Премини към съдържанието

Препоръчан отговор


Здравейте,

от няколко дни ми се променят настройките на Google Chrome. Отваря се начална страница http://search.safefinder.com/. Появяват се непрекъснато реклами, отварят ми се непознати страници.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016
Ran by burgas (administrator) on BURGAS-PC (03-02-2016 10:40:19)
Running from C:\Users\burgas\Downloads
Loaded Profiles: burgas (Available Profiles: burgas)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: Български (България)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\ProgramData\Airtostrong\Airtostrong.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd., Samsung Software Center.) C:\Program Files\SAMSUNG\SmarThru\Portctrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel) C:\Program Files\Intel\AMT\LMS.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Intel) C:\Program Files\Intel\AMT\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\ProgramData\Airtostrong\Airtostrong.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(JetAudio, Inc.) C:\Program Files\JetAudio\JetAudio.exe
() C:\__TM2004\tm2004.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1282048 2007-08-02] (Analog Devices, Inc.)
HKLM\...\Run: [GW Port Controller] => C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE [163840 2006-12-14] (Samsung Electronics Co., Ltd., Samsung Software Center.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\...\Run: [tgbhdpgwgg] => explorer "hxxp://opatolo.ru/?utm_source=uoua03n&utm_content=53ec9cba11c4c68db945b0faedd19cda&utm_term=9A29711C2921EE8733606F746A7A2295" <===== ATTENTION
HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\...\Policies\Explorer: [HideSCAHealth] 0
AppInit_DLLs: C:\ProgramData\Airtostrong\SingHold.dll => C:\ProgramData\Airtostrong\SingHold.dll [257536 2016-02-01] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E3BA6648-D53C-4AD5-BD44-9E8392E1F9A5}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130861943982661353&GUID=822FDA39-CE33-4D5A-AE25-7BA1920874C3
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2tg73Z4W1XMKLUEUMy2KLkblu3fWYL5Knmpvz7ZW7rWruUSaHb-5wiBn74eqnjzAFTXoTVyV4NOmh2s3Df1-ZIvtVY9oHVO9QpXq47vkczqr-_3hSsAtRQa3A59bWzKO85yylUeMPDliTk1uanuof6eYbbN_838,&q={searchTerms}
HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130988805395755492&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2tg73Z4W1XMKLUEUMy2KLkblu3fWYL5Knmpvz7ZW7rWruUSaHb-5wiBn74eqnjzAFTXoTVyV4NOmh2s3Df1-ZIvtVY9oHVO9QpXq47vkczqr-_3hSsAtRQa3A59bWzKO85yylUeMPDliTk1uanuof6eYbbN_838,&q={searchTerms}
HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2tg73Z4W1XMKLUEUMy2KLkblu3fWYL5Knmpvz7ZW7rWruUSaHb-5wiBn74eqnjzAFTXoTVyV4NOmh2s3Df1-ZIvtVY9oHVO9QpXq47vkczqr-_3hSsAtRQa3A59bWzKO85yylUeMPDliTk1uanuof6eYbbN_838,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-01-20] (Microsoft Corporation)
DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://online.bulbank.bg/capicom.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908
FF NewTab: C:\\ProgramData\\Airtostrongs\\ff.NT
FF SelectedSearchEngine: Поиск@Mail.Ru
FF Homepage: hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.2&gp=801007
FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id=%7BD1BECE92-0571-4F07-893D-3AFC6AA6ADA5%7D&gp=801507
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-20] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [not found]
FF Extension: 50uCouuippons - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\Extensions\5@9g.edu [2015-01-06] [not signed]
FF Extension: YouetubeAdBlocke - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\Extensions\5@L2QH.org [2014-12-12] [not signed]
FF Extension: Домашняя страница Mail.Ru - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\Extensions\homepage@mail.ru [2016-01-28]
FF Extension: DoealEExxpreess - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\Extensions\iol@A.net [2015-01-05] [not signed]
FF Extension: BuyNsaVe - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\Extensions\JF9Xfr0CEm@W.edu [2014-12-12] [not signed]
FF Extension: nogroovesharkadstobbitk - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\Extensions\nogroovesharkads@tobbi.tk [2014-12-19] [not signed]
FF Extension: Поиск@Mail.Ru - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\Extensions\search@mail.ru [2016-01-28]
FF Extension: Adblock Plus - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-17] [not signed]

