Премини към съдържанието

Препоръчан отговор


Здравейте. Преди 4 дена ми изтече windows 8.1-цата и ми трябваше да я възобновя, изтеглих KMSpico ,обаче с него ми инсталира разни подобни на google chrome, firefox браузъри,за това го изтрих, след ,което почистих регистрито,ccleaner пуснах. Изтеглих KMSpico от замунда и всичко си беше Окей. Преди 2 дена обаче започнаха да ми излизат в мозилата разни адове,поп-ъпс на offersbycontent . Какво ли не опитвах,за да ги премахна,но безуспешно. Първо сканирах с аваст,махнах,каквото намери , След което trojan killer , също, сканирах с malwarebytes anti malware ,премахнах,каквото има, със spyhunter ,също. Почистих %temp% ,регистри , погледнах за приставки в мозилата  - няма . Връщах настройки, чистих ,преинсталирах, пак чистих с Ccleaner - безуспешно. В control panel няма програма ,поне не видно, която да е причината . Ако може да помогнете :)

П.П. забравих да допълня,че опитах и с adblocker , pop-up blocker и нямаше разлика

Редактирано от icotonev (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Постъпили сте изключително грешно...!Много хора се опитват да се справят сами....което е по- скоро нож с две остриета....вашия случай е такъв..използвали сте различен софтуер..и какво постигнахте..!?! То ако ставаше така лесно...!Като отидете на лекар, той какво прави....почва да ви изписва произволно лекарства и с което стане... или ви назначава необходимите изследвания и на тяхна база  взема решение за лечението ви..! Така ли е..? :)

 

Следвайте стъпките на темата:

 

