Премини към съдържанието

Препоръчан отговор


Здравейте.

Лаптопът работи много бавно, при опит да премахна елементите открити от MSE системата забива и не ми позволява да правя нищо повече. Нямам представа от къде се е заразила системата, лаптопът се ползва от родителите ми. Не разполагам с диск за Windows. Елементите под карантина в MSE са доста, изброявам ги, като някои се повтарят:

-BrowserModifier:Win32/CouponRuc;  Trojan:Win32/Raydefun.A;  Trojan:Win32/Peaac.gen!A!plock;  VirTool:Win32/Obfuscator.ANX;  BrowserModifier:Win32/Diplugem;  Trojan:Win32/Damingvat.A;  Trojan:Win32/Colisi.C

 

Ето и лог файла:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-09-2015
Ran by RRR (administrator) on RRR-PC (15-09-2015 12:00:16)
Running from C:\Users\RRR\Desktop
Loaded Profiles: RRR (Available Profiles: RRR)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Users\RRR\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Hewlett-Packard ) C:\ProgramData\HP Mouse Suite Config\hpwjd.exe
(Hewlett-Packard ) C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM\...\Run: [New Value #1] => “ctfmon”=”CTFMON.EXE”
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2012-10-24] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-29] (Intel Corporation)
HKLM-x32\...\Run: [NWEReboot] => [X]
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4527424 2011-08-17] (DT Soft Ltd)
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [94208 2005-09-08] (Nero AG)
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [AceStream] => C:\Users\RRR\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-25] ()
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [Facebook Update] => C:\Users\RRR\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-27] (Facebook Inc.)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-02] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HPMonitor.exe.lnk [2013-06-01]
ShortcutTarget: HPMonitor.exe.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpwjd.exe.lnk [2013-06-01]
ShortcutTarget: hpwjd.exe.lnk -> C:\ProgramData\HP Mouse Suite Config\hpwjd.exe (Hewlett-Packard )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpwmsd.exe.lnk [2013-06-01]
ShortcutTarget: hpwmsd.exe.lnk -> C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe (Hewlett-Packard )
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{178F6E31-C398-402E-AC71-7DBF82FAF851}: [NameServer] 199.203.131.145,82.163.143.167
Tcpip\..\Interfaces\{BA4CAD20-CBAD-471F-9F84-E16DB495FA06}: [NameServer] 82.163.143.169,82.163.142.171
Tcpip\..\Interfaces\{BA4CAD20-CBAD-471F-9F84-E16DB495FA06}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\RRR\AppData\Roaming\Mozilla\Firefox\Profiles\w3qckbrn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-01] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2010-01-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3352682033-4164677752-1323257766-1000: @acestream.net/acestreamplugin,version=2.1.5.3 -> C:\Users\RRR\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-06-13] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-3352682033-4164677752-1323257766-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\RRR\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml [2014-09-24]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2014-09-24]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml [2014-09-24]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2014-09-24]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\RRR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\RRR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-09-14]
CHR Extension: (Google Wallet) - C:\Users\RRR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]

Opera:
=======
OPR Extension: (No Name) - C:\Users\RRR\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-02-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-06-02] (Macrovision Europe Ltd.) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2011-11-15] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2013-06-02] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [402024 2012-02-22] (Realtek Semiconductor Corporation )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [2621128 2015-07-16] (Sonix Tech. Co., Ltd.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 12:00 - 2015-09-15 12:00 - 00016956 _____ C:\Users\RRR\Desktop\FRST.txt
2015-09-15 12:00 - 2015-09-15 12:00 - 00000000 ____D C:\FRST
2015-09-15 11:59 - 2015-09-15 11:53 - 02190848 _____ (Farbar) C:\Users\RRR\Desktop\FRST64.exe
2015-09-14 15:54 - 2015-09-14 15:54 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-14 15:53 - 2015-09-14 15:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2A1F53E5.sys
2015-09-14 15:53 - 2015-09-14 15:48 - 00000358 _____ C:\Users\RRR\Desktop\hg.txt
2015-09-14 13:30 - 2015-09-15 11:57 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-14 13:30 - 2015-09-14 13:30 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-14 13:30 - 2015-09-14 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-14 13:30 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-14 13:30 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-14 13:30 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-14 13:18 - 2015-09-14 13:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-14 13:18 - 2015-09-14 13:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-14 12:38 - 2015-09-14 15:55 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-14 11:51 - 2015-09-14 12:01 - 00000000 ____D C:\AdwCleaner
2015-09-11 12:18 - 2015-08-05 20:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-11 12:18 - 2015-08-05 20:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-11 12:18 - 2015-08-05 20:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-11 12:17 - 2015-08-05 20:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-11 12:17 - 2015-07-23 03:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-11 12:17 - 2015-07-23 03:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-11 12:17 - 2015-07-23 03:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-11 12:17 - 2015-07-23 03:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-11 12:17 - 2015-07-23 03:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-11 12:17 - 2015-07-22 19:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-11 12:17 - 2015-07-15 06:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-11 12:17 - 2015-07-15 05:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-11 12:17 - 2015-07-09 20:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-11 12:17 - 2015-07-09 20:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-11 12:17 - 2015-07-09 20:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-11 12:17 - 2015-07-09 20:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-11 12:16 - 2015-07-23 03:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-11 12:16 - 2015-07-23 03:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-11 12:16 - 2015-07-23 03:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-11 12:16 - 2015-07-23 03:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-11 12:16 - 2015-07-23 03:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-11 12:16 - 2015-07-23 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-11 12:16 - 2015-07-23 03:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-11 12:16 - 2015-07-23 03:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-11 12:16 - 2015-07-23 03:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-11 12:16 - 2015-07-23 03:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-11 12:16 - 2015-07-23 03:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-11 12:16 - 2015-07-23 02:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-11 12:16 - 2015-07-23 02:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-11 12:16 - 2015-07-22 20:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-11 12:16 - 2015-07-22 20:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-11 12:16 - 2015-07-22 20:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-11 12:16 - 2015-07-22 20:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-11 12:16 - 2015-07-22 20:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-11 12:16 - 2015-07-22 20:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-11 12:16 - 2015-07-22 20:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-11 12:16 - 2015-07-22 20:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-11 12:16 - 2015-07-22 20:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-11 12:16 - 2015-07-22 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-11 12:16 - 2015-07-22 20:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-11 12:16 - 2015-07-22 20:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 19:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-11 12:16 - 2015-07-22 19:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-11 12:16 - 2015-07-22 19:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-11 12:16 - 2015-07-22 19:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-11 12:16 - 2015-07-22 19:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-11 12:16 - 2015-07-22 19:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 19:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 19:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-11 12:16 - 2015-06-25 13:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-11 12:16 - 2015-06-25 13:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-11 12:16 - 2015-06-25 13:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-11 12:16 - 2015-06-25 12:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-11 12:15 - 2015-09-02 06:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-11 12:15 - 2015-09-02 06:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-11 12:15 - 2015-09-02 06:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-11 12:15 - 2015-09-02 06:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-11 12:15 - 2015-09-02 05:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-11 12:15 - 2015-09-02 05:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-11 12:15 - 2015-09-02 05:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-11 12:15 - 2015-09-02 05:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-11 12:15 - 2015-09-02 04:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-11 12:15 - 2015-09-02 04:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-11 12:15 - 2015-09-02 04:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-11 12:15 - 2015-08-27 21:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-11 12:15 - 2015-08-27 21:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-11 12:15 - 2015-08-27 21:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-11 12:15 - 2015-08-27 21:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-11 12:15 - 2015-08-27 20:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-11 12:15 - 2015-08-27 20:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-11 12:15 - 2015-08-27 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-11 12:15 - 2015-08-27 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-11 12:15 - 2015-08-26 21:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-11 12:15 - 2015-08-26 21:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-11 12:15 - 2015-08-26 21:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-11 12:15 - 2015-08-26 21:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-11 12:15 - 2015-08-26 21:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-11 12:15 - 2015-08-26 21:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-11 12:15 - 2015-08-26 21:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-11 12:15 - 2015-08-26 21:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-11 12:15 - 2015-08-26 21:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-11 12:15 - 2015-08-26 21:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-11 12:15 - 2015-08-26 21:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-11 12:15 - 2015-08-26 20:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-11 12:15 - 2015-08-26 20:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-11 12:15 - 2015-08-26 20:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-11 12:15 - 2015-08-26 20:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-11 12:15 - 2015-08-26 20:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-11 12:15 - 2015-08-04 21:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-11 12:15 - 2015-08-04 21:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-11 12:15 - 2015-08-04 20:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-11 12:15 - 2015-08-04 20:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-11 12:15 - 2015-08-04 20:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-11 12:15 - 2015-08-04 20:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-11 12:15 - 2015-08-04 20:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-11 12:15 - 2015-08-04 20:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-11 12:15 - 2015-08-04 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-08-19 14:47 - 2015-08-11 04:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 14:47 - 2015-08-11 04:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 14:47 - 2015-08-11 03:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 14:47 - 2015-08-11 03:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 12:00 - 2013-06-01 10:31 - 01702946 _____ C:\Windows\WindowsUpdate.log
2015-09-15 11:59 - 2012-09-26 10:53 - 00000950 _____ C:\Windows\SysWOW64\bscs.ini
2015-09-15 11:58 - 2013-06-01 18:07 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-15 11:57 - 2013-12-12 14:39 - 00003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2015-09-15 11:56 - 2013-12-12 14:39 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2015-09-15 11:55 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-15 11:55 - 2009-07-14 07:51 - 00149816 _____ C:\Windows\setupact.log
2015-09-15 11:32 - 2009-07-14 07:45 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-15 11:32 - 2009-07-14 07:45 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-14 16:19 - 2015-08-14 22:19 - 00000336 _____ C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job
2015-09-14 15:40 - 2013-12-12 14:39 - 00000822 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI
2015-09-14 15:19 - 2014-07-27 14:48 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3352682033-4164677752-1323257766-1000UA.job
2015-09-14 15:19 - 2014-07-27 14:48 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3352682033-4164677752-1323257766-1000Core.job
2015-09-14 15:19 - 2013-06-02 22:32 - 00123918 _____ C:\Windows\PFRO.log
2015-09-14 13:37 - 2015-06-27 11:47 - 00000000 ____D C:\Program Files (x86)\Do Not Disturb
2015-09-14 13:36 - 2015-06-08 17:01 - 00000000 ____D C:\Program Files (x86)\rikaikun
2015-09-14 13:12 - 2014-08-31 13:15 - 00000000 ____D C:\Users\RRR\AppData\Local\Adobe
2015-09-13 02:55 - 2013-08-03 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-09-13 00:40 - 2009-07-14 07:45 - 02338960 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-13 00:37 - 2009-07-14 10:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-13 00:20 - 2013-06-02 22:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-28 14:05 - 2015-06-01 08:44 - 00000000 ____D C:\Program Files (x86)\Omnifinder
2015-08-28 14:05 - 2015-05-21 11:01 - 00000000 ____D C:\Program Files (x86)\Cookie Killer for Facebook
2015-08-26 18:37 - 2013-06-05 20:27 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-23 18:55 - 2013-07-07 10:37 - 00000000 ____D C:\Users\RRR\Desktop\recepti
2015-08-19 14:04 - 2015-02-26 19:04 - 00003826 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1424966667
2015-08-19 14:04 - 2013-06-02 18:27 - 00000000 ____D C:\Program Files (x86)\Opera

==================== Files in the root of some directories =======

2015-06-23 08:55 - 2015-08-01 13:57 - 0000020 _____ () C:\Users\RRR\AppData\Roaming\appdataFr2.bin
2015-06-15 14:29 - 2015-07-03 12:47 - 0000024 _____ () C:\Users\RRR\AppData\Roaming\appdataFr25.bin
2015-03-02 21:46 - 2015-04-23 11:35 - 0000020 _____ () C:\Users\RRR\AppData\Roaming\appdataFr3.bin

Files to move or delete:
====================
C:\Users\RRR\install_flashplayer15x32au_chra_dy_aaa_aih.exe


Some files in TEMP:
====================
C:\Users\RRR\AppData\Local\Temp\07b31aB7338C7.exe
C:\Users\RRR\AppData\Local\Temp\130e04c69E226.exe
C:\Users\RRR\AppData\Local\Temp\56ACC069e3.exe
C:\Users\RRR\AppData\Local\Temp\9569E98A43F0.exe
C:\Users\RRR\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\RRR\AppData\Local\Temp\B6D283.exe
C:\Users\RRR\AppData\Local\Temp\BitLord_1.01.exe
C:\Users\RRR\AppData\Local\Temp\HitmanPro.exe
C:\Users\RRR\AppData\Local\Temp\HPSWF.EXE
C:\Users\RRR\AppData\Local\Temp\install_reader11_en_chrd_aaa_aih.exe
C:\Users\RRR\AppData\Local\Temp\SkypeSetup.exe
C:\Users\RRR\AppData\Local\Temp\sqlite3.dll
C:\Users\RRR\AppData\Local\Temp\supoptsetup.exe
C:\Users\RRR\AppData\Local\Temp\SWHelperQueryW.dll
C:\Users\RRR\AppData\Local\Temp\SWHelperWrapper.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-23 20:30

==================== End of FRST.txt ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

 

icon_zps423a0d9f.jpgМоля изтеглете ZHPcleaner и я запазете на вашия десктоп.

  • Стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
  • Кликнете върху Ashampoo_Snap_20140819_13h09m50s_001__zp за да се съгласите с лицензионното споразумение.
  • Изберете бутона y3pI4LR.png.
  • Браузърите ще бъдат затворени автоматично.
  • Ще се отвори лог файл след приключването на проверката.
  • Публикувайте лог файла в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Съжалявам за забавянето, но сканирането спря на 'FirewallRules' на 95%, и го пуснах да сканира отново, стои си на 95% вече 20мин. Нормално ли е, да чакам ли още. Също по време на сканирането към 85% ме пита дали съм инсталирал този сървър и имаше цифри след това, като IP.

Редактирано от stepan10 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Направих сканирането в Safe Mode, тъй като всеки път забиваше на 95%.

 

~ ZHPCleaner v2015.9.14.347 by Nicolas Coolman (2015/09/14)
~ Run by RRR (Administrator)  (15/09/2015 15:00:19)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\RRR\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\RRR\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (2)
FOUND: [w3qckbrn.default] - user_pref("extensions.8Zz02IlJHaYab0q6.url", "http://mojofuneasy.com/sync2/?q=hfZ9oeJQAchEAen0rHU4rS[...] =>PUP.Optional.DriverGuide
FOUND: [w3qckbrn.default] - user_pref("extensions.EuVt7jbA1JpaE7y0.url", "http://foreveryshare.ru/sync2/?q=hfZ9oehUBeCHtNbPhd9Hp[...] =>PUP.Optional.DriverGuide


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (1)
FOUND task: [bidaily Synchronize Task[8da6]] [C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job]  =>PUP.Optional.BidailySync


---\\  Explorer ( File, Folder) (49)
FOUND file: C:\Users\RRR\Desktop\BitLord.lnk  [bad : C:\Program Files (x86)\BitLord\BitLord.exe]  =>PUP.Optional.WhenUSave
FOUND file: C:\Program Files (x86)\BitLord\BitLord.exe [www.BitLord.com - BitLord]  =>PUP.Optional.WhenUSave
FOUND file: C:\Users\RRR\Desktop\BitLord.lnk    =>PUP.Optional.WhenUSave
FOUND file: C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job    =>PUP.Optional.BidailySync
FOUND file: C:\Windows\Prefetch\GS_BOOSTER.EXE-5D689F23.pf    =>PUP.Optional.GSBooster
FOUND file: C:\Users\RRR\AppData\Roaming\appdataFr3.bin    =>PUP.Optional.Generic
FOUND file: C:\Users\RRR\AppData\Local\Temp\supoptsetup.exe [super PC Tools ltd - Fix PC problems and optimize performance]  =>PUP.Optional.SuperPCTools
FOUND file: C:\Users\RRR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage    =>PUP.Optional.SpecialSavings
FOUND file: C:\Users\RRR\AppData\Local\Temp\BitLord_1.01.exe    =>PUP.Optional.WhenUSave
FOUND file: C:\Program Files (x86)\BitLord\BitLord.xml    =>PUP.Optional.WhenUSave
FOUND file: C:\Program Files (x86)\BitLord\BitLord_Win9x.exe [www.BitLord.com - BitLord]  =>PUP.Optional.WhenUSave
FOUND file: C:\Program Files (x86)\BitLord\Downloads.xml    =>PUP.Optional.WhenUSave
FOUND file: C:\Program Files (x86)\BitLord\License.txt    =>PUP.Optional.WhenUSave
FOUND file: C:\Program Files (x86)\BitLord\uninst.exe    =>PUP.Optional.WhenUSave
FOUND folder: C:\Program Files (x86)\BitLord\Downloads  =>PUP.Optional.WhenUSave
FOUND folder: C:\Program Files (x86)\BitLord\lang  =>PUP.Optional.WhenUSave
FOUND folder: C:\Program Files (x86)\BitLord\rules  =>PUP.Optional.WhenUSave
FOUND folder: C:\Program Files (x86)\BitLord  =>PUP.Optional.WhenUSave
FOUND file: C:\ProgramData\AAlllCheapPriaCe\7BvMumlPrBJs9e.dat    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\AAlllCheapPriaCe\7BvMumlPrBJs9e.tlb    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\CheapMe\8kml8G1KobskPF.dat    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\CheapMe\8kml8G1KobskPF.tlb    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\DigiCooupOn\QiNGqmkxESXVtQ.dat    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\DigiCooupOn\QiNGqmkxESXVtQ.tlb    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\ExstraiCCouppon\1X7fbuq7cRhVed.dat    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\ExstraiCCouppon\1X7fbuq7cRhVed.tlb    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\NetoCoupon\bztKtfionYfDL5.dat    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\NetoCoupon\bztKtfionYfDL5.exe    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\NetoCoupon\bztKtfionYfDL5.tlb    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\RandomPrice\y2NllSdRaEwHfS.dat    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\RandomPrice\y2NllSdRaEwHfS.tlb    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\SaveNewaAppz\EXWIPz5s5gbesb.dat    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\SaveNewaAppz\EXWIPz5s5gbesb.exe    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\SaveNewaAppz\EXWIPz5s5gbesb.tlb    =>PUP.Optional.Multiplug
FOUND folder: C:\ProgramData\AAlllCheapPriaCe  =>PUP.Optional.Multiplug
FOUND folder: C:\ProgramData\CheapMe  =>PUP.Optional.Multiplug
FOUND folder: C:\ProgramData\DigiCooupOn  =>PUP.Optional.Multiplug
FOUND folder: C:\ProgramData\ExstraiCCouppon  =>PUP.Optional.Multiplug
FOUND folder: C:\ProgramData\NetoCoupon  =>PUP.Optional.Multiplug
FOUND folder: C:\ProgramData\RandomPrice  =>PUP.Optional.Multiplug
FOUND folder: C:\ProgramData\SaveNewaAppz  =>PUP.Optional.Multiplug
FOUND folder: C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data  =>PUP.Optional.ChromaticBrowser
FOUND folder: C:\Users\Administrator\AppData\Local\Torch\User Data  =>PUP.Optional.Torch
FOUND folder: C:\Users\Administrator\AppData\Local\Chromatic Browser  =>PUP.Optional.ChromaticBrowser
FOUND folder: C:\Users\Administrator\AppData\Local\Torch  =>PUP.Optional.Torch
FOUND folder: C:\Users\Guest\AppData\Local\Chromatic Browser\User Data  =>PUP.Optional.ChromaticBrowser
FOUND folder: C:\Users\Guest\AppData\Local\Torch\User Data  =>PUP.Optional.Torch
FOUND folder: C:\Users\Guest\AppData\Local\Chromatic Browser  =>PUP.Optional.ChromaticBrowser
FOUND folder: C:\Users\Guest\AppData\Local\Torch  =>PUP.Optional.Torch


---\\  Registry ( Key, Value, Data) (15)
FOUND key: HKLM\SOFTWARE\Wow6432Node\Policies\Google\Update []  =>PUM.Security.Hijack
FOUND key: [X64] HKLM\SOFTWARE\Classes\bitlordunfinishedfile [bitLord Unfinished Download File]  =>Toolbar.CompleteBar
FOUND key: [X64] HKLM\SOFTWARE\Classes\BitLordUnfinishedFile [bitLord Unfinished Download File]  =>PUP.Optional.WhenUSave
FOUND key: [X64] HKLM\SOFTWARE\Classes\bittorrent [bitLord File]  =>PUP.Optional.WhenUSave
FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{5051b095-86fa-4569-8745-1b96d535240c} [DigiCooupOn]  =>PUP.Optional.Multiplug
FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{5494c1f2-ba96-4824-94d7-53dfbb1d0f21} [CheapMe]  =>PUP.Optional.Multiplug
FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{7ff0fc24-3bfd-40df-8701-b231f8378330} [MiniimmummPriice]  =>PUP.Optional.Multiplug
FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{93824824-94bd-4b23-806c-fefb6fb7f3e0} [AAlllCheapPriaCe]  =>PUP.Optional.Multiplug
FOUND data: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{178F6E31-C398-402E-AC71-7DBF82FAF851}\\NameServer [bad : 199.203.131.145,82.163.143.167]  =>Hijacker.Browser
FOUND data: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA4CAD20-CBAD-471F-9F84-E16DB495FA06}\\NameServer [bad : 82.163.143.169,82.163.142.171]  =>Hijacker.Browser
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\bitlord.exe [C:\Program Files (x86)\BitLord\BitLord.exe]  =>Toolbar.CompleteBar
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\bitlord.exe [C:\Program Files (x86)\BitLord\BitLord.exe]  =>Toolbar.CompleteBar
FOUND key: [X64] HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b []  =>Hijacker.Browser
FOUND value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{55D90B99-D2C5-43C8-AF02-10FB750A655C}C:\program files (x86)\bitlord\bitlord.exe [C:\program files (x86)\bitlord\bitlord.exe]  =>PUP.Optional.WhenUSave
FOUND value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{654393BC-A4D9-4E83-97B1-DBCFC607255A}C:\program files (x86)\bitlord\bitlord.exe [C:\program files (x86)\bitlord\bitlord.exe]  =>PUP.Optional.WhenUSave


---\\ Result of repair
~ Any repair made


---\\ Statistics
~ Items scanned : 76863
~ Items found : 98
~ Items cancelled : 0
~ Items repaired : 0


~ End of search in 4 minutes
===================
ZHPCleaner--15092015-15_04_47.txt

ZHPCleaner.txt

Редактирано от stepan10 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ок, ако не сте затворили програмата натиснете бутона Repair, ако сте я затворили ще се наложи да повторите проверката и чак след това да натиснете бутона Repair.

Публикувайте резултатите в следващия си коментар.


