Премини към съдържанието

Препоръчан отговор


Safe Finder се добави преди няколко дни в мозилата ми (може би и в другите браузъри, но не ги ползвам). Постоянно ми се появяват някакви прозорци или се отварят други сайтове, когато искам да отворя съвсем друг сайт. Понякога даже изобщо не ми зареждат сайтовете. Търсачката ми също се променя автоматично на yahoo safe finder или, ако търся с гугъл най-отгоре се появяват съвсем различни неща пак породени от sefe finder. Имам чувството, че това бави самия лаптоп. Надявам се, че сте ме разбрали, защото аз съм индианка в тази сфера и не знам дали се изказвам правилно :D

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Моля изпълнете инструкциите от тази тема и публикувайте логовете от FRST => Системата ми е инфектирана - Какво да правя сега?

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да, вие ми казахте вече, аз както винаги съм разсеяна

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-12-2015
Ran by Svetlichka (administrator) on TOSHIBA (19-12-2015 13:15:27)
Running from D:\Documents\Downloads
Loaded Profiles: Svetlichka (Available Profiles: Svetlichka)
Platform: Windows 8.1 Enterprise (X64) Language: Български (България)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Dripkick\Dripkick.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Temp\ob4six\runner.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\ProgramData\Zitenop\Zitenop.exe
() C:\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\dripl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(BitTorrent Inc.) C:\Users\Svetlichka\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Users\Svetlichka\AppData\Local\Viber\Viber.exe
(CyberLink Corp.) C:\PowerDVD14\PowerDVD14Agent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(BitTorrent Inc.) C:\Users\Svetlichka\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\Svetlichka\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Disc Soft Ltd) C:\Daemon Tools Lite\DiscSoftBusService.exe
() C:\ProgramData\Zitenop\Zitenop.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Users\Svetlichka\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Svetlichka\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Svetlichka\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-04] (CyberLink Corp.)
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\Run: [uTorrent] => C:\Users\Svetlichka\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-04] (BitTorrent Inc.)
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\Run: [DAEMON Tools Lite] => C:\Daemon Tools Lite\DTLite.exe [5585136 2015-03-31] (Disc Soft Ltd)
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\Run: [Viber] => C:\Users\Svetlichka\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\Run: [Google Update] => C:\Users\Svetlichka\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-12-15] (Google Inc.)
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\Run: [Lync] => "C:\Microsoft Office\Office16\lync.exe" /fromrunkey
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\MountPoints2: {14d5e788-0e18-11e5-8255-2016d88609db} - "E:\RunGame.exe"
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\MountPoints2: {14d5e78c-0e18-11e5-8255-2016d88609db} - "H:\RunGame.exe"
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\MountPoints2: {14d5e790-0e18-11e5-8255-2016d88609db} - "I:\RunGame.exe"
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\MountPoints2: {1be657c8-dc81-11e4-8251-7054d2899f9d} - "G:\SETUP.EXE"
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\MountPoints2: {26be7036-dcab-11e4-8253-2016d88609db} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\MountPoints2: {26be706e-dcab-11e4-8253-2016d88609db} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\MountPoints2: {a1aca753-1e87-11e5-8256-2016d88609db} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\...\MountPoints2: {edda2619-2e03-11e5-8259-2016d88609db} - "E:\HTC_Sync_Manager_PC.exe"
AppInit_DLLs: C:\ProgramData\Zitenop\Relab.dll => C:\ProgramData\Zitenop\Relab.dll [518656 2015-12-16] ()
AppInit_DLLs-x32: C:\ProgramData\Zitenop\Groovephase.dll => C:\ProgramData\Zitenop\Groovephase.dll [320512 2015-12-16] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-934708141-2903372314-3187024128-1001] => hxxp://unstopp.me/wpad.dat?ceaba8138b049902f46e796aa3275e122620118
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3C292FFC-673C-428B-BBF3-A57D34471933}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.bg/
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2oyV1M_vuKKky6_HQ7Yt--KjQLxi55CSivI4KwOO5AA7E19Ndkg6v52E5I1frOdrntOK_aJoKmHOiyphUVhkzIhkBHH5MgA5SCMPIerCQ1tRek0_QZYNh8IcEs5Ski8l6hsLOj6hagjX-DBP&q={searchTerms}
SearchScopes: HKU\S-1-5-21-934708141-2903372314-3187024128-1001 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-934708141-2903372314-3187024128-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2oyV1M_vuKKky6_HQ7Yt--KjQLxi55CSivI4KwOO5AA7E19Ndkg6v52E5I1frOdrntOK_aJoKmHOiyphUVhkzIhkBHH5MgA5SCMPIerCQ1tRek0_QZYNh8IcEs5Ski8l6hsLOj6hagjX-DBP&q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1450201075&z=d20b6ebf60797976f6cba3fgezfw5e8o4e9g8efm1q&from=obw&uid=TOSHIBAXMQ01ABD064_14RGC121TXX14RGC121T

