Премини към съдържанието

Препоръчан отговор


Здравейте.

Лаптопът работи много бавно, при опит да премахна елементите открити от MSE системата забива и не ми позволява да правя нищо повече. Нямам представа от къде се е заразила системата, лаптопът се ползва от родителите ми. Не разполагам с диск за Windows. Елементите под карантина в MSE са доста, изброявам ги, като някои се повтарят:

-BrowserModifier:Win32/CouponRuc;  Trojan:Win32/Raydefun.A;  Trojan:Win32/Peaac.gen!A!plock;  VirTool:Win32/Obfuscator.ANX;  BrowserModifier:Win32/Diplugem;  Trojan:Win32/Damingvat.A;  Trojan:Win32/Colisi.C

 

Ето и лог файла:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-09-2015
Ran by RRR (administrator) on RRR-PC (15-09-2015 12:00:16)
Running from C:\Users\RRR\Desktop
Loaded Profiles: RRR (Available Profiles: RRR)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Users\RRR\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Hewlett-Packard ) C:\ProgramData\HP Mouse Suite Config\hpwjd.exe
(Hewlett-Packard ) C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM\...\Run: [New Value #1] => “ctfmon”=”CTFMON.EXE”
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2012-10-24] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-29] (Intel Corporation)
HKLM-x32\...\Run: [NWEReboot] => [X]
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4527424 2011-08-17] (DT Soft Ltd)
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [94208 2005-09-08] (Nero AG)
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [AceStream] => C:\Users\RRR\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-25] ()
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [Facebook Update] => C:\Users\RRR\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-27] (Facebook Inc.)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-02] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HPMonitor.exe.lnk [2013-06-01]
ShortcutTarget: HPMonitor.exe.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpwjd.exe.lnk [2013-06-01]
ShortcutTarget: hpwjd.exe.lnk -> C:\ProgramData\HP Mouse Suite Config\hpwjd.exe (Hewlett-Packard )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpwmsd.exe.lnk [2013-06-01]
ShortcutTarget: hpwmsd.exe.lnk -> C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe (Hewlett-Packard )
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{178F6E31-C398-402E-AC71-7DBF82FAF851}: [NameServer] 199.203.131.145,82.163.143.167
Tcpip\..\Interfaces\{BA4CAD20-CBAD-471F-9F84-E16DB495FA06}: [NameServer] 82.163.143.169,82.163.142.171
Tcpip\..\Interfaces\{BA4CAD20-CBAD-471F-9F84-E16DB495FA06}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\RRR\AppData\Roaming\Mozilla\Firefox\Profiles\w3qckbrn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-01] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2010-01-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3352682033-4164677752-1323257766-1000: @acestream.net/acestreamplugin,version=2.1.5.3 -> C:\Users\RRR\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-06-13] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-3352682033-4164677752-1323257766-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\RRR\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml [2014-09-24]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2014-09-24]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml [2014-09-24]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2014-09-24]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\RRR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\RRR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-09-14]
CHR Extension: (Google Wallet) - C:\Users\RRR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]

Opera:
=======
OPR Extension: (No Name) - C:\Users\RRR\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-02-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-06-02] (Macrovision Europe Ltd.) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2011-11-15] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2013-06-02] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [402024 2012-02-22] (Realtek Semiconductor Corporation )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [2621128 2015-07-16] (Sonix Tech. Co., Ltd.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 12:00 - 2015-09-15 12:00 - 00016956 _____ C:\Users\RRR\Desktop\FRST.txt
2015-09-15 12:00 - 2015-09-15 12:00 - 00000000 ____D C:\FRST
2015-09-15 11:59 - 2015-09-15 11:53 - 02190848 _____ (Farbar) C:\Users\RRR\Desktop\FRST64.exe
2015-09-14 15:54 - 2015-09-14 15:54 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-14 15:53 - 2015-09-14 15:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2A1F53E5.sys
2015-09-14 15:53 - 2015-09-14 15:48 - 00000358 _____ C:\Users\RRR\Desktop\hg.txt
2015-09-14 13:30 - 2015-09-15 11:57 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-14 13:30 - 2015-09-14 13:30 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-14 13:30 - 2015-09-14 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-14 13:30 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-14 13:30 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-14 13:30 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-14 13:18 - 2015-09-14 13:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-14 13:18 - 2015-09-14 13:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-14 12:38 - 2015-09-14 15:55 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-14 11:51 - 2015-09-14 12:01 - 00000000 ____D C:\AdwCleaner
2015-09-11 12:18 - 2015-08-05 20:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-11 12:18 - 2015-08-05 20:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-11 12:18 - 2015-08-05 20:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-11 12:17 - 2015-08-05 20:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-11 12:17 - 2015-07-23 03:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-11 12:17 - 2015-07-23 03:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-11 12:17 - 2015-07-23 03:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-11 12:17 - 2015-07-23 03:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-11 12:17 - 2015-07-23 03:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-11 12:17 - 2015-07-22 19:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-11 12:17 - 2015-07-15 06:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-11 12:17 - 2015-07-15 05:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-11 12:17 - 2015-07-09 20:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-11 12:17 - 2015-07-09 20:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-11 12:17 - 2015-07-09 20:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-11 12:17 - 2015-07-09 20:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-11 12:16 - 2015-07-23 03:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-11 12:16 - 2015-07-23 03:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-11 12:16 - 2015-07-23 03:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-11 12:16 - 2015-07-23 03:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-11 12:16 - 2015-07-23 03:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-11 12:16 - 2015-07-23 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-11 12:16 - 2015-07-23 03:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-11 12:16 - 2015-07-23 03:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-11 12:16 - 2015-07-23 03:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-11 12:16 - 2015-07-23 03:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-11 12:16 - 2015-07-23 03:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-11 12:16 - 2015-07-23 03:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-11 12:16 - 2015-07-23 02:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-11 12:16 - 2015-07-23 02:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-11 12:16 - 2015-07-23 02:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-11 12:16 - 2015-07-22 20:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-11 12:16 - 2015-07-22 20:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-11 12:16 - 2015-07-22 20:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-11 12:16 - 2015-07-22 20:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-11 12:16 - 2015-07-22 20:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-11 12:16 - 2015-07-22 20:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-11 12:16 - 2015-07-22 20:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-11 12:16 - 2015-07-22 20:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-11 12:16 - 2015-07-22 20:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-11 12:16 - 2015-07-22 20:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-11 12:16 - 2015-07-22 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-11 12:16 - 2015-07-22 20:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-11 12:16 - 2015-07-22 20:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 19:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-11 12:16 - 2015-07-22 19:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-11 12:16 - 2015-07-22 19:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-11 12:16 - 2015-07-22 19:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-11 12:16 - 2015-07-22 19:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-11 12:16 - 2015-07-22 19:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 19:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 19:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-11 12:16 - 2015-07-22 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-11 12:16 - 2015-06-25 13:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-11 12:16 - 2015-06-25 13:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-11 12:16 - 2015-06-25 13:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-11 12:16 - 2015-06-25 12:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-11 12:15 - 2015-09-02 06:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-11 12:15 - 2015-09-02 06:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-11 12:15 - 2015-09-02 06:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-11 12:15 - 2015-09-02 06:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-11 12:15 - 2015-09-02 05:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-11 12:15 - 2015-09-02 05:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-11 12:15 - 2015-09-02 05:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-11 12:15 - 2015-09-02 05:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-11 12:15 - 2015-09-02 04:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-11 12:15 - 2015-09-02 04:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-11 12:15 - 2015-09-02 04:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-11 12:15 - 2015-08-27 21:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-11 12:15 - 2015-08-27 21:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-11 12:15 - 2015-08-27 21:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-11 12:15 - 2015-08-27 21:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-11 12:15 - 2015-08-27 20:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-11 12:15 - 2015-08-27 20:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-11 12:15 - 2015-08-27 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-11 12:15 - 2015-08-27 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-11 12:15 - 2015-08-26 21:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-11 12:15 - 2015-08-26 21:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-11 12:15 - 2015-08-26 21:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-11 12:15 - 2015-08-26 21:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-11 12:15 - 2015-08-26 21:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-11 12:15 - 2015-08-26 21:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-11 12:15 - 2015-08-26 21:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-11 12:15 - 2015-08-26 21:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-11 12:15 - 2015-08-26 21:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-11 12:15 - 2015-08-26 21:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-11 12:15 - 2015-08-26 21:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-11 12:15 - 2015-08-26 20:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-11 12:15 - 2015-08-26 20:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-11 12:15 - 2015-08-26 20:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-11 12:15 - 2015-08-26 20:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-11 12:15 - 2015-08-26 20:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-11 12:15 - 2015-08-04 21:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-11 12:15 - 2015-08-04 21:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-11 12:15 - 2015-08-04 20:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-11 12:15 - 2015-08-04 20:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-11 12:15 - 2015-08-04 20:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-11 12:15 - 2015-08-04 20:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-11 12:15 - 2015-08-04 20:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-11 12:15 - 2015-08-04 20:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-11 12:15 - 2015-08-04 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-08-19 14:47 - 2015-08-11 04:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 14:47 - 2015-08-11 04:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 14:47 - 2015-08-11 03:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 14:47 - 2015-08-11 03:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 12:00 - 2013-06-01 10:31 - 01702946 _____ C:\Windows\WindowsUpdate.log
2015-09-15 11:59 - 2012-09-26 10:53 - 00000950 _____ C:\Windows\SysWOW64\bscs.ini
2015-09-15 11:58 - 2013-06-01 18:07 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-15 11:57 - 2013-12-12 14:39 - 00003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2015-09-15 11:56 - 2013-12-12 14:39 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2015-09-15 11:55 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-15 11:55 - 2009-07-14 07:51 - 00149816 _____ C:\Windows\setupact.log
2015-09-15 11:32 - 2009-07-14 07:45 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-15 11:32 - 2009-07-14 07:45 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-14 16:19 - 2015-08-14 22:19 - 00000336 _____ C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job
2015-09-14 15:40 - 2013-12-12 14:39 - 00000822 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI
2015-09-14 15:19 - 2014-07-27 14:48 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3352682033-4164677752-1323257766-1000UA.job
2015-09-14 15:19 - 2014-07-27 14:48 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3352682033-4164677752-1323257766-1000Core.job
2015-09-14 15:19 - 2013-06-02 22:32 - 00123918 _____ C:\Windows\PFRO.log
2015-09-14 13:37 - 2015-06-27 11:47 - 00000000 ____D C:\Program Files (x86)\Do Not Disturb
2015-09-14 13:36 - 2015-06-08 17:01 - 00000000 ____D C:\Program Files (x86)\rikaikun
2015-09-14 13:12 - 2014-08-31 13:15 - 00000000 ____D C:\Users\RRR\AppData\Local\Adobe
2015-09-13 02:55 - 2013-08-03 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-09-13 00:40 - 2009-07-14 07:45 - 02338960 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-13 00:37 - 2009-07-14 10:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-13 00:20 - 2013-06-02 22:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-28 14:05 - 2015-06-01 08:44 - 00000000 ____D C:\Program Files (x86)\Omnifinder
2015-08-28 14:05 - 2015-05-21 11:01 - 00000000 ____D C:\Program Files (x86)\Cookie Killer for Facebook
2015-08-26 18:37 - 2013-06-05 20:27 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-23 18:55 - 2013-07-07 10:37 - 00000000 ____D C:\Users\RRR\Desktop\recepti
2015-08-19 14:04 - 2015-02-26 19:04 - 00003826 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1424966667
2015-08-19 14:04 - 2013-06-02 18:27 - 00000000 ____D C:\Program Files (x86)\Opera

==================== Files in the root of some directories =======

2015-06-23 08:55 - 2015-08-01 13:57 - 0000020 _____ () C:\Users\RRR\AppData\Roaming\appdataFr2.bin
2015-06-15 14:29 - 2015-07-03 12:47 - 0000024 _____ () C:\Users\RRR\AppData\Roaming\appdataFr25.bin
2015-03-02 21:46 - 2015-04-23 11:35 - 0000020 _____ () C:\Users\RRR\AppData\Roaming\appdataFr3.bin

Files to move or delete:
====================
C:\Users\RRR\install_flashplayer15x32au_chra_dy_aaa_aih.exe


Some files in TEMP:
====================
C:\Users\RRR\AppData\Local\Temp\07b31aB7338C7.exe
C:\Users\RRR\AppData\Local\Temp\130e04c69E226.exe
C:\Users\RRR\AppData\Local\Temp\56ACC069e3.exe
C:\Users\RRR\AppData\Local\Temp\9569E98A43F0.exe
C:\Users\RRR\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\RRR\AppData\Local\Temp\B6D283.exe
C:\Users\RRR\AppData\Local\Temp\BitLord_1.01.exe
C:\Users\RRR\AppData\Local\Temp\HitmanPro.exe
C:\Users\RRR\AppData\Local\Temp\HPSWF.EXE
C:\Users\RRR\AppData\Local\Temp\install_reader11_en_chrd_aaa_aih.exe
C:\Users\RRR\AppData\Local\Temp\SkypeSetup.exe
C:\Users\RRR\AppData\Local\Temp\sqlite3.dll
C:\Users\RRR\AppData\Local\Temp\supoptsetup.exe
C:\Users\RRR\AppData\Local\Temp\SWHelperQueryW.dll
C:\Users\RRR\AppData\Local\Temp\SWHelperWrapper.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-23 20:30

==================== End of FRST.txt ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

 

icon_zps423a0d9f.jpgМоля изтеглете ZHPcleaner и я запазете на вашия десктоп.

  • Стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
  • Кликнете върху Ashampoo_Snap_20140819_13h09m50s_001__zp за да се съгласите с лицензионното споразумение.
  • Изберете бутона y3pI4LR.png.
  • Браузърите ще бъдат затворени автоматично.
  • Ще се отвори лог файл след приключването на проверката.
  • Публикувайте лог файла в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Съжалявам за забавянето, но сканирането спря на 'FirewallRules' на 95%, и го пуснах да сканира отново, стои си на 95% вече 20мин. Нормално ли е, да чакам ли още. Също по време на сканирането към 85% ме пита дали съм инсталирал този сървър и имаше цифри след това, като IP.