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

~ ZHPCleaner v2015.9.14.347 by Nicolas Coolman (2015/09/14)
~ Run by RRR (Administrator)  (15/09/2015 15:24:31)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\RRR\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\RRR\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (2)
DELETED: [w3qckbrn.default] - user_pref("extensions.8Zz02IlJHaYab0q6.url", "http://mojofuneasy.com/sync2/?q=hfZ9oeJQAchEAen0rHU4rS[...] =>PUP.Optional.DriverGuide
DELETED: [w3qckbrn.default] - user_pref("extensions.EuVt7jbA1JpaE7y0.url", "http://foreveryshare.ru/sync2/?q=hfZ9oehUBeCHtNbPhd9Hp[...] =>PUP.Optional.DriverGuide


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (1)
DELETED task: [bidaily Synchronize Task[8da6]] [C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job (Not File) ]  =>PUP.Optional.BidailySync


---\\  Explorer ( File, Folder) (19)
MOVED file: C:\Users\RRR\Desktop\BitLord.lnk  [bad : C:\Program Files (x86)\BitLord\BitLord.exe]  =>PUP.Optional.WhenUSave
MOVED file: C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job    =>PUP.Optional.BidailySync
MOVED file: C:\Windows\Prefetch\GS_BOOSTER.EXE-5D689F23.pf    =>PUP.Optional.GSBooster
MOVED file: C:\Users\RRR\AppData\Roaming\appdataFr3.bin    =>PUP.Optional.Generic
MOVED file: C:\Users\RRR\AppData\Local\Temp\supoptsetup.exe [super PC Tools ltd - Fix PC problems and optimize performance]  =>PUP.Optional.SuperPCTools
MOVED file: C:\Users\RRR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage    =>PUP.Optional.SpecialSavings
MOVED file: C:\Users\RRR\AppData\Local\Temp\BitLord_1.01.exe    =>PUP.Optional.WhenUSave
MOVED folder: C:\Program Files (x86)\BitLord  =>PUP.Optional.WhenUSave
MOVED folder: C:\ProgramData\AAlllCheapPriaCe  =>PUP.Optional.Multiplug
MOVED folder: C:\ProgramData\CheapMe  =>PUP.Optional.Multiplug
MOVED folder: C:\ProgramData\DigiCooupOn  =>PUP.Optional.Multiplug
MOVED folder: C:\ProgramData\ExstraiCCouppon  =>PUP.Optional.Multiplug
MOVED folder: C:\ProgramData\NetoCoupon  =>PUP.Optional.Multiplug
MOVED folder: C:\ProgramData\RandomPrice  =>PUP.Optional.Multiplug
MOVED folder: C:\ProgramData\SaveNewaAppz  =>PUP.Optional.Multiplug
MOVED folder: C:\Users\Administrator\AppData\Local\Chromatic Browser  =>PUP.Optional.ChromaticBrowser
MOVED folder: C:\Users\Administrator\AppData\Local\Torch  =>PUP.Optional.Torch
MOVED folder: C:\Users\Guest\AppData\Local\Chromatic Browser  =>PUP.Optional.ChromaticBrowser
MOVED folder: C:\Users\Guest\AppData\Local\Torch  =>PUP.Optional.Torch


---\\  Registry ( Key, Value, Data) (14)
DELETED data: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{178F6E31-C398-402E-AC71-7DBF82FAF851}\\NameServer [bad : 199.203.131.145,82.163.143.167]  =>Hijacker.Browser
DELETED data: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA4CAD20-CBAD-471F-9F84-E16DB495FA06}\\NameServer [bad : 82.163.143.169,82.163.142.171]  =>Hijacker.Browser
DELETED key*: HKLM\SOFTWARE\Wow6432Node\Policies\Google\Update []  =>PUM.Security.Hijack
DELETED key*: [X64] HKLM\SOFTWARE\Classes\bitlordunfinishedfile [bitLord Incomplete Download File]  =>Toolbar.CompleteBar
DELETED key*: [X64] HKLM\SOFTWARE\Classes\bittorrent [bitLord File]  =>PUP.Optional.WhenUSave
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{5051b095-86fa-4569-8745-1b96d535240c} [DigiCooupOn]  =>PUP.Optional.Multiplug
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{5494c1f2-ba96-4824-94d7-53dfbb1d0f21} [CheapMe]  =>PUP.Optional.Multiplug
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{7ff0fc24-3bfd-40df-8701-b231f8378330} [MiniimmummPriice]  =>PUP.Optional.Multiplug
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{93824824-94bd-4b23-806c-fefb6fb7f3e0} [AAlllCheapPriaCe]  =>PUP.Optional.Multiplug
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\bitlord.exe [C:\Program Files (x86)\BitLord\BitLord.exe (Not File)]  =>Toolbar.CompleteBar
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\bitlord.exe [C:\Program Files (x86)\BitLord\BitLord.exe (Not File)]  =>Toolbar.CompleteBar
DELETED key*: [X64] HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b []  =>Hijacker.Browser
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{55D90B99-D2C5-43C8-AF02-10FB750A655C}C:\program files (x86)\bitlord\bitlord.exe [C:\program files (x86)\bitlord\bitlord.exe]  =>PUP.Optional.WhenUSave
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{654393BC-A4D9-4E83-97B1-DBCFC607255A}C:\program files (x86)\bitlord\bitlord.exe [C:\program files (x86)\bitlord\bitlord.exe]  =>PUP.Optional.WhenUSave


---\\ Result of repair
~ Repair carried out successfully


---\\ Statistics
~ Items scanned : 4159
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 36


~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-15092015-15_25_05.txt
ZHPCleaner--15092015-15_04_47.txt
ZHPCleaner--15092015-15_24_07.txt
 

ZHPCleaner.txt

Редактирано от stepan10 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

 

Лошото е, че гадината е обновила браузъра ви до версия за разработчици, където всички защитни механизми за свалени и дори след като го почистихме след време гадината пак ще си инсталира зловредните добавки.

 

CHR dev: Chrome dev build detected! <======= ATTENTION

 

Затова...решението е пълно деинсталиране на браузъра Google Chrome с GeekUninstaller и след това инсталирането на последната стабилна версия на браузъра.

 

Преди да го деинсталирате е добре да си запазите всички пароли и добавки ако имате такива.

 

Експортиране на отметки от Chrome:

  1. В горния десен ъгъл на прозореца на браузъра кликнете върху менюто на Chrome.
  2. Изберете Отметки > Диспечер на отметките.
  3. Кликнете върху менюто „Организиране“ в диспечера.
  4. Сега изберете Export bookmarks to HTML file.

Тук са даден инструкции след това как да ги импортнете обратно след преинсталацията на браузъра:

http://www.wikihow.c...rks-from-Chrome

 

За паролите вижте дали следния инструмент сработва:

http://www.intowindo...chrome-browser/

 

Сега вече деинсталирайте браузъра с GeekUninstaller по следния начин:

 

Изтеглете програмата GeekUninstaller и я запазете на десктопа.

Разархивирайте я и стартирайте файла geek.exe IxXO5oO.jpg
От списъка намерете Google Chrome (примера е за Mozilla Firefox, но това е просто за показно).

Кликнете с десен бутон върху програмата и изберете Uninstall
 
XhV2QLa.png
 
След края на инсталацията ще се отвори прозорец подканващ ви да премахнете всички остатъци от програмата (ако има такива, ако няма този прозорец няма да се появи):
 
Пример за Mozilla браузъра:

 

geekuninstaller-3.png

Натиснете бутона Finish за да изтриете останките от програмата.

 

След това вече изтеглете и инсталирайте последната стабилна версия на Google Chrome оттук => Google Chrome 45.0.2454.85 Stable

 

След това направете нова проверка с FRST като сложите отметка пред Addition.txt и прикачете новите два лог файла в следващия си коментар.

 

 

Поздрави!

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте.

 

Google Chrome не съм го инсталирал, дава грешка при стартиране на инсталацията, ще мина и без него.

FRST.txt

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ще оправим и Google Chrome...

 

Изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by RRR (2015-09-16 10:18:56) Run:1
Running from C:\Users\RRR\Desktop\New folder (2)
Loaded Profiles: RRR (Available Profiles: RRR)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
CMD: Dir /b c:\*Google* /s
reg: reg query HKCU\SOFTWARE\Google
reg: reg query "HKCU\SOFTWARE\Google\Update\Clients" /s
reg: reg query "HKCU\SOFTWARE\Google\Update\ClientState" /s
reg: reg query HKLM\SOFTWARE\Google
reg: reg query HKLM\SOFTWARE\Wow6432Node\Google
reg: reg query "HKLM\SOFTWARE\Google\Update\Clients" /s
reg: reg query "HKLM\SOFTWARE\Google\Update\ClientState" /s
reg: reg query "HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients" /s
reg: reg query "HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState" /s
end
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value removed successfully

=========  Dir /b c:\*Google* /s =========

c:\AdwCleaner\Quarantine\C\Users\RRR\AppData\Local\Google
c:\Program Files (x86)\Google
c:\Program Files (x86)\Share on Google Plus
c:\Program Files (x86)\Google\Google Earth
c:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
c:\Program Files (x86)\Google\Google Earth\client\googleearth.exe.local
c:\Program Files (x86)\Google\Google Earth\client\google_earth.ico
c:\Program Files (x86)\Google\Google Earth\client\res\google_earth_splash.png
c:\Program Files (x86)\Google\Google Earth\client\res\ko.locale\google_earth_splash.png
c:\Program Files (x86)\Google\Google Earth\client\res\ru.locale\google_earth_splash.png
c:\Program Files (x86)\Google\Google Earth\client\res\zh-Hans.locale\google_earth_splash.png
c:\Program Files (x86)\Google\Google Earth\client\res\zh-Hant.locale\google_earth_splash.png
c:\Program Files (x86)\Google\Google Earth\plugin\googleearth.exe.local
c:\Program Files (x86)\Google\Google Earth\plugin\google_earth.ico
c:\Program Files (x86)\Google\Google Earth\plugin\res\google_earth_splash.png
c:\Program Files (x86)\Google\Update\GoogleGGupdate.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdate.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateHelper.msi
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
c:\Program Files (x86)\Google\Update�\GoogleUpdate.exe
c:\Program Files (x86)\Google\Update�\1.3.25.5\GoogleCrashHandler.exe
c:\Program Files (x86)\Google\Update�\1.3.25.5\GoogleCrashHandler64.exe
c:\Program Files (x86)\Google\Update�\1.3.25.5\GoogleUpdate.exe
c:\Program Files (x86)\Google\Update�\1.3.25.5\GoogleUpdateBroker.exe
c:\Program Files (x86)\Google\Update�\1.3.25.5\GoogleUpdateComRegisterShell64.exe
c:\Program Files (x86)\Google\Update�\1.3.25.5\GoogleUpdateHelper.msi
c:\Program Files (x86)\Google\Update�\1.3.25.5\GoogleUpdateOnDemand.exe
c:\Program Files (x86)\Google\Update�\1.3.25.5\GoogleUpdateSetup.exe
c:\Program Files (x86)\Google\Update�\1.3.25.5\npGoogleUpdate3.dll
c:\Program Files (x86)\Google\Update�\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.5\GoogleUpdateSetup.exe
c:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\google.xml
c:\Program Files (x86)\Share on Google Plus\Share on Google Plus.dat
c:\Program Files (x86)\VideoLAN\VLC\lua\meta\art\01_googleimage.luac
c:\Program Files (x86)\VideoLAN\VLC\lua\playlist\googlevideo.luac
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google ����.lnk
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth .lnk
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\����࠭� �� Google ���� � DirectX ०��.lnk
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\����࠭� �� Google ���� � OpenGL ०��.lnk
c:\Users\Administrator\AppData\Local\Google
c:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Google Earth
c:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Google Earth\Google ����.lnk
c:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth .lnk
c:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Google Earth\����࠭� �� Google ���� � DirectX ०��.lnk
c:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Google Earth\����࠭� �� Google ���� � OpenGL ०��.lnk
c:\Users\Guest\AppData\Local\Google
c:\Users\Public\Desktop\Google ����.lnk
c:\Users\RRR\AppData\Local\Google
c:\Users\RRR\AppData\Local\Google\Custom Buttons\toolbar.google.com_MXE8GT6B9RBHXCGLZ06L.xml
c:\Users\RRR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25OIUGWK\google-plus[1].jpg
c:\Users\RRR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\559IHO4I\google-plus[1].png
c:\Users\RRR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T41N1SP4\google-plus[1].jpg
c:\Users\RRR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA29W88H\google-plus[1].png
c:\Users\RRR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA29W88H\google-plus[3].png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\accounts.google.com.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\books.google.bg.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fbooks.google.bg%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fimages.google.bg%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fmaps.google.bg%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fpicasaweb.google.com%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fgoogle%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Ftranslate.google.bg%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.google.bg%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.google.com%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.google.com%2Fs2%2Ffavicons%3Fdomain=freepornsit.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\https%3A%2F%2Faccounts.google.com%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\https%3A%2F%2Fsupport.google.com%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\https%3A%2F%2Ftranslate.google.bg%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\https%3A%2F%2Ftranslate.google.com%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\https%3A%2F%2Fwww.google.bg%2Fimages%2Fbranding%2Fproduct%2Fico%2Fgoogleg_lodp.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\https%3A%2F%2Fwww.google.com%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\https%3A%2F%2Fwww.google.com%2Fimages%2Ficons%2Fproduct%2Fsites-16.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\https%3A%2F%2Fwww.google.com.mx%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\images.google.bg.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\maps.google.bg.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\maps.google.ca.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\maps.google.com.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\picasaweb.google.com.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\plus.google.com.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\sites.google.com.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\support.google.com.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\translate.google.bg.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\translate.google.com.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\www.google.bg.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\www.google.com.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\www.google.com.mx.idx
c:\Users\RRR\AppData\Local\Temp\GUM68D0.tmp\GoogleUpdateSetup.exe
c:\Users\RRR\AppData\LocalLow\Google
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_1050_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_360cities64_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_3d_buildings_new_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_blue_star_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_census_new_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_city_capital_star.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_city_major.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_flag64_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_generic_poi_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_lil_earth_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_ocean_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_panoramioclustered64_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_panoramio_cluster_n1.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_panoramio_cluster_n2.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_panoramio_cluster_n3.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_panoramio_photo_square_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_park-15.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_roads_legend_l.png
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7L4J33E8\googleads.g.doubleclick[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7L4J33E8\plus.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7L4J33E8\tpc.googlesyndication[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7L4J33E8\www.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\AHURWFCW\googleads.g.doubleclick[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\AHURWFCW\plus.googleapis[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\AHURWFCW\www.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\AX7OCEZD\play.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\AX7OCEZD\translate.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CQETTWM0\translate.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CQETTWM0\translate.google[2].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\HPMSKKNY\googleads.g.doubleclick[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\HPMSKKNY\plus.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\HPMSKKNY\translate.googleusercontent[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\HPMSKKNY\translate.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\HPMSKKNY\www.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\MMNMP0FE\googleads.g.doubleclick[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\MMNMP0FE\www.google[1].xml
c:\Users\RRR\AppData\Roaming\ACEStream\player\lua\meta\art\01_googleimage.luac
c:\Users\RRR\AppData\Roaming\ACEStream\player\lua\playlist\googlevideo.luac
c:\Users\RRR\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_www.google.bg_0.localstorage
c:\Users\RRR\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_www.google.bg_0.localstorage-journal
c:\Windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
c:\Windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google

