Премини към съдържанието

Препоръчан отговор


Safe Finder се добави преди няколко дни в мозилата ми (може би и в другите браузъри, но не ги ползвам). Постоянно ми се появяват някакви прозорци или се отварят други сайтове, когато искам да отворя съвсем друг сайт. Понякога даже изобщо не ми зареждат сайтовете. Търсачката ми също се променя автоматично на yahoo safe finder или, ако търся с гугъл най-отгоре се появяват съвсем различни неща пак породени от sefe finder. Имам чувството, че това бави самия лаптоп. Надявам се, че сте ме разбрали, защото аз съм индианка в тази сфера и не знам дали се изказвам правилно :D

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Моля изпълнете инструкциите от тази тема и публикувайте логовете от FRST => Системата ми е инфектирана - Какво да правя сега?

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да, вие ми казахте вече, аз както винаги съм разсеяна

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-12-2015
Ran by Svetlichka (administrator) on TOSHIBA (19-12-2015 13:15:27)
Running from D:\Documents\Downloads
Loaded Profiles: Svetlichka (Available Profiles: Svetlichka)
Platform: Windows 8.1 Enterprise (X64) Language: Български (България)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Dripkick\Dripkick.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Temp\ob4six\runner.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\ProgramData\Zitenop\Zitenop.exe
() C:\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\dripl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(BitTorrent Inc.) C:\Users\Svetlichka\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Users\Svetlichka\AppData\Local\Viber\Viber.exe
(CyberLink Corp.) C:\PowerDVD14\PowerDVD14Agent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(BitTorrent Inc.) C:\Users\Svetlichka\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\Svetlichka\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Disc Soft Ltd) C:\Daemon Tools Lite\DiscSoftBusService.exe
() C:\ProgramData\Zitenop\Zitenop.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Users\Svetlichka\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Svetlichka\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Svetlichka\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-04] (CyberLink Corp.)
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\Run: [uTorrent] => C:\Users\Svetlichka\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-04] (BitTorrent Inc.)
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\Run: [DAEMON Tools Lite] => C:\Daemon Tools Lite\DTLite.exe [5585136 2015-03-31] (Disc Soft Ltd)
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\Run: [Viber] => C:\Users\Svetlichka\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\Run: [Google Update] => C:\Users\Svetlichka\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-12-15] (Google Inc.)
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\Run: [Lync] => "C:\Microsoft Office\Office16\lync.exe" /fromrunkey
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\MountPoints2: {14d5e788-0e18-11e5-8255-2016d88609db} - "E:\RunGame.exe"
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\MountPoints2: {14d5e78c-0e18-11e5-8255-2016d88609db} - "H:\RunGame.exe"
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\MountPoints2: {14d5e790-0e18-11e5-8255-2016d88609db} - "I:\RunGame.exe"
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\MountPoints2: {1be657c8-dc81-11e4-8251-7054d2899f9d} - "G:\SETUP.EXE"
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\MountPoints2: {26be7036-dcab-11e4-8253-2016d88609db} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\MountPoints2: {26be706e-dcab-11e4-8253-2016d88609db} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\MountPoints2: {a1aca753-1e87-11e5-8256-2016d88609db} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\MountPoints2: {edda2619-2e03-11e5-8259-2016d88609db} - "E:\HTC_Sync_Manager_PC.exe"
AppInit_DLLs: C:\ProgramData\Zitenop\Relab.dll => C:\ProgramData\Zitenop\Relab.dll [518656 2015-12-16] ()
AppInit_DLLs-x32: C:\ProgramData\Zitenop\Groovephase.dll => C:\ProgramData\Zitenop\Groovephase.dll [320512 2015-12-16] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-934708141-2903372314-3187024128-1001] => hxxp://unstopp.me/wpad.dat?ceaba8138b049902f46e796aa3275e122620118
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3C292FFC-673C-428B-BBF3-A57D34471933}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.bg/
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2oyV1M_vuKKky6_HQ7Yt--KjQLxi55CSivI4KwOO5AA7E19Ndkg6v52E5I1frOdrntOK_aJoKmHOiyphUVhkzIhkBHH5MgA5SCMPIerCQ1tRek0_QZYNh8IcEs5Ski8l6hsLOj6hagjX-DBP&q={searchTerms}
SearchScopes: HKU\S-1-5-21-934708141-2903372314-3187024128-1001 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-934708141-2903372314-3187024128-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2oyV1M_vuKKky6_HQ7Yt--KjQLxi55CSivI4KwOO5AA7E19Ndkg6v52E5I1frOdrntOK_aJoKmHOiyphUVhkzIhkBHH5MgA5SCMPIerCQ1tRek0_QZYNh8IcEs5Ski8l6hsLOj6hagjX-DBP&q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1450201075&z=d20b6ebf60797976f6cba3fgezfw5e8o4e9g8efm1q&from=obw&uid=TOSHIBAXMQ01ABD064_14RGC121TXX14RGC121T

FireFox:
========
FF ProfilePath: C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334
FF Homepage: hxxp://www.google.bg/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-934708141-2903372314-3187024128-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Svetlichka\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-934708141-2903372314-3187024128-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Svetlichka\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-15] (Google Inc.)
FF user.js: detected! => C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\user.js [2015-12-18]
FF Extension: "Camera Style - C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\Extensions\@5B4753C248531D935815F9EB175011D95B47.xpi [2015-12-17] [not signed]
FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-12-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\m4eqozce.default\extensions\deskCutv2@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\m4eqozce.default\extensions\yahooprotected@gmail.com => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!5B4753C248531D935815F9EB175011D95B47.js [2015-12-16] <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\5B4753C248531D935815F9EB175011D95B47 [2015-12-16] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.bg/
CHR Profile: C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Презентации) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-16]
CHR Extension: (Google Документи) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-16]
CHR Extension: (Google Диск) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-16]
CHR Extension: (YouTube) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-16]
CHR Extension: (Google Търсене) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-16]
CHR Extension: (Електронни таблици от Google) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-16]
CHR Extension: (Google Документи офлайн) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-16]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-16]
CHR Extension: (Gmail) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-16]
CHR Extension: (Camera Style) - C:\Users\Svetlichka\AppData\Local\Camera Style\Component [2015-12-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Daemon Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd)
R2 Dripkick; C:\Program Files\Dripkick\Dripkick.exe [379392 2015-12-13] () [File not signed]
R2 FinwarmSvc; C:\Temp\ob4six\runner.exe [45568 2015-12-15] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-12] (Stardock Software, Inc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [256912 2015-05-27] (Wondershare)
R2 Zitenop; C:\ProgramData\\Zitenop\\Zitenop.exe [437248 2015-12-16] () [File not signed]
S2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe -s [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-04-06] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 RtkBtFilter2; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [48856 2013-11-28] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-30] (Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-04-06] (Duplex Secure Ltd.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-04] (CyberLink Corp.)
S1 czwvpbrn; \??\C:\Windows\system32\drivers\czwvpbrn.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-19 13:15 - 2015-12-19 13:15 - 00000000 ____D C:\FRST
2015-12-18 13:05 - 2015-12-18 13:05 - 00000013 _____ C:\Users\Svetlichka\.pluto.tv
2015-12-18 13:04 - 2015-12-18 13:06 - 00000000 ____D C:\Program Files (x86)\Pluto TV
2015-12-18 13:03 - 2015-12-18 13:03 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\OpenCandy
2015-12-18 13:02 - 2015-12-19 10:21 - 00000000 ____D C:\Users\Svetlichka\AppData\LocalLow\uTorrent
2015-12-17 18:54 - 2015-12-17 18:54 - 00001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-17 18:54 - 2015-12-17 18:54 - 00001159 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-17 18:54 - 2015-12-17 18:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-16 20:21 - 2015-12-16 20:21 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-16 20:21 - 2015-12-16 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-16 20:19 - 2015-12-16 20:19 - 00003172 _____ C:\Windows\System32\Tasks\Camera Style
2015-12-16 20:19 - 2015-12-16 20:19 - 00003162 _____ C:\Windows\System32\Tasks\Camera Style2
2015-12-16 20:06 - 2015-12-18 13:26 - 00000000 ____D C:\Microsoft Office
2015-12-16 19:49 - 2015-12-18 13:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-16 19:47 - 2015-12-16 19:47 - 00000000 ____D C:\ProgramData\Stardock
2015-12-16 19:47 - 2015-12-16 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2015-12-16 19:47 - 2015-12-16 19:47 - 00000000 ____D C:\Program Files (x86)\Stardock
2015-12-16 19:41 - 2015-12-16 19:41 - 00003174 _____ C:\Windows\System32\Tasks\{64795C1F-BCF6-44BF-B37D-38BA728BCD5A}
2015-12-16 19:33 - 2015-12-19 10:19 - 00000000 ____D C:\ProgramData\KMSAutoS
2015-12-16 19:33 - 2015-12-16 20:27 - 00003748 _____ C:\Windows\System32\Tasks\KMSAutoNet
2015-12-16 19:27 - 2015-12-19 10:26 - 00000000 ____D C:\ProgramData\Zitenop
2015-12-16 19:27 - 2015-12-16 19:27 - 00000000 ____D C:\ProgramData\Zitenops
2015-12-16 19:26 - 2015-12-16 19:26 - 00000496 __RSH C:\ProgramData\ntuser.pol
2015-12-16 18:51 - 2015-12-16 18:51 - 00003126 _____ C:\Windows\System32\Tasks\{2A5EA6B0-25FA-41AA-B3B3-B8B527938491}
2015-12-16 18:51 - 2015-12-16 18:51 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\software
2015-12-16 18:51 - 2015-12-16 18:51 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\atb
2015-12-16 18:38 - 2015-12-16 18:38 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\wps
2015-12-16 18:33 - 2015-12-16 18:33 - 00003126 _____ C:\Windows\System32\Tasks\{A7FF5776-D79E-42B3-99DE-C5BC32C6BFAA}
2015-12-15 20:26 - 2015-12-19 12:32 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934708141-2903372314-3187024128-1001UA.job
2015-12-15 20:26 - 2015-12-18 20:32 - 00000992 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934708141-2903372314-3187024128-1001Core.job
2015-12-15 20:26 - 2015-12-15 20:27 - 00004004 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-934708141-2903372314-3187024128-1001UA
2015-12-15 20:26 - 2015-12-15 20:27 - 00003624 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-934708141-2903372314-3187024128-1001Core
2015-12-15 20:26 - 2015-12-15 20:26 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-15 19:55 - 2015-12-16 19:42 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\kingsoft
2015-12-15 19:44 - 2015-12-15 19:45 - 00000382 _____ C:\Prefs.js
2015-12-15 19:44 - 2015-12-15 19:44 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-12-15 19:44 - 2015-12-15 19:44 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-12-15 19:44 - 2015-12-15 19:44 - 00002816 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-12-15 19:44 - 2015-12-15 19:44 - 00002816 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-12-15 19:44 - 2015-12-15 19:44 - 00000000 ____D C:\searchplugins
2015-12-15 19:38 - 2015-12-16 14:50 - 00000000 ____D C:\ProgramData\Tmp0x0x
2015-12-15 19:35 - 2015-12-16 19:44 - 00000000 ____D C:\Program Files (x86)\WinRAR
2015-12-15 19:32 - 2015-12-16 20:09 - 00000000 ____D C:\Program Files (x86)\baidu
2015-12-15 19:32 - 2015-12-16 19:42 - 00000000 ____D C:\ProgramData\kingsoft
2015-12-15 19:32 - 2015-12-15 19:55 - 00003594 _____ C:\Windows\System32\Tasks\PPTAssistantUpdateTask_Svetlichka
2015-12-15 19:32 - 2015-12-15 19:32 - 00000000 ____D C:\Program Files\Dripkick
2015-12-15 19:32 - 2015-12-15 19:31 - 00000929 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-15 19:31 - 2015-12-15 19:31 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-12-15 19:14 - 2015-12-19 12:29 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-12-15 19:14 - 2015-12-15 19:14 - 00003864 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-12-15 19:12 - 2015-12-15 19:12 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\SimpleFiles
2015-12-15 19:11 - 2015-12-16 20:24 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\Opera Software
2015-12-15 19:10 - 2015-12-16 20:24 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-15 18:52 - 2015-12-15 18:52 - 00001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-15 18:52 - 2015-12-15 18:52 - 00001043 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2015-12-11 14:09 - 2015-12-11 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-09 16:36 - 2015-11-11 18:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 16:36 - 2015-11-11 18:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 16:36 - 2015-11-11 17:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 16:36 - 2015-11-11 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-09 16:36 - 2015-11-11 17:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 16:36 - 2015-11-11 17:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 16:36 - 2015-11-10 02:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 16:36 - 2015-11-10 02:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 16:36 - 2015-11-10 02:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 16:36 - 2015-11-10 02:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 16:36 - 2015-11-10 02:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 16:36 - 2015-11-10 01:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 16:36 - 2015-11-10 01:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-09 16:36 - 2015-11-10 01:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 16:36 - 2015-11-10 01:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 16:36 - 2015-11-10 01:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 16:36 - 2015-11-10 01:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 16:36 - 2015-11-10 01:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-09 16:36 - 2015-11-10 01:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 16:36 - 2015-11-10 01:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 16:36 - 2015-11-10 01:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 16:36 - 2015-11-09 00:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 16:36 - 2015-11-09 00:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 16:36 - 2015-11-09 00:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 16:36 - 2015-11-09 00:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 16:36 - 2015-11-09 00:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 16:36 - 2015-11-08 23:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 16:36 - 2015-11-08 23:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-09 16:36 - 2015-11-08 23:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-09 16:36 - 2015-11-08 23:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 16:36 - 2015-11-08 23:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 16:36 - 2015-11-08 23:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 16:36 - 2015-11-08 23:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 16:36 - 2015-11-08 23:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 16:36 - 2015-11-08 23:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 16:36 - 2015-11-08 22:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-12-09 16:36 - 2015-11-08 22:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 16:36 - 2015-11-08 22:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 16:36 - 2015-11-08 22:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 16:34 - 2015-11-05 10:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 16:33 - 2015-11-22 08:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-09 16:33 - 2015-11-22 08:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-09 16:33 - 2015-11-22 08:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-09 16:33 - 2015-11-22 08:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-09 16:33 - 2015-11-22 08:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-09 16:33 - 2015-11-22 08:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-09 16:33 - 2015-11-22 08:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-09 16:33 - 2015-11-21 20:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-09 16:33 - 2015-11-21 19:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-09 16:33 - 2015-11-21 18:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 16:33 - 2015-11-21 18:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 16:33 - 2015-11-21 18:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 16:33 - 2015-11-21 18:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 16:33 - 2015-11-09 02:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 16:33 - 2015-11-09 00:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 16:33 - 2015-11-08 23:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 16:33 - 2015-11-08 23:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 16:33 - 2015-11-08 23:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-09 16:33 - 2015-11-08 22:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 16:33 - 2015-11-08 22:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 16:33 - 2015-11-08 22:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-09 16:33 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-09 16:33 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-09 16:33 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-09 16:33 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-09 16:33 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-09 16:33 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-09 16:33 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-09 16:33 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-09 16:33 - 2015-10-22 18:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-09 16:33 - 2015-10-22 18:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-12-09 16:33 - 2015-10-22 17:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-09 16:33 - 2015-10-22 17:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-12-09 16:33 - 2015-10-22 16:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2015-12-09 16:33 - 2015-10-22 16:08 - 00513456 _____ C:\Windows\system32\locale.nls
2015-12-09 16:33 - 2015-10-10 19:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-12-09 16:33 - 2015-10-03 21:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-12-09 16:33 - 2015-10-03 21:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-12-09 16:32 - 2015-11-21 00:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 16:32 - 2015-11-20 20:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 16:32 - 2015-11-20 18:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 16:32 - 2015-11-20 18:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 16:32 - 2015-11-20 18:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 16:32 - 2015-11-20 18:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-12-09 16:32 - 2015-11-20 18:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 16:32 - 2015-11-20 18:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 16:32 - 2015-11-20 18:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 16:32 - 2015-11-20 18:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 16:32 - 2015-11-20 18:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 16:32 - 2015-11-20 18:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 16:32 - 2015-11-20 18:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 16:32 - 2015-10-28 17:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-09 16:32 - 2015-10-28 17:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-09 16:31 - 2015-10-11 08:34 - 00468824 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-09 16:31 - 2015-10-11 08:34 - 00462168 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-12-09 16:31 - 2015-10-11 08:34 - 00443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-12-09 16:31 - 2015-10-11 08:34 - 00092504 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-12-09 16:31 - 2015-10-11 08:34 - 00027992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-12-09 16:31 - 2015-10-10 20:41 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-12-09 16:31 - 2015-10-10 20:41 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-12-09 16:31 - 2015-10-08 18:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2015-12-09 16:31 - 2015-10-08 17:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2015-12-09 16:31 - 2015-10-05 20:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2015-12-09 16:31 - 2015-10-05 20:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-19 13:16 - 2015-04-06 18:33 - 00000000 ____D C:\Temp
2015-12-19 13:15 - 2015-04-06 18:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-19 13:15 - 2013-08-22 15:36 - 00000000 ____D C:\Windows
2015-12-19 13:12 - 2015-04-06 19:05 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\uTorrent
2015-12-19 13:11 - 2015-04-06 19:15 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\Skype
2015-12-19 10:56 - 2015-04-06 18:36 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-934708141-2903372314-3187024128-1001
2015-12-19 10:22 - 2015-10-03 21:29 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\ViberPC
2015-12-19 10:20 - 2015-04-06 19:48 - 00000852 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-12-19 10:20 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-19 10:20 - 2013-08-22 16:44 - 00518728 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-19 10:18 - 2015-04-06 18:42 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{46203A89-F057-4C3E-A9D9-4999F644CDA0}
2015-12-19 10:14 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2015-12-19 10:08 - 2015-04-06 19:14 - 00000000 ____D C:\ProgramData\Skype
2015-12-18 19:49 - 2015-04-06 19:48 - 00000854 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-12-18 13:27 - 2015-04-06 20:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-18 13:27 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-18 13:25 - 2014-11-21 00:10 - 00000000 ____D C:\Windows\ShellNew
2015-12-18 13:23 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-18 13:22 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-12-18 13:22 - 2013-08-22 15:25 - 00000076 _____ C:\Windows\win.ini
2015-12-18 13:05 - 2015-04-06 18:30 - 00000000 ____D C:\Users\Svetlichka
2015-12-16 20:24 - 2015-05-03 10:52 - 00000000 ____D C:\Windows\system32\appmgmt
2015-12-16 20:21 - 2015-04-06 18:44 - 00000000 ____D C:\Winrar
2015-12-16 19:47 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-16 19:38 - 2015-04-06 18:30 - 00001426 _____ C:\Users\Svetlichka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-16 14:48 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-12-15 20:35 - 2015-04-06 18:47 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-15 19:50 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-12-15 19:26 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-15 19:14 - 2015-04-06 18:49 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-15 18:53 - 2015-08-19 22:43 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-12 22:34 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-12-12 13:50 - 2015-04-07 00:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-12 13:50 - 2015-04-07 00:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-11 16:38 - 2015-04-07 00:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-11 16:38 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-11 16:32 - 2015-04-06 22:49 - 00000000 ____D C:\Windows\system32\MRT
2015-12-11 16:25 - 2015-04-06 22:49 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-11 14:09 - 2015-10-07 15:36 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-11 14:09 - 2015-05-03 10:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-09 15:15 - 2015-11-11 15:15 - 09498816 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-12-09 05:39 - 2015-04-06 23:08 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-07 10:36 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-01 19:19 - 2014-11-21 07:13 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 19:19 - 2014-11-21 07:13 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-27 17:24 - 2015-11-02 12:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2015-12-15 19:32 - 2015-12-15 19:32 - 0000187 _____ () C:\Users\Svetlichka\AppData\Local\Zimremice.exe.config