FireFox:
========
FF ProfilePath: C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334
FF Homepage: hxxp://www.google.bg/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-934708141-2903372314-3187024128-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Svetlichka\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-934708141-2903372314-3187024128-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Svetlichka\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-15] (Google Inc.)
FF user.js: detected! => C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\user.js [2015-12-18]
FF Extension: "Camera Style - C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\Extensions\@5B4753C248531D935815F9EB175011D95B47.xpi [2015-12-17] [not signed]
FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-12-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\m4eqozce.default\extensions\deskCutv2@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\m4eqozce.default\extensions\yahooprotected@gmail.com => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!5B4753C248531D935815F9EB175011D95B47.js [2015-12-16] <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\5B4753C248531D935815F9EB175011D95B47 [2015-12-16] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.bg/
CHR Profile: C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Презентации) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-16]
CHR Extension: (Google Документи) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-16]
CHR Extension: (Google Диск) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-16]
CHR Extension: (YouTube) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-16]
CHR Extension: (Google Търсене) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-16]
CHR Extension: (Електронни таблици от Google) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-16]
CHR Extension: (Google Документи офлайн) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-16]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-16]
CHR Extension: (Gmail) - C:\Users\Svetlichka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-16]
CHR Extension: (Camera Style) - C:\Users\Svetlichka\AppData\Local\Camera Style\Component [2015-12-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Daemon Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd)
R2 Dripkick; C:\Program Files\Dripkick\Dripkick.exe [379392 2015-12-13] () [File not signed]
R2 FinwarmSvc; C:\Temp\ob4six\runner.exe [45568 2015-12-15] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-12] (Stardock Software, Inc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [256912 2015-05-27] (Wondershare)
R2 Zitenop; C:\ProgramData\\Zitenop\\Zitenop.exe [437248 2015-12-16] () [File not signed]
S2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe -s [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-04-06] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 RtkBtFilter2; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [48856 2013-11-28] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-30] (Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-04-06] (Duplex Secure Ltd.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-04] (CyberLink Corp.)
S1 czwvpbrn; \??\C:\Windows\system32\drivers\czwvpbrn.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-19 13:15 - 2015-12-19 13:15 - 00000000 ____D C:\FRST
2015-12-18 13:05 - 2015-12-18 13:05 - 00000013 _____ C:\Users\Svetlichka\.pluto.tv
2015-12-18 13:04 - 2015-12-18 13:06 - 00000000 ____D C:\Program Files (x86)\Pluto TV
2015-12-18 13:03 - 2015-12-18 13:03 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\OpenCandy
2015-12-18 13:02 - 2015-12-19 10:21 - 00000000 ____D C:\Users\Svetlichka\AppData\LocalLow\uTorrent
2015-12-17 18:54 - 2015-12-17 18:54 - 00001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-17 18:54 - 2015-12-17 18:54 - 00001159 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-17 18:54 - 2015-12-17 18:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-16 20:21 - 2015-12-16 20:21 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-16 20:21 - 2015-12-16 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-16 20:19 - 2015-12-16 20:19 - 00003172 _____ C:\Windows\System32\Tasks\Camera Style
2015-12-16 20:19 - 2015-12-16 20:19 - 00003162 _____ C:\Windows\System32\Tasks\Camera Style2
2015-12-16 20:06 - 2015-12-18 13:26 - 00000000 ____D C:\Microsoft Office
2015-12-16 19:49 - 2015-12-18 13:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-16 19:47 - 2015-12-16 19:47 - 00000000 ____D C:\ProgramData\Stardock
2015-12-16 19:47 - 2015-12-16 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2015-12-16 19:47 - 2015-12-16 19:47 - 00000000 ____D C:\Program Files (x86)\Stardock
2015-12-16 19:41 - 2015-12-16 19:41 - 00003174 _____ C:\Windows\System32\Tasks\{64795C1F-BCF6-44BF-B37D-38BA728BCD5A}
2015-12-16 19:33 - 2015-12-19 10:19 - 00000000 ____D C:\ProgramData\KMSAutoS
2015-12-16 19:33 - 2015-12-16 20:27 - 00003748 _____ C:\Windows\System32\Tasks\KMSAutoNet
2015-12-16 19:27 - 2015-12-19 10:26 - 00000000 ____D C:\ProgramData\Zitenop
2015-12-16 19:27 - 2015-12-16 19:27 - 00000000 ____D C:\ProgramData\Zitenops
2015-12-16 19:26 - 2015-12-16 19:26 - 00000496 __RSH C:\ProgramData\ntuser.pol
2015-12-16 18:51 - 2015-12-16 18:51 - 00003126 _____ C:\Windows\System32\Tasks\{2A5EA6B0-25FA-41AA-B3B3-B8B527938491}
2015-12-16 18:51 - 2015-12-16 18:51 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\software
2015-12-16 18:51 - 2015-12-16 18:51 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\atb
2015-12-16 18:38 - 2015-12-16 18:38 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\wps
2015-12-16 18:33 - 2015-12-16 18:33 - 00003126 _____ C:\Windows\System32\Tasks\{A7FF5776-D79E-42B3-99DE-C5BC32C6BFAA}
2015-12-15 20:26 - 2015-12-19 12:32 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934708141-2903372314-3187024128-1001UA.job
2015-12-15 20:26 - 2015-12-18 20:32 - 00000992 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934708141-2903372314-3187024128-1001Core.job
2015-12-15 20:26 - 2015-12-15 20:27 - 00004004 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-934708141-2903372314-3187024128-1001UA
2015-12-15 20:26 - 2015-12-15 20:27 - 00003624 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-934708141-2903372314-3187024128-1001Core
2015-12-15 20:26 - 2015-12-15 20:26 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-15 19:55 - 2015-12-16 19:42 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\kingsoft
2015-12-15 19:44 - 2015-12-15 19:45 - 00000382 _____ C:\Prefs.js
2015-12-15 19:44 - 2015-12-15 19:44 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-12-15 19:44 - 2015-12-15 19:44 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-12-15 19:44 - 2015-12-15 19:44 - 00002816 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-12-15 19:44 - 2015-12-15 19:44 - 00002816 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-12-15 19:44 - 2015-12-15 19:44 - 00000000 ____D C:\searchplugins
2015-12-15 19:38 - 2015-12-16 14:50 - 00000000 ____D C:\ProgramData\Tmp0x0x
2015-12-15 19:35 - 2015-12-16 19:44 - 00000000 ____D C:\Program Files (x86)\WinRAR
2015-12-15 19:32 - 2015-12-16 20:09 - 00000000 ____D C:\Program Files (x86)\baidu
2015-12-15 19:32 - 2015-12-16 19:42 - 00000000 ____D C:\ProgramData\kingsoft
2015-12-15 19:32 - 2015-12-15 19:55 - 00003594 _____ C:\Windows\System32\Tasks\PPTAssistantUpdateTask_Svetlichka
2015-12-15 19:32 - 2015-12-15 19:32 - 00000000 ____D C:\Program Files\Dripkick
2015-12-15 19:32 - 2015-12-15 19:31 - 00000929 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-15 19:31 - 2015-12-15 19:31 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-12-15 19:14 - 2015-12-19 12:29 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-12-15 19:14 - 2015-12-15 19:14 - 00003864 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-12-15 19:12 - 2015-12-15 19:12 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\SimpleFiles
2015-12-15 19:11 - 2015-12-16 20:24 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\Opera Software
2015-12-15 19:10 - 2015-12-16 20:24 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-15 18:52 - 2015-12-15 18:52 - 00001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-15 18:52 - 2015-12-15 18:52 - 00001043 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2015-12-11 14:09 - 2015-12-11 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-09 16:36 - 2015-11-11 18:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 16:36 - 2015-11-11 18:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 16:36 - 2015-11-11 17:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 16:36 - 2015-11-11 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-09 16:36 - 2015-11-11 17:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 16:36 - 2015-11-11 17:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 16:36 - 2015-11-10 02:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 16:36 - 2015-11-10 02:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 16:36 - 2015-11-10 02:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 16:36 - 2015-11-10 02:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 16:36 - 2015-11-10 02:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 16:36 - 2015-11-10 01:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 16:36 - 2015-11-10 01:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-09 16:36 - 2015-11-10 01:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 16:36 - 2015-11-10 01:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 16:36 - 2015-11-10 01:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 16:36 - 2015-11-10 01:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 16:36 - 2015-11-10 01:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-09 16:36 - 2015-11-10 01:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 16:36 - 2015-11-10 01:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 16:36 - 2015-11-10 01:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 16:36 - 2015-11-09 00:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 16:36 - 2015-11-09 00:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 16:36 - 2015-11-09 00:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 16:36 - 2015-11-09 00:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 16:36 - 2015-11-09 00:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 16:36 - 2015-11-08 23:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 16:36 - 2015-11-08 23:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-09 16:36 - 2015-11-08 23:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-09 16:36 - 2015-11-08 23:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 16:36 - 2015-11-08 23:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 16:36 - 2015-11-08 23:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 16:36 - 2015-11-08 23:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 16:36 - 2015-11-08 23:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 16:36 - 2015-11-08 23:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 16:36 - 2015-11-08 22:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-12-09 16:36 - 2015-11-08 22:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 16:36 - 2015-11-08 22:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 16:36 - 2015-11-08 22:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 16:34 - 2015-11-05 10:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 16:33 - 2015-11-22 08:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-09 16:33 - 2015-11-22 08:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-09 16:33 - 2015-11-22 08:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-09 16:33 - 2015-11-22 08:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-09 16:33 - 2015-11-22 08:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-09 16:33 - 2015-11-22 08:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-09 16:33 - 2015-11-22 08:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-09 16:33 - 2015-11-21 20:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-09 16:33 - 2015-11-21 19:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-09 16:33 - 2015-11-21 18:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 16:33 - 2015-11-21 18:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 16:33 - 2015-11-21 18:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 16:33 - 2015-11-21 18:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 16:33 - 2015-11-09 02:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 16:33 - 2015-11-09 00:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 16:33 - 2015-11-08 23:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 16:33 - 2015-11-08 23:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 16:33 - 2015-11-08 23:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-09 16:33 - 2015-11-08 22:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 16:33 - 2015-11-08 22:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 16:33 - 2015-11-08 22:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-09 16:33 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-09 16:33 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-09 16:33 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-09 16:33 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-09 16:33 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-09 16:33 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-09 16:33 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-09 16:33 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-09 16:33 - 2015-10-22 18:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-09 16:33 - 2015-10-22 18:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-12-09 16:33 - 2015-10-22 17:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-09 16:33 - 2015-10-22 17:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-12-09 16:33 - 2015-10-22 16:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2015-12-09 16:33 - 2015-10-22 16:08 - 00513456 _____ C:\Windows\system32\locale.nls
2015-12-09 16:33 - 2015-10-10 19:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-12-09 16:33 - 2015-10-03 21:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-12-09 16:33 - 2015-10-03 21:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-12-09 16:32 - 2015-11-21 00:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 16:32 - 2015-11-20 20:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 16:32 - 2015-11-20 18:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 16:32 - 2015-11-20 18:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 16:32 - 2015-11-20 18:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 16:32 - 2015-11-20 18:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-12-09 16:32 - 2015-11-20 18:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 16:32 - 2015-11-20 18:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 16:32 - 2015-11-20 18:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 16:32 - 2015-11-20 18:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 16:32 - 2015-11-20 18:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 16:32 - 2015-11-20 18:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 16:32 - 2015-11-20 18:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 16:32 - 2015-10-28 17:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-09 16:32 - 2015-10-28 17:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-09 16:31 - 2015-10-11 08:34 - 00468824 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-09 16:31 - 2015-10-11 08:34 - 00462168 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-12-09 16:31 - 2015-10-11 08:34 - 00443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-12-09 16:31 - 2015-10-11 08:34 - 00092504 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-12-09 16:31 - 2015-10-11 08:34 - 00027992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-12-09 16:31 - 2015-10-10 20:41 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-12-09 16:31 - 2015-10-10 20:41 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-12-09 16:31 - 2015-10-08 18:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2015-12-09 16:31 - 2015-10-08 17:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2015-12-09 16:31 - 2015-10-05 20:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2015-12-09 16:31 - 2015-10-05 20:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-19 13:16 - 2015-04-06 18:33 - 00000000 ____D C:\Temp
2015-12-19 13:15 - 2015-04-06 18:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-19 13:15 - 2013-08-22 15:36 - 00000000 ____D C:\Windows
2015-12-19 13:12 - 2015-04-06 19:05 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\uTorrent
2015-12-19 13:11 - 2015-04-06 19:15 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\Skype
2015-12-19 10:56 - 2015-04-06 18:36 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-934708141-2903372314-3187024128-1001
2015-12-19 10:22 - 2015-10-03 21:29 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\ViberPC
2015-12-19 10:20 - 2015-04-06 19:48 - 00000852 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-12-19 10:20 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-19 10:20 - 2013-08-22 16:44 - 00518728 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-19 10:18 - 2015-04-06 18:42 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{46203A89-F057-4C3E-A9D9-4999F644CDA0}
2015-12-19 10:14 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2015-12-19 10:08 - 2015-04-06 19:14 - 00000000 ____D C:\ProgramData\Skype
2015-12-18 19:49 - 2015-04-06 19:48 - 00000854 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-12-18 13:27 - 2015-04-06 20:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-18 13:27 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-18 13:25 - 2014-11-21 00:10 - 00000000 ____D C:\Windows\ShellNew
2015-12-18 13:23 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-18 13:22 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-12-18 13:22 - 2013-08-22 15:25 - 00000076 _____ C:\Windows\win.ini
2015-12-18 13:05 - 2015-04-06 18:30 - 00000000 ____D C:\Users\Svetlichka
2015-12-16 20:24 - 2015-05-03 10:52 - 00000000 ____D C:\Windows\system32\appmgmt
2015-12-16 20:21 - 2015-04-06 18:44 - 00000000 ____D C:\Winrar
2015-12-16 19:47 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-16 19:38 - 2015-04-06 18:30 - 00001426 _____ C:\Users\Svetlichka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-16 14:48 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-12-15 20:35 - 2015-04-06 18:47 - 00000000 ____D C:\Users\Svetlichka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-15 19:50 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-12-15 19:26 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-15 19:14 - 2015-04-06 18:49 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-15 18:53 - 2015-08-19 22:43 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-12 22:34 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-12-12 13:50 - 2015-04-07 00:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-12 13:50 - 2015-04-07 00:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-11 16:38 - 2015-04-07 00:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-11 16:38 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-11 16:32 - 2015-04-06 22:49 - 00000000 ____D C:\Windows\system32\MRT
2015-12-11 16:25 - 2015-04-06 22:49 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-11 14:09 - 2015-10-07 15:36 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-11 14:09 - 2015-05-03 10:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-09 15:15 - 2015-11-11 15:15 - 09498816 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-12-09 05:39 - 2015-04-06 23:08 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-07 10:36 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-01 19:19 - 2014-11-21 07:13 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 19:19 - 2014-11-21 07:13 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-27 17:24 - 2015-11-02 12:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2015-12-15 19:32 - 2015-12-15 19:32 - 0000187 _____ () C:\Users\Svetlichka\AppData\Local\Zimremice.exe.config

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-16 20:49

==================== End of FRST.txt ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Извинявам се за закъснението, но имах ангажименти.

 

СТЪПКА 1

 

Изтеглете програмата GeekUninstaller и я запазете на десктопа.

Разархивирайте я и стартирайте файла geek.exe IxXO5oO.jpg
От списъка намерете Camera Style (примера е за Mozilla Firefox, но това е просто за показно).

Кликнете с десен бутон върху програмата и изберете Uninstall
 
XhV2QLa.png

След края на инсталацията ще се отвори прозорец подканващ ви да премахнете всички остатъци от програмата (ако има такива, ако няма този прозорец няма да се появи):

Пример за Mozilla браузъра:

geekuninstaller-3.png

Натиснете бутона Finish за да изтриете останките от програмата.

 

СТЪПКА 2

 

Изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

Пишете и как е положението след стъпките до момента.

 

Поздрави! ;)

 

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

До момента няма разлика, продължават да ми се появяват различни прозорци на браузъра както и такива от сорта на "вие спечелихте 100 000, кликнете тук, за да си ги получите". Имам чувството, че е и по-зле даже. Не може да се влезне в нито 1 сайт от тия прозорци и други сайтове :( Powered by Constant Fun пише на тях, а сайтовете са от сорта на alibaba.com

Редактирано от youandi (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

По-зле няма как да е след като премахнахме стотици заразени обекти. Направете нова проверка с FRST като сложите отметка пред Addition.txt преди да натиснете бутона SCAN и след това прикачете и двата лог файла!

 

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Мда...видях новите зарази. Ще ги премахнем и тях. След 10 мин. скрипта трябва да е готов.

Така...деинсталирайте с помощта на GeekUninstaller програмата Constant Fun.

 

След това изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

Пишете и как е положението след стъпките до момента.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изпълних всички стъпки, но ми се появи папка FRST-OlderVersion. Обнови ли се тази програма, че се появи това ? Всичко е наред вече, не се появява нищо, благодаря

Редактирано от youandi (преглед на промените)
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да направим финални проверки:

 

СТЪПКА 1

 

  • Изтеглете и стартирайтe 6sv1DN9.jpgAdwCleaner.exe.
  • Натиснете бутона Scan.
  • AdwCleaner ще започне да проверява компютъра.
  • След като проверката приключи натиснете бутона Clean.
  • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
  • Ще се появи автоматично лог файл с името (AdwCleaner[C0].txt) в C:\Adwcleaner
  • Публикувайте съдържанието му в следващия си коментар.