Chrome: 
=======
CHR HomePage: Profile 2 -> mail.ru/cnt/11956636
CHR StartupUrls: Profile 2 -> "hxxps://www.google.bg/"
CHR DefaultSearchURL: Profile 2 -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2tg73Z4W1XMKLUEUMy2KLkblu3fWYL5Knmpvz7ZW7rWruUSaHb-5wiBn74eqnjzAFTX_lVKA34PV4u6LseiDKR1tbEwCzvJ0KclarERakF_KbqiMGYL8xdyC3AmkxRhVTcI5QL2RTYj_QvuHJSfWsA5ohdCqEcE,&q={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> feed.sonic-search.com_
CHR DefaultSuggestURL: Profile 2 -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Презентации) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Документи) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Диск) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Търсене) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Електронни таблици от Google) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Документи офлайн) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Profile: C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Документи) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-02]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-02]
CHR HKLM\...\Chrome\Extension: [eioddfaepdoeifbhjphfefgipcjcdieo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iflppbjnpneiigcbdfjpnkebidmkjmoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ppoilmfkbpckodoifdlkmkepcajfjmhl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Airtostrong; C:\ProgramData\\Airtostrong\\Airtostrong.exe [531456 2016-02-01] () [File not signed]
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1887928 2015-12-22] (Microsoft Corporation)
R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-01-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-02] (Disc Soft Ltd)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [232312 2012-10-30] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics) [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2014-01-14] (Microsoft Corporation) [File not signed]
S1 dogqxxnk; \??\C:\Windows\system32\drivers\dogqxxnk.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 sdfhgdf; system32\DRIVERS\sdfhgdf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-03 10:40 - 2016-02-03 10:40 - 00015114 _____ C:\Users\burgas\Downloads\FRST.txt
2016-02-03 10:40 - 2016-02-03 10:40 - 00000000 ____D C:\FRST
2016-02-03 10:39 - 2016-02-03 10:39 - 01721856 _____ (Farbar) C:\Users\burgas\Downloads\FRST.exe
2016-02-02 17:16 - 2016-02-03 08:46 - 00000000 ____D C:\Users\burgas\AppData\Roaming\Systweak
2016-02-02 17:15 - 2016-02-02 17:15 - 00000000 ____D C:\Users\burgas\AppData\Local\Systweak
2016-02-02 17:14 - 2016-02-02 17:15 - 05822720 _____ (Advanced System Protector ) C:\Users\burgas\Downloads\aspsetup.exe
2016-02-02 16:58 - 2016-02-03 08:38 - 00000370 _____ C:\Windows\Tasks\AmiUpdXp.job
2016-02-02 16:58 - 2016-02-02 17:42 - 00000000 ____D C:\Users\burgas\AppData\Local\15389
2016-02-02 15:26 - 2016-02-02 15:26 - 01508352 _____ C:\Users\burgas\Downloads\adwcleaner_5.032.exe
2016-02-02 13:02 - 2016-02-03 10:07 - 00000986 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-02 13:02 - 2016-02-03 08:38 - 00000982 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-02 13:02 - 2016-02-02 16:35 - 00002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-02 12:54 - 2016-02-02 12:54 - 00242304 _____ C:\Users\burgas\Downloads\Firefox Setup Stub 44.0.exe
2016-02-02 12:25 - 2016-02-02 13:02 - 00000000 ____D C:\Users\burgas\AppData\Local\Deployment
2016-02-02 12:25 - 2016-02-02 12:25 - 00000000 ____D C:\Users\burgas\AppData\Local\Apps\2.0
2016-02-01 17:40 - 2016-02-01 17:40 - 00000000 ____D C:\ProgramData\Airtostrongs
2016-02-01 17:39 - 2016-02-01 17:39 - 03250516 _____ () C:\Program Files\Common Files\xfjbicol.exe
2016-02-01 11:03 - 2016-02-02 09:52 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2016-01-29 12:27 - 2015-12-24 00:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-29 12:27 - 2015-12-12 20:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-29 12:27 - 2015-12-12 19:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-29 12:27 - 2015-12-12 19:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-29 12:27 - 2015-12-12 19:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-29 12:27 - 2015-12-12 19:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-29 12:27 - 2015-12-12 19:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-29 12:27 - 2015-12-12 19:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-29 12:27 - 2015-12-12 19:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-29 12:27 - 2015-12-12 19:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-29 12:27 - 2015-12-12 19:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-29 12:27 - 2015-12-12 19:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-29 12:27 - 2015-12-12 19:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-29 12:27 - 2015-12-12 19:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-29 12:27 - 2015-12-12 19:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-29 12:27 - 2015-12-12 19:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-29 12:27 - 2015-12-12 19:27 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-29 12:27 - 2015-12-12 19:22 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-29 12:27 - 2015-12-12 19:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-29 12:27 - 2015-12-12 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-29 12:27 - 2015-12-12 19:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-29 12:27 - 2015-12-12 19:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-29 12:27 - 2015-12-12 19:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-29 12:27 - 2015-12-12 19:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-29 12:27 - 2015-12-12 19:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-29 12:27 - 2015-12-12 19:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-29 12:27 - 2015-12-12 19:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-29 12:27 - 2015-12-12 19:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-29 12:27 - 2015-12-12 19:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-29 12:27 - 2015-12-12 19:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-29 12:27 - 2015-12-12 19:00 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-29 12:27 - 2015-12-12 18:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-29 12:27 - 2015-12-12 18:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-29 12:27 - 2015-12-12 18:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-29 12:27 - 2015-11-10 20:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-01-29 12:27 - 2015-11-10 20:39 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-01-29 12:27 - 2015-11-10 20:39 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-01-29 12:26 - 2015-12-30 20:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-01-29 12:26 - 2015-12-30 20:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-29 12:26 - 2015-12-30 20:47 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-29 12:26 - 2015-12-30 20:47 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-29 12:26 - 