Системата ми е инфектирана - Какво да правя сега?
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by bgmafio7a (administrator) on REDZERG on 30-06-2015 19:09:51
Running from C:\Users\bgmafio7a\Downloads
Loaded Profiles: bgmafio7a (Available Profiles: bgmafio7a)
Platform: Windows 8.1 Pro N (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() D:\EslWire\service\WireHelperSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\M-Tel NETAGENT\OnlineUpdate\ouc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) E:\Games\WoW Warmane Pandaria\World of Warcraft - Mists of Pandaria 5.4.2 (17688)\Wow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-23] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-15] (Raptr, Inc)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2015-02-10] (NCSOFT Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
HKU\S-1-5-21-3736983327-3528880480-2084376208-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28787840 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3736983327-3528880480-2084376208-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3736983327-3528880480-2084376208-1001\...\Run: [OscarEditor] => C:\Program Files (x86)\X7 Oscar Keyboard Editor\\OscarEditor.exe [3543040 2010-12-18] ()
HKU\S-1-5-21-3736983327-3528880480-2084376208-1001\...\Run: [OscarKeyboard] => C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe [3543040 2010-12-18] ()
HKU\S-1-5-21-3736983327-3528880480-2084376208-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-3736983327-3528880480-2084376208-1001\...\MountPoints2: {2dd22da7-d520-11e4-9c58-002215ef373a} - "H:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-3736983327-3528880480-2084376208-1001\...\MountPoints2: {2dd22e5b-d520-11e4-9c58-002215ef373a} - "H:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-3736983327-3528880480-2084376208-1001\...\MountPoints2: {67b8bdde-8d50-11e4-9bf6-806e6f6e6963} - "F:\BlueBirds.exe" 
HKU\S-1-5-21-3736983327-3528880480-2084376208-1001\...\MountPoints2: {e4cf09a0-b808-11e4-9c33-002215ef373a} - "H:\Startme.exe" 
HKU\S-1-5-21-3736983327-3528880480-2084376208-1001\...\MountPoints2: {e52eb0d9-d136-11e4-9c55-0022431f5a55} - "H:\AutoRun.exe" 
HKU\S-1-5-21-3736983327-3528880480-2084376208-1001\...\MountPoints2: {e52eb127-d136-11e4-9c55-0022431f5a55} - "H:\AutoRun.exe" 
HKU\S-1-5-21-3736983327-3528880480-2084376208-1001\...\MountPoints2: {ef6f4e7f-db91-11e4-9c5e-0022431f5a55} - "H:\Startme.exe" 
AppInit_DLLs-x32: => "" File not found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-23] (Avast Software s.r.o.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
HKU\S-1-5-21-3736983327-3528880480-2084376208-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
HKU\S-1-5-21-3736983327-3528880480-2084376208-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-23] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-23] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4324A468-6F5F-477A-940D-0A7D873801E2}: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\bgmafio7a\AppData\Roaming\Mozilla\Firefox\Profiles\y9umdq66.default-1435623429873
FF Homepage: google.bg
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-23] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-23] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\bgmafio7a\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-3736983327-3528880480-2084376208-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\bgmafio7a\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2015-05-26]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2015-05-26]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\bgmafio7a\AppData\Roaming\Mozilla\Firefox\Profiles\y9umdq66.default-1435623429873\Extensions\adblockpopups@jessehakanen.net.xpi [2015-06-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-26]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\prefs.js [2015-06-29]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\bgmafio7a\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\bgmafio7a\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-30]
CHR Extension: (Google Docs) - C:\Users\bgmafio7a\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-30]
CHR Extension: (Google Drive) - C:\Users\bgmafio7a\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-30]
CHR Extension: (YouTube) - C:\Users\bgmafio7a\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-30]
CHR Extension: (Google Search) - C:\Users\bgmafio7a\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
CHR Extension: (Google Sheets) - C:\Users\bgmafio7a\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-30]
CHR Extension: (Avast Online Security) - C:\Users\bgmafio7a\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\bgmafio7a\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\bgmafio7a\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-03]
CHR Extension: (Gmail) - C:\Users\bgmafio7a\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-23] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-23] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-03-06] (EasyAntiCheat Ltd)
R2 EslWireHelper; D:\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] ()
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1580448 2015-01-08] (Echobit LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-23] (NVIDIA Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 M-Tel NETAGENT. RunOuc; C:\Program Files (x86)\M-Tel NETAGENT\UpdateDog\ouc.exe [655712 2015-03-24] ()
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)
S3 Origin Client Service; E:\Games\Origin\OriginClientService.exe [1931632 2015-04-12] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-04-13] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-04-12] ()
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S3 Survarium-Steam Update Service; E:\Steam\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe [97912 2015-05-08] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [792016 2015-02-09] (Tunngle.net GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-23] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-12-26] (Disc Soft Ltd)
R3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [96544 2015-05-05] (<Turtle Entertainment>)
R3 EvolveVirtualAdapter; C:\Windows\system32\DRIVERS\evolve.sys [21656 2015-01-08] (Echobit, LLC)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2015-03-24] (Huawei Technologies Co., Ltd.)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [218624 2015-03-24] (Huawei Technologies Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R0 mv61xx; C:\Windows\System32\drivers\mv61xx.sys [181040 2011-02-09] (Marvell Semiconductor, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
U0 rfcklef; C:\Windows\System32\drivers\moxer.sys [79064 2015-06-30] (Malwarebytes Corporation)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2013-11-13] (Windows ® Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-23] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295216 2013-06-18] (Marvell)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
U4 nxfs; No ImagePath
U4 nxpcap; No ImagePath
U4 nxsshd; No ImagePath
U4 nxusbd; No ImagePath
U4 nxusbh; No ImagePath
U4 nxusbs; No ImagePath
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-30 19:09 - 2015-06-30 19:09 - 00019509 _____ C:\Users\bgmafio7a\Downloads\FRST.txt
2015-06-30 19:08 - 2015-06-30 19:09 - 00000000 ____D C:\FRST
2015-06-30 19:08 - 2015-06-30 19:08 - 02112512 _____ (Farbar) C:\Users\bgmafio7a\Downloads\FRST64.exe
2015-06-30 17:13 - 2015-06-30 17:13 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\moxer.sys
2015-06-30 16:47 - 2015-06-30 16:47 - 00027989 _____ C:\Users\bgmafio7a\Downloads\Addition.txt
2015-06-30 16:09 - 2015-06-30 16:09 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-30 16:09 - 2015-06-30 16:09 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-30 16:09 - 2015-06-30 16:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-30 16:06 - 2015-06-30 16:06 - 00243656 _____ C:\Users\bgmafio7a\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-30 15:47 - 2015-06-30 16:08 - 00000878 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-30 15:47 - 2015-06-30 15:48 - 00000000 ____D C:\Program Files\CCleaner
2015-06-30 15:47 - 2015-06-30 15:47 - 00002796 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-06-30 15:47 - 2015-06-30 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-30 12:36 - 2015-06-30 12:36 - 00003352 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-06-30 12:36 - 2015-06-30 12:36 - 00002312 _____ C:\Users\bgmafio7a\Desktop\SpyHunter.lnk
2015-06-30 12:36 - 2015-06-30 12:36 - 00000000 ____D C:\Users\bgmafio7a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-06-30 12:36 - 2015-06-30 12:36 - 00000000 ____D C:\sh4ldr
2015-06-30 12:35 - 2015-06-30 12:36 - 00000000 ____D C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2015-06-30 12:22 - 2015-06-30 12:22 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\bgmafio7a\Downloads\SpyHunter-Installer.exe
2015-06-30 03:26 - 2015-06-30 03:26 - 00000000 ____D C:\Windows\system32\log
2015-06-30 03:17 - 2015-06-30 03:17 - 00000000 ____D C:\Users\bgmafio7a\Desktop\Стари данни Firefox
2015-06-29 22:38 - 2015-06-29 22:38 - 00003756 _____ C:\Windows\System32\Tasks\AutoKMS
2015-06-27 13:28 - 2015-06-27 23:46 - 00000364 _____ C:\Users\bgmafio7a\Desktop\toes 10.txt
2015-06-25 12:35 - 2015-06-30 11:56 - 00000000 ____D C:\Program Files\KMSpico
2015-06-25 12:35 - 2015-06-25 12:35 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2015-06-25 12:35 - 2015-06-25 12:35 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2015-06-25 12:34 - 2015-06-25 12:34 - 00000000 _____ C:\Users\bgmafio7a\Desktop\KMS.txt
2015-06-25 12:30 - 2015-06-25 12:31 - 00004840 _____ C:\Windows\SysWOW64\Cubwulpevf.ini
2015-06-25 12:26 - 2015-06-25 12:28 - 00000000 ____D C:\Users\bgmafio7a\AppData\Roaming\Opera Software
2015-06-25 12:26 - 2015-06-25 12:28 - 00000000 ____D C:\Users\bgmafio7a\AppData\Local\Opera Software
2015-06-25 12:25 - 2015-06-25 12:28 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-25 12:24 - 2015-06-25 12:24 - 00000000 ____D C:\Users\bgmafio7a\AppData\Local\CrashRpt
2015-06-25 12:23 - 2015-06-29 23:14 - 00000000 ____D C:\Program Files (x86)\Windows 8 n 8.1 Activator
2015-06-25 12:23 - 2015-06-25 12:25 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-18 02:06 - 2015-06-18 02:06 - 00001148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player FREE.lnk
2015-06-18 02:06 - 2015-06-18 02:06 - 00001142 _____ C:\Users\Public\Desktop\BS.Player FREE.lnk
2015-06-18 02:06 - 2015-06-18 02:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
2015-06-18 02:05 - 2015-06-25 18:09 - 00000000 ____D C:\Users\bgmafio7a\AppData\Roaming\BSplayer
2015-06-18 02:05 - 2015-06-18 02:05 - 00000000 ____D C:\Users\bgmafio7a\AppData\Roaming\BSplayer Pro
2015-06-18 02:05 - 2015-06-18 02:05 - 00000000 ____D C:\Program Files (x86)\Webteh
2015-06-18 02:04 - 2015-06-30 03:48 - 00000000 ____D C:\Users\bgmafio7a\AppData\Roaming\MPC-HC
2015-06-16 14:34 - 2015-06-16 14:34 - 00000072 _____ C:\Users\bgmafio7a\Desktop\dudu.txt
2015-06-14 12:13 - 2015-06-14 12:13 - 00000552 _____ C:\Users\bgmafio7a\Desktop\RaidCall.lnk
2015-06-14 12:13 - 2015-06-14 12:13 - 00000552 _____ C:\Users\bgmafio7a\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2015-06-14 12:13 - 2015-06-14 12:13 - 00000000 ____D C:\Users\bgmafio7a\AppData\Roaming\raidcall