========= End of CMD: =========


========= reg query HKCU\SOFTWARE\Google =========


HKEY_CURRENT_USER\SOFTWARE\Google\Common
HKEY_CURRENT_USER\SOFTWARE\Google\GECommonSettings
HKEY_CURRENT_USER\SOFTWARE\Google\Google Earth Plus
HKEY_CURRENT_USER\SOFTWARE\Google\Software Removal Tool
HKEY_CURRENT_USER\SOFTWARE\Google\Update


========= End of Reg: =========


========= reg query "HKCU\SOFTWARE\Google\Update\Clients" /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg query "HKCU\SOFTWARE\Google\Update\ClientState" /s =========


HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
    dr    REG_SZ    1

HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
    dr    REG_SZ    1
    lastrun    REG_SZ    13084053209466234



========= End of Reg: =========


========= reg query HKLM\SOFTWARE\Google =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg query HKLM\SOFTWARE\Wow6432Node\Google =========


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\GoogleEarthPlugin
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\NavClient
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\No Chrome Offer Until
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update


========= End of Reg: =========


========= reg query "HKLM\SOFTWARE\Google\Update\Clients" /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg query "HKLM\SOFTWARE\Google\Update\ClientState" /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg query "HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients" /s =========


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
    pv    REG_SZ    1.3.26.9
    name    REG_SZ    Google ЂЄвг «Ё§ жЁп



========= End of Reg: =========


========= reg query "HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState" /s =========


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
    pv    REG_SZ    1.3.26.9
    brand    REG_SZ    IHCB
    InstallTime    REG_DWORD    0x53f1eb57
    DayOfInstall    REG_DWORD    0xae2
    DayOfLastActivity    REG_DWORD    0xffffffff
    DayOfLastRollCall    REG_DWORD    0xb26
    experiment_labels    REG_SZ    omaha=long_tail_update|Thu, 21 Aug 2014 02:55:20 GMT
    RollCallDayStartSec    REG_DWORD    0x544b4a82
    LastCheckSuccess    REG_DWORD    0x544b5d31
    UpdateTime    REG_DWORD    0x544178ad

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\CurrentState
    StateValue    REG_DWORD    0x10

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
    UninstallArguments    REG_SZ     --uninstall --multi-install --msi --system-level --verbose-logging
    brand    REG_SZ    IHCB
    ap    REG_SZ    2.0-dev-multi
    pv    REG_SZ    38.0.2125.104
    ActivePingDayStartSec    REG_DWORD    0x5449f902
    RollCallDayStartSec    REG_DWORD    0x544b4a82
    DayOfLastActivity    REG_DWORD    0xb25
    DayOfLastRollCall    REG_DWORD    0xb26
    LastCheckSuccess    REG_DWORD    0x544b5d31
    UpdateTime    REG_DWORD    0x5447a164
    LastInstallerResult    REG_DWORD    0x0
    LastInstallerError    REG_DWORD    0x2
    msi    REG_DWORD    0x0
    InstallerResult    REG_DWORD    0x0
    InstallerError    REG_DWORD    0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\CurrentState
    StateValue    REG_DWORD    0x10

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
    brand    REG_SZ    IHCB
    InstallTime    REG_DWORD    0x53f1eb59
    DayOfInstall    REG_DWORD    0xae2
    DayOfLastActivity    REG_DWORD    0xb25
    DayOfLastRollCall    REG_DWORD    0xb26
    UninstallArguments    REG_SZ     --uninstall --multi-install --chrome --msi --system-level --verbose-logging
    pv    REG_SZ    44.0.2403.155
    LastCheckSuccess    REG_DWORD    0x55ce3d87
    ActivePingDayStartSec    REG_DWORD    0x5449f902
    RollCallDayStartSec    REG_DWORD    0x544b4a82
    experiment_labels    REG_SZ    CrVar1=3312701|Mon, 01 Aug 2016 12:06:44 GMT;CrVar2=3300143|Wed, 15 Jun 2016 11:29:49 GMT;CrVar3=3300029|Wed, 15 Jun 2016 11:29:49 GMT;CrVar4=3300120|Wed, 15 Jun 2016 11:29:49 GMT;CrVar5=3300132|Wed, 15 Jun 2016 11:29:49 GMT;CrVar6=3300108|Wed, 15 Jun 2016 11:29:49 GMT;CrVar7=3300135|Wed, 15 Jun 2016 11:29:49 GMT
    msi    REG_DWORD    0x0
    ap    REG_SZ    2.0-dev-multi-chrome
    LastInstallerResult    REG_DWORD    0x0
    LastInstallerError    REG_DWORD    0x2
    usagestats    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
    StateValue    REG_DWORD    0xe
    DownloadTimeRemainingMs    REG_DWORD    0xffffffff
    DownloadProgressPercent    REG_DWORD    0x0
    InstallTimeRemainingMs    REG_DWORD    0x0
    InstallProgressPercent    REG_DWORD    0x64

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}
    pv    REG_SZ    38.0.2125.104
    RollCallDayStartSec    REG_DWORD    0x544b4a82
    DayOfLastRollCall    REG_DWORD    0xb26

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}\CurrentState
    StateValue    REG_DWORD    0x11



========= End of Reg: =========


==== End of Fixlog 10:22:00 ====

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

След това пробвайте да инсталирате отново Google Chrome.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ето лог файла:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by RRR (2015-09-16 12:12:33) Run:2
Running from C:\Users\RRR\Desktop\New folder (2)
Loaded Profiles: RRR (Available Profiles: RRR)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
end
*****************

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D} => key removed successfully

==== End of Fixlog 12:12:33 ====

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

След като вече сме премахнали ключовете в регистрите просто го деинсталирайте отново и след това го преинсталирайте.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Преинсталирах го и си чакам вече 15 мин. да зареди след поредния блокаж, явно ще бъде изключен по грубия начин за пореден път.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Нека да стои така. Не сме свършили с почистването така или иначе.

 

Изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

 

Сега за да продължим с почистването следвайте следните стъпки:

 

 

СТЪПКА 1

 

  • Изтеглете и стартирайтe последната версия на 6sv1DN9.jpgAdwCleaner.exe..
  • Натиснете бутона Scan.
  • AdwCleaner ще започне да проверява компютъра.
  • След като проверката приключи натиснете бутона Clean.
  • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
  • Ще се появи автоматично лог файл с името (AdwCleaner[s0].txt) в C:\Adwcleaner
  • Публикувайте съдържанието му в следващия си коментар.

 

 

СТЪПКА 2

 

 

Моля изтеглете icon1351185104.png Junkware Removal Tool на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

 

СТЪПКА 3

 

 

Направете нова проверка с FRST като се уверите, че има отметка пред Addition.txt преди да натиснете бутона SCAN.

Прикачете новите два лог файла - FRST.txt и Addition.txt в следващия си коментар.

 

 

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Лог файла:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by RRR (2015-09-16 21:02:09) Run:3
Running from C:\Users\RRR\Desktop\FRST-OlderVersion
Loaded Profiles: RRR (Available Profiles: RRR)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
OPR Extension: (No Name) - C:\Users\RRR\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-02-27]
2015-08-28 14:05 - 2015-06-01 08:44 - 00000000 ____D C:\Program Files (x86)\Omnifinder
2015-06-23 08:55 - 2015-08-01 13:57 - 0000020 _____ () C:\Users\RRR\AppData\Roaming\appdataFr2.bin
2015-06-15 14:29 - 2015-07-03 12:47 - 0000024 _____ () C:\Users\RRR\AppData\Roaming\appdataFr25.bin
Task: {1C7C436F-B485-437A-92A5-669FA1451B92} - \DNSWETHERSFIELD -> No File <==== ATTENTION
Task: {DD133C23-348B-4E41-93C7-675D29B85B5A} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{716405bc-1f38-db87-7164-405bc1f316f0}\hqghumeaylnlf.exe <==== ATTENTION
c:\programdata\{716405bc-1f38-db87-7164-405bc1f316f0}
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
C:\Users\RRR\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim => moved successfully
C:\Program Files (x86)\Omnifinder => moved successfully
C:\Users\RRR\AppData\Roaming\appdataFr2.bin => moved successfully
C:\Users\RRR\AppData\Roaming\appdataFr25.bin => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1C7C436F-B485-437A-92A5-669FA1451B92}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C7C436F-B485-437A-92A5-669FA1451B92}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSWETHERSFIELD" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD133C23-348B-4E41-93C7-675D29B85B5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD133C23-348B-4E41-93C7-675D29B85B5A}" => key removed successfully
C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6] => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[8da6]" => key removed successfully
"c:\programdata\{716405bc-1f38-db87-7164-405bc1f316f0}" => File/Folder not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {647D83BB-8F7D-4C6D-8D36-ED1EBCA3D75E}.
Unable to cancel {7D84FF2C-827B-4F45-A510-688EE1E1F737}.
Unable to cancel {B722E082-4326-4BD9-8912-001E420CECFA}.
0 out of 3 jobs canceled.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 9.7 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 21:04:37 ====

 

 

 

СТЪПКА 1

 

# AdwCleaner v5.007 - Logfile created 16/09/2015 at 21:23:11
# Updated 08/09/2015 by Xplode
# Database : 2015-09-15.1 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : RRR - RRR-PC
# Running from : C:\Users\RRR\Desktop\adwcleaner_5.007.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\RRR\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iajffemldkkhodaedkcpnbpfabiglmdi
[!] Folder Not Deleted : C:\Users\RRR\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iajffemldkkhodaedkcpnbpfabiglmdi
[!] Folder Not Deleted : C:\Users\RRR\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iajffemldkkhodaedkcpnbpfabiglmdi
[-] Folder Deleted : C:\Users\RRR\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iajffemldkkhodaedkcpnbpfabiglmdi
[!] Folder Not Deleted : C:\Users\RRR\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iajffemldkkhodaedkcpnbpfabiglmdi
[!] Folder Not Deleted : C:\Users\RRR\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iajffemldkkhodaedkcpnbpfabiglmdi

***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: Winsock sеttings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1399 bytes] ##########
 


СТЪПКА 2

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 7 Home Premium x64
Ran by RRR on 16/09/2015 at 21:55:58.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] C:\Users\RRR\AppData\Roaming\acestream
Successfully deleted: [Folder] C:\Program Files (x86)\Do Not Disturb
Successfully deleted: [Folder] C:\Users\RRR\AppData\Roaming\.acestream
Successfully deleted: [Folder] C:\ProgramData\coinsavoe
Successfully deleted: [Folder] C:\ProgramData\onamlcnfmfdbihloidoehgdcoojflpgk



~~~ FireFox

Emptied folder: C:\Users\RRR\AppData\Roaming\mozilla\firefox\profiles\w3qckbrn.default\minidumps [4 files]



~~~ Chrome


[C:\Users\RRR\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\RRR\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\RRR\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\RRR\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/09/2015 at 21:59:30.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

СТЪПКА 3

 

 

FRST.txt

Addition.txt

Редактирано от stepan10 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Така, имаме напредък.