2015-12-30 20:44 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-29 12:26 - 2015-12-30 20:41 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-29 12:26 - 2015-12-30 20:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-29 12:26 - 2015-12-30 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-29 12:26 - 2015-12-30 20:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-29 12:26 - 2015-12-30 20:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-29 12:26 - 2015-12-30 20:40 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-29 12:26 - 2015-12-30 20:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-29 12:26 - 2015-12-30 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-29 12:26 - 2015-12-30 20:39 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-29 12:26 - 2015-12-30 20:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-29 12:26 - 2015-12-30 20:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-29 12:26 - 2015-12-30 20:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-29 12:26 - 2015-12-30 20:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-29 12:26 - 2015-12-30 20:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-29 12:26 - 2015-12-30 20:38 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-29 12:26 - 2015-12-30 20:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-29 12:26 - 2015-12-30 20:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-29 12:26 - 2015-12-30 20:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-29 12:26 - 2015-12-30 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-29 12:26 - 2015-12-30 19:38 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-29 12:26 - 2015-12-30 19:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-29 12:26 - 2015-12-30 19:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-29 12:26 - 2015-12-30 19:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-29 12:26 - 2015-12-30 19:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-29 12:26 - 2015-12-30 19:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-29 12:26 - 2015-12-30 19:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-29 12:26 - 2015-12-30 19:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-29 12:26 - 2015-12-11 20:35 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-29 12:26 - 2015-12-08 23:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-29 12:26 - 2015-11-17 02:45 - 00022464 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-29 12:26 - 2015-11-17 02:42 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-29 12:26 - 2015-11-17 02:42 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-29 12:26 - 2015-11-17 02:42 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-29 12:26 - 2015-11-17 02:42 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-29 12:26 - 2015-11-17 02:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-29 12:26 - 2015-11-16 22:12 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-29 12:26 - 2015-11-11 20:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-01-29 12:26 - 2015-11-11 20:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-01-29 12:26 - 2015-11-05 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-01-29 12:26 - 2015-10-29 19:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2016-01-29 12:26 - 2015-10-29 19:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-01-29 12:26 - 2015-10-29 19:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2016-01-29 12:26 - 2015-10-29 19:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-01-29 12:26 - 2015-10-13 18:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-01-29 12:26 - 2015-10-13 18:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-01-29 12:26 - 2015-10-13 06:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-01-29 12:26 - 2015-09-23 15:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-01-29 12:26 - 2015-09-23 15:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-01-29 12:25 - 2015-12-08 23:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-29 12:25 - 2015-12-08 23:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-29 12:25 - 2015-12-08 23:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-29 12:25 - 2015-12-08 23:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-29 12:25 - 2015-12-08 23:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-29 12:25 - 2015-12-08 23:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-29 12:25 - 2015-12-08 23:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-29 12:25 - 2015-12-08 23:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-29 12:25 - 2015-12-08 23:11 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-29 12:25 - 2015-12-08 23:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-29 12:25 - 2015-12-08 23:00 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-29 12:25 - 2015-11-20 20:34 - 02956800 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-01-29 12:25 - 2015-11-20 20:34 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-01-29 12:25 - 2015-11-20 20:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-01-29 12:25 - 2015-11-20 20:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-01-29 12:25 - 2015-11-20 20:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-01-29 12:25 - 2015-11-20 20:34 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-01-29 12:25 - 2015-11-20 20:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-01-29 12:25 - 2015-11-20 20:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-01-29 12:25 - 2015-11-20 20:33 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-01-29 12:25 - 2015-11-20 20:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-01-29 12:25 - 2015-11-20 20:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-01-29 12:25 - 2015-11-14 00:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-29 12:25 - 2015-11-14 00:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-29 12:25 - 2015-11-14 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-29 12:25 - 2015-11-05 21:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-01-29 12:25 - 2015-11-05 11:48 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-01-29 12:25 - 2015-11-03 20:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-01-29 12:25 - 2015-11-03 20:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-01-29 12:25 - 2015-10-01 19:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-01-29 12:25 - 2015-10-01 19:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-01-29 12:25 - 2015-10-01 19:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-01-29 12:25 - 2015-10-01 19:50 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-01-29 12:25 - 2015-10-01 19:50 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-01-29 12:25 - 2015-10-01 19:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-01-29 12:25 - 2015-10-01 19:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-01-29 12:25 - 2015-10-01 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-01-29 12:25 - 2015-08-06 19:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-01-29 12:25 - 2015-08-06 19:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-01-29 10:42 - 2016-02-01 11:34 - 00000080 _____ C:\Users\burgas\AppData\Roaming\Microsoft\Windows\Start Menu\чTorrent.lnk