 

 

СТЪПКА 2

 

Моля изтеглете icon1448041809.pngJunkware Removal Tool на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

 

СТЪПКА 3

 

Моля изтеглете Malwarebytes Anti-Malware 2.2.0.1024 Final и я запазете на вашия десктоп.

  • Стартирайте файла mbam-setup-2.1.8.1057.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката. Т.е. премахнете първата отметка:

DkgJ7Zr.png

  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.

65ZBqkR.jpg

  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

 

 

СТЪПКА 4

 

1.Изтеглете Hitman Pro.

За 32-битова система - dEMD6.gif.
За 64-битова система - Download-button3.gif

2.Стартирайте програмата.
3.След като сте стартирали програмата като кликнете върху иконата 5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).

4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.
 
Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:
 
6-scanfin-choose.jpg
 
Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:\Programdata\HitmanPro\Logs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

Забележка: Папката C:\ProgramData е скрита и затова трябва да направите скритите файлове видими по-следния начин:

От My Computer => Tools => Folder Options => View:

Сложете отметка пред "Show hidden files, folders and drives"

и махнете отметката пред "Hide protected operating system files (recommended)".

Натиснете Apply.

Сега проверете за лог файла в папката C:\Programdata\HitmanPro\Logs и го прикачете в следващия си коментар. :)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

# AdwCleaner v5.025 - Лог файлът е създаден 20/12/2015 при 23:23:11
# Обновен 13/12/2015 от Xplode
# База данни : 2015-12-13.2 [Сървър]
# Операционна система : Windows 8.1 Enterprise  (x64)
# Потребителско име : Svetlichka - TOSHIBA
# Изпълнява се от : D:\Documents\Downloads\adwcleaner_5.025.exe
# Опция : Изчистване
# Поддръжка : http://toolslib.net/forum

***** [ Сервизи ] *****


***** [ Папки ] *****


***** [ Файлове ] *****


***** [ DLLs ] *****


***** [ Преки пътища ] *****


***** [ Планирани задачи ] *****


***** [ Регистър ] *****

[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\Prod.cap
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\speedupmypc
[-] Ключ Изтрито : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
[-] Ключ Изтрито : HKCU\Software\Mozilla\Extends
[-] Ключ Изтрито : HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Ключ Изтрито : HKCU\Software\Conduit
[-] Ключ Изтрито : HKCU\Software\SimpleFiles
[-] Ключ Изтрито : HKCU\Software\OB
[-] Ключ Изтрито : HKCU\Software\Reg\Clean
[!] Ключ Не е Изтрито : HKCU\Software\Mozilla\Extends
[-] Ключ Изтрито : HKLM\SOFTWARE\Conduit
[-] Ключ Изтрито : HKLM\SOFTWARE\SimpleFiles
[-] Ключ Изтрито : HKLM\SOFTWARE\Uniblue
[-] Ключ Изтрито : HKLM\SOFTWARE\FFPluginHp
[-] Ключ Изтрито : HKLM\SOFTWARE\downchecker
[-] Ключ Изтрито : HKLM\SOFTWARE\Reg\Clean
[-] Ключ Изтрито : HKLM\SOFTWARE\yoursearchingSoftware
[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Ключ Изтрито : [x64] HKLM\SOFTWARE\downchecker

***** [ Уеб браузъри ] *****


*************************

:: "Tracing" ключове отстраняват
:: Настройките на Winsock са нулирани

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2460 байта] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 Enterprise x64
Ran by Svetlichka (Administrator) on 20.12.2015 Ј. at 23:27:15.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 0

 


Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.12.2015 Ј. at 23:29:06.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Svetlichka (2015-12-20 18:58:36) Run:2
Running from D:\Documents\Desktop
Loaded Profiles: Svetlichka (Available Profiles: Svetlichka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
() C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54\Updater.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugincontainer.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\5\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\10\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\8\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\7\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\3\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\2\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\12\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\7\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\3\Plugin.exe
C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54
BHO-x32: Constant Fun -> {9d6b19f5-4a89-4db4-b650-44222af825b0} -> C:\Program Files (x86)\Constant Fun\Extensions\9d6b19f5-4a89-4db4-b650-44222af825b0.dll [2015-12-20] ()
FF user.js: detected! => C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\user.js [2015-12-20]
FF Extension: Constant Fun - C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\Extensions\{0520d40c-d004-44b3-9a58-5ec044a672ea}.xpi [2015-12-19] [not signed]
R2 Service Mgr ConstantFun; C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugincontainer.exe [784096 2015-12-20] () <==== ATTENTION
R2 Update Mgr ConstantFun; C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54\updater.exe [638688 2015-12-20] () <==== ATTENTION
2015-12-20 12:10 - 2015-12-20 14:40 - 00000000 ____D C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54
2015-12-20 12:10 - 2015-12-20 12:10 - 00000000 ____D C:\Program Files (x86)\Constant Fun
2015-12-20 17:55 - 2015-04-06 18:33 - 00000000 ____D C:\Temp
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54\Updater.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugincontainer.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\5\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\10\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\8\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\7\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\3\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\2\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\12\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\7\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\3\Plugin.exe => No running process found
"C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54" => not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d6b19f5-4a89-4db4-b650-44222af825b0} => key not found.
HKCR\Wow6432Node\CLSID\{9d6b19f5-4a89-4db4-b650-44222af825b0} => key not found.
C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\user.js => moved successfully
C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\Extensions\{0520d40c-d004-44b3-9a58-5ec044a672ea}.xpi => not found.
Service Mgr ConstantFun => service not found.
Update Mgr ConstantFun => service not found.
"C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54" => not found.
"C:\Program Files (x86)\Constant Fun" => not found.
C:\Temp => moved successfully

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 365.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:00:10 ====


HitmanPro 3.7.12.253
www.hitmanpro.com

   Computer name . . . . : TOSHIBA
   Windows . . . . . . . : 6.3.0.9600.X64/2
   User name . . . . . . : Toshiba\Svetlichka
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-12-21 00:12:09
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 52s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 9
   Traces  . . . . . . . : 46

   Objects scanned . . . : 1 408 927
   Files scanned . . . . : 30 322
   Remnants scanned  . . : 233 558 files / 1 145 047 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFE001CFAC9DE0
      DriverName . . . . : \Driver\iaStorA
      DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFE001D00142C0 +0
   Solution
      DriverObject . . . : FFFFE001CFAC9DE0
      DriverName . . . . : \Driver\iaStorA
      DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF80082F673C0 \SystemRoot\System32\drivers\storport.sys+9152

Malware _____________________________________________________________________

   C:\FRST\Quarantine\C\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\dripl.exe
      Size . . . . . . . : 855 040 bytes
      Age  . . . . . . . : 0.5 days (2015-12-20 12:08:09)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 19D0CEC7EEE135F06812848641A9B437CA515218067672477827C662EF297A92
    > Bitdefender  . . . : Gen:Variant.Adware.Kazy.696265
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Amonetize.caru
      Fuzzy  . . . . . . : 116.0
      Forensic Cluster
         -4.8s C:\FRST\Quarantine\C\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\
         -4.8s C:\FRST\Quarantine\C\Temp\Temp\tmp4D87.tmp
         -4.5s C:\Windows\ServiceProfiles\LocalService\winhttp\2352278310.cache
          0.0s C:\FRST\Quarantine\C\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\dripl.exe
          1.4s C:\FRST\Quarantine\C\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\dripl.exe.config
         10.8s C:\FRST\Quarantine\C\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\config.conf
         13.4s C:\FRST\Quarantine\C\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\conf.db
         15.4s C:\Users\Svetlichka\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-934708141-2903372314-3187024128-1001\d9fd64fe82e3ca4c7f5401407491128a_7ea157f0-e55d-4fe6-b5a8-aff7d480c517
         17.4s C:\FRST\Quarantine\C\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\setup\
         17.4s C:\FRST\Quarantine\C\Program Files\Dripkick\packages\e284f59b-9bbf-4d0e-8388-206c74c3da6f\setup\Skype_Update.7.12.0.101.exe
         26.4s C:\FRST\Quarantine\C\Temp\Temp\8bf28faa-44af-4be9-8aff-02430a520d1f.json

   C:\FRST\Quarantine\C\Temp\Temp\nsbCD50.exe
      Size . . . . . . . : 489 787 bytes
      Age  . . . . . . . : 2.5 days (2015-12-18 13:02:01)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 8682CD0D45CAF9F68DCC5ECA64A2D615BF2FE39B5BF7EA093895C56D94F00BF6
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.OpenCandy.bh
      Fuzzy  . . . . . . : 116.0
      Forensic Cluster
         -12.7s C:\FRST\Quarantine\C\Temp\Temp\tmp9B12.tmp
         -9.1s C:\Windows\System32\LogFiles\Scm\07aa607d-0dc2-42c3-a7b5-17347967f84f
         -7.1s C:\Users\Svetlichka\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-934708141-2903372314-3187024128-1001\166d82bd2d2eca2b35f8ebe66d4a6fd1_7ea157f0-e55d-4fe6-b5a8-aff7d480c517
         -0.0s C:\FRST\Quarantine\C\Temp\Temp\nsbCD4F.exe
          0.0s C:\FRST\Quarantine\C\Temp\Temp\nsbCD4F.exe.config
          0.0s C:\FRST\Quarantine\C\Temp\Temp\nsbCD50.exe
         11.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\20\9873076B71CE8DB8.dat
         11.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\54\0B2E5F073B0D6CE6.dat
         11.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\31\7B5B8830D57874EF.dat
         13.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\84\B7D23CB5B011B330.dat
         13.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\48\2D556A7A09BC425C.dat
         14.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\2FACCEFBE799DC9564B013A10C1808F3
         17.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\78\47D0B0F29263E7E6.dat
         17.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\21\F86D692881BC2541.dat
         19.2s C:\FRST\Quarantine\C\Temp\Temp\{7FB9A4E3-E020-4D6E-A353-5E2C2D2FC447} - OProcSessId.dat
         19.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\60\88E7091383912BC4.dat
         21.6s C:\FRST\Quarantine\C\Temp\Temp\df67af99-21ac-419d-a4eb-f38fb90f11ff.json
         28.3s C:\Windows\Prefetch\SVCHOST.EXE-93CEEE07.pf
         28.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\45\1C9036760631AB05.dat
         29.1s C:\FRST\Quarantine\C\Temp\Temp\OCP3EC4.tmp
         30.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\29\DDB8F11A79DF52C9.dat
         30.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\12\D2E8AE750E168780.dat
         31.8s C:\FRST\Quarantine\C\Temp\Temp\OCP4963.tmp
         32.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\73\D2F42A42388C80D9.dat
         32.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\CAD1B2F680910698.dat
         32.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\33\F34639351E6B4275.dat
         34.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\05\C9B6D4124CD77AF9.dat
         34.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\54\885EB69A68F70A3E.dat
         34.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\67\B2A986FF8FBFF9DF.dat
         34.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\89\1640A1DF4BBD4245.dat
         34.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\88\034F408AB1D8DA1C.dat
         34.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\74\4C67CBFC0E0F56AA.dat
         34.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\04FE52094CED349C.dat
         34.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\48\FDD42BE00D4C3748.dat
         34.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\11\65776C26E7D4E693.dat
         36.5s C:\FRST\Quarantine\C\Temp\Temp\nsn5BA5.exe