 

Изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

 

След това пишете как е положението.

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Лог файла:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by RRR (2015-09-16 23:44:47) Run:4
Running from C:\Users\RRR\Desktop\FRST-OlderVersion
Loaded Profiles: RRR (Available Profiles: RRR)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
HKLM-x32\...\Run: [NWEReboot] => [X]
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [AceStream] => C:\Users\RRR\AppData\Roaming\ACEStream\engine\ace_engine.exe
FF Plugin HKU\S-1-5-21-3352682033-4164677752-1323257766-1000: @acestream.net/acestreamplugin,version=2.1.5.3 -> C:\Users\RRR\AppData\Roaming\ACEStream\player\npace_plugin.dll No File
OPR Extension: (AS Magic Player) - C:\Users\RRR\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-09-16]
S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2015-09-16 21:38 - 2015-09-16 21:38 - 00000000 _____ C:\Users\RRR\AppData\Local\{2E533058-2966-48FA-BC98-B4DA2385E9E5}
2015-09-14 15:53 - 2015-09-14 15:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2A1F53E5.sys
2015-09-14 13:18 - 2015-09-14 13:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-14 12:38 - 2015-09-14 15:55 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-16 21:57 - 2013-08-17 17:02 - 00000000 ____D C:\Users\RRR\AppData\Roaming\ACEStream
2015-09-14 13:36 - 2015-06-08 17:01 - 00000000 ____D C:\Program Files (x86)\rikaikun
C:\Users\RRR\install_flashplayer15x32au_chra_dy_aaa_aih.exe
C:\Users\RRR\AppData\Local\Temp\sqlite3.dll
FirewallRules: [TCP Query User{AFA16D64-B9D3-4E76-BA6D-2A46A27E008D}C:\users\rrr\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\rrr\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [uDP Query User{B88C8446-6342-4AFA-8C2B-2BC43DC34570}C:\users\rrr\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\rrr\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{2F06F89F-62F5-4E2C-9FFD-57C41318737A}] => (Block) C:\users\rrr\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{5D849231-41C1-43C7-9A7F-444C57E4376E}] => (Block) C:\users\rrr\appdata\roaming\acestream\engine\ace_engine.exe
end
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NWEReboot => value removed successfully
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AceStream => value removed successfully
"HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.1.5.3" => key removed successfully
C:\Users\RRR\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found.
C:\Users\RRR\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim => moved successfully
hitmanpro37 => service removed successfully
InCDFs => service removed successfully
InCDPass => service removed successfully
InCDRm => service removed successfully
MBAMSwissArmy => service removed successfully
C:\Users\RRR\AppData\Local\{2E533058-2966-48FA-BC98-B4DA2385E9E5} => moved successfully
C:\Windows\system32\Drivers\2A1F53E5.sys => moved successfully
C:\ProgramData\Malwarebytes => moved successfully
C:\ProgramData\HitmanPro => moved successfully
C:\Users\RRR\AppData\Roaming\ACEStream => moved successfully
C:\Program Files (x86)\rikaikun => moved successfully
C:\Users\RRR\install_flashplayer15x32au_chra_dy_aaa_aih.exe => moved successfully
C:\Users\RRR\AppData\Local\Temp\sqlite3.dll => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AFA16D64-B9D3-4E76-BA6D-2A46A27E008D}C:\users\rrr\appdata\roaming\acestream\engine\ace_engine.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B88C8446-6342-4AFA-8C2B-2BC43DC34570}C:\users\rrr\appdata\roaming\acestream\engine\ace_engine.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2F06F89F-62F5-4E2C-9FFD-57C41318737A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D849231-41C1-43C7-9A7F-444C57E4376E} => value removed successfully

==== End of Fixlog 23:44:56 ====

 

 

 

 

Има напредък, за пръв път от 2 дена успя да се рестатрира сам, иначе Mozilla забива като го стартирам, а Google Chrome така и не е активен след много опити да го инсталирам.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

В какъв смисъл е успял да се рестартира сам? Това по-скоро прилича на хардуерен проблем и като гледам грешките от Event Viewer-a ще имаме доста работа и в тази насока.

И не разбрах последно Google Chrome инсталиран ли е или не? Деинсталирайте го отново с помощта на GeekUninstaller и почистете всички остатъци и след това инсталирайте браузъра от офлайн инсталатора му.

 

Също така направете и следното:

 

СТЪПКА 1

 

 

 

Проверете дяла и за грешки и лоши сектори и да поправим някои от проблемите с файловата система.

 

В полето за търсене CMD => кликнете върху файла CMD.exe и изберете Run as administrator => въведете командата: chkdsk c: /x /f /r => натиснете Enter

 

Съгласете се с Y на диалоговия прозорец. Рестартирайте компютъра и би трябвало проверката да започне.След това вижте какви са били резултатите.

 

Рапорта от проверката ще намерите тук: В полето за търсене въведете eventvwr.msc => Аpplications => събитие WinInit Event ID 1001. Kопирайте рапорта в следващия си пост.

 

Ето как да намерите лог файла.

 

 

 

СТЪПКА 2

 

 

 

В полето за търсене на Windows 8 въведете CMD => кликнете с десен бутон върху CMD.exe и изберете Run as administrator.

 

След това с копи/пейст изпълнете една по една командите и след всяка натиснете Enter

 

sfc /scannow

findstr /c:"[sR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

 

Сега трябва да се появи sfcdetails.txt на десктопа. Прикачете файла, който ще се появи на десктопа - sfcdetails.txt в следващия си коментар и пишете дали има промяна.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

СТЪПКА 1

 

Checking file system on E: The type of the file system is FAT32.
One of your disks needs to be checked for consistency.
You may cancel the disk check, but it is strongly recommended that you continue.
Windows will now check the disk. Volume Serial Number is 51A9-9BEA Windows has checked the file system and found no problems.
2093043712 bytes total disk space.
8192 bytes in 2 hidden files.
28672 bytes in 7 folders.
24211456 bytes in 41 files.
2068791296 bytes available on disk.
4096 bytes in each allocation unit.
510997 total allocation units on disk.
505076 allocation units available on disk.

 

 

Не съм сигурен дали това е правилният рапорт.

 

 

Относно СТЪПКА 2, след въвеждането на първата команда сканирането стигна до 71% и така си стои вече 2 часа.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Определено не е правилния рапорт...сканираме дял C:\, не дял E:\

Като цяло се чудя и защо сте оставили E:\ във FAT32, а не в NTFS, но както и да е.

 

Проверете и намерете правилния рапорт отнасящ се за дял C:\ В предните инструкции има линк с картинки към това как да се намери лог файла.

 

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Следвайки инструкциите, единственият рапорт сканирал C: и събитие WinInit Event ID 1001 е с дата от 01.08.

Ето го и него:

 

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x1786b.
Cleaning up instance tags for file 0x19141.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x54a6b3 for possibly 0x9 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x195d0 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 103888.
Cleaning up instance tags for file 0x2e4f2.
  220160 file records processed.                                          File verification completed.
  1078 large file records processed.                                      0 bad file records processed.                                        0 EA records processed.                                              44 reparse records processed.                                       CHKDSK is verifying indexes (stage 2 of 5)...
  295982 index entries processed.                                         Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
  1 unindexed files scanned.                                         Recovering orphaned file V010149B.log (103888) into directory file 84400.
  0 unindexed files recovered.                                       CHKDSK is verifying security descriptors (stage 3 of 5)...
  220160 file SDs/SIDs processed.                                         CHKDSK is compacting the security descriptor stream
Cleaning up 3797 unused security descriptors.
Inserting data attribute into file 103888.
  37913 data files processed.                                            CHKDSK is verifying Usn Journal...
  37494664 USN bytes processed.                                             Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  220144 files processed.                                                 File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  11134429 free clusters processed.                                         Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 123371516 KB total disk space.
  78392748 KB in 180449 files.
    112232 KB in 37915 indexes.
         4 KB in bad sectors.
    328820 KB in use by the system.
     65536 KB occupied by the log file.
  44537712 KB available on disk.

      4096 bytes in each allocation unit.
  30842879 total allocation units on disk.
  11134428 allocation units available on disk.

Internal Info:
00 5c 03 00 07 55 03 00 9d 30 06 00 00 00 00 00  .\...U...0......
b9 03 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  ....,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Значи не сте направили изобщо инструкции както трябва...сега сме 18.09...

 

Ако с командата ви е трудно просто отворете My Computer => кликнете с десен бутон на дял C:\ и изберете Properties => отидете на Tools => Check Now... => сложете двете отметки и натиснете бутона Start. Рестартирайте системата и изчакайте проветката да приключи (може да мине над час). След това проверете отново и публикувайте лог файла от последната дата.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  230144 file records processed.                                          File verification completed.
  1081 large file records processed.                                      0 bad file records processed.                                        0 EA records processed.                                              44 reparse records processed.                                       CHKDSK is verifying indexes (stage 2 of 5)...
  301386 index entries processed.                                         Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file tmp.edb (106026) into directory file 57586.
  2 unindexed files scanned.                                         Recovering orphaned file {72E8C~1 (163886) into directory file 22468.
Recovering orphaned file {72e8cd6b-17f5-466d-982e-ec79271773f5}_OnDiskSnapshotProp (163886) into directory file 22468.
  0 unindexed files recovered.                                       CHKDSK is verifying security descriptors (stage 3 of 5)...
  230144 file SDs/SIDs processed.                                         Cleaning up 735 unused index entries from index $SII of file 0x9.
Cleaning up 735 unused index entries from index $SDH of file 0x9.
Cleaning up 735 unused security descriptors.
CHKDSK is compacting the security descriptor stream
  35622 data files processed.                                            CHKDSK is verifying Usn Journal...
  36880472 USN bytes processed.                                             Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc00000b5 at offset 0x51e71000 for 0x10000 bytes.
Read failure with status 0xc00000b5 at offset 0x51e80000 for 0x1000 bytes.
Windows replaced bad clusters in file 215798
of name \Windows\winsxs\WO08D5~1.175\EXPLOR~1.DLL.
  230128 files processed.                                                 File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  13883503 free clusters processed.                                         Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 123371516 KB total disk space.
  67385948 KB in 176223 files.
    113588 KB in 35625 indexes.
         8 KB in bad sectors.
    337960 KB in use by the system.
     65536 KB occupied by the log file.
  55534012 KB available on disk.

      4096 bytes in each allocation unit.
  30842879 total allocation units on disk.
  13883503 allocation units available on disk.

