BCF082BB} ->  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Катето\AppData\Roaming\Mozilla\Firefox\Profiles\ufhrkess.default-1403927861999
FF Homepage: https://www.google.bg/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-11-26] (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1385416505-2382510173-1187103659-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Катето\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF SearchPlugin: C:\Users\Катето\AppData\Roaming\Mozilla\Firefox\Profiles\ufhrkess.default-1403927861999\searchplugins\google-.xml [2015-06-24]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2015-01-09]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2015-01-09]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Катето\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd)
R2 NGRegClnSrv; C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe [618832 2013-02-21] (NETGATE Technologies s.r.o.)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [763840 2012-07-11] (Enigma Software Group USA, LLC.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-13] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-07-04] (Disc Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2015-06-24] ()
R1 PFolder; C:\Windows\System32\Drivers\PFolder64.sys [57832 2012-12-31] (eMing Software Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-24 18:27 - 2015-06-24 18:28 - 00010482 _____ C:\Users\Катето\Desktop\FRST.txt
2015-06-24 18:27 - 2015-06-24 18:27 - 00000000 ____D C:\FRST
2015-06-24 18:26 - 2015-06-24 18:26 - 02109952 _____ (Farbar) C:\Users\Катето\Desktop\FRST64.exe
2015-06-24 17:53 - 2015-06-24 17:53 - 00002194 _____ C:\Users\Катето\Desktop\AdwCleaner[s14].txt
2015-06-24 17:53 - 2015-06-24 17:53 - 00000651 _____ C:\Users\Катето\Desktop\WebSearch.xml.vir
2015-06-24 17:27 - 2015-06-24 17:27 - 02244096 _____ C:\Users\Катето\Desktop\AdwCleaner.exe
2015-06-24 17:21 - 2015-06-24 17:21 - 00001474 _____ C:\Users\Катето\Desktop\JRT.txt
2015-06-24 17:14 - 2015-06-24 17:14 - 00000207 _____ C:\Windows\tweaking.com-regbackup-GEIZER-Windows-7-Ultimate-(64-bit).dat
2015-06-24 17:14 - 2015-06-24 17:14 - 00000000 ____D C:\RegBackup
2015-06-24 17:12 - 2015-06-24 17:12 - 02950746 _____ (Malwarebytes Corporation) C:\Users\Катето\Desktop\JRT.exe
2015-06-24 16:04 - 2010-05-13 18:34 - 00014232 _____ C:\Windows\SysWOW64\sh4native.exe
2015-06-24 15:19 - 2015-06-24 15:19 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-06-24 15:19 - 2015-06-24 15:19 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-06-24 15:12 - 2015-06-24 15:12 - 00130048 _____ (CodePlex Community) C:\Users\Катето\Desktop\Microsoft.Win32.TaskScheduler.dll
2015-06-24 15:08 - 2015-06-24 15:08 - 00554528 _____ (www.patchmypc.net) C:\Users\Катето\Desktop\PatchMyPC.exe
2015-06-24 14:52 - 2015-06-24 14:52 - 28849904 _____ C:\Users\Катето\Desktop\vlc-2.2.1-win32.exe
2015-06-24 14:20 - 2015-06-24 14:20 - 00275560 _____ C:\Windows\Minidump\062415-36301-01.dmp
2015-06-24 14:20 - 2015-06-24 14:20 - 00032152 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-06-24 10:44 - 2015-06-24 10:44 - 00002290 _____ C:\Users\Катето\Desktop\SpyHunter.lnk
2015-06-24 10:44 - 2015-06-24 10:44 - 00000000 ____D C:\Users\Катето\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-06-24 10:44 - 2015-06-24 10:44 - 00000000 ____D C:\sh4ldr
2015-06-24 10:43 - 2015-06-24 10:43 - 00000350 _____ C:\Users\Катето\Desktop\проблем с thedailytrader.net - Google Търсене.URL
2015-06-22 22:09 - 2015-06-24 14:34 - 00000000 ____D C:\Users\Катето\Desktop\Wayward.Pines
2015-06-21 01:30 - 2015-06-21 01:32 - 00000000 ____D C:\Users\Катето\Desktop\Wayward.Pines.S01E02.HDTV.x264-LOL
2015-06-20 10:34 - 2015-06-20 10:34 - 00275560 _____ C:\Windows\Minidump\062015-40841-01.dmp
2015-06-20 10:34 - 2015-06-20 10:34 - 00000086 _____ C:\Windows\system32\crusader.log
2015-06-20 10:32 - 2015-06-24 12:30 - 00000212 _____ C:\Windows\system32\.crusader
2015-06-20 10:13 - 2015-06-24 12:27 - 00000000 ____D C:\Program Files\HitmanPro
2015-06-19 22:31 - 2015-06-19 22:31 - 00000000 ____D C:\Users\Катето\Desktop\HitmanPro 3.7.3 Build 193
2015-06-19 22:20 - 2015-06-19 22:23 - 00000000 ____D C:\Users\Катето\Desktop\Cinderella.2015.BDRip.x264-SPARKS
2015-06-19 22:15 - 2015-06-19 22:18 - 00000000 ____D C:\Users\Катето\Desktop\Wayward.Pines.S01E01.HDTV.x264-2HD
2015-06-19 22:10 - 2015-06-20 10:32 - 00000000 ____D C:\ProgramData\HitmanPro
2015-06-18 22:32 - 2015-06-18 22:35 - 00000000 ____D C:\Users\Катето\Desktop\GirlHouse.2014.BRRip.XviD.AC3-EVO
2015-06-17 22:42 - 2015-06-24 11:35 - 00000000 ____D C:\Users\Катето\Desktop\антивирус
2015-06-17 22:40 - 2015-06-17 22:41 - 00000000 ____D C:\Users\Катето\Desktop\Get.Hard.2015.EXTENDED.HDRip.XviD.AC3-EVO
2015-06-17 14:32 - 2015-06-17 14:32 - 00000000 ____D C:\Users\Катето\AppData\Roaming\InfraRecorder
2015-06-16 23:06 - 2015-06-17 13:55 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2015-06-16 19:51 - 2015-06-16 19:51 - 00000000 ____D C:\Users\Катето\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfraRecorder
2015-06-16 19:51 - 2015-06-16 19:51 - 00000000 ____D C:\Program Files\InfraRecorder
2015-06-16 19:50 - 2015-06-16 19:51 - 04153344 _____ C:\Users\Катето\Desktop\ir053_x64.msi
2015-06-16 19:31 - 2015-06-16 19:31 - 00000246 _____ C:\Users\Катето\Desktop\Как лесно да почистим компютъра си от вируси - Data.BG Форуми.URL
2015-06-14 10:22 - 2015-06-24 14:20 - 371511210 _____ C:\Windows\MEMORY.DMP
2015-06-14 10:22 - 2015-06-24 14:20 - 00000000 ____D C:\Windows\Minidump
2015-06-14 10:22 - 2015-06-14 10:22 - 00288000 _____ C:\Windows\Minidump\061415-28158-01.dmp
2015-06-11 09:47 - 2015-05-25 21:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-11 09:47 - 2015-05-25 21:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-11 09:47 - 2015-05-25 21:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-11 09:47 - 2015-05-25 21:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-11 09:47 - 2015-05-25 21:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-11 09:47 - 2015-05-25 21:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-11 09:47 - 2015-05-25 21:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-11 09:47 - 2015-05-25 21:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-11 09:47 - 2015-05-25 21:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-11 09:47 - 2015-05-25 21:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-11 09:47 - 2015-05-25 21:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-11 09:47 - 2015-05-25 21:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-11 09:47 - 2015-05-25 21:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-11 09:47 - 2015-05-25 21:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-11 09:47 - 2015-05-25 21:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-11 09:47 - 2015-05-25 21:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-11 09:47 - 2015-05-25 21:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-11 09:47 - 2015-05-25 21:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-11 09:47 - 2015-05-25 21:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-11 09:47 - 2015-05-25 21:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 21:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-11 09:47 - 2015-05-25 21:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-11 09:47 - 2015-05-25 21:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-11 09:47 - 2015-05-25 21:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-11 09:47 - 2015-05-25 21:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-11 09:47 - 2015-05-25 21:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-11 09:47 - 2015-05-25 21:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-11 09:47 - 2015-05-25 21:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-11 09:47 - 2015-05-25 21:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-11 09:47 - 2015-05-25 21:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-11 09:47 - 2015-05-25 21:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-11 09:47 - 2015-05-25 21:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-11 09:47 - 2015-05-25 21:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-11 09:47 - 2015-05-25 21:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-11 09:47 - 2015-05-25 21:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-11 09:47 - 2015-05-25 21:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-11 09:47 - 2015-05-25 21:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-11 09:47 - 2015-05-25 21:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-11 09:47 - 2015-05-25 21:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-11 09:47 - 2015-05-25 21:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-11 09:47 - 2015-05-25 21:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-11 09:47 - 2015-05-25 21:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-11 09:47 - 2015-05-25 21:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-11 09:47 - 2015-05-25 20:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-11 09:47 - 2015-05-25 20:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-11 09:47 - 2015-05-25 20:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-11 09:47 - 2015-05-25 20:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-11 09:47 - 2015-05-25 20:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-11 09:47 - 2015-05-25 20:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 20:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-11 09:47 - 2015-05-25 19:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-11 09:47 - 2015-05-25 19:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-11 09:47 - 2015-05-25 19:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 19:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-11 09:47 - 2015-05-25 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-11 09:47 - 2015-04-29 21:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-11 09:47 - 2015-04-29 21:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-11 09:47 - 2015-04-29 21:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-11 09:47 - 2015-04-29 21:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-11 09:47 - 2015-04-29 21:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-11 09:47 - 2015-04-29 21:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-11 09:47 - 2015-04-29 21:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-11 09:47 - 2015-04-29 21:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-11 09:47 - 2015-04-29 21:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-11 09:47 - 2015-04-29 21:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-11 09:46 - 2015-05-25 20:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-11 09:46 - 2015-04-24 21:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-11 09:46 - 2015-04-24 20:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-11 09:46 - 2015-04-11 06:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-11 09:44 - 2015-06-01 22:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-11 09:44 - 2015-06-01 21:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-11 09:44 - 2015-05-27 17:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-11 09:44 - 2015-05-27 17:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-11 09:44 - 2015-05-23 06:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-11 09:44 - 2015-05-23 06:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-11 09:44 - 2015-05-23 06:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-11 09:44 - 2015-05-23 06:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-11 09:44 - 2015-05-23 06:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-11 09:44 - 2015-05-23 06:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-11 09:44 - 2015-05-23 06:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-11 09:44 - 2015-05-23 06:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-11 09:44 - 2015-05-23 06:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-11 09:44 - 2015-05-23 06:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-11 09:44 - 2015-05-23 06:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-11 09:44 - 2015-05-23 06:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-11 09:44 - 2015-05-23 06:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-11 09:44 - 2015-05-23 05:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-11 09:44 - 2015-05-23 05:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-11 09:44 - 2015-05-23 05:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-11 09:44 - 2015-05-23 05:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-11 09:44 - 2015-05-23 05:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-11 09:44 - 2015-05-23 05:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-11 09:44 - 2015-05-23 05:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-11 09:44 - 2015-05-23 05:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-11 09:44 - 2015-05-23 05:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-11 09:44 - 2015-05-23 05:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-11 09:44 - 2015-05-23 05:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-11 09:44 - 2015-05-23 05:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-11 09:44 - 2015-05-23 05:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-11 09:44 - 2015-05-22 22:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-11 09:44 - 2015-05-22 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-11 09:44 - 2015-05-22 22:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-11 09:44 - 2015-05-22 22:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-11 09:44 - 2015-05-22 22:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-11 09:44 - 2015-05-22 22:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-11 09:44 - 2015-05-22 22:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-11 09:44 - 2015-05-22 21:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-11 09:44 - 2015-05-22 21:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-11 09:44 - 2015-05-22 21:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-11 09:44 - 2015-05-22 21:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-11 09:44 - 2015-05-22 21:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-11 09:44 - 2015-05-22 21:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-11 09:44 - 2015-05-22 21:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-11 09:44 - 2015-05-22 21:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-11 09:44 - 2015-05-22 21:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-11 09:44 - 2015-05-22 21:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-11 09:44 - 2015-05-22 21:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-11 09:44 - 2015-05-22 21:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-11 09:44 - 2015-05-22 21:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-11 09:44 - 2015-05-22 21:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-11 09:44 - 2015-05-22 21:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-11 09:44 - 2015-05-22 21:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-11 09:44 - 2015-05-22 21:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-11 09:44 - 2015-05-22 21:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-11 09:44 - 2015-05-22 21:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-11 09:44 - 2015-05-22 20:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-11 09:44 - 2015-05-22 20:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-11 09:44 - 2015-05-22 20:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-11 09:44 - 2015-05-22 20:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-07 16:05 - 2015-06-07 16:06 - 00000000 ____D C:\Users\Катето\Desktop\The.Vampire.Diaries.S06E19.HDTV.x264-LOL
2015-06-05 17:56 - 2015-05-22 21:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 17:56 - 2015-05-22 21:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 17:56 - 2015-05-22 21:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 17:56 - 2015-05-22 21:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 17:56 - 2015-05-22 21:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-05 17:56 - 2015-05-22 21:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 17:56 - 2015-05-22 21:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 17:56 - 2015-05-21 16:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-03 15:22 - 2015-06-03 15:22 - 00000000 ____D C:\Users\Катето\AppData\Local\GWX
2015-05-28 09:23 - 2015-06-14 11:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-24 18:26 - 2014-04-10 09:33 - 00000000 ____D C:\Users\Катето\AppData\Roaming\uTorrent
2015-06-24 18:24 - 2014-04-09 08:39 - 00000000 ____D C:\Users\Катето\AppData\Roaming\Skype
2015-06-24 18:23 - 2014-04-09 09:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-24 18:05 - 2014-06-26 08:41 - 01098543 _____ C:\spyhunter.fix
2015-06-24 18:05 - 2014-04-09 07:38 - 01630682 _____ C:\Windows\WindowsUpdate.log
2015-06-24 18:02 - 2014-07-10 20:57 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1385416505-2382510173-1187103659-1000UA.job
2015-06-24 17:43 - 2009-07-14 07:45 - 00029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-24 17:43 - 2009-07-14 07:45 - 00029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-24 17:40 - 2009-07-14 08:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-24 17:35 - 2014-04-10 09:51 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-24 17:35 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-24 17:35 - 2009-07-14 07:51 - 00049120 _____ C:\Windows\setupact.log
2015-06-24 17:34 - 2014-08-09 16:46 - 00000000 ____D C:\AdwCleaner
2015-06-24 16:34 - 2014-04-10 09:51 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-24 16:05 - 2010-11-21 06:47 - 00170314 _____ C:\Windows\PFRO.log
2015-06-24 15:19 - 2014-08-25 06:56 - 00000000 ____D C:\Users\Катето\AppData\Local\Adobe
2015-06-24 15:19 - 2014-04-10 10:07 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-24 14:40 - 2015-02-04 03:18 - 00000000 ____D C:\Users\Катето\Desktop\торенти
2015-06-24 14:40 - 2015-02-04 03:07 - 00000000 ____D C:\Users\Катето\Desktop\Pretty.Little.Liars
2015-06-24 14:38 - 2015-05-14 10:50 - 00000000 ____D C:\Users\Катето\Desktop\Game of Thrones
2015-06-24 14:20 - 2014-06-26 18:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-24 12:29 - 2014-06-27 05:24 - 00000538 _____ C:\Windows\wininit.ini
2015-06-24 12:29 - 2014-06-26 18:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-24 10:44 - 2014-06-26 08:41 - 00008192 _____ C:\shldr.mbr
2015-06-24 00:23 - 2014-04-09 09:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-24 00:23 - 2014-04-09 09:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-24 00:23 - 2014-04-09 09:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-23 21:02 - 2014-07-10 20:57 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1385416505-2382510173-1187103659-1000Core.job
2015-06-20 14:36 - 2015-05-17 23:44 - 00000000 ____D C:\Windows\System32\Tasks\Games
2015-06-19 22:07 - 2015-05-23 00:40 - 00000000 ____D C:\Users\Катето\Desktop\Seventh.Son.2015.HDRip.XViD-juggs[ETRG]
2015-06-17 11:22 - 2015-05-17 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-16 19:56 - 2014-04-10 09:42 - 00000000 ____D C:\Users\Катето\AppData\Roaming\ImgBurn
2015-06-16 17:06 - 2014-04-09 08:39 - 00000000 ____D C:\ProgramData\Skype
2015-06-14 12:03 - 2015-02-04 03:11 - 00000000 ____D C:\Users\Катето\Desktop\програми
2015-06-14 11:00 - 2014-06-28 18:21 - 00000000 ____D C:\Windows\ELAMBKUP
2015-06-12 04:53 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2015-06-12 03:39 - 2009-07-14 07:45 - 00268392 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-12 03:35 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-12 03:12 - 2014-04-09 09:29 - 00000000 ____D C:\Windows\system32\MRT
2015-06-12 03:03 - 2014-04-09 07:47 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-07 22:27 - 2015-02-04 03:08 - 00000000 ____D C:\Users\Катето\Desktop\The.Vampire.Diaries
2015-06-06 03:17 - 2014-12-31 11:57 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-06 03:17 - 2014-05-25 16:05 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-05 23:11 - 2015-03-18 03:33 - 00000000 ____D C:\Users\Катето\Desktop\Викторианска история
2015-06-04 22:18 - 2015-01-14 15:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-04 16:42 - 2015-04-05 03:02 - 00000000 ____D C:\Users\Катето\Desktop\Хеликс
2015-06-04 16:38 - 2015-05-12 01:29 - 00000000 ____D C:\Users\Катето\Desktop\Helix.S02E02.HDTV.x264-KILLERS
2015-06-01 11:41 - 2014-08-01 09:26 - 00000211 _____ C:\ProgramData\acer.zip
2015-05-28 14:27 - 2015-03-04 16:10 - 00000000 ____D C:\Users\Катето\AppData\Roaming\SkypeFall
2015-05-28 09:25 - 2014-10-25 16:43 - 00000000 ____D C:\Users\Љ вҐв®
2015-05-28 09:25 - 2014-08-13 17:34 - 00000000 ____D C:\Users\Guest
2015-05-28 09:25 - 2014-08-13 17:34 - 00000000 ____D C:\Users\Administrator