   C:\FRST\Quarantine\C\Temp\Temp\nsq1CC1.exe
      Size . . . . . . . : 489 787 bytes
      Age  . . . . . . . : 0.5 days (2015-12-20 12:08:58)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 8682CD0D45CAF9F68DCC5ECA64A2D615BF2FE39B5BF7EA093895C56D94F00BF6
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.OpenCandy.bh
      Fuzzy  . . . . . . : 116.0
      Forensic Cluster
         -0.0s C:\FRST\Quarantine\C\Temp\Temp\nsq1CC0.exe
          0.0s C:\FRST\Quarantine\C\Temp\Temp\nsq1CC0.exe.config
          0.0s C:\FRST\Quarantine\C\Temp\Temp\nsq1CC1.exe

   C:\FRST\Quarantine\C\Temp\Temp\{38E111CC-4A3C-48DA-AB83-1E4D8A0D3E43}.dll
      Size . . . . . . . : 553 184 bytes
      Age  . . . . . . . : 0.5 days (2015-12-20 12:36:48)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : 5F8C343E46549C69415346E52D2BB8AE7419773AF7E7072B83021078936B57E7
      Version  . . . . . : 1.0.5831.40734
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Adware.BrowseFox.1
      Fuzzy  . . . . . . : 98.0
      Forensic Cluster
         -26.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\09\2621E3B5F451E191.dat
         -26.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\32DD543C82018A59.dat
         -26.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\48\3219B15C6E4C0A6C.dat
         -24.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\46\C13949197CF922CE.dat
         -24.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\22\FF3DA9D2A1D6DAEA.dat
         -20.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\95\9CA2507955C6AFDF.dat
         -20.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\55\0A2722A895222C7F.dat
         -20.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\ECA2E9D35D0593DD.dat
         -20.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\66\A038E89D4357C06E.dat
         -20.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\18\68BEDE5AB3664322.dat
         -20.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\66\45B577B1E207F386.dat
         -20.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\37\E2BB338658859B71.dat
         -20.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\66\DB89524DA5625026.dat
         -18.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\60\13E5E51B3F47E738.dat
         -13.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\70\1F37848736F65A7A.dat
         -12.8s C:\FRST\Quarantine\C\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\user.js.xBAD
         -12.7s C:\FRST\Quarantine\C\Temp\Temp\{EB9776E1-ADAC-4401-B58C-AC048EE0E49B}.xpi
         -7.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\09\4D237A75E8D7B109.dat
         -7.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\85\DC07D5F7C57DB5B9.dat
          0.0s C:\FRST\Quarantine\C\Temp\Temp\{38E111CC-4A3C-48DA-AB83-1E4D8A0D3E43}.dll

   C:\FRST\Quarantine\C\Temp\Temp\{A61AC8E0-9E20-4BEF-9C72-3F7D3F1CA166}.dll
      Size . . . . . . . : 556 768 bytes
      Age  . . . . . . . : 0.4 days (2015-12-20 14:41:50)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : FB4412E0D5E12604B6C89A8A68126786A06AC4868A9FE121FD21ADB3A94545F9
      Version  . . . . . : 1.0.5832.6546
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Adware.BrowseFox.1
      Fuzzy  . . . . . . : 98.0
      Forensic Cluster
         -12.7s C:\FRST\Quarantine\C\Temp\Temp\{CC55129E-7F92-4354-AD35-F33780A7CF99}.xpi
         -6.7s C:\Windows\Prefetch\PLUGIN.EXE-F82F3B22.pf
         -6.7s C:\Windows\Prefetch\PLUGIN.EXE-2260CBEE.pf
         -4.7s C:\Windows\Prefetch\PLUGIN.EXE-6CED3021.pf
         -2.4s C:\Windows\Prefetch\PLUGIN.EXE-64317056.pf
          0.0s C:\FRST\Quarantine\C\Temp\Temp\{A61AC8E0-9E20-4BEF-9C72-3F7D3F1CA166}.dll

   C:\FRST\Quarantine\C\Temp\Temp\{AE1F3ABC-E565-4591-890A-EF20248FBFC9}.dll
      Size . . . . . . . : 553 184 bytes
      Age  . . . . . . . : 0.5 days (2015-12-20 12:17:25)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : 5F8C343E46549C69415346E52D2BB8AE7419773AF7E7072B83021078936B57E7
      Version  . . . . . : 1.0.5831.40734
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Adware.BrowseFox.1
      Fuzzy  . . . . . . : 98.0
      Forensic Cluster
         -31.0s C:\FRST\Quarantine\C\Temp\Temp\fb058f53-bc05-48ee-983d-9fc9d63f1aae.json
         -14.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\03\9E333FC6C8830F07.dat
         -13.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\30\C3EBE1BDC6E51C1A.dat
         -13.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\33\65303898B995DE69.dat
         -12.6s C:\FRST\Quarantine\C\Temp\Temp\tmp95C.tmp
         -11.0s C:\Windows\System32\LogFiles\Scm\10a2a822-dfaf-40e9-9961-012099607c62
         -6.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\78\EFD5B02E729A01E6.dat
         -6.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\20\A200F8AD88923AFC.dat
          0.0s C:\FRST\Quarantine\C\Temp\Temp\{AE1F3ABC-E565-4591-890A-EF20248FBFC9}.dll
          5.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\03\288B9C18FF362963.dat

   C:\FRST\Quarantine\C\Temp\Temp\{BC5BFD76-BED2-4A04-BC08-E71C84BD7107}.dll
      Size . . . . . . . : 556 768 bytes
      Age  . . . . . . . : 0.3 days (2015-12-20 17:45:36)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : FB4412E0D5E12604B6C89A8A68126786A06AC4868A9FE121FD21ADB3A94545F9
      Version  . . . . . : 1.0.5832.6546
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Adware.BrowseFox.1
      Fuzzy  . . . . . . : 98.0
      Forensic Cluster
         -17.7s C:\Windows\Prefetch\CSRSS.EXE-8C04D631.pf
         -17.0s C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{3c77cf0f-63b4-4829-a732-b50679ad90d6}\
         -17.0s C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{3c77cf0f-63b4-4829-a732-b50679ad90d6}\snapshot.etl
         -16.5s C:\Windows\Prefetch\WINLOGON.EXE-8163EECC.pf
         -16.1s C:\Windows\Prefetch\DWM.EXE-AEABE78B.pf
         -16.1s C:\Windows\Prefetch\ATBROKER.EXE-FF58B71D.pf
         -14.5s C:\Windows\Prefetch\ATIECLXX.EXE-19F63085.pf
         -11.1s C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf
         -7.8s C:\Windows\Prefetch\TEAMVIEWER.EXE-381D1066.pf
         -6.2s C:\Windows\Prefetch\USERINIT.EXE-F39AB672.pf
         -5.7s C:\Windows\Prefetch\RAVBG64.EXE-0BA84550.pf
         -4.8s C:\Windows\Prefetch\BOOTSTRAP.EXE-B087E627.pf
          0.0s C:\FRST\Quarantine\C\Temp\Temp\{BC5BFD76-BED2-4A04-BC08-E71C84BD7107}.dll
          1.3s C:\Users\Svetlichka\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-934708141-2903372314-3187024128-1001\ac65531e506649b9d3c755d290217469_7ea157f0-e55d-4fe6-b5a8-aff7d480c517
          2.9s C:\Windows\Prefetch\TV_W32.EXE-0B96649A.pf
          2.9s C:\Windows\Prefetch\TV_X64.EXE-E398BC90.pf
          3.8s C:\Users\Svetlichka\AppData\LocalLow\uTorrent\
          3.8s C:\Users\Svetlichka\AppData\LocalLow\uTorrent\uTorrent_4684_002EF018_1011318942
          4.0s C:\Users\Svetlichka\AppData\LocalLow\uTorrent\uTorrent_4684_002EE780_1575700261
          5.5s C:\Users\Svetlichka\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4CB4DDEFFD68D5306BA7E9163A2CC0C6
          5.5s C:\Users\Svetlichka\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4CB4DDEFFD68D5306BA7E9163A2CC0C6
          6.0s C:\Windows\Prefetch\ISMAGENT.EXE-486EC459.pf
          6.1s C:\Windows\Prefetch\RUNONCE.EXE-21038459.pf
          6.4s C:\Windows\Prefetch\RAVCPL64.EXE-61B16716.pf
          6.9s C:\FRST\Quarantine\C\Temp\Temp\34165f3b-e0d2-40f8-9211-2487f43683ee.json
          7.7s C:\Windows\Prefetch\MOBSYNC.EXE-D8BC6ED2.pf
         35.1s C:\Windows\Prefetch\RUNTIMEBROKER.EXE-A02FF048.pf
         38.3s C:\Windows\Prefetch\UPDATER.EXE-2B61A9D6.pf

   C:\FRST\Quarantine\C\Temp\Temp\{F73907D6-E165-4C0C-9240-A2EC2B5570F4}.dll
      Size . . . . . . . : 553 184 bytes
      Age  . . . . . . . : 0.5 days (2015-12-20 12:12:08)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : 5F8C343E46549C69415346E52D2BB8AE7419773AF7E7072B83021078936B57E7
      Version  . . . . . : 1.0.5831.40734
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Adware.BrowseFox.1
      Fuzzy  . . . . . . : 98.0

   C:\ProgramData\KMSAutoS\bin\KMSSS.exe
      Size . . . . . . . : 304 760 bytes
      Age  . . . . . . . : 4.2 days (2015-12-16 19:33:47)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : 4C8C3BED3D9E8F48800065E4AC024AEF237861AAA37443D4B00B98569D83AEEA
      Product  . . . . . : KMS Server Emulator Service (XP)
      Publisher  . . . . : MDL Forum, mod by Ratiborus
      Description  . . . : KMS Server Emulator Service (XP)
      Version  . . . . . : 1.2.1.0
      Copyright  . . . . : MDL Forum, mod by Ratiborus
      RSA Key Size . . . : 1024
      LanguageID . . . . : 1033
      Authenticode . . . : Self-signed
    > Bitdefender  . . . : Trojan.GenericKD.2875703
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -1.0s C:\ProgramData\KMSAutoS\
         -0.4s C:\ProgramData\KMSAutoS\bin\
          0.0s C:\ProgramData\KMSAutoS\bin\KMSSS.exe
          0.0s C:\ProgramData\KMSAutoS\bin\TunMirror2.exe
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\ptun0901.cat
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\OemVista.inf
          0.4s C:\ProgramData\KMSAutoS\bin\driver\
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.cat
          0.4s C:\ProgramData\KMSAutoS\bin\driver\oas_sert.cer
          0.4s C:\ProgramData\KMSAutoS\bin\driver\tap0901.cer
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.inf
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.inf
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\devcon.exe
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\ptun0901.sys
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\devcon.exe
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WdfCoInstaller01009.dll
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.dll
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.sys
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\WinDivert.sys
          0.4s C:\ProgramData\KMSAutoS\bin\driver\x64WDV\FakeClient.exe
          0.5s C:\ProgramData\KMSAutoS\KMSAuto Net.exe
          0.5s C:\ProgramData\KMSAutoS\kmsauto.ini
          0.6s C:\Windows\System32\Tasks\KMSAutoNet