Internal Info:
00 83 03 00 92 3b 03 00 10 1c 06 00 00 00 00 00  .....;..........
ce 03 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  ....,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от kalinm
      Здравейте,
      Имам проблем с JRT и AdwCleaner. Имам ги и двете, но не могат да се стартират. Като щракна в папката на AdwCleaner, се затваря файловия мениджър (експлорер) и не мога да достигна до .ехе файла. Същото се случва и когато отида на страницата за изтегляне на AdwCleaner. Явно имам някаква зараза. Това се случи, след сваляне на една програма  и се накачиха вируси, които засече Windows Defender и уж ги изчисти, но това остана като проблем.
      Промени се и началната страница за зареждане на мозилата, но го оправих. Дори текстов файл, в заглавието на който има име AdwCleaner не се отворя. По някакъв начин един път успях да отворя програмата AdwCleaner и сканирам компа, която откри доста неща, които  видях в лог файла след сканирането, че са премахнати и докато се наканих да го запаша в друга директория, той се затвори и се е записал в папката на AdwCleaner, която не мога да отворя. Добре че първия текстов лог файл при първоначалното сканиране записах какво е открил, но го преименувах с име промяна.txt , защото с име AdwCleaner(...).тхт не се отваря. Прикачвам го.
      JRT уж се стартира, но приключва без видимо стартиране.
      Въпросът ми е, може ли да ми помогнете с решаването на този проблем.
      За всеки случай, моят Е-майл: kalinm@gbg.bg. Използвам лицензиран Windows 10 Home, който актуализирах да последната версия 1803 на 7 май.
      Интересното е, че и точките за възстановяване на системата ги няма. Все едно че тази опция не е избирана, т.е. казва ми да включа опцията за възстановяване. А беше включена...
      Дефендера казва, че няма вируси, но явно има нещо много нередно.
      А не ми се иска да преинсталирам
      В момента не разполагам с компакт диск за операционната система WINDOWS 10 Home 64 bit for OEM версия 1511, тъй като съм в друго населено място. Имам диск дори и втори, който създадох миналата година с по-новата версия  1607, но не са при мен, но разполагам с  Регистрационния 25-знаков продуктов ключ. Сега съм с Windows 10 Home последната версия 1803, който обнових, но след заразата.
    • от Rustislav Petrov
      Здравейте, от някакво време забелязвам, че компютърът ми започва да се натоварва и вентилаторите бучат по-силно като го оставя да стои без да го пипам да кажем след около 30 мин, също някой път много ми забива, отварям си Task Manager-а и най-натоварващата програма откъм диск и рам е мозилата, която със отворен 1 таб на ютюб и 1 таб facebook ми точи около 3гб рам(което мисля че е твърде много)
      Addition.txt
      FRST.txt
    • от v3cko
      Здравейте , напоследък много често през хром ми дава че е засечен необичаен трафик и да потвърдя че не съм робот
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.04.2018
      Ran by USER (administrator) on NB4-031017 (04-05-2018 10:28:50)
      Running from C:\Users\USER\Downloads
      Loaded Profiles: USER (Available Profiles: USER)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Английски (Съединени щати)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Hewlett-Packard) C:\Windows\System32\hpservice.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
      (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
      (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
      (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
      (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
      (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      (Skillbrains) C:\Program Files\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
      () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
      HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
      HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-14] (Synaptics Incorporated)
      HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)
      HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
      HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-06-29] (Adobe Systems Incorporated)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-05] (AVAST Software)
      HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
      Winlogon\Notify\ScCertProp: wlnotify.dll [X]
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: G - G:\Lenovo_Suite.exe
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: {2266d480-0128-11e8-9d2e-002713343a56} - G:\Lenovo_Suite.exe
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: {b041fd1c-4532-11e8-ad0d-f4ce46ad0471} - G:\HiSuiteDownLoader.exe
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-10-03]
      ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{536A229A-CF6B-40F3-A422-B91758B05919}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{B985E446-CCC9-4317-97EE-CC040A2A18B2}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.bg/
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
      FireFox:
      ========
      FF ProfilePath: C:\Users\USER\AppData\Roaming\K-Meleon\y7sqykvz.default [2018-05-04]
      FF user.js: detected! => C:\Users\USER\AppData\Roaming\K-Meleon\y7sqykvz.default\user.js [2006-04-06]
      FF Homepage: K-Meleon\y7sqykvz.default -> google.bg
      FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-12] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
      FF Plugin: @photodex.com/PhotodexPresenter -> C:\Program Files\Photodex Presenter\npPxPlay.dll [No File]
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-24] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-24] (Google Inc.)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
      Chrome: 
      =======
      CHR HomePage: Default -> hxxp://google.bg/
      CHR StartupUrls: Default -> "hxxps://www.google.bg/"
      CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2018-05-04]
      CHR Extension: (Презентации) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-24]
      CHR Extension: (Документи) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-24]
      CHR Extension: (Google Диск) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-03]
      CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-03]
      CHR Extension: (Chrome Cleaner Pro) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2018-04-20]
      CHR Extension: (Adblock Plus) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27]
      CHR Extension: (Таблици) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-24]
      CHR Extension: (Google Документи офлайн) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-03]
      CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-04-07]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
      CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-03]
      CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02]
      CHR HKLM\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-05] (AVAST Software)
      S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
      S4 ScsiAccess; C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 AIDA64Driver; D:\_Install\AIDA64 Extreme Edition 5.80.4000\kerneld.x32 [44176 2016-10-24] ()
      R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-04-05] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-04-05] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-04-12] (AVAST Software)
      R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100544 2018-04-05] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-04-05] (AVAST Software)
      R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783600 2018-04-05] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-04-05] (AVAST Software)
      R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-04-05] (AVAST Software)
      R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-04-05] (AVAST Software)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2017-10-03] (Disc Soft Ltd)
      S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
      R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [27872 2017-01-11] (LogMeIn, Inc.)
      R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
      R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1805872 2009-07-01] ()
      S4 LMIRfsClientNP; no ImagePath
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-05-04 10:28 - 2018-05-04 10:29 - 000012608 _____ C:\Users\USER\Downloads\FRST.txt
      2018-05-04 10:28 - 2018-05-04 10:28 - 002066432 _____ (Farbar) C:\Users\USER\Downloads\FRST.exe
      2018-05-04 10:28 - 2018-05-04 10:28 - 000000000 ____D C:\FRST
      2018-05-04 00:41 - 2018-05-04 10:00 - 000000000 ____D C:\Users\USER\AppData\Local\Puffin
      2018-05-04 00:41 - 2018-05-04 00:41 - 000000937 _____ C:\Users\Public\Desktop\Puffin.lnk
      2018-05-04 00:41 - 2018-05-04 00:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puffin Browser
      2018-05-04 00:40 - 2018-05-04 00:41 - 000000000 ____D C:\Program Files\Puffin
      2018-05-03 22:47 - 2018-05-03 22:51 - 068539808 _____ (CloudMosa, Inc. ) C:\Users\USER\Downloads\PuffinBetaSetup.exe
      2018-05-02 21:46 - 2018-05-02 21:46 - 000218295 _____ C:\Users\USER\Downloads\14415951001_20180501_1245790475.pdf
      2018-05-02 16:25 - 2018-05-02 16:25 - 000408064 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-05-02 01:17 - 2018-05-02 01:17 - 000109280 _____ C:\Users\USER\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-05-02 01:11 - 2018-05-02 01:11 - 000001264 _____ C:\Users\Public\Desktop\Skype.lnk
      2018-05-02 01:11 - 2018-05-02 01:11 - 000000000 ____D C:\Users\USER\AppData\Roaming\Skype
      2018-05-02 01:11 - 2018-05-02 01:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      2018-05-02 01:09 - 2018-05-02 01:11 - 018529206 _____ (Skype Technologies S.A.) C:\Users\USER\Downloads\Непотвърдено 702826.crdownload
      2018-05-02 01:09 - 2018-05-02 01:10 - 062741696 _____ (Skype Technologies S.A.) C:\Users\USER\Downloads\Skype-8.20.0.9.exe
      2018-04-28 12:22 - 2018-04-28 12:22 - 000001194 _____ C:\Users\Public\Desktop\Easy2Convert JPG to DDS.lnk
      2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\Users\USER\AppData\Roaming\Easy2Convert
      2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy2Convert Software
      2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\Program Files\Easy2Convert Software
      2018-04-28 12:20 - 2018-04-28 12:20 - 003340649 _____ (Easy2Convert Software ) C:\Users\USER\Downloads\jpg2dds.exe
      2018-04-28 12:18 - 2018-04-28 12:18 - 000162944 _____ C:\Users\USER\Downloads\XRG_Nikaz_Sport_R34.dds
      2018-04-28 06:02 - 2018-04-28 06:02 - 000029105 _____ C:\Users\USER\Downloads\XRGT_Alloy2.7z
      2018-04-28 05:35 - 2018-04-28 05:35 - 000000132 _____ C:\Users\USER\Downloads\XRG_BL1_HL_133550.set
      2018-04-28 05:24 - 2018-04-28 05:24 - 000000132 _____ C:\Users\USER\Downloads\XRG_BL1_HL_132690.set
      2018-04-27 20:03 - 2018-04-27 20:03 - 000417869 _____ C:\Users\USER\Downloads\mustang-sport.rar
      2018-04-27 20:02 - 2018-04-27 20:02 - 000474539 _____ C:\Users\USER\Downloads\Непотвърдено 315132.crdownload
      2018-04-27 20:02 - 2018-04-27 20:02 - 000474539 _____ C:\Users\USER\Downloads\Непотвърдено 122074.crdownload
      2018-04-21 23:38 - 2018-04-23 18:54 - 006268764 _____ C:\Users\USER\Documents\NB4-031017.arn
      2018-04-21 23:32 - 2018-04-21 23:32 - 000735888 _____ (Sysinternals - www.sysinternals.com) C:\Users\USER\Downloads\autoruns.exe
      2018-04-21 15:16 - 2017-06-30 11:30 - 000002111 _____ C:\Users\USER\Documents\XFG.cfg_v2
      2018-04-21 15:16 - 2016-01-20 10:53 - 000001528 _____ C:\Users\USER\Documents\XFG.cfg
      2018-04-21 14:38 - 2018-04-21 14:39 - 012258354 _____ C:\Users\USER\Downloads\BMW_M4_14 LB BY MARK.rar
      2018-04-21 11:28 - 2018-04-21 11:28 - 000012006 _____ C:\Users\USER\Downloads\DiscATEST.zip
      2018-04-20 19:08 - 2018-04-20 19:09 - 000000782 _____ C:\DelFix.txt
      2018-04-20 18:10 - 2018-04-20 18:10 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-04-20 18:10 - 2018-03-19 12:57 - 000058656 _____ C:\Windows\system32\Drivers\mbae.sys
      2018-04-20 18:08 - 2018-04-20 18:09 - 073430920 _____ (Malwarebytes ) C:\Users\USER\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4792.exe
      2018-04-14 19:26 - 2018-04-14 19:26 - 001254569 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R12.exe
      2018-04-13 21:28 - 2018-04-13 21:28 - 000001704 _____ C:\Users\USER\Documents\1.txt
      2018-04-09 23:16 - 2018-04-09 23:16 - 001018015 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R11.exe
      2018-04-09 10:31 - 2018-04-09 10:31 - 000000000 ____D C:\Users\USER\AppData\Roaming\Nero
      2018-04-09 07:37 - 2018-04-09 07:37 - 000972765 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R10.exe
      2018-04-07 15:06 - 2018-04-08 07:53 - 000000000 ____D C:\Users\USER\Documents\My Games
      2018-04-07 15:05 - 2018-04-07 15:05 - 000000000 ____D C:\Users\USER\AppData\Roaming\Microsoft Games
      2018-04-07 15:03 - 2018-04-07 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
      2018-04-07 06:57 - 2018-04-07 06:57 - 000974910 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R9.exe
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000413 _____ C:\Users\USER\AppData\Local\UserProducts.xml
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000000 ____D C:\Program Files\Skillbrains
      2018-04-07 06:54 - 2018-04-07 06:54 - 002731128 _____ (Skillbrains ) C:\Users\USER\Downloads\setup-lightshot.exe
      2018-04-06 10:36 - 2018-04-06 10:36 - 000974764 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R8.exe
      2018-04-06 09:51 - 2018-04-06 09:51 - 003148854 _____ C:\Users\USER\Downloads\cheats.bmp
      2018-04-05 10:06 - 2018-04-05 10:06 - 000320728 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-05-04 07:45 - 2018-01-24 22:57 - 000000000 ____D C:\LFS
      2018-05-04 00:41 - 2018-02-26 19:19 - 000000000 ____D C:\Users\USER\AppData\Local\CrashDumps
      2018-05-03 16:48 - 2017-10-03 14:33 - 000000277 _____ C:\ProgramData\HPWALog.txt
      2018-05-03 16:30 - 2009-07-14 07:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-05-03 16:30 - 2009-07-14 07:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-05-03 16:22 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-05-02 17:32 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\NDF
      2018-05-02 16:31 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-05-02 16:31 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-05-02 03:27 - 2017-10-03 14:10 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-05-02 03:27 - 2017-10-03 14:10 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-05-01 16:43 - 2018-03-10 17:08 - 000000000 ____D C:\Users\USER\AppData\Local\PrivaZer
      2018-04-20 11:34 - 2009-07-14 07:53 - 000032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2018-04-15 14:58 - 2017-10-03 15:09 - 000000000 ____D C:\Users\USER\AppData\Roaming\MPC-HC
      2018-04-12 22:07 - 2017-10-03 16:08 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2018-04-10 22:02 - 2017-10-03 14:07 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-04-10 22:02 - 2017-10-03 14:07 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-04-10 22:02 - 2017-10-03 14:07 - 000000000 ____D C:\Windows\system32\Macromed
      2018-04-07 14:08 - 2018-03-23 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Producer
      2018-04-05 10:06 - 2018-01-24 20:07 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000783600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000152344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000100544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      ==================== Files in the root of some directories =======
      2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\AtStart.txt
      2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\DSwitch.txt
      2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\QSwitch.txt
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000003 _____ () C:\Users\USER\AppData\Local\updater.log
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000413 _____ () C:\Users\USER\AppData\Local\UserProducts.xml
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-04-28 21:03
      ==================== End of FRST.txt ============================
      Addition.txt
    • от mamasve
      Здравейте , 
      имам вирус на компютъра , който постоянно ми инсталира икона на десктопа Panda viewer и когато отворя който и да е браузър започва да ме пренасочва към всевъзможни сайтове и практически не мога да си ползвам компа вече . Помощ , моля ! 
    • от AHybuC
      Здравейте!
      От тази сутрин не съм способен нормално да стартирам компютъра си. Веднага щом зареди Windows-a, появява се прозорче, в което пише "Windows has encountered a critical problem and will restart automatically in one minute" и както съобщението гласи, след една минута се рестартирва компютъра. Понякога дори се появява директно синия екран, още преди да е успял да зареди Windows-a, с код на грешката 0x000000F4. Направих пълно сканиране с Malwarebytes и Kaspersky Rescue CD 10, отстраниха проблемите, които откриха, но проблемът с рестартирването е все още присъстващ. Редно е да спомена, че в Safe Mode не изпитвам автоматични рестартирвания. Също така, премахнах отметката от Startup and Recovery -> System Failure -> Automatically Restart, но продължават да са налични рестартирванията, само че отметката я бях премахнал, докато бях в Safe Mode. Не знам дали това е от значение, но все пак исках да спомена това.
       