2015-06-14 12:13 - 2015-06-14 12:13 - 00000000 ____D C:\Users\bgmafio7a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2015-06-14 12:13 - 2015-06-14 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2015-06-10 12:07 - 2015-05-27 17:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 12:07 - 2015-05-27 17:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 12:07 - 2015-05-25 16:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 12:07 - 2015-05-25 16:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 12:07 - 2015-05-23 06:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 12:07 - 2015-05-23 06:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 12:07 - 2015-05-23 06:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 12:07 - 2015-05-23 06:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 12:07 - 2015-05-23 06:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 12:07 - 2015-05-23 05:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 12:07 - 2015-05-23 05:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 12:07 - 2015-05-23 05:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 12:07 - 2015-05-23 05:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-10 12:07 - 2015-05-23 05:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-10 12:07 - 2015-05-23 05:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 12:07 - 2015-05-23 05:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 12:07 - 2015-05-23 05:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 12:07 - 2015-05-23 05:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 12:07 - 2015-05-23 05:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-10 12:07 - 2015-05-23 05:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 12:07 - 2015-05-23 05:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 12:07 - 2015-05-23 05:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 12:07 - 2015-05-22 22:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 12:07 - 2015-05-22 22:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 12:07 - 2015-05-22 22:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 12:07 - 2015-05-22 21:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 12:07 - 2015-05-22 21:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 12:07 - 2015-05-22 21:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 12:07 - 2015-05-22 21:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 12:07 - 2015-05-22 21:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 12:07 - 2015-05-22 21:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-10 12:07 - 2015-05-22 21:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 12:07 - 2015-05-22 21:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-10 12:07 - 2015-05-22 21:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-10 12:07 - 2015-05-22 21:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 12:07 - 2015-05-22 21:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 12:07 - 2015-05-22 21:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 12:07 - 2015-05-22 20:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 12:07 - 2015-05-22 20:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 12:07 - 2015-05-22 20:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-10 12:07 - 2015-05-22 20:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 12:07 - 2015-05-22 20:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 12:07 - 2015-05-22 16:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 12:07 - 2015-05-21 19:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 12:07 - 2015-05-21 16:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 12:07 - 2015-05-21 16:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 12:07 - 2015-05-21 16:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 12:07 - 2015-05-21 16:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 12:07 - 2015-05-21 16:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 12:07 - 2015-05-21 16:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 12:07 - 2015-04-25 05:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 12:07 - 2015-04-25 05:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 12:07 - 2015-04-17 01:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 12:07 - 2015-04-16 09:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-10 12:07 - 2015-04-14 01:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-10 12:07 - 2015-04-14 01:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-10 12:07 - 2015-04-10 03:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-10 12:07 - 2015-04-10 03:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-10 12:07 - 2015-04-09 01:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-10 12:07 - 2015-04-09 01:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-10 12:07 - 2015-04-02 01:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-10 12:07 - 2015-04-02 01:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-10 12:07 - 2015-04-01 07:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-10 12:07 - 2015-04-01 07:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-10 12:07 - 2015-04-01 07:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-10 12:07 - 2015-04-01 07:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-10 12:07 - 2015-04-01 06:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-10 12:07 - 2015-04-01 06:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-10 12:07 - 2015-04-01 06:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-10 12:07 - 2015-04-01 05:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-10 12:07 - 2015-04-01 05:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-10 12:07 - 2015-04-01 05:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-10 12:07 - 2015-04-01 05:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-10 12:07 - 2015-04-01 05:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-10 12:07 - 2015-04-01 05:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-10 12:07 - 2015-03-20 06:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-10 12:07 - 2015-03-20 06:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-10 12:07 - 2015-03-20 05:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-10 12:07 - 2015-03-20 05:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-10 12:07 - 2015-03-02 04:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-10 12:07 - 2015-03-02 04:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-04 22:26 - 2015-06-04 22:26 - 00001241 _____ C:\Users\bgmafio7a\Desktop\Viy new One English Multiplayer 2.exe - Shortcut.lnk
2015-06-04 22:26 - 2015-06-04 22:26 - 00000000 ____D C:\Users\bgmafio7a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Survivors Viy
2015-06-01 12:14 - 2015-06-01 12:14 - 00000000 ____D C:\Users\bgmafio7a\AppData\Local\GWX
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-30 19:03 - 2014-12-26 16:08 - 00000000 ____D C:\Users\bgmafio7a\AppData\Roaming\Skype
2015-06-30 19:00 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-30 18:51 - 2014-12-26 18:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-30 18:20 - 2014-12-26 16:04 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-30 17:39 - 2014-12-26 16:06 - 00000000 ____D C:\Users\bgmafio7a\AppData\Roaming\uTorrent
2015-06-30 17:13 - 2014-03-18 12:47 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2015-06-30 16:57 - 2014-12-26 15:54 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3736983327-3528880480-2084376208-1001
2015-06-30 16:51 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-30 16:46 - 2015-03-07 03:44 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-30 16:44 - 2015-01-08 13:26 - 01085952 ___SH C:\Users\bgmafio7a\Desktop\Thumbs.db
2015-06-30 16:42 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-06-30 16:09 - 2014-12-26 18:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-30 15:50 - 2015-01-14 20:54 - 00000000 ____D C:\Users\bgmafio7a\AppData\Roaming\TS3Client
2015-06-30 15:50 - 2015-01-12 18:08 - 00000000 ____D C:\Users\bgmafio7a\AppData\Roaming\TeamViewer
2015-06-30 15:50 - 2014-12-26 19:53 - 00000000 ____D C:\Users\bgmafio7a\AppData\Roaming\DAEMON Tools Lite
2015-06-30 15:49 - 2015-01-10 17:53 - 00000000 ____D C:\Windows\Minidump
2015-06-30 15:40 - 2014-12-26 16:29 - 00000000 ____D C:\Users\bgmafio7a\AppData\Local\qb189E3F.B3
2015-06-30 12:33 - 2014-12-26 16:04 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-30 12:32 - 2014-12-26 20:24 - 00000000 ____D C:\Users\bgmafio7a\AppData\Roaming\Raptr
2015-06-30 12:31 - 2014-12-26 16:17 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-30 12:31 - 2013-08-22 17:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-30 12:30 - 2014-12-26 15:49 - 00000000 ____D C:\Users\bgmafio7a
2015-06-30 11:58 - 2014-12-26 20:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-30 03:48 - 2014-12-27 01:41 - 00000000 ____D C:\Windows\Panther
2015-06-30 03:48 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Default
2015-06-30 03:08 - 2015-03-07 03:44 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-30 03:08 - 2015-03-07 03:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-30 03:08 - 2015-03-07 03:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-28 02:17 - 2013-08-22 16:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-26 17:15 - 2014-12-26 18:54 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-25 12:37 - 2015-01-13 00:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-25 12:34 - 2015-05-11 19:18 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-06-25 12:29 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-25 12:28 - 2015-01-08 23:46 - 00000000 __SHD C:\Users\bgmafio7a\AppData\Local\EmieBrowserModeList
2015-06-25 12:28 - 2014-12-26 16:04 - 00000000 __SHD C:\Users\bgmafio7a\AppData\Local\EmieUserList
2015-06-25 12:28 - 2014-12-26 16:04 - 00000000 __SHD C:\Users\bgmafio7a\AppData\Local\EmieSiteList
2015-06-25 12:28 - 2013-08-22 18:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-06-25 12:28 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-06-25 12:27 - 2013-08-22 16:25 - 00000194 _____ C:\Windows\win.ini
2015-06-25 02:36 - 2013-08-22 18:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-23 23:51 - 2014-12-26 18:38 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-22 22:26 - 2014-12-26 16:05 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-20 06:02 - 2015-04-17 10:21 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-20 06:02 - 2015-04-17 10:21 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-18 08:42 - 2015-03-07 03:43 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2015-03-07 03:43 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2015-03-07 03:43 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-17 10:22 - 2014-12-26 18:38 - 00000000 ____D C:\Users\bgmafio7a\AppData\Local\Adobe
2015-06-13 18:03 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\rescache
2015-06-11 11:11 - 2014-12-26 18:54 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-10 14:08 - 2015-04-17 01:43 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 14:08 - 2015-04-17 01:43 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 14:08 - 2013-08-22 18:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-10 14:08 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 12:14 - 2014-12-27 12:50 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 12:10 - 2014-12-27 12:50 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-31 13:10 - 2015-03-18 23:42 - 00000020 _____ C:\Users\bgmafio7a\Desktop\lyrics.txt
 