Редактирано от stepan10 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Направих сканирането в Safe Mode, тъй като всеки път забиваше на 95%.

 

~ ZHPCleaner v2015.9.14.347 by Nicolas Coolman (2015/09/14)
~ Run by RRR (Administrator)  (15/09/2015 15:00:19)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\RRR\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\RRR\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (2)
FOUND: [w3qckbrn.default] - user_pref("extensions.8Zz02IlJHaYab0q6.url", "http://mojofuneasy.com/sync2/?q=hfZ9oeJQAchEAen0rHU4rS[...] =>PUP.Optional.DriverGuide
FOUND: [w3qckbrn.default] - user_pref("extensions.EuVt7jbA1JpaE7y0.url", "http://foreveryshare.ru/sync2/?q=hfZ9oehUBeCHtNbPhd9Hp[...] =>PUP.Optional.DriverGuide


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (1)
FOUND task: [bidaily Synchronize Task[8da6]] [C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job]  =>PUP.Optional.BidailySync


---\\  Explorer ( File, Folder) (49)
FOUND file: C:\Users\RRR\Desktop\BitLord.lnk  [bad : C:\Program Files (x86)\BitLord\BitLord.exe]  =>PUP.Optional.WhenUSave
FOUND file: C:\Program Files (x86)\BitLord\BitLord.exe [www.BitLord.com - BitLord]  =>PUP.Optional.WhenUSave
FOUND file: C:\Users\RRR\Desktop\BitLord.lnk    =>PUP.Optional.WhenUSave
FOUND file: C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job    =>PUP.Optional.BidailySync
FOUND file: C:\Windows\Prefetch\GS_BOOSTER.EXE-5D689F23.pf    =>PUP.Optional.GSBooster
FOUND file: C:\Users\RRR\AppData\Roaming\appdataFr3.bin    =>PUP.Optional.Generic
FOUND file: C:\Users\RRR\AppData\Local\Temp\supoptsetup.exe [super PC Tools ltd - Fix PC problems and optimize performance]  =>PUP.Optional.SuperPCTools
FOUND file: C:\Users\RRR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage    =>PUP.Optional.SpecialSavings
FOUND file: C:\Users\RRR\AppData\Local\Temp\BitLord_1.01.exe    =>PUP.Optional.WhenUSave
FOUND file: C:\Program Files (x86)\BitLord\BitLord.xml    =>PUP.Optional.WhenUSave
FOUND file: C:\Program Files (x86)\BitLord\BitLord_Win9x.exe [www.BitLord.com - BitLord]  =>PUP.Optional.WhenUSave
FOUND file: C:\Program Files (x86)\BitLord\Downloads.xml    =>PUP.Optional.WhenUSave
FOUND file: C:\Program Files (x86)\BitLord\License.txt    =>PUP.Optional.WhenUSave
FOUND file: C:\Program Files (x86)\BitLord\uninst.exe    =>PUP.Optional.WhenUSave
FOUND folder: C:\Program Files (x86)\BitLord\Downloads  =>PUP.Optional.WhenUSave
FOUND folder: C:\Program Files (x86)\BitLord\lang  =>PUP.Optional.WhenUSave
FOUND folder: C:\Program Files (x86)\BitLord\rules  =>PUP.Optional.WhenUSave
FOUND folder: C:\Program Files (x86)\BitLord  =>PUP.Optional.WhenUSave
FOUND file: C:\ProgramData\AAlllCheapPriaCe\7BvMumlPrBJs9e.dat    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\AAlllCheapPriaCe\7BvMumlPrBJs9e.tlb    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\CheapMe\8kml8G1KobskPF.dat    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\CheapMe\8kml8G1KobskPF.tlb    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\DigiCooupOn\QiNGqmkxESXVtQ.dat    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\DigiCooupOn\QiNGqmkxESXVtQ.tlb    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\ExstraiCCouppon\1X7fbuq7cRhVed.dat    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\ExstraiCCouppon\1X7fbuq7cRhVed.tlb    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\NetoCoupon\bztKtfionYfDL5.dat    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\NetoCoupon\bztKtfionYfDL5.exe    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\NetoCoupon\bztKtfionYfDL5.tlb    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\RandomPrice\y2NllSdRaEwHfS.dat    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\RandomPrice\y2NllSdRaEwHfS.tlb    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\SaveNewaAppz\EXWIPz5s5gbesb.dat    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\SaveNewaAppz\EXWIPz5s5gbesb.exe    =>PUP.Optional.Multiplug
FOUND file: C:\ProgramData\SaveNewaAppz\EXWIPz5s5gbesb.tlb    =>PUP.Optional.Multiplug
FOUND folder: C:\ProgramData\AAlllCheapPriaCe  =>PUP.Optional.Multiplug
FOUND folder: C:\ProgramData\CheapMe  =>PUP.Optional.Multiplug
FOUND folder: C:\ProgramData\DigiCooupOn  =>PUP.Optional.Multiplug
FOUND folder: C:\ProgramData\ExstraiCCouppon  =>PUP.Optional.Multiplug
FOUND folder: C:\ProgramData\NetoCoupon  =>PUP.Optional.Multiplug
FOUND folder: C:\ProgramData\RandomPrice  =>PUP.Optional.Multiplug
FOUND folder: C:\ProgramData\SaveNewaAppz  =>PUP.Optional.Multiplug
FOUND folder: C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data  =>PUP.Optional.ChromaticBrowser
FOUND folder: C:\Users\Administrator\AppData\Local\Torch\User Data  =>PUP.Optional.Torch
FOUND folder: C:\Users\Administrator\AppData\Local\Chromatic Browser  =>PUP.Optional.ChromaticBrowser
FOUND folder: C:\Users\Administrator\AppData\Local\Torch  =>PUP.Optional.Torch
FOUND folder: C:\Users\Guest\AppData\Local\Chromatic Browser\User Data  =>PUP.Optional.ChromaticBrowser
FOUND folder: C:\Users\Guest\AppData\Local\Torch\User Data  =>PUP.Optional.Torch
FOUND folder: C:\Users\Guest\AppData\Local\Chromatic Browser  =>PUP.Optional.ChromaticBrowser
FOUND folder: C:\Users\Guest\AppData\Local\Torch  =>PUP.Optional.Torch


---\\  Registry ( Key, Value, Data) (15)
FOUND key: HKLM\SOFTWARE\Wow6432Node\Policies\Google\Update []  =>PUM.Security.Hijack
FOUND key: [X64] HKLM\SOFTWARE\Classes\bitlordunfinishedfile [bitLord Unfinished Download File]  =>Toolbar.CompleteBar
FOUND key: [X64] HKLM\SOFTWARE\Classes\BitLordUnfinishedFile [bitLord Unfinished Download File]  =>PUP.Optional.WhenUSave
FOUND key: [X64] HKLM\SOFTWARE\Classes\bittorrent [bitLord File]  =>PUP.Optional.WhenUSave
FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{5051b095-86fa-4569-8745-1b96d535240c} [DigiCooupOn]  =>PUP.Optional.Multiplug
FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{5494c1f2-ba96-4824-94d7-53dfbb1d0f21} [CheapMe]  =>PUP.Optional.Multiplug
FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{7ff0fc24-3bfd-40df-8701-b231f8378330} [MiniimmummPriice]  =>PUP.Optional.Multiplug
FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{93824824-94bd-4b23-806c-fefb6fb7f3e0} [AAlllCheapPriaCe]  =>PUP.Optional.Multiplug
FOUND data: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{178F6E31-C398-402E-AC71-7DBF82FAF851}\\NameServer [bad : 199.203.131.145,82.163.143.167]  =>Hijacker.Browser
FOUND data: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA4CAD20-CBAD-471F-9F84-E16DB495FA06}\\NameServer [bad : 82.163.143.169,82.163.142.171]  =>Hijacker.Browser
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\bitlord.exe [C:\Program Files (x86)\BitLord\BitLord.exe]  =>Toolbar.CompleteBar
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\bitlord.exe [C:\Program Files (x86)\BitLord\BitLord.exe]  =>Toolbar.CompleteBar
FOUND key: [X64] HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b []  =>Hijacker.Browser
FOUND value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{55D90B99-D2C5-43C8-AF02-10FB750A655C}C:\program files (x86)\bitlord\bitlord.exe [C:\program files (x86)\bitlord\bitlord.exe]  =>PUP.Optional.WhenUSave
FOUND value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{654393BC-A4D9-4E83-97B1-DBCFC607255A}C:\program files (x86)\bitlord\bitlord.exe [C:\program files (x86)\bitlord\bitlord.exe]  =>PUP.Optional.WhenUSave


---\\ Result of repair
~ Any repair made


---\\ Statistics
~ Items scanned : 76863
~ Items found : 98
~ Items cancelled : 0
~ Items repaired : 0


~ End of search in 4 minutes
===================
ZHPCleaner--15092015-15_04_47.txt

ZHPCleaner.txt

Редактирано от stepan10 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ок, ако не сте затворили програмата натиснете бутона Repair, ако сте я затворили ще се наложи да повторите проверката и чак след това да натиснете бутона Repair.

Публикувайте резултатите в следващия си коментар.


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

~ ZHPCleaner v2015.9.14.347 by Nicolas Coolman (2015/09/14)
~ Run by RRR (Administrator)  (15/09/2015 15:24:31)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\RRR\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\RRR\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (2)
DELETED: [w3qckbrn.default] - user_pref("extensions.8Zz02IlJHaYab0q6.url", "http://mojofuneasy.com/sync2/?q=hfZ9oeJQAchEAen0rHU4rS[...] =>PUP.Optional.DriverGuide
DELETED: [w3qckbrn.default] - user_pref("extensions.EuVt7jbA1JpaE7y0.url", "http://foreveryshare.ru/sync2/?q=hfZ9oehUBeCHtNbPhd9Hp[...] =>PUP.Optional.DriverGuide


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (1)
DELETED task: [bidaily Synchronize Task[8da6]] [C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job (Not File) ]  =>PUP.Optional.BidailySync


---\\  Explorer ( File, Folder) (19)
MOVED file: C:\Users\RRR\Desktop\BitLord.lnk  [bad : C:\Program Files (x86)\BitLord\BitLord.exe]  =>PUP.Optional.WhenUSave
MOVED file: C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job    =>PUP.Optional.BidailySync
MOVED file: C:\Windows\Prefetch\GS_BOOSTER.EXE-5D689F23.pf    =>PUP.Optional.GSBooster
MOVED file: C:\Users\RRR\AppData\Roaming\appdataFr3.bin    =>PUP.Optional.Generic
MOVED file: C:\Users\RRR\AppData\Local\Temp\supoptsetup.exe [super PC Tools ltd - Fix PC problems and optimize performance]  =>PUP.Optional.SuperPCTools
MOVED file: C:\Users\RRR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage    =>PUP.Optional.SpecialSavings
MOVED file: C:\Users\RRR\AppData\Local\Temp\BitLord_1.01.exe    =>PUP.Optional.WhenUSave
MOVED folder: C:\Program Files (x86)\BitLord  =>PUP.Optional.WhenUSave
MOVED folder: C:\ProgramData\AAlllCheapPriaCe  =>PUP.Optional.Multiplug
MOVED folder: C:\ProgramData\CheapMe  =>PUP.Optional.Multiplug
MOVED folder: C:\ProgramData\DigiCooupOn  =>PUP.Optional.Multiplug
MOVED folder: C:\ProgramData\ExstraiCCouppon  =>PUP.Optional.Multiplug
MOVED folder: C:\ProgramData\NetoCoupon  =>PUP.Optional.Multiplug
MOVED folder: C:\ProgramData\RandomPrice  =>PUP.Optional.Multiplug
MOVED folder: C:\ProgramData\SaveNewaAppz  =>PUP.Optional.Multiplug
MOVED folder: C:\Users\Administrator\AppData\Local\Chromatic Browser  =>PUP.Optional.ChromaticBrowser
MOVED folder: C:\Users\Administrator\AppData\Local\Torch  =>PUP.Optional.Torch
MOVED folder: C:\Users\Guest\AppData\Local\Chromatic Browser  =>PUP.Optional.ChromaticBrowser
MOVED folder: C:\Users\Guest\AppData\Local\Torch  =>PUP.Optional.Torch


---\\  Registry ( Key, Value, Data) (14)
DELETED data: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{178F6E31-C398-402E-AC71-7DBF82FAF851}\\NameServer [bad : 199.203.131.145,82.163.143.167]  =>Hijacker.Browser
DELETED data: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA4CAD20-CBAD-471F-9F84-E16DB495FA06}\\NameServer [bad : 82.163.143.169,82.163.142.171]  =>Hijacker.Browser
DELETED key*: HKLM\SOFTWARE\Wow6432Node\Policies\Google\Update []  =>PUM.Security.Hijack
DELETED key*: [X64] HKLM\SOFTWARE\Classes\bitlordunfinishedfile [bitLord Incomplete Download File]  =>Toolbar.CompleteBar
DELETED key*: [X64] HKLM\SOFTWARE\Classes\bittorrent [bitLord File]  =>PUP.Optional.WhenUSave
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{5051b095-86fa-4569-8745-1b96d535240c} [DigiCooupOn]  =>PUP.Optional.Multiplug
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{5494c1f2-ba96-4824-94d7-53dfbb1d0f21} [CheapMe]  =>PUP.Optional.Multiplug
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{7ff0fc24-3bfd-40df-8701-b231f8378330} [MiniimmummPriice]  =>PUP.Optional.Multiplug
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{93824824-94bd-4b23-806c-fefb6fb7f3e0} [AAlllCheapPriaCe]  =>PUP.Optional.Multiplug
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\bitlord.exe [C:\Program Files (x86)\BitLord\BitLord.exe (Not File)]  =>Toolbar.CompleteBar
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\bitlord.exe [C:\Program Files (x86)\BitLord\BitLord.exe (Not File)]  =>Toolbar.CompleteBar
DELETED key*: [X64] HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b []  =>Hijacker.Browser
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{55D90B99-D2C5-43C8-AF02-10FB750A655C}C:\program files (x86)\bitlord\bitlord.exe [C:\program files (x86)\bitlord\bitlord.exe]  =>PUP.Optional.WhenUSave
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{654393BC-A4D9-4E83-97B1-DBCFC607255A}C:\program files (x86)\bitlord\bitlord.exe [C:\program files (x86)\bitlord\bitlord.exe]  =>PUP.Optional.WhenUSave


---\\ Result of repair
~ Repair carried out successfully


---\\ Statistics
~ Items scanned : 4159
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 36


~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-15092015-15_25_05.txt
ZHPCleaner--15092015-15_04_47.txt
ZHPCleaner--15092015-15_24_07.txt
 

ZHPCleaner.txt

Редактирано от stepan10 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

 

Лошото е, че гадината е обновила браузъра ви до версия за разработчици, където всички защитни механизми за свалени и дори след като го почистихме след време гадината пак ще си инсталира зловредните добавки.