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-16 20:49

==================== End of FRST.txt ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Извинявам се за закъснението, но имах ангажименти.

 

СТЪПКА 1

 

Изтеглете програмата GeekUninstaller и я запазете на десктопа.

Разархивирайте я и стартирайте файла geek.exe IxXO5oO.jpg
От списъка намерете Camera Style (примера е за Mozilla Firefox, но това е просто за показно).

Кликнете с десен бутон върху програмата и изберете Uninstall
 
XhV2QLa.png

След края на инсталацията ще се отвори прозорец подканващ ви да премахнете всички остатъци от програмата (ако има такива, ако няма този прозорец няма да се появи):

Пример за Mozilla браузъра:

geekuninstaller-3.png

Натиснете бутона Finish за да изтриете останките от програмата.

 

СТЪПКА 2

 

Изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

Пишете и как е положението след стъпките до момента.

 

Поздрави! ;)

 

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

До момента няма разлика, продължават да ми се появяват различни прозорци на браузъра както и такива от сорта на "вие спечелихте 100 000, кликнете тук, за да си ги получите". Имам чувството, че е и по-зле даже. Не може да се влезне в нито 1 сайт от тия прозорци и други сайтове :( Powered by Constant Fun пише на тях, а сайтовете са от сорта на alibaba.com

Редактирано от youandi (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

По-зле няма как да е след като премахнахме стотици заразени обекти. Направете нова проверка с FRST като сложите отметка пред Addition.txt преди да натиснете бутона SCAN и след това прикачете и двата лог файла!

 

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Мда...видях новите зарази. Ще ги премахнем и тях. След 10 мин. скрипта трябва да е готов.

Така...деинсталирайте с помощта на GeekUninstaller програмата Constant Fun.

 

След това изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

Пишете и как е положението след стъпките до момента.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изпълних всички стъпки, но ми се появи папка FRST-OlderVersion. Обнови ли се тази програма, че се появи това ? Всичко е наред вече, не се появява нищо, благодаря

Редактирано от youandi (преглед на промените)
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да направим финални проверки:

 

СТЪПКА 1

 

  • Изтеглете и стартирайтe 6sv1DN9.jpgAdwCleaner.exe.
  • Натиснете бутона Scan.
  • AdwCleaner ще започне да проверява компютъра.
  • След като проверката приключи натиснете бутона Clean.
  • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
  • Ще се появи автоматично лог файл с името (AdwCleaner[C0].txt) в C:\Adwcleaner
  • Публикувайте съдържанието му в следващия си коментар.

 

 

СТЪПКА 2

 

Моля изтеглете icon1448041809.pngJunkware Removal Tool на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

 

СТЪПКА 3

 

Моля изтеглете Malwarebytes Anti-Malware 2.2.0.1024 Final и я запазете на вашия десктоп.

  • Стартирайте файла mbam-setup-2.1.8.1057.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката. Т.е. премахнете първата отметка:

DkgJ7Zr.png

  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.

65ZBqkR.jpg

  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

 

 

СТЪПКА 4

 

1.Изтеглете Hitman Pro.

За 32-битова система - dEMD6.gif.
За 64-битова система - Download-button3.gif

2.Стартирайте програмата.
3.След като сте стартирали програмата като кликнете върху иконата 5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).

4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.
 
Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:
 
6-scanfin-choose.jpg
 
Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:\Programdata\HitmanPro\Logs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

Забележка: Папката C:\ProgramData е скрита и затова трябва да направите скритите файлове видими по-следния начин:

От My Computer => Tools => Folder Options => View:

Сложете отметка пред "Show hidden files, folders and drives"

и махнете отметката пред "Hide protected operating system files (recommended)".

Натиснете Apply.

Сега проверете за лог файла в папката C:\Programdata\HitmanPro\Logs и го прикачете в следващия си коментар. :)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

# AdwCleaner v5.025 - Лог файлът е създаден 20/12/2015 при 23:23:11
# Обновен 13/12/2015 от Xplode
# База данни : 2015-12-13.2 [Сървър]
# Операционна система : Windows 8.1 Enterprise  (x64)
# Потребителско име : Svetlichka - TOSHIBA
# Изпълнява се от : D:\Documents\Downloads\adwcleaner_5.025.exe
# Опция : Изчистване
# Поддръжка : http://toolslib.net/forum

***** [ Сервизи ] *****


***** [ Папки ] *****


***** [ Файлове ] *****


***** [ DLLs ] *****


***** [ Преки пътища ] *****


***** [ Планирани задачи ] *****


***** [ Регистър ] *****

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Prod.cap
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\speedupmypc
[-] Ключ Изтрито : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
[-] Ключ Изтрито : HKCU\Software\Mozilla\Extends
[-] Ключ Изтрито : HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Ключ Изтрито : HKCU\Software\Conduit
[-] Ключ Изтрито : HKCU\Software\SimpleFiles
[-] Ключ Изтрито : HKCU\Software\OB
[-] Ключ Изтрито : HKCU\Software\Reg\Clean
[!] Ключ Не е Изтрито : HKCU\Software\Mozilla\Extends
[-] Ключ Изтрито : HKLM\SOFTWARE\Conduit
[-] Ключ Изтрито : HKLM\SOFTWARE\SimpleFiles
[-] Ключ Изтрито : HKLM\SOFTWARE\Uniblue
[-] Ключ Изтрито : HKLM\SOFTWARE\FFPluginHp
[-] Ключ Изтрито : HKLM\SOFTWARE\downchecker
[-] Ключ Изтрито : HKLM\SOFTWARE\Reg\Clean
[-] Ключ Изтрито : HKLM\SOFTWARE\yoursearchingSoftware
[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\downchecker

***** [ Уеб браузъри ] *****


*************************

:: "Tracing" ключове отстраняват
:: Настройките на Winsock са нулирани

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2460 байта] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 Enterprise x64
Ran by Svetlichka (Administrator) on 20.12.2015 Ј. at 23:27:15.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 0

 


Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.12.2015 Ј. at 23:29:06.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Svetlichka (2015-12-20 18:58:36) Run:2
Running from D:\Documents\Desktop
Loaded Profiles: Svetlichka (Available Profiles: Svetlichka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
() C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54\Updater.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugincontainer.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\5\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\10\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\8\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\7\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\3\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\2\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\12\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\7\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\3\Plugin.exe
C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54
BHO-x32: Constant Fun -> {9d6b19f5-4a89-4db4-b650-44222af825b0} -> C:\Program Files (x86)\Constant Fun\Extensions\9d6b19f5-4a89-4db4-b650-44222af825b0.dll [2015-12-20] ()
FF user.js: detected! => C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\user.js [2015-12-20]
FF Extension: Constant Fun - C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\Extensions\{0520d40c-d004-44b3-9a58-5ec044a672ea}.xpi [2015-12-19] [not signed]
R2 Service Mgr ConstantFun; C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugincontainer.exe [784096 2015-12-20] () <==== ATTENTION
R2 Update Mgr ConstantFun; C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54\updater.exe [638688 2015-12-20] () <==== ATTENTION
2015-12-20 12:10 - 2015-12-20 14:40 - 00000000 ____D C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54
2015-12-20 12:10 - 2015-12-20 12:10 - 00000000 ____D C:\Program Files (x86)\Constant Fun
2015-12-20 17:55 - 2015-04-06 18:33 - 00000000 ____D C:\Temp
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54\Updater.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugincontainer.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\5\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\10\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\8\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\7\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\3\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\2\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\12\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\7\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\3\Plugin.exe => No running process found
"C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54" => not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d6b19f5-4a89-4db4-b650-44222af825b0} => key not found.
HKCR\Wow6432Node\CLSID\{9d6b19f5-4a89-4db4-b650-44222af825b0} => key not found.
C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\user.js => moved successfully
C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\Extensions\{0520d40c-d004-44b3-9a58-5ec044a672ea}.xpi => not found.
Service Mgr ConstantFun => service not found.
Update Mgr ConstantFun => service not found.
"C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54" => not found.
"C:\Program Files (x86)\Constant Fun" => not found.
C:\Temp => moved successfully

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 365.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:00:10 ====


HitmanPro 3.7.12.253
www.hitmanpro.com

   Computer name . . . . : TOSHIBA
   Windows . . . . . . . : 6.3.0.9600.X64/2
   User name . . . . . . : Toshiba\Svetlichka
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-12-21 00:12:09
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 52s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 9
   Traces  . . . . . . . : 46

   Objects scanned . . . : 1 408 927
   Files scanned . . . . : 30 322
   Remnants scanned  . . : 233 558 files / 1 145 047 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFE001CFAC9DE0
      DriverName . . . . : \Driver\iaStorA
      DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFE001D00142C0 +0
   Solution
      DriverObject . . . : FFFFE001CFAC9DE0
      DriverName . . . . : \Driver\iaStorA
      DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF80082F673C0 \SystemRoot\System32\drivers\storport.sys+9152

Malware _____________________________________________________________________

   C:\FRST\Quarantine\C\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\dripl.exe
      Size . . . . . . . : 855 040 bytes
      Age  . . . . . . . : 0.5 days (2015-12-20 12:08:09)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 19D0CEC7EEE135F06812848641A9B437CA515218067672477827C662EF297A92
    > Bitdefender  . . . : Gen:Variant.Adware.Kazy.696265
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Amonetize.caru
      Fuzzy  . . . . . . : 116.0
      Forensic Cluster
         -4.8s C:\FRST\Quarantine\C\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\
         -4.8s C:\FRST\Quarantine\C\Temp\Temp\tmp4D87.tmp
         -4.5s C:\Windows\ServiceProfiles\LocalService\winhttp\2352278310.cache
          0.0s C:\FRST\Quarantine\C\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\dripl.exe
          1.4s C:\FRST\Quarantine\C\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\dripl.exe.config
         10.8s C:\FRST\Quarantine\C\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\config.conf
         13.4s C:\FRST\Quarantine\C\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\conf.db
         15.4s C:\Users\Svetlichka\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-934708141-2903372314-3187024128-1001\d9fd64fe82e3ca4c7f5401407491128a_7ea157f0-e55d-4fe6-b5a8-aff7d480c517
         17.4s C:\FRST\Quarantine\C\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\setup\
         17.4s C:\FRST\Quarantine\C\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\setup\Skype_Update.7.12.0.101.exe
         26.4s C:\FRST\Quarantine\C\Temp\Temp\8bf28faa-44af-4be9-8aff-02430a520d1f.json