==================== Files in the root of some directories =======
 
2015-01-06 21:54 - 2015-01-06 21:54 - 10124389 _____ () C:\Users\bgmafio7a\AppData\Roaming\xulrunner.zip
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-30 10:55
 
==================== End of log ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

remove%20outdated.jpg Деинсталиране нa програми

  • Натиснете WindowsKey.png + R на клавиатурата си по едно и също време. Въведете appwiz.cpl и щракнете върху OK.

 

Private Folder Packages

SpyHunter

 

 

adwcleaner_new.png Сканиране с AdwCleaner
 
Моля, изтеглете и стартирайте програмата AdwCleaner (by Xplode):

  • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте Clean
  • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
  • Моля, да публикувате съдържанието на този лог в отговора си
  • Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

 

 

JRTbythisisu.png Сканиране с Junkware Removal Tool
 
Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

 

ATTENTION: System Restore is disabled

 

Това ваше творение ли е..?

 

 

xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg  Дневници
 
В следващия си отговор, моля да включите следните дневници:

 

  • AdwCleaner[s0].txt
  • JRT.txt
  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

1.в деинстал-а не намерих " Private Folder Packages"  
2. деинсталирах spyhunter
3. ето логовете:
AdwClear:

# AdwCleaner v4.207 - Logfile created 30/06/2015 at 23:42:57
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [server]
# Operating system : Windows 8.1 Pro N  (x64)
# Username : bgmafio7a - REDZERG
# Running from : C:\Users\bgmafio7a\Downloads\adwcleaner_4.207.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\6824241546072008962
Folder Deleted : C:\ProgramData\{0ec880f9-542e-87ae-0ec8-880f954203e5}
Folder Deleted : C:\Users\bgmafio7a\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\Program Files\Common Files\System\SysMenu.dll
File Deleted : C:\Program Files\Common Files\System\SysMenu64.dll
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\prefs.js
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Softonic
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v38.0.5 (x86 bg)
 
 
-\\ Google Chrome v43.0.2357.130
 
 
*************************
 
AdwCleaner[R0].txt - [1385 bytes] - [30/06/2015 23:36:49]
AdwCleaner[R1].txt - [1444 bytes] - [30/06/2015 23:41:43]
AdwCleaner[s0].txt - [1343 bytes] - [30/06/2015 23:42:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1402  bytes] ##########
JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.3 (06.30.2015:1)
OS: Windows 8.1 Pro N x64
Ran by bgmafio7a on Tue 06/30/2015 at 23:48:04.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\bgmafio7a\appdata\local\crashrpt
Successfully deleted: [Folder] C:\Windows\system32\tasks\update
 