 

CHR dev: Chrome dev build detected! <======= ATTENTION

 

Затова...решението е пълно деинсталиране на браузъра Google Chrome с GeekUninstaller и след това инсталирането на последната стабилна версия на браузъра.

 

Преди да го деинсталирате е добре да си запазите всички пароли и добавки ако имате такива.

 

Експортиране на отметки от Chrome:

  1. В горния десен ъгъл на прозореца на браузъра кликнете върху менюто на Chrome.
  2. Изберете Отметки > Диспечер на отметките.
  3. Кликнете върху менюто „Организиране“ в диспечера.
  4. Сега изберете Export bookmarks to HTML file.

Тук са даден инструкции след това как да ги импортнете обратно след преинсталацията на браузъра:

http://www.wikihow.c...rks-from-Chrome

 

За паролите вижте дали следния инструмент сработва:

http://www.intowindo...chrome-browser/

 

Сега вече деинсталирайте браузъра с GeekUninstaller по следния начин:

 

Изтеглете програмата GeekUninstaller и я запазете на десктопа.

Разархивирайте я и стартирайте файла geek.exe IxXO5oO.jpg
От списъка намерете Google Chrome (примера е за Mozilla Firefox, но това е просто за показно).

Кликнете с десен бутон върху програмата и изберете Uninstall
 
XhV2QLa.png
 
След края на инсталацията ще се отвори прозорец подканващ ви да премахнете всички остатъци от програмата (ако има такива, ако няма този прозорец няма да се появи):
 
Пример за Mozilla браузъра:

 

geekuninstaller-3.png

Натиснете бутона Finish за да изтриете останките от програмата.

 

След това вече изтеглете и инсталирайте последната стабилна версия на Google Chrome оттук => Google Chrome 45.0.2454.85 Stable

 

След това направете нова проверка с FRST като сложите отметка пред Addition.txt и прикачете новите два лог файла в следващия си коментар.

 

 

Поздрави!

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте.

 

Google Chrome не съм го инсталирал, дава грешка при стартиране на инсталацията, ще мина и без него.

FRST.txt

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ще оправим и Google Chrome...

 

Изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by RRR (2015-09-16 10:18:56) Run:1
Running from C:\Users\RRR\Desktop\New folder (2)
Loaded Profiles: RRR (Available Profiles: RRR)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
CMD: Dir /b c:\*Google* /s
reg: reg query HKCU\SOFTWARE\Google
reg: reg query "HKCU\SOFTWARE\Google\Update\Clients" /s
reg: reg query "HKCU\SOFTWARE\Google\Update\ClientState" /s
reg: reg query HKLM\SOFTWARE\Google
reg: reg query HKLM\SOFTWARE\Wow6432Node\Google
reg: reg query "HKLM\SOFTWARE\Google\Update\Clients" /s
reg: reg query "HKLM\SOFTWARE\Google\Update\ClientState" /s
reg: reg query "HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients" /s
reg: reg query "HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState" /s
end
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value removed successfully

=========  Dir /b c:\*Google* /s =========

c:\AdwCleaner\Quarantine\C\Users\RRR\AppData\Local\Google
c:\Program Files (x86)\Google
c:\Program Files (x86)\Share on Google Plus
c:\Program Files (x86)\Google\Google Earth
c:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
c:\Program Files (x86)\Google\Google Earth\client\googleearth.exe.local
c:\Program Files (x86)\Google\Google Earth\client\google_earth.ico
c:\Program Files (x86)\Google\Google Earth\client\res\google_earth_splash.png
c:\Program Files (x86)\Google\Google Earth\client\res\ko.locale\google_earth_splash.png
c:\Program Files (x86)\Google\Google Earth\client\res\ru.locale\google_earth_splash.png
c:\Program Files (x86)\Google\Google Earth\client\res\zh-Hans.locale\google_earth_splash.png
c:\Program Files (x86)\Google\Google Earth\client\res\zh-Hant.locale\google_earth_splash.png
c:\Program Files (x86)\Google\Google Earth\plugin\googleearth.exe.local
c:\Program Files (x86)\Google\Google Earth\plugin\google_earth.ico
c:\Program Files (x86)\Google\Google Earth\plugin\res\google_earth_splash.png
c:\Program Files (x86)\Google\Update\GoogleGGupdate.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdate.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateHelper.msi
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
c:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
c:\Program Files (x86)\Google\Update�\GoogleUpdate.exe
c:\Program Files (x86)\Google\Update�\1.3.25.5\GoogleCrashHandler.exe
c:\Program Files (x86)\Google\Update�\1.3.25.5\GoogleCrashHandler64.exe
c:\Program Files (x86)\Google\Update�\1.3.25.5\GoogleUpdate.exe
c:\Program Files (x86)\Google\Update�\1.3.25.5\GoogleUpdateBroker.exe
c:\Program Files (x86)\Google\Update�\1.3.25.5\GoogleUpdateComRegisterShell64.exe
c:\Program Files (x86)\Google\Update�\1.3.25.5\GoogleUpdateHelper.msi
c:\Program Files (x86)\Google\Update�\1.3.25.5\GoogleUpdateOnDemand.exe
c:\Program Files (x86)\Google\Update�\1.3.25.5\GoogleUpdateSetup.exe
c:\Program Files (x86)\Google\Update�\1.3.25.5\npGoogleUpdate3.dll
c:\Program Files (x86)\Google\Update�\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.5\GoogleUpdateSetup.exe
c:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\google.xml
c:\Program Files (x86)\Share on Google Plus\Share on Google Plus.dat
c:\Program Files (x86)\VideoLAN\VLC\lua\meta\art\01_googleimage.luac
c:\Program Files (x86)\VideoLAN\VLC\lua\playlist\googlevideo.luac
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google ����.lnk
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth .lnk
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\����࠭� �� Google ���� � DirectX ०��.lnk
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\����࠭� �� Google ���� � OpenGL ०��.lnk
c:\Users\Administrator\AppData\Local\Google
c:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Google Earth
c:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Google Earth\Google ����.lnk
c:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth .lnk
c:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Google Earth\����࠭� �� Google ���� � DirectX ०��.lnk
c:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Google Earth\����࠭� �� Google ���� � OpenGL ०��.lnk
c:\Users\Guest\AppData\Local\Google
c:\Users\Public\Desktop\Google ����.lnk
c:\Users\RRR\AppData\Local\Google
c:\Users\RRR\AppData\Local\Google\Custom Buttons\toolbar.google.com_MXE8GT6B9RBHXCGLZ06L.xml
c:\Users\RRR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25OIUGWK\google-plus[1].jpg
c:\Users\RRR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\559IHO4I\google-plus[1].png
c:\Users\RRR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T41N1SP4\google-plus[1].jpg
c:\Users\RRR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA29W88H\google-plus[1].png
c:\Users\RRR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA29W88H\google-plus[3].png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\accounts.google.com.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\books.google.bg.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fbooks.google.bg%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fimages.google.bg%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fmaps.google.bg%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fpicasaweb.google.com%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fgoogle%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Ftranslate.google.bg%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.google.bg%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.google.com%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.google.com%2Fs2%2Ffavicons%3Fdomain=freepornsit.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\https%3A%2F%2Faccounts.google.com%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\https%3A%2F%2Fsupport.google.com%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\https%3A%2F%2Ftranslate.google.bg%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\https%3A%2F%2Ftranslate.google.com%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\https%3A%2F%2Fwww.google.bg%2Fimages%2Fbranding%2Fproduct%2Fico%2Fgoogleg_lodp.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\https%3A%2F%2Fwww.google.com%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\https%3A%2F%2Fwww.google.com%2Fimages%2Ficons%2Fproduct%2Fsites-16.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\https%3A%2F%2Fwww.google.com.mx%2Ffavicon.png
c:\Users\RRR\AppData\Local\Opera\Opera\icons\images.google.bg.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\maps.google.bg.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\maps.google.ca.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\maps.google.com.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\picasaweb.google.com.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\plus.google.com.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\sites.google.com.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\support.google.com.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\translate.google.bg.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\translate.google.com.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\www.google.bg.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\www.google.com.idx
c:\Users\RRR\AppData\Local\Opera\Opera\icons\www.google.com.mx.idx
c:\Users\RRR\AppData\Local\Temp\GUM68D0.tmp\GoogleUpdateSetup.exe
c:\Users\RRR\AppData\LocalLow\Google
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_1050_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_360cities64_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_3d_buildings_new_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_blue_star_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_census_new_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_city_capital_star.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_city_major.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_flag64_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_generic_poi_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_lil_earth_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_ocean_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_panoramioclustered64_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_panoramio_cluster_n1.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_panoramio_cluster_n2.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_panoramio_cluster_n3.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_panoramio_photo_square_l.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_park-15.png
c:\Users\RRR\AppData\LocalLow\Google\GoogleEarth\icons\kh.google.com_icons_roads_legend_l.png
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7L4J33E8\googleads.g.doubleclick[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7L4J33E8\plus.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7L4J33E8\tpc.googlesyndication[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7L4J33E8\www.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\AHURWFCW\googleads.g.doubleclick[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\AHURWFCW\plus.googleapis[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\AHURWFCW\www.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\AX7OCEZD\play.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\AX7OCEZD\translate.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CQETTWM0\translate.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CQETTWM0\translate.google[2].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\HPMSKKNY\googleads.g.doubleclick[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\HPMSKKNY\plus.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\HPMSKKNY\translate.googleusercontent[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\HPMSKKNY\translate.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\HPMSKKNY\www.google[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\MMNMP0FE\googleads.g.doubleclick[1].xml
c:\Users\RRR\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\MMNMP0FE\www.google[1].xml
c:\Users\RRR\AppData\Roaming\ACEStream\player\lua\meta\art\01_googleimage.luac
c:\Users\RRR\AppData\Roaming\ACEStream\player\lua\playlist\googlevideo.luac
c:\Users\RRR\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_www.google.bg_0.localstorage
c:\Users\RRR\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_www.google.bg_0.localstorage-journal
c:\Windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
c:\Windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google

========= End of CMD: =========


========= reg query HKCU\SOFTWARE\Google =========


HKEY_CURRENT_USER\SOFTWARE\Google\Common
HKEY_CURRENT_USER\SOFTWARE\Google\GECommonSettings
HKEY_CURRENT_USER\SOFTWARE\Google\Google Earth Plus
HKEY_CURRENT_USER\SOFTWARE\Google\Software Removal Tool
HKEY_CURRENT_USER\SOFTWARE\Google\Update


========= End of Reg: =========


========= reg query "HKCU\SOFTWARE\Google\Update\Clients" /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg query "HKCU\SOFTWARE\Google\Update\ClientState" /s =========


HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
    dr    REG_SZ    1

HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
    dr    REG_SZ    1
    lastrun    REG_SZ    13084053209466234



========= End of Reg: =========


========= reg query HKLM\SOFTWARE\Google =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg query HKLM\SOFTWARE\Wow6432Node\Google =========


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\GoogleEarthPlugin
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\NavClient
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\No Chrome Offer Until
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update


========= End of Reg: =========


========= reg query "HKLM\SOFTWARE\Google\Update\Clients" /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg query "HKLM\SOFTWARE\Google\Update\ClientState" /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg query "HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients" /s =========


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
    pv    REG_SZ    1.3.26.9
    name    REG_SZ    Google ЂЄвг «Ё§ жЁп



========= End of Reg: =========


========= reg query "HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState" /s =========


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
    pv    REG_SZ    1.3.26.9
    brand    REG_SZ    IHCB
    InstallTime    REG_DWORD    0x53f1eb57
    DayOfInstall    REG_DWORD    0xae2
    DayOfLastActivity    REG_DWORD    0xffffffff
    DayOfLastRollCall    REG_DWORD    0xb26
    experiment_labels    REG_SZ    omaha=long_tail_update|Thu, 21 Aug 2014 02:55:20 GMT
    RollCallDayStartSec    REG_DWORD    0x544b4a82
    LastCheckSuccess    REG_DWORD    0x544b5d31
    UpdateTime    REG_DWORD    0x544178ad

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\CurrentState
    StateValue    REG_DWORD    0x10

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
    UninstallArguments    REG_SZ     --uninstall --multi-install --msi --system-level --verbose-logging
    brand    REG_SZ    IHCB
    ap    REG_SZ    2.0-dev-multi
    pv    REG_SZ    38.0.2125.104
    ActivePingDayStartSec    REG_DWORD    0x5449f902
    RollCallDayStartSec    REG_DWORD    0x544b4a82
    DayOfLastActivity    REG_DWORD    0xb25
    DayOfLastRollCall    REG_DWORD    0xb26
    LastCheckSuccess    REG_DWORD    0x544b5d31
    UpdateTime    REG_DWORD    0x5447a164
    LastInstallerResult    REG_DWORD    0x0
    LastInstallerError    REG_DWORD    0x2
    msi    REG_DWORD    0x0
    InstallerResult    REG_DWORD    0x0
    InstallerError    REG_DWORD    0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\CurrentState
    StateValue    REG_DWORD    0x10