Suspicious files ____________________________________________________________

   C:\Users\Svetlichka\AppData\Roaming\uTorrent\uTorrent.exe
      Size . . . . . . . : 2 026 520 bytes
      Age  . . . . . . . : 258.2 days (2015-04-06 19:05:34)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 22FF84541E3FA15150E95658010EBD09BD928EA64903D14ADC5FEA8FE7B8ADA3
      Product  . . . . . : µTorrent
      Publisher  . . . . : BitTorrent Inc.
      Description  . . . : µTorrent
      Version  . . . . . : 3.4.5.41372
      Copyright  . . . . : ©2015 BitTorrent, Inc. All Rights Reserved.
      RSA Key Size . . . : 2048
      Parent Name  . . . : C:\Windows\Explorer.EXE
      LanguageID . . . . : 1033
      Authenticode . . . : Self-signed
      Running processes  : 4644
      Fuzzy  . . . . . . : 26.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Program is code self-signed.
         This program is actively listening for inbound network connections.
         Uses the Windows Registry to run each time the user logs on.
         Program starts automatically without user intervention.
         The file is in use by one or more active processes.
      Startup
         HKU\S-1-5-21-934708141-2903372314-3187024128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uTorrent
      References
         C:\Users\Svetlichka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
         C:\Users\Svetlichka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torrent\µTorrent.lnk
      Network Ports
         0.0.0.0:61769    
         127.0.0.1:10000    


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Wow6432Node\Systweak\ (AdvSysProtector)
   HKLM\SYSTEM\ControlSet001\Services\EventLog\Application\RndService\ (Amonetize)
   HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\RndService\ (Amonetize)
   HKU\S-1-5-21-934708141-2903372314-3187024128-1001\Software\systweak\ (AdvSysProtector)

Cookies _____________________________________________________________________

   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\2M0K1OZ2.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\33TA5IYM.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\3NA1AOIX.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\78UUNG78.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\C0B1ZLRF.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\DQWK2ETF.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\GTA871RW.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\H12ISTZJ.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\I1932SIT.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\IACIN6Z6.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\JL48E8GT.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\JOHH3W23.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\MA5L0HJM.txt
   C:\Users\Svetlichka\AppData\Local\Microsoft\Windows\INetCookies\O40T03NT.txt
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:adform.net
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:adnxs.com
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:ads.bg-mamma.com
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:ads.kaldata.com
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:adx.adform.net
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:bs.serving-sys.com
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:dmp.adform.net
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:doubleclick.net
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:imrworldwide.com
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:serving-sys.com
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:smartadserver.com
   C:\Users\Svetlichka\AppData\Roaming\Mozilla\Firefox\Profiles\g0h7wdu6.default-1450380684334\cookies.sqlite:turn.com


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Липсва само лог файла от Malwarebytes Anti-Malware. Вместо него сте публикували fixlog.txt.

Нека да видя и него и ще ви дам финални наставления. :)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 2 часа, B-boy/StyLe/ написа:

От My Computer => Tools => Folder Options => View:

Сложете отметка пред "Show hidden files, folders and drives"

и махнете отметката пред "Hide protected operating system files (recommended)".

Натиснете Apply.

Сега проверете за лог файла в папката C:\Programdata\HitmanPro\Logs и го прикачете в следващия си коментар. :)

Папките са ми открити, така видях, че е в настройките, но такъв файл нямаше

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 19 часа, B-boy/StyLe/ написа:

Но вие цитирате инструкциите за HitmanPro, за който вече сте дали лог...липсва лог от стъпка 3. :)

Програмата ми е на български, а Вие сте ми дали инструкции на английски и може би затова така се е получило :(

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ами просто стартирайте програмата и отидете на Сканиране и изберете Сканиране на заплахи. След като проверката приключи натиснете Приложи действията. След това отидете до табът Хронология => Дневници => отворете лог файла (Scan Log, не Protection Log) и копирайте съдържанието му в следващия си коментар.

За повече информация вижте тук на български - сайта на колегата ни tigertron => http://tigertron.free.bg/mbam.htm

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Извинявам се за забавянето, но имах работа днес :)

Malwarebytes Anti-Malware
www.malwarebytes.org

Дата на сканиране: 22.12.2015 г.
Час на сканиране: 22:01
Дневник: Scan Log 1.txt
Администратор: Да

Версия: 2.2.0.1024
База от данни за злонамерен софтуер: v2015.12.22.06
База от данни за рууткити: v2015.12.18.01
Лиценз: Безплатен
Защита от злонамерен софтуер: Забранено
Защита от злонамерени страници: Забранено
Самозащита: Забранено

ОС: Windows 8.1
Процесор: x64
Файлова система: NTFS
Потребител: Svetlichka

Тип сканиране: Сканиране за заплахи
Резултат: Завършено
Сканиране обекти: 339462
Изминало време: 28 мин. 31 сек.

Памет: Разрешено
Начално стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
Рууткити: Разрешено
Дълбоко сканиране за рууткити: Разрешено
Евристика: Разрешено
ПНП: Разрешено
ПНИ: Разрешено

Процеси: 0
(Не бяха открити злонамерени обекти)

Модули: 0
(Не бяха открити злонамерени обекти)

Ключове в системния регистър: 0
(Не бяха открити злонамерени обекти)

Стойности в системния регистър: 0
(Не бяха открити злонамерени обекти)

Данни в системния регистър: 0
(Не бяха открити злонамерени обекти)

Папки: 0
(Не бяха открити злонамерени обекти)

Файлове: 0
(Не бяха открити злонамерени обекти)

Физически сектори: 0
(Не бяха открити злонамерени обекти)


(end)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ето и последната стъпка:

След това изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

След това вижте финалните ми инструкции тук.

Поздрави и приятни почивни дни! :despicable-me-2-minion-4:

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Svetlichka (2015-12-23 00:24:19) Run:3
Running from D:\Documents\Desktop
Loaded Profiles: Svetlichka (Available Profiles: Svetlichka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Systweak
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\RndService
DeleteKey: HKU\S-1-5-21-934708141-2903372314-3187024128-1001\Software\systweak
end
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Wow6432Node\Systweak => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\RndService => key removed successfully
HKU\S-1-5-21-934708141-2903372314-3187024128-1001\Software\systweak => key removed successfully

==== End of Fixlog 00:24:38 ====

Изпълних всичко до инсталирането на CryptoPrevent и доколкото разбрах това е достатъчно от обяснението :)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 39 минути, youandi написа:

Изпълних всичко до инсталирането на CryptoPrevent и доколкото разбрах това е достатъчно от обяснението :)

Всеки преценява сам за себе си до къде да изпълни инструкциите според нуждите и способностите си. :)

Поздрави и весело посрещане на празниците! christmas-carols-smiley-emoticon.gif.60b

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 14 минути, B-boy/StyLe/ написа:

Всеки преценява сам за себе си до къде да изпълни инструкциите според нуждите и способностите си. :)

Поздрави и весело посрещане на празниците! christmas-carols-smiley-emoticon.gif.60b

 

Благодаря за всичко и весело посрещане на празниците и на вас :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Подобни теми