 
 
~~~ Chrome
 
 
[C:\Users\bgmafio7a\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\bgmafio7a\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\bgmafio7a\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\bgmafio7a\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/30/2015 at 23:52:18.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
П.П. Мисля,че вече е премахнат или поне така ми се струва. Сега пуснах мозила-та , рових се ,нямаше поп-ъпс
П.П.2 "ATTENTION: System Restore is disabled

 

Това ваше творение ли е..?" - Не.

Редактирано от deqn_0000 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Контролни сканирания:

 

GUZVCQN.jpg Моля, изтеглете Malwarebytes Anti -Malware и го запомнете на вашия работен плот .

Кликнете два пъти върху mbam-setup - 2.1.4.1018.exe и следвайте инструкциите, за да инсталирате програмата . Убедете се че преди края на инсталацията има отметка тук:

  • Launch Malwarebytes Anti-Malware
  • 14-дневен пробен период е предварително избран. Можете да премахнете отметката ако желаете, при което няма да се ограничат възможностите за сканиране и премахване на зловреден софтуер с програмата.
  • Натиснете Finish
  • В края на инсталацията, ще се извърши актуализация на база данни.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и кликнете върху Scan Now и ще започне сканиране за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:

                                      "Could not load DDA driver"

  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Когато сканирането приключи, ако има някакви открити зарази , щракнете върху Remove Selected за да се позволи на Mbam да почисти засеченото. .
  • В повечето случаи, ще се поиска рестартиране
  • Изчакайте подканата за рестартиране на компютъра, за да се появи, след това кликнете върху Yes
  • След рестарта ,стартирайте Mbam още веднъж.
  • Кликнете на History tab > Application Logs .
  • Кликнете два пъти върху реда , който показва датата и часа на сканирането и натиснете бутона "Copy to Clipboard"
  • Поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

 

 

GzlsbnV.png.pagespeed.ce.SLxxSJVib_axmA6 Сканиране с ESET Online Scan
 
 
i_arrow-r.gif Изтеглете програмата: ESET Online Scanner

  • Стартирайте esetsmartinstaller_enu.exe 7c9e83b53227ef3d.jpg
  • Сложете отметка на YES, I accept the Terms of Use и изберете Start:

04ed1c15c0abe843.jpg

  • Скенерът ще започне да изтегля компонентите, които са му необходими:

3b734079c5ccd713.jpg

  • Уверете се, че Enable detection of potentially unwanted applications е избран.

Уверете се, че е премахната отметката от:

  • Remove found threats

Уверете се че са маркирани следните позиции:

  • Scan Archives

Кликнете върху Advanced Settings и маркирайте следните опции:

  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

Накрая изберете Start
 
2.JPG
 
Скенерът ще започне да изтегля последните дефиниции и ще започне сканиране на вашия компютър.
Моля, бъдете търпеливи, тъй като това може да отнеме известно време.

  • След, като сканирането завърши кликнете на List of found threats.
  • Щракнете върху Export, и запишете файла на вашия работен плот с  име  ESETScan. Копирайте съдържанието на този доклад, в следващия си отговор.
  • Изберете бутона Back.
  • Изберете бутона Finish.

 

xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg  Дневници
 
В следващия си отговор, моля да включите следните дневници:

 

  • Дневник от Malwarebytes Anti -Malware
  • Дневник от ESET Online Scanner ( List of found threats )
  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Извинявам се,за забавянето. Сега ще ви пратя логовете и да спомена,нещата,които УЖ е намерило от ESET ми трябват,не са троянци и т.н. , просто са ,като зловреден софтуер и за това ги намира. GUI Booter - DDOS програма , другото са кракове и прочие.

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/5/2015
Scan Time: 9:49 AM
Logfile: malware.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.04.04
Rootkit Database: v2015.07.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: bgmafio7a
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358433
Time Elapsed: 16 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
==========
C:\Program Files\KMSpico\Service_KMS.exe a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Users\bgmafio7a\AppData\Roaming\uTorrent\updates\3.4.2_37594.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\bgmafio7a\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\bgmafio7a\Desktop\drivers\CRACK ONLY V3.rar a variant of Win64/HackTool.Crack.C potentially unsafe application
C:\Users\bgmafio7a\Desktop\drivers\Crack\3dmgame.dll a variant of Win64/HackTool.Crack.C potentially unsafe application
C:\Users\bgmafio7a\Downloads\uTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Windows\SECOH-QAD.dll Win64/HackKMS.D potentially unsafe application
C:\Windows\SECOH-QAD.exe Win64/HackKMS.C potentially unsafe application
D:\Browser Download\ccsetup501pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Browser Download\CheatEngine64.exe a variant of Win32/OpenCandy.C potentially unsafe application
D:\Downloads\Adobe Photoshop CC 2014.2.2 Final by m0nkrus\Adobe.Photoshop.CC.2014.u2.x86-x64.RU-EN.iso a variant of Win32/Keygen.HA potentially unsafe application
D:\Downloads\CCleaner Professional v5.07.5261 Final\ccsetup507pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Downloads\DAEMON Tools Lite 4.49.1.0356\DTLite4491-0356.exe Win32/OpenCandy potentially unsafe application
D:\Downloads\FL Studio Producer Edition 11.1.0 + Plug-ins Bundle\flstudio_11.1.exe Win32/OpenCandy potentially unsafe application
D:\Downloads\FL Studio Producer Edition 11.1.0 + Plug-ins Bundle\Image-Line Plugins Pack 2014.02.20 By R2R\Image-Line.DirectWave.v1.6.0.Incl.Keygen-R2R\R2R\ImageLine_Keygen.exe Win32/Keygen.JV potentially unsafe application
D:\Downloads\FL Studio Producer Edition 11.1.0 + Plug-ins Bundle\Image-Line Plugins Pack 2014.02.20 By R2R\Image-Line.DrumSynth.Live.v1.1.30.Incl.Keygen-R2R\R2R\ImageLine_Keygen.exe Win32/Keygen.JV potentially unsafe application
D:\Downloads\FL Studio Producer Edition 11.1.0 + Plug-ins Bundle\Image-Line Plugins Pack 2014.02.20 By R2R\Image-Line.Edison.v2.2.23.Incl.Keygen-R2R\R2R\ImageLine_Keygen.exe Win32/Keygen.JV potentially unsafe application
D:\Downloads\FL Studio Producer Edition 11.1.0 + Plug-ins Bundle\Image-Line Plugins Pack 2014.02.20 By R2R\Image-Line.Gross.Beat.v1.0.19.Incl.Keygen-R2R\R2R\ImageLine_Keygen.exe Win32/Keygen.JV potentially unsafe application
D:\Downloads\FL Studio Producer Edition 11.1.0 + Plug-ins Bundle\Image-Line Plugins Pack 2014.02.20 By R2R\Image-Line.Harmless.v1.0.29.Incl.Keygen-R2R\R2R\ImageLine_Keygen.exe Win32/Keygen.JV potentially unsafe application
D:\Downloads\FL Studio Producer Edition 11.1.0 + Plug-ins Bundle\Image-Line Plugins Pack 2014.02.20 By R2R\Image-Line.Harmor.v1.3.8.Incl.Keygen-R2R\R2R\ImageLine_Keygen.exe Win32/Keygen.JV potentially unsafe application
D:\Downloads\FL Studio Producer Edition 11.1.0 + Plug-ins Bundle\Image-Line Plugins Pack 2014.02.20 By R2R\Image-Line.Juice.Pack.v2.1.16.Incl.Keygen-R2R\R2R\ImageLine_Keygen.exe Win32/Keygen.JV potentially unsafe application
D:\Downloads\FL Studio Producer Edition 11.1.0 + Plug-ins Bundle\Image-Line Plugins Pack 2014.02.20 By R2R\Image-Line.Maximus.v1.0.20.Incl.Keygen-R2R\R2R\ImageLine_Keygen.exe Win32/Keygen.JV potentially unsafe application
D:\Downloads\FL Studio Producer Edition 11.1.0 + Plug-ins Bundle\Image-Line Plugins Pack 2014.02.20 By R2R\Image-Line.Ogun.v1.1.24.Incl.Keygen-R2R\R2R\ImageLine_Keygen.exe Win32/Keygen.JV potentially unsafe application
D:\Downloads\FL Studio Producer Edition 11.1.0 + Plug-ins Bundle\Image-Line Plugins Pack 2014.02.20 By R2R\Image-Line.SliceX.v1.0.24.Incl.Keygen-R2R\R2R\ImageLine_Keygen.exe Win32/Keygen.JV potentially unsafe application
D:\Downloads\FL Studio Producer Edition 11.1.0 + Plug-ins Bundle\Image-Line Plugins Pack 2014.02.20 By R2R\Image-Line.Sytrus.v2.6.74.Incl.Keygen-R2R\R2R\ImageLine_Keygen.exe Win32/Keygen.JV potentially unsafe application
D:\Downloads\FL Studio Producer Edition 11.1.0 + Plug-ins Bundle\Image-Line Plugins Pack 2014.02.20 By R2R\Image-Line.Vocodex.v1.0.14.Incl.Keygen-R2R\R2R\ImageLine_Keygen.exe Win32/Keygen.JV potentially unsafe application
D:\Downloads\KMSpico v10.0.4 Stable + Portable\KMSpico Install\KMSpico_setup.exe a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application
D:\Downloads\KMSpico v10.0.4 Stable + Portable\KMSpico Portable\AutoPico.exe a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application
D:\Downloads\KMSpico v10.0.4 Stable + Portable\KMSpico Portable\KMSELDI.exe a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application
D:\Downloads\KMSpico v10.0.4 Stable + Portable\KMSpico Portable\Service_KMS.exe a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application
D:\Downloads\Platinum Hide IP 3.2.2.6\PlatinumHideIP-3.2.2.6.Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\Downloads\SpyHunter v4.17.6.4336\Patch.rar a variant of Win32/HackTool.Patcher.T potentially unsafe application
D:\Downloads\SpyHunter v4.17.6.4336\Patch\spyhunter.4.3.32-patch.exe a variant of Win32/HackTool.Patcher.T potentially unsafe application
D:\Downloads\W7Loader by Orbit30 & Hazar v1.4\7Loader 1.4.exe a variant of MSIL/HackTool.WinActivator.A potentially unsafe application
D:\Hacking\DDoS\GUI Booter[1.3.1].exe a variant of MSIL/Injector.AWA trojan
D:\Hacking\DDoS\GUI-Booter[1.4.1].exe a variant of MSIL/Injector.AWA trojan
D:\Hacking\KeyLoggers\Agent Tesla [beta]\Agent Tesla [beta]\Agent Tesla.exe a variant of MSIL/Injector.FPT trojan
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Вие на хакер ли ми се правите.....Дайте логично обяснение ...?

 

Аз бях до тук..!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Гост
Тази тема е заключена за нови отговори.

  • Горещи теми в момента

  • Подобни теми

    • от Emilyr
      Здравейте, не знам дали темата е в правилния раздел, просто съм нова в сайта,  съжалявам ако нещо не е както трябва..  Преди малко получих известие от антивирусната ми система, че е блокиран вирус на име 64win malware-gen.. Който е преместен в "затвора за вируси" Какво трябва да предприема, това опасен вирус ли е... Не разбирам от компютри, и не знам как да постъпя, пък ме е страх и за информацията на лаптопа ми. Моля ви дайте ми съвет какво да направя или не трябва да предприемам действия.. Страх ме е да няма и други вируси, защото отдолу на снимката не се вижда добре, но пише че "може да се спотайват и още други заплахи ".   Ще приложа и снимка на съобщението от антивирусната система.. Благодаря Ви предварително..