==================== Files in the root of some directories =======

2015-04-02 23:24 - 2015-04-02 23:25 - 0011640 _____ () C:\Users\Катето\AppData\Local\Temp-log.txt
2014-08-01 09:26 - 2015-06-01 11:41 - 0000211 _____ () C:\ProgramData\acer.zip

Some files in TEMP:
====================
C:\Users\Катето\AppData\Local\Temp\Quarantine.exe
C:\Users\Катето\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-23 19:30

==================== End of log ============================

JRT.txt

AdwCleanerS14.txt

post-345305-0-18583700-1435158354_thumb.

post-345305-0-31420100-1435158420_thumb.

Addition.txt

Редактирано от Maniac (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте!

Стъпка 1

Моля, деинсталирайте: Private Folder Packages

Стъпка 2

Моля, изтеглете Malwarebytes Anti-Malware 2.1.6.1022 и я запазете на вашия десктоп.

  • Стартирайте файла mbam-setup-2.0.3.1025.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката.
  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.
  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.
Стъпка 3

Изтеглете fixlist.txt и го запазете в папката от която стартирахте FRST.exe.

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

 

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

В следващия си коментар в тази тема, включете следните лог файлове:

  • Лог файл от FRST
  • Лог файл от Malwarebytes Anti-Malware

fixlist.txt

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
За съжаление не мога да си спомня паролата за Private Folder Packages а без нея не мога да я деинсталирам. :(

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

 

Какво да правя? Да премина ли към стъпка 2 или да се опитам да изтрия ръчно каквото мога от програмата

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Понеже днеска си нямах друга работа, надявам се само да не съм сгрешила, успях да изтрия под сейфмод инсталационната папка на Private Folder Packages, след което изпълних стъпка 2 и 3 и ви прикачвам лог файловете

Malwarebytes Anti-Malware.txt

Fixlog.txt


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Моля, деинсталирайте вашия Malwarebytes Anti-Malware. След като приключите:

  • Моля, изтеглете Mbam-clean.exe от тук  и  го запомнете на до вашия десктоп .
  • Моля, затворете всички отворени приложения и временно спрете вашата антивирусна за да се избегнат всякакви конфликти при използването на инструмента.
  • Стартирайте файла Mbam-clean.exe и следвайте указанията на екрана.
  • След процедурата ще се изиска да рестартирате компютъра си, моля, направете го, това е много важно
  • Уверете се, че сте се активирали вашата антивирусна програма след рестарта
След като приключите, изпълнете отново инструкциите ми по-горе, обновете го и направете сканиране от типа Threat Scan, без да изтегляте кей генератори, да го краквате и прочие глупости. Накрая, публикувайте лог файла си тук.
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

1. Изтеглете ComboFix от BleepingComputer

и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

2exprgh.jpg

След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

29eqjuq.jpg

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.

3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

4. Ако получите предупреждение от UAC, съгласете се.

5 ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на Combofix, моля да прочетете това: Manually restoring the Internet connection section.

6 Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

157m978.jpg

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

Забележка: Ако се появи следното съобщение при отварянето на различни програми след завършване на сканирането с Combofix - "illegal operation on a registry key that has been marked for deletion." просто рестартирайте компютъра още веднъж и то ще изчезне.

По време на сканирането не използвайте компютъра си !

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Забелязах че след сканирането във дял С се появиха нови папки, които преди не бяха видими, като папката програм дата например, въпреки че бях настроила да ми се показват и скритите файлове и папки.

 

 

ComboFix 15-06-27.01 - Катето 06.2015 г.  11:36:39.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1033.18.3819.2849 [GMT 3:00]
Running from: c:\users\¦рЄхЄю\Desktop\ComboFix.exe
AV: Norton Security *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton Security *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Norton Security *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
c:\programdata\ntuser.pol
c:\windows\msdownld.tmp
c:\windows\PFRO.log
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2015-05-28 to 2015-06-28  )))))))))))))))))))))))))))))))
.
.
2015-06-28 08:50 . 2015-06-28 08:50    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-06-26 17:11 . 2015-06-26 19:28    136408    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-26 17:10 . 2015-04-14 06:37    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2015-06-26 17:10 . 2015-04-14 06:37    107736    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-06-26 17:10 . 2015-04-14 06:37    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-06-26 17:10 . 2015-06-26 17:10    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2015-06-26 17:10 . 2015-06-26 17:10    --------    d-----w-    c:\programdata\Malwarebytes
2015-06-26 09:11 . 2015-06-26 09:11    --------    d-----w-    c:\program files (x86)\Common Files\Symantec Shared
2015-06-26 08:48 . 2015-06-26 08:48    102616    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
2015-06-26 08:48 . 2015-06-26 08:48    --------    d-----w-    c:\program files\Common Files\Symantec Shared
2015-06-26 08:44 . 2015-06-26 08:44    --------    d-----w-    c:\windows\system32\drivers\NSx64
2015-06-26 08:44 . 2015-06-26 08:44    --------    d-----w-    c:\program files (x86)\Norton Security
2015-06-26 08:43 . 2015-06-26 08:43    --------    d-----w-    c:\program files (x86)\NortonInstaller
2015-06-26 08:42 . 2015-06-26 09:00    --------    d-----w-    c:\programdata\Norton
2015-06-25 15:50 . 2015-06-25 15:50    --------    d-----w-    C:\Rbackup
2015-06-25 15:47 . 2015-06-25 15:50    --------    d-----w-    c:\program files\Perfect Uninstaller
2015-06-25 15:33 . 2015-06-25 15:33    --------    d-----w-    c:\users\Катето\AppData\Roaming\ChemTable Software
2015-06-25 15:32 . 2015-06-25 15:32    --------    d-----w-    c:\program files (x86)\Full Uninstall
2015-06-25 15:32 . 2015-06-25 15:32    --------    d-----w-    c:\users\Катето\AppData\Local\ChemTable Software
2015-06-25 08:08 . 2015-06-26 08:26    --------    d-----w-    c:\programdata\F-Secure
2015-06-25 08:08 . 2015-06-26 08:25    --------    d-----w-    c:\users\Катето\AppData\Local\F-Secure
2015-06-25 07:50 . 2015-06-12 07:50    12221144    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5BB419D-E924-45FF-B2BA-DA0E6349A227}\mpengine.dll
2015-06-24 15:27 . 2015-06-25 17:11    --------    d-----w-    C:\FRST
2015-06-24 14:14 . 2015-06-24 14:14    --------    d-----w-    C:\RegBackup
2015-06-24 13:04 . 2010-05-13 15:34    14232    ----a-w-    c:\windows\SysWow64\sh4native.exe
2015-06-24 11:20 . 2015-06-24 11:20    32152    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe
2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe
2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe
2015-06-24 07:44 . 2015-06-24 07:44    --------    d-----w-    C:\sh4ldr
2015-06-20 07:13 . 2015-06-24 09:27    --------    d-----w-    c:\program files\HitmanPro
2015-06-19 19:10 . 2015-06-20 07:32    --------    d-----w-    c:\programdata\HitmanPro
2015-06-17 11:32 . 2015-06-17 11:32    --------    d-----w-    c:\users\Катето\AppData\Roaming\InfraRecorder
2015-06-16 20:06 . 2015-06-26 08:04    --------    d---a-w-    C:\Kaspersky Rescue Disk 10.0
2015-06-16 16:51 . 2015-06-16 16:51    --------    d-----w-    c:\program files\InfraRecorder
2015-06-11 06:46 . 2015-04-24 18:17    633856    ----a-w-    c:\windows\system32\comctl32.dll
2015-06-11 06:46 . 2015-04-24 17:56    530432    ----a-w-    c:\windows\SysWow64\comctl32.dll
2015-06-11 06:46 . 2015-05-25 17:08    3206144    ----a-w-    c:\windows\system32\win32k.sys
2015-06-11 06:46 . 2015-04-11 03:19    69888    ----a-w-    c:\windows\system32\drivers\stream.sys
2015-06-05 14:56 . 2015-05-22 18:18    1021440    ----a-w-    c:\windows\system32\appraiser.dll
2015-06-05 14:56 . 2015-05-22 18:18    700416    ----a-w-    c:\windows\system32\generaltel.dll
2015-06-05 14:56 . 2015-05-22 18:18    757248    ----a-w-    c:\windows\system32\invagent.dll
2015-06-05 14:56 . 2015-05-22 18:18    423424    ----a-w-    c:\windows\system32\devinv.dll
2015-06-05 14:56 . 2015-05-22 18:18    45568    ----a-w-    c:\windows\system32\acmigration.dll
2015-06-05 14:56 . 2015-05-22 18:13    1119232    ----a-w-    c:\windows\system32\aeinv.dll
2015-06-05 14:56 . 2015-05-21 13:19    193536    ----a-w-    c:\windows\system32\aepic.dll
2015-06-05 14:56 . 2015-05-22 18:18    227328    ----a-w-    c:\windows\system32\aepdu.dll
2015-06-03 12:22 . 2015-06-03 12:22    --------    d-----w-    c:\users\Катето\AppData\Local\GWX
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe
2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe
2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe
2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe
2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe
2015-06-24 07:44 . 2015-06-24 07:44    110080    ----a-r-    c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe
2015-06-23 21:23 . 2014-04-09 06:07    778416    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-23 21:23 . 2014-04-09 06:07    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-12 00:03 . 2014-04-09 04:47    140135120    ----a-w-    c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-11 06:47    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2015-05-01 13:17 . 2015-05-14 00:02    124112    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-14 00:02    102608    ----a-w-    c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 06:35    1647104    ----a-w-    c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 06:35    1179136    ----a-w-    c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 06:35    1250816    ----a-w-    c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 06:37    460800    ----a-w-    c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 06:37    342016    ----a-w-    c:\windows\SysWow64\certcli.dll
2015-04-13 03:28 . 2015-05-13 06:36    328704    ----a-w-    c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-13 06:35    275456    ----a-w-    c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 06:35    24576    ----a-w-    c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 06:35    216064    ----a-w-    c:\windows\SysWow64\InkEd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CONNMGRTRAY"="c:\program files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe" [2011-03-03 363112]
"uTorrent"="c:\users\Катето\AppData\Roaming\uTorrent\uTorrent.exe" [2015-05-06 1694560]
"DAEMON Tools Ultra Agent"="c:\program files (x86)\DAEMON Tools Ultra\DTAgent.exe" [2014-04-28 3198224]
"NETGATERegistryCleaner"="c:\program files\NETGATE\Registry Cleaner\RegistryCleaner.exe" [2013-07-11 2303824]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-06-02 28785280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sh4native Sh4Removal
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\NSx64\1605000.07C\SYMEFASI64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1605000.07C\SYMEFASI64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150625.001\BHDrvx64.sys;c:\program files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150625.001\BHDrvx64.sys [x]
S1 ccSet_NS;NS Settings Manager;c:\windows\system32\drivers\NSx64\1605000.07C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSx64\1605000.07C\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150626.001\IDSvia64.sys;c:\program files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150626.001\IDSvia64.sys [x]
S1 PFolder;PFolder;c:\windows\System32\Drivers\PFolder64.sys;c:\windows\SYSNATIVE\Drivers\PFolder64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NSx64\1605000.07C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1605000.07C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NSx64\1605000.07C\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1605000.07C\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NGRegClnSrv;NETGATE Registry Cleaner Service;c:\program files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe;c:\program files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe [x]
S2 NS;Norton Security;c:\program files (x86)\Norton Security\Engine\22.5.0.124\NS.exe;c:\program files (x86)\Norton Security\Engine\22.5.0.124\NS.exe [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-09 21:23]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Катето\AppData\Roaming\Mozilla\Firefox\Profiles\ufhrkess.default-1403927861999\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.bg/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-PrivateFolder - c:\program files (x86)\PrivateFolder\PF_Pass.exe
Wow6432Node-HKLM-Run-Andy - c:\program files\Andy\HandyAndy.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NS]
"ImagePath"="\"c:\program files (x86)\Norton Security\Engine\22.5.0.124\NS.exe\" /s \"NS\" /m \"c:\program files (x86)\Norton Security\Engine\22.5.0.124\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\system32\drivers\NSx64\1605000.07C\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security\Engine\22.5.0.124;c:\program files (x86)\Norton Security\Engine64\22.5.0.124"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-06-28  11:55:52
ComboFix-quarantined-files.txt  2015-06-28 08:55
.
Pre-Run: 124 812 935 168 bytes free
Post-Run: 124 626 305 024 bytes free
.
- - End Of File - - 5EA533D2B6C24A6FDC9B7CB6D9F1C48E
A36C5E4F47E84449FF07ED3517B43A31
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стъпка 1