    • от kalinm
      Здравейте,
      Имам проблем с JRT и AdwCleaner. Имам ги и двете, но не могат да се стартират. Като щракна в папката на AdwCleaner, се затваря файловия мениджър (експлорер) и не мога да достигна до .ехе файла. Същото се случва и когато отида на страницата за изтегляне на AdwCleaner. Явно имам някаква зараза. Това се случи, след сваляне на една програма  и се накачиха вируси, които засече Windows Defender и уж ги изчисти, но това остана като проблем.
      Промени се и началната страница за зареждане на мозилата, но го оправих. Дори текстов файл, в заглавието на който има име AdwCleaner не се отворя. По някакъв начин един път успях да отворя програмата AdwCleaner и сканирам компа, която откри доста неща, които  видях в лог файла след сканирането, че са премахнати и докато се наканих да го запаша в друга директория, той се затвори и се е записал в папката на AdwCleaner, която не мога да отворя. Добре че първия текстов лог файл при първоначалното сканиране записах какво е открил, но го преименувах с име промяна.txt , защото с име AdwCleaner(...).тхт не се отваря. Прикачвам го.
      JRT уж се стартира, но приключва без видимо стартиране.
      Въпросът ми е, може ли да ми помогнете с решаването на този проблем.
      За всеки случай, моят Е-майл: kalinm@gbg.bg. Използвам лицензиран Windows 10 Home, който актуализирах да последната версия 1803 на 7 май.
      Интересното е, че и точките за възстановяване на системата ги няма. Все едно че тази опция не е избирана, т.е. казва ми да включа опцията за възстановяване. А беше включена...
      Дефендера казва, че няма вируси, но явно има нещо много нередно.
      А не ми се иска да преинсталирам
      В момента не разполагам с компакт диск за операционната система WINDOWS 10 Home 64 bit for OEM версия 1511, тъй като съм в друго населено място. Имам диск дори и втори, който създадох миналата година с по-новата версия  1607, но не са при мен, но разполагам с  Регистрационния 25-знаков продуктов ключ. Сега съм с Windows 10 Home последната версия 1803, който обнових, но след заразата.
    • от Rustislav Petrov
      Здравейте, от някакво време забелязвам, че компютърът ми започва да се натоварва и вентилаторите бучат по-силно като го оставя да стои без да го пипам да кажем след около 30 мин, също някой път много ми забива, отварям си Task Manager-а и най-натоварващата програма откъм диск и рам е мозилата, която със отворен 1 таб на ютюб и 1 таб facebook ми точи около 3гб рам(което мисля че е твърде много)
      Addition.txt
      FRST.txt
    • от v3cko
      Здравейте , напоследък много често през хром ми дава че е засечен необичаен трафик и да потвърдя че не съм робот
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.04.2018
      Ran by USER (administrator) on NB4-031017 (04-05-2018 10:28:50)
      Running from C:\Users\USER\Downloads
      Loaded Profiles: USER (Available Profiles: USER)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Английски (Съединени щати)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Hewlett-Packard) C:\Windows\System32\hpservice.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
      (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
      (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
      (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
      (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
      (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      (Skillbrains) C:\Program Files\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
      () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
      HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
      HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-14] (Synaptics Incorporated)
      HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)
      HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
      HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-06-29] (Adobe Systems Incorporated)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-05] (AVAST Software)
      HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
      Winlogon\Notify\ScCertProp: wlnotify.dll [X]
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: G - G:\Lenovo_Suite.exe
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: {2266d480-0128-11e8-9d2e-002713343a56} - G:\Lenovo_Suite.exe
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: {b041fd1c-4532-11e8-ad0d-f4ce46ad0471} - G:\HiSuiteDownLoader.exe
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-10-03]
      ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{536A229A-CF6B-40F3-A422-B91758B05919}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{B985E446-CCC9-4317-97EE-CC040A2A18B2}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.bg/
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
      FireFox:
      ========
      FF ProfilePath: C:\Users\USER\AppData\Roaming\K-Meleon\y7sqykvz.default [2018-05-04]
      FF user.js: detected! => C:\Users\USER\AppData\Roaming\K-Meleon\y7sqykvz.default\user.js [2006-04-06]
      FF Homepage: K-Meleon\y7sqykvz.default -> google.bg
      FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-12] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
      FF Plugin: @photodex.com/PhotodexPresenter -> C:\Program Files\Photodex Presenter\npPxPlay.dll [No File]
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-24] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-24] (Google Inc.)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
      Chrome: 
      =======
      CHR HomePage: Default -> hxxp://google.bg/
      CHR StartupUrls: Default -> "hxxps://www.google.bg/"
      CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2018-05-04]
      CHR Extension: (Презентации) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-24]
      CHR Extension: (Документи) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-24]
      CHR Extension: (Google Диск) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-03]
      CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-03]
      CHR Extension: (Chrome Cleaner Pro) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2018-04-20]
      CHR Extension: (Adblock Plus) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27]
      CHR Extension: (Таблици) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-24]
      CHR Extension: (Google Документи офлайн) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-03]
      CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-04-07]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
      CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-03]
      CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02]
      CHR HKLM\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-05] (AVAST Software)
      S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
      S4 ScsiAccess; C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 AIDA64Driver; D:\_Install\AIDA64 Extreme Edition 5.80.4000\kerneld.x32 [44176 2016-10-24] ()
      R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-04-05] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-04-05] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-04-12] (AVAST Software)
      R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100544 2018-04-05] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-04-05] (AVAST Software)
      R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783600 2018-04-05] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-04-05] (AVAST Software)
      R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-04-05] (AVAST Software)
      R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-04-05] (AVAST Software)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2017-10-03] (Disc Soft Ltd)
      S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
      R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [27872 2017-01-11] (LogMeIn, Inc.)
      R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
      R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1805872 2009-07-01] ()
      S4 LMIRfsClientNP; no ImagePath
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-05-04 10:28 - 2018-05-04 10:29 - 000012608 _____ C:\Users\USER\Downloads\FRST.txt
      2018-05-04 10:28 - 2018-05-04 10:28 - 002066432 _____ (Farbar) C:\Users\USER\Downloads\FRST.exe
      2018-05-04 10:28 - 2018-05-04 10:28 - 000000000 ____D C:\FRST
      2018-05-04 00:41 - 2018-05-04 10:00 - 000000000 ____D C:\Users\USER\AppData\Local\Puffin
      2018-05-04 00:41 - 2018-05-04 00:41 - 000000937 _____ C:\Users\Public\Desktop\Puffin.lnk
      2018-05-04 00:41 - 2018-05-04 00:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puffin Browser
      2018-05-04 00:40 - 2018-05-04 00:41 - 000000000 ____D C:\Program Files\Puffin
      2018-05-03 22:47 - 2018-05-03 22:51 - 068539808 _____ (CloudMosa, Inc. ) C:\Users\USER\Downloads\PuffinBetaSetup.exe
      2018-05-02 21:46 - 2018-05-02 21:46 - 000218295 _____ C:\Users\USER\Downloads\14415951001_20180501_1245790475.pdf
      2018-05-02 16:25 - 2018-05-02 16:25 - 000408064 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-05-02 01:17 - 2018-05-02 01:17 - 000109280 _____ C:\Users\USER\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-05-02 01:11 - 2018-05-02 01:11 - 000001264 _____ C:\Users\Public\Desktop\Skype.lnk
      2018-05-02 01:11 - 2018-05-02 01:11 - 000000000 ____D C:\Users\USER\AppData\Roaming\Skype
      2018-05-02 01:11 - 2018-05-02 01:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      2018-05-02 01:09 - 2018-05-02 01:11 - 018529206 _____ (Skype Technologies S.A.) C:\Users\USER\Downloads\Непотвърдено 702826.crdownload
      2018-05-02 01:09 - 2018-05-02 01:10 - 062741696 _____ (Skype Technologies S.A.) C:\Users\USER\Downloads\Skype-8.20.0.9.exe
      2018-04-28 12:22 - 2018-04-28 12:22 - 000001194 _____ C:\Users\Public\Desktop\Easy2Convert JPG to DDS.lnk
      2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\Users\USER\AppData\Roaming\Easy2Convert
      2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy2Convert Software
      2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\Program Files\Easy2Convert Software
      2018-04-28 12:20 - 2018-04-28 12:20 - 003340649 _____ (Easy2Convert Software ) C:\Users\USER\Downloads\jpg2dds.exe
      2018-04-28 12:18 - 2018-04-28 12:18 - 000162944 _____ C:\Users\USER\Downloads\XRG_Nikaz_Sport_R34.dds
      2018-04-28 06:02 - 2018-04-28 06:02 - 000029105 _____ C:\Users\USER\Downloads\XRGT_Alloy2.7z
      2018-04-28 05:35 - 2018-04-28 05:35 - 000000132 _____ C:\Users\USER\Downloads\XRG_BL1_HL_133550.set
      2018-04-28 05:24 - 2018-04-28 05:24 - 000000132 _____ C:\Users\USER\Downloads\XRG_BL1_HL_132690.set
      2018-04-27 20:03 - 2018-04-27 20:03 - 000417869 _____ C:\Users\USER\Downloads\mustang-sport.rar
      2018-04-27 20:02 - 2018-04-27 20:02 - 000474539 _____ C:\Users\USER\Downloads\Непотвърдено 315132.crdownload
      2018-04-27 20:02 - 2018-04-27 20:02 - 000474539 _____ C:\Users\USER\Downloads\Непотвърдено 122074.crdownload
      2018-04-21 23:38 - 2018-04-23 18:54 - 006268764 _____ C:\Users\USER\Documents\NB4-031017.arn
      2018-04-21 23:32 - 2018-04-21 23:32 - 000735888 _____ (Sysinternals - www.sysinternals.com) C:\Users\USER\Downloads\autoruns.exe
      2018-04-21 15:16 - 2017-06-30 11:30 - 000002111 _____ C:\Users\USER\Documents\XFG.cfg_v2
      2018-04-21 15:16 - 2016-01-20 10:53 - 000001528 _____ C:\Users\USER\Documents\XFG.cfg
      2018-04-21 14:38 - 2018-04-21 14:39 - 012258354 _____ C:\Users\USER\Downloads\BMW_M4_14 LB BY MARK.rar
      2018-04-21 11:28 - 2018-04-21 11:28 - 000012006 _____ C:\Users\USER\Downloads\DiscATEST.zip
      2018-04-20 19:08 - 2018-04-20 19:09 - 000000782 _____ C:\DelFix.txt
      2018-04-20 18:10 - 2018-04-20 18:10 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-04-20 18:10 - 2018-03-19 12:57 - 000058656 _____ C:\Windows\system32\Drivers\mbae.sys
      2018-04-20 18:08 - 2018-04-20 18:09 - 073430920 _____ (Malwarebytes ) C:\Users\USER\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4792.exe
      2018-04-14 19:26 - 2018-04-14 19:26 - 001254569 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R12.exe
      2018-04-13 21:28 - 2018-04-13 21:28 - 000001704 _____ C:\Users\USER\Documents\1.txt
      2018-04-09 23:16 - 2018-04-09 23:16 - 001018015 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R11.exe
      2018-04-09 10:31 - 2018-04-09 10:31 - 000000000 ____D C:\Users\USER\AppData\Roaming\Nero
      2018-04-09 07:37 - 2018-04-09 07:37 - 000972765 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R10.exe
      2018-04-07 15:06 - 2018-04-08 07:53 - 000000000 ____D C:\Users\USER\Documents\My Games
      2018-04-07 15:05 - 2018-04-07 15:05 - 000000000 ____D C:\Users\USER\AppData\Roaming\Microsoft Games
      2018-04-07 15:03 - 2018-04-07 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
      2018-04-07 06:57 - 2018-04-07 06:57 - 000974910 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R9.exe
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000413 _____ C:\Users\USER\AppData\Local\UserProducts.xml
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000000 ____D C:\Program Files\Skillbrains
      2018-04-07 06:54 - 2018-04-07 06:54 - 002731128 _____ (Skillbrains ) C:\Users\USER\Downloads\setup-lightshot.exe
      2018-04-06 10:36 - 2018-04-06 10:36 - 000974764 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R8.exe
      2018-04-06 09:51 - 2018-04-06 09:51 - 003148854 _____ C:\Users\USER\Downloads\cheats.bmp
      2018-04-05 10:06 - 2018-04-05 10:06 - 000320728 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-05-04 07:45 - 2018-01-24 22:57 - 000000000 ____D C:\LFS
      2018-05-04 00:41 - 2018-02-26 19:19 - 000000000 ____D C:\Users\USER\AppData\Local\CrashDumps
      2018-05-03 16:48 - 2017-10-03 14:33 - 000000277 _____ C:\ProgramData\HPWALog.txt
      2018-05-03 16:30 - 2009-07-14 07:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-05-03 16:30 - 2009-07-14 07:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-05-03 16:22 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-05-02 17:32 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\NDF
      2018-05-02 16:31 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-05-02 16:31 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-05-02 03:27 - 2017-10-03 14:10 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-05-02 03:27 - 2017-10-03 14:10 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-05-01 16:43 - 2018-03-10 17:08 - 000000000 ____D C:\Users\USER\AppData\Local\PrivaZer
      2018-04-20 11:34 - 2009-07-14 07:53 - 000032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2018-04-15 14:58 - 2017-10-03 15:09 - 000000000 ____D C:\Users\USER\AppData\Roaming\MPC-HC
      2018-04-12 22:07 - 2017-10-03 16:08 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2018-04-10 22:02 - 2017-10-03 14:07 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-04-10 22:02 - 2017-10-03 14:07 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-04-10 22:02 - 2017-10-03 14:07 - 000000000 ____D C:\Windows\system32\Macromed
      2018-04-07 14:08 - 2018-03-23 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Producer
      2018-04-05 10:06 - 2018-01-24 20:07 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000783600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000152344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000100544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      ==================== Files in the root of some directories =======
      2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\AtStart.txt
      2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\DSwitch.txt
      2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\QSwitch.txt
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000003 _____ () C:\Users\USER\AppData\Local\updater.log
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000413 _____ () C:\Users\USER\AppData\Local\UserProducts.xml
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-04-28 21:03
      ==================== End of FRST.txt ============================
      Addition.txt
    • от mamasve
      Здравейте , 
      имам вирус на компютъра , който постоянно ми инсталира икона на десктопа Panda viewer и когато отворя който и да е браузър започва да ме пренасочва към всевъзможни сайтове и практически не мога да си ползвам компа вече . Помощ , моля ! 
    • от AHybuC
      Здравейте!
      От тази сутрин не съм способен нормално да стартирам компютъра си. Веднага щом зареди Windows-a, появява се прозорче, в което пише "Windows has encountered a critical problem and will restart automatically in one minute" и както съобщението гласи, след една минута се рестартирва компютъра. Понякога дори се появява директно синия екран, още преди да е успял да зареди Windows-a, с код на грешката 0x000000F4. Направих пълно сканиране с Malwarebytes и Kaspersky Rescue CD 10, отстраниха проблемите, които откриха, но проблемът с рестартирването е все още присъстващ. Редно е да спомена, че в Safe Mode не изпитвам автоматични рестартирвания. Също така, премахнах отметката от Startup and Recovery -> System Failure -> Automatically Restart, но продължават да са налични рестартирванията, само че отметката я бях премахнал, докато бях в Safe Mode. Не знам дали това е от значение, но все пак исках да спомена това.
       