      Пс:съжалявам за лошото качество на снимката, но трябваше да намалявам размерите й, защото иначе не можех да я кача..

    • от Studenta
      Здравейте, от доста време насам браузъра ми е заразен с някаква руска търсачка. Пробвал съм да трия браузъра да променям настройките да премахвам всички добавки но без успех. Мисля,че с тоя боклук вървят в с още 2 с нея. Когато съм изгасил браузъра и си играя някоя игра примерно изведнъж ми се отваря някакъв шибан руски сайт asap.ru нещо подобно. 
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
      Ran by ASUS (administrator) on ASUS-PC (30-12-2017 20:36:37)
      Running from C:\Users\ASUS\Downloads
      Loaded Profiles: ASUS & UpdatusUser (Available Profiles: ASUS & UpdatusUser)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
      Internet Explorer Version 9 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
      (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
      (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
      (Microsoft Corporation) C:\Windows\System32\wlanext.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
      () C:\Users\ASUS\AppData\Local\Facebook\Games\FacebookGames.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
      (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
      (Atheros) C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
      () C:\Windows\Microsoft\svchost.exe
      (The CefSharp Authors) C:\Users\ASUS\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-20] (Intel Corporation)
      Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-15] (Sandboxie Holdings, LLC)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [vyrtapcchc] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526" <==== ATTENTION
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [57446848 2017-12-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\MountPoints2: {7e52b7ab-80b8-11e5-abf8-ac220bd789b4} - G:\Install.exe
      AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-07-08] (NVIDIA Corporation)
      AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-07-08] (NVIDIA Corporation)
      Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Games Arcade (BETA).lnk [2016-09-19]
      ShortcutTarget: Facebook Games Arcade (BETA).lnk -> C:\Users\ASUS\AppData\Local\Facebook\Games\FacebookGames.exe ()
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      GroupPolicy\User: Restriction <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 77.76.144.10
      Tcpip\..\Interfaces\{18B97A15-4C37-40AB-8ABC-148924326CD0}: [NameServer] 8.8.8.8,8.8.4.4
      Tcpip\..\Interfaces\{18B97A15-4C37-40AB-8ABC-148924326CD0}: [DhcpNameServer] 77.76.144.10
      Tcpip\..\Interfaces\{7B128963-1D6F-410F-B447-36004838DDB1}: [DhcpNameServer] 10.0.0.13
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BA4B52271-83DE-44E1-91D2-F540224D09C8%7D&gp=811014
      BHO-x32: Searchgo Class -> {598AEFC6-DD3C-4A63-9AC3-53FCF6155931} -> C:\Users\ASUS\AppData\LocalLow\SearchGo\searchgo.dll [2017-12-30] (Searchgo)
      BHO-x32: Поиск@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\ASUS\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-05-26] (Mail.Ru)
      Toolbar: HKLM-x32 - Searchgo - {2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC} - C:\Users\ASUS\AppData\LocalLow\SearchGo\searchgo.dll [2017-12-30] (Searchgo)
      FireFox:
      ========
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-30] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-30] ()
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin HKU\S-1-5-21-3540903787-1263480670-1707380032-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ASUS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
      Chrome: 
      =======
      CHR HomePage: Default -> mail.ru
      CHR StartupUrls: Default -> "hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526"
      CHR NewTab: Default ->  Not-active:"chrome-extension://nagnmfhgkjkplbhplkbicmpkfopmnefp/newtab.html"
      CHR DefaultSearchURL: Default -> hxxp://go-search.ru/search?q={searchTerms}
      CHR DefaultSearchKeyword: Default -> GoSearch
      CHR DefaultSuggestURL: Default -> hxxp://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}
      CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default [2017-12-30]
      CHR Extension: (Презентации) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Документи) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Диск) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-01]
      CHR Extension: (YouTube) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-01]
      CHR Extension: (Chrome Cleaner Pro) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2017-11-12]
      CHR Extension: (Save Tabs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjepfldodmdfmdidhhgamnklbdibndi [2017-11-05]
      CHR Extension: (Таблици) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Документи офлайн) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-01]
      CHR Extension: (Skype) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-30]
      CHR Extension: (Microcosm - New Tab) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nagnmfhgkjkplbhplkbicmpkfopmnefp [2017-11-05]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
      CHR Extension: (Gmail) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-01]
      CHR Extension: (Chrome Media Router) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
      CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-12]
      CHR Extension: (No Name) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-08-25]
      CHR HKLM-x32\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lbjjfiihgfegniolckphpnfaokdkbmdm] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [nagnmfhgkjkplbhplkbicmpkfopmnefp] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-15] (Sandboxie Holdings, LLC)
      R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
      R2 SvcHost Service Host; C:\Windows\Microsoft\svchost.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-11-01] (DT Soft Ltd)
      R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-15] (Sandboxie Holdings, LLC)
      S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
      S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] (Microsoft Corporation)
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-30 20:36 - 2017-12-30 20:37 - 000014515 _____ C:\Users\ASUS\Downloads\FRST.txt
      2017-12-30 20:36 - 2017-12-30 20:36 - 000000000 ____D C:\FRST
      2017-12-30 20:35 - 2017-12-30 20:35 - 002391552 _____ (Farbar) C:\Users\ASUS\Downloads\FRST64.exe
      2017-12-30 19:58 - 2017-12-30 20:04 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
      2017-12-30 19:58 - 2017-12-30 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-30 20:15 - 2016-03-17 20:38 - 000000000 ___RD C:\Users\ASUS\Desktop\Снимки
      2017-12-30 20:05 - 2016-05-26 03:40 - 000000000 ____D C:\Users\ASUS\AppData\LocalLow\SearchGo
      2017-12-30 20:05 - 2016-05-26 03:40 - 000000000 ____D C:\Users\ASUS\AppData\Local\SearchGo
      2017-12-30 20:03 - 2017-07-09 14:45 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-30 20:03 - 2016-05-26 03:39 - 000000000 ____D C:\Users\ASUS\AppData\Local\PowerMonitor
      2017-12-30 20:02 - 2009-07-14 07:13 - 000782154 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-12-30 20:02 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2017-12-30 20:00 - 2015-11-01 19:02 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-30 20:00 - 2015-11-01 19:02 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-30 20:00 - 2015-11-01 19:02 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-30 20:00 - 2015-11-01 19:02 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-30 20:00 - 2015-11-01 19:02 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-30 19:57 - 2017-03-06 20:25 - 000000000 ___RD C:\Program Files (x86)\Skype
      2017-12-30 19:57 - 2015-11-01 18:59 - 000000000 ____D C:\ProgramData\Skype
      2017-12-30 19:55 - 2016-04-06 12:07 - 000001382 _____ C:\Windows\Sandboxie.ini
      2017-12-30 19:54 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-11-30 12:07 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-11-30 12:07 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-11-30 05:25 - 2015-11-01 18:59 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Skype
      ==================== Files in the root of some directories =======
      2016-03-30 13:19 - 2016-03-30 13:19 - 000000036 _____ () C:\Users\ASUS\AppData\Local\housecall.guid.cache
      2016-07-12 22:16 - 2016-07-12 22:16 - 000004096 ____H () C:\Users\ASUS\AppData\Local\keyfile3.drm
      Some files in TEMP:
      ====================
      2017-11-24 23:55 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\113.tmp.exe
      2017-11-25 00:04 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\1214.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\1B95.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\1C50.tmp.exe
      2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\27E4.tmp.exe
      2017-11-12 15:44 - 2017-11-12 11:13 - 000775168 ____N (PhoneLine SOFT Inc) C:\Users\ASUS\AppData\Local\Temp\28DE.tmp.exe
      2017-11-17 01:08 - 2017-11-16 23:36 - 000807912 _____ () C:\Users\ASUS\AppData\Local\Temp\2AE7.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\2B1F.tmp.exe
      2017-11-25 00:04 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\2E2B.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\30E9.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\31B4.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3212.tmp.exe