Моля, изтеглете и стартирайте този инструмент. Следвайте инструкциите, за да завърши работата си.

ftp://ftp.f-secure.com/support/tools/uitool/UninstallationTool.exe

Стъпка 2

Моля изтеглете icon1351185104.pngJunkware Removal Tool на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.
Стъпка 3
  • Изтеглете и стартирайте 6sv1DN9.jpgAdwCleaner.exe.
  • Натиснете бутона Scan.
  • AdwCleaner ще започне да проверява компютъра.
  • След като проверката приключи натиснете бутона Clean.
  • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
  • Ще се появи автоматично лог файл с името (AdwCleaner[s0].txt) в C:\Adwcleaner
  • Публикувайте съдържанието му в следващия си коментар.
В следващия си коментар в тази тема, включете следните лог файлове:
  • Лог файл от Junkware Removal Tool
  • Лог файл от AdwCleaner
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Позволих си да сканирам с  adwcleaner още 2 пъти веднага един след друг,  и в двата резултата ми намира C:\Users\Катето\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://websearch.coolsearches.info/?pid=21735&r=2015/03/31&hid=8210722968839278389&lg=EN&cc=GR&unqvl=85. Това означава ли че не може да го почисти? Уж след рестарта трябва да е изтрито, а него пак го има. Или аз съм в грешка? За съжаление познанията ми са колкото на обикновен потребител :(

AdwCleanerR16.txt

AdwCleanerR17.txt

AdwCleanerR18.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не, това категорично не означава, че не е възможно да се изчисти, а че е упорит зловредния софтуер.

Моля, изтрийте вашето FRST.exe копие, изтеглете ново и генерирайте нови лог файлове. Публикувайте ги тук.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стъпка 1

Моля, деинсталирайте: Google Update Helper

Стъпка 2

Изтеглете fixlist.txt и го запазете в папката от която стартирахте FRST.exe.

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

 

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

fixlist.txt

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Единственото което открих за програмата Google Update Helper е че е упомената в един текстов документ който съм прикачила. Може би е била изтрита от някой от скенерите или от антивирусната , незнам,  но никъде не я откривам. Прикачвам и файла от FRST64

Add-Remove Programs.txt

Fixlog.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

  • Моля изтеглете и стартирайте изпълнимия файл от линка отдолу:

    ESET OnlineScan

  • Сложете отметката предesetAcceptTerms.png
  • Натиснете бутона esetStart.png.
  • Сложете отметката пред Enable detection of potentially unwanted applications.
  • Сега кликнете на Advanced Settings и се уверете, че опцията Remove found threats не е маркирана, а следните са маркирани:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Изберете сега бутона Change и изберете само Operating memory и дял C:\
fhSji42.png
  • Натиснете бутона Start.
  • ESET ще започне да сваля и инсталира актуализации за вирусните дефиниции и след това ще започне да сканира компютъра. Бъдете търпеливи, защото процеса е бавен и може да отнеме доста време.
  • След като проверката приключи натиснете бутонаesetListThreats.png
  • Сега натиснете бутона esetExport.png, и запазете файла на десктопа с име по избор като например (ESETScan.txt). Копирайте резултата в следващия си коментар.
  • Натиснете бутона esetBack.png и след това натиснете бутона esetFinish.png за да затворите приложението.
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

C:\AdwCleaner\Quarantine\C\Program Files (x86)\EnJooyCCoupOoN\YQwuQCBBAwAyon.x64.dll.vir    a variant of Win64/Adware.MultiPlug.G application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mozilla firefox\dbghelp.dll.vir    a variant of Win32/Adware.MultiPlug.IY application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SSaloePlues\Qu8xaGBTptX9YF.x64.dll.vir    a variant of Win64/Adware.MultiPlug.G application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\uanisallees\AmsWJ0bVddraTu.x64.dll.vir    a variant of Win64/Adware.MultiPlug.I application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutUbeAdBlocke\JLVvAwM2UwwNw5.x64.dll.vir    a variant of Win64/Adware.MultiPlug.I application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir    JS/Adware.MultiPlug.B application
C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Roaming\OpenCandy\6F0368E0ADC24DBB93EF22573D595C24\dm317c.exe.vir    a variant of Win32/OpenCandy.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Roaming\webssearches\UninstallManager.exe.vir    a variant of Win32/ELEX.CP potentially unwanted application
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js    JS/Adware.MultiPlug.B application
C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js    JS/Adware.MultiPlug.B application
C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js    JS/Kryptik.ATB trojan
C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js    JS/Adware.MultiPlug.B application
C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js    JS/Adware.MultiPlug.B application
C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js    JS/Kryptik.ATB trojan
C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js    JS/Adware.MultiPlug.B application
C:\Users\Катето\AppData\Roaming\rmi\KMPlayer_v3.8.0.117.exe    Win32/OpenCandy potentially unsafe application
C:\Users\Катето\AppData\Roaming\uTorrent\updates\3.4.1_30768.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Users\Катето\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe    a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Катето\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe    a variant of Win32/OpenCandy.C potentially unsafe application
C:\Windows\Installer\MSI5564.tmp    a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Моля, повторете сканирането, но този път маркирайте Remove found threats.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Забелязах че намерените файлове са поставени под карантина, след което има опция да бъдат изтрити оттам. Трябва ли да ги изтрия, или да ги оставя така ?

ESETScan2.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Точно този резултат очакваме. Те са изтрити успешно.

Това, което ме интересува на този етап е имаме ли някакви положителни резултати?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

В началото успях да изтегля един филм, без да се отвори нито една реклама,  но като стигнах до субтитрите, пак се започна. При всеки клик на мишката по един нов прозорец. Не знам какъв е този вирус, но явно непрекъснато се възпроизвежда :(

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Съвсем случайно намерих GoogleUpdateHelper за който говорехме преди няколко дена. Странно е че търсачката не го открива, нито пък в списъка със инсталираните програми е наличен. Файлът се намира в C:\Program Files (x86)\Google\Update \1.3.24.15 . GoogleUpdateHelper.msi - тип  пакет за инсталиране на windows. Ще бъде ли проблем ако изтрия цялата папка за по сигурно? И защо търсачката не го открива файла ? Качвам и снимка на съдържанието на папката.

post-345305-0-28695000-1436106147_thumb.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Деинсталирайте временно и Google Earth и ако все още съществува цялата тази папка:

C:\Program Files (x86)\Google

Накрая рестартирайте и стартирайте отново Junkware и AdwCleaner. Публикувайте резултатите и проверете за промяна в състоянието.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход


  • Горещи теми в момента

  • Подобни теми

    • от Васил Джамбазов
      Както казва заглавието когато влизам в различни страници и трябва да ми излезе това captcha дето проверавя дали съм робот но не ми излиза нищо. Или само си върти или напълно нищо не показва. Пробвал съм със 4 различни браузъри и наквсякъде е същото. Рових в нета сумати време и нищо не ми помага. Де-инсталирах антивирусна, махах всички екстенжъни на браузърите и няма резултат. Мисля че проблема ми е в самия компютър някъде.  
      - Не разполагам с компакт диск за ОС. 
       