   C:\FRST\Quarantine\C\Temp\Temp\nsbCD50.exe
      Size . . . . . . . : 489 787 bytes
      Age  . . . . . . . : 2.5 days (2015-12-18 13:02:01)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 8682CD0D45CAF9F68DCC5ECA64A2D615BF2FE39B5BF7EA093895C56D94F00BF6
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.OpenCandy.bh
      Fuzzy  . . . . . . : 116.0
      Forensic Cluster
         -12.7s C:\FRST\Quarantine\C\Temp\Temp\tmp9B12.tmp
         -9.1s C:\Windows\System32\LogFiles\Scm\07aa607d-0dc2-42c3-a7b5-17347967f84f
         -7.1s C:\Users\Svetlichka\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-934708141-2903372314-3187024128-1001\166d82bd2d2eca2b35f8ebe66d4a6fd1_7ea157f0-e55d-4fe6-b5a8-aff7d480c517
         -0.0s C:\FRST\Quarantine\C\Temp\Temp\nsbCD4F.exe
          0.0s C:\FRST\Quarantine\C\Temp\Temp\nsbCD4F.exe.config
          0.0s C:\FRST\Quarantine\C\Temp\Temp\nsbCD50.exe
         11.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\20\9873076B71CE8DB8.dat
         11.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\54\0B2E5F073B0D6CE6.dat
         11.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\31\7B5B8830D57874EF.dat
         13.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\84\B7D23CB5B011B330.dat
         13.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\48\2D556A7A09BC425C.dat
         14.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\2FACCEFBE799DC9564B013A10C1808F3
         17.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\78\47D0B0F29263E7E6.dat
         17.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\21\F86D692881BC2541.dat
         19.2s C:\FRST\Quarantine\C\Temp\Temp\{7FB9A4E3-E020-4D6E-A353-5E2C2D2FC447} - OProcSessId.dat
         19.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\60\88E7091383912BC4.dat
         21.6s C:\FRST\Quarantine\C\Temp\Temp\df67af99-21ac-419d-a4eb-f38fb90f11ff.json
         28.3s C:\Windows\Prefetch\SVCHOST.EXE-93CEEE07.pf
         28.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\45\1C9036760631AB05.dat
         29.1s C:\FRST\Quarantine\C\Temp\Temp\OCP3EC4.tmp
         30.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\29\DDB8F11A79DF52C9.dat
         30.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\12\D2E8AE750E168780.dat
         31.8s C:\FRST\Quarantine\C\Temp\Temp\OCP4963.tmp
         32.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\73\D2F42A42388C80D9.dat
         32.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\CAD1B2F680910698.dat
         32.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\33\F34639351E6B4275.dat
         34.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\05\C9B6D4124CD77AF9.dat
         34.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\54\885EB69A68F70A3E.dat
         34.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\67\B2A986FF8FBFF9DF.dat
         34.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\89\1640A1DF4BBD4245.dat
         34.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\88\034F408AB1D8DA1C.dat
         34.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\74\4C67CBFC0E0F56AA.dat
         34.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\04FE52094CED349C.dat
         34.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\48\FDD42BE00D4C3748.dat
         34.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\11\65776C26E7D4E693.dat
         36.5s C:\FRST\Quarantine\C\Temp\Temp\nsn5BA5.exe

   C:\FRST\Quarantine\C\Temp\Temp\nsq1CC1.exe
      Size . . . . . . . : 489 787 bytes
      Age  . . . . . . . : 0.5 days (2015-12-20 12:08:58)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 8682CD0D45CAF9F68DCC5ECA64A2D615BF2FE39B5BF7EA093895C56D94F00BF6
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.OpenCandy.bh
      Fuzzy  . . . . . . : 116.0
      Forensic Cluster
         -0.0s C:\FRST\Quarantine\C\Temp\Temp\nsq1CC0.exe
          0.0s C:\FRST\Quarantine\C\Temp\Temp\nsq1CC0.exe.config
          0.0s C:\FRST\Quarantine\C\Temp\Temp\nsq1CC1.exe

   C:\FRST\Quarantine\C\Temp\Temp\{38E111CC-4A3C-48DA-AB83-1E4D8A0D3E43}.dll
      Size . . . . . . . : 553 184 bytes
      Age  . . . . . . . : 0.5 days (2015-12-20 12:36:48)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : 5F8C343E46549C69415346E52D2BB8AE7419773AF7E7072B83021078936B57E7
      Version  . . . . . : 1.0.5831.40734
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Adware.BrowseFox.1
      Fuzzy  . . . . . . : 98.0
      Forensic Cluster
         -26.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\09\2621E3B5F451E191.dat
         -26.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\32DD543C82018A59.dat
         -26.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\48\3219B15C6E4C0A6C.dat
         -24.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\46\C13949197CF922CE.dat
         -24.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\22\FF3DA9D2A1D6DAEA.dat
         -20.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\95\9CA2507955C6AFDF.dat
         -20.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\55\0A2722A895222C7F.dat
         -20.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\ECA2E9D35D0593DD.dat
         -20.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\66\A038E89D4357C06E.dat
         -20.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\18\68BEDE5AB3664322.dat
         -20.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\66\45B577B1E207F386.dat
         -20.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\37\E2BB338658859B71.dat
         -20.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\66\DB89524DA5625026.dat
         -18.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\60\13E5E51B3F47E738.dat
         -13.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\70\1F37848736F65A7A.dat
         -12.8s C:\FRST\Quarantine\C\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\user.js.xBAD
         -12.7s C:\FRST\Quarantine\C\Temp\Temp\{EB9776E1-ADAC-4401-B58C-AC048EE0E49B}.xpi
         -7.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\09\4D237A75E8D7B109.dat
         -7.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\85\DC07D5F7C57DB5B9.dat
          0.0s C:\FRST\Quarantine\C\Temp\Temp\{38E111CC-4A3C-48DA-AB83-1E4D8A0D3E43}.dll

   C:\FRST\Quarantine\C\Temp\Temp\{A61AC8E0-9E20-4BEF-9C72-3F7D3F1CA166}.dll
      Size . . . . . . . : 556 768 bytes
      Age  . . . . . . . : 0.4 days (2015-12-20 14:41:50)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : FB4412E0D5E12604B6C89A8A68126786A06AC4868A9FE121FD21ADB3A94545F9
      Version  . . . . . : 1.0.5832.6546
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Adware.BrowseFox.1
      Fuzzy  . . . . . . : 98.0
      Forensic Cluster
         -12.7s C:\FRST\Quarantine\C\Temp\Temp\{CC55129E-7F92-4354-AD35-F33780A7CF99}.xpi
         -6.7s C:\Windows\Prefetch\PLUGIN.EXE-F82F3B22.pf
         -6.7s C:\Windows\Prefetch\PLUGIN.EXE-2260CBEE.pf
         -4.7s C:\Windows\Prefetch\PLUGIN.EXE-6CED3021.pf
         -2.4s C:\Windows\Prefetch\PLUGIN.EXE-64317056.pf
          0.0s C:\FRST\Quarantine\C\Temp\Temp\{A61AC8E0-9E20-4BEF-9C72-3F7D3F1CA166}.dll

   C:\FRST\Quarantine\C\Temp\Temp\{AE1F3ABC-E565-4591-890A-EF20248FBFC9}.dll
      Size . . . . . . . : 553 184 bytes
      Age  . . . . . . . : 0.5 days (2015-12-20 12:17:25)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : 5F8C343E46549C69415346E52D2BB8AE7419773AF7E7072B83021078936B57E7
      Version  . . . . . : 1.0.5831.40734
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Adware.BrowseFox.1
      Fuzzy  . . . . . . : 98.0
      Forensic Cluster
         -31.0s C:\FRST\Quarantine\C\Temp\Temp\fb058f53-bc05-48ee-983d-9fc9d63f1aae.json
         -14.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\03\9E333FC6C8830F07.dat
         -13.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\30\C3EBE1BDC6E51C1A.dat
         -13.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\33\65303898B995DE69.dat
         -12.6s C:\FRST\Quarantine\C\Temp\Temp\tmp95C.tmp
         -11.0s C:\Windows\System32\LogFiles\Scm\10a2a822-dfaf-40e9-9961-012099607c62
         -6.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\78\EFD5B02E729A01E6.dat
         -6.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\20\A200F8AD88923AFC.dat
          0.0s C:\FRST\Quarantine\C\Temp\Temp\{AE1F3ABC-E565-4591-890A-EF20248FBFC9}.dll
          5.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\03\288B9C18FF362963.dat

   C:\FRST\Quarantine\C\Temp\Temp\{BC5BFD76-BED2-4A04-BC08-E71C84BD7107}.dll
      Size . . . . . . . : 556 768 bytes
      Age  . . . . . . . : 0.3 days (2015-12-20 17:45:36)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : FB4412E0D5E12604B6C89A8A68126786A06AC4868A9FE121FD21ADB3A94545F9
      Version  . . . . . : 1.0.5832.6546
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Adware.BrowseFox.1
      Fuzzy  . . . . . . : 98.0
      Forensic Cluster
         -17.7s C:\Windows\Prefetch\CSRSS.EXE-8C04D631.pf
         -17.0s C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{3c77cf0f-63b4-4829-a732-b50679ad90d6}\
         -17.0s C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{3c77cf0f-63b4-4829-a732-b50679ad90d6}\snapshot.etl
         -16.5s C:\Windows\Prefetch\WINLOGON.EXE-8163EECC.pf
         -16.1s C:\Windows\Prefetch\DWM.EXE-AEABE78B.pf
         -16.1s C:\Windows\Prefetch\ATBROKER.EXE-FF58B71D.pf
         -14.5s C:\Windows\Prefetch\ATIECLXX.EXE-19F63085.pf
         -11.1s C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf
         -7.8s C:\Windows\Prefetch\TEAMVIEWER.EXE-381D1066.pf
         -6.2s C:\Windows\Prefetch\USERINIT.EXE-F39AB672.pf
         -5.7s C:\Windows\Prefetch\RAVBG64.EXE-0BA84550.pf
         -4.8s C:\Windows\Prefetch\BOOTSTRAP.EXE-B087E627.pf
          0.0s C:\FRST\Quarantine\C\Temp\Temp\{BC5BFD76-BED2-4A04-BC08-E71C84BD7107}.dll
          1.3s C:\Users\Svetlichka\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-934708141-2903372314-3187024128-1001\ac65531e506649b9d3c755d290217469_7ea157f0-e55d-4fe6-b5a8-aff7d480c517
          2.9s C:\Windows\Prefetch\TV_W32.EXE-0B96649A.pf
          2.9s C:\Windows\Prefetch\TV_X64.EXE-E398BC90.pf
          3.8s C:\Users\Svetlichka\AppData\LocalLow\uTorrent\
          3.8s C:\Users\Svetlichka\AppData\LocalLow\uTorrent\uTorrent_4684_002EF018_1011318942
          4.0s C:\Users\Svetlichka\AppData\LocalLow\uTorrent\uTorrent_4684_002EE780_1575700261
          5.5s C:\Users\Svetlichka\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4CB4DDEFFD68D5306BA7E9163A2CC0C6
          5.5s C:\Users\Svetlichka\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4CB4DDEFFD68D5306BA7E9163A2CC0C6
          6.0s C:\Windows\Prefetch\ISMAGENT.EXE-486EC459.pf
          6.1s C:\Windows\Prefetch\RUNONCE.EXE-21038459.pf
          6.4s C:\Windows\Prefetch\RAVCPL64.EXE-61B16716.pf
          6.9s C:\FRST\Quarantine\C\Temp\Temp\34165f3b-e0d2-40f8-9211-2487f43683ee.json
          7.7s C:\Windows\Prefetch\MOBSYNC.EXE-D8BC6ED2.pf
         35.1s C:\Windows\Prefetch\RUNTIMEBROKER.EXE-A02FF048.pf
         38.3s C:\Windows\Prefetch\UPDATER.EXE-2B61A9D6.pf

   C:\FRST\Quarantine\C\Temp\Temp\{F73907D6-E165-4C0C-9240-A2EC2B5570F4}.dll
      Size . . . . . . . : 553 184 bytes
      Age  . . . . . . . : 0.5 days (2015-12-20 12:12:08)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : 5F8C343E46549C69415346E52D2BB8AE7419773AF7E7072B83021078936B57E7
      Version  . . . . . : 1.0.5831.40734
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Adware.BrowseFox.1
      Fuzzy  . . . . . . : 98.0

   C:\ProgramData\KMSAutoS\bin\KMSSS.exe
      Size . . . . . . . : 304 760 bytes
      Age  . . . . . . . : 4.2 days (2015-12-16 19:33:47)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : 4C8C3BED3D9E8F48800065E4AC024AEF237861AAA37443D4B00B98569D83AEEA
      Product  . . . . . : KMS Server Emulator Service (XP)
      Publisher  . . . . : MDL Forum, mod by Ratiborus
      Description  . . . : KMS Server Emulator Service (XP)
      Version  . . . . . : 1.2.1.0
      Copyright  . . . . : MDL Forum, mod by Ratiborus
      RSA Key Size . . . : 1024
      LanguageID . . . . : 1033
      Authenticode . . . : Self-signed
    > Bitdefender  . . . : Trojan.GenericKD.2875703
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -1.0s C:\ProgramData\KMSAutoS\
         -0.4s C:\ProgramData\KMSAutoS\bin\
          0.0s C:\ProgramData\KMSAutoS\bin\KMSSS.exe
          0.0s C:\ProgramData\KMSAutoS\bin\TunMirror2.exe
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\ptun0901.cat
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\OemVista.inf
          0.4s C:\ProgramData\KMSAutoS\bin\driver\
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.cat
          0.4s C:\ProgramData\KMSAutoS\bin\driver\oas_sert.cer
          0.4s C:\ProgramData\KMSAutoS\bin\driver\tap0901.cer
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.inf
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.inf
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\devcon.exe
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\ptun0901.sys
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\devcon.exe
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WdfCoInstaller01009.dll
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.dll
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.sys
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.sys
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\FakeClient.exe
          0.5s C:\ProgramData\KMSAutoS\KMSAuto Net.exe
          0.5s C:\ProgramData\KMSAutoS\kmsauto.ini
          0.6s C:\Windows\System32\Tasks\KMSAutoNet


Suspicious files ____________________________________________________________

   C:\Users\Svetlichka\AppData\Roaming\uTorrent\uTorrent.exe
      Size . . . . . . . : 2 026 520 bytes
      Age  . . . . . . . : 258.2 days (2015-04-06 19:05:34)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 22FF84541E3FA15150E95658010EBD09BD928EA64903D14ADC5FEA8FE7B8ADA3
      Product  . . . . . : µTorrent
      Publisher  . . . . : BitTorrent Inc.
      Description  . . . : µTorrent
      Version  . . . . . : 3.4.5.41372
      Copyright  . . . . : ©2015 BitTorrent, Inc. All Rights Reserved.
      RSA Key Size . . . : 2048
      Parent Name  . . . : C:\Windows\Explorer.EXE
      LanguageID . . . . : 1033
      Authenticode . . . : Self-signed
      Running processes  : 4644
      Fuzzy  . . . . . . : 26.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Program is code self-signed.
         This program is actively listening for inbound network connections.
         Uses the Windows Registry to run each time the user logs on.
         Program starts automatically without user intervention.
         The file is in use by one or more active processes.
      Startup
         HKU\S-1-5-21-934708141-2903372314-3187024128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uTorrent
      References
         C:\Users\Svetlichka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
         C:\Users\Svetlichka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torrent\µTorrent.lnk
      Network Ports
         0.0.0.0:61769    
         127.0.0.1:10000    


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Wow6432Node\Systweak\ (AdvSysProtector)
   HKLM\SYSTEM\ControlSet001\Services\EventLog\Application\RndService\ (Amonetize)
   HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\RndService\ (Amonetize)
   HKU\S-1-5-21-934708141-2903372314-3187024128-1001\Software\systweak\ (AdvSysProtector)

Cookies _____________________________________________________________________

   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\2M0K1OZ2.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\33TA5IYM.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\3NA1AOIX.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\78UUNG78.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\C0B1ZLRF.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\DQWK2ETF.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\GTA871RW.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\H12ISTZJ.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\I1932SIT.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\IACIN6Z6.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\JL48E8GT.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\JOHH3W23.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\MA5L0HJM.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\O40T03NT.txt
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:adform.net
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:adnxs.com
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:ads.bg-mamma.com
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:ads.kaldata.com
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:adx.adform.net
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:bs.serving-sys.com
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:dmp.adform.net
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:doubleclick.net
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:imrworldwide.com
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:serving-sys.com
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:smartadserver.com
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:turn.com


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Липсва само лог файла от Malwarebytes Anti-Malware. Вместо него сте публикували fixlog.txt.