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15.04.2018
      Ran by IvailoCOMP (administrator) on IVAILOCOMP-PC (18-04-2018 19:02:33)
      Running from C:\Users\IvailoCOMP\Desktop
      Loaded Profiles: IvailoCOMP (Available Profiles: IvailoCOMP)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
      Internet Explorer Version 11 (Default browser: FF)
      Boot Mode: Safe Mode (with Networking)
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
      (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [] => [X]
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\...\Policies\Explorer: [NoSMBalloonTip] 0
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\..\Interfaces\{1290CD49-798E-4B6B-9CB6-A0F176F07BD0}: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Internet Explorer:
      ==================
      BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
      BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-12] (Oracle Corporation)
      BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll => No File
      BHO: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)
      BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-12] (Oracle Corporation)
      BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
      Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
      FireFox:
      ========
      FF ProfilePath: C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default [2018-04-18]
      FF Homepage: Mozilla\Firefox\Profiles\qhtq97on.default -> google.bg
      FF NewTab: Mozilla\Firefox\Profiles\qhtq97on.default -> about:home
      FF Session Restore: Mozilla\Firefox\Profiles\qhtq97on.default -> is enabled.
      FF NewTabOverride: Mozilla\Firefox\Profiles\qhtq97on.default -> Enabled: newtaboverride@agenedia.com
      FF Extension: (Adblocker X) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\@adblock57.xpi [2018-04-11]
      FF Extension: (MEGA) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\firefox@mega.co.nz.xpi [2018-04-13]
      FF Extension: (UniverseView Extension) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\firefox@universeview.ext.xpi [2017-03-01]
      FF Extension: (h264ify) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\jid1-TSgSxBhncsPBWQ@jetpack.xpi [2017-08-03]
      FF Extension: (New Tab Override) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\newtaboverride@agenedia.com.xpi [2018-02-04]
      FF Extension: (Greasemonkey) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-03-17]
      FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\features\{15eba6de-45fd-4321-9dcb-85b0a795c148}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-08] [Legacy]
      FF SearchPlugin: C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\searchplugins\yahoo-lavasoft.xml [2016-07-21]
      FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
      FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-09-28] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-11] ()
      FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-12] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-12] (Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll [2017-03-22] (Nexon)
      FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
      FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
      FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll [No File]
      FF Plugin: @Webzen.com/NPBrowserExt -> C:\Program Files\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll [2012-03-27] (WEBZEN)
      FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
      FF Plugin HKU\S-1-5-21-1339006810-3010099187-1440784813-1001: @fancyguo.com/FancyGame,version=1.0.0.1 -> C:\Users\IvailoCOMP\AppData\Local\Fancy\npfancygame.dll [2015-05-10] (Hongfeng Hengyu (Beijing) Tech Ltd.)
      FF Plugin HKU\S-1-5-21-1339006810-3010099187-1440784813-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\IvailoCOMP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-13] (Unity Technologies ApS)
      FF Plugin HKU\S-1-5-21-1339006810-3010099187-1440784813-1001: xyzgl-plugin@xyz-soft.com -> C:\Program Files\Alfheim\npxyzgl.dll [2012-06-13] (XYZ-SOFT Inc.)
      Chrome:
      =======
      CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S2 CachemanService; C:\Program Files\Cacheman\CachemanServ.exe [210944 2009-05-16] (Outertech) [File not signed]
      S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [382504 2017-05-17] (EasyAntiCheat Ltd)
      S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1353720 2015-07-08] (ESET)
      S2 EslWireHelper; D:\Games\EslWire\service\WireHelperSvc.exe [614416 2014-01-28] ()
      S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [133632 2012-07-25] (Microsoft Corporation) [File not signed]
      S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [930240 2016-06-14] (NVIDIA Corporation)
      R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2283432 2017-06-29] (LogMeIn Inc.)
      S2 HiPatchService; D:\Program Files\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-11] (Hi-Rez Studios) [File not signed]
      S2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [405424 2016-05-27] (LogMeIn, Inc.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes)
      S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [239880 2016-03-11] (McAfee, Inc.)
      S3 npggsvc; C:\Windows\system32\GameMon.des [5284208 2013-10-30] (INCA Internet Co., Ltd.)
      S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
      S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2904000 2016-06-14] (NVIDIA Corporation)
      S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016704 2016-06-14] (NVIDIA Corporation)
      S2 OracleOraDb11g_home1TNSListener; D:\app\IvailoCOMP\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe [512000 2010-03-31] (Oracle Corporation) [File not signed]
      S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [1453384 2018-04-08] (Overwolf LTD)
      S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2014-10-13] ()
      S3 Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [94208 2012-07-25] (Microsoft Corporation) [File not signed]
      S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 1394hub; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
      S3 apf004; C:\Windows\system32\apf004.sys [15112 2015-02-14] ()
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-11-22] (DT Soft Ltd)
      S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202704 2015-07-14] (ESET)
      S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [144536 2015-07-14] (ESET)
      S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [132152 2015-07-14] (ESET)
      R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [31008 2015-02-12] (<Turtle Entertainment>)
      S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [42496 2007-05-15] (Eugene V. Muzychenko) [File not signed]
      R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [167656 2018-04-18] (Malwarebytes)
      S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40160 2018-04-18] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-04-18] (Malwarebytes)
      S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26048 2016-06-14] (NVIDIA Corporation)
      S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-04-14] (NVIDIA Corporation)
      S3 SDGame; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
      S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [63352 2006-07-05] (Protection Technology (StarForce))
      S0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [59776 2006-08-11] (Protection Technology (StarForce))
      S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [33664 2016-03-11] (The OpenVPN Project)
      S3 VSPerfDrv110; C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [55416 2012-07-13] (Microsoft Corporation)
      U4 CiSvc; no ImagePath
      U4 Messenger; no ImagePath
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-04-18 19:02 - 2018-04-18 19:04 - 000014732 _____ C:\Users\IvailoCOMP\Desktop\FRST.txt
      2018-04-18 19:02 - 2018-04-18 19:02 - 000000000 ____D C:\FRST
      2018-04-18 19:01 - 2018-04-18 19:02 - 001763840 _____ (Farbar) C:\Users\IvailoCOMP\Desktop\FRST.exe
      2018-04-18 18:29 - 2018-04-18 18:55 - 000040160 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-04-18 18:29 - 2018-04-18 18:29 - 000167656 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-04-18 18:28 - 2018-04-18 18:28 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-04-18 18:28 - 2018-04-18 18:28 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-04-18 18:28 - 2018-04-18 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-04-18 18:28 - 2018-04-18 18:28 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-04-18 18:28 - 2018-04-18 18:28 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-04-18 18:28 - 2018-03-19 12:57 - 000058656 _____ C:\Windows\system32\Drivers\mbae.sys
      2018-04-18 18:27 - 2018-04-18 18:27 - 073254968 _____ (Malwarebytes ) C:\Users\IvailoCOMP\Desktop\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4766.exe
      2018-04-18 18:22 - 2018-04-18 18:22 - 000001270 _____ C:\Users\IvailoCOMP\Desktop\asda.lnk
      2018-04-18 18:04 - 2018-04-18 18:07 - 000005192 _____ C:\Users\IvailoCOMP\Desktop\Rkill.txt
      2018-04-18 17:54 - 2018-04-18 17:54 - 000003408 ____N C:\bootsqm.dat
      2018-04-18 17:52 - 2018-04-18 17:52 - 000000000 __SHD C:\found.000
      2018-04-18 17:37 - 2018-04-18 17:37 - 000151072 _____ C:\Windows\Minidump\041818-20997-01.dmp
      2018-04-18 17:11 - 2018-04-18 17:11 - 000151312 _____ C:\Windows\Minidump\041818-23821-01.dmp
      2018-04-18 13:42 - 2018-04-18 20:07 - 000000000 ____D C:\Kaspersky Rescue Disk 10.0
      2018-04-18 10:33 - 2018-04-18 10:33 - 000001261 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 18.lnk
      2018-04-18 10:33 - 2018-04-18 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
      2018-04-18 10:26 - 2018-04-18 10:33 - 000000221 _____ C:\Users\Public\Desktop\Ashampoo Deals.url
      2018-04-18 10:26 - 2018-04-18 10:33 - 000000000 ____D C:\ProgramData\Ashampoo
      2018-04-18 10:14 - 2018-04-18 10:18 - 338960384 _____ C:\Users\IvailoCOMP\Desktop\kav_rescue_10.iso
      2018-04-18 10:12 - 2018-04-18 10:12 - 000001270 _____ C:\Users\IvailoCOMP\Desktop\shutdown.exe.lnk
      2018-04-18 10:11 - 2018-04-18 18:54 - 000424982 _____ C:\Windows\ntbtlog.txt
      2018-04-18 10:10 - 2018-04-18 10:10 - 000000000 _____ C:\Users\IvailoCOMP\Desktop\New shortcut.lnk
      2018-04-18 09:57 - 2018-04-18 09:57 - 000151696 _____ C:\Windows\Minidump\041818-19999-01.dmp
      2018-04-18 09:54 - 2018-04-18 09:54 - 000151696 _____ C:\Windows\Minidump\041818-18954-01.dmp
      2018-04-18 09:40 - 2018-04-18 17:37 - 286301067 _____ C:\Windows\MEMORY.DMP
      2018-04-18 09:40 - 2018-04-18 17:37 - 000000000 ____D C:\Windows\Minidump
      2018-04-18 09:40 - 2018-04-18 09:40 - 000152656 _____ C:\Windows\Minidump\041818-29546-01.dmp
      2018-04-16 10:43 - 2018-03-31 04:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
      2018-04-16 10:43 - 2018-03-31 04:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-04-16 10:43 - 2018-03-31 04:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
      2018-04-16 10:43 - 2018-03-31 04:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
      2018-04-16 10:43 - 2018-03-31 04:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
      2018-04-16 10:43 - 2018-03-31 04:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
      2018-04-16 10:43 - 2018-03-31 04:39 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
      2018-04-16 10:43 - 2018-03-31 04:12 - 001310480 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
      2018-04-16 10:43 - 2018-03-31 03:51 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
      2018-04-16 10:43 - 2018-03-31 03:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
      2018-04-16 10:43 - 2018-03-31 03:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
      2018-04-16 10:43 - 2018-03-31 03:51 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
      2018-04-16 10:43 - 2018-03-31 03:51 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
      2018-04-16 10:43 - 2018-03-31 03:49 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
      2018-04-16 10:43 - 2018-03-31 03:49 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-04-16 10:43 - 2018-03-31 03:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
      2018-04-16 10:43 - 2018-03-31 03:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
      2018-04-16 10:43 - 2018-03-31 03:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