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
    brand    REG_SZ    IHCB
    InstallTime    REG_DWORD    0x53f1eb59
    DayOfInstall    REG_DWORD    0xae2
    DayOfLastActivity    REG_DWORD    0xb25
    DayOfLastRollCall    REG_DWORD    0xb26
    UninstallArguments    REG_SZ     --uninstall --multi-install --chrome --msi --system-level --verbose-logging
    pv    REG_SZ    44.0.2403.155
    LastCheckSuccess    REG_DWORD    0x55ce3d87
    ActivePingDayStartSec    REG_DWORD    0x5449f902
    RollCallDayStartSec    REG_DWORD    0x544b4a82
    experiment_labels    REG_SZ    CrVar1=3312701|Mon, 01 Aug 2016 12:06:44 GMT;CrVar2=3300143|Wed, 15 Jun 2016 11:29:49 GMT;CrVar3=3300029|Wed, 15 Jun 2016 11:29:49 GMT;CrVar4=3300120|Wed, 15 Jun 2016 11:29:49 GMT;CrVar5=3300132|Wed, 15 Jun 2016 11:29:49 GMT;CrVar6=3300108|Wed, 15 Jun 2016 11:29:49 GMT;CrVar7=3300135|Wed, 15 Jun 2016 11:29:49 GMT
    msi    REG_DWORD    0x0
    ap    REG_SZ    2.0-dev-multi-chrome
    LastInstallerResult    REG_DWORD    0x0
    LastInstallerError    REG_DWORD    0x2
    usagestats    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
    StateValue    REG_DWORD    0xe
    DownloadTimeRemainingMs    REG_DWORD    0xffffffff
    DownloadProgressPercent    REG_DWORD    0x0
    InstallTimeRemainingMs    REG_DWORD    0x0
    InstallProgressPercent    REG_DWORD    0x64

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}
    pv    REG_SZ    38.0.2125.104
    RollCallDayStartSec    REG_DWORD    0x544b4a82
    DayOfLastRollCall    REG_DWORD    0xb26

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}\CurrentState
    StateValue    REG_DWORD    0x11



========= End of Reg: =========


==== End of Fixlog 10:22:00 ====

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

След това пробвайте да инсталирате отново Google Chrome.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ето лог файла:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by RRR (2015-09-16 12:12:33) Run:2
Running from C:\Users\RRR\Desktop\New folder (2)
Loaded Profiles: RRR (Available Profiles: RRR)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
end
*****************

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D} => key removed successfully

==== End of Fixlog 12:12:33 ====

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

След като вече сме премахнали ключовете в регистрите просто го деинсталирайте отново и след това го преинсталирайте.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Преинсталирах го и си чакам вече 15 мин. да зареди след поредния блокаж, явно ще бъде изключен по грубия начин за пореден път.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Нека да стои така. Не сме свършили с почистването така или иначе.

 

Изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

 

Сега за да продължим с почистването следвайте следните стъпки:

 

 

СТЪПКА 1

 

  • Изтеглете и стартирайтe последната версия на 6sv1DN9.jpgAdwCleaner.exe..
  • Натиснете бутона Scan.
  • AdwCleaner ще започне да проверява компютъра.
  • След като проверката приключи натиснете бутона Clean.
  • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
  • Ще се появи автоматично лог файл с името (AdwCleaner[s0].txt) в C:\Adwcleaner
  • Публикувайте съдържанието му в следващия си коментар.

 

 

СТЪПКА 2

 

 

Моля изтеглете icon1351185104.png Junkware Removal Tool на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

 

СТЪПКА 3

 

 

Направете нова проверка с FRST като се уверите, че има отметка пред Addition.txt преди да натиснете бутона SCAN.

Прикачете новите два лог файла - FRST.txt и Addition.txt в следващия си коментар.

 

 

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Лог файла:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by RRR (2015-09-16 21:02:09) Run:3
Running from C:\Users\RRR\Desktop\FRST-OlderVersion
Loaded Profiles: RRR (Available Profiles: RRR)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
OPR Extension: (No Name) - C:\Users\RRR\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-02-27]
2015-08-28 14:05 - 2015-06-01 08:44 - 00000000 ____D C:\Program Files (x86)\Omnifinder
2015-06-23 08:55 - 2015-08-01 13:57 - 0000020 _____ () C:\Users\RRR\AppData\Roaming\appdataFr2.bin
2015-06-15 14:29 - 2015-07-03 12:47 - 0000024 _____ () C:\Users\RRR\AppData\Roaming\appdataFr25.bin
Task: {1C7C436F-B485-437A-92A5-669FA1451B92} - \DNSWETHERSFIELD -> No File <==== ATTENTION
Task: {DD133C23-348B-4E41-93C7-675D29B85B5A} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{716405bc-1f38-db87-7164-405bc1f316f0}\hqghumeaylnlf.exe <==== ATTENTION
c:\programdata\{716405bc-1f38-db87-7164-405bc1f316f0}
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
C:\Users\RRR\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim => moved successfully
C:\Program Files (x86)\Omnifinder => moved successfully
C:\Users\RRR\AppData\Roaming\appdataFr2.bin => moved successfully
C:\Users\RRR\AppData\Roaming\appdataFr25.bin => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1C7C436F-B485-437A-92A5-669FA1451B92}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C7C436F-B485-437A-92A5-669FA1451B92}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSWETHERSFIELD" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD133C23-348B-4E41-93C7-675D29B85B5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD133C23-348B-4E41-93C7-675D29B85B5A}" => key removed successfully
C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6] => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[8da6]" => key removed successfully
"c:\programdata\{716405bc-1f38-db87-7164-405bc1f316f0}" => File/Folder not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {647D83BB-8F7D-4C6D-8D36-ED1EBCA3D75E}.
Unable to cancel {7D84FF2C-827B-4F45-A510-688EE1E1F737}.
Unable to cancel {B722E082-4326-4BD9-8912-001E420CECFA}.
0 out of 3 jobs canceled.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 9.7 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 21:04:37 ====

 

 

 

СТЪПКА 1

 

# AdwCleaner v5.007 - Logfile created 16/09/2015 at 21:23:11
# Updated 08/09/2015 by Xplode
# Database : 2015-09-15.1 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : RRR - RRR-PC
# Running from : C:\Users\RRR\Desktop\adwcleaner_5.007.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\RRR\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iajffemldkkhodaedkcpnbpfabiglmdi
[!] Folder Not Deleted : C:\Users\RRR\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iajffemldkkhodaedkcpnbpfabiglmdi
[!] Folder Not Deleted : C:\Users\RRR\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iajffemldkkhodaedkcpnbpfabiglmdi
[-] Folder Deleted : C:\Users\RRR\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iajffemldkkhodaedkcpnbpfabiglmdi
[!] Folder Not Deleted : C:\Users\RRR\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iajffemldkkhodaedkcpnbpfabiglmdi
[!] Folder Not Deleted : C:\Users\RRR\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iajffemldkkhodaedkcpnbpfabiglmdi

***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: Winsock sеttings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1399 bytes] ##########
 


СТЪПКА 2

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 7 Home Premium x64
Ran by RRR on 16/09/2015 at 21:55:58.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] C:\Users\RRR\AppData\Roaming\acestream
Successfully deleted: [Folder] C:\Program Files (x86)\Do Not Disturb
Successfully deleted: [Folder] C:\Users\RRR\AppData\Roaming\.acestream
Successfully deleted: [Folder] C:\ProgramData\coinsavoe
Successfully deleted: [Folder] C:\ProgramData\onamlcnfmfdbihloidoehgdcoojflpgk



~~~ FireFox

Emptied folder: C:\Users\RRR\AppData\Roaming\mozilla\firefox\profiles\w3qckbrn.default\minidumps [4 files]



~~~ Chrome


[C:\Users\RRR\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\RRR\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\RRR\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\RRR\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/09/2015 at 21:59:30.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

СТЪПКА 3

 

 

FRST.txt

Addition.txt

Редактирано от stepan10 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Така, имаме напредък.

 

Изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

 

След това пишете как е положението.

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Лог файла:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by RRR (2015-09-16 23:44:47) Run:4
Running from C:\Users\RRR\Desktop\FRST-OlderVersion
Loaded Profiles: RRR (Available Profiles: RRR)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
HKLM-x32\...\Run: [NWEReboot] => [X]
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [AceStream] => C:\Users\RRR\AppData\Roaming\ACEStream\engine\ace_engine.exe
FF Plugin HKU\S-1-5-21-3352682033-4164677752-1323257766-1000: @acestream.net/acestreamplugin,version=2.1.5.3 -> C:\Users\RRR\AppData\Roaming\ACEStream\player\npace_plugin.dll No File
OPR Extension: (AS Magic Player) - C:\Users\RRR\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-09-16]
S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2015-09-16 21:38 - 2015-09-16 21:38 - 00000000 _____ C:\Users\RRR\AppData\Local\{2E533058-2966-48FA-BC98-B4DA2385E9E5}
2015-09-14 15:53 - 2015-09-14 15:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2A1F53E5.sys
2015-09-14 13:18 - 2015-09-14 13:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-14 12:38 - 2015-09-14 15:55 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-16 21:57 - 2013-08-17 17:02 - 00000000 ____D C:\Users\RRR\AppData\Roaming\ACEStream
2015-09-14 13:36 - 2015-06-08 17:01 - 00000000 ____D C:\Program Files (x86)\rikaikun
C:\Users\RRR\install_flashplayer15x32au_chra_dy_aaa_aih.exe
C:\Users\RRR\AppData\Local\Temp\sqlite3.dll
FirewallRules: [TCP Query User{AFA16D64-B9D3-4E76-BA6D-2A46A27E008D}C:\users\rrr\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\rrr\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [uDP Query User{B88C8446-6342-4AFA-8C2B-2BC43DC34570}C:\users\rrr\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\rrr\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{2F06F89F-62F5-4E2C-9FFD-57C41318737A}] => (Block) C:\users\rrr\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{5D849231-41C1-43C7-9A7F-444C57E4376E}] => (Block) C:\users\rrr\appdata\roaming\acestream\engine\ace_engine.exe
end
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NWEReboot => value removed successfully
HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AceStream => value removed successfully
"HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.1.5.3" => key removed successfully
C:\Users\RRR\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found.
C:\Users\RRR\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim => moved successfully
hitmanpro37 => service removed successfully
InCDFs => service removed successfully
InCDPass => service removed successfully
InCDRm => service removed successfully
MBAMSwissArmy => service removed successfully
C:\Users\RRR\AppData\Local\{2E533058-2966-48FA-BC98-B4DA2385E9E5} => moved successfully
C:\Windows\system32\Drivers\2A1F53E5.sys => moved successfully
C:\ProgramData\Malwarebytes => moved successfully
C:\ProgramData\HitmanPro => moved successfully
C:\Users\RRR\AppData\Roaming\ACEStream => moved successfully
C:\Program Files (x86)\rikaikun => moved successfully
C:\Users\RRR\install_flashplayer15x32au_chra_dy_aaa_aih.exe => moved successfully
C:\Users\RRR\AppData\Local\Temp\sqlite3.dll => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AFA16D64-B9D3-4E76-BA6D-2A46A27E008D}C:\users\rrr\appdata\roaming\acestream\engine\ace_engine.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B88C8446-6342-4AFA-8C2B-2BC43DC34570}C:\users\rrr\appdata\roaming\acestream\engine\ace_engine.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2F06F89F-62F5-4E2C-9FFD-57C41318737A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D849231-41C1-43C7-9A7F-444C57E4376E} => value removed successfully

==== End of Fixlog 23:44:56 ====

 

 

 

 

Има напредък, за пръв път от 2 дена успя да се рестатрира сам, иначе Mozilla забива като го стартирам, а Google Chrome така и не е активен след много опити да го инсталирам.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

В какъв смисъл е успял да се рестартира сам? Това по-скоро прилича на хардуерен проблем и като гледам грешките от Event Viewer-a ще имаме доста работа и в тази насока.

И не разбрах последно Google Chrome инсталиран ли е или не? Деинсталирайте го отново с помощта на GeekUninstaller и почистете всички остатъци и след това инсталирайте браузъра от офлайн инсталатора му.

 

Също така направете и следното:

 

СТЪПКА 1

 

 

 

Проверете дяла и за грешки и лоши сектори и да поправим някои от проблемите с файловата система.

 

В полето за търсене CMD => кликнете върху файла CMD.exe и изберете Run as administrator => въведете командата: chkdsk c: /x /f /r => натиснете Enter

 

Съгласете се с Y на диалоговия прозорец. Рестартирайте компютъра и би трябвало проверката да започне.След това вижте какви са били резултатите.

 

Рапорта от проверката ще намерите тук: В полето за търсене въведете eventvwr.msc => Аpplications => събитие WinInit Event ID 1001. Kопирайте рапорта в следващия си пост.

 

Ето как да намерите лог файла.

 

 

 

СТЪПКА 2

 

 

 

В полето за търсене на Windows 8 въведете CMD => кликнете с десен бутон върху CMD.exe и изберете Run as administrator.

 

След това с копи/пейст изпълнете една по една командите и след всяка натиснете Enter

 

sfc /scannow

findstr /c:"[sR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

 

Сега трябва да се появи sfcdetails.txt на десктопа. Прикачете файла, който ще се появи на десктопа - sfcdetails.txt в следващия си коментар и пишете дали има промяна.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

СТЪПКА 1

 

Checking file system on E: The type of the file system is FAT32.
One of your disks needs to be checked for consistency.
You may cancel the disk check, but it is strongly recommended that you continue.
Windows will now check the disk. Volume Serial Number is 51A9-9BEA Windows has checked the file system and found no problems.
2093043712 bytes total disk space.
8192 bytes in 2 hidden files.
28672 bytes in 7 folders.
24211456 bytes in 41 files.
2068791296 bytes available on disk.
4096 bytes in each allocation unit.
510997 total allocation units on disk.
505076 allocation units available on disk.