Нека да видя и него и ще ви дам финални наставления. :)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 2 часа, B-boy/StyLe/ написа:

От My Computer => Tools => Folder Options => View:

Сложете отметка пред "Show hidden files, folders and drives"

и махнете отметката пред "Hide protected operating system files (recommended)".

Натиснете Apply.

Сега проверете за лог файла в папката C:\Programdata\HitmanPro\Logs и го прикачете в следващия си коментар. :)

Папките са ми открити, така видях, че е в настройките, но такъв файл нямаше

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 19 часа, B-boy/StyLe/ написа:

Но вие цитирате инструкциите за HitmanPro, за който вече сте дали лог...липсва лог от стъпка 3. :)

Програмата ми е на български, а Вие сте ми дали инструкции на английски и може би затова така се е получило :(

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ами просто стартирайте програмата и отидете на Сканиране и изберете Сканиране на заплахи. След като проверката приключи натиснете Приложи действията. След това отидете до табът Хронология => Дневници => отворете лог файла (Scan Log, не Protection Log) и копирайте съдържанието му в следващия си коментар.

За повече информация вижте тук на български - сайта на колегата ни tigertron => http://tigertron.free.bg/mbam.htm

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Извинявам се за забавянето, но имах работа днес :)

Malwarebytes Anti-Malware
www.malwarebytes.org

Дата на сканиране: 22.12.2015 г.
Час на сканиране: 22:01
Дневник: Scan Log 1.txt
Администратор: Да

Версия: 2.2.0.1024
База от данни за злонамерен софтуер: v2015.12.22.06
База от данни за рууткити: v2015.12.18.01
Лиценз: Безплатен
Защита от злонамерен софтуер: Забранено
Защита от злонамерени страници: Забранено
Самозащита: Забранено

ОС: Windows 8.1
Процесор: x64
Файлова система: NTFS
Потребител: Svetlichka

Тип сканиране: Сканиране за заплахи
Резултат: Завършено
Сканиране обекти: 339462
Изминало време: 28 мин. 31 сек.

Памет: Разрешено
Начално стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
Рууткити: Разрешено
Дълбоко сканиране за рууткити: Разрешено
Евристика: Разрешено
ПНП: Разрешено
ПНИ: Разрешено

Процеси: 0
(Не бяха открити злонамерени обекти)

Модули: 0
(Не бяха открити злонамерени обекти)

Ключове в системния регистър: 0
(Не бяха открити злонамерени обекти)

Стойности в системния регистър: 0
(Не бяха открити злонамерени обекти)

Данни в системния регистър: 0
(Не бяха открити злонамерени обекти)

Папки: 0
(Не бяха открити злонамерени обекти)

Файлове: 0
(Не бяха открити злонамерени обекти)

Физически сектори: 0
(Не бяха открити злонамерени обекти)


(end)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ето и последната стъпка:

След това изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

След това вижте финалните ми инструкции тук.

Поздрави и приятни почивни дни! :despicable-me-2-minion-4:

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Svetlichka (2015-12-23 00:24:19) Run:3
Running from D:\Documents\Desktop
Loaded Profiles: Svetlichka (Available Profiles: Svetlichka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Systweak
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\RndService
DeleteKey: HKU\S-1-5-21-934708141-2903372314-3187024128-1001\Software\systweak
end
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Wow6432Node\Systweak => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\RndService => key removed successfully
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\Software\systweak => key removed successfully

==== End of Fixlog 00:24:38 ====

Изпълних всичко до инсталирането на CryptoPrevent и доколкото разбрах това е достатъчно от обяснението :)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 39 минути, youandi написа:

Изпълних всичко до инсталирането на CryptoPrevent и доколкото разбрах това е достатъчно от обяснението :)

Всеки преценява сам за себе си до къде да изпълни инструкциите според нуждите и способностите си. :)

Поздрави и весело посрещане на празниците! christmas-carols-smiley-emoticon.gif.60b

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 14 минути, B-boy/StyLe/ написа:

Всеки преценява сам за себе си до къде да изпълни инструкциите според нуждите и способностите си. :)

Поздрави и весело посрещане на празниците! christmas-carols-smiley-emoticon.gif.60b

 