       
      Addition.txt
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
      Ran by userr (administrator) on USERR-PC (24-12-2017 01:13:05)
      Running from E:\scoped_dir3952_30355
      Loaded Profiles: userr (Available Profiles: userr)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Bulgarian (Bulgaria)
      Internet Explorer Version 11 (Default browser: Opera)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
      (Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      () C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      () C:\Windows\SysWOW64\PnkBstrA.exe
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
      () C:\Program Files (x86)\qBittorrent\qbittorrent.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Gaijin Entertainment) C:\Users\userr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
      (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
      HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
      HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-23] (AVAST Software)
      HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
      HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2014-01-30] (ABBYY Production LLC.)
      HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2016-03-03] ()
      HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "D:\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [15377920 2014-04-29] ()
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [Gaijin.Net Agent] => C:\Users\userr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2268232 2017-11-01] (Gaijin Entertainment)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\MountPoints2: {87819dae-0c57-11e4-9eea-d050991a0dfa} - G:\setup.exe
      AppInit_DLLs: C:\Users\userr\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => No File
      IFEO\bitguard.exe: [Debugger] tasklist.exe
      IFEO\bprotect.exe: [Debugger] tasklist.exe
      IFEO\bpsvc.exe: [Debugger] tasklist.exe
      IFEO\browserdefender.exe: [Debugger] tasklist.exe
      IFEO\browserprotect.exe: [Debugger] tasklist.exe
      IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
      IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
      IFEO\jumpflip: [Debugger] tasklist.exe
      IFEO\protectedsearch.exe: [Debugger] tasklist.exe
      IFEO\searchinstaller.exe: [Debugger] tasklist.exe
      IFEO\searchprotection.exe: [Debugger] tasklist.exe
      IFEO\searchprotector.exe: [Debugger] tasklist.exe
      IFEO\searchsettings.exe: [Debugger] tasklist.exe
      IFEO\searchsettings64.exe: [Debugger] tasklist.exe
      IFEO\snapdo.exe: [Debugger] tasklist.exe
      IFEO\stinst32.exe: [Debugger] tasklist.exe
      IFEO\stinst64.exe: [Debugger] tasklist.exe
      IFEO\umbrella.exe: [Debugger] tasklist.exe
      IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
      IFEO\volaro: [Debugger] tasklist.exe
      IFEO\vonteera: [Debugger] tasklist.exe
      IFEO\websteroids.exe: [Debugger] tasklist.exe
      IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
      Startup: C:\Users\userr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Изрязване на екран и стартиране на OneNote 2010.lnk [2017-04-19]
      ShortcutTarget: Изрязване на екран и стартиране на OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      AutoConfigURL: [S-1-5-21-845983760-1135253478-3104952537-1000] => hxxp://un-stop.net/wpad.dat?c88dfa84e125e454a786d466e2e3db8a7686672
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
      Tcpip\..\Interfaces\{5650381A-159B-4673-BC63-260706D9F749}: [DhcpNameServer] 192.168.100.1
      ManualProxies: 0hxxp://un-stop.net/wpad.dat?c88dfa84e125e454a786d466e2e3db8a7686672
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1431722435&z=60bd0491cc64661fd12a8edg0zcc0g3m0oeo1zbcat&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13800&tm=449&src=ds&p={searchTerms}
      SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13800&tm=449&src=ds&p={searchTerms}
      SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-15] (Oracle Corporation)
      BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-12-23] (AVAST Software)
      BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
      BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-15] (Oracle Corporation)
      BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-15] (Oracle Corporation)
      BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-12-23] (AVAST Software)
      BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-15] (Oracle Corporation)
      StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1431722400&z=cc566e9454f28cf2ca26295g0z7cdgamco6odz3eec&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX
      FireFox:
      ========
      FF ProfilePath: C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default [2017-12-24]
      FF user.js: detected! => C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\user.js [2016-03-15]
      FF Extension: (Avast SafePrice) - C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\Extensions\sp@avast.com.xpi [2017-12-23]
      FF Extension: (Avast Online Security) - C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\Extensions\wrc@avast.com.xpi [2017-12-23]
      FF SearchPlugin: C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\searchplugins\default-search.xml [2014-08-24]
      FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-15] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-15] (Oracle Corporation)
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-12-05] (Adobe Systems, Inc.)
      FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-15] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-15] (Oracle Corporation)
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-01] (NVIDIA Corporation)
      FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-01] (NVIDIA Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR Profile: C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default [2017-12-24]
      CHR Extension: (Assassin's Creed IV Black Flag) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibflpbghgmiinfaefgnldmfajdance [2017-06-01]
      CHR Extension: (Docs) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-19]
      CHR Extension: (YouTube) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-20]
      CHR Extension: (Google Docs Offline) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
      CHR Extension: (Gmail) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-19]
      CHR Extension: (Chrome Media Router) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\userr\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [2014-08-24]
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      Opera: 
      =======
      OPR Extension: (Adblock Plus) - C:\Users\userr\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-09-29]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC)
      S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-23] (AVAST Software)
      R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2015-09-25] (Autodesk) [File not signed]
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-23] (AVAST Software)
      S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-01-26] (BitRaider, LLC)
      S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6532664 2016-08-06] (GOG.com)
      S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
      R2 mi-raysat_3dsMax2009_64; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [65536 2008-03-09] () [File not signed]
      S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4121080 2011-06-13] (INCA Internet Co., Ltd.) [File not signed]
      R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
      S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
      R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-04-01] (NVIDIA Corporation)
      R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
      R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-24] ()
      S3 TunngleService; D:\Tunngle\TnglCtrl.exe [809424 2015-10-27] (Tunngle.net GmbH) [File not signed]
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      S2 Ds3Service; "D:\Downloads\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe" [X]
      S3 GalaxyClientService; "C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe" [X]
      S2 Hamachi2Svc; "D:\LogMeIn Hamachi\x64\hamachi-2.exe" -s [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2017-12-23] (AVAST Software)
      S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2017-12-23] (AVAST Software)
      S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2017-12-23] (AVAST Software)
      S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2017-12-23] (AVAST Software)
      S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2017-12-23] (AVAST Software)
      R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2017-12-23] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2017-12-23] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146664 2017-12-23] (AVAST Software)
      S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2017-12-23] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2017-12-23] (AVAST Software)
      S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2017-12-23] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457400 2017-12-23] (AVAST Software)
      S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2017-12-23] (AVAST Software)
      S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2017-12-23] (AVAST Software)
      S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2016-06-30] ()
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-07-15] (DT Soft Ltd)
      S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-01-24] ()
      R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2016-06-30] ()
      R3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2014-09-16] (MotioninJoy) [File not signed]
      S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
      R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
      R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-04-01] (NVIDIA Corporation)
      R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
      S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [21888 2006-01-29] (Syncrosoft GmbH) [File not signed]
      R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
      U3 aswbdisk; no ImagePath
      S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
      S3 dump_wmimmc; \??\D:\Phantasy Star Universe\PHANTASY STAR UNIVERSE\GameGuard\dump_wmimmc.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-24 01:12 - 2017-12-24 01:13 - 000000000 ____D C:\FRST
      2017-12-23 12:34 - 2017-12-23 12:34 - 000000000 ____D C:\ProgramData\SWCUTemp
      2017-12-23 03:20 - 2017-12-23 03:20 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-23 03:20 - 2017-12-23 03:20 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-23 03:20 - 2017-12-23 03:20 - 000004474 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
      2017-12-23 03:20 - 2017-12-23 03:20 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-23 02:44 - 2017-12-23 02:44 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
      2017-12-23 02:44 - 2017-12-23 02:44 - 000001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2017-12-23 02:44 - 2017-12-23 02:44 - 000000000 ____D C:\Users\userr\AppData\Roaming\AVAST Software
      2017-12-23 02:44 - 2017-12-23 02:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
      2017-12-23 02:43 - 2017-12-23 02:41 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      2017-12-23 02:43 - 2017-12-23 02:41 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
      2017-12-23 02:39 - 2017-12-23 02:39 - 000000000 ____D C:\Program Files\AVAST Software
      2017-12-23 02:30 - 2017-12-23 02:38 - 000000000 ____D C:\Users\userr\AppData\Local\AvgSetupLog
      2017-12-23 02:07 - 2017-12-24 01:10 - 000000000 ____D C:\Users\userr\AppData\LocalLow\Mozilla
      2017-12-23 02:06 - 2017-12-23 02:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-12-23 02:06 - 2017-12-23 02:06 - 000000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-12-10 18:50 - 2017-12-10 19:16 - 000000000 ____D C:\Users\userr\AppData\Roaming\Kodi
      2017-12-10 18:50 - 2017-12-10 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
      2017-12-10 18:49 - 2017-12-10 18:50 - 000000000 ____D C:\Program Files (x86)\Kodi
      2017-12-06 22:46 - 2017-12-06 22:46 - 000000000 ____D C:\Program Files\Common Files\Avast Software
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-24 00:38 - 2014-07-15 18:17 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-23 12:42 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 12:42 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 12:34 - 2014-07-15 17:50 - 000000000 ____D C:\ProgramData\NVIDIA
      2017-12-23 12:33 - 2014-08-24 19:53 - 000000000 ____D C:\Users\userr\AppData\Roaming\AVG
      2017-12-23 12:33 - 2014-08-24 19:53 - 000000000 ____D C:\Users\userr\AppData\Local\AVG
      2017-12-23 12:33 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-12-23 03:20 - 2014-08-26 10:46 - 000000000 ____D C:\Users\userr\AppData\Local\Adobe
      2017-12-23 03:20 - 2014-07-15 18:17 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-23 03:16 - 2016-01-03 00:01 - 000000000 ____D C:\Users\userr\AppData\Local\CrashDumps
      2017-12-23 02:38 - 2016-05-15 19:06 - 000000000 ____D C:\ProgramData\AVAST Software
      2017-12-23 02:38 - 2014-08-24 19:52 - 000000000 ____D C:\ProgramData\AVG
      2017-12-23 02:07 - 2014-07-15 18:21 - 000000000 ____D C:\Users\userr\AppData\Roaming\Mozilla
      2017-12-23 02:06 - 2014-07-15 18:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-21 04:29 - 2014-10-16 22:00 - 000003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1413489654
      2017-12-21 04:29 - 2014-07-15 18:15 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2017-12-21 04:29 - 2014-07-15 18:15 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2017-12-20 12:42 - 2014-07-15 22:11 - 000000000 ____D C:\Program Files (x86)\Opera
      2017-12-12 02:54 - 2014-07-15 18:15 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-10 19:02 - 2014-07-18 10:15 - 000000000 ____D C:\Program Files (x86)\Winamp
      2017-12-02 15:06 - 2016-02-27 13:58 - 000000000 ____D C:\Users\userr\AppData\Roaming\vlc
      2017-11-30 19:55 - 2009-07-14 07:13 - 000800086 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-11-30 19:55 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      ==================== Files in the root of some directories =======
      2015-06-28 11:25 - 2015-06-28 12:50 - 000003958 _____ () C:\Users\userr\AppData\Roaming\LTspiceIV.ini
      2016-01-01 23:01 - 2016-01-15 22:41 - 000007168 _____ () C:\Users\userr\AppData\Roaming\SQLiteManager3.pref
      2016-03-10 19:19 - 2016-03-10 19:19 - 000003584 _____ () C:\Users\userr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2014-07-23 18:59 - 2016-02-24 12:08 - 000000601 _____ () C:\Users\userr\AppData\Local\DialogChoices.xml
      2016-12-14 12:38 - 2016-12-14 12:38 - 000000600 _____ () C:\Users\userr\AppData\Local\PUTTY.RND
      2015-05-29 13:21 - 2015-05-29 13:21 - 000003992 _____ () C:\Users\userr\AppData\Local\recently-used.xbel
      2016-01-01 23:13 - 2009-09-24 21:36 - 000000486 _____ () C:\Users\userr\AppData\Local\uninstall.html
      Some files in TEMP:
      ====================
      2015-09-25 10:11 - 2014-07-31 18:54 - 000015752 _____ (Autodesk, Inc.) C:\Users\userr\AppData\Local\Temp\AcDeltree.exe
      2016-12-09 15:51 - 2016-12-09 15:51 - 000223744 _____ (Un4seen Developments) C:\Users\userr\AppData\Local\Temp\Bass.dll
      2016-12-09 15:51 - 2016-12-09 15:51 - 000647168 _____ (radio42) C:\Users\userr\AppData\Local\Temp\Bass.Net.dll
      2016-04-16 11:05 - 2016-04-16 11:05 - 000385024 _____ (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\Crysis_Patch_1_2_launcher.exe
      2016-04-22 16:02 - 2016-04-23 19:52 - 000208896 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7340014.dll
      2016-04-22 16:08 - 2016-04-23 19:41 - 000204800 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7370014.dll
      2016-04-23 19:57 - 2016-04-24 10:30 - 000204800 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7390004.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000027352 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\DseShExt-x64.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000029912 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\DseShExt-x86.dll
      2015-12-15 08:20 - 2015-12-15 08:20 - 000010240 _____ () C:\Users\userr\AppData\Local\Temp\fh2communityupdaterselfupdate.exe
      2016-06-13 18:37 - 2016-06-13 18:37 - 001962752 _____ (Flexera Software LLC) C:\Users\userr\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
      2015-01-29 15:58 - 2006-01-09 06:35 - 000159744 ____R () C:\Users\userr\AppData\Local\Temp\GMfc.dll
      2016-03-21 16:06 - 2016-03-21 16:06 - 001022043 _____ (                                                            ) C:\Users\userr\AppData\Local\Temp\ICReinstall_HDVideoPlayer.exe
      2016-07-28 09:16 - 2016-07-28 09:16 - 000741440 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u101-windows-au.exe
      2016-10-22 10:00 - 2016-10-22 10:00 - 000737856 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u111-windows-au.exe
      2017-01-21 09:41 - 2017-01-21 09:41 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u121-windows-au.exe
      2017-04-25 10:50 - 2017-04-25 10:50 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u131-windows-au.exe
      2017-07-21 08:54 - 2017-07-21 08:54 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u141-windows-au.exe
      2017-11-15 11:43 - 2017-11-15 11:43 - 001856576 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u151-windows-au.exe
      2016-03-27 09:48 - 2016-03-27 09:48 - 000736320 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u77-windows-au.exe
      2016-04-24 10:15 - 2016-04-24 10:15 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u91-windows-au.exe
      2015-01-29 15:58 - 1999-12-17 14:00 - 000995383 ____R (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\Mfc42.dll
      2015-01-29 15:58 - 1999-12-17 14:00 - 000295000 ____R (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\MSVCRT.dll
      2016-03-07 10:20 - 2016-03-07 10:20 - 005495448 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe
      2016-08-16 17:42 - 2016-08-16 17:42 - 006359496 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.23.exe
      2016-01-25 13:38 - 2016-01-25 13:38 - 006350128 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.6.exe
      2017-01-02 12:39 - 2017-01-02 12:39 - 006456560 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.63.11.exe
      2017-06-14 10:20 - 2017-06-14 10:20 - 006441096 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.63.14.exe
      2015-09-01 18:07 - 2016-08-25 22:50 - 000746088 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvSCPAPI.dll
      2015-11-22 12:40 - 2015-11-14 07:54 - 000835776 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvSCPAPI64.dll
      2015-10-13 12:53 - 2015-07-23 02:46 - 000783688 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvStInst.exe