2016-01-28 17:39 - 2016-02-03 08:39 - 00000000 ____D C:\ProgramData\Airtostrong
2016-01-28 17:37 - 2016-01-28 17:37 - 00000000 ____D C:\Program Files\Common Files\gccrnt0l
2016-01-28 16:37 - 2016-01-28 16:47 - 00000000 ____D C:\Program Files\Common Files\Trioqvobam
2016-01-28 16:36 - 2016-02-01 11:33 - 00000000 ____D C:\Program Files\BitTorrent
2016-01-28 16:36 - 2016-01-28 16:36 - 00041472 _____ C:\Users\burgas\AppData\Local\Saodom.dat
2016-01-28 16:36 - 2016-01-28 16:36 - 00000187 _____ C:\Users\burgas\AppData\Local\Saodom.exe.config
2016-01-28 15:42 - 2016-01-28 15:42 - 00000000 ____D C:\Users\burgas\AppData\Local\Вконтактe
2016-01-28 15:37 - 2016-01-28 15:37 - 00000000 ____D C:\Users\burgas\AppData\Local\Вoйти в Интeрнет
2016-01-28 15:34 - 2016-01-28 15:34 - 00000000 ____D C:\Users\Public\Documents\GenieSoft
2016-01-28 15:34 - 2016-01-28 15:34 - 00000000 ____D C:\Users\burgas\AppData\Roaming\MicrosoftUpdater
2016-01-28 15:32 - 2016-01-28 15:32 - 00000000 ____D C:\Users\burgas\AppData\Roaming\Calculator
2016-01-28 15:31 - 2016-01-28 15:31 - 00000000 ____D C:\Users\burgas\AppData\Local\Поиcк в Интeрнете
2016-01-28 15:29 - 2016-01-29 10:41 - 00000000 ____D C:\Users\burgas\AppData\Local\SystemDir
2016-01-28 15:29 - 2016-01-28 15:38 - 00000000 ____D C:\Users\burgas\AppData\Roaming\MailProducts
2016-01-28 15:29 - 2016-01-28 15:36 - 00000000 ____D C:\Users\burgas\AppData\LocalLow\Unity
2016-01-28 15:29 - 2016-01-28 15:36 - 00000000 ____D C:\Users\burgas\AppData\Local\Unity
2016-01-28 15:27 - 2016-01-28 15:27 - 00000000 __RSH C:\MSDOS.SYS
2016-01-28 15:27 - 2016-01-28 15:27 - 00000000 __RSH C:\IO.SYS
2016-01-27 13:05 - 2016-01-27 13:12 - 00000000 ____D C:\Users\burgas\Documents\ViberDownloads
2016-01-27 13:01 - 2016-01-22 08:44 - 05452800 _____ C:\Users\burgas\Desktop\Price list_Motip Dupli all 09.12.2015.xls
2016-01-20 10:03 - 2016-01-20 10:03 - 00010240 _____ C:\Users\burgas\Desktop\sp_orderkomp.xls
2016-01-13 08:57 - 2016-01-13 08:58 - 00000000 ____D C:\Users\burgas\Desktop\радио
2016-01-08 14:43 - 2016-01-11 08:49 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-03 10:15 - 2014-09-05 14:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-03 08:52 - 2009-07-14 06:34 - 00031680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-03 08:52 - 2009-07-14 06:34 - 00031680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-03 08:45 - 2010-11-20 23:01 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-03 08:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-02-03 08:38 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-02 13:02 - 2014-11-27 09:17 - 00000000 ____D C:\Program Files\Google
2016-02-02 10:02 - 2014-09-02 08:56 - 00000000 ____D C:\Install
2016-02-02 09:09 - 2010-10-01 12:05 - 00006866 _____ C:\Windows\NAV.INI
2016-02-02 09:08 - 2014-09-12 14:13 - 00002560 _____ C:\Windows\MKDEWE.TRN
2016-02-02 08:46 - 2015-08-25 12:51 - 00298496 _____ C:\Users\burgas\Desktop\Kana price list roller & brushes 2015 NALICHNO+EAN 01.03.2015 correction 04.08.2015.xls
2016-02-01 17:40 - 2014-09-01 17:19 - 00001420 _____ C:\Users\burgas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-01 17:40 - 2014-02-10 10:55 - 00001407 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-01 17:40 - 2014-02-10 10:55 - 00001407 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-01 11:34 - 2015-10-16 11:12 - 00002112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-01 11:34 - 2015-04-24 08:39 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-01 11:34 - 2015-02-20 16:27 - 00001784 _____ C:\Users\Public\Desktop\jetAudio.lnk
2016-02-01 11:34 - 2014-11-20 14:57 - 00002178 _____ C:\Users\burgas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-02-01 11:34 - 2014-09-08 13:59 - 00001938 _____ C:\Users\Public\Desktop\SmarThru 3.lnk
2016-02-01 11:34 - 2014-09-05 10:00 - 00002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-02-01 11:34 - 2014-09-05 09:57 - 00001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2016-02-01 11:34 - 2014-09-05 09:57 - 00001049 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2016-02-01 11:34 - 2014-09-02 08:49 - 00001369 _____ C:\Users\Public\Desktop\Business Navigator for Windows.lnk
2016-02-01 11:34 - 2014-09-02 08:47 - 00000510 _____ C:\Users\burgas\Desktop\TM2004.lnk
2016-02-01 11:34 - 2014-09-02 08:36 - 00000528 _____ C:\Users\burgas\Desktop\VPN връзка.lnk
2016-02-01 11:34 - 2014-02-10 10:55 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-02-01 11:34 - 2014-02-10 10:55 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-02-01 11:34 - 2009-07-14 06:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-01 11:34 - 2009-07-14 06:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-02-01 11:34 - 2009-07-14 06:42 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-02-01 11:34 - 2009-07-14 06:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-02-01 11:34 - 2009-07-14 06:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-02-01 11:34 - 2009-07-14 06:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-02-01 11:34 - 2009-07-14 06:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-02-01 10:45 - 2014-10-13 09:13 - 00177664 _____ C:\Users\burgas\Desktop\sp_order.xls
2016-02-01 09:30 - 2015-04-06 17:17 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-01 09:22 - 2009-07-14 06:33 - 00367952 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-01 09:21 - 2014-12-11 08:34 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-01 09:21 - 2014-09-02 11:57 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-01 09:20 - 2011-04-12 04:24 - 00000000 ____D C:\Program Files\Windows Journal
2016-01-29 17:49 - 2014-09-02 11:47 - 00000000 ____D C:\Windows\system32\MRT
2016-01-29 17:44 - 2014-09-02 11:47 - 141317472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-28 15:52 - 2015-04-15 12:09 - 00000000 __SHD C:\Users\burgas\AppData\Local\EmieBrowserModeList
2016-01-28 15:52 - 2014-09-02 12:09 - 00000000 __SHD C:\Users\burgas\AppData\Local\EmieUserList
2016-01-28 15:52 - 2014-09-02 12:09 - 00000000 __SHD C:\Users\burgas\AppData\Local\EmieSiteList
2016-01-28 15:51 - 2014-09-01 17:19 - 00000000 ____D C:\Users\burgas
2016-01-20 11:15 - 2014-09-05 14:39 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-01-20 11:15 - 2014-09-05 14:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-01-20 08:59 - 2014-11-20 14:51 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-20 08:58 - 2014-11-20 14:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-15 09:44 - 2015-01-30 10:28 - 00000000 ____D C:\Users\burgas\Desktop\Ценови листи 2015
2016-01-12 08:43 - 2014-09-02 13:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2016-02-01 17:39 - 2016-02-01 17:39 - 3250516 _____ () C:\Program Files\Common Files\xfjbicol.exe
2016-01-28 16:36 - 2016-01-28 16:36 - 0041472 _____ () C:\Users\burgas\AppData\Local\Saodom.dat
2016-01-28 16:36 - 2016-01-28 16:36 - 0000187 _____ () C:\Users\burgas\AppData\Local\Saodom.exe.config