Благодаря за всичко и весело посрещане на празниците и на вас :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от d1cho
      Привет преди два дни ми изпищя windows defender-a и антивируснта програма,пише, че гадината е Trojan:Win32/Killav.DR. Компютрите са в мрежа, единя е с vista business 64 bit, a другия с windows 10 32bit. Този с vistata не ми да ва да включа защитната стена и да инсталриам антивирусна. Мъчих компютъра с windows 10 с различни антивирусни понеже ми позволява да инсталриам,но само ги слага под карантина,а мен ме е страх да ги трия понеже имаме софтуер за работа и ме тревожи да не би да повредя нещо и да замине информацията.
      Моля за съдействие, понеже е почти невъзможно да се работи на компютрите.
      Ето тоша ми е от лог файла на компѝтъра с вистата FRST.txt
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
      Ran by DBPROTOOLS (administrator) on DBPROTOOLS-PC (17-08-2018 10:17:44)
      Running from C:\Users\DBPROTOOLS\Desktop
      Loaded Profiles: DBPROTOOLS (Available Profiles: DBPROTOOLS)
      Platform: Windows Vista (TM) Business Service Pack 2 (X64) Language: English (United States)
      Internet Explorer Version 7 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      () C:\Windows\zqmeyojeujuakpbxqoc.exe
      (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
      () C:\Users\DBPROTOOLS\AppData\Local\Temp\zeoucgp.exe
      () C:\Users\DBPROTOOLS\AppData\Local\Temp\zeoucgp.exe
      (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
      (Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
      HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-23] (Brother Industries, Ltd.)
      HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.)
      HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.)
      HKLM-x32\...\Run: [mqzelo] => C:\Windows\fuoewkdwkxgksvfzq.exe [503808 2018-08-17] ()
      HKLM-x32\...\Run: [qapanwkyhpts] => C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe [503808 2018-08-16] () <==== ATTENTION
      HKLM-x32\...\RunOnce: [zeoucgp] => mebupgcypfryjpcztshe.exe .
      HKLM-x32\...\RunOnce: [tcqamuhucjm] => C:\Users\DBPROTOOLS\AppData\Local\Temp\zqmeyojeujuakpbxqoc.exe . [503808 2018-08-16] () <==== ATTENTION
      HKLM\...\Policies\Explorer\Run: [oufmvaku] => C:\Windows\zqmeyojeujuakpbxqoc.exe [503808 2018-08-16] ()
      HKLM\...\Policies\Explorer\Run: [bemqw] => C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe [503808 2018-08-16] ()
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\Run: [fmygqwhsy] => C:\Windows\oezqjysmbpzenrcxpm.exe [503808 2018-08-17] ()
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\Run: [mqzelo] => C:\Users\DBPROTOOLS\AppData\Local\Temp\ymfulyqivhpszbkd.exe [503808 2018-08-16] () <==== ATTENTION
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\RunOnce: [ygtcnugszf] => fuoewkdwkxgksvfzq.exe .
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\RunOnce: [zeoucgp] => C:\Users\DBPROTOOLS\AppData\Local\Temp\oezqjysmbpzenrcxpm.exe . [503808 2018-08-16] () <==== ATTENTION
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\Policies\system: [DisableRegistryTools] 1
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\MountPoints2: {175dbd82-9a45-11e8-861a-0019990d7d87} - E:\tyquftktfbz.bat
      HKU\S-1-5-21-3181692578-1277306937-1901717452-1000\...\MountPoints2: {1b56a57f-9a44-11e8-a149-8748c642f7d2} - E:\setup.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
      Tcpip\..\Interfaces\{16F65250-913D-4F56-B2DA-49AF5C765191}: [DhcpNameServer] 192.168.0.1 192.168.0.1
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      SearchScopes: HKU\S-1-5-21-3181692578-1277306937-1901717452-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-04-11] (Microsoft Corporation)
      Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-04-11] (Microsoft Corporation)
      Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-04-11] (Microsoft Corporation)
      Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-04-11] (Microsoft Corporation)
      FireFox:
      ========
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-06] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-06] (Google Inc.)
      Chrome: 
      =======
      CHR Profile: C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default [2018-08-17]
      CHR Extension: (Slides) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-07]
      CHR Extension: (Docs) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-07]
      CHR Extension: (Google Drive) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-07]
      CHR Extension: (YouTube) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-07]
      CHR Extension: (Sheets) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-07]
      CHR Extension: (Google Docs Offline) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-07]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-07]
      CHR Extension: (Gmail) - C:\Users\DBPROTOOLS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-07]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
      S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
      S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
      S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-17 10:17 - 2018-08-17 10:18 - 000008964 _____ C:\Users\DBPROTOOLS\Desktop\FRST.txt
      2018-08-17 10:16 - 2018-08-17 10:17 - 000000000 ____D C:\FRST
      2018-08-17 10:15 - 2018-08-17 10:15 - 002412544 _____ (Farbar) C:\Users\DBPROTOOLS\Desktop\FRST64.exe
      2018-08-17 09:35 - 2018-08-17 09:36 - 046625016 _____ (Microsoft Corporation) C:\Users\DBPROTOOLS\Downloads\Windows-KB890830-x64-V5.63.exe
      2018-08-16 12:03 - 2018-08-16 12:03 - 000000000 ____D C:\ProgramData\AVG
      2018-08-16 12:02 - 2018-08-16 11:36 - 007460520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\DBPROTOOLS\Desktop\avg_antivirus_free_setup.exe
      2018-08-15 16:13 - 2018-08-15 16:33 - 000038147 _____ C:\Users\DBPROTOOLS\Documents\ПРОТОКОЛ КОНСИГНАЦИЯ.odt
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H C:\Windows\SysWOW64\dacaawxyupgsitlnmqkmj.vgd
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H C:\Windows\dacaawxyupgsitlnmqkmj.vgd
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H C:\Program Files (x86)\dacaawxyupgsitlnmqkmj.vgd
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\ymfulyqivhpszbkd.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\smlgdwusldranvkjfgxwqy.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\oezqjysmbpzenrcxpm.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\mebupgcypfryjpcztshe.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\fuoewkdwkxgksvfzq.exe
      2018-08-15 10:03 - 2018-08-17 10:16 - 000503808 __RSH C:\Windows\busmiaxumdqykrfdyyomf.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\zqmeyojeujuakpbxqoc.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\zqmeyojeujuakpbxqoc.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\ymfulyqivhpszbkd.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\smlgdwusldranvkjfgxwqy.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\oezqjysmbpzenrcxpm.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\mebupgcypfryjpcztshe.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH C:\Windows\SysWOW64\fuoewkdwkxgksvfzq.exe
      2018-08-15 10:03 - 2018-08-15 10:03 - 000503808 __RSH C:\Windows\SysWOW64\busmiaxumdqykrfdyyomf.exe
      2018-08-08 19:55 - 2018-08-08 19:55 - 000000586 _____ C:\Users\DBPROTOOLS\Desktop\control8.lnk
      2018-08-08 19:53 - 2018-08-08 19:54 - 000000586 _____ C:\Users\DBPROTOOLS\Desktop\control7.lnk
      2018-08-08 10:50 - 2018-08-08 10:51 - 000000000 ___HD C:\Program Files (x86)\Temp
      2018-08-08 10:49 - 2018-08-08 10:49 - 020227746 _____ C:\Users\DBPROTOOLS\Downloads\FTS_RealtekHDAudio_6015911_1039707.zip
      2018-08-08 10:36 - 2018-08-08 10:36 - 000529696 _____ (Fujitsu) C:\Users\DBPROTOOLS\Downloads\AutoDetect_CR.exe
      2018-08-08 10:19 - 2018-08-08 10:19 - 000870768 _____ (PDFLogic Corporation ) C:\Users\DBPROTOOLS\Downloads\pdfvista.exe
      2018-08-08 10:14 - 2018-08-08 10:14 - 000127389 _____ C:\Users\DBPROTOOLS\Downloads\received_1656658347796650.jpeg
      2018-08-08 09:51 - 2018-08-08 09:51 - 000131068 _____ C:\Users\DBPROTOOLS\Downloads\ACFrOgD5qMx8urBDsFoSA7F_JPxuDeiEhFOgmeQLIU44kuc2fxOLoZfY-xq9ebf1sM-mw4X0coR12Y2kOz69foLufsDyMtHGIiFwi_Ya2E4BRTKHCOlw-VxJoiTp7S8=
      2018-08-08 09:41 - 2018-08-08 09:41 - 000949332 _____ (Vivid Document Imaging Technologies ) C:\Users\DBPROTOOLS\Downloads\PDFViewerSetup (1).exe
      2018-08-08 09:40 - 2018-08-16 12:03 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\YcanPDF
      2018-08-08 09:39 - 2018-08-08 09:39 - 003451040 _____ (PDFZilla, Inc. ) C:\Users\DBPROTOOLS\Downloads\freepdfreader.exe
      2018-08-07 17:15 - 2018-08-07 17:15 - 000008192 ___RS C:\BOOTSECT.BAK
      2018-08-07 17:15 - 2018-08-07 16:22 - 000000000 ____D C:\Windows\Panther
      2018-08-07 17:15 - 2009-04-11 19:22 - 000333257 __RSH C:\bootmgr
      2018-08-07 16:21 - 2018-08-07 16:21 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_00_00.Wdf
      2018-08-07 16:18 - 2018-08-07 16:18 - 000000000 ____D C:\Windows\CSC
      2018-08-07 12:34 - 2018-08-07 12:34 - 000044749 _____ C:\Users\DBPROTOOLS\Downloads\logo_db_protools.pdf
      2018-08-07 12:29 - 2018-08-07 12:29 - 001207800 _____ (Adobe Systems Incorporated) C:\Users\DBPROTOOLS\Downloads\readerdc_en_ha_install.exe
      2018-08-07 12:27 - 2018-08-07 12:27 - 000949332 _____ (Vivid Document Imaging Technologies ) C:\Users\DBPROTOOLS\Downloads\PDFViewerSetup.exe
      2018-08-07 12:22 - 2018-08-07 12:22 - 000004088 ____H C:\Users\DBPROTOOLS\AppData\Local\ygtcnugszfhefberbqviqmyucpyjqcov.dab
      2018-08-07 12:20 - 2018-08-17 10:18 - 000000272 ____H C:\Users\DBPROTOOLS\AppData\Local\dacaawxyupgsitlnmqkmj.vgd
      2018-08-07 12:19 - 2018-08-07 12:19 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\Оферти Доставчици
      2018-08-07 12:16 - 2018-08-07 12:16 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\ControlCenter4
      2018-08-07 12:13 - 2018-08-07 12:13 - 000001975 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
      2018-08-07 12:13 - 2018-08-07 12:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\ProgramData\ControlCenter4
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\ControlCenter4
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\BrownyInd
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\Browny02
      2018-08-07 12:11 - 2018-08-07 12:11 - 000000000 ____D C:\Brother
      2018-08-07 12:11 - 2012-12-14 04:31 - 000180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000113744 _____ (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE
      2018-08-07 12:11 - 2012-12-14 04:31 - 000077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000045056 _____ C:\Windows\SysWOW64\BRTCPCON.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
      2018-08-07 12:11 - 2012-12-14 04:31 - 000000114 _____ C:\Windows\SysWOW64\BRLMW03A.INI
      2018-08-07 12:11 - 2012-12-14 04:29 - 000000050 _____ C:\Windows\system32\BRADM12A.DAT
      2018-08-07 12:11 - 2012-12-13 19:00 - 000226816 _____ (Brother Industries, Ltd.) C:\Windows\system32\BRCOM12A.DLL
      2018-08-07 12:11 - 2012-10-19 15:07 - 001441792 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrWi212c.dll
      2018-08-07 12:11 - 2012-10-19 15:03 - 000054272 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrUsi12c.dll
      2018-08-07 12:11 - 2012-07-06 13:56 - 000012800 _____ (Brother Industries Ltd.) C:\Windows\system32\BrCiImg.dll
      2018-08-07 12:11 - 2011-09-08 12:36 - 000279040 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrJDec.dll
      2018-08-07 12:10 - 2018-08-07 12:11 - 000000000 ____D C:\Program Files (x86)\Brother
      2018-08-07 12:10 - 2018-08-07 12:10 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
      2018-08-07 12:10 - 2012-11-02 18:15 - 000245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
      2018-08-07 12:10 - 2012-02-02 11:21 - 000002560 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
      2018-08-07 12:10 - 2010-03-15 19:45 - 000073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
      2018-08-07 12:10 - 2007-12-13 22:16 - 000005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
      2018-08-07 12:09 - 2018-08-07 12:13 - 000000000 ____D C:\ProgramData\Brother
      2018-08-07 12:09 - 2018-08-07 12:09 - 000000000 ____D C:\Users\DBPROTOOLS\Downloads\install
      2018-08-07 12:08 - 2018-08-07 12:08 - 141297272 _____ (A.I.SOFT,INC.) C:\Users\DBPROTOOLS\Downloads\DCP-1510-inst-A1-eeu.EXE
      2018-08-07 10:22 - 2018-08-07 10:22 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\OpenOffice
      2018-08-07 10:12 - 2018-08-07 10:12 - 000000985 _____ C:\Users\Public\Desktop\OpenOffice 4.1.5.lnk
      2018-08-07 10:12 - 2018-08-07 10:12 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.5
      2018-08-07 10:12 - 2018-08-07 10:12 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
      2018-08-07 09:45 - 2018-08-07 09:46 - 000456080 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI22E4.txt
      2018-08-07 09:45 - 2018-08-07 09:46 - 000011632 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI22E4.txt
      2018-08-07 09:44 - 2018-08-07 09:45 - 000452836 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI223D.txt
      2018-08-07 09:44 - 2018-08-07 09:45 - 000011616 _____ C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI223D.txt
      2018-08-07 09:44 - 2018-08-07 09:44 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\OpenOffice 4.1.5 (bg) Installation Files
      2018-08-07 09:40 - 2018-08-07 09:40 - 013057882 _____ C:\Users\DBPROTOOLS\Downloads\Apache_OpenOffice_4.1.5_Win_x86_langpack_bg.exe
      2018-08-07 09:40 - 2018-08-07 09:40 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\OpenOffice 4.1.5 Language Pack (Bulgarian) Installation Files
      2018-08-07 09:39 - 2018-08-07 09:40 - 129515834 _____ C:\Users\DBPROTOOLS\Downloads\Apache_OpenOffice_4.1.5_Win_x86_install_bg.exe
      2018-08-07 09:34 - 2018-08-07 09:34 - 000000000 ____D C:\Users\DBPROTOOLS\Desktop\Нова папка
      2018-08-07 09:34 - 2013-06-28 14:49 - 001732096 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athurx.sys
      2018-08-07 09:31 - 2018-08-07 09:32 - 245571584 _____ C:\Users\DBPROTOOLS\Downloads\LibreOffice_5.4.7_Win_x64.msi
      2018-08-07 07:22 - 2018-08-08 09:45 - 000054608 _____ C:\Users\DBPROTOOLS\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-08-07 07:22 - 2018-08-07 07:22 - 000000979 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2018-08-07 07:22 - 2018-08-07 07:22 - 000000974 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
      2018-08-07 07:22 - 2018-08-07 07:22 - 000000949 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
      2018-08-07 07:21 - 2018-08-16 17:01 - 000000732 _____ C:\Users\DBPROTOOLS\AppData\Local\d3d9caps64.dat
      2018-08-07 07:21 - 2018-08-10 15:00 - 000000000 ____D C:\Users\DBPROTOOLS
      2018-08-07 07:21 - 2018-08-07 12:20 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\VirtualStore
      2018-08-07 07:21 - 2018-08-07 07:22 - 000000915 _____ C:\Users\DBPROTOOLS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
      2018-08-07 07:21 - 2018-08-07 07:21 - 000000020 ___SH C:\Users\DBPROTOOLS\ntuser.ini
      2018-08-07 00:53 - 2018-08-16 17:02 - 000000680 _____ C:\Users\DBPROTOOLS\AppData\Local\d3d9caps.dat
      2018-08-07 00:52 - 2018-08-16 17:01 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-08-07 00:52 - 2018-08-15 06:17 - 000000882 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
      2018-08-07 00:52 - 2018-08-15 06:17 - 000000870 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
      2018-08-07 00:52 - 2018-08-07 00:52 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Roaming\TeamViewer
      2018-08-07 00:51 - 2018-08-07 00:51 - 020688888 _____ (TeamViewer GmbH) C:\Users\DBPROTOOLS\Downloads\TeamViewer_Setup.exe
      2018-08-07 00:47 - 2018-08-07 00:47 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-08-07 00:47 - 2018-08-07 00:47 - 000002025 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\Google
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\Deployment
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\Apps\2.0
      2018-08-07 00:47 - 2018-08-07 00:47 - 000000000 ____D C:\Program Files (x86)\Google
      2018-08-07 00:47 - 2018-08-06 16:30 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2018-08-07 00:47 - 2018-08-06 16:30 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2018-08-06 19:35 - 2018-08-06 19:35 - 000000000 ____D C:\Users\DBPROTOOLS\AppData\Local\TeamViewer
      2018-08-06 16:30 - 2018-08-06 16:30 - 000000693 _____ C:\Users\DBPROTOOLS\Desktop\Downloads - Shortcut.lnk
      2018-08-06 16:29 - 2018-08-06 16:29 - 000000000 ____D C:\Program Files (x86)\GUM4368.tmp
      2018-08-06 14:37 - 2018-08-06 14:38 - 274317312 _____ C:\Users\DBPROTOOLS\Downloads\LibreOffice_6.0.6_Win_x64.msi
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-17 09:01 - 2006-11-02 18:20 - 000005024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
      2018-08-17 09:01 - 2006-11-02 18:20 - 000005024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
      2018-08-16 17:08 - 2006-11-02 16:33 - 000000000 ____D C:\Windows\inf
      2018-08-16 17:08 - 2006-11-02 15:46 - 000690960 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-08-16 17:01 - 2006-11-02 18:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-08-16 14:51 - 2006-11-02 18:38 - 000011762 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2018-08-08 09:44 - 2006-11-02 18:20 - 000256016 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-08-07 17:15 - 2006-11-02 18:05 - 000262144 _____ C:\Windows\system32\config\BCD-Template
      2018-08-07 09:44 - 2006-11-02 16:33 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
      2018-08-07 09:43 - 2006-11-02 16:34 - 000000000 ____D C:\Windows\system32\NDF
      2018-08-07 07:21 - 2006-11-02 16:33 - 000000000 ____D C:\Windows\rescache
      ==================== Files in the root of some directories =======
      2018-08-15 10:04 - 2018-08-17 10:18 - 000000272 ____H () C:\Program Files (x86)\dacaawxyupgsitlnmqkmj.vgd
      2018-08-07 00:53 - 2018-08-16 17:02 - 000000680 _____ () C:\Users\DBPROTOOLS\AppData\Local\d3d9caps.dat
      2018-08-07 07:21 - 2018-08-16 17:01 - 000000732 _____ () C:\Users\DBPROTOOLS\AppData\Local\d3d9caps64.dat
      2018-08-07 12:20 - 2018-08-17 10:18 - 000000272 ____H () C:\Users\DBPROTOOLS\AppData\Local\dacaawxyupgsitlnmqkmj.vgd
      2018-08-07 09:44 - 2018-08-07 09:45 - 000452836 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI223D.txt
      2018-08-07 09:45 - 2018-08-07 09:46 - 000456080 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistMSI22E4.txt
      2018-08-07 09:44 - 2018-08-07 09:45 - 000011616 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI223D.txt
      2018-08-07 09:45 - 2018-08-07 09:46 - 000011632 _____ () C:\Users\DBPROTOOLS\AppData\Local\dd_vcredistUI22E4.txt
      2018-08-07 12:22 - 2018-08-07 12:22 - 000004088 ____H () C:\Users\DBPROTOOLS\AppData\Local\ygtcnugszfhefberbqviqmyucpyjqcov.dab
      Files to move or delete:
      ====================
      C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe
      C:\Users\DBPROTOOLS\AppData\Local\Temp\zqmeyojeujuakpbxqoc.exe .
      C:\Users\DBPROTOOLS\AppData\Local\Temp\ymfulyqivhpszbkd.exe
      C:\Users\DBPROTOOLS\AppData\Local\Temp\oezqjysmbpzenrcxpm.exe .