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15.04.2018
      Ran by IvailoCOMP (administrator) on IVAILOCOMP-PC (18-04-2018 19:02:33)
      Running from C:\Users\IvailoCOMP\Desktop
      Loaded Profiles: IvailoCOMP (Available Profiles: IvailoCOMP)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
      Internet Explorer Version 11 (Default browser: FF)
      Boot Mode: Safe Mode (with Networking)
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
      (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [] => [X]
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\...\Policies\Explorer: [NoSMBalloonTip] 0
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\..\Interfaces\{1290CD49-798E-4B6B-9CB6-A0F176F07BD0}: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Internet Explorer:
      ==================
      BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
      BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-12] (Oracle Corporation)
      BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll => No File
      BHO: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)
      BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-12] (Oracle Corporation)
      BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
      Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
      FireFox:
      ========
      FF ProfilePath: C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default [2018-04-18]
      FF Homepage: Mozilla\Firefox\Profiles\qhtq97on.default -> google.bg
      FF NewTab: Mozilla\Firefox\Profiles\qhtq97on.default -> about:home
      FF Session Restore: Mozilla\Firefox\Profiles\qhtq97on.default -> is enabled.
      FF NewTabOverride: Mozilla\Firefox\Profiles\qhtq97on.default -> Enabled: newtaboverride@agenedia.com
      FF Extension: (Adblocker X) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\@adblock57.xpi [2018-04-11]
      FF Extension: (MEGA) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\firefox@mega.co.nz.xpi [2018-04-13]
      FF Extension: (UniverseView Extension) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\firefox@universeview.ext.xpi [2017-03-01]
      FF Extension: (h264ify) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\jid1-TSgSxBhncsPBWQ@jetpack.xpi [2017-08-03]
      FF Extension: (New Tab Override) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\newtaboverride@agenedia.com.xpi [2018-02-04]
      FF Extension: (Greasemonkey) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-03-17]
      FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\features\{15eba6de-45fd-4321-9dcb-85b0a795c148}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-08] [Legacy]
      FF SearchPlugin: C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\searchplugins\yahoo-lavasoft.xml [2016-07-21]
      FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
      FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-09-28] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-11] ()
      FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-12] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-12] (Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll [2017-03-22] (Nexon)
      FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
      FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
      FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll [No File]
      FF Plugin: @Webzen.com/NPBrowserExt -> C:\Program Files\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll [2012-03-27] (WEBZEN)
      FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
      FF Plugin HKU\S-1-5-21-1339006810-3010099187-1440784813-1001: @fancyguo.com/FancyGame,version=1.0.0.1 -> C:\Users\IvailoCOMP\AppData\Local\Fancy\npfancygame.dll [2015-05-10] (Hongfeng Hengyu (Beijing) Tech Ltd.)
      FF Plugin HKU\S-1-5-21-1339006810-3010099187-1440784813-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\IvailoCOMP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-13] (Unity Technologies ApS)
      FF Plugin HKU\S-1-5-21-1339006810-3010099187-1440784813-1001: xyzgl-plugin@xyz-soft.com -> C:\Program Files\Alfheim\npxyzgl.dll [2012-06-13] (XYZ-SOFT Inc.)
      Chrome:
      =======
      CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S2 CachemanService; C:\Program Files\Cacheman\CachemanServ.exe [210944 2009-05-16] (Outertech) [File not signed]
      S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [382504 2017-05-17] (EasyAntiCheat Ltd)
      S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1353720 2015-07-08] (ESET)
      S2 EslWireHelper; D:\Games\EslWire\service\WireHelperSvc.exe [614416 2014-01-28] ()
      S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [133632 2012-07-25] (Microsoft Corporation) [File not signed]
      S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [930240 2016-06-14] (NVIDIA Corporation)
      R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2283432 2017-06-29] (LogMeIn Inc.)
      S2 HiPatchService; D:\Program Files\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-11] (Hi-Rez Studios) [File not signed]
      S2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [405424 2016-05-27] (LogMeIn, Inc.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes)
      S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [239880 2016-03-11] (McAfee, Inc.)
      S3 npggsvc; C:\Windows\system32\GameMon.des [5284208 2013-10-30] (INCA Internet Co., Ltd.)
      S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
      S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2904000 2016-06-14] (NVIDIA Corporation)
      S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016704 2016-06-14] (NVIDIA Corporation)
      S2 OracleOraDb11g_home1TNSListener; D:\app\IvailoCOMP\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe [512000 2010-03-31] (Oracle Corporation) [File not signed]
      S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [1453384 2018-04-08] (Overwolf LTD)
      S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2014-10-13] ()
      S3 Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [94208 2012-07-25] (Microsoft Corporation) [File not signed]
      S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 1394hub; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
      S3 apf004; C:\Windows\system32\apf004.sys [15112 2015-02-14] ()
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-11-22] (DT Soft Ltd)
      S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202704 2015-07-14] (ESET)
      S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [144536 2015-07-14] (ESET)
      S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [132152 2015-07-14] (ESET)
      R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [31008 2015-02-12] (<Turtle Entertainment>)
      S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [42496 2007-05-15] (Eugene V. Muzychenko) [File not signed]
      R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [167656 2018-04-18] (Malwarebytes)
      S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40160 2018-04-18] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-04-18] (Malwarebytes)
      S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26048 2016-06-14] (NVIDIA Corporation)
      S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-04-14] (NVIDIA Corporation)
      S3 SDGame; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
      S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [63352 2006-07-05] (Protection Technology (StarForce))
      S0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [59776 2006-08-11] (Protection Technology (StarForce))
      S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [33664 2016-03-11] (The OpenVPN Project)
      S3 VSPerfDrv110; C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [55416 2012-07-13] (Microsoft Corporation)
      U4 CiSvc; no ImagePath
      U4 Messenger; no ImagePath
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-04-18 19:02 - 2018-04-18 19:04 - 000014732 _____ C:\Users\IvailoCOMP\Desktop\FRST.txt
      2018-04-18 19:02 - 2018-04-18 19:02 - 000000000 ____D C:\FRST
      2018-04-18 19:01 - 2018-04-18 19:02 - 001763840 _____ (Farbar) C:\Users\IvailoCOMP\Desktop\FRST.exe
      2018-04-18 18:29 - 2018-04-18 18:55 - 000040160 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-04-18 18:29 - 2018-04-18 18:29 - 000167656 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-04-18 18:28 - 2018-04-18 18:28 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-04-18 18:28 - 2018-04-18 18:28 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-04-18 18:28 - 2018-04-18 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-04-18 18:28 - 2018-04-18 18:28 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-04-18 18:28 - 2018-04-18 18:28 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-04-18 18:28 - 2018-03-19 12:57 - 000058656 _____ C:\Windows\system32\Drivers\mbae.sys
      2018-04-18 18:27 - 2018-04-18 18:27 - 073254968 _____ (Malwarebytes ) C:\Users\IvailoCOMP\Desktop\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4766.exe
      2018-04-18 18:22 - 2018-04-18 18:22 - 000001270 _____ C:\Users\IvailoCOMP\Desktop\asda.lnk
      2018-04-18 18:04 - 2018-04-18 18:07 - 000005192 _____ C:\Users\IvailoCOMP\Desktop\Rkill.txt
      2018-04-18 17:54 - 2018-04-18 17:54 - 000003408 ____N C:\bootsqm.dat
      2018-04-18 17:52 - 2018-04-18 17:52 - 000000000 __SHD C:\found.000
      2018-04-18 17:37 - 2018-04-18 17:37 - 000151072 _____ C:\Windows\Minidump\041818-20997-01.dmp
      2018-04-18 17:11 - 2018-04-18 17:11 - 000151312 _____ C:\Windows\Minidump\041818-23821-01.dmp
      2018-04-18 13:42 - 2018-04-18 20:07 - 000000000 ____D C:\Kaspersky Rescue Disk 10.0
      2018-04-18 10:33 - 2018-04-18 10:33 - 000001261 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 18.lnk
      2018-04-18 10:33 - 2018-04-18 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
      2018-04-18 10:26 - 2018-04-18 10:33 - 000000221 _____ C:\Users\Public\Desktop\Ashampoo Deals.url
      2018-04-18 10:26 - 2018-04-18 10:33 - 000000000 ____D C:\ProgramData\Ashampoo
      2018-04-18 10:14 - 2018-04-18 10:18 - 338960384 _____ C:\Users\IvailoCOMP\Desktop\kav_rescue_10.iso
      2018-04-18 10:12 - 2018-04-18 10:12 - 000001270 _____ C:\Users\IvailoCOMP\Desktop\shutdown.exe.lnk
      2018-04-18 10:11 - 2018-04-18 18:54 - 000424982 _____ C:\Windows\ntbtlog.txt
      2018-04-18 10:10 - 2018-04-18 10:10 - 000000000 _____ C:\Users\IvailoCOMP\Desktop\New shortcut.lnk
      2018-04-18 09:57 - 2018-04-18 09:57 - 000151696 _____ C:\Windows\Minidump\041818-19999-01.dmp
      2018-04-18 09:54 - 2018-04-18 09:54 - 000151696 _____ C:\Windows\Minidump\041818-18954-01.dmp
      2018-04-18 09:40 - 2018-04-18 17:37 - 286301067 _____ C:\Windows\MEMORY.DMP
      2018-04-18 09:40 - 2018-04-18 17:37 - 000000000 ____D C:\Windows\Minidump
      2018-04-18 09:40 - 2018-04-18 09:40 - 000152656 _____ C:\Windows\Minidump\041818-29546-01.dmp
      2018-04-16 10:43 - 2018-03-31 04:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
      2018-04-16 10:43 - 2018-03-31 04:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-04-16 10:43 - 2018-03-31 04:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
      2018-04-16 10:43 - 2018-03-31 04:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
      2018-04-16 10:43 - 2018-03-31 04:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
      2018-04-16 10:43 - 2018-03-31 04:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
      2018-04-16 10:43 - 2018-03-31 04:39 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
      2018-04-16 10:43 - 2018-03-31 04:12 - 001310480 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
      2018-04-16 10:43 - 2018-03-31 03:51 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
      2018-04-16 10:43 - 2018-03-31 03:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
      2018-04-16 10:43 - 2018-03-31 03:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
      2018-04-16 10:43 - 2018-03-31 03:51 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
      2018-04-16 10:43 - 2018-03-31 03:51 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
      2018-04-16 10:43 - 2018-03-31 03:49 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
      2018-04-16 10:43 - 2018-03-31 03:49 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-04-16 10:43 - 2018-03-31 03:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
      2018-04-16 10:43 - 2018-03-31 03:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
      2018-04-16 10:43 - 2018-03-31 03:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