Files to move or delete:
====================
C:\Users\burgas\del_tmp.bat


Some files in TEMP:
====================
C:\Users\burgas\AppData\Local\Temp\1536.tmp.exe
C:\Users\burgas\AppData\Local\Temp\38E.tmp.exe
C:\Users\burgas\AppData\Local\Temp\9FDF.tmp.exe
C:\Users\burgas\AppData\Local\Temp\AF51.tmp.exe
C:\Users\burgas\AppData\Local\Temp\amisetup0847__16582.exe
C:\Users\burgas\AppData\Local\Temp\amisetup0896__10235.exe
C:\Users\burgas\AppData\Local\Temp\amisetup0932__10235.exe
C:\Users\burgas\AppData\Local\Temp\amisetup3610__16582.exe
C:\Users\burgas\AppData\Local\Temp\amisetup3662__10235.exe
C:\Users\burgas\AppData\Local\Temp\amisetup3691__10235.exe
C:\Users\burgas\AppData\Local\Temp\DD94.tmp.exe
C:\Users\burgas\AppData\Local\Temp\E5CC.tmp.exe
C:\Users\burgas\AppData\Local\Temp\F3F1.tmp.exe
C:\Users\burgas\AppData\Local\Temp\FA17.tmp.exe
C:\Users\burgas\AppData\Local\Temp\FAVxXv9touaF.exe
C:\Users\burgas\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\burgas\AppData\Local\Temp\HitmanPro.exe
C:\Users\burgas\AppData\Local\Temp\nsz60DE.exe
C:\Users\burgas\AppData\Local\Temp\ose00000.exe
C:\Users\burgas\AppData\Local\Temp\sqlite3.dll
C:\Users\burgas\AppData\Local\Temp\u1ElmH7axTUj.exe
C:\Users\burgas\AppData\Local\Temp\XnSRyYAXQAWD.exe
C:\Users\burgas\AppData\Local\Temp\yMZoPGRjLmTI.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-29 00:12

==================== End of FRST.txt ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

След това пишете как е положението! ;)

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

не мога да кача лог файла, в момента в който го поставям страницата забива и ме изхвърля.

Какво да правя?

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Нека да проверим за остатъци:

 

СТЪПКА 1

 

  • Изтеглете и стартирайтe 6sv1DN9.jpgAdwCleaner.exe.
  • Натиснете бутона Scan.
  • AdwCleaner ще започне да проверява компютъра.
  • След като проверката приключи натиснете бутона Clean.
  • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
  • Ще се появи автоматично лог файл с името (AdwCleaner[C0].txt) в C:\Adwcleaner
  • Публикувайте съдържанието му в следващия си коментар.

 

СТЪПКА 2

 

Моля изтеглете icon1448041809.pngJunkware Removal Tool на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

СТЪПКА 3

 

Направете нова проверка с FRST като сложите отметка пред Addition.txt преди да натиснете бутона SCAN и след това прикачете новите резултати.

 

Това е засега! :)

Поздрави!

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

# AdwCleaner v5.032 - Лог файлът е създаден 04/02/2016 при 15:03:09
# Обновен 31/01/2016 от Xplode
# База данни : 2016-02-02.1 [Сървър]
# Операционна система : Windows 7 Professional Service Pack 1 (x86)
# Потребителско име : burgas - BURGAS-PC
# Изпълнява се от : C:\Users\burgas\Downloads\adwcleaner_5.032.exe
# Опция : Изчистване
# Поддръжка : http://toolslib.net/forum

***** [ Сервизи ] *****


***** [ Папки ] *****


***** [ Файлове ] *****


***** [ DLLs ] *****


***** [ Преки пътища ] *****


***** [ Планирани задачи ] *****

[-] Задача Изтрито : amiupdaterExd
[-] Задача Изтрито : amiupdaterExi

***** [ Регистър ] *****

[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Stpro.exe
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{117270FA-48AC-45BB-9171-B63D1B42A910}
[-] Ключ Изтрито : HKLM\SOFTWARE\mysites123Software

***** [ Уеб браузъри ] *****


*************************

:: "Tracing" ключове отстраняват
:: Настройките на Winsock са нулирани

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1311 байта] ##########


 

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Professional x86 
Ran by burgas (Administrator) on 04.02.2016 at 15:07:06.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 9 

Successfully deleted: C:\Users\burgas\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\burgas\AppData\Local\installer (Folder) 
Successfully deleted: C:\Users\burgas\AppData\Local\systemdir (Folder) 
Successfully deleted: C:\Users\burgas\AppData\Roaming\mailproducts (Folder) 
Successfully deleted: C:\Windows\System32\ai_recyclebin (Folder) 
Successfully deleted: C:\Users\burgas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94U63VWV (Folder) 
Successfully deleted: C:\Users\burgas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIGMCJ83 (Folder) 
Successfully deleted: C:\Users\burgas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IU12NO0V (Folder) 
Successfully deleted: C:\Users\burgas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4RZDXJ4 (Folder) 