      2015-08-04 14:25 - 2015-08-04 14:25 - 000032984 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\SDShelEx-win32.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000031960 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\SDShelEx-x64.dll
      2006-01-04 09:04 - 2006-01-04 09:04 - 000098304 ____R () C:\Users\userr\AppData\Local\Temp\Setup.exe
      2016-06-23 10:10 - 2016-07-05 21:28 - 000192512 _____ () C:\Users\userr\AppData\Local\Temp\sfamcc00001.dll
      2015-02-10 19:56 - 2015-02-10 19:56 - 000105984 _____ () C:\Users\userr\AppData\Local\Temp\sfextra.dll
      2016-09-12 19:41 - 2016-09-12 19:42 - 036634172 _____ (Bogdan Ureche                                               ) C:\Users\userr\AppData\Local\Temp\SQLiteExpertPersSetup.exe
      2015-01-29 15:58 - 2006-01-09 18:37 - 000393216 ____R () C:\Users\userr\AppData\Local\Temp\UnivUI.dll
      2015-12-20 20:03 - 2015-12-20 20:03 - 013977352 _____ (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\vcredist_2015_Update_1_x86.exe
      2016-09-02 18:27 - 2016-09-02 18:28 - 000003584 _____ () C:\Users\userr\AppData\Local\Temp\_j5iljyu.dll
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-19 00:16
      ==================== End of FRST.txt ============================
      FRST.txt
    • от Емилиян Радоев
      Лаптома ми се товарии загрява мисля, че имам вируси в системата
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
      Ran by Emiliyan (administrator) on WISE (20-12-2017 16:03:52)
      Running from C:\Users\Emiliyan\Downloads
      Loaded Profiles: Emiliyan (Available Profiles: Emiliyan)
      Platform: Windows 8 (X64) Language: English (United States)
      Internet Explorer Version 10 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AMD) C:\Windows\System32\atiesrxx.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
      (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
      (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
      (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
      (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
      (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [] => [X]
      HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
      HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
      HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
      HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
      HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
      HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
      HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
      HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-12-19] (AVAST Software)
      HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
      HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-22] (Pegatron Corporation)
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-17] (Disc Soft Ltd)
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\Run: [Chromium] => "c:\users\emiliyan\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\MountPoints2: {3200876f-a128-11e7-be97-74e543b067e1} - "E:\stp-fifa17.exe" 
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\MountPoints2: {5d49cdaf-cde8-11e7-bea2-74e543b067e1} - "F:\Install.exe" 
      Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Tcpip\..\Interfaces\{4162F2B5-AEAE-42DB-9CD1-CF34657B6E2D}: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Tcpip\..\Interfaces\{72560D0F-2D93-4ECB-9356-DBA41E983165}: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
      SearchScopes: HKU\S-1-5-21-3433298263-1705697951-3842491668-1001 -> DefaultScope {0117524D-8F49-4D9B-B308-983D78D06507} URL = 
      BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
      BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
      Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
      Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
      FireFox:
      ========
      FF DefaultProfile: 1dnbjirw.default
      FF ProfilePath: C:\Users\Emiliyan\AppData\Roaming\Mozilla\Firefox\Profiles\1dnbjirw.default [2017-12-20]
      FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
      FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-07-24] (Nero AG)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
      FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
      Chrome: 
      =======
      CHR Profile: C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default [2017-12-20]
      CHR Extension: (Slides) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Docs) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Google Drive) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-21]
      CHR Extension: (YouTube) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-21]
      CHR Extension: (Google Docs Offline) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-21]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-21]
      CHR Extension: (Gmail) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-21]
      CHR Extension: (Chrome Media Router) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-12-19] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-12-19] (AVAST Software)
      R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291392 2017-08-17] (Disc Soft Ltd)
      R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
      R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
      R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
      R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-08-03] (McAfee, Inc.)
      R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-08-03] (McAfee, Inc.)
      R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-08-03] (McAfee, Inc.)
      S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
      R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-05-26] (McAfee, Inc.)
      R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-05-26] (McAfee, Inc.)
      R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-05-26] (McAfee, Inc.)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
      S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-12-19] (AVAST Software)
      S1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-12-19] (AVAST Software s.r.o.)
      R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-12-19] (AVAST Software s.r.o.)
      R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-12-19] (AVAST Software s.r.o.)
      R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-12-19] (AVAST Software s.r.o.)
      S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-12-19] (AVAST Software)
      R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-12-19] (AVAST Software)
      R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-12-19] (AVAST Software)
      R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-12-19] (AVAST Software)
      R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-12-19] (AVAST Software)
      R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-12-19] (AVAST Software)
      R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-12-19] (AVAST Software)
      R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-12-19] (AVAST Software)
      R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
      S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [69672 2012-08-03] (McAfee, Inc.)
      S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
      R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-09-24] (Disc Soft Ltd)
      R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-09-24] (Disc Soft Ltd)
      R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [169320 2012-08-03] (McAfee, Inc.)
      R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [300392 2012-08-03] (McAfee, Inc.)
      S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [66736 2012-07-19] (McAfee, Inc.)
      R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [513456 2012-08-03] (McAfee, Inc.)
      R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [752672 2012-08-03] (McAfee, Inc.)
      S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [106112 2012-08-03] (McAfee, Inc.)
      R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [335784 2012-08-03] (McAfee, Inc.)
      R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
      R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
      S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-20 16:03 - 2017-12-20 16:04 - 000015501 _____ C:\Users\Emiliyan\Downloads\FRST.txt
      2017-12-20 16:03 - 2017-12-20 16:03 - 002392064 _____ (Farbar) C:\Users\Emiliyan\Downloads\FRST64.exe
      2017-12-20 16:03 - 2017-12-20 16:03 - 000000000 ____D C:\FRST
      2017-12-20 15:51 - 2017-12-20 15:51 - 001931969 _____ C:\Users\Emiliyan\Downloads\ProcessExplorer.zip
      2017-12-19 22:11 - 2017-12-20 00:14 - 000000000 ____D C:\Users\Emiliyan\Downloads\In.Time.2011.BRRip.XviD.BGAudio-SLSS
      2017-12-19 22:10 - 2017-12-19 22:23 - 000000000 ____D C:\Users\Emiliyan\Downloads\We're.the.Millers.2013.BDRip.XviD.BGAUDiO-SLSS
      2017-12-19 19:41 - 2017-12-19 19:42 - 000000000 ____D C:\Users\Emiliyan\Downloads\Spico
      2017-12-19 19:35 - 2017-12-19 19:44 - 000000000 ____D C:\Users\Emiliyan\Downloads\KMSpico 9.2.3
      2017-12-19 19:32 - 2017-12-19 19:32 - 000000000 ____D C:\ProgramData\SWCUTemp
      2017-12-19 19:27 - 2017-12-19 19:27 - 000000000 ____D C:\Users\Emiliyan\Downloads\KMSpico_10.2.0
      2017-12-19 19:12 - 2017-12-20 15:36 - 000000000 ____D C:\Program Files\KMSpico
      2017-12-19 19:12 - 2017-12-19 19:12 - 000003742 _____ C:\WINDOWS\System32\Tasks\Optimize Thumbnail Cache Files
      2017-12-19 19:12 - 2017-12-19 19:12 - 000003272 _____ C:\WINDOWS\System32\Tasks\InstallShield® Update Service Scheduler
      2017-12-19 18:45 - 2017-12-19 18:45 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\AVAST Software
      2017-12-19 18:43 - 2017-12-19 19:11 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
      2017-12-19 18:43 - 2017-12-19 18:43 - 000001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2017-12-19 18:43 - 2017-12-19 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
      2017-12-19 18:43 - 2017-12-19 18:43 - 000000000 ____D C:\Program Files\Common Files\Avast Software
      2017-12-19 18:42 - 2017-12-19 18:43 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
      2017-12-19 18:42 - 2017-12-19 18:42 - 000001087 _____ C:\Users\Emiliyan\Desktop\Your Unin-staller!.lnk
      2017-12-19 18:42 - 2017-12-19 18:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
      2017-12-19 18:42 - 2017-12-19 18:42 - 000000000 ____D C:\Program Files (x86)\Your Uninstaller! 7
      2017-12-19 18:42 - 2017-12-19 18:41 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
      2017-12-19 18:41 - 2017-12-20 15:36 - 000000000 ____D C:\Users\Emiliyan\AppData\Local\{F5EAC3B6-D142-AF0E-BCDA-8AE698B2767E}
      2017-12-19 18:41 - 2017-12-19 18:54 - 000000000 ____D C:\ProgramData\TEMP
      2017-12-19 18:41 - 2017-12-19 18:41 - 006822592 _____ (URSoft, Inc. ) C:\Users\Emiliyan\Downloads\your_uninstaller [1].exe
      2017-12-19 18:41 - 2017-12-19 18:41 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
      2017-12-19 18:41 - 2017-12-19 18:41 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\URSoft
      2017-12-19 18:39 - 2017-12-20 15:37 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Opera Software
      2017-12-19 18:39 - 2017-12-20 15:37 - 000000000 ____D C:\Users\Emiliyan\AppData\Local\Opera Software
      2017-12-19 18:39 - 2017-12-19 18:39 - 000000000 ____D C:\Program Files\AVAST Software
      2017-12-19 18:38 - 2017-12-19 18:38 - 007289800 _____ (URSoft, Inc. ) C:\Users\Emiliyan\Downloads\yusetup7.exe
      2017-12-19 18:38 - 2017-12-19 18:38 - 000002657 _____ C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk
      2017-12-19 13:42 - 2017-12-19 13:42 - 000281568 _____ C:\WINDOWS\Minidump\121917-26937-01.dmp
      2017-12-19 13:30 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\DigitalPlayground -  Janice Griffith (50 Ways To Fuck) 12 november 2014 [.mp4]
      2017-12-19 13:28 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\TeensLikeItBig - Elsa Jean, Gia Paige, Gina Valentina (The Cocksuckers Club)
      2017-12-19 13:27 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\Naughty Bookworms - Lexi Diamond
      2017-12-19 13:27 - 2017-12-19 13:27 - 000008240 _____ C:\Users\Emiliyan\Downloads\TeensLikeItBig - Elsa Jean, Gia Paige, Gina Valentina (The Cocksuckers Club).torrent
      2017-12-19 13:26 - 2017-12-19 13:26 - 000017308 _____ C:\Users\Emiliyan\Downloads\Naughty Bookworms - Lexi Diamond.torrent
      2017-12-19 13:26 - 2017-12-19 13:26 - 000013206 _____ C:\Users\Emiliyan\Downloads\DigitalPlayground -  Janice Griffith (50 Ways To Fuck) 12 november 2014 [.mp4].torrent
      2017-12-19 13:22 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\Tiny4K- Elsa Jean - Big Game Tiny Hole
      2017-12-19 13:22 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\KAYLEE HAZE aka Kylie Nicole - Break My Hymen
      2017-12-19 13:22 - 2017-12-19 13:22 - 000019856 _____ C:\Users\Emiliyan\Downloads\Tiny4K- Elsa Jean - Big Game Tiny Hole.torrent
      2017-12-19 13:22 - 2017-12-19 13:22 - 000016441 _____ C:\Users\Emiliyan\Downloads\KAYLEE HAZE aka Kylie Nicole - Break My Hymen.torrent
      2017-12-19 13:18 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\RKPrimeReality - Apolonia Lapiedra - Apolonias Blew Movie
      2017-12-19 13:17 - 2017-12-19 13:17 - 000013807 _____ C:\Users\Emiliyan\Downloads\RKPrimeReality - Apolonia Lapiedra - Apolonias Blew Movie.torrent
      2017-12-19 13:15 - 2017-12-19 13:15 - 000019694 _____ C:\Users\Emiliyan\Downloads\TeensLikeItBig - Janice Griffith.torrent
      2017-12-19 13:15 - 2017-12-19 13:15 - 000018341 _____ C:\Users\Emiliyan\Downloads\BangbrosClips - Piper Perri (Pipe Her!! And By Her, We Mean Pipeperr!) NEW February 19 2015 SD MP4s.torrent
      2017-12-19 13:08 - 2017-12-19 13:08 - 000014431 _____ C:\Users\Emiliyan\Downloads\RKPrime - Tiffany Watson (Naughty Trainer).torrent
      2017-12-19 12:57 - 2017-12-19 12:57 - 000016656 _____ C:\Users\Emiliyan\Downloads\Elsa Jean - Bubble Blonde.torrent
      2017-12-19 12:19 - 2017-12-19 12:19 - 018316917 _____ C:\Users\Emiliyan\Downloads\Drift Pack.rar
      2017-12-17 23:39 - 2017-12-17 23:39 - 000000627 _____ C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\arhiv.lnk
      2017-12-14 00:48 - 2017-12-14 00:48 - 000000000 _____ C:\Users\Emiliyan\Desktop\New Text Document (2).txt
      2017-12-12 14:12 - 2017-12-12 14:12 - 000281512 _____ C:\WINDOWS\Minidump\121217-37562-01.dmp
      2017-12-11 20:22 - 2017-12-11 20:22 - 000000000 ____D C:\Mu BattleZone Hard (No Sound)(1)
      2017-12-11 20:01 - 2017-12-11 20:02 - 092586941 _____ C:\Mu BattleZone Hard (No Sound)(1).rar
      2017-12-07 16:14 - 2017-12-07 16:14 - 000000000 ____D C:\Users\Emiliyan\Downloads\1231
      2017-12-07 16:13 - 2017-12-07 16:14 - 092586941 _____ C:\Users\Emiliyan\Downloads\1231.rar
      2017-12-07 13:12 - 2017-12-07 13:12 - 000015260 _____ C:\Users\Emiliyan\Downloads\ReVolt_17.1124a.exe.torrent
      2017-11-24 14:44 - 2017-11-24 14:44 - 016270006 _____ C:\Users\Emiliyan\Downloads\sa-mp-0.3.7-install (1).exe
      2017-11-24 14:38 - 2017-12-18 18:43 - 000000000 ____D C:\Users\Emiliyan\Documents\GTA San Andreas User Files
      2017-11-24 14:38 - 2017-11-24 14:38 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
      2017-11-24 14:38 - 2017-11-24 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
      2017-11-24 14:28 - 2017-11-24 14:28 - 000001914 _____ C:\Users\Public\Desktop\GTA San Andreas.lnk
      2017-11-24 14:28 - 2017-11-24 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
      2017-11-24 14:28 - 2017-11-24 14:28 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
      2017-11-24 14:04 - 2017-11-24 14:04 - 016270006 _____ C:\Users\Emiliyan\Downloads\sa-mp-0.3.7-install.exe
      2017-11-24 14:04 - 2017-11-24 14:04 - 000000000 ____D C:\Users\Emiliyan\Downloads\crack
      2017-11-24 14:03 - 2017-11-24 14:03 - 004811976 _____ C:\Users\Emiliyan\Downloads\crack.rar
      2017-11-24 14:03 - 2017-11-24 14:03 - 000162504 _____ C:\Users\Emiliyan\Downloads\[ArenaBG.com]-Grand Theft Auto (GTA) San Andreas-HOODLUM.torrent
      2017-11-23 17:55 - 2017-12-19 18:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-20 15:51 - 2017-06-22 01:33 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\uTorrent
      2017-12-20 15:46 - 2017-06-22 14:55 - 000000000 ____D C:\Users\Emiliyan\AppData\LocalLow\Mozilla
      2017-12-20 12:14 - 2017-06-22 14:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2017-12-19 19:37 - 2012-07-26 09:28 - 000848230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2017-12-19 19:37 - 2012-07-26 07:37 - 000000000 ____D C:\WINDOWS\Inf
      2017-12-19 19:31 - 2017-06-22 00:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
      2017-12-19 19:30 - 2012-07-26 09:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-12-19 19:12 - 2012-08-29 23:53 - 000000000 ____D C:\WINDOWS\System32\Tasks\Toshiba
      2017-12-19 19:10 - 2017-07-07 21:08 - 000000000 ____D C:\Users\Emiliyan\Downloads\simson
      2017-12-19 18:52 - 2012-08-30 09:14 - 000000000 ____D C:\WINDOWS\Panther
      2017-12-19 18:52 - 2012-07-26 10:12 - 000000000 ___HD C:\Program Files\WindowsApps
      2017-12-19 18:52 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\AUInstallAgent
      2017-12-19 18:41 - 2017-09-24 18:24 - 000000000 ____D C:\ProgramData\AVAST Software
      2017-12-19 13:56 - 2017-11-19 22:13 - 000000000 ____D C:\Users\Emiliyan\Downloads1
      2017-12-19 13:42 - 2017-06-22 12:00 - 000000000 ____D C:\WINDOWS\Minidump
      2017-12-19 13:42 - 2017-06-22 11:59 - 715990818 _____ C:\WINDOWS\MEMORY.DMP
      2017-12-18 21:49 - 2017-10-12 12:37 - 000222208 ___SH C:\Users\Emiliyan\Desktop\Thumbs.db
      2017-12-12 22:20 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
      2017-12-12 22:20 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2017-12-12 14:11 - 2017-06-22 14:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-12 08:49 - 2017-09-21 16:27 - 000002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-12 08:49 - 2017-09-21 16:27 - 000002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-12-11 00:40 - 2017-06-22 14:53 - 000000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-11-24 15:37 - 2017-09-25 19:03 - 000281088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2017-11-24 15:36 - 2012-07-26 07:26 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
      2017-11-24 14:28 - 2012-08-29 23:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
      2017-11-23 17:56 - 2017-06-22 14:55 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Mozilla
      2017-11-23 17:56 - 2017-06-22 14:53 - 000000935 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
      ==================== Files in the root of some directories =======
      2017-06-22 01:24 - 2017-06-22 01:24 - 000007606 _____ () C:\Users\Emiliyan\AppData\Local\Resmon.ResmonCfg
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-15 14:17
      ==================== End of FRST.txt ============================
      Addition.txt
    • от embolado
      Здравейте! От няколко дни NOD32 периодично ми изкарва съобщението от картинката, което ме кара да се съмянвам, че компютъра ми има вирус.