      2018-04-16 10:43 - 2018-03-28 10:18 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2018-04-16 10:43 - 2018-03-23 20:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-04-16 10:43 - 2018-03-23 00:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-04-16 10:43 - 2018-03-23 00:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-04-16 10:43 - 2018-03-23 00:04 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-04-16 10:43 - 2018-03-22 23:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-04-16 10:43 - 2018-03-22 23:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-04-16 10:43 - 2018-03-22 23:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-04-16 10:43 - 2018-03-22 23:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-04-16 10:43 - 2018-03-22 23:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-04-16 10:43 - 2018-03-22 23:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-04-16 10:43 - 2018-03-22 23:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-04-16 10:43 - 2018-03-22 23:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-04-16 10:43 - 2018-03-22 23:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-04-16 10:43 - 2018-03-22 23:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-04-16 10:43 - 2018-03-22 23:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-04-16 10:43 - 2018-03-22 23:42 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-04-16 10:43 - 2018-03-22 23:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-04-16 10:43 - 2018-03-22 23:36 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-04-16 10:43 - 2018-03-22 23:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-04-16 10:43 - 2018-03-22 23:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-04-16 10:43 - 2018-03-22 23:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-04-16 10:43 - 2018-03-22 23:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-04-16 10:43 - 2018-03-22 23:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-04-16 10:43 - 2018-03-22 23:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-04-16 10:43 - 2018-03-22 23:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-04-16 10:43 - 2018-03-22 23:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-04-16 10:43 - 2018-03-22 23:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-04-16 10:43 - 2018-03-22 23:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-04-16 10:43 - 2018-03-22 23:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-04-16 10:43 - 2018-03-22 23:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-04-16 10:43 - 2018-03-22 23:15 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-04-16 10:43 - 2018-03-22 23:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-04-16 10:43 - 2018-03-22 23:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-04-16 10:43 - 2018-03-22 22:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-04-16 10:43 - 2018-03-22 22:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-04-16 10:43 - 2018-03-22 22:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-04-16 10:43 - 2018-03-10 20:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
      2018-04-16 10:43 - 2018-03-09 21:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2018-04-16 10:43 - 2018-03-09 21:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2018-04-16 10:43 - 2018-03-09 21:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2018-04-16 10:43 - 2018-03-09 21:12 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2018-04-16 10:43 - 2018-03-09 21:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2018-04-16 10:43 - 2018-03-09 20:31 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2018-04-16 10:43 - 2018-03-06 21:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
      2018-04-16 10:43 - 2018-03-06 21:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
      2018-04-16 10:43 - 2018-03-06 21:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
      2018-04-16 10:43 - 2018-02-22 06:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
      2018-04-16 10:43 - 2018-02-19 00:34 - 000535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
      2018-04-16 10:43 - 2018-02-10 21:49 - 000162496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000154304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000104640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000057024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000053440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000051904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000046272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000032448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000027840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000021696 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
      2018-04-16 10:43 - 2018-02-10 21:49 - 000013504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000011840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
      2018-04-16 10:43 - 2018-02-10 21:48 - 000274624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
      2018-04-16 10:43 - 2018-02-10 21:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
      2018-04-16 10:43 - 2018-02-10 21:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
      2018-04-16 10:43 - 2018-02-10 21:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
      2018-04-16 10:43 - 2018-02-10 21:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
      2018-04-16 10:43 - 2018-02-10 21:23 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
      2018-04-16 10:43 - 2018-02-10 20:36 - 000537600 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
      2018-04-16 10:43 - 2018-02-10 20:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
      2018-04-16 10:43 - 2018-02-10 20:36 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
      2018-04-16 10:43 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
      2018-04-16 10:43 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
      2018-04-16 10:43 - 2018-02-02 21:54 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
      2018-04-16 10:43 - 2018-02-02 21:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
      2018-04-16 10:43 - 2018-02-02 21:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
      2018-04-16 10:43 - 2018-02-02 21:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
      2018-04-16 10:43 - 2018-02-02 21:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
      2018-04-16 10:43 - 2018-02-02 21:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
      2018-04-16 10:43 - 2018-02-02 20:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
      2018-04-16 10:43 - 2018-01-25 17:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
      2018-04-16 10:43 - 2018-01-15 22:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
      2018-04-16 10:43 - 2018-01-12 19:29 - 001309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-04-16 10:43 - 2018-01-12 19:29 - 000250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
      2018-04-16 10:43 - 2018-01-12 19:29 - 000240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-04-16 10:43 - 2018-01-12 19:29 - 000187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-04-16 10:43 - 2018-01-12 19:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
      2018-04-16 10:43 - 2018-01-12 19:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
      2018-04-16 10:43 - 2018-01-12 19:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
      2018-04-16 10:43 - 2018-01-12 19:05 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
      2018-04-16 10:43 - 2018-01-12 19:05 - 000025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
      2018-04-16 10:43 - 2018-01-12 19:05 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
      2018-04-16 10:43 - 2018-01-11 19:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001155584 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001004032 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:54 - 001214184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
      2018-04-16 10:43 - 2018-01-01 04:54 - 000712936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
      2018-04-16 10:43 - 2018-01-01 04:54 - 000201960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
      2018-04-16 10:43 - 2018-01-01 04:54 - 000173288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
      2018-04-16 10:43 - 2018-01-01 04:50 - 000317952 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
      2018-04-16 10:43 - 2018-01-01 04:44 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
      2018-04-16 10:43 - 2018-01-01 04:43 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
      2018-04-16 10:43 - 2018-01-01 04:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
      2018-04-16 10:43 - 2018-01-01 04:43 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
      2018-04-16 10:43 - 2018-01-01 04:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
      2018-04-16 10:43 - 2018-01-01 04:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
      2018-04-16 10:43 - 2018-01-01 04:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
      2018-04-16 10:43 - 2018-01-01 04:38 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-04-16 10:43 - 2018-01-01 04:38 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
      2018-04-16 10:43 - 2018-01-01 04:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
      2018-04-16 10:43 - 2018-01-01 04:38 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
      2018-04-16 10:43 - 2018-01-01 04:36 - 000314368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
      2018-04-16 10:43 - 2018-01-01 04:36 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
      2018-04-16 10:43 - 2017-12-05 18:54 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
      2018-04-16 10:43 - 2017-12-05 18:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
      2018-04-14 17:05 - 2018-04-15 21:31 - 000003238 _____ C:\Users\IvailoCOMP\Desktop\Стражева Кула 14.04.2018.txt
      2018-04-14 14:36 - 2016-06-18 07:13 - 039293587 ____N C:\Users\IvailoCOMP\Desktop\MPS-temi.pdf
      2018-04-11 21:09 - 2018-04-15 22:57 - 000000340 _____ C:\Users\IvailoCOMP\Desktop\Програма за четене на Библията.txt
      2018-04-11 20:05 - 2018-04-11 20:05 - 000724759 _____ C:\Users\IvailoCOMP\Desktop\sbr_BL.pdf
      2018-04-11 02:08 - 2018-03-14 20:18 - 000116928 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
      2018-04-11 02:08 - 2018-03-14 20:14 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 001893376 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
      2018-04-11 02:08 - 2018-03-14 16:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000507392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
      2018-04-09 21:55 - 2018-04-09 21:55 - 000003743 _____ C:\Users\IvailoCOMP\Desktop\Ще бъде ли тя добра съпруга.txt
      2018-04-01 23:39 - 2018-04-01 23:39 - 010353227 _____ C:\Users\IvailoCOMP\Desktop\yp2_BL.pdf
      2018-03-23 22:10 - 2018-03-23 22:10 - 002276028 _____ C:\Users\IvailoCOMP\Desktop\Илиянка.rar
      2018-03-23 22:02 - 2018-03-23 22:14 - 000000000 ____D C:\Users\IvailoCOMP\Desktop\Илиянка
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-04-18 19:00 - 2010-11-21 00:01 - 000785704 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-04-18 19:00 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-04-18 18:57 - 2016-11-18 12:35 - 000000000 ____D C:\Users\IvailoCOMP\AppData\LocalLow\Mozilla
      2018-04-18 18:51 - 2013-11-21 16:12 - 000000000 ____D C:\ProgramData\NVIDIA
      2018-04-18 18:51 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-04-18 18:06 - 2014-10-30 10:05 - 000000000 ____D C:\Windows\pss
      2018-04-18 17:58 - 2017-11-23 09:54 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Local\LogMeIn Hamachi
      2018-04-18 10:38 - 2013-11-21 16:17 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\BitComet
      2018-04-18 10:34 - 2013-11-21 16:05 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\Ashampoo
      2018-04-18 10:34 - 2013-11-21 16:05 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Local\Ashampoo
      2018-04-18 10:32 - 2013-11-21 16:00 - 000000000 ____D C:\Program Files\Ashampoo
      2018-04-18 10:19 - 2013-11-22 16:19 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\DAEMON Tools Lite
      2018-04-18 01:15 - 2009-07-14 07:34 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-04-18 01:15 - 2009-07-14 07:34 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-04-18 01:09 - 2013-12-23 20:48 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\Skype
      2018-04-17 23:11 - 2016-02-29 01:23 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Local\CrashDumps
      2018-04-17 10:17 - 2009-07-14 07:33 - 000452024 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-04-17 10:13 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-04-16 22:13 - 2013-11-21 17:15 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\vlc
      2018-04-15 10:51 - 2013-11-21 16:04 - 000000000 ____D C:\Windows\system32\Macromed
      2018-04-12 19:52 - 2016-07-07 19:51 - 000000000 ____D C:\Program Files\Common Files\Overwolf
      2018-04-12 19:52 - 2013-12-14 11:50 - 000000000 ____D C:\Program Files\Overwolf
      2018-04-12 01:04 - 2014-12-11 09:05 - 000000000 ____D C:\Windows\system32\appraiser
      2018-04-11 11:04 - 2017-07-31 12:21 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-04-11 11:04 - 2017-07-31 12:21 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-04-11 03:13 - 2014-07-15 11:08 - 000000000 ____D C:\Windows\system32\MRT
      2018-04-11 03:06 - 2017-10-11 01:18 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
      2018-04-11 03:06 - 2014-07-15 11:08 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2018-04-08 17:50 - 2018-03-01 23:22 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\.minecraft
      2018-03-29 09:46 - 2013-12-21 10:14 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
      2018-03-28 11:20 - 2016-11-16 21:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2018-03-26 12:53 - 2018-02-26 10:26 - 000000000 ____D C:\Users\IvailoCOMP\Desktop\Songs
      ==================== Files in the root of some directories =======
      2016-03-26 15:29 - 2016-03-28 23:17 - 000000646 _____ () C:\Users\IvailoCOMP\AppData\Roaming\MPQEditor.ini
      2013-11-21 17:59 - 2017-11-03 12:59 - 000007599 _____ () C:\Users\IvailoCOMP\AppData\Local\Resmon.ResmonCfg
      Some files in TEMP:
      ====================
      2017-09-29 10:49 - 2017-10-30 16:41 - 000000000 _____ () C:\Users\IvailoCOMP\AppData\Local\Temp\88653d972532a3bfb1eacaae78f1f650.dll
      2017-09-29 10:49 - 2017-10-30 14:33 - 000000088 _____ () C:\Users\IvailoCOMP\AppData\Local\Temp\a4c3de51ada6927383f066bdc8c54e16.dll
      2018-04-08 08:12 - 2018-04-08 08:12 - 058834376 _____ (Skype Technologies S.A.) C:\Users\IvailoCOMP\AppData\Local\Temp\SkypeSetup.exe
      2018-03-01 23:34 - 2018-03-01 23:23 - 000069259 _____ () C:\Users\IvailoCOMP\AppData\Local\Temp\Uninstall.exe
      2017-08-13 10:55 - 2017-08-13 10:55 - 000750560 _____ (adaware) C:\Users\IvailoCOMP\AppData\Local\Temp\WCU002.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2016-05-09 08:13
      ==================== End of FRST.txt ============================
      Addition.txt
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.