Deleted the following from C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\prefs.js
user_pref(extensions.5cT1M3Es3wA0r1i0.scode, try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\acebook\)>-1||url.indexOf(\warnale
user_pref(extensions.IjGjnbMxuhD2IF6A.scode, try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\acebook\)>-1||url.indexOf(\warnale
user_pref(extensions.homepage@mail.ru.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_id=%7B96496CE0-83C9-440E-8F5D-C1F89FFF431C%7D&install_id=%7B2C0C77A0-940B-4FFC-A
user_pref(extensions.homepage@mail.ru.install_id, {2C0C77A0-940B-4FFC-A9E5-F86666F80F7E});
user_pref(extensions.homepage@mail.ru.lastHomepage, hxxp://opatolo.ru/?utm_content=83d5920a52d67260f4213f8bddf9126c&utm_source=startpm&utm_term=9A29711C2921EE8733606F746A7A
user_pref(extensions.homepage@mail.ru.lastPageType, 1);
user_pref(extensions.homepage@mail.ru.metric_state_go_metric, {\lastDayNumber\:1,\lastDayDate\:\2016-02-02T00:00:00.000Z\});
user_pref(extensions.homepage@mail.ru.metric_state_installPartnerMetric, {\wasSent\:true});
user_pref(extensions.homepage@mail.ru.metric_state_mrds_metric, {\lastDayNumber\:1,\lastDayDate\:\2016-02-02T00:00:00.000Z\});
user_pref(extensions.homepage@mail.ru.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.txt?type=product_online_metric&product_id=%7B96496CE0-83C9-440E-8F5D-C1F89FFF431
user_pref(extensions.homepage@mail.ru.partner_product_online_url, hxxp://soqouguxmupm.reportersleeve.ru/affect?hetag=78e1f979120009559de44cacb4c89804&guid={2C0C77A0-940B-4F
user_pref(extensions.homepage@mail.ru.product_id, {96496CE0-83C9-440E-8F5D-C1F89FFF431C});
user_pref(extensions.homepage@mail.ru.product_type, ff_xtnhp);
user_pref(extensions.homepage@mail.ru.rfr, 801007);
user_pref(extensions.search@mail.ru.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_id=%7B3DCAB8D0-FE98-43D6-B076-D559A2FE60B2%7D&install_id=%7B2C0C77A0-940B-4FFC-A9E
user_pref(extensions.search@mail.ru.install_id, {2C0C77A0-940B-4FFC-A9E5-F86666F80F7E});
user_pref(extensions.search@mail.ru.metric_state_go_metric, {\lastDayNumber\:1,\lastDayDate\:\2016-02-02T00:00:00.000Z\});
user_pref(extensions.search@mail.ru.metric_state_installPartnerMetric, {\wasSent\:true});
user_pref(extensions.search@mail.ru.metric_state_mrds_metric, {\lastDayNumber\:1,\lastDayDate\:\2016-02-02T00:00:00.000Z\});
user_pref(extensions.search@mail.ru.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.txt?type=product_online_metric&product_id=%7B3DCAB8D0-FE98-43D6-B076-D559A2FE60B2%
user_pref(extensions.search@mail.ru.partner_product_online_url, hxxp://soqouguxmupm.reportersleeve.ru/affect?hetag=78e1f979120009559de44cacb4c89804&guid={2C0C77A0-940B-4FFC
user_pref(extensions.search@mail.ru.product_id, {3DCAB8D0-FE98-43D6-B076-D559A2FE60B2});
user_pref(extensions.search@mail.ru.product_type, ff_xtndse);
user_pref(extensions.search@mail.ru.rfr, 801507);
user_pref(extensions.xpiState, {\app-profile\:{\5@9g.edu\:{\d\:\C:\\\\Users\\\\burgas\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hpxqp8ob.default-141
user_pref(extensions.{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_id=%7B6926429E-9157-454B-B774-4F8A1A3AFDB3%7D&install_id=%
user_pref(extensions.{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.txt?type=product_online_metric&product_id=%7B6926429E-9157

Registry: 3 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value) 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.02.2016 at 15:08:17.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

FRST.txt

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Нека да видим какво още е останало.

 

СТЪПКА 1

 

Изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

СТЪПКА 2

 

icon_zps423a0d9f.jpgМоля изтеглете ZHPcleaner и я запазете на вашия десктоп.

  • Стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
  • Кликнете върху Ashampoo_Snap_20140819_13h09m50s_001__zp за да се съгласите с лицензионното споразумение.
  • Изберете бутона y3pI4LR.png.
  • Браузърите ще бъдат затворени автоматично.
  • Ще се отвори лог файл след прикючването на проверката.
  • Публикувайте лог файла в следващия си коментар.

 

СТЪПКА 3

 

 

Моля изтеглете Malwarebytes Anti-Malware 2.2.0.1024 Final и я запазете на вашия десктоп.

  • Стартирайте файла mbam-setup-2.1.8.1057.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката. Т.е. премахнете първата отметка:

DkgJ7Zr.png

  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.

65ZBqkR.jpg

  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

 

СТЪПКА 4

 

1.Изтеглете Hitman Pro.

За 32-битова система - dEMD6.gif.
За 64-битова система - Download-button3.gif

2.Стартирайте програмата.
3.След като сте стартирали програмата като кликнете върху иконата 5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).

4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.
 
Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:
 
6-scanfin-choose.jpg
 
Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:\Programdata\HitmanPro\Logs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

Забележка: Папката C:\ProgramData е скрита и затова трябва да направите скритите файлове видими по-следния начин:

От My Computer => Tools => Folder Options => View:

Сложете отметка пред "Show hidden files, folders and drives"

и махнете отметката пред "Hide protected operating system files (recommended)".

Натиснете Apply.

Сега проверете за лог файла в папката C:\Programdata\HitmanPro\Logs и го прикачете в следващия си коментар. :)

 

СТЪПКА 5

 

emsisoft_emergency_kit.pnglogo.png

  • Моля изтеглете EmsisoftEmergencyKit, стартирайте exe файла и посочете къде да се разархивира програмата - например в (C:\EEK), натискайки бутона Extract.
  • Стартирайте иконата на файла Start Emsisoft Emergency Kit от десктопа за да стартирате приложението.
  • Натиснете бутона"Yes", когато бъдете подканени да обновите дефинициите на програмата.