 

 

Не съм сигурен дали това е правилният рапорт.

 

 

Относно СТЪПКА 2, след въвеждането на първата команда сканирането стигна до 71% и така си стои вече 2 часа.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Определено не е правилния рапорт...сканираме дял C:\, не дял E:\

Като цяло се чудя и защо сте оставили E:\ във FAT32, а не в NTFS, но както и да е.

 

Проверете и намерете правилния рапорт отнасящ се за дял C:\ В предните инструкции има линк с картинки към това как да се намери лог файла.

 

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Следвайки инструкциите, единственият рапорт сканирал C: и събитие WinInit Event ID 1001 е с дата от 01.08.

Ето го и него:

 

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x1786b.
Cleaning up instance tags for file 0x19141.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x54a6b3 for possibly 0x9 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x195d0 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 103888.
Cleaning up instance tags for file 0x2e4f2.
  220160 file records processed.                                          File verification completed.
  1078 large file records processed.                                      0 bad file records processed.                                        0 EA records processed.                                              44 reparse records processed.                                       CHKDSK is verifying indexes (stage 2 of 5)...
  295982 index entries processed.                                         Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
  1 unindexed files scanned.                                         Recovering orphaned file V010149B.log (103888) into directory file 84400.
  0 unindexed files recovered.                                       CHKDSK is verifying security descriptors (stage 3 of 5)...
  220160 file SDs/SIDs processed.                                         CHKDSK is compacting the security descriptor stream
Cleaning up 3797 unused security descriptors.
Inserting data attribute into file 103888.
  37913 data files processed.                                            CHKDSK is verifying Usn Journal...
  37494664 USN bytes processed.                                             Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  220144 files processed.                                                 File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  11134429 free clusters processed.                                         Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 123371516 KB total disk space.
  78392748 KB in 180449 files.
    112232 KB in 37915 indexes.
         4 KB in bad sectors.
    328820 KB in use by the system.
     65536 KB occupied by the log file.
  44537712 KB available on disk.

      4096 bytes in each allocation unit.
  30842879 total allocation units on disk.
  11134428 allocation units available on disk.

Internal Info:
00 5c 03 00 07 55 03 00 9d 30 06 00 00 00 00 00  .\...U...0......
b9 03 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  ....,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Значи не сте направили изобщо инструкции както трябва...сега сме 18.09...

 

Ако с командата ви е трудно просто отворете My Computer => кликнете с десен бутон на дял C:\ и изберете Properties => отидете на Tools => Check Now... => сложете двете отметки и натиснете бутона Start. Рестартирайте системата и изчакайте проветката да приключи (може да мине над час). След това проверете отново и публикувайте лог файла от последната дата.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  230144 file records processed.                                          File verification completed.
  1081 large file records processed.                                      0 bad file records processed.                                        0 EA records processed.                                              44 reparse records processed.                                       CHKDSK is verifying indexes (stage 2 of 5)...
  301386 index entries processed.                                         Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file tmp.edb (106026) into directory file 57586.
  2 unindexed files scanned.                                         Recovering orphaned file {72E8C~1 (163886) into directory file 22468.
Recovering orphaned file {72e8cd6b-17f5-466d-982e-ec79271773f5}_OnDiskSnapshotProp (163886) into directory file 22468.
  0 unindexed files recovered.                                       CHKDSK is verifying security descriptors (stage 3 of 5)...
  230144 file SDs/SIDs processed.                                         Cleaning up 735 unused index entries from index $SII of file 0x9.
Cleaning up 735 unused index entries from index $SDH of file 0x9.
Cleaning up 735 unused security descriptors.
CHKDSK is compacting the security descriptor stream
  35622 data files processed.                                            CHKDSK is verifying Usn Journal...
  36880472 USN bytes processed.                                             Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc00000b5 at offset 0x51e71000 for 0x10000 bytes.
Read failure with status 0xc00000b5 at offset 0x51e80000 for 0x1000 bytes.
Windows replaced bad clusters in file 215798
of name \Windows\winsxs\WO08D5~1.175\EXPLOR~1.DLL.
  230128 files processed.                                                 File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  13883503 free clusters processed.                                         Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 123371516 KB total disk space.
  67385948 KB in 176223 files.
    113588 KB in 35625 indexes.
         8 KB in bad sectors.
    337960 KB in use by the system.
     65536 KB occupied by the log file.
  55534012 KB available on disk.

      4096 bytes in each allocation unit.
  30842879 total allocation units on disk.
  13883503 allocation units available on disk.

Internal Info:
00 83 03 00 92 3b 03 00 10 1c 06 00 00 00 00 00  .....;..........
ce 03 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  ....,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Подобни теми