      Some files in TEMP:
      ====================
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\busmiaxumdqykrfdyyomf.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\fuoewkdwkxgksvfzq.exe
      2018-08-07 12:20 - 2018-08-07 12:20 - 000327680 _____ () C:\Users\DBPROTOOLS\AppData\Local\Temp\gegdhvgwcqz.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\mebupgcypfryjpcztshe.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\oezqjysmbpzenrcxpm.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\smlgdwusldranvkjfgxwqy.exe
      2018-08-15 10:03 - 2018-08-16 17:01 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\ymfulyqivhpszbkd.exe
      2018-08-07 12:20 - 2018-08-07 12:20 - 000708608 _____ () C:\Users\DBPROTOOLS\AppData\Local\Temp\zeoucgp.exe
      2018-08-15 10:03 - 2018-08-16 17:02 - 000503808 __RSH () C:\Users\DBPROTOOLS\AppData\Local\Temp\zqmeyojeujuakpbxqoc.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-08-17 05:08
      ==================== End of FRST.txt ============================
      Addition.txt
    • от v3cko
      malwarbytes засече троянец и други гадинки
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.08.2018
      Ran by BECKO (administrator) on BECKO-PC (12-08-2018 08:46:39)
      Running from C:\Users\BECKO\Downloads
      Loaded Profiles: BECKO (Available Profiles: BECKO)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Английски (Съединени щати)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
      (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
      (Microsoft Corporation) C:\Windows\System32\rundll32.exe
      (Intel Corporation) C:\Windows\System32\igfxtray.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
      (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
      (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2018-08-11] (Synaptics Incorporated)
      HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\...\Run: [Chromium] => "c:\users\becko\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{4447F6FC-1164-470A-9CC4-84A798333B40}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{566E0D37-D76E-44FA-984D-4A40BF15E2B7}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe
      FireFox:
      ========
      FF ProfilePath: C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default [2018-08-12]
      FF user.js: detected! => C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default\user.js [2006-04-06]
      FF Homepage: K-Meleon\ignaeef5.default -> google.bg
      FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-08-11] ()
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.)
      Chrome: 
      =======
      CHR HomePage: Default -> hxxp://google.bg/
      CHR StartupUrls: Default -> "hxxps://www.google.bg/"
      CHR Profile: C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default [2018-08-12]
      CHR Extension: (Презентации) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-11]
      CHR Extension: (Документи) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-11]
      CHR Extension: (Google Диск) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-11]
      CHR Extension: (YouTube) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-11]
      CHR Extension: (Adblock Plus) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-08-11]
      CHR Extension: (Таблици) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-11]
      CHR Extension: (Google Документи офлайн) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-11]
      CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-08-11]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-11]
      CHR Extension: (Gmail) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-11]
      CHR Extension: (Chrome Media Router) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-11]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1680088 2018-08-11] (Broadcom Corporation.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
      R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [175320 2018-08-11] (Broadcom Corporation.)
      S3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [144600 2018-08-11] (Broadcom Corporation.)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-06-19] (Malwarebytes)
      S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [38224 2018-08-11] ()
      R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2018-08-11] (Intel Corporation)
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2018-08-11] (Intel Corporation)
      R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [44800 2018-08-11] (Infineon Technologies AG)
      R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2018-08-11] (Windows (R) Codename Longhorn DDK provider)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [165608 2018-08-11] (Malwarebytes)
      R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [95488 2018-08-12] (Malwarebytes)
      R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [42728 2018-08-12] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-08-12] (Malwarebytes)
      R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [73336 2018-08-12] (Malwarebytes)
      R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7523840 2018-08-11] (Intel Corporation)
      R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [7424 2018-08-11] ()
      R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2018-08-12] (Zemana Ltd.)
      R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2018-08-12] (Zemana Ltd.)
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-12 08:46 - 2018-08-12 08:47 - 000008916 _____ C:\Users\BECKO\Downloads\FRST.txt
      2018-08-12 08:46 - 2018-08-12 08:46 - 000000000 ____D C:\FRST
      2018-08-12 08:44 - 2018-08-12 08:44 - 001773056 _____ (Farbar) C:\Users\BECKO\Downloads\FRST.exe
      2018-08-12 08:08 - 2018-08-12 08:46 - 000032169 _____ C:\Windows\ZAM.krnl.trace
      2018-08-12 08:08 - 2018-08-12 08:46 - 000011705 _____ C:\Windows\ZAM_Guard.krnl.trace
      2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
      2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
      2018-08-12 08:08 - 2018-08-12 08:08 - 000001892 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
      2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
      2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\Program Files\Zemana AntiMalware
      2018-08-12 08:06 - 2018-08-12 08:06 - 000000000 ____D C:\Users\BECKO\AppData\Local\Zemana
      2018-08-12 08:05 - 2018-08-12 08:05 - 006625600 _____ (Zemana Ltd. ) C:\Users\BECKO\Downloads\Zemana.AntiMalware.Setup.exe
      2018-08-12 07:45 - 2018-08-12 07:45 - 007417040 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.2.2.exe
      2018-08-12 07:44 - 2018-08-12 07:45 - 000000000 ____D C:\AdwCleaner
      2018-08-12 07:44 - 2018-08-12 07:44 - 007277776 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.1.1.exe
      2018-08-12 07:12 - 2018-08-12 07:12 - 000000000 ____D C:\Users\BECKO\AppData\Local\CrashDumps
      2018-08-12 06:43 - 2018-08-12 08:36 - 000000000 ____D C:\ProgramData\RogueKiller
      2018-08-12 06:43 - 2018-08-12 08:16 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
      2018-08-12 06:42 - 2018-08-12 06:42 - 000001005 _____ C:\Users\Public\Desktop\RogueKiller.lnk
      2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
      2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\Program Files\RogueKiller
      2018-08-12 06:41 - 2018-08-12 06:41 - 036826200 _____ (Adlice Software ) C:\Users\BECKO\Downloads\RogueKiller_setup.exe
      2018-08-12 06:39 - 2018-08-12 06:39 - 000000000 _____ C:\Users\BECKO\Downloads\RogueKiller.exe
      2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ C:\Users\BECKO\AppData\Roaming\WB.CFG
      2018-08-12 00:38 - 2018-08-11 13:48 - 000000000 ____D C:\Windows\Panther
      2018-08-12 00:32 - 2018-08-12 00:32 - 000000000 ____D C:\Windows.old
      2018-08-12 00:20 - 2018-08-12 00:20 - 000000000 ____D C:\Windows\pss
      2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
      2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____D C:\Program Files\Synaptics
      2018-08-11 22:18 - 2018-08-11 22:18 - 000214312 _____ (Synaptics Incorporated) C:\Windows\system32\SynCtrl.dll
      2018-08-11 22:18 - 2018-08-11 22:18 - 000173352 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
      2018-08-11 22:18 - 2018-08-11 22:18 - 000120104 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo4.dll
      2018-08-11 22:14 - 2018-08-11 22:14 - 000165160 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
      2018-08-11 22:11 - 2018-08-11 22:11 - 001303728 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
      2018-08-11 22:09 - 2018-08-11 22:09 - 000046592 _____ (REDC) C:\Windows\system32\Drivers\risdptsk.sys
      2018-08-11 22:04 - 2018-08-11 22:04 - 000044800 _____ (Infineon Technologies AG) C:\Windows\system32\Drivers\ifxtpm.sys
      2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
      2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____D C:\Program Files\AuthenTec
      2018-08-11 21:54 - 2018-08-11 21:54 - 000000000 ____D C:\Intel
      2018-08-11 21:52 - 2018-08-11 21:53 - 000571904 _____ (Intel Corporation) C:\Windows\system32\igdumdx32.dll
      2018-08-11 21:52 - 2018-08-11 21:52 - 000452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
      2018-08-11 21:51 - 2018-08-11 21:52 - 004411392 _____ (Intel Corporation) C:\Windows\system32\igd10umd32.dll
      2018-08-11 21:48 - 2018-08-11 21:51 - 011405312 _____ (Intel Corporation) C:\Windows\system32\ig4icd32.dll
      2018-08-11 21:48 - 2018-08-11 21:48 - 000004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
      2018-08-11 21:48 - 2018-08-11 21:48 - 000000268 _____ C:\Windows\system32\GfxUI.exe.config
      2018-08-11 21:47 - 2018-08-11 21:48 - 003157784 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
      2018-08-11 21:47 - 2018-08-11 21:47 - 000189552 _____ C:\Windows\system32\Gfxres.th-TH.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000121173 _____ C:\Windows\system32\Gfxres.tr-TR.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000120320 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
      2018-08-11 21:47 - 2018-08-11 21:47 - 000104044 _____ C:\Windows\system32\Gfxres.zh-TW.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000102883 _____ C:\Windows\system32\Gfxres.zh-CN.resources
      2018-08-11 21:46 - 2018-08-11 21:47 - 000119360 _____ C:\Windows\system32\Gfxres.sv-SE.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000178407 _____ C:\Windows\system32\Gfxres.el-GR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000165395 _____ C:\Windows\system32\Gfxres.ru-RU.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000139909 _____ C:\Windows\system32\Gfxres.ar-SA.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000136401 _____ C:\Windows\system32\Gfxres.ja-JP.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000133746 _____ C:\Windows\system32\Gfxres.he-IL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000125558 _____ C:\Windows\system32\Gfxres.it-IT.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000123230 _____ C:\Windows\system32\Gfxres.ko-KR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000122927 _____ C:\Windows\system32\Gfxres.es-ES.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000122709 _____ C:\Windows\system32\Gfxres.de-DE.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000120800 _____ C:\Windows\system32\Gfxres.fr-FR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000120366 _____ C:\Windows\system32\Gfxres.pt-BR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119616 _____ C:\Windows\system32\Gfxres.hu-HU.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119586 _____ C:\Windows\system32\Gfxres.nl-NL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119067 _____ C:\Windows\system32\Gfxres.pt-PT.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118745 _____ C:\Windows\system32\Gfxres.cs-CZ.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118697 _____ C:\Windows\system32\Gfxres.fi-FI.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118409 _____ C:\Windows\system32\Gfxres.pl-PL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118058 _____ C:\Windows\system32\Gfxres.sk-SK.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114852 _____ C:\Windows\system32\Gfxres.nb-NO.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114372 _____ C:\Windows\system32\Gfxres.sl-SI.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114261 _____ C:\Windows\system32\Gfxres.da-DK.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000110214 _____ C:\Windows\system32\Gfxres.en-US.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
      2018-08-11 21:45 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
      2018-08-11 21:43 - 2018-08-11 21:45 - 008198936 _____ (Intel(R) Corporation) C:\Windows\system32\TVWSetup.exe
      2018-08-11 21:43 - 2018-08-11 21:43 - 000261632 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
      2018-08-11 21:43 - 2018-08-11 21:43 - 000179480 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
      2018-08-11 21:43 - 2018-08-11 21:43 - 000023552 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
      2018-08-11 21:42 - 2018-08-11 21:43 - 000172824 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000828928 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000268056 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000228864 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000208896 _____ (Intel Corporation) C:\Windows\system32\iglhsip32.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000195584 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000171288 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000147456 _____ (Intel Corporation) C:\Windows\system32\iglhcp32.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000138008 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000130048 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000115200 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
      2018-08-11 21:42 - 2018-08-11 21:42 - 000095232 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000057856 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
      2018-08-11 21:41 - 2018-08-11 21:42 - 001921265 _____ C:\Windows\system32\iglhxa32.cpa
      2018-08-11 21:41 - 2018-08-11 21:41 - 000439308 _____ C:\Windows\system32\igcompkrng500.bin
      2018-08-11 21:41 - 2018-08-11 21:41 - 000092356 _____ C:\Windows\system32\igfcg500m.bin
      2018-08-11 21:41 - 2018-08-11 21:41 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2555.dll
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060254 _____ C:\Windows\system32\iglhxg32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060226 _____ C:\Windows\system32\iglhxc32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060015 _____ C:\Windows\system32\iglhxo32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000051628 _____ C:\Windows\system32\iglhxs32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000001090 _____ C:\Windows\system32\iglhxa32.vp
      2018-08-11 21:40 - 2018-08-11 21:41 - 000982240 _____ C:\Windows\system32\igkrng500.bin
      2018-08-11 21:37 - 2018-08-11 21:37 - 000017408 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\KMWDFILTER.sys
      2018-08-11 21:36 - 2018-08-11 21:36 - 000007424 _____ () C:\Windows\system32\Drivers\whfltr2k.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000095488 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000073336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000042728 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-08-11 20:30 - 2018-08-11 20:30 - 000165608 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-08-11 20:27 - 2018-08-11 20:28 - 000000000 ____D C:\Users\BECKO\Downloads\windows.loader.v2.2.2
      2018-08-11 20:26 - 2018-08-11 20:26 - 001768154 _____ C:\Users\BECKO\Downloads\windows.loader.v2.2.2.zip
      2018-08-11 19:36 - 2018-08-11 19:36 - 078989872 _____ (Malwarebytes ) C:\Users\BECKO\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6237.exe
      2018-08-11 19:36 - 2018-08-11 19:36 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-08-11 19:36 - 2018-06-19 14:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
      2018-08-11 19:15 - 2018-08-11 19:15 - 000038224 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
      2018-08-11 19:14 - 2018-08-11 19:15 - 000000000 ____D C:\ProgramData\HitmanPro
      2018-08-11 18:56 - 2018-08-12 08:13 - 000001134 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
      2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll
      2018-08-11 18:53 - 2018-08-12 06:28 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\41B13405-F6F9-0E07-41F8-1ED9F82C4739
      2018-08-11 18:52 - 2018-08-11 19:54 - 000000000 ____D C:\ProgramData\McAfee
      2018-08-11 18:51 - 2018-08-12 00:31 - 000000000 ____D C:\Windows\system32\yiuxtdsr
      2018-08-11 18:50 - 2018-08-11 19:43 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Sound Volume Control
      2018-08-11 18:47 - 2018-08-11 18:47 - 000000000 ____D C:\Windows\system32\appmgmt
      2018-08-11 18:28 - 2018-08-11 18:28 - 017142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 011220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 004240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 003969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 003914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-08-11 18:28 - 2018-08-11 18:28 - 002166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-08-11 18:28 - 2018-08-11 18:28 - 001818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
      2018-08-11 18:28 - 2018-08-11 18:28 - 000610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-08-11 18:28 - 2018-08-11 18:28 - 000244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000000000 ____D C:\Users\BECKO\AppData\LocalLow\Temp
      2018-08-11 18:27 - 2018-08-11 18:27 - 001294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-08-11 18:27 - 2018-08-11 18:27 - 000240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-08-11 18:27 - 2018-08-11 18:27 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
      2018-08-11 18:27 - 2018-08-11 18:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 003419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 002284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
      2018-08-11 18:23 - 2018-08-11 18:23 - 001505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
      2018-08-11 18:22 - 2018-08-11 18:22 - 031194832 _____ (Microsoft Corporation) C:\Users\BECKO\Downloads\IE11-Windows6.1-x86-bg-bg.exe
      2018-08-11 17:59 - 2018-08-11 18:02 - 009037312 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys
      2018-08-11 17:57 - 2018-08-11 17:58 - 002760704 _____ (Intel Corporation) C:\Windows\system32\NETwNr32.dll
      2018-08-11 17:57 - 2018-08-11 17:57 - 000684032 _____ (Intel Corporation) C:\Windows\system32\NETwNc32.dll
      2018-08-11 17:55 - 2018-08-11 17:57 - 007523840 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs32.sys
      2018-08-11 17:55 - 2018-08-11 17:55 - 000527344 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
      2018-08-11 17:55 - 2018-08-11 17:55 - 000026096 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
      2018-08-11 17:54 - 2018-08-11 17:54 - 000232664 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1y6232.sys
      2018-08-11 17:54 - 2018-08-11 17:54 - 000121440 _____ (Intel Corporation) C:\Windows\system32\e1000msg.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000081600 _____ (Intel Corporation) C:\Windows\system32\NicInstY.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000028792 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000003313 _____ C:\Windows\system32\e1y6232.din
      2018-08-11 17:53 - 2018-08-11 17:53 - 000144600 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
      2018-08-11 17:53 - 2018-08-11 17:53 - 000060120 _____ (Broadcom Corporation.) C:\Windows\system32\btwdi.dll
      2018-08-11 17:52 - 2018-08-11 17:53 - 001680088 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
      2018-08-11 17:52 - 2018-08-11 17:52 - 001640152 _____ (Broadcom Corporation.) C:\Windows\system32\BcmBtRSupport.dll
      2018-08-11 17:52 - 2018-08-11 17:52 - 000175320 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
      2018-08-11 17:50 - 2018-08-11 17:50 - 000048128 _____ (REDC) C:\Windows\system32\Drivers\rimmptsk.sys
      2018-08-11 17:45 - 2018-08-11 17:45 - 001461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoinstaller01009.dll
      2018-08-11 17:45 - 2018-08-11 17:45 - 000015544 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\CPQBttn.sys
      2018-08-11 17:44 - 2018-08-11 17:44 - 000971752 _____ (AuthenTec, Inc.) C:\Windows\system32\Drivers\ATSwpWDF.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000035896 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\Accelerometer.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000026168 _____ (Hewlett-Packard Company) C:\Windows\system32\hpservice.exe
      2018-08-11 17:42 - 2018-08-11 17:42 - 000025656 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\hpdskflt.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000016952 _____ (Hewlett-Packard Company) C:\Windows\system32\accelerometerdll.DLL
      2018-08-11 17:42 - 2018-08-11 17:42 - 000014392 _____ (Hewlett-Packard Company) C:\Windows\system32\HPMDPCoInst12.dll
      2018-08-11 17:40 - 2018-08-12 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
      2018-08-11 17:39 - 2018-08-11 17:39 - 004107032 _____ (Easeware ) C:\Users\BECKO\Downloads\DriverEasy_Setup.exe
      2018-08-11 16:22 - 2018-08-11 16:22 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Adobe
      2018-08-11 16:21 - 2018-08-11 18:15 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-08-11 16:21 - 2018-08-11 18:15 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Windows\system32\Macromed
      2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Users\BECKO\AppData\Local\Adobe
      2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Macromedia
      2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Local\CEF
      2018-08-11 16:17 - 2018-08-11 17:11 - 000000000 ____D C:\Users\BECKO\AppData\Local\K-Meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Meleon.lnk
      2018-08-11 16:17 - 2018-08-11 16:17 - 000001067 _____ C:\Users\Public\Desktop\K-Meleon.lnk
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\Downloads\k-meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Mozilla
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\K-Meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Program Files\K-Meleon
      2018-08-11 16:14 - 2018-08-11 16:14 - 032875887 _____ (kmeleonbrowser.org) C:\Users\BECKO\Downloads\K-Meleon76RC.exe
      2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
      2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
      2018-08-11 16:04 - 2012-07-26 06:39 - 000526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
      2018-08-11 16:04 - 2012-07-26 06:39 - 000047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
      2018-08-11 16:04 - 2012-07-26 05:46 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
      2018-08-11 16:04 - 2012-06-02 17:34 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
      2018-08-11 14:20 - 2018-07-17 01:02 - 000480888 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      2018-08-11 14:18 - 2018-08-11 14:18 - 000000492 _____ C:\Users\BECKO\Desktop\LFS.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Google
      2018-08-11 14:03 - 2018-08-11 14:18 - 000000000 ____D C:\Users\BECKO\AppData\Local\Google
      2018-08-11 14:03 - 2018-08-11 14:03 - 000000000 ____D C:\Program Files\Google
      2018-08-11 14:02 - 2018-08-11 14:02 - 000057560 _____ C:\Users\BECKO\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-08-11 13:49 - 2018-08-11 13:49 - 000001417 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2018-08-11 13:49 - 2014-05-14 19:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
      2018-08-11 13:49 - 2014-05-14 19:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
      2018-08-11 13:49 - 2014-05-14 19:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
      2018-08-11 13:49 - 2014-05-14 19:17 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
      2018-08-11 13:49 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
      2018-08-11 13:49 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
      2018-08-11 13:48 - 2018-08-12 08:13 - 000000000 ____D C:\Users\BECKO
      2018-08-11 13:48 - 2018-08-11 13:48 - 000000020 ___SH C:\Users\BECKO\ntuser.ini
      2018-08-11 13:48 - 2018-08-11 13:48 - 000000000 ____D C:\Users\BECKO\AppData\Local\VirtualStore
      2018-08-11 13:48 - 2010-11-21 03:46 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Media Center Programs
      2018-08-11 13:43 - 2018-08-11 13:43 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
      2018-08-11 13:42 - 2018-08-11 13:42 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
      2018-08-11 13:41 - 2018-08-11 13:41 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-08-12 07:56 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-08-12 07:56 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-08-12 07:51 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-08-12 00:38 - 2009-07-14 07:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
      2018-08-11 21:57 - 2009-07-14 07:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
      2018-08-11 21:40 - 2009-07-14 01:09 - 004967424 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll
      2018-08-11 18:36 - 2009-07-14 07:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-08-11 18:34 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-08-11 17:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache
      2018-08-11 17:24 - 2010-11-21 03:38 - 000000000 ____D C:\Windows\system32\WCN
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\sysprep
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\oobe
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\migwiz
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\servicing
      2018-08-11 17:23 - 2010-11-21 03:46 - 000000000 ____D C:\Program Files\Windows Journal
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Sidebar
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Defender
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\DVD Maker
      2018-08-11 17:23 - 2009-07-14 05:37 - 000000000 ____D C:\Program Files\Common Files\System
      2018-08-11 14:05 - 2017-10-21 15:53 - 000000000 ____D C:\LFS
      2018-08-11 13:48 - 2009-07-14 05:37 - 000000000 __RHD C:\Users\Public\Libraries
      2018-08-11 13:43 - 2009-07-14 07:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2018-08-11 13:39 - 2010-11-21 03:46 - 000000000 ____D C:\Windows\CSC
      ==================== Files in the root of some directories =======
      2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll
      2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ () C:\Users\BECKO\AppData\Roaming\WB.CFG
      Some files in TEMP:
      ====================
      2018-08-12 06:43 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Local\Temp\dllnt_dump.dll
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-08-11 13:38
      ==================== End of FRST.txt ============================
      Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02.08.2018
      Ran by BECKO (12-08-2018 08:47:38)
      Running from C:\Users\BECKO\Downloads
      Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2018-08-11 10:48:46)
      Boot Mode: Normal
      ==========================================================