      Ето и логовете от FRST
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
      Ran by USER (administrator) on USER-PC (23-12-2017 17:16:05)
      Running from C:\Users\USER\Desktop
      Loaded Profiles: USER (Available Profiles: USER)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
      Internet Explorer Version 10 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
      (Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
      (Node.js) C:\Windows\Prey\versions\1.7.2\bin\node.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
      () D:\Install\Testing Tools\quietHDD\quietHDD.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
      (Fork, Ltd.) C:\Windows\Prey\versions\1.7.2\node_modules\triggers\bin\lightevt.exe
      (HP) C:\Windows\System32\HPSIsvc.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
      (ESET) C:\Program Files\ESET\ESET Security\egui.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [324352 2017-12-21] (ESET)
      HKLM-x32\...\Run: [] => [X]
      HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
      HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [322432 2012-04-04] (Hewlett-Packard Company)
      HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-05-14] (IVT Corporation)
      Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
      Winlogon\Notify\WgaLogon:
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {027c0954-011d-11e7-92c7-b4b52f788ef4} - F:\DriverPack.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {95871b5f-00b7-11e7-8cf1-b4b52f788ef4} - F:\DriverPack.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {d96b13d4-6d84-11e5-92f1-b4b52f788ef4} - H:\setup.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {e6bf35c6-0111-11e7-8df9-b4b52f788ef4} - F:\DriverPack.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {e80d797e-c983-11e5-bc97-b4b52f788ef4} - F:\setup.exe
      AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2014-05-16] (Jaksta Technologies Pty Ltd)
      Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quietHDD.lnk [2013-03-09]
      ShortcutTarget: quietHDD.lnk -> D:\Install\Testing Tools\quietHDD\quietHDD.exe ()
      GroupPolicy: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      ProxyServer: [S-1-5-21-2316775370-2964681540-2297035872-1000] => https=127.0.0.1:54745
      Hosts: 127.0.0.1   www.martau.com
      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{3D41CC7B-1CA0-4A34-B378-EF83D183B83F}: [NameServer] 8.8.8.8,8.8.4.4
      Tcpip\..\Interfaces\{42A1B73C-2FD5-4744-A1AC-DD4C68DBB756}: [DhcpNameServer] 192.168.1.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.bg/
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      SearchScopes: HKU\S-1-5-21-2316775370-2964681540-2297035872-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
      BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
      BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
      Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
      Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
      FireFox:
      ========
      FF DefaultProfile: bx4xcpl7.default
      FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default [2017-12-23]
      FF Homepage: Mozilla\Firefox\Profiles\bx4xcpl7.default -> google.bg
      FF NewTabOverride: Mozilla\Firefox\Profiles\bx4xcpl7.default -> Enabled: "id":"{66E978CD-981F-47DF-AC42-E3CF417C1467
      FF Extension: (MEGA) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\firefox@mega.co.nz.xpi [2017-11-17]
      FF Extension: (New Tab Homepage) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2017-11-18]
      FF Extension: (image-save) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{6f99b5da-d696-4a33-8cc4-072873422204}.xpi [2017-11-17]
      FF Extension: (Adblock Plus) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-13] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1630456 2013-06-07] (IVT Corporation)
      R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-05-14] (IVT Corporation)
      R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2017-11-22] (Fork, Ltd.) [File not signed]
      R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1940584 2017-12-21] (ESET)
      R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [368512 2012-04-04] (Hewlett-Packard Company)
      S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
      S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
      S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-09-06] (DEVGURU Co., LTD.)
      S4 STacSV; C:\Program Files\IDT\WDM\stacsv64.exe [323072 2012-09-20] (IDT, Inc.) [File not signed]
      S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [283480 2017-03-04] (Sysprogs OU)
      U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
      R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
      R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24840 2009-01-07] (IVT Corporation.)
      S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
      S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [35848 2008-12-07] ()
      S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-06] (Samsung Electronics Co., Ltd.)
      S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-06-04] (Disc Soft Ltd)
      S3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-10-08] (DT Soft Ltd)
      R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [134368 2017-12-08] (ESET)
      R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180088 2017-12-08] (ESET)
      R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [106304 2017-12-08] (ESET)
      S1 ISODrive; C:\Windows\SysWOW64\Drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
      S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [31624 2008-07-02] (IVT Corporation.)
      S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
      R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1162952 2013-07-13] (Ralink Technology, Corp.)
      R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1864328 2012-10-03] ()
      S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-06] (Samsung Electronics Co., Ltd.)
      U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
      U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
      S3 BT; system32\DRIVERS\btnetdrv.sys [X]
      S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
      S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
      S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
      S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
      S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
      S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
      S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
      S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
      S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
      S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
      S3 VComm; system32\DRIVERS\VComm.sys [X]
      S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
      S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-23 17:16 - 2017-12-23 17:16 - 000012226 _____ C:\Users\USER\Desktop\FRST.txt
      2017-12-23 17:15 - 2017-12-23 17:16 - 000000000 ____D C:\FRST
      2017-12-23 16:58 - 2017-12-23 16:58 - 002392064 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
      2017-12-14 23:52 - 2017-12-14 23:52 - 000000000 ____D C:\Users\USER\AppData\Local\Viber
      2017-11-29 17:30 - 2017-11-29 17:30 - 000000000 ____D C:\Users\USER\AppData\Roaming\ABBYY
      2017-11-28 23:28 - 2017-11-28 23:28 - 000002697 _____ C:\Users\Public\Desktop\Skype.lnk
      2017-11-28 23:28 - 2017-11-28 23:28 - 000000000 ___RD C:\Program Files (x86)\Skype
      2017-11-28 23:28 - 2017-11-28 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      2017-11-24 13:58 - 2017-12-11 17:13 - 000001438 _____ C:\Users\USER\Desktop\Mozilla Firefox.lnk
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-23 17:15 - 2017-03-03 19:29 - 000000000 ____D C:\Users\USER\AppData\LocalLow\Mozilla
      2017-12-23 17:14 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 17:14 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 17:09 - 2017-05-08 00:51 - 000000000 ____D C:\Users\USER\AppData\Roaming\Skype
      2017-12-23 17:08 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2017-12-23 17:06 - 2017-11-22 20:05 - 000000000 ____D C:\Windows\Prey
      2017-12-23 17:06 - 2013-09-13 16:20 - 000001017 _____ C:\Windows\SysWOW64\bscs.ini
      2017-12-23 17:06 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-12-23 16:55 - 2009-07-14 07:13 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-12-23 02:05 - 2013-04-26 22:50 - 000000000 ____D C:\Users\USER\AppData\Local\CrashDumps
      2017-12-23 00:51 - 2017-11-22 19:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
      2017-12-22 18:37 - 2014-11-03 20:17 - 000004096 _____ C:\Users\USER\AppData\Local\keyfile3.drm
      2017-12-22 01:38 - 2017-07-11 22:53 - 000000000 ____D C:\Users\USER\AppData\Roaming\uTorrent
      2017-12-21 21:59 - 2013-11-26 22:18 - 000000000 ____D C:\Users\USER\AppData\Roaming\vlc
      2017-12-18 15:30 - 2016-03-18 02:15 - 000012288 ___SH C:\Users\USER\AppData\Roaming\Thumbs.db
      2017-12-17 10:12 - 2017-10-21 08:34 - 000000000 ____D C:\Users\USER\AppData\Roaming\ViberPC
      2017-12-13 01:23 - 2017-11-17 22:38 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-13 01:23 - 2017-11-17 22:38 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-13 01:23 - 2017-11-17 22:38 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-13 01:23 - 2013-03-28 20:01 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-13 01:23 - 2012-12-29 22:02 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-09 11:17 - 2017-11-17 21:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-08 23:22 - 2017-11-17 21:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-12-08 20:25 - 2017-11-02 09:02 - 000134368 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
      2017-12-08 20:25 - 2017-10-09 16:49 - 000180088 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
      2017-12-08 20:25 - 2017-09-19 09:05 - 000106304 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
      2017-11-28 23:28 - 2012-12-30 00:31 - 000000000 ____D C:\ProgramData\Skype
      ==================== Files in the root of some directories =======
      2016-03-18 02:15 - 2017-12-18 15:30 - 000012288 ___SH () C:\Users\USER\AppData\Roaming\Thumbs.db
      2016-02-08 01:25 - 2016-02-08 01:25 - 000006529 _____ () C:\Users\USER\AppData\Roaming\UserTile.png
      2015-06-08 18:55 - 2015-08-20 17:08 - 000000031 _____ () C:\Users\USER\AppData\Local\burnaware.ini
      2013-04-18 15:40 - 2015-08-23 12:48 - 000007680 _____ () C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2017-09-25 20:21 - 2017-09-25 20:21 - 000000036 _____ () C:\Users\USER\AppData\Local\housecall.guid.cache
      2014-11-03 20:17 - 2017-12-22 18:37 - 000004096 _____ () C:\Users\USER\AppData\Local\keyfile3.drm
      2013-02-05 23:18 - 2013-02-05 23:18 - 000000001 _____ () C:\Users\USER\AppData\Local\llftool.4.25.agreement
      2015-06-19 18:43 - 2015-06-19 18:43 - 000000001 _____ () C:\Users\USER\AppData\Local\llftool.4.40.agreement
      2017-06-20 18:27 - 2017-06-20 18:27 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.1.10.agreement
      2017-08-28 22:48 - 2017-08-28 22:48 - 000000013 _____ () C:\Users\USER\AppData\Local\RawCopy.savedialog.dir
      2017-08-28 22:48 - 2017-08-28 22:48 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.savedialog.filterindex
      2017-06-20 18:27 - 2017-08-29 12:08 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.sourcedisk.index
      2013-02-18 20:48 - 2017-11-11 20:47 - 000007652 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-19 02:06
      ==================== End of FRST.txt ============================
       