    • от v3cko
      malwarbytes засече троянец и други гадинки
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.08.2018
      Ran by BECKO (administrator) on BECKO-PC (12-08-2018 08:46:39)
      Running from C:\Users\BECKO\Downloads
      Loaded Profiles: BECKO (Available Profiles: BECKO)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Английски (Съединени щати)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
      (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
      (Microsoft Corporation) C:\Windows\System32\rundll32.exe
      (Intel Corporation) C:\Windows\System32\igfxtray.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
      (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
      (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2018-08-11] (Synaptics Incorporated)
      HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\...\Run: [Chromium] => "c:\users\becko\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{4447F6FC-1164-470A-9CC4-84A798333B40}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{566E0D37-D76E-44FA-984D-4A40BF15E2B7}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe
      FireFox:
      ========
      FF ProfilePath: C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default [2018-08-12]
      FF user.js: detected! => C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default\user.js [2006-04-06]
      FF Homepage: K-Meleon\ignaeef5.default -> google.bg
      FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-08-11] ()
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.)
      Chrome: 
      =======
      CHR HomePage: Default -> hxxp://google.bg/
      CHR StartupUrls: Default -> "hxxps://www.google.bg/"
      CHR Profile: C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default [2018-08-12]
      CHR Extension: (Презентации) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-11]
      CHR Extension: (Документи) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-11]
      CHR Extension: (Google Диск) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-11]
      CHR Extension: (YouTube) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-11]
      CHR Extension: (Adblock Plus) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-08-11]
      CHR Extension: (Таблици) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-11]
      CHR Extension: (Google Документи офлайн) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-11]
      CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-08-11]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-11]
      CHR Extension: (Gmail) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-11]
      CHR Extension: (Chrome Media Router) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-11]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1680088 2018-08-11] (Broadcom Corporation.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
      R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [175320 2018-08-11] (Broadcom Corporation.)
      S3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [144600 2018-08-11] (Broadcom Corporation.)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-06-19] (Malwarebytes)
      S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [38224 2018-08-11] ()
      R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2018-08-11] (Intel Corporation)
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2018-08-11] (Intel Corporation)
      R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [44800 2018-08-11] (Infineon Technologies AG)
      R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2018-08-11] (Windows (R) Codename Longhorn DDK provider)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [165608 2018-08-11] (Malwarebytes)
      R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [95488 2018-08-12] (Malwarebytes)
      R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [42728 2018-08-12] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-08-12] (Malwarebytes)
      R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [73336 2018-08-12] (Malwarebytes)
      R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7523840 2018-08-11] (Intel Corporation)
      R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [7424 2018-08-11] ()
      R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2018-08-12] (Zemana Ltd.)
      R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2018-08-12] (Zemana Ltd.)
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-12 08:46 - 2018-08-12 08:47 - 000008916 _____ C:\Users\BECKO\Downloads\FRST.txt
      2018-08-12 08:46 - 2018-08-12 08:46 - 000000000 ____D C:\FRST
      2018-08-12 08:44 - 2018-08-12 08:44 - 001773056 _____ (Farbar) C:\Users\BECKO\Downloads\FRST.exe
      2018-08-12 08:08 - 2018-08-12 08:46 - 000032169 _____ C:\Windows\ZAM.krnl.trace
      2018-08-12 08:08 - 2018-08-12 08:46 - 000011705 _____ C:\Windows\ZAM_Guard.krnl.trace
      2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
      2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
      2018-08-12 08:08 - 2018-08-12 08:08 - 000001892 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
      2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
      2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\Program Files\Zemana AntiMalware
      2018-08-12 08:06 - 2018-08-12 08:06 - 000000000 ____D C:\Users\BECKO\AppData\Local\Zemana
      2018-08-12 08:05 - 2018-08-12 08:05 - 006625600 _____ (Zemana Ltd. ) C:\Users\BECKO\Downloads\Zemana.AntiMalware.Setup.exe
      2018-08-12 07:45 - 2018-08-12 07:45 - 007417040 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.2.2.exe
      2018-08-12 07:44 - 2018-08-12 07:45 - 000000000 ____D C:\AdwCleaner
      2018-08-12 07:44 - 2018-08-12 07:44 - 007277776 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.1.1.exe
      2018-08-12 07:12 - 2018-08-12 07:12 - 000000000 ____D C:\Users\BECKO\AppData\Local\CrashDumps
      2018-08-12 06:43 - 2018-08-12 08:36 - 000000000 ____D C:\ProgramData\RogueKiller
      2018-08-12 06:43 - 2018-08-12 08:16 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
      2018-08-12 06:42 - 2018-08-12 06:42 - 000001005 _____ C:\Users\Public\Desktop\RogueKiller.lnk
      2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
      2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\Program Files\RogueKiller
      2018-08-12 06:41 - 2018-08-12 06:41 - 036826200 _____ (Adlice Software ) C:\Users\BECKO\Downloads\RogueKiller_setup.exe
      2018-08-12 06:39 - 2018-08-12 06:39 - 000000000 _____ C:\Users\BECKO\Downloads\RogueKiller.exe
      2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ C:\Users\BECKO\AppData\Roaming\WB.CFG
      2018-08-12 00:38 - 2018-08-11 13:48 - 000000000 ____D C:\Windows\Panther
      2018-08-12 00:32 - 2018-08-12 00:32 - 000000000 ____D C:\Windows.old
      2018-08-12 00:20 - 2018-08-12 00:20 - 000000000 ____D C:\Windows\pss
      2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
      2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____D C:\Program Files\Synaptics
      2018-08-11 22:18 - 2018-08-11 22:18 - 000214312 _____ (Synaptics Incorporated) C:\Windows\system32\SynCtrl.dll
      2018-08-11 22:18 - 2018-08-11 22:18 - 000173352 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
      2018-08-11 22:18 - 2018-08-11 22:18 - 000120104 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo4.dll
      2018-08-11 22:14 - 2018-08-11 22:14 - 000165160 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
      2018-08-11 22:11 - 2018-08-11 22:11 - 001303728 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
      2018-08-11 22:09 - 2018-08-11 22:09 - 000046592 _____ (REDC) C:\Windows\system32\Drivers\risdptsk.sys
      2018-08-11 22:04 - 2018-08-11 22:04 - 000044800 _____ (Infineon Technologies AG) C:\Windows\system32\Drivers\ifxtpm.sys
      2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
      2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____D C:\Program Files\AuthenTec
      2018-08-11 21:54 - 2018-08-11 21:54 - 000000000 ____D C:\Intel
      2018-08-11 21:52 - 2018-08-11 21:53 - 000571904 _____ (Intel Corporation) C:\Windows\system32\igdumdx32.dll
      2018-08-11 21:52 - 2018-08-11 21:52 - 000452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
      2018-08-11 21:51 - 2018-08-11 21:52 - 004411392 _____ (Intel Corporation) C:\Windows\system32\igd10umd32.dll
      2018-08-11 21:48 - 2018-08-11 21:51 - 011405312 _____ (Intel Corporation) C:\Windows\system32\ig4icd32.dll
      2018-08-11 21:48 - 2018-08-11 21:48 - 000004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
      2018-08-11 21:48 - 2018-08-11 21:48 - 000000268 _____ C:\Windows\system32\GfxUI.exe.config
      2018-08-11 21:47 - 2018-08-11 21:48 - 003157784 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
      2018-08-11 21:47 - 2018-08-11 21:47 - 000189552 _____ C:\Windows\system32\Gfxres.th-TH.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000121173 _____ C:\Windows\system32\Gfxres.tr-TR.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000120320 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
      2018-08-11 21:47 - 2018-08-11 21:47 - 000104044 _____ C:\Windows\system32\Gfxres.zh-TW.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000102883 _____ C:\Windows\system32\Gfxres.zh-CN.resources
      2018-08-11 21:46 - 2018-08-11 21:47 - 000119360 _____ C:\Windows\system32\Gfxres.sv-SE.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000178407 _____ C:\Windows\system32\Gfxres.el-GR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000165395 _____ C:\Windows\system32\Gfxres.ru-RU.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000139909 _____ C:\Windows\system32\Gfxres.ar-SA.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000136401 _____ C:\Windows\system32\Gfxres.ja-JP.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000133746 _____ C:\Windows\system32\Gfxres.he-IL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000125558 _____ C:\Windows\system32\Gfxres.it-IT.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000123230 _____ C:\Windows\system32\Gfxres.ko-KR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000122927 _____ C:\Windows\system32\Gfxres.es-ES.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000122709 _____ C:\Windows\system32\Gfxres.de-DE.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000120800 _____ C:\Windows\system32\Gfxres.fr-FR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000120366 _____ C:\Windows\system32\Gfxres.pt-BR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119616 _____ C:\Windows\system32\Gfxres.hu-HU.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119586 _____ C:\Windows\system32\Gfxres.nl-NL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119067 _____ C:\Windows\system32\Gfxres.pt-PT.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118745 _____ C:\Windows\system32\Gfxres.cs-CZ.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118697 _____ C:\Windows\system32\Gfxres.fi-FI.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118409 _____ C:\Windows\system32\Gfxres.pl-PL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118058 _____ C:\Windows\system32\Gfxres.sk-SK.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114852 _____ C:\Windows\system32\Gfxres.nb-NO.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114372 _____ C:\Windows\system32\Gfxres.sl-SI.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114261 _____ C:\Windows\system32\Gfxres.da-DK.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000110214 _____ C:\Windows\system32\Gfxres.en-US.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
      2018-08-11 21:45 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
      2018-08-11 21:43 - 2018-08-11 21:45 - 008198936 _____ (Intel(R) Corporation) C:\Windows\system32\TVWSetup.exe
      2018-08-11 21:43 - 2018-08-11 21:43 - 000261632 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
      2018-08-11 21:43 - 2018-08-11 21:43 - 000179480 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
      2018-08-11 21:43 - 2018-08-11 21:43 - 000023552 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
      2018-08-11 21:42 - 2018-08-11 21:43 - 000172824 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000828928 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000268056 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000228864 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000208896 _____ (Intel Corporation) C:\Windows\system32\iglhsip32.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000195584 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000171288 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000147456 _____ (Intel Corporation) C:\Windows\system32\iglhcp32.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000138008 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000130048 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000115200 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
      2018-08-11 21:42 - 2018-08-11 21:42 - 000095232 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000057856 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
      2018-08-11 21:41 - 2018-08-11 21:42 - 001921265 _____ C:\Windows\system32\iglhxa32.cpa
      2018-08-11 21:41 - 2018-08-11 21:41 - 000439308 _____ C:\Windows\system32\igcompkrng500.bin
      2018-08-11 21:41 - 2018-08-11 21:41 - 000092356 _____ C:\Windows\system32\igfcg500m.bin
      2018-08-11 21:41 - 2018-08-11 21:41 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2555.dll
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060254 _____ C:\Windows\system32\iglhxg32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060226 _____ C:\Windows\system32\iglhxc32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060015 _____ C:\Windows\system32\iglhxo32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000051628 _____ C:\Windows\system32\iglhxs32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000001090 _____ C:\Windows\system32\iglhxa32.vp
      2018-08-11 21:40 - 2018-08-11 21:41 - 000982240 _____ C:\Windows\system32\igkrng500.bin
      2018-08-11 21:37 - 2018-08-11 21:37 - 000017408 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\KMWDFILTER.sys
      2018-08-11 21:36 - 2018-08-11 21:36 - 000007424 _____ () C:\Windows\system32\Drivers\whfltr2k.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000095488 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000073336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000042728 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-08-11 20:30 - 2018-08-11 20:30 - 000165608 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-08-11 20:27 - 2018-08-11 20:28 - 000000000 ____D C:\Users\BECKO\Downloads\windows.loader.v2.2.2
      2018-08-11 20:26 - 2018-08-11 20:26 - 001768154 _____ C:\Users\BECKO\Downloads\windows.loader.v2.2.2.zip
      2018-08-11 19:36 - 2018-08-11 19:36 - 078989872 _____ (Malwarebytes ) C:\Users\BECKO\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6237.exe
      2018-08-11 19:36 - 2018-08-11 19:36 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-08-11 19:36 - 2018-06-19 14:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
      2018-08-11 19:15 - 2018-08-11 19:15 - 000038224 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
      2018-08-11 19:14 - 2018-08-11 19:15 - 000000000 ____D C:\ProgramData\HitmanPro
      2018-08-11 18:56 - 2018-08-12 08:13 - 000001134 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
      2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll
      2018-08-11 18:53 - 2018-08-12 06:28 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\41B13405-F6F9-0E07-41F8-1ED9F82C4739
      2018-08-11 18:52 - 2018-08-11 19:54 - 000000000 ____D C:\ProgramData\McAfee
      2018-08-11 18:51 - 2018-08-12 00:31 - 000000000 ____D C:\Windows\system32\yiuxtdsr
      2018-08-11 18:50 - 2018-08-11 19:43 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Sound Volume Control
      2018-08-11 18:47 - 2018-08-11 18:47 - 000000000 ____D C:\Windows\system32\appmgmt
      2018-08-11 18:28 - 2018-08-11 18:28 - 017142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 011220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 004240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 003969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 003914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-08-11 18:28 - 2018-08-11 18:28 - 002166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-08-11 18:28 - 2018-08-11 18:28 - 001818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
      2018-08-11 18:28 - 2018-08-11 18:28 - 000610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-08-11 18:28 - 2018-08-11 18:28 - 000244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000000000 ____D C:\Users\BECKO\AppData\LocalLow\Temp
      2018-08-11 18:27 - 2018-08-11 18:27 - 001294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-08-11 18:27 - 2018-08-11 18:27 - 000240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-08-11 18:27 - 2018-08-11 18:27 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
      2018-08-11 18:27 - 2018-08-11 18:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 003419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 002284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
      2018-08-11 18:23 - 2018-08-11 18:23 - 001505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
      2018-08-11 18:22 - 2018-08-11 18:22 - 031194832 _____ (Microsoft Corporation) C:\Users\BECKO\Downloads\IE11-Windows6.1-x86-bg-bg.exe
      2018-08-11 17:59 - 2018-08-11 18:02 - 009037312 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys
      2018-08-11 17:57 - 2018-08-11 17:58 - 002760704 _____ (Intel Corporation) C:\Windows\system32\NETwNr32.dll
      2018-08-11 17:57 - 2018-08-11 17:57 - 000684032 _____ (Intel Corporation) C:\Windows\system32\NETwNc32.dll
      2018-08-11 17:55 - 2018-08-11 17:57 - 007523840 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs32.sys
      2018-08-11 17:55 - 2018-08-11 17:55 - 000527344 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
      2018-08-11 17:55 - 2018-08-11 17:55 - 000026096 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
      2018-08-11 17:54 - 2018-08-11 17:54 - 000232664 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1y6232.sys
      2018-08-11 17:54 - 2018-08-11 17:54 - 000121440 _____ (Intel Corporation) C:\Windows\system32\e1000msg.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000081600 _____ (Intel Corporation) C:\Windows\system32\NicInstY.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000028792 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000003313 _____ C:\Windows\system32\e1y6232.din
      2018-08-11 17:53 - 2018-08-11 17:53 - 000144600 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
      2018-08-11 17:53 - 2018-08-11 17:53 - 000060120 _____ (Broadcom Corporation.) C:\Windows\system32\btwdi.dll
      2018-08-11 17:52 - 2018-08-11 17:53 - 001680088 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
      2018-08-11 17:52 - 2018-08-11 17:52 - 001640152 _____ (Broadcom Corporation.) C:\Windows\system32\BcmBtRSupport.dll
      2018-08-11 17:52 - 2018-08-11 17:52 - 000175320 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
      2018-08-11 17:50 - 2018-08-11 17:50 - 000048128 _____ (REDC) C:\Windows\system32\Drivers\rimmptsk.sys
      2018-08-11 17:45 - 2018-08-11 17:45 - 001461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoinstaller01009.dll
      2018-08-11 17:45 - 2018-08-11 17:45 - 000015544 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\CPQBttn.sys
      2018-08-11 17:44 - 2018-08-11 17:44 - 000971752 _____ (AuthenTec, Inc.) C:\Windows\system32\Drivers\ATSwpWDF.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000035896 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\Accelerometer.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000026168 _____ (Hewlett-Packard Company) C:\Windows\system32\hpservice.exe
      2018-08-11 17:42 - 2018-08-11 17:42 - 000025656 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\hpdskflt.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000016952 _____ (Hewlett-Packard Company) C:\Windows\system32\accelerometerdll.DLL
      2018-08-11 17:42 - 2018-08-11 17:42 - 000014392 _____ (Hewlett-Packard Company) C:\Windows\system32\HPMDPCoInst12.dll
      2018-08-11 17:40 - 2018-08-12 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
      2018-08-11 17:39 - 2018-08-11 17:39 - 004107032 _____ (Easeware ) C:\Users\BECKO\Downloads\DriverEasy_Setup.exe
      2018-08-11 16:22 - 2018-08-11 16:22 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Adobe
      2018-08-11 16:21 - 2018-08-11 18:15 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-08-11 16:21 - 2018-08-11 18:15 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Windows\system32\Macromed
      2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Users\BECKO\AppData\Local\Adobe
      2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Macromedia
      2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Local\CEF
      2018-08-11 16:17 - 2018-08-11 17:11 - 000000000 ____D C:\Users\BECKO\AppData\Local\K-Meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Meleon.lnk
      2018-08-11 16:17 - 2018-08-11 16:17 - 000001067 _____ C:\Users\Public\Desktop\K-Meleon.lnk
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\Downloads\k-meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Mozilla
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\K-Meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Program Files\K-Meleon
      2018-08-11 16:14 - 2018-08-11 16:14 - 032875887 _____ (kmeleonbrowser.org) C:\Users\BECKO\Downloads\K-Meleon76RC.exe
      2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
      2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
      2018-08-11 16:04 - 2012-07-26 06:39 - 000526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
      2018-08-11 16:04 - 2012-07-26 06:39 - 000047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
      2018-08-11 16:04 - 2012-07-26 05:46 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
      2018-08-11 16:04 - 2012-06-02 17:34 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
      2018-08-11 14:20 - 2018-07-17 01:02 - 000480888 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      2018-08-11 14:18 - 2018-08-11 14:18 - 000000492 _____ C:\Users\BECKO\Desktop\LFS.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Google
      2018-08-11 14:03 - 2018-08-11 14:18 - 000000000 ____D C:\Users\BECKO\AppData\Local\Google
      2018-08-11 14:03 - 2018-08-11 14:03 - 000000000 ____D C:\Program Files\Google
      2018-08-11 14:02 - 2018-08-11 14:02 - 000057560 _____ C:\Users\BECKO\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-08-11 13:49 - 2018-08-11 13:49 - 000001417 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2018-08-11 13:49 - 2014-05-14 19:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
      2018-08-11 13:49 - 2014-05-14 19:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
      2018-08-11 13:49 - 2014-05-14 19:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
      2018-08-11 13:49 - 2014-05-14 19:17 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
      2018-08-11 13:49 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
      2018-08-11 13:49 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
      2018-08-11 13:48 - 2018-08-12 08:13 - 000000000 ____D C:\Users\BECKO
      2018-08-11 13:48 - 2018-08-11 13:48 - 000000020 ___SH C:\Users\BECKO\ntuser.ini
      2018-08-11 13:48 - 2018-08-11 13:48 - 000000000 ____D C:\Users\BECKO\AppData\Local\VirtualStore
      2018-08-11 13:48 - 2010-11-21 03:46 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Media Center Programs
      2018-08-11 13:43 - 2018-08-11 13:43 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
      2018-08-11 13:42 - 2018-08-11 13:42 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
      2018-08-11 13:41 - 2018-08-11 13:41 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-08-12 07:56 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-08-12 07:56 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-08-12 07:51 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-08-12 00:38 - 2009-07-14 07:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
      2018-08-11 21:57 - 2009-07-14 07:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
      2018-08-11 21:40 - 2009-07-14 01:09 - 004967424 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll
      2018-08-11 18:36 - 2009-07-14 07:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-08-11 18:34 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-08-11 17:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache
      2018-08-11 17:24 - 2010-11-21 03:38 - 000000000 ____D C:\Windows\system32\WCN
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\sysprep
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\oobe
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\migwiz
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\servicing
      2018-08-11 17:23 - 2010-11-21 03:46 - 000000000 ____D C:\Program Files\Windows Journal
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Sidebar
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Defender
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\DVD Maker
      2018-08-11 17:23 - 2009-07-14 05:37 - 000000000 ____D C:\Program Files\Common Files\System
      2018-08-11 14:05 - 2017-10-21 15:53 - 000000000 ____D C:\LFS
      2018-08-11 13:48 - 2009-07-14 05:37 - 000000000 __RHD C:\Users\Public\Libraries
      2018-08-11 13:43 - 2009-07-14 07:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2018-08-11 13:39 - 2010-11-21 03:46 - 000000000 ____D C:\Windows\CSC
      ==================== Files in the root of some directories =======
      2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll
      2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ () C:\Users\BECKO\AppData\Roaming\WB.CFG
      Some files in TEMP:
      ====================
      2018-08-12 06:43 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Local\Temp\dllnt_dump.dll
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-08-11 13:38
      ==================== End of FRST.txt ============================
      Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02.08.2018
      Ran by BECKO (12-08-2018 08:47:38)
      Running from C:\Users\BECKO\Downloads
      Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2018-08-11 10:48:46)
      Boot Mode: Normal
      ==========================================================

      ==================== Accounts: =============================
      Administrator (S-1-5-21-4192057778-3853912004-1886924142-500 - Administrator - Disabled)
      BECKO (S-1-5-21-4192057778-3853912004-1886924142-1001 - Administrator - Enabled) => C:\Users\BECKO
      Guest (S-1-5-21-4192057778-3853912004-1886924142-501 - Limited - Disabled)
      HomeGroupUser$ (S-1-5-21-4192057778-3853912004-1886924142-1002 - Limited - Enabled)
      ==================== Security Center ========================
      (If an entry is included in the fixlist, it will be removed.)
      AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
      AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
      AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      ==================== Installed Programs ======================
      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
      Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
      Adobe Flash Player 30 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
      Driver Easy 5.6.4 (HKLM\...\DriverEasy_is1) (Version: 5.6.4 - Easeware)
      Google Chrome (HKLM\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
      Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
      K-Meleon 76.0 (x86 en-US) (HKLM\...\K-Meleon 76.0 (x86 en-US)) (Version: 76.0 - kmeleonbrowser.org)
      Malwarebytes, версия 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
      Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
      RogueKiller version 12.12.31.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.31.0 - Adlice Software)
      Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
      Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
      ==================== Custom CLSID (Whitelisted): ==========================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      CustomCLSID: HKU\S-1-5-21-4192057778-3853912004-1886924142-1001_Classes\CLSID\{d33c6260-dafc-4b90-bf39-8ad6a5f19b7d}\localserver32 -> "C:\Program Files\Avira\SoftwareUpdater\AviraSoftwareUpdaterToastNotificationsBridge.exe" -ToastActivated => No File
      ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-08-12] ()
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2018-08-11] (Intel Corporation)
      ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-08-12] ()
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
      ==================== Scheduled Tasks (Whitelisted) =============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      Task: {15D51586-5D78-42F1-9AC0-F11850F32BB2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-08-11] (Adobe Systems Incorporated)
      Task: {4311FBF7-FF23-4B96-8A7A-7C848E6879A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-11] (Google Inc.)
      Task: {755ADDF9-F707-4126-9FD6-5EE5C09A6ED0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-11] (Google Inc.)
      Task: {87310821-94B6-4F2B-B233-805F8167F2AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-11] (Adobe Systems Incorporated)
      Task: {A663C5B5-F8F8-4769-83E9-A86545183E28} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-08-11] (Adobe Systems Incorporated)
      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      ==================== Shortcuts & WMI ========================
      (The entries could be listed to be restored or removed.)