      2018-04-16 10:43 - 2018-03-28 10:18 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2018-04-16 10:43 - 2018-03-23 20:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-04-16 10:43 - 2018-03-23 00:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-04-16 10:43 - 2018-03-23 00:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-04-16 10:43 - 2018-03-23 00:04 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-04-16 10:43 - 2018-03-22 23:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-04-16 10:43 - 2018-03-22 23:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-04-16 10:43 - 2018-03-22 23:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-04-16 10:43 - 2018-03-22 23:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-04-16 10:43 - 2018-03-22 23:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-04-16 10:43 - 2018-03-22 23:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-04-16 10:43 - 2018-03-22 23:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-04-16 10:43 - 2018-03-22 23:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-04-16 10:43 - 2018-03-22 23:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-04-16 10:43 - 2018-03-22 23:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-04-16 10:43 - 2018-03-22 23:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-04-16 10:43 - 2018-03-22 23:42 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-04-16 10:43 - 2018-03-22 23:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-04-16 10:43 - 2018-03-22 23:36 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-04-16 10:43 - 2018-03-22 23:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-04-16 10:43 - 2018-03-22 23:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-04-16 10:43 - 2018-03-22 23:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-04-16 10:43 - 2018-03-22 23:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-04-16 10:43 - 2018-03-22 23:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-04-16 10:43 - 2018-03-22 23:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-04-16 10:43 - 2018-03-22 23:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-04-16 10:43 - 2018-03-22 23:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-04-16 10:43 - 2018-03-22 23:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-04-16 10:43 - 2018-03-22 23:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-04-16 10:43 - 2018-03-22 23:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-04-16 10:43 - 2018-03-22 23:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-04-16 10:43 - 2018-03-22 23:15 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-04-16 10:43 - 2018-03-22 23:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-04-16 10:43 - 2018-03-22 23:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-04-16 10:43 - 2018-03-22 22:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-04-16 10:43 - 2018-03-22 22:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-04-16 10:43 - 2018-03-22 22:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-04-16 10:43 - 2018-03-10 20:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
      2018-04-16 10:43 - 2018-03-09 21:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2018-04-16 10:43 - 2018-03-09 21:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2018-04-16 10:43 - 2018-03-09 21:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2018-04-16 10:43 - 2018-03-09 21:12 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2018-04-16 10:43 - 2018-03-09 21:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2018-04-16 10:43 - 2018-03-09 20:31 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2018-04-16 10:43 - 2018-03-06 21:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
      2018-04-16 10:43 - 2018-03-06 21:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
      2018-04-16 10:43 - 2018-03-06 21:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
      2018-04-16 10:43 - 2018-02-22 06:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
      2018-04-16 10:43 - 2018-02-19 00:34 - 000535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
      2018-04-16 10:43 - 2018-02-10 21:49 - 000162496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000154304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000104640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000057024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000053440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000051904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000046272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000032448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000027840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000021696 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
      2018-04-16 10:43 - 2018-02-10 21:49 - 000013504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000011840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
      2018-04-16 10:43 - 2018-02-10 21:48 - 000274624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
      2018-04-16 10:43 - 2018-02-10 21:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
      2018-04-16 10:43 - 2018-02-10 21:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
      2018-04-16 10:43 - 2018-02-10 21:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
      2018-04-16 10:43 - 2018-02-10 21:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
      2018-04-16 10:43 - 2018-02-10 21:23 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
      2018-04-16 10:43 - 2018-02-10 20:36 - 000537600 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
      2018-04-16 10:43 - 2018-02-10 20:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
      2018-04-16 10:43 - 2018-02-10 20:36 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
      2018-04-16 10:43 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
      2018-04-16 10:43 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
      2018-04-16 10:43 - 2018-02-02 21:54 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
      2018-04-16 10:43 - 2018-02-02 21:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
      2018-04-16 10:43 - 2018-02-02 21:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
      2018-04-16 10:43 - 2018-02-02 21:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
      2018-04-16 10:43 - 2018-02-02 21:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
      2018-04-16 10:43 - 2018-02-02 21:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
      2018-04-16 10:43 - 2018-02-02 20:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
      2018-04-16 10:43 - 2018-01-25 17:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
      2018-04-16 10:43 - 2018-01-15 22:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
      2018-04-16 10:43 - 2018-01-12 19:29 - 001309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-04-16 10:43 - 2018-01-12 19:29 - 000250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
      2018-04-16 10:43 - 2018-01-12 19:29 - 000240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-04-16 10:43 - 2018-01-12 19:29 - 000187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-04-16 10:43 - 2018-01-12 19:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
      2018-04-16 10:43 - 2018-01-12 19:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
      2018-04-16 10:43 - 2018-01-12 19:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
      2018-04-16 10:43 - 2018-01-12 19:05 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
      2018-04-16 10:43 - 2018-01-12 19:05 - 000025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
      2018-04-16 10:43 - 2018-01-12 19:05 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
      2018-04-16 10:43 - 2018-01-11 19:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001155584 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001004032 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:54 - 001214184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
      2018-04-16 10:43 - 2018-01-01 04:54 - 000712936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
      2018-04-16 10:43 - 2018-01-01 04:54 - 000201960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
      2018-04-16 10:43 - 2018-01-01 04:54 - 000173288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
      2018-04-16 10:43 - 2018-01-01 04:50 - 000317952 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
      2018-04-16 10:43 - 2018-01-01 04:44 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
      2018-04-16 10:43 - 2018-01-01 04:43 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
      2018-04-16 10:43 - 2018-01-01 04:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
      2018-04-16 10:43 - 2018-01-01 04:43 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
      2018-04-16 10:43 - 2018-01-01 04:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
      2018-04-16 10:43 - 2018-01-01 04:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
      2018-04-16 10:43 - 2018-01-01 04:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
      2018-04-16 10:43 - 2018-01-01 04:38 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-04-16 10:43 - 2018-01-01 04:38 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
      2018-04-16 10:43 - 2018-01-01 04:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
      2018-04-16 10:43 - 2018-01-01 04:38 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
      2018-04-16 10:43 - 2018-01-01 04:36 - 000314368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
      2018-04-16 10:43 - 2018-01-01 04:36 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
      2018-04-16 10:43 - 2017-12-05 18:54 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
      2018-04-16 10:43 - 2017-12-05 18:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
      2018-04-14 17:05 - 2018-04-15 21:31 - 000003238 _____ C:\Users\IvailoCOMP\Desktop\Стражева Кула 14.04.2018.txt
      2018-04-14 14:36 - 2016-06-18 07:13 - 039293587 ____N C:\Users\IvailoCOMP\Desktop\MPS-temi.pdf
      2018-04-11 21:09 - 2018-04-15 22:57 - 000000340 _____ C:\Users\IvailoCOMP\Desktop\Програма за четене на Библията.txt
      2018-04-11 20:05 - 2018-04-11 20:05 - 000724759 _____ C:\Users\IvailoCOMP\Desktop\sbr_BL.pdf
      2018-04-11 02:08 - 2018-03-14 20:18 - 000116928 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
      2018-04-11 02:08 - 2018-03-14 20:14 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 001893376 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
      2018-04-11 02:08 - 2018-03-14 16:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000507392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
      2018-04-09 21:55 - 2018-04-09 21:55 - 000003743 _____ C:\Users\IvailoCOMP\Desktop\Ще бъде ли тя добра съпруга.txt
      2018-04-01 23:39 - 2018-04-01 23:39 - 010353227 _____ C:\Users\IvailoCOMP\Desktop\yp2_BL.pdf
      2018-03-23 22:10 - 2018-03-23 22:10 - 002276028 _____ C:\Users\IvailoCOMP\Desktop\Илиянка.rar
      2018-03-23 22:02 - 2018-03-23 22:14 - 000000000 ____D C:\Users\IvailoCOMP\Desktop\Илиянка
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-04-18 19:00 - 2010-11-21 00:01 - 000785704 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-04-18 19:00 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-04-18 18:57 - 2016-11-18 12:35 - 000000000 ____D C:\Users\IvailoCOMP\AppData\LocalLow\Mozilla
      2018-04-18 18:51 - 2013-11-21 16:12 - 000000000 ____D C:\ProgramData\NVIDIA
      2018-04-18 18:51 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-04-18 18:06 - 2014-10-30 10:05 - 000000000 ____D C:\Windows\pss
      2018-04-18 17:58 - 2017-11-23 09:54 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Local\LogMeIn Hamachi
      2018-04-18 10:38 - 2013-11-21 16:17 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\BitComet
      2018-04-18 10:34 - 2013-11-21 16:05 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\Ashampoo
      2018-04-18 10:34 - 2013-11-21 16:05 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Local\Ashampoo
      2018-04-18 10:32 - 2013-11-21 16:00 - 000000000 ____D C:\Program Files\Ashampoo
      2018-04-18 10:19 - 2013-11-22 16:19 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\DAEMON Tools Lite
      2018-04-18 01:15 - 2009-07-14 07:34 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-04-18 01:15 - 2009-07-14 07:34 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-04-18 01:09 - 2013-12-23 20:48 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\Skype
      2018-04-17 23:11 - 2016-02-29 01:23 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Local\CrashDumps
      2018-04-17 10:17 - 2009-07-14 07:33 - 000452024 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-04-17 10:13 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-04-16 22:13 - 2013-11-21 17:15 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\vlc
      2018-04-15 10:51 - 2013-11-21 16:04 - 000000000 ____D C:\Windows\system32\Macromed
      2018-04-12 19:52 - 2016-07-07 19:51 - 000000000 ____D C:\Program Files\Common Files\Overwolf
      2018-04-12 19:52 - 2013-12-14 11:50 - 000000000 ____D C:\Program Files\Overwolf
      2018-04-12 01:04 - 2014-12-11 09:05 - 000000000 ____D C:\Windows\system32\appraiser
      2018-04-11 11:04 - 2017-07-31 12:21 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-04-11 11:04 - 2017-07-31 12:21 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-04-11 03:13 - 2014-07-15 11:08 - 000000000 ____D C:\Windows\system32\MRT
      2018-04-11 03:06 - 2017-10-11 01:18 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
      2018-04-11 03:06 - 2014-07-15 11:08 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2018-04-08 17:50 - 2018-03-01 23:22 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\.minecraft
      2018-03-29 09:46 - 2013-12-21 10:14 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
      2018-03-28 11:20 - 2016-11-16 21:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2018-03-26 12:53 - 2018-02-26 10:26 - 000000000 ____D C:\Users\IvailoCOMP\Desktop\Songs
      ==================== Files in the root of some directories =======
      2016-03-26 15:29 - 2016-03-28 23:17 - 000000646 _____ () C:\Users\IvailoCOMP\AppData\Roaming\MPQEditor.ini
      2013-11-21 17:59 - 2017-11-03 12:59 - 000007599 _____ () C:\Users\IvailoCOMP\AppData\Local\Resmon.ResmonCfg
      Some files in TEMP:
      ====================
      2017-09-29 10:49 - 2017-10-30 16:41 - 000000000 _____ () C:\Users\IvailoCOMP\AppData\Local\Temp\88653d972532a3bfb1eacaae78f1f650.dll
      2017-09-29 10:49 - 2017-10-30 14:33 - 000000088 _____ () C:\Users\IvailoCOMP\AppData\Local\Temp\a4c3de51ada6927383f066bdc8c54e16.dll
      2018-04-08 08:12 - 2018-04-08 08:12 - 058834376 _____ (Skype Technologies S.A.) C:\Users\IvailoCOMP\AppData\Local\Temp\SkypeSetup.exe
      2018-03-01 23:34 - 2018-03-01 23:23 - 000069259 _____ () C:\Users\IvailoCOMP\AppData\Local\Temp\Uninstall.exe
      2017-08-13 10:55 - 2017-08-13 10:55 - 000750560 _____ (adaware) C:\Users\IvailoCOMP\AppData\Local\Temp\WCU002.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2016-05-09 08:13
      ==================== End of FRST.txt ============================
      Addition.txt
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.