EKK.gif

  • След като процеса по обновяването на дефинициите приключи натиснете бутона "Scan".
  • Натиснете бутона "Yes", когато бъдете попитани дали да програмата да включи засичането на потенциално нежелани приложения (Potentially Unwanted Applications).
  • Сега вече изберете бутона Custom Scan. Премахнете от списъка всички дялове без C:\ (т.е. нека да остане само дял C:\ в списъка).
  • Натиснете Next за да започне проверката.
  • Когато проверката приключи натиснете бутона View Report.
  • Копирайте съдържанието на лог файла в следващия си коментар.

 

СТЪПКА 6

 

Изтеглете Публикувано изображение Security Check от screen317 от този линк и го запаметете на вашия десктоп.

Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.

Накрая, автоматично ще се отвори текстов документ, наречен checkup.txt, моля поставете съдържанието му в следващия ви коментар в тази тема.

 

Поздрави! ;)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Fix result of Farbar Recovery Scan Tool (x86) Version:27-01-2016
Ran by burgas (2016-02-05 08:49:40) Run:2
Running from C:\Users\burgas\Downloads
Loaded Profiles: burgas (Available Profiles: burgas)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CHR HomePage: Profile 2 -> mail.ru/cnt/11956636
CHR DefaultSearchURL: Profile 2 -> hxxp://go.mail.ru/search?q={searchTerms}&fr=xtn11
CHR DefaultSearchKeyword: Profile 2 -> mail.ru
CHR DefaultSuggestURL: Profile 2 -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
2016-01-28 15:42 - 2016-01-28 15:42 - 00000000 ____D C:\Users\burgas\AppData\Local\Вконтактe
2016-01-28 15:37 - 2016-01-28 15:37 - 00000000 ____D C:\Users\burgas\AppData\Local\Вoйти в Интeрнет
2016-01-28 15:34 - 2016-01-28 15:34 - 00000000 ____D C:\Users\Public\Documents\GenieSoft
2016-01-28 15:34 - 2016-01-28 15:34 - 00000000 ____D C:\Users\burgas\AppData\Roaming\MicrosoftUpdater
2016-01-28 15:32 - 2016-01-28 15:32 - 00000000 ____D C:\Users\burgas\AppData\Roaming\Calculator
2016-01-28 15:31 - 2016-01-28 15:31 - 00000000 ____D C:\Users\burgas\AppData\Local\Поиcк в Интeрнете
C:\Users\burgas\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk
cmd: dir C:\Users\burgas\AppData\Local\Microsoft\Start Menu
FirewallRules: [{F559452B-097B-46AC-A11D-B298C3CA3742}] => (Allow) C:\Program Files\Mobogenie3\mobogenieP2sp.exe
FirewallRules: [{9768295F-D945-43F9-8F61-E0F9319D4EE8}] => (Allow) C:\Program Files\Mobogenie3\mobogenieP2sp.exe
EmptyTemp:
end

*****************

Error: (0) Failed to create a restore point.
Chrome HomePage => removed successfully.
Chrome DefaultSearchURL => removed successfully.
Chrome DefaultSearchKeyword => removed successfully.
Chrome DefaultSuggestURL => removed successfully.
C:\Users\burgas\AppData\Local\Вконтактe => moved successfully
C:\Users\burgas\AppData\Local\Вoйти в Интeрнет => moved successfully
C:\Users\Public\Documents\GenieSoft => moved successfully
"C:\Users\burgas\AppData\Roaming\MicrosoftUpdater" => not found.
C:\Users\burgas\AppData\Roaming\Calculator => moved successfully
C:\Users\burgas\AppData\Local\Поиcк в Интeрнете => moved successfully
C:\Users\burgas\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk => moved successfully

=========  dir C:\Users\burgas\AppData\Local\Microsoft\Start Menu =========

 Volume in drive C is Windows
 Volume Serial Number is CABE-F4F5

 Directory of C:\Users\burgas\AppData\Local\Microsoft

File Not Found

 Directory of C:\Users\burgas\Downloads

File Not Found

========= End of CMD: =========

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F559452B-097B-46AC-A11D-B298C3CA3742} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9768295F-D945-43F9-8F61-E0F9319D4EE8} => value removed successfully.
EmptyTemp: => 155.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 08:49:46 ====

 

 

~ ZHPCleaner v2016.2.4.22 by Nicolas Coolman (2016/02/04)
~ Run by burgas (Administrator)  (05/02/2016 08:54:48)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\burgas\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\burgas\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (3)
FOUND: [hpxqp8ob.default-1415263838908] - user_pref("extensions.aae44639e43f24cd1aa8039d5d2e18fa9gmailcom68153.68153.internaldb.monetization_p[...]  =>PUP.Optional.Monetization
FOUND: [hpxqp8ob.default-1415263838908] - user_pref("extensions.aae44639e43f24cd1aa8039d5d2e18fa9gmailcom68153.68153.name", "SensePlus");  =>PUP.Optional.CrossRider
FOUND: [hpxqp8ob.default-1415263838908] - user_pref("extensions.aae44639e43f24cd1aa8039d5d2e18fa9gmailcom68153.68153.publisher", "Object Brows[...]  =>PUP.Optional.ObjectBrowser


---\\  Hosts file (1)
~ The hosts file is legitimate (1)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (4)
FOUND file: C:\Windows\System32\SSGR1ci.exe [SS - SSCoInstExe]  =>.Superfluous.SwiftSearch
FOUND file: C:\Windows\AutoKMS\AutoKMS.log    =>HackTool.AutoKMS
FOUND file: C:\Windows\AutoKMS\AutoKMS.ini    =>HackTool.AutoKMS
FOUND folder: C:\Windows\AutoKMS  =>HackTool.AutoKMS