      ==================== Loaded Modules (Whitelisted) ==============
      2018-08-11 19:36 - 2018-07-03 12:59 - 002077904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
      2018-08-11 19:36 - 2018-06-18 13:32 - 002169040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
      2018-08-11 14:04 - 2018-08-08 03:55 - 004076888 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
      2018-08-11 14:04 - 2018-08-08 03:55 - 000096088 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\libegl.dll
      ==================== Alternate Data Streams (Whitelisted) =========
      (If an entry is included in the fixlist, only the ADS will be removed.)
      AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [6121592]
      ==================== Safe Mode (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      ==================== Association (Whitelisted) ===============
      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

      ==================== Internet Explorer trusted/restricted ===============
      (If an entry is included in the fixlist, it will be removed from the registry.)

      ==================== Hosts content: ===============================
      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
      2009-07-14 05:04 - 2009-06-11 00:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

      ==================== Other Areas ============================
      (Currently there is no automatic fix for this section.)
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.0.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.
      ==================== MSCONFIG/TASK MANAGER disabled items ==

      ==================== FirewallRules (Whitelisted) ===============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      FirewallRules: [{38F020BD-9D8B-47A7-BA58-523640743E70}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
      FirewallRules: [TCP Query User{73CDBD4B-E707-4433-90BB-0CA4D37853D5}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe
      FirewallRules: [UDP Query User{43AE0B81-FBBA-40D9-9930-B10662946E5D}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe
      FirewallRules: [{EB2B59E7-24DC-4376-8CA5-5C73EB6B45AC}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
      FirewallRules: [TCP Query User{3CA70832-11D6-43D6-996B-CE4FD0FFCA2F}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
      FirewallRules: [UDP Query User{A8FAE1F8-F48D-463D-9467-C469B6224C66}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
      FirewallRules: [{C20D9306-3310-4603-955A-D8750AB02ABC}] => (Allow) C:\Users\BECKO\AppData\Local\Chromium\Application\chrome.exe
      ==================== Restore Points =========================
      11-08-2018 13:48:58 Windows Update
      11-08-2018 14:19:49 Windows Update
      11-08-2018 16:16:29 Windows Backup
      11-08-2018 16:53:14 Language Pack Installation
      11-08-2018 18:23:09 Програма за инсталиране на модули за Windows
      11-08-2018 18:41:57 Windows Update
      11-08-2018 18:46:40 Removed Avira Software Updater
      11-08-2018 19:18:13 Точка на възстановяване на HitmanPro
      11-08-2018 19:29:58 Точка на възстановяване на HitmanPro
      ==================== Faulty Device Manager Devices =============
      Name: RICOH Bay8Controller
      Description: RICOH Bay8Controller
      Class Guid: 
      Manufacturer: 
      Service: 
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      ==================== Event log errors: =========================
      Application errors:
      ==================
      Error: (08/12/2018 07:53:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:48:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:16:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:12:39 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Име на приложение с грешки: rundll32.exe_rasapi32.dll, версия: 6.1.7600.16385, времево клеймо: 0x4a5bc637
      Име на модул с грешки: rasapi32.dll_unloaded, версия: 0.0.0.0, времево клеймо: 0x5b51fcfc
      Код на изключение: 0xc0000005
      Отместване на грешка: 0x5d2300fb
      ИД на процес на грешка: 0xc58
      Начален час на приложението с грешки: 0x01d431b9f55ad649
      Път на приложението с грешки: C:\Windows\System32\rundll32.exe
      Път на модула с грешки: rasapi32.dll
      ИД на доклад: f345bb24-9de5-11e8-8c5b-002713343a56
      Error: (08/12/2018 12:27:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 10:30:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 08:31:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 07:56:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

      System errors:
      =============
      Error: (08/12/2018 07:50:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Software Protection беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 120000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.
      Error: (08/12/2018 07:50:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:50:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Windows Media Player Network Sharing Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.
      Error: (08/12/2018 07:50:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга Bluetooth Driver Management Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:46:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: Услуга Windows Media Player Network Sharing Service не може да бъде стартирана поради следната грешка: 
      Системата не може да намери указания път.
      Error: (08/12/2018 07:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга Bluetooth Driver Management Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:45:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Windows Media Player Network Sharing Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.

      Windows Defender:
      ===================================
      Date: 2018-08-11 18:49:37.775
      Description: 
      Windows Defender has detected spyware or other potentially unwanted software.
      For more information please see the following:
      http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289
      Name:SoftwareBundler:Win32/Prepscram
      ID:226289
      Severity:High
      Category:Software Bundler
      Path Found:file:C:\Program Files\KMSPico 10.2.1 Final\WindowsLoader.exe;process:pid:1664
      Detection Type:Concrete
      Detection Source:Real-Time Protection
      Status:Unknown
      Process Name:
      CodeIntegrity:
      ===================================
      Date: 2018-08-11 18:47:53.133
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:47:33.024
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:46:32.355
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:36:54.706
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:34:39.836
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:29:33.389
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:26:43.817
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:19:33.847
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      ==================== Memory info =========================== 
      Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
      Percentage of memory in use: 57%
      Total physical RAM: 3000.26 MB
      Available physical RAM: 1266.7 MB
      Total Virtual: 7094.55 MB
      Available Virtual: 5571.67 MB
      ==================== Drives ================================
      Drive c: () (Fixed) (Total:100.1 GB) (Free:34 GB) NTFS
      Drive d: () (Fixed) (Total:365.12 GB) (Free:278.48 GB) NTFS
      \\?\Volume{b6af5893-9d52-11e8-b3b1-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
      \\?\Volume{b6af5896-9d52-11e8-b3b1-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS
      ==================== MBR & Partition Table ==================
      ========================================================
      Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS)
      Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
      ==================== End of Addition.txt ============================
      това беше открито снощи 
      Malwarebytes
      www.malwarebytes.com
      -Детайли за регистъра-
      Дата на сканиране: 11.08.18 г.
      Час на сканиране: 19:39
      Файл на регистъра: 1355b5a2-9d85-11e8-97c9-002713343a56.json
      Администратор: Да
      -Информация за софтуера-
      Версия: 3.5.1.2522
      Версия на компонентите: 1.0.391
      Актуализирай версията на пакета: 1.0.6301
      Лиценз: Пробен период
      -Системна информация-
      OS: Windows 7 Service Pack 1
      CPU: x86
      Файлова система: NTFS
      Потребител: BECKO-PC\BECKO
      -Резюме на сканирането-
      Тип сканиране: Threat Scan
      Сканирането е стартирано от: Ръчно
      Резултат: Завършено
      Сканирани обекти: 158748
      Открити заплахи: 85
      Заплахи под карантина: 85
      Изтекло време: 3 мин, 55 сек
      -Опции за сканиране-
      Памет: Разрешено
      Стартиране: Разрешено
      Файлова система: Разрешено
      Архиви: Разрешено
      руткитове: Разрешено
      Евристика: Разрешено
      PUP: Открий
      PUM: Открий
      -Детайли за сканирането-
      Процес: 0
      (Не бяха открити зловредни елементи)
      Модул: 0
      (Не бяха открити зловредни елементи)
      Ключ на регистъра: 16
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Chromium tatec, Под карантина, [3754], [483380],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3754], [483380],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3754], [483380],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OPERA SCHEDULED AUTOUPDATE 4086469641, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}, Под карантина, [103], [535908],1.0.6301
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Multitimer_is1, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium tatec, Под карантина, [3725], [-1],0.0.0
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3725], [-1],0.0.0
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3725], [-1],0.0.0
      Adware.FastDataX, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\FastDataX, Под карантина, [3932], [484533],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Под карантина, [417], [518478],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Под карантина, [417], [518476],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\Speedycar, Под карантина, [417], [518473],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\TechnologyDesktopnew, Под карантина, [417], [518479],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D2A33A63-8223-EBE3-33A3-9B63E32348E3}, Под карантина, [3725], [542290],1.0.6301
      Стойност на регистъра: 6
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Multitimer, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.NotChromeRun, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GOOGLECHROMEAUTOLAUNCH_A26881468A4EFB18BAF645F9B1FB72E9, Под карантина, [6940], [241243],1.0.6301
      Adware.Tuto4PC.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|QWTD433SW12, Под карантина, [3704], [522751],1.0.6301
      Adware.NeoBar, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|AwRWNQQxQn, Под карантина, [1236], [431477],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}|PATH, Под карантина, [103], [535907],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}|PATH, Под карантина, [3754], [483378],1.0.6301
      Данни на регистъра: 0
      (Не бяха открити зловредни елементи)
      Поток данни: 0
      (Не бяха открити зловредни елементи)
      Папка: 8
      PUP.Optional.BundleInstaller, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\845712, Под карантина, [407], [463480],1.0.6301
      Adware.Tuto4PC, C:\PROGRAM FILES\MULTITIMER, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\5b2ec796-04d1-0, Под карантина, [679], [407181],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\5b2ec796-56c1-1, Под карантина, [679], [407181],1.0.6301
      Adware.NeoBar, C:\USERS\BECKO\APPDATA\LOCAL\CYPJMERAKY, Под карантина, [1236], [431477],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\USERS\BECKO\APPDATA\LOCAL\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}, Под карантина, [3725], [542290],1.0.6301
      Файл: 55
      PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\5b2ec796-04d1-0\BITAC33.tmp, Под карантина, [3742], [257931],1.0.6301
      PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\5b2ec796-56c1-1\BIT96A0.tmp, Под карантина, [3742], [257931],1.0.6301
      PUP.Optional.BundleInstaller, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\845712\ic-0.9290ec7e4e043.exe, Под карантина, [407], [463480],1.0.6301
      PUP.Optional.BundleInstaller, C:\Users\BECKO\AppData\Local\Temp\845712\ic-0.ab640b600fd5f8.exe, Под карантина, [407], [463480],1.0.6301
      PUP.Optional.WinYahoo.Generic, C:\WINDOWS\SYSTEM32\TASKS\Chromium tatec, Под карантина, [3754], [483380],1.0.6301
      Adware.Agent, C:\WINDOWS\SYSTEM32\TASKS\OPERA SCHEDULED AUTOUPDATE 4086469641, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\allradio_4.27_portable.exe, Под карантина, [103], [536191],1.0.6301
      Adware.Tuto4PC, C:\PROGRAM FILES\MULTITIMER\UNINS000.DAT, Под карантина, [2764], [474048],1.0.6301
      Adware.Tuto4PC, C:\Program Files\Multitimer\Multitimer.exe, Под карантина, [2764], [474048],1.0.6301
      Adware.Tuto4PC, C:\Program Files\Multitimer\unins000.exe, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\fado, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\hdat1, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\hdat2, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Chromium tatec, Под карантина, [3725], [-1],0.0.0
      Adware.Tuto4PC.Generic, C:\PROGRAM FILES\YUYFG\5138832.EXE, Под карантина, [3704], [522751],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      Adware.NeoBar, C:\Users\BECKO\AppData\Local\cypjMERAky\activation.exe, Под карантина, [1236], [431477],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\USERS\BECKO\APPDATA\LOCAL\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HOWTOREMOVE\HOWTOREMOVE.HTML, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\chromium-min.jpg, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\control panel-min-min.JPG, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\down.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\ff menu.JPG, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\ff search engine-min.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\hp-min ff.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\hp-min ie.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\search engine.gif, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\setup pages.gif, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\sp-min.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\start-min.jpg, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\up.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\lilacisa, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\lonadel, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\uninst.exe, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\uninstp.dat, Под карантина, [3725], [542290],1.0.6301
      Ransom.Crysis, C:\USERS\BECKO\APPDATA\ROAMING\MICROSOFT\WINDOWS\REACSRHG\UIFBACFE.EXE, Под карантина, [7210], [551188],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\Sound Volume Control.lnk, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\ROAMING\SOUND VOLUME CONTROL\SNDVOL.EXE, Под карантина, [0], [392686],1.0.6301
      PUP.Optional.BundleInstaller, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\REGISTRY_ACTIVATION_2751393056.EXE, Под карантина, [407], [505351],1.0.6301
      Trojan.MalPack, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\WINDOWSLOADER.EXE, Под карантина, [4152], [500527],1.0.6301
      Backdoor.Bot, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\ACTIVATION.EXE, Под карантина, [806], [419768],1.0.6301
      Adware.Agent, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\IS-AT1Q7.TMP\ZRGVBV.DLL, Под карантина, [103], [539849],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP2_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP3_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP4_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Adware.Tuto4PC, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\EYEKAZXXJYM.EXE, Под карантина, [2764], [474076],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\REFSUTIL.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\BEAD.TMP.EXE, Под карантина, [0], [392686],1.0.6301
      Физически сектор: 0
      (Не бяха открити зловредни елементи)
      WMI: 0
      (Не бяха открити зловредни елементи)