      ==================== Accounts: =============================
      Administrator (S-1-5-21-4192057778-3853912004-1886924142-500 - Administrator - Disabled)
      BECKO (S-1-5-21-4192057778-3853912004-1886924142-1001 - Administrator - Enabled) => C:\Users\BECKO
      Guest (S-1-5-21-4192057778-3853912004-1886924142-501 - Limited - Disabled)
      HomeGroupUser$ (S-1-5-21-4192057778-3853912004-1886924142-1002 - Limited - Enabled)
      ==================== Security Center ========================
      (If an entry is included in the fixlist, it will be removed.)
      AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
      AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
      AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      ==================== Installed Programs ======================
      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
      Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
      Adobe Flash Player 30 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
      Driver Easy 5.6.4 (HKLM\...\DriverEasy_is1) (Version: 5.6.4 - Easeware)
      Google Chrome (HKLM\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
      Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
      K-Meleon 76.0 (x86 en-US) (HKLM\...\K-Meleon 76.0 (x86 en-US)) (Version: 76.0 - kmeleonbrowser.org)
      Malwarebytes, версия 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
      Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
      RogueKiller version 12.12.31.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.31.0 - Adlice Software)
      Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
      Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
      ==================== Custom CLSID (Whitelisted): ==========================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      CustomCLSID: HKU\S-1-5-21-4192057778-3853912004-1886924142-1001_Classes\CLSID\{d33c6260-dafc-4b90-bf39-8ad6a5f19b7d}\localserver32 -> "C:\Program Files\Avira\SoftwareUpdater\AviraSoftwareUpdaterToastNotificationsBridge.exe" -ToastActivated => No File
      ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-08-12] ()
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2018-08-11] (Intel Corporation)
      ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-08-12] ()
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
      ==================== Scheduled Tasks (Whitelisted) =============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      Task: {15D51586-5D78-42F1-9AC0-F11850F32BB2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-08-11] (Adobe Systems Incorporated)
      Task: {4311FBF7-FF23-4B96-8A7A-7C848E6879A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-11] (Google Inc.)
      Task: {755ADDF9-F707-4126-9FD6-5EE5C09A6ED0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-11] (Google Inc.)
      Task: {87310821-94B6-4F2B-B233-805F8167F2AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-11] (Adobe Systems Incorporated)
      Task: {A663C5B5-F8F8-4769-83E9-A86545183E28} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-08-11] (Adobe Systems Incorporated)
      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      ==================== Shortcuts & WMI ========================
      (The entries could be listed to be restored or removed.)

      ==================== Loaded Modules (Whitelisted) ==============
      2018-08-11 19:36 - 2018-07-03 12:59 - 002077904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
      2018-08-11 19:36 - 2018-06-18 13:32 - 002169040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
      2018-08-11 14:04 - 2018-08-08 03:55 - 004076888 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
      2018-08-11 14:04 - 2018-08-08 03:55 - 000096088 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\libegl.dll
      ==================== Alternate Data Streams (Whitelisted) =========
      (If an entry is included in the fixlist, only the ADS will be removed.)
      AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [6121592]
      ==================== Safe Mode (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      ==================== Association (Whitelisted) ===============
      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

      ==================== Internet Explorer trusted/restricted ===============
      (If an entry is included in the fixlist, it will be removed from the registry.)

      ==================== Hosts content: ===============================
      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
      2009-07-14 05:04 - 2009-06-11 00:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

      ==================== Other Areas ============================
      (Currently there is no automatic fix for this section.)
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.0.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.
      ==================== MSCONFIG/TASK MANAGER disabled items ==

      ==================== FirewallRules (Whitelisted) ===============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      FirewallRules: [{38F020BD-9D8B-47A7-BA58-523640743E70}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
      FirewallRules: [TCP Query User{73CDBD4B-E707-4433-90BB-0CA4D37853D5}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe
      FirewallRules: [UDP Query User{43AE0B81-FBBA-40D9-9930-B10662946E5D}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe
      FirewallRules: [{EB2B59E7-24DC-4376-8CA5-5C73EB6B45AC}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
      FirewallRules: [TCP Query User{3CA70832-11D6-43D6-996B-CE4FD0FFCA2F}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
      FirewallRules: [UDP Query User{A8FAE1F8-F48D-463D-9467-C469B6224C66}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
      FirewallRules: [{C20D9306-3310-4603-955A-D8750AB02ABC}] => (Allow) C:\Users\BECKO\AppData\Local\Chromium\Application\chrome.exe
      ==================== Restore Points =========================
      11-08-2018 13:48:58 Windows Update
      11-08-2018 14:19:49 Windows Update
      11-08-2018 16:16:29 Windows Backup
      11-08-2018 16:53:14 Language Pack Installation
      11-08-2018 18:23:09 Програма за инсталиране на модули за Windows
      11-08-2018 18:41:57 Windows Update
      11-08-2018 18:46:40 Removed Avira Software Updater
      11-08-2018 19:18:13 Точка на възстановяване на HitmanPro
      11-08-2018 19:29:58 Точка на възстановяване на HitmanPro
      ==================== Faulty Device Manager Devices =============
      Name: RICOH Bay8Controller
      Description: RICOH Bay8Controller
      Class Guid: 
      Manufacturer: 
      Service: 
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      ==================== Event log errors: =========================
      Application errors:
      ==================
      Error: (08/12/2018 07:53:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:48:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:16:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:12:39 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Име на приложение с грешки: rundll32.exe_rasapi32.dll, версия: 6.1.7600.16385, времево клеймо: 0x4a5bc637
      Име на модул с грешки: rasapi32.dll_unloaded, версия: 0.0.0.0, времево клеймо: 0x5b51fcfc
      Код на изключение: 0xc0000005
      Отместване на грешка: 0x5d2300fb
      ИД на процес на грешка: 0xc58
      Начален час на приложението с грешки: 0x01d431b9f55ad649
      Път на приложението с грешки: C:\Windows\System32\rundll32.exe
      Път на модула с грешки: rasapi32.dll
      ИД на доклад: f345bb24-9de5-11e8-8c5b-002713343a56
      Error: (08/12/2018 12:27:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 10:30:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 08:31:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 07:56:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

      System errors:
      =============
      Error: (08/12/2018 07:50:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Software Protection беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 120000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.
      Error: (08/12/2018 07:50:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:50:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Windows Media Player Network Sharing Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.
      Error: (08/12/2018 07:50:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга Bluetooth Driver Management Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:46:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: Услуга Windows Media Player Network Sharing Service не може да бъде стартирана поради следната грешка: 
      Системата не може да намери указания път.
      Error: (08/12/2018 07:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга Bluetooth Driver Management Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:45:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Windows Media Player Network Sharing Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.

      Windows Defender:
      ===================================
      Date: 2018-08-11 18:49:37.775
      Description: 
      Windows Defender has detected spyware or other potentially unwanted software.
      For more information please see the following:
      http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289
      Name:SoftwareBundler:Win32/Prepscram
      ID:226289
      Severity:High
      Category:Software Bundler
      Path Found:file:C:\Program Files\KMSPico 10.2.1 Final\WindowsLoader.exe;process:pid:1664
      Detection Type:Concrete
      Detection Source:Real-Time Protection
      Status:Unknown
      Process Name:
      CodeIntegrity:
      ===================================
      Date: 2018-08-11 18:47:53.133
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:47:33.024
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:46:32.355
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:36:54.706
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:34:39.836
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:29:33.389
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:26:43.817
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:19:33.847
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      ==================== Memory info =========================== 
      Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
      Percentage of memory in use: 57%
      Total physical RAM: 3000.26 MB
      Available physical RAM: 1266.7 MB
      Total Virtual: 7094.55 MB
      Available Virtual: 5571.67 MB
      ==================== Drives ================================
      Drive c: () (Fixed) (Total:100.1 GB) (Free:34 GB) NTFS
      Drive d: () (Fixed) (Total:365.12 GB) (Free:278.48 GB) NTFS
      \\?\Volume{b6af5893-9d52-11e8-b3b1-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
      \\?\Volume{b6af5896-9d52-11e8-b3b1-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS
      ==================== MBR & Partition Table ==================
      ========================================================
      Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS)
      Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
      ==================== End of Addition.txt ============================
      това беше открито снощи 
      Malwarebytes
      www.malwarebytes.com
      -Детайли за регистъра-
      Дата на сканиране: 11.08.18 г.
      Час на сканиране: 19:39
      Файл на регистъра: 1355b5a2-9d85-11e8-97c9-002713343a56.json
      Администратор: Да
      -Информация за софтуера-
      Версия: 3.5.1.2522
      Версия на компонентите: 1.0.391
      Актуализирай версията на пакета: 1.0.6301
      Лиценз: Пробен период
      -Системна информация-
      OS: Windows 7 Service Pack 1
      CPU: x86
      Файлова система: NTFS
      Потребител: BECKO-PC\BECKO
      -Резюме на сканирането-
      Тип сканиране: Threat Scan
      Сканирането е стартирано от: Ръчно
      Резултат: Завършено
      Сканирани обекти: 158748
      Открити заплахи: 85
      Заплахи под карантина: 85
      Изтекло време: 3 мин, 55 сек
      -Опции за сканиране-
      Памет: Разрешено
      Стартиране: Разрешено
      Файлова система: Разрешено
      Архиви: Разрешено
      руткитове: Разрешено
      Евристика: Разрешено
      PUP: Открий
      PUM: Открий
      -Детайли за сканирането-
      Процес: 0
      (Не бяха открити зловредни елементи)
      Модул: 0
      (Не бяха открити зловредни елементи)
      Ключ на регистъра: 16
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Chromium tatec, Под карантина, [3754], [483380],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3754], [483380],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3754], [483380],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OPERA SCHEDULED AUTOUPDATE 4086469641, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}, Под карантина, [103], [535908],1.0.6301
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Multitimer_is1, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium tatec, Под карантина, [3725], [-1],0.0.0
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3725], [-1],0.0.0
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3725], [-1],0.0.0
      Adware.FastDataX, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\FastDataX, Под карантина, [3932], [484533],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Под карантина, [417], [518478],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Под карантина, [417], [518476],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\Speedycar, Под карантина, [417], [518473],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\TechnologyDesktopnew, Под карантина, [417], [518479],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D2A33A63-8223-EBE3-33A3-9B63E32348E3}, Под карантина, [3725], [542290],1.0.6301
      Стойност на регистъра: 6
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Multitimer, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.NotChromeRun, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GOOGLECHROMEAUTOLAUNCH_A26881468A4EFB18BAF645F9B1FB72E9, Под карантина, [6940], [241243],1.0.6301
      Adware.Tuto4PC.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|QWTD433SW12, Под карантина, [3704], [522751],1.0.6301
      Adware.NeoBar, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|AwRWNQQxQn, Под карантина, [1236], [431477],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}|PATH, Под карантина, [103], [535907],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}|PATH, Под карантина, [3754], [483378],1.0.6301
      Данни на регистъра: 0
      (Не бяха открити зловредни елементи)
      Поток данни: 0
      (Не бяха открити зловредни елементи)
      Папка: 8
      PUP.Optional.BundleInstaller, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\845712, Под карантина, [407], [463480],1.0.6301
      Adware.Tuto4PC, C:\PROGRAM FILES\MULTITIMER, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\5b2ec796-04d1-0, Под карантина, [679], [407181],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\5b2ec796-56c1-1, Под карантина, [679], [407181],1.0.6301
      Adware.NeoBar, C:\USERS\BECKO\APPDATA\LOCAL\CYPJMERAKY, Под карантина, [1236], [431477],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\USERS\BECKO\APPDATA\LOCAL\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}, Под карантина, [3725], [542290],1.0.6301
      Файл: 55
      PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\5b2ec796-04d1-0\BITAC33.tmp, Под карантина, [3742], [257931],1.0.6301
      PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\5b2ec796-56c1-1\BIT96A0.tmp, Под карантина, [3742], [257931],1.0.6301
      PUP.Optional.BundleInstaller, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\845712\ic-0.9290ec7e4e043.exe, Под карантина, [407], [463480],1.0.6301
      PUP.Optional.BundleInstaller, C:\Users\BECKO\AppData\Local\Temp\845712\ic-0.ab640b600fd5f8.exe, Под карантина, [407], [463480],1.0.6301
      PUP.Optional.WinYahoo.Generic, C:\WINDOWS\SYSTEM32\TASKS\Chromium tatec, Под карантина, [3754], [483380],1.0.6301
      Adware.Agent, C:\WINDOWS\SYSTEM32\TASKS\OPERA SCHEDULED AUTOUPDATE 4086469641, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\allradio_4.27_portable.exe, Под карантина, [103], [536191],1.0.6301
      Adware.Tuto4PC, C:\PROGRAM FILES\MULTITIMER\UNINS000.DAT, Под карантина, [2764], [474048],1.0.6301
      Adware.Tuto4PC, C:\Program Files\Multitimer\Multitimer.exe, Под карантина, [2764], [474048],1.0.6301
      Adware.Tuto4PC, C:\Program Files\Multitimer\unins000.exe, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\fado, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\hdat1, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\hdat2, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Chromium tatec, Под карантина, [3725], [-1],0.0.0
      Adware.Tuto4PC.Generic, C:\PROGRAM FILES\YUYFG\5138832.EXE, Под карантина, [3704], [522751],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      Adware.NeoBar, C:\Users\BECKO\AppData\Local\cypjMERAky\activation.exe, Под карантина, [1236], [431477],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\USERS\BECKO\APPDATA\LOCAL\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HOWTOREMOVE\HOWTOREMOVE.HTML, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\chromium-min.jpg, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\control panel-min-min.JPG, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\down.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\ff menu.JPG, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\ff search engine-min.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\hp-min ff.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\hp-min ie.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\search engine.gif, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\setup pages.gif, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\sp-min.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\start-min.jpg, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\up.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\lilacisa, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\lonadel, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\uninst.exe, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\uninstp.dat, Под карантина, [3725], [542290],1.0.6301
      Ransom.Crysis, C:\USERS\BECKO\APPDATA\ROAMING\MICROSOFT\WINDOWS\REACSRHG\UIFBACFE.EXE, Под карантина, [7210], [551188],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\Sound Volume Control.lnk, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\ROAMING\SOUND VOLUME CONTROL\SNDVOL.EXE, Под карантина, [0], [392686],1.0.6301
      PUP.Optional.BundleInstaller, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\REGISTRY_ACTIVATION_2751393056.EXE, Под карантина, [407], [505351],1.0.6301
      Trojan.MalPack, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\WINDOWSLOADER.EXE, Под карантина, [4152], [500527],1.0.6301
      Backdoor.Bot, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\ACTIVATION.EXE, Под карантина, [806], [419768],1.0.6301
      Adware.Agent, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\IS-AT1Q7.TMP\ZRGVBV.DLL, Под карантина, [103], [539849],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP2_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP3_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP4_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Adware.Tuto4PC, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\EYEKAZXXJYM.EXE, Под карантина, [2764], [474076],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\REFSUTIL.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\BEAD.TMP.EXE, Под карантина, [0], [392686],1.0.6301
      Физически сектор: 0
      (Не бяха открити зловредни елементи)
      WMI: 0
      (Не бяха открити зловредни елементи)