      2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3443.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\34A1.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3665.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3B45.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C01.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C3F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C4F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3CAC.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3CCB.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\4DCC.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\4EB6.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5403.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5480.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5885.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5D75.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E6F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E7E.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E8E.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5EFB.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\62A3.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\67A2.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\6A8F.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\727B.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7327.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7420.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7568.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7F37.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\8F4E.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\949B.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\9EC8.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A129.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A5BB.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A934.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\AA4D.tmp.exe
      2017-11-27 07:14 - 2017-11-27 01:56 - 000930776 ____N () C:\Users\ASUS\AppData\Local\Temp\B082.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\BF81.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\C184.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\C1D2.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\C838.tmp.exe
      2017-11-18 14:23 - 2017-11-18 13:59 - 000803816 _____ () C:\Users\ASUS\AppData\Local\Temp\CA7F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CD09.tmp.exe
      2017-11-18 14:23 - 2017-11-18 13:59 - 000803816 _____ () C:\Users\ASUS\AppData\Local\Temp\CD7B.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CDD4.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CF4A.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CFD6.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\D275.tmp.exe
      2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\DB8A.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\DFCE.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\E05A.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\E662.tmp.exe
      2017-11-17 01:08 - 2017-11-16 23:36 - 000807912 _____ () C:\Users\ASUS\AppData\Local\Temp\EDF7.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\F512.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\F6D6.tmp.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe
      [2010-11-21 05:24] - [2011-01-16 02:01] - 000389632 _____ (Microsoft Corporation) 81257415084B84F3C0D95C381A8D4C8F
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll
      [2010-11-21 05:24] - [2011-01-16 02:01] - 001008640 _____ (Microsoft Corporation) 0B864E15A0BADFF0E7BB8B59009FDDCF
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-11-19 01:44
      ==================== End of FRST.txt ============================
       

      Addition.txt
    • от Technokom Plovdiv
      Ето събщението, което получава всеки изпратил имейл до нас:
      This message was created automatically by mail delivery software.
      A message that you sent has not yet been delivered to one or more of its recipients after more than 24 hours on the queue on hemus.superhosting.bg.
       
       
      The message identifier is:     1eJa1Z-003lh9-9Y
      The subject of the message is: =?utf-8?B?Rlc6INC80LDQvdC+0LzQtdGC0YrRgA==?=
      The date of the message is:    Tue, 28 Nov 2017 09:09:44 +0200
       
       
      The address to which the message has not yet been delivered is:
       
       
        henryresult111@gmail.com
          (ultimately generated from xxxxxxx@xxxxxxxx.bg)
          host alt4.gmail-smtp-in.l.google.com [74.125.28.27]
          Delay reason: SMTP error from remote mail server after RCPT TO:<henryresult111@gmail.com>:
          452-4.2.2 The email account that you tried to reach is over quota. Please direct
          452-4.2.2 the recipient to
          452 4.2.2  https://support.google.com/mail/?p=OverQuotaTemp h72si2628468pfj.20 - gsmtp
       
       
      No action is required on your part. Delivery attempts will continue for some time, and this warning may be repeated at intervals if the message remains undelivered. Eventually the mail delivery software will give up, and when that happens, the message will be returned to you.
       
      Това съобщение го получават изпращащите мейли към този домейн. Събщенията се получават без проблем. Няма проблем и със сървърното място.
      Не разбирам и каква е връзката с gmail и google след като домейнът е частен. Също нямам никаква идея чий е този имейл: henryresult111@gmail.com
      Възможно ли е да е вирус? Сканирани са всички служебни машини. Имаше разни гадини, които уж обезвредихме, но проблемът не се оправи.
      Сменихме и паролите на всички мейли - нищо.
      Ето информацията от FRST:
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-11-2017
      Ran by pc (administrator) on PC1 (30-11-2017 14:23:09)
      Running from C:\Documents and Settings\pc.PC1\Desktop
      Loaded Profiles: pc (Available Profiles: pc & Administrator & Guest)
      Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
      Internet Explorer Version 8 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
      (HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
      (HP) C:\WINDOWS\system32\HPSIsvc.exe
      (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
      (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
      (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
      (Viber Media S.à r.l.) C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Viber\Viber.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
      (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
      () C:\2017\wsklad.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [16859648 2008-01-09] (Realtek Semiconductor Corp.)
      HKLM\...\Run: [Alcmtr] => C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
      HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-10-31] (AVG Technologies CZ, s.r.o.)
      HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [302744 2017-11-16] (AVG Technologies CZ, s.r.o.)
      HKU\S-1-5-20\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\...\Run: [Viber] => C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.à r.l.)
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\...\MountPoints2: {260473e8-84c9-11e3-a542-001cf0d5a2b8} - G:\SISetup.exe
      HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
      Startup: C:\Documents and Settings\pc.PC1\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2017-11-30]
      ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()
      Startup: C:\Documents and Settings\pc.PC1\Start Menu\Programs\Startup\Skype.lnk [2017-03-06]
      ShortcutTarget: Skype.lnk -> C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\Skype.ico (No File)
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Tcpip\..\Interfaces\{E7E61260-FB73-4F9E-B467-F1870B906C7C}: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-22] (Sun Microsystems, Inc.)
      BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-22] (Sun Microsystems, Inc.)
      DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} hxxp://dl-ak.solidworks.com/nonsecure/edrawings/e2012sp02/12.2.0.110/cab//eModelsStandard.cab
      DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
      DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
      FireFox:
      ========
      FF DefaultProfile: 07ckpc18.default-1412315343695
      FF ProfilePath: C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695 [2017-11-30]
      FF Extension: (YouTube Video and Audio Downloader) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-05-22] [Lagacy]
      FF Extension: (Google Search by Image) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\google@hitachi.com.xpi [2016-05-03] [Lagacy]
      FF Extension: (signTextJS) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\jid1-AXn9cXcB4fD1QQ@jetpack.xpi [2017-06-15] [Lagacy]
      FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
      FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-06-22] [Lagacy] [not signed]
      FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
      FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-27] [Lagacy] [not signed]
      FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
      FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Lagacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-09-04] ()
      FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
      Chrome:
      =======
      CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [282536 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5954792 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-10-31] (AVG Technologies CZ, s.r.o.)
      R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (HP)
      S4 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-06-22] (Sun Microsystems, Inc.)
      S4 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2003-10-22] (HP) [File not signed]
      S4 rcp_service; C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe [558592 2007-11-30] (ReaSoft) [File not signed]
      R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
      S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
      S2 APNMCP; "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
      S2 HP LaserJet Service; "C:\Program Files\hp\HPLaserJetService\HPLaserJetService.exe" [X]
      S0 MBAMService; no ImagePath
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [20624 2012-10-31] (AVAST Software)
      R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [149592 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiskx.sys [135872 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriverx.sys [249232 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidshx.sys [151024 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgblog; C:\WINDOWS\System32\drivers\avgblogx.sys [270344 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbunivx.sys [43992 2017-11-16] (AVG Technologies CZ, s.r.o.)