       
      Addition.txt
    • от D101149
      Здравейте! Имам проблеми със системата си, за пореден път се обръщам към вас с надеждата отново да ми помогнете.  Просто искам да кажа, че направих голяма глупост и се нахаках с куп вируси, ако ударите едно рамо ще съм ви много благодарен за пореден път
      FRST.txt
      Addition.txt
    • от Tania Simeonova
      Нямам представа какъв е вирусът, но компютърът не работи правилно, не се отварят напълно страниците, голяма част от изображенията не се зареждат!
      резултатите от сканирането: FRST.txt
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2017
      Ran by krasi (administrator) on KRASI-PC (13-12-2017 18:19:54)
      Running from C:\Users\krasi\Downloads
      Loaded Profiles: krasi (Available Profiles: krasi)
      Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
      Internet Explorer Version 11 (Default browser not detected!)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      (AMD) C:\Windows\System32\atiesrxx.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (阿里巴巴(中国)有限公司) C:\Program Files (x86)\AliSafeEngine\5.0.2\AliSafeEngine.exe
      (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
      () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
      () C:\Windows\SysWOW64\PnkBstrA.exe
      (Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
      (Alibaba (China) Co., LTD. All rights reserved.) C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe
      (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      (Alibaba Group) C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe
      (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
      (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
      (阿里巴巴(中国)有限公司) C:\Users\krasi\AppData\Roaming\TaobaoProtect\TaobaoProtect.exe
      (Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
      (© 2015 Microsoft Corporation) C:\Users\krasi\AppData\Local\Microsoft\BingSvc\BingSvc.exe
      () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      () C:\Users\krasi\AppData\Local\Ivideon\IvideonServer\IvideonServer.exe
      (Alibaba (China) Co., Ltd.) C:\Program Files (x86)\TradeManager\AliIM.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
      (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
      () C:\Program Files (x86)\STDU Viewer\STDUViewerApp.exe
      (阿里巴巴(中国)有限公司) C:\Program Files (x86)\AliSafeEngine\5.0.2\AliIMSafeUI.exe
      (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
      () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
      (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
      () C:\Users\krasi\AppData\Local\Ivideon\IvideonServer\IvideonServerWatchDog.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      () C:\Program Files (x86)\TradeManager\AliApp.exe
      () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
      () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
      () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
      (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
      HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
      HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
      HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
      HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
      HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
      HKLM-x32\...\Run: [] => [X]
      HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
      HKLM-x32\...\Run: [zenvpn] => C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\zenvpn.exe
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Software Informer] => C:\Program Files\Software Informer\softinfo.exe [1634304 2015-06-26] (Informer Technologies, Inc.)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Facebook Update] => C:\Users\krasi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-20] (Facebook Inc.)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [BingSvc] => C:\Users\krasi\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-17] (© 2015 Microsoft Corporation)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] ()
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Ivideon Server] => C:\Users\krasi\AppData\Local\Ivideon\IvideonServer\IvideonServer.exe [2745384 2016-04-06] ()
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Auto Hide IP] => C:\Program Files (x86)\AutoHideIP\AutoHideIP.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [ProxyFirewall] => C:\Program Files (x86)\ProxyFirewall\ProxyFirewall.exe************************************************************************************************************************************************** (the data entry has 59 more characters).
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Vidalia] => "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [aliim] => C:\Program Files (x86)\TradeManager\AliIM.exe [556472 2017-09-21] (Alibaba (China) Co., Ltd.)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\MountPoints2: {360dbedc-faa0-11e6-8f8e-002215d5bbf6} - F:\HTC_Sync_Manager_PC.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\MountPoints2: {601ad4bf-24f1-11e3-9659-002215d5bbf6} - E:\Autorun.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\MountPoints2: {ad78493c-8f26-11e7-a40c-002215d5bbf6} - F:\HTC_Sync_Manager_PC.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\...\MountPoints2: {c6bba659-6e94-11e3-b0c9-002215d5bbf6} - F:\HTC_Sync_Manager_PC.exe
      HKU\S-1-5-21-237019498-3253715406-2815218077-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-11-15]
      ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
      Startup: C:\Users\krasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Изрязване на екран и стартиране на OneNote 2010.lnk [2017-01-10]
      ShortcutTarget: Изрязване на екран и стартиране на OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
      GroupPolicy\User: Restriction <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 31.211.159.254 31.211.159.253
      Tcpip\..\Interfaces\{4E2EDFE8-1AE1-40D1-8B42-FACE1D9B1466}: [DhcpNameServer] 31.211.159.254 31.211.159.253
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
      BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
      BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-20] (Oracle Corporation)
      BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
      BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.2.18\AVG Web TuneUp.dll => No File
      BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-20] (Oracle Corporation)
      Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
      Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
      Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe
      FireFox:
      ========
      FF ProfilePath: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default [2017-12-13]
      FF Homepage: Mozilla\Firefox\Profiles\8979hrxg.default -> hxxps://www.google.bg/
      FF NetworkProxy: Mozilla\Firefox\Profiles\8979hrxg.default -> http", "1.160.3.133"
      FF Extension: (Best Proxy Switcher) - C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\Extensions\bestproxyswitcher@bestproxyswitcher.com.xpi [2017-10-16]
      FF Extension: (Firebug) - C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\Extensions\firebug@software.joehewitt.com.xpi [2017-10-24] [Legacy]
      FF Extension: (Fox Web Security) - C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\Extensions\s3fox@security.xpi [2017-10-16] [Legacy]
      FF Extension: (Test Pilot) - C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\Extensions\testpilot@labs.mozilla.com.xpi [2016-09-08] [Legacy]
      FF Extension: (NoScript) - C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-12-04]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\aol-search.xml [2013-06-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-1.xml [2015-02-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-10.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-100.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-101.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-102.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-103.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-104.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-105.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-106.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-107.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-108.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-109.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-11.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-110.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-111.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-112.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-113.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-114.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-115.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-116.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-117.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-118.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-119.xml [2015-06-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-12.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-120.xml [2015-07-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-121.xml [2015-07-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-122.xml [2015-07-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-123.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-124.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-125.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-126.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-127.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-128.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-129.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-13.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-130.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-131.xml [2015-07-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-132.xml [2015-08-12]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-133.xml [2015-08-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-134.xml [2015-08-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-135.xml [2015-08-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-136.xml [2015-08-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-137.xml [2015-08-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-138.xml [2015-08-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-139.xml [2015-08-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-14.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-140.xml [2015-08-22]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-141.xml [2015-08-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-142.xml [2015-08-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-143.xml [2015-08-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-144.xml [2015-08-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-145.xml [2015-08-30]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-146.xml [2015-08-30]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-147.xml [2015-08-30]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-148.xml [2015-08-30]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-149.xml [2015-08-30]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-15.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-150.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-151.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-152.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-153.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-154.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-155.xml [2015-09-07]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-156.xml [2015-09-10]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-157.xml [2015-09-10]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-16.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-17.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-18.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-19.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-2.xml [2015-02-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-20.xml [2015-02-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-21.xml [2015-02-25]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-22.xml [2015-02-25]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-23.xml [2015-02-25]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-24.xml [2015-02-25]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-25.xml [2015-03-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-26.xml [2015-03-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-27.xml [2015-03-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-28.xml [2015-03-18]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-29.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-3.xml [2015-02-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-30.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-31.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-32.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-33.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-34.xml [2015-03-23]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-35.xml [2015-03-27]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-36.xml [2015-03-27]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-37.xml [2015-03-27]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-38.xml [2015-03-27]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-39.xml [2015-03-27]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-4.xml [2015-02-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-40.xml [2015-04-05]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-41.xml [2015-04-05]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-42.xml [2015-04-05]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-43.xml [2015-04-05]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-44.xml [2015-04-14]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-45.xml [2015-04-14]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-46.xml [2015-04-14]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-47.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-48.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-49.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-5.xml [2015-02-17]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-50.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-51.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-52.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-53.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-54.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-55.xml [2015-04-15]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-56.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-57.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-58.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-59.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-6.xml [2015-02-17]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-60.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-61.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-62.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-63.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-64.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-65.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-66.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-67.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-68.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-69.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-7.xml [2015-02-17]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-70.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-71.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-72.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-73.xml [2015-04-16]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-74.xml [2015-04-21]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-75.xml [2015-04-21]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-76.xml [2015-04-21]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-77.xml [2015-04-21]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-78.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-79.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-8.xml [2015-02-17]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-80.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-81.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-82.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-83.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-84.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-85.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-86.xml [2015-04-24]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-87.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-88.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-89.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-9.xml [2015-02-17]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-90.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-91.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-92.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-93.xml [2015-05-13]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-94.xml [2015-05-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-95.xml [2015-05-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-96.xml [2015-05-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-97.xml [2015-05-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-98.xml [2015-05-26]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1-99.xml [2015-05-29]
      FF SearchPlugin: C:\Users\krasi\AppData\Roaming\Mozilla\Firefox\Profiles\8979hrxg.default\searchplugins\doctype-html-public--w3cdtd-xhtml-1.xml [2015-02-15]
      FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
      FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
      FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-03-21] (Adobe Systems)
      FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 -> C:\Program Files (x86)\TradeManager\nptrademanager.dll [2017-09-21] ( )
      FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\TradeManager\npwangwang.dll [2017-09-21] ( )
      FF Plugin-x32: @alipay.com/npaliedit -> C:\Program Files (x86)\alipay\aliedit\4.0.0.101\npaliedit.dll [2015-03-24] (Alipay.com co.,ltd)
      FF Plugin-x32: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\4.0.0.101\npAliSecCtrl.dll [2015-03-24] (Alipay.com Inc. )
      FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
      FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
      FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-10-28] (DivX, LLC)
      FF Plugin-x32: @inhatch.com,version=0.7.5 -> C:\Program Files (x86)\InhatchTeam\Inhatch\npinhatch.dll [2010-12-04] (Inhatch)
      FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-20] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-20] (Oracle Corporation)
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
      FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-09-20] (RocketLife, LLP)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
      FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-03-21] (Adobe Systems)
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll [2014-10-08] (Alibaba software (Shanghai) Corporation.)
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @alipay.com/npalicert -> C:\Users\krasi\AppData\Roaming\alipay\cf\npalicdo.dll [2014-10-21] (alipay.com)
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\krasi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
      FF Plugin HKU\S-1-5-21-237019498-3253715406-2815218077-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\krasi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-01] (Unity Technologies ApS)
      Chrome: 
      =======
      CHR Profile: C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default [2017-12-13]
      CHR Extension: (Google Диск) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-10]
      CHR Extension: (Adobe Acrobat) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-12-10]
      CHR Extension: (Google Документи офлайн) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-10]
      CHR Extension: (Skype) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-10]
      CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-12-10]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-10]
      CHR Extension: (Chrome Media Router) - C:\Users\krasi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-10]
      CHR Profile: C:\Users\krasi\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-17]
      CHR HKU\S-1-5-21-237019498-3253715406-2815218077-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\krasi\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-07-29]
      CHR HKU\S-1-5-21-237019498-3253715406-2815218077-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\serach.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gnfaiijpfcmdehcgcnnippmnhjjnbllp] - C:\Program Files (x86)\Blingee Plus\blingee_plus_nt.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
      Opera: 
      =======
      StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-07-29] (Adobe Systems) [File not signed]
      R2 AliSafeEngine Service; C:\Program Files (x86)\AliSafeEngine\5.0.2\AliSafeEngine.exe [594080 2016-05-10] (阿里巴巴(中国)有限公司)
      R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
      R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2770312 2017-09-05] (ESET)
      S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-08-07] (Macrovision Europe Ltd.) [File not signed]
      R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [850128 2015-10-12] ()
      S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
      R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
      R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2013-12-15] ()
      R2 TBSecSvc; C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe [227296 2017-02-05] (Alibaba (China) Co., LTD. All rights reserved.)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
      R2 wwbizsrv; C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe [2904176 2016-07-14] (Alibaba Group)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-27] (Disc Soft Ltd)
      R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2017-09-05] (ESET)
      R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2017-09-05] (ESET)
      R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [181384 2017-09-05] (ESET)
      S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
      R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
      S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
      R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-03-01] (Anchorfree Inc.)
      S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-13 18:14 - 2017-12-13 18:19 - 000071574 _____ C:\Users\krasi\Downloads\Addition.txt
      2017-12-13 18:11 - 2017-12-13 18:20 - 000050702 _____ C:\Users\krasi\Downloads\FRST.txt
      2017-12-13 18:10 - 2017-12-13 18:19 - 000000000 ____D C:\FRST
      2017-12-13 18:09 - 2017-12-13 18:10 - 002392064 _____ (Farbar) C:\Users\krasi\Downloads\FRST64.exe
      2017-12-12 20:58 - 2017-11-17 06:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2017-12-12 20:58 - 2017-11-15 03:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2017-12-12 20:58 - 2017-11-15 02:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