      (end)
    • от Антон Ангелов
      Здравейте,
      Имам съмнения, че системата ми е заразена работи, бавно и първият път, като отворя нов таб във файрфокс се отварят още два прозореца с реклами.
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
      Ran by Anton (administrator) on DESKTOP-IRI1MIH (04-08-2018 17:20:24)
      Running from C:\Users\Anton\Desktop
      Loaded Profiles: Anton (Available Profiles: Anton)
      Platform: Windows 10 Enterprise Version 1709 16299.431 (X64) Language: Български (България)
      Internet Explorer Version 11 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AMD) C:\Windows\System32\atiesrxx.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
      (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
      (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
      () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Intel Corporation) C:\Windows\System32\igfxHK.exe
      () C:\Windows\System32\igfxTray.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
      () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
      (Realtek semiconductor) C:\Windows\RTFTrack.exe
      (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
      (BitTorrent Inc.) C:\Users\Anton\AppData\Roaming\uTorrent\uTorrent.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (BitTorrent Inc.) C:\Users\Anton\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
      (BitTorrent Inc.) C:\Users\Anton\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
      () C:\Program Files\WindowsApps\60145ScottBrogden.ditto-cp_3.21.223.0_x86__n6b029mg40na2\Ditto.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
      (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
      (Lenovo Group Limited) C:\Users\Anton\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe
      (AVAST Software) C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
      (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
      (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
      HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5052120 2015-06-01] (Realtek semiconductor)
      HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-22] (AVAST Software)
      HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
      HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
      HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-22] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
      HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\Run: [uTorrent] => C:\Users\Anton\AppData\Roaming\uTorrent\uTorrent.exe [1984184 2018-06-22] (BitTorrent Inc.)
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\Run: [Viber] => C:\Users\Anton\AppData\Local\Viber\Viber.exe [37338696 2018-04-24] (Viber Media S.à r.l.)
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5263040 2018-01-30] (Disc Soft Ltd)
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7368480 2018-08-04] (Lavasoft)
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\MountPoints2: {a097669a-1fdb-11e8-8817-f8a963267c4d} - "I:\startme.exe"
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\MountPoints2: {a09767e5-1fdb-11e8-8817-f8a963267c4d} - "H:\SETUP.EXE"
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\MountPoints2: {a0976fa4-1fdb-11e8-8817-f8a963267c4d} - "I:\Setup.exe"
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 62.221.132.211 85.130.60.11
      Tcpip\..\Interfaces\{3dad8f67-5fb2-42f7-8404-142ac9dfe4b7}: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{7fd9a328-bcce-42f4-bd1c-45a1f2ee1e6c}: [DhcpNameServer] 62.221.132.211 85.130.60.11
      Internet Explorer:
      ==================
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180523__yaie
      SearchScopes: HKU\S-1-5-21-1747955922-307037692-2103265143-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10420__180523__yaie&p={searchTerms}
      BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-04-10] (Microsoft Corporation)
      BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
      BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
      BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
      Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
      Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
      Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
      Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
      FireFox:
      ========
      FF DefaultProfile: 6l09fpov.default-1519148072560
      FF ProfilePath: C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560 [2018-08-04]
      FF Homepage: Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560 -> about:home
      FF NewTab: Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180523__yaff
      FF Extension: (Easy YouTube mp3) - C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560\Extensions\d.lehr@chello.at.xpi [2018-07-07]
      FF Extension: (Avast Online Security) - C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560\Extensions\wrc@avast.com.xpi [2018-06-01]
      FF Extension: (Adblock Plus) - C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-18]
      FF SearchPlugin: C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-23]
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-14] ()
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-14] ()
      FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-10] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
      FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
      FF Plugin HKU\S-1-5-21-1747955922-307037692-2103265143-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Anton\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)
      Chrome:
      =======
      CHR HomePage: Default -> hxxp://www.google.com
      CHR Profile: C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default [2018-07-25]
      CHR Extension: (YouTube) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-26]
      CHR Extension: (Adobe Acrobat) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-26]
      CHR Extension: (Avast SafePrice) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-02-18]
      CHR Extension: (Avast Online Security) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-26]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-26]
      CHR Extension: (Chrome Media Router) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-23]
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
      R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
      R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
      R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-06-22] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-06-22] (AVAST Software)
      R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3480768 2018-01-30] (Disc Soft Ltd)
      R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2016-09-20] (Nero AG)
      R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
      R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
      S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-31] (Microsoft Corporation)
      R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
      R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25888 2018-08-04] ()
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc.)
      R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-06-22] (AVAST Software)
      R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-06-22] (AVAST Software)
      R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-06-22] (AVAST Software)
      R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-06-22] (AVAST Software)
      R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-06-22] (AVAST Software)
      S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-06-22] (AVAST Software)
      R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-06-22] (AVAST Software)
      S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-06-22] (AVAST Software)
      R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-06-22] (AVAST Software)
      R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-06-22] (AVAST Software)
      R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-06-22] (AVAST Software)
      R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-06-22] (AVAST Software)
      R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467064 2018-07-25] (AVAST Software)
      R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-06-22] (AVAST Software)
      R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-06-22] (AVAST Software)
      R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-03-04] (Disc Soft Ltd)
      R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-03-04] (Disc Soft Ltd)
      R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
      S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
      R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp.)
      R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
      S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-04 17:19 - 2018-08-04 17:20 - 000040238 _____ C:\Users\Anton\Desktop\Addition.txt
      2018-08-04 17:16 - 2018-08-04 17:23 - 000018696 _____ C:\Users\Anton\Desktop\FRST.txt
      2018-08-04 17:16 - 2018-08-04 17:20 - 000000000 ____D C:\FRST
      2018-08-04 17:14 - 2018-08-04 17:15 - 002412544 _____ (Farbar) C:\Users\Anton\Desktop\FRST64.exe
      2018-08-04 17:09 - 2018-08-04 17:09 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
      2018-07-25 15:13 - 2018-07-25 15:13 - 000000000 ____D C:\Users\Anton\AppData\Local\PlaceholderTileLogoFolder
      2018-07-25 15:11 - 2018-07-25 15:11 - 000107310 _____ C:\Users\Anton\Desktop\FileZilla.xml
      2018-07-25 15:10 - 2018-07-25 15:11 - 007791072 _____ (Tim Kosse) C:\Users\Anton\Downloads\FileZilla_3.35.1_win64-setup.exe
      2018-07-19 13:01 - 2018-07-19 13:01 - 000000711 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tanki Online.lnk
      2018-07-19 12:59 - 2018-07-19 12:59 - 009644712 _____ (AlternativaGame Ltd ) C:\Users\Anton\Downloads\tankionline_eu.exe
      2018-07-19 09:44 - 2018-08-04 17:06 - 000000000 ____D C:\Users\Anton\AppData\LocalLow\uTorrent
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-04 17:22 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
      2018-08-04 17:22 - 2017-09-26 18:50 - 000000000 ____D C:\Users\Anton\AppData\Roaming\uTorrent
      2018-08-04 17:21 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\AppReadiness
      2018-08-04 17:09 - 2017-09-26 00:28 - 000000000 ____D C:\Users\Anton\AppData\LocalLow\Mozilla
      2018-08-04 17:08 - 2018-06-23 10:14 - 000000000 ____D C:\Users\Anton\AppData\Local\AVAST Software
      2018-08-04 17:06 - 2017-10-12 22:48 - 000000000 ____D C:\Users\Anton\AppData\Local\HTC MediaHub
      2018-08-04 17:05 - 2017-12-31 07:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2018-08-04 17:05 - 2017-10-23 19:45 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-08-04 17:05 - 2017-10-21 12:50 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
      2018-08-04 17:05 - 2017-09-26 00:39 - 000000000 __SHD C:\Users\Anton\IntelGraphicsProfiles
      2018-07-25 20:17 - 2017-09-29 11:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
      2018-07-25 20:00 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\system32\NDF
      2018-07-25 19:52 - 2017-12-31 07:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
      2018-07-25 17:10 - 2017-12-31 07:18 - 000000000 ____D C:\Users\Anton
      2018-07-25 16:53 - 2017-09-26 19:10 - 000000000 ____D C:\Users\Anton\AppData\Roaming\vlc
      2018-07-25 16:51 - 2018-06-03 23:14 - 000000000 ____D C:\Users\Anton\AppData\Roaming\FileZilla
      2018-07-25 15:48 - 2018-06-03 23:14 - 000000000 ____D C:\Users\Anton\AppData\Local\FileZilla
      2018-07-25 15:13 - 2017-12-31 07:19 - 000000000 ____D C:\Users\Anton\AppData\Local\Packages
      2018-07-25 15:13 - 2017-09-29 16:46 - 000000000 ___HD C:\Program Files\WindowsApps
      2018-07-25 15:12 - 2018-06-03 23:12 - 000000000 ____D C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
      2018-07-25 15:12 - 2018-06-03 23:12 - 000000000 ____D C:\Program Files\FileZilla FTP Client
      2018-07-25 14:51 - 2017-09-26 18:43 - 000467064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
      2018-07-24 21:36 - 2017-12-31 07:35 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
      2018-07-22 16:34 - 2017-10-08 22:55 - 000000875 _____ C:\Users\Anton\Desktop\Книги.txt
      2018-07-22 15:44 - 2017-09-29 16:37 - 000000000 ____D C:\WINDOWS\CbsTemp
      2018-07-18 23:21 - 2018-06-26 23:00 - 000000000 ____D C:\Users\Anton\AppData\Local\CrashDumps
      2018-07-18 23:19 - 2018-04-21 10:07 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
      2018-07-18 23:18 - 2015-10-30 10:24 - 000000167 _____ C:\WINDOWS\win.ini
      2018-07-15 13:29 - 2017-09-27 00:48 - 000000000 ____D C:\WINDOWS\system32\MRT
      2018-07-15 13:24 - 2017-09-27 00:48 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
      2018-07-15 13:17 - 2017-09-29 16:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
      2018-07-15 12:58 - 2017-12-23 17:33 - 000000000 ___DC C:\WINDOWS\Panther
      2018-07-15 12:16 - 2017-12-31 07:34 - 000065683 _____ C:\WINDOWS\diagwrn.xml
      2018-07-15 12:16 - 2017-12-31 07:34 - 000062868 _____ C:\WINDOWS\diagerr.xml
      2018-07-15 10:45 - 2017-10-21 13:22 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
      2018-07-15 10:43 - 2017-09-29 11:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
      2018-07-15 10:07 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\Registration
      2018-07-15 10:06 - 2018-04-12 20:30 - 000000000 ___HD C:\$WINDOWS.~BT
      2018-07-14 11:11 - 2017-10-15 22:30 - 000000000 ____D C:\Users\Anton\AppData\Local\LenovoServiceBridge
      2018-07-14 11:05 - 2018-03-15 00:41 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
      2018-07-14 11:05 - 2017-12-31 07:35 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
      2018-07-14 11:05 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
      2018-07-14 11:05 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2018-07-10 23:51 - 2017-09-29 00:46 - 000000187 _____ C:\Users\Anton\Desktop\Angliski.txt
      2018-07-10 20:48 - 2017-12-31 07:35 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
      2018-07-10 20:47 - 2017-09-26 18:59 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2018-07-10 08:13 - 2017-12-31 07:35 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1747955922-307037692-2103265143-1001
      2018-07-10 08:13 - 2017-09-26 00:26 - 000002391 _____ C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      2018-07-10 08:13 - 2017-09-26 00:26 - 000000000 ___RD C:\Users\Anton\OneDrive
      2018-07-08 23:05 - 2018-02-20 20:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2018-07-08 23:05 - 2018-02-20 20:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2018-07-07 15:25 - 2018-02-20 20:34 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
      ==================== Files in the root of some directories =======
      2018-06-03 22:57 - 2018-06-03 23:09 - 000000600 _____ () C:\Users\Anton\AppData\Roaming\winscp.rnd
      2018-02-25 19:38 - 2018-02-25 19:38 - 000001456 _____ () C:\Users\Anton\AppData\Local\Adobe Save for Web 13.0 Prefs
      2018-06-10 00:20 - 2018-06-10 00:20 - 000002031 _____ () C:\Users\Anton\AppData\Local\recently-used.xbel
      Some files in TEMP:
      ====================
      2018-07-10 08:14 - 2018-08-04 17:09 - 000391024 _____ (adaware) C:\Users\Anton\AppData\Local\Temp\wcupdater.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-07-22 16:44
      ==================== End of FRST.txt ============================
      Addition.txt
    • от CaptainJord
      Здравейте, откакто изтеглих един файл и го стартирах антивирусната ми засече някакъв вирус относно видеокартата ми (няма как файлове от видеокартата ми да са вирус) .. не знам и аз точно какво е та за по ясно ето снимка .. Колкото и да се опитвам да го махна то пак излиза ..
       
       

      Addition.txt
    • от D101149
      Здравейте! Имам вируси в компютъра. Имах Malwebytes anti-virus, изтече му лиценза пробният и го махнах и сега съм с есет за 30 дена. По-добър от Malwerbytes обаче постоянно ми вади някакъв вирус като вляза в chrome за CoinMiner
      прикачам файловете, които са ви нужни. благодаря!

      FRST.txt
      Addition.txt
    • от ℒℴ♥e
      Значи проблема е, че ми се товари процесора без видима причина, и към бонус това ми спами, някакви рандом реклами в браузера през (период от-време) без, да го стартирам, дори! (той сам се стартира)
      Вече съм с win10 pro и не знам какви са пръвите стъпки, които да направя (ако нещо се е променило (от преди време) да ми кажете), какво се правеше от самото начало?
      Като се има в предвид, че евентуално вирусите ми блокират "Malwarebytes Anti-Malware" (не се стартира след инстал) и може би, да са двойно повече от посл. път (към 500, да кажем сега).
      Не мога и да изтегля Farbar Recovery Scan Tool да кача! Не мога да го download изобщо. Браузера, които и да е, изключва при стартиране на линка!!
      Не завиждам, всъщност на този, който би се занимал с мен. И предварително, се извинявам на всеки, който съм обидил по-някакъв начин!
      И също така, съм много признателен на всички Вас, които ми оправихте последния мега-тера-гига-удар, който понесе компютъра ми, преди време и до-сега работи безотказно !!!
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.