      S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [35264 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [117368 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [63280 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [775552 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [381184 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [290776 2017-11-16] (AVG Technologies CZ, s.r.o.)
      S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
      S3 dg_ssudbus; C:\WINDOWS\System32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.)
      S3 HP1210FAX; C:\WINDOWS\System32\Drivers\HPM1210FAX.sys [13824 2010-04-28] () [File not signed]
      R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
      R3 m4cxw2k3; C:\WINDOWS\System32\DRIVERS\m4cxw2k3.sys [250752 2007-02-15] (D-Link Corporation)
      S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
      S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
      S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2009-08-03] (VSO Software) [File not signed]
      R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
      S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
      S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-07-13] (Duplex Secure Ltd.)
      S3 ssudmdm; C:\WINDOWS\System32\DRIVERS\ssudmdm.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
      S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [File not signed]
      S2 adfs; no ImagePath
      S3 BOCDRIVE; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys [X]
      S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
      S3 FXDrv32; \??\D:\FXDrv32.sys [X]
      S4 IntelIde; no ImagePath
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-11-30 14:23 - 2017-11-30 14:23 - 000012709 _____ C:\Documents and Settings\pc.PC1\Desktop\FRST.txt
      2017-11-30 14:22 - 2017-11-30 14:23 - 000000000 ____D C:\FRST
      2017-11-30 14:22 - 2017-11-30 14:22 - 001752064 _____ (Farbar) C:\Documents and Settings\pc.PC1\Desktop\FRST.exe
      2017-11-30 10:49 - 2017-11-30 10:49 - 000025377 _____ C:\Documents and Settings\pc.PC1\Local Settings\Application Data\recently-used.xbel
      2017-11-24 14:34 - 2017-11-24 14:34 - 000000000 ____D C:\Program Files\Quester
      2017-11-24 14:34 - 2017-11-24 14:34 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QMailFilter
      2017-11-24 14:32 - 2017-11-24 14:32 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Application Data\CEF
      2017-11-24 14:32 - 2017-11-24 14:32 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Application Data\AVG
      2017-11-24 14:31 - 2017-11-24 14:31 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Application Data\Avg
      2017-11-24 14:21 - 2017-11-24 14:21 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\PCHealth
      2017-11-20 12:24 - 2017-11-20 12:40 - 000065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt
      2017-11-20 12:24 - 2017-11-20 12:24 - 000000000 ____D C:\Documents and Settings\pc.PC1\Doctor Web
      2017-11-20 12:24 - 2017-11-20 12:24 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Doctor Web
      2017-11-16 14:45 - 2017-11-16 14:45 - 000087203 _____ C:\Documents and Settings\pc.PC1\My Documents\Untitled.pdf
      2017-11-16 14:45 - 2017-11-16 14:45 - 000087203 _____ C:\Documents and Settings\pc.PC1\Desktop\Untitled.pdf
      2017-11-16 13:03 - 2017-11-16 13:05 - 000000000 ____D C:\EEK
      2017-11-16 13:02 - 2017-11-16 13:02 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Temp
      2017-11-16 10:11 - 2017-11-16 10:11 - 000001608 _____ C:\Documents and Settings\All Users\Desktop\AVG AntiVirus FREE.lnk
      2017-11-16 10:11 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\AVG
      2017-11-16 10:10 - 2017-11-30 10:10 - 000000288 ____H C:\WINDOWS\Tasks\Antivirus Emergency Update.job
      2017-11-16 10:10 - 2017-11-16 10:10 - 000775552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000381184 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000306448 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
      2017-11-16 10:10 - 2017-11-16 10:10 - 000290776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000249232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000149592 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiskx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
      2017-11-16 10:08 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
      2017-11-16 10:08 - 2017-11-16 10:08 - 000000629 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
      2017-11-16 10:06 - 2017-11-30 11:06 - 000000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
      2017-11-16 10:06 - 2017-11-16 10:08 - 000000000 ____D C:\Program Files\AVG
      2017-11-16 09:51 - 2017-11-16 09:51 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\CEF
      2017-11-16 09:50 - 2017-11-16 11:23 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
      2017-11-16 09:50 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Avg
      2017-11-16 09:50 - 2017-11-16 10:08 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\AvgSetupLog
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-11-30 14:23 - 2013-08-02 12:50 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Temp
      2017-11-30 14:20 - 2015-08-03 07:23 - 000271360 _____ C:\Documents and Settings\pc.PC1\My Documents\Outlook_Archive.pst
      2017-11-30 14:16 - 2016-12-27 11:00 - 000000000 ____D C:\2017
      2017-11-30 10:49 - 2014-01-15 10:08 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\gtk-2.0
      2017-11-30 10:49 - 2013-08-02 12:55 - 000000000 ____D C:\Documents and Settings\pc.PC1\.gimp-2.8
      2017-11-30 07:55 - 2016-08-12 14:25 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\ViberPC
      2017-11-30 07:52 - 2014-03-28 08:20 - 000000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
      2017-11-30 07:52 - 2008-09-12 18:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-11-30 07:52 - 2008-04-14 14:00 - 000011936 _____ C:\WINDOWS\system32\wpa.dbl
      2017-11-29 16:54 - 2013-08-02 12:50 - 000000178 ___SH C:\Documents and Settings\pc.PC1\ntuser.ini
      2017-11-29 16:54 - 2013-08-02 12:50 - 000000000 ____D C:\Documents and Settings\pc.PC1
      2017-11-29 16:54 - 2008-09-12 18:28 - 000032520 _____ C:\WINDOWS\SchedLgU.Txt
      2017-11-28 11:37 - 2011-12-19 11:25 - 000000000 ____D C:\Program Files\The KMPlayer
      2017-11-24 14:40 - 2013-08-02 13:09 - 000211496 _____ C:\Documents and Settings\pc.PC1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2017-11-24 14:37 - 2013-11-01 13:09 - 000000178 ___SH C:\Documents and Settings\Administrator.PC1\ntuser.ini
      2017-11-24 14:36 - 2010-03-25 10:10 - 000979370 _____ C:\WINDOWS\ntbtlog.txt
      2017-11-24 14:35 - 2013-11-01 13:09 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Temp
      2017-11-24 14:28 - 2008-09-12 21:12 - 002469912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2017-11-24 14:25 - 2013-08-02 14:23 - 000065536 _____ C:\WINDOWS\system32\config\ODiag.evt
      2017-11-24 14:15 - 2008-09-13 10:13 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2017-11-24 14:12 - 2008-04-14 14:00 - 000000668 _____ C:\WINDOWS\win.ini
      2017-11-24 11:47 - 2016-08-12 14:25 - 000000000 ____D C:\Documents and Settings\pc.PC1\My Documents\ViberDownloads
      2017-11-22 16:05 - 2013-12-11 14:52 - 000000000 ____D C:\2014
      2017-11-22 16:04 - 2010-12-03 14:28 - 000000000 ____D C:\2011
      2017-11-22 16:03 - 2011-12-09 14:39 - 000000000 ____D C:\2012
      2017-11-22 15:40 - 2013-08-02 13:28 - 000002515 _____ C:\Documents and Settings\pc.PC1\Desktop\Microsoft Office Word 2007.lnk
      2017-11-22 14:28 - 2014-12-29 16:42 - 000000000 ____D C:\2015
      2017-11-22 14:25 - 2015-12-23 11:32 - 000000000 ____D C:\2016
      2017-11-16 10:55 - 2014-10-02 15:34 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\istartsurf
      2017-11-16 10:48 - 2012-12-20 13:57 - 000000000 ____D C:\2013
      2017-11-16 10:38 - 2014-10-02 15:34 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\IePluginServices
      2017-11-16 09:28 - 2010-09-30 15:57 - 000000000 ____D C:\Program Files\ough
      2017-11-16 09:01 - 2013-09-23 15:54 - 002755382 ___SH C:\Documents and Settings\pc.PC1\Desktop\Thumbs.db
      2017-11-10 13:23 - 2013-08-02 13:49 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\Skype
      2017-11-08 15:00 - 2014-03-28 08:20 - 000000210 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
      ==================== Files in the root of some directories =======
      2015-08-17 11:04 - 2015-08-17 11:08 - 000304492 _____ (AYURvmkth8) C:\Documents and Settings\pc.PC1\Application Data\adobe.exe
      2013-10-07 13:55 - 2014-04-09 12:28 - 000000531 _____ () C:\Documents and Settings\pc.PC1\Application Data\burnaware.ini
      2013-08-02 13:31 - 2017-08-18 12:25 - 000036352 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2014-02-27 17:15 - 2014-02-28 09:48 - 000000600 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\PUTTY.RND
      2017-11-30 10:49 - 2017-11-30 10:49 - 000025377 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\recently-used.xbel
      2011-03-11 09:28 - 2011-03-11 09:28 - 000000016 _____ () C:\Documents and Settings\All Users\Application Data\.7486160831680234
      2008-10-31 09:19 - 2008-10-31 09:19 - 000000041 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib
      2008-09-13 13:47 - 2016-04-26 08:08 - 000001669 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
      2014-08-15 11:57 - 2010-03-30 10:12 - 000024772 _____ () C:\Documents and Settings\All Users\Application Data\P1210DEF.css
      2014-08-15 11:57 - 2016-01-22 14:22 - 000015499 _____ () C:\Documents and Settings\All Users\Application Data\P1210OS.HTM
      2014-08-15 11:57 - 2010-03-30 10:12 - 000002944 _____ () C:\Documents and Settings\All Users\Application Data\P1210SIG.GIF
      Some files in TEMP:
      ====================
      2017-10-13 09:08 - 2011-12-29 11:44 - 001275396 _____ (NCH Software) C:\Documents and Settings\pc.PC1\Local Settings\Temp\uninst.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      ==================== End of FRST.txt ============================
      Addition.txt
    • от Gufy
      Файловете ли са криптирани с тази гад  johndoe@weekendwarrior55.com, видео, фото, word, pdf почти всички фаилове са засегнати.
      Моля модераторите да махнат дублиращата тема пусната от мен. Поради проблем в интернета пуснах две без да искам
       
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.