      2017-12-12 20:58 - 2017-11-14 05:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2017-12-12 20:58 - 2017-11-14 05:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2017-12-12 20:58 - 2017-11-14 05:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2017-12-12 20:58 - 2017-11-14 05:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2017-12-12 20:58 - 2017-11-14 05:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2017-12-12 20:58 - 2017-11-14 05:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2017-12-12 20:58 - 2017-11-14 05:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2017-12-12 20:58 - 2017-11-14 05:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2017-12-12 20:58 - 2017-11-14 05:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2017-12-12 20:58 - 2017-11-14 05:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2017-12-12 20:58 - 2017-11-14 05:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2017-12-12 20:58 - 2017-11-14 05:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2017-12-12 20:58 - 2017-11-14 05:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2017-12-12 20:58 - 2017-11-14 05:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2017-12-12 20:58 - 2017-11-14 05:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2017-12-12 20:58 - 2017-11-14 05:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2017-12-12 20:58 - 2017-11-14 05:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2017-12-12 20:58 - 2017-11-14 05:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2017-12-12 20:58 - 2017-11-14 05:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2017-12-12 20:58 - 2017-11-14 05:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2017-12-12 20:58 - 2017-11-14 05:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2017-12-12 20:58 - 2017-11-14 05:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2017-12-12 20:58 - 2017-11-14 05:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2017-12-12 20:58 - 2017-11-14 05:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2017-12-12 20:58 - 2017-11-14 05:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2017-12-12 20:58 - 2017-11-14 04:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2017-12-12 20:58 - 2017-11-14 04:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2017-12-12 20:58 - 2017-11-14 04:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2017-12-12 20:58 - 2017-11-14 04:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2017-12-12 20:58 - 2017-11-14 04:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2017-12-12 20:58 - 2017-11-14 04:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2017-12-12 20:58 - 2017-11-14 04:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2017-12-12 20:58 - 2017-11-14 04:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2017-12-12 20:58 - 2017-11-14 04:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2017-12-12 20:58 - 2017-11-14 04:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2017-12-12 20:58 - 2017-11-14 03:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
      2017-12-12 20:58 - 2017-11-14 03:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
      2017-12-12 20:58 - 2017-11-14 03:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
      2017-12-12 20:58 - 2017-11-14 03:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
      2017-12-12 20:58 - 2017-11-14 03:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
      2017-12-12 20:58 - 2017-11-14 02:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
      2017-12-12 20:58 - 2017-11-14 02:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
      2017-12-12 20:58 - 2017-11-07 22:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
      2017-12-12 20:58 - 2017-11-07 22:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
      2017-12-12 20:58 - 2017-11-07 22:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
      2017-12-12 20:58 - 2017-11-07 22:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
      2017-12-12 20:58 - 2017-11-07 22:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
      2017-12-12 20:58 - 2017-11-07 22:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
      2017-12-12 20:58 - 2017-11-07 22:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
      2017-12-12 20:58 - 2017-11-07 22:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
      2017-12-12 20:58 - 2017-11-07 22:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
      2017-12-12 20:58 - 2017-11-07 22:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
      2017-12-12 20:58 - 2017-11-07 22:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
      2017-12-12 20:58 - 2017-11-07 22:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
      2017-12-12 20:58 - 2017-11-07 22:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
      2017-12-12 20:58 - 2017-11-07 22:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
      2017-12-12 20:58 - 2017-11-07 22:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
      2017-12-12 20:58 - 2017-11-07 22:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
      2017-12-12 20:58 - 2017-11-07 22:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
      2017-12-12 20:58 - 2017-11-07 22:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
      2017-12-12 20:58 - 2017-11-07 22:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
      2017-12-12 20:58 - 2017-11-07 22:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
      2017-12-12 20:58 - 2017-11-07 22:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
      2017-12-12 20:58 - 2017-11-07 22:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
      2017-12-12 20:58 - 2017-11-07 22:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
      2017-12-12 20:58 - 2017-11-07 21:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
      2017-12-12 20:58 - 2017-11-07 18:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
      2017-12-12 20:58 - 2017-11-07 18:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
      2017-12-12 20:58 - 2017-11-04 17:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
      2017-12-12 20:58 - 2017-11-04 17:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
      2017-12-12 20:58 - 2017-11-04 17:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
      2017-12-12 20:58 - 2017-11-04 17:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
      2017-12-12 20:58 - 2017-11-02 18:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
      2017-12-12 20:58 - 2017-11-02 18:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
      2017-12-12 20:58 - 2017-11-02 18:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
      2017-12-12 20:58 - 2017-11-02 18:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
      2017-12-12 20:58 - 2017-11-02 17:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
      2017-12-12 20:58 - 2017-11-02 17:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
      2017-12-12 20:58 - 2017-11-02 17:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
      2017-12-12 20:58 - 2017-11-02 16:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
      2017-12-12 20:58 - 2017-10-17 01:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
      2017-12-12 20:58 - 2017-10-17 00:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
      2017-12-12 20:58 - 2017-10-12 02:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
      2017-12-12 07:23 - 2017-12-12 07:23 - 002989952 _____ C:\Users\krasi\Downloads\ZHPCleaner (2).exe
      2017-12-12 06:50 - 2017-12-12 06:50 - 000605424 _____ (Reimage) C:\Users\krasi\Downloads\ReimageRepair (2).exe
      2017-12-12 06:15 - 2017-12-12 06:15 - 000605424 _____ (Reimage) C:\Users\krasi\Downloads\ReimageRepair (1).exe
      2017-12-11 16:29 - 2017-12-13 07:47 - 000000000 ____D C:\AdwCleaner
      2017-12-11 16:26 - 2017-12-11 16:29 - 008187336 _____ (Malwarebytes) C:\Users\krasi\Downloads\adwcleaner_7.0.5.0.exe
      2017-12-11 14:20 - 2017-12-11 14:21 - 002989952 _____ C:\Users\krasi\Downloads\ZHPCleaner (1).exe
      2017-12-10 16:31 - 2017-12-11 14:39 - 000002450 _____ C:\Users\krasi\Desktop\ZHPCleaner.txt
      2017-12-10 16:12 - 2017-12-13 06:25 - 000000830 _____ C:\Users\krasi\Desktop\ZHPCleaner.lnk
      2017-12-10 16:12 - 2017-12-13 06:25 - 000000000 ____D C:\Users\krasi\AppData\Roaming\ZHP
      2017-12-10 16:12 - 2017-12-10 16:12 - 000000000 ____D C:\Users\krasi\AppData\Local\ZHP
      2017-12-10 16:09 - 2017-12-10 16:11 - 002988416 _____ C:\Users\krasi\Downloads\ZHPCleaner.exe
      2017-12-09 10:41 - 2017-12-09 10:41 - 000262144 ____N C:\Windows\Minidump\120917-31761-01.dmp
      2017-12-06 15:41 - 2017-12-06 15:41 - 002694408 _____ C:\Users\krasi\Downloads\13-0392-5-Prog_ovoshtni (3).pdf
      2017-12-05 16:11 - 2017-12-05 16:11 - 000262144 ____N C:\Windows\Minidump\120517-27565-01.dmp
      2017-12-04 11:18 - 2017-12-04 11:18 - 000190568 _____ C:\Users\krasi\Downloads\ECCNET-complaint (1).pdf
      2017-12-03 16:25 - 2017-12-03 16:25 - 000262144 ____N C:\Windows\Minidump\120317-15553-01.dmp
      2017-12-03 11:45 - 2017-12-03 11:45 - 000262144 ____N C:\Windows\Minidump\120317-17206-01.dmp
      2017-12-03 09:19 - 2017-12-03 09:19 - 000190568 _____ C:\Users\krasi\Downloads\ECCNET-complaint.pdf
      2017-12-03 08:51 - 2017-12-03 08:51 - 002694408 _____ C:\Users\krasi\Downloads\13-0392-5-Prog_ovoshtni (2).pdf
      2017-12-03 07:45 - 2017-12-03 07:45 - 000262144 ____N C:\Windows\Minidump\120317-20482-01.dmp
      2017-11-26 16:42 - 2017-11-26 16:42 - 000262144 ____N C:\Windows\Minidump\112617-157389-01.dmp
      2017-11-25 17:37 - 2017-12-12 20:36 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-11-25 17:36 - 2017-12-12 20:36 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-11-25 17:36 - 2017-12-12 20:36 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-11-20 06:22 - 2017-11-20 06:24 - 141015434 _____ C:\Users\krasi\Downloads\AdbeRdr11000_mui_Std (1).zip
      2017-11-20 06:22 - 2017-11-20 06:23 - 040116224 _____ C:\Users\krasi\Downloads\AdbeRdrUpd11021_MUI.msp
      2017-11-18 10:51 - 2017-11-18 10:53 - 141015434 _____ C:\Users\krasi\Downloads\AdbeRdr11000_mui_Std.zip
      2017-11-18 07:16 - 2017-11-18 07:16 - 020771800 _____ (Adobe Systems Incorporated) C:\Users\krasi\Downloads\install_flash_player (1).exe
      2017-11-18 07:16 - 2017-11-18 07:16 - 020250592 _____ (Adobe Systems Incorporated) C:\Users\krasi\Downloads\install_flash_player_ax.exe
      2017-11-18 07:15 - 2017-11-18 07:16 - 020732888 _____ (Adobe Systems Incorporated) C:\Users\krasi\Downloads\install_flash_player_ppapi.exe
      2017-11-17 08:25 - 2017-11-17 08:26 - 010849904 _____ (Piriform Ltd) C:\Users\krasi\Downloads\ccsetup537.exe
      2017-11-17 08:22 - 2017-11-17 08:23 - 048123704 _____ (TuneUp Software) C:\Users\krasi\Downloads\TuneUpUtilities2014_en-US.exe
      2017-11-16 08:01 - 2017-11-16 08:01 - 001205232 _____ (Adobe Systems Incorporated) C:\Users\krasi\Downloads\flashplayer27pp_id_install.exe
      2017-11-16 07:45 - 2017-11-16 07:45 - 020771840 _____ (Adobe Systems Incorporated) C:\Users\krasi\Downloads\install_flash_player.exe
      2017-11-16 07:34 - 2017-11-16 07:35 - 000311248 _____ (Mozilla) C:\Users\krasi\Downloads\Firefox Installer(1).exe
      2017-11-15 19:32 - 2017-11-15 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
      2017-11-15 19:32 - 2017-11-15 19:32 - 000000000 ____D C:\ProgramData\McAfee Security Scan
      2017-11-15 19:32 - 2017-11-15 19:32 - 000000000 ____D C:\Program Files\McAfee Security Scan
      2017-11-15 19:01 - 2017-11-15 19:32 - 000001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
      2017-11-15 19:01 - 2017-11-15 19:32 - 000000000 ____D C:\Program Files (x86)\McAfee Security Scan
      2017-11-15 13:22 - 2017-11-15 13:22 - 000000000 ____D C:\Users\krasi\AppData\Local\ElevatedDiagnostics
      2017-11-15 09:01 - 2017-11-15 09:01 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Opera Software
      2017-11-15 09:01 - 2017-11-15 09:01 - 000000000 ____D C:\Users\krasi\AppData\Local\Opera Software
      2017-11-15 08:59 - 2017-11-19 12:49 - 000000000 ____D C:\Program Files\Opera
      2017-11-15 08:58 - 2017-11-15 08:59 - 001258640 _____ (Opera Software) C:\Users\krasi\Downloads\OperaSetup.exe
      2017-11-15 02:16 - 2017-10-18 04:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
      2017-11-15 02:16 - 2017-10-18 04:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
      2017-11-15 02:16 - 2017-10-17 01:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
      2017-11-15 02:16 - 2017-10-16 23:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
      2017-11-15 02:16 - 2017-10-12 02:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
      2017-11-15 02:16 - 2017-10-12 02:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
      2017-11-15 02:16 - 2017-10-12 02:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
      2017-11-15 02:16 - 2017-10-12 02:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
      2017-11-15 02:16 - 2017-10-12 02:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
      2017-11-15 02:16 - 2017-10-12 02:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
      2017-11-15 02:16 - 2017-10-12 02:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
      2017-11-15 02:16 - 2017-10-12 02:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
      2017-11-15 02:16 - 2017-10-12 02:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
      2017-11-15 02:16 - 2017-10-12 02:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
      2017-11-15 02:16 - 2017-10-12 02:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
      2017-11-15 02:16 - 2017-10-12 02:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
      2017-11-15 02:16 - 2017-10-12 02:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
      2017-11-15 02:16 - 2017-10-12 02:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
      2017-11-15 02:16 - 2017-10-12 02:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
      2017-11-15 02:16 - 2017-10-12 02:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
      2017-11-15 02:16 - 2017-10-12 02:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
      2017-11-15 02:16 - 2017-10-12 02:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
      2017-11-15 02:16 - 2017-10-12 02:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
      2017-11-15 02:16 - 2017-10-12 02:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
      2017-11-15 02:16 - 2017-09-07 15:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
      2017-11-15 02:13 - 2017-10-18 04:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
      2017-11-15 02:13 - 2017-10-18 04:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
      2017-11-15 02:13 - 2017-10-16 00:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
      2017-11-15 02:13 - 2017-10-04 15:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
      2017-11-15 02:13 - 2017-10-04 15:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
      2017-11-13 15:49 - 2017-11-13 15:49 - 025614068 _____ C:\Users\krasi\Downloads\php-7.2.0RC6-Win32-VC15-x64.zip
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-13 18:19 - 2014-03-20 15:14 - 000000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-237019498-3253715406-2815218077-1001UA.job
      2017-12-13 18:18 - 2013-12-23 16:04 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Software Informer
      2017-12-13 18:08 - 2017-02-07 06:02 - 000000000 ____D C:\ProgramData\AliAntiVirusED
      2017-12-13 18:08 - 2017-02-05 17:01 - 000000000 ____D C:\Users\krasi\AppData\Roaming\TaobaoProtect
      2017-12-13 18:01 - 2015-08-28 17:56 - 000000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e1aaf219f40.job
      2017-12-13 18:01 - 2015-07-16 00:56 - 000000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf516b0a7118.job
      2017-12-13 18:00 - 2015-05-17 02:50 - 000000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0903b82a18cc0.job
      2017-12-13 17:55 - 2013-01-18 09:54 - 000000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
      2017-12-13 17:55 - 2013-01-05 12:16 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Skype
      2017-12-13 17:52 - 2013-12-23 12:25 - 000000338 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
      2017-12-13 17:43 - 2014-03-16 16:21 - 000000398 _____ C:\Windows\Tasks\WpsUpdateTask_krasi.job
      2017-12-13 16:02 - 2009-07-14 06:45 - 000025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-12-13 16:02 - 2009-07-14 06:45 - 000025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-12-13 15:19 - 2014-03-20 15:14 - 000000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-237019498-3253715406-2815218077-1001Core.job
      2017-12-13 15:01 - 2015-08-28 17:56 - 000000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e1aae22cce0.job
      2017-12-13 11:11 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
      2017-12-13 07:55 - 2015-11-29 13:07 - 000000000 ___RD C:\Users\krasi\Google Drive
      2017-12-13 07:54 - 2017-02-05 16:36 - 000000000 ____D C:\Program Files (x86)\TradeManager
      2017-12-13 07:53 - 2017-02-05 17:00 - 000000000 ____D C:\ProgramData\boost_interprocess
      2017-12-13 07:50 - 2015-07-16 00:55 - 000000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf516a17d3b8.job
      2017-12-13 07:50 - 2015-05-17 02:50 - 000000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0903b81e14a00.job
      2017-12-13 07:50 - 2013-01-18 09:54 - 000000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
      2017-12-13 07:49 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-12-13 07:36 - 2015-03-06 07:46 - 000000058 _____ C:\Users\krasi\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
      2017-12-13 03:42 - 2009-07-14 06:45 - 005445240 _____ C:\Windows\system32\FNTCACHE.DAT
      2017-12-13 03:35 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
      2017-12-13 03:35 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\Setup
      2017-12-13 03:14 - 2013-08-03 02:00 - 000000000 ____D C:\Windows\system32\MRT
      2017-12-13 03:06 - 2017-10-12 02:17 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
      2017-12-13 03:06 - 2013-01-03 13:48 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2017-12-12 20:36 - 2013-01-03 13:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-12 20:36 - 2013-01-03 13:06 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-11 16:43 - 2013-01-03 10:40 - 000000000 ____D C:\Users\krasi
      2017-12-11 16:41 - 2013-09-22 12:58 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Yahoo!
      2017-12-10 23:54 - 2013-12-24 06:52 - 000000000 ____D C:\Users\krasi\AppData\Local\CrashDumps
      2017-12-09 15:38 - 2016-11-30 07:32 - 000000000 ____D C:\Users\krasi\AppData\LocalLow\Mozilla
      2017-12-09 10:43 - 2013-06-18 06:30 - 000000048 _____ C:\RB.rdat
      2017-12-09 10:43 - 2013-06-18 06:30 - 000000048 _____ C:\License_Time.rdat
      2017-12-09 10:41 - 2013-01-06 07:08 - 000000000 ____D C:\Windows\Minidump
      2017-12-08 00:03 - 2017-11-03 11:04 - 000002000 _____ C:\Users\Public\Desktop\Google Sheets.lnk
      2017-12-08 00:03 - 2017-09-14 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
      2017-12-08 00:03 - 2015-11-29 13:04 - 000002002 _____ C:\Users\Public\Desktop\Google Slides.lnk
      2017-12-08 00:03 - 2015-11-29 13:04 - 000001990 _____ C:\Users\Public\Desktop\Google Docs.lnk
      2017-12-04 10:31 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\PolicyDefinitions
      2017-12-04 09:34 - 2014-05-17 08:26 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
      2017-12-03 12:43 - 2009-07-14 07:13 - 000784210 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-12-03 12:43 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2017-12-01 09:40 - 2017-02-05 17:00 - 000000000 ____D C:\Users\krasi\AppData\Local\aef
      2017-11-30 19:01 - 2015-11-17 12:02 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2017-11-26 16:40 - 2016-12-20 07:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-11-26 16:40 - 2016-09-25 14:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-11-25 17:37 - 2013-03-27 09:34 - 000000000 ____D C:\Users\krasi\AppData\Local\Adobe
      2017-11-17 12:26 - 2015-11-29 05:55 - 000000000 ____D C:\Users\krasi\AppData\Roaming\PhotoScape
      2017-11-17 12:26 - 2014-01-09 09:29 - 000000000 ____D C:\Users\krasi\Tracing
      2017-11-17 12:26 - 2013-09-27 10:29 - 000000000 ____D C:\Users\krasi\AppData\Roaming\DAEMON Tools Lite
      2017-11-17 12:26 - 2013-09-22 17:19 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Media Player Classic
      2017-11-17 10:39 - 2013-01-03 20:33 - 000000000 ____D C:\Windows\Panther
      2017-11-17 08:23 - 2015-04-21 13:28 - 000000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
      2017-11-16 07:36 - 2016-09-25 14:24 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-11-16 07:36 - 2016-09-25 14:24 - 000000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
      2017-11-16 07:15 - 2013-01-03 10:47 - 000000000 ____D C:\Users\krasi\AppData\Roaming\Mozilla
      2017-11-16 04:08 - 2013-01-18 09:54 - 000002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-11-16 04:08 - 2013-01-18 09:54 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-11-15 19:00 - 2013-01-03 13:06 - 000000000 ____D C:\ProgramData\McAfee
      2017-11-15 17:42 - 2014-05-28 17:53 - 000000000 ____D C:\Users\krasi\AppData\Roaming\uTorrent
      2017-11-15 13:31 - 2013-01-05 12:15 - 000000000 ____D C:\ProgramData\Skype
      2017-11-15 13:22 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
      2017-11-15 10:55 - 2014-12-27 14:50 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
      2017-11-15 07:09 - 2016-04-20 16:11 - 000000000 ____D C:\Users\krasi\Documents\Файлове на Outlook
      2017-11-15 03:32 - 2014-12-11 03:28 - 000000000 ____D C:\Windows\system32\appraiser
      2017-11-15 03:09 - 2013-12-23 16:24 - 000768076 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
      2017-11-14 17:01 - 2015-09-17 13:56 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0f13fdda07310
      2017-11-14 17:01 - 2015-09-17 13:56 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0f13fdca9de10
      ==================== Files in the root of some directories =======
      2009-05-10 17:40 - 2000-06-09 01:00 - 000995383 _____ (Microsoft Corporation) C:\Users\krasi\Mfc42.dll
      2009-05-10 17:40 - 2001-05-04 20:05 - 000290869 _____ (Microsoft Corporation) C:\Users\krasi\MSVCRT.DLL
      2009-05-10 17:40 - 1999-12-07 20:00 - 000253952 _____ (Microsoft Corporation) C:\Users\krasi\MSVCRT20.DLL
      2009-05-10 17:40 - 2001-05-04 20:05 - 000431376 _____ (Microsoft Corporation) C:\Users\krasi\RICHED20.DLL
      2009-05-10 17:40 - 1999-12-07 20:00 - 000003856 _____ (Microsoft Corporation) C:\Users\krasi\RICHED32.DLL
      2009-05-10 17:40 - 2005-04-03 17:16 - 000126976 _____ () C:\Users\krasi\Setup.exe
      2013-09-17 15:15 - 2014-06-22 23:58 - 000003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
      2013-09-17 15:28 - 2017-08-13 15:16 - 000000387 _____ () C:\Users\krasi\AppData\Roaming\burnaware.ini
      2015-01-25 18:12 - 2015-01-25 18:12 - 000001248 _____ () C:\Users\krasi\AppData\Roaming\PKEISIJ
      2015-01-25 18:12 - 2015-01-25 18:12 - 000002086 _____ () C:\Users\krasi\AppData\Roaming\QBBYB
      2015-03-06 07:46 - 2017-12-13 07:36 - 000000058 _____ () C:\Users\krasi\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
      Some files in TEMP:
      ====================
      2017-10-26 10:07 - 2017-10-26 10:07 - 000488960 _____ () C:\Users\krasi\AppData\Local\Temp\sqlite3.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-09 00:46
      ==================== End of FRST.txt ============================
       
       
      Addition.txt
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.