      (end)
    • от Антон Ангелов
      Здравейте,
      Имам съмнения, че системата ми е заразена работи, бавно и първият път, като отворя нов таб във файрфокс се отварят още два прозореца с реклами.
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
      Ran by Anton (administrator) on DESKTOP-IRI1MIH (04-08-2018 17:20:24)
      Running from C:\Users\Anton\Desktop
      Loaded Profiles: Anton (Available Profiles: Anton)
      Platform: Windows 10 Enterprise Version 1709 16299.431 (X64) Language: Български (България)
      Internet Explorer Version 11 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AMD) C:\Windows\System32\atiesrxx.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
      (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
      (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
      () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Intel Corporation) C:\Windows\System32\igfxHK.exe
      () C:\Windows\System32\igfxTray.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
      () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
      (Realtek semiconductor) C:\Windows\RTFTrack.exe
      (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
      (BitTorrent Inc.) C:\Users\Anton\AppData\Roaming\uTorrent\uTorrent.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (BitTorrent Inc.) C:\Users\Anton\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
      (BitTorrent Inc.) C:\Users\Anton\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
      () C:\Program Files\WindowsApps\60145ScottBrogden.ditto-cp_3.21.223.0_x86__n6b029mg40na2\Ditto.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
      (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
      (Lenovo Group Limited) C:\Users\Anton\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe
      (AVAST Software) C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
      (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
      (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
      HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5052120 2015-06-01] (Realtek semiconductor)
      HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-22] (AVAST Software)
      HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
      HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
      HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-22] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
      HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\Run: [uTorrent] => C:\Users\Anton\AppData\Roaming\uTorrent\uTorrent.exe [1984184 2018-06-22] (BitTorrent Inc.)
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\Run: [Viber] => C:\Users\Anton\AppData\Local\Viber\Viber.exe [37338696 2018-04-24] (Viber Media S.à r.l.)
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5263040 2018-01-30] (Disc Soft Ltd)
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7368480 2018-08-04] (Lavasoft)
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\MountPoints2: {a097669a-1fdb-11e8-8817-f8a963267c4d} - "I:\startme.exe"
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\MountPoints2: {a09767e5-1fdb-11e8-8817-f8a963267c4d} - "H:\SETUP.EXE"
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\MountPoints2: {a0976fa4-1fdb-11e8-8817-f8a963267c4d} - "I:\Setup.exe"
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 62.221.132.211 85.130.60.11
      Tcpip\..\Interfaces\{3dad8f67-5fb2-42f7-8404-142ac9dfe4b7}: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{7fd9a328-bcce-42f4-bd1c-45a1f2ee1e6c}: [DhcpNameServer] 62.221.132.211 85.130.60.11
      Internet Explorer:
      ==================
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180523__yaie
      SearchScopes: HKU\S-1-5-21-1747955922-307037692-2103265143-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10420__180523__yaie&p={searchTerms}
      BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-04-10] (Microsoft Corporation)
      BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
      BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
      BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
      Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
      Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
      Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
      Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
      FireFox:
      ========
      FF DefaultProfile: 6l09fpov.default-1519148072560
      FF ProfilePath: C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560 [2018-08-04]
      FF Homepage: Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560 -> about:home
      FF NewTab: Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180523__yaff
      FF Extension: (Easy YouTube mp3) - C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560\Extensions\d.lehr@chello.at.xpi [2018-07-07]
      FF Extension: (Avast Online Security) - C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560\Extensions\wrc@avast.com.xpi [2018-06-01]
      FF Extension: (Adblock Plus) - C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-18]
      FF SearchPlugin: C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-23]
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-14] ()
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-14] ()
      FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-10] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
      FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
      FF Plugin HKU\S-1-5-21-1747955922-307037692-2103265143-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Anton\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)
      Chrome:
      =======
      CHR HomePage: Default -> hxxp://www.google.com
      CHR Profile: C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default [2018-07-25]
      CHR Extension: (YouTube) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-26]
      CHR Extension: (Adobe Acrobat) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-26]
      CHR Extension: (Avast SafePrice) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-02-18]
      CHR Extension: (Avast Online Security) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-26]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-26]
      CHR Extension: (Chrome Media Router) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-23]
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
      R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
      R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
      R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-06-22] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-06-22] (AVAST Software)
      R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3480768 2018-01-30] (Disc Soft Ltd)
      R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2016-09-20] (Nero AG)
      R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
      R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
      S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-31] (Microsoft Corporation)
      R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
      R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25888 2018-08-04] ()
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc.)
      R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-06-22] (AVAST Software)
      R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-06-22] (AVAST Software)
      R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-06-22] (AVAST Software)
      R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-06-22] (AVAST Software)
      R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-06-22] (AVAST Software)
      S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-06-22] (AVAST Software)
      R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-06-22] (AVAST Software)
      S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-06-22] (AVAST Software)
      R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-06-22] (AVAST Software)
      R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-06-22] (AVAST Software)
      R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-06-22] (AVAST Software)
      R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-06-22] (AVAST Software)
      R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467064 2018-07-25] (AVAST Software)
      R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-06-22] (AVAST Software)
      R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-06-22] (AVAST Software)
      R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-03-04] (Disc Soft Ltd)
      R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-03-04] (Disc Soft Ltd)
      R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
      S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
      R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp.)
      R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
      S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-04 17:19 - 2018-08-04 17:20 - 000040238 _____ C:\Users\Anton\Desktop\Addition.txt
      2018-08-04 17:16 - 2018-08-04 17:23 - 000018696 _____ C:\Users\Anton\Desktop\FRST.txt
      2018-08-04 17:16 - 2018-08-04 17:20 - 000000000 ____D C:\FRST
      2018-08-04 17:14 - 2018-08-04 17:15 - 002412544 _____ (Farbar) C:\Users\Anton\Desktop\FRST64.exe
      2018-08-04 17:09 - 2018-08-04 17:09 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
      2018-07-25 15:13 - 2018-07-25 15:13 - 000000000 ____D C:\Users\Anton\AppData\Local\PlaceholderTileLogoFolder
      2018-07-25 15:11 - 2018-07-25 15:11 - 000107310 _____ C:\Users\Anton\Desktop\FileZilla.xml
      2018-07-25 15:10 - 2018-07-25 15:11 - 007791072 _____ (Tim Kosse) C:\Users\Anton\Downloads\FileZilla_3.35.1_win64-setup.exe
      2018-07-19 13:01 - 2018-07-19 13:01 - 000000711 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tanki Online.lnk
      2018-07-19 12:59 - 2018-07-19 12:59 - 009644712 _____ (AlternativaGame Ltd ) C:\Users\Anton\Downloads\tankionline_eu.exe
      2018-07-19 09:44 - 2018-08-04 17:06 - 000000000 ____D C:\Users\Anton\AppData\LocalLow\uTorrent
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-04 17:22 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
      2018-08-04 17:22 - 2017-09-26 18:50 - 000000000 ____D C:\Users\Anton\AppData\Roaming\uTorrent
      2018-08-04 17:21 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\AppReadiness
      2018-08-04 17:09 - 2017-09-26 00:28 - 000000000 ____D C:\Users\Anton\AppData\LocalLow\Mozilla
      2018-08-04 17:08 - 2018-06-23 10:14 - 000000000 ____D C:\Users\Anton\AppData\Local\AVAST Software
      2018-08-04 17:06 - 2017-10-12 22:48 - 000000000 ____D C:\Users\Anton\AppData\Local\HTC MediaHub
      2018-08-04 17:05 - 2017-12-31 07:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2018-08-04 17:05 - 2017-10-23 19:45 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-08-04 17:05 - 2017-10-21 12:50 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
      2018-08-04 17:05 - 2017-09-26 00:39 - 000000000 __SHD C:\Users\Anton\IntelGraphicsProfiles
      2018-07-25 20:17 - 2017-09-29 11:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
      2018-07-25 20:00 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\system32\NDF
      2018-07-25 19:52 - 2017-12-31 07:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
      2018-07-25 17:10 - 2017-12-31 07:18 - 000000000 ____D C:\Users\Anton
      2018-07-25 16:53 - 2017-09-26 19:10 - 000000000 ____D C:\Users\Anton\AppData\Roaming\vlc
      2018-07-25 16:51 - 2018-06-03 23:14 - 000000000 ____D C:\Users\Anton\AppData\Roaming\FileZilla
      2018-07-25 15:48 - 2018-06-03 23:14 - 000000000 ____D C:\Users\Anton\AppData\Local\FileZilla
      2018-07-25 15:13 - 2017-12-31 07:19 - 000000000 ____D C:\Users\Anton\AppData\Local\Packages
      2018-07-25 15:13 - 2017-09-29 16:46 - 000000000 ___HD C:\Program Files\WindowsApps
      2018-07-25 15:12 - 2018-06-03 23:12 - 000000000 ____D C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
      2018-07-25 15:12 - 2018-06-03 23:12 - 000000000 ____D C:\Program Files\FileZilla FTP Client
      2018-07-25 14:51 - 2017-09-26 18:43 - 000467064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
      2018-07-24 21:36 - 2017-12-31 07:35 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
      2018-07-22 16:34 - 2017-10-08 22:55 - 000000875 _____ C:\Users\Anton\Desktop\Книги.txt
      2018-07-22 15:44 - 2017-09-29 16:37 - 000000000 ____D C:\WINDOWS\CbsTemp
      2018-07-18 23:21 - 2018-06-26 23:00 - 000000000 ____D C:\Users\Anton\AppData\Local\CrashDumps
      2018-07-18 23:19 - 2018-04-21 10:07 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
      2018-07-18 23:18 - 2015-10-30 10:24 - 000000167 _____ C:\WINDOWS\win.ini
      2018-07-15 13:29 - 2017-09-27 00:48 - 000000000 ____D C:\WINDOWS\system32\MRT
      2018-07-15 13:24 - 2017-09-27 00:48 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
      2018-07-15 13:17 - 2017-09-29 16:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
      2018-07-15 12:58 - 2017-12-23 17:33 - 000000000 ___DC C:\WINDOWS\Panther
      2018-07-15 12:16 - 2017-12-31 07:34 - 000065683 _____ C:\WINDOWS\diagwrn.xml
      2018-07-15 12:16 - 2017-12-31 07:34 - 000062868 _____ C:\WINDOWS\diagerr.xml
      2018-07-15 10:45 - 2017-10-21 13:22 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
      2018-07-15 10:43 - 2017-09-29 11:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
      2018-07-15 10:07 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\Registration
      2018-07-15 10:06 - 2018-04-12 20:30 - 000000000 ___HD C:\$WINDOWS.~BT
      2018-07-14 11:11 - 2017-10-15 22:30 - 000000000 ____D C:\Users\Anton\AppData\Local\LenovoServiceBridge
      2018-07-14 11:05 - 2018-03-15 00:41 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
      2018-07-14 11:05 - 2017-12-31 07:35 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
      2018-07-14 11:05 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
      2018-07-14 11:05 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2018-07-10 23:51 - 2017-09-29 00:46 - 000000187 _____ C:\Users\Anton\Desktop\Angliski.txt
      2018-07-10 20:48 - 2017-12-31 07:35 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
      2018-07-10 20:47 - 2017-09-26 18:59 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2018-07-10 08:13 - 2017-12-31 07:35 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1747955922-307037692-2103265143-1001
      2018-07-10 08:13 - 2017-09-26 00:26 - 000002391 _____ C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      2018-07-10 08:13 - 2017-09-26 00:26 - 000000000 ___RD C:\Users\Anton\OneDrive
      2018-07-08 23:05 - 2018-02-20 20:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2018-07-08 23:05 - 2018-02-20 20:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2018-07-07 15:25 - 2018-02-20 20:34 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
      ==================== Files in the root of some directories =======
      2018-06-03 22:57 - 2018-06-03 23:09 - 000000600 _____ () C:\Users\Anton\AppData\Roaming\winscp.rnd
      2018-02-25 19:38 - 2018-02-25 19:38 - 000001456 _____ () C:\Users\Anton\AppData\Local\Adobe Save for Web 13.0 Prefs
      2018-06-10 00:20 - 2018-06-10 00:20 - 000002031 _____ () C:\Users\Anton\AppData\Local\recently-used.xbel
      Some files in TEMP:
      ====================
      2018-07-10 08:14 - 2018-08-04 17:09 - 000391024 _____ (adaware) C:\Users\Anton\AppData\Local\Temp\wcupdater.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-07-22 16:44
      ==================== End of FRST.txt ============================
      Addition.txt
    • от CaptainJord
      Здравейте, откакто изтеглих един файл и го стартирах антивирусната ми засече някакъв вирус относно видеокартата ми (няма как файлове от видеокартата ми да са вирус) .. не знам и аз точно какво е та за по ясно ето снимка .. Колкото и да се опитвам да го махна то пак излиза ..
       
       

      Addition.txt
    • от D101149
      Здравейте! Имам вируси в компютъра. Имах Malwebytes anti-virus, изтече му лиценза пробният и го махнах и сега съм с есет за 30 дена. По-добър от Malwerbytes обаче постоянно ми вади някакъв вирус като вляза в chrome за CoinMiner
      прикачам файловете, които са ви нужни. благодаря!

      FRST.txt
      Addition.txt
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.