---\\  Registry ( Key, Value, Data) (74)
FOUND key: HKEY_USERS\S-1-5-21-1576859958-4174361920-3613543742-1000\SOFTWARE\mtAirtostrong []  =>PUP.Optional.Salus
FOUND key: HKEY_USERS\S-1-5-21-1576859958-4174361920-3613543742-1000\SOFTWARE\Systweak []  =>.Superfluous.Systweak
FOUND key: HKCU\Software\mtAirtostrong []  =>PUP.Optional.Salus
FOUND key: HKCU\Software\Systweak []  =>.Superfluous.Systweak
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1183689A-DE12-4684-9165-15421DECEB7B} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1338E832-34ED-4343-BFBC-89187CE59E6} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DB32EF4-7A50-4EC4-A627-B5F6F3C902A} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1EEB5F97-863B-40DA-9C12-6E57D32B24D} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20904EDD-1C7F-441C-832-1E05EB2B54F} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A111892-390F-499D-952E-95C7B3F2346B} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B1568F5-8031-40B1-B92C-DD5C9D1CEF71} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{323282FD-148F-40F8-8BBB-A5E6D94574} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33F78092-48D3-4804-908-5145D7DA814D} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{350AA7F2-15E4-4429-A018-FFE77C73E081} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37D44B4B-14BB-4149-B399-163E0FEF944} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A9F4709-AE67-476D-BC2A-3E42F0AF5C1B} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B98840C-32CA-43CA-AB76-3CA9AE48EB8} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CDC5D4C-FDB7-4A09-A96F-202F437F8F2} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44713C29-2188-439A-87FE-36C72ADB83B6} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47E07FE6-A94-453B-A3F6-1A457B767329} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49C9582C-1B24-4DBA-9292-80B58573CB2D} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FE58EEF-2C56-4B88-B9D7-1FDE42C411EE} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{555548DB-6AC5-429E-AEA0-6FE08BF8345} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{590AF3DC-1865-47A0-A080-5242D6701C80} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68DCAA5E-3D11-4608-8AF-5466DE558AAD} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F5C519E-A2E8-4503-A511-7895BD85684} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70CF60C1-910F-4C7B-94DD-668E4470C1F6} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74108E8A-C5BB-4960-94C5-9A1CFE3FA2E8} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{785A504-6001-410E-871-17D4DBE05952} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C197D83-66C5-41D1-AB48-38C5658F7B22} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DEC0B0B-353F-45D8-8BDA-CDA8FE9BDA99} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{807322BF-3DCC-4AD7-9158-BB99A03B5870} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80AA6F59-9646-48BA-A13B-5C806D26E28} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81017C8D-EA98-4FF0-988A-7715B1B11A5} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8176599C-5CD7-42D8-9996-5A5338AED369} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9224380B-4A25-4CB2-8B14-CD89671811B} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93D42FCF-F12-4ECC-91A8-D09CF4109C65} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98543DF4-4DC2-4CFA-8323-B7DCBFDC2662} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2FDC856-8F17-4B31-B445-7A95A11A4143} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A515B776-45B4-4E37-9D55-5AECA9ABCAF} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A676EC2C-18CC-4804-9BBA-8EE58B33C6} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6FF7A87-F89-473C-923E-C85254B87B1} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF6E5C09-28CE-4526-80A3-FC6624332B5E} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB8B6CC-F50C-4DFB-A580-383FF8F8386F} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0816D31-3F37-4384-A343-70C8C4B48B8E} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B274520F-7FFE-480F-A41D-5FBCBDBBE1A5} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2B68011-B805-4868-8253-68E34A99F038} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4EFE58E-FEA2-4B69-B9EA-6FA4A9B7D53} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8CDCA14-9FBA-4A8C-AC2-58A74CF1455} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BACEBDA0-FA9D-4B04-A2AD-BF9B66788E88} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4853D7B-C215-4F6C-866E-61427A6336} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC6A2183-91DF-4A6C-BF63-6E1868D3A1A4} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0CC9549-7020-4C5B-9194-EBF4A216EC2} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8BD340F-E59C-4D0A-A7CE-72447567F7B} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDFAFA04-7E39-43AA-B093-9566CFE3295} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E451B79D-3FCF-421D-A946-9F202811B18} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0FC44D1-E13D-431C-8AC-DE7B788C7AD3} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F95B6EAB-D2C7-4C23-826-3E958D744AC1} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdncache-a.akamaihd.net [227]  =>PUP.Optional.Browser
FOUND key: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\systweak.com []  =>PUP.Optional.SystSupportDock
FOUND key: HKCU\Software\Start Page []  =>PUP.Optional.WidgiToolbar
FOUND key: HKLM\SOFTWARE\Classes\..9 [YouetubeAdBlocke]  =>PUP.Optional.Generic
FOUND key: HKLM\SOFTWARE\Classes\BuyNsave.BuyNsave [BuyNsAve]  =>PUP.Optional.BuyNSave
FOUND key: HKLM\SOFTWARE\Classes\BuyNsave.BuyNsave.9 [BuyNsAve]  =>PUP.Optional.BuyNSave
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{36ce2cd0-41dc-4ccc-b914-b0e00d22dfd2} [YouetubeAdBlocke]  =>PUP.Optional.YouTubeAdBlock
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{5cb2688f-cf29-4776-885b-964cc2b20390} [HaPpY2Save]  =>PUP.Optional.Happy2Save
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{ac365cee-84fc-4443-a32d-bba5101584f9} [BuyNsAve]  =>PUP.Optional.BuyNSave
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Advanced System~Protector []  =>PUP.Optional.AdvancedSystemProtector
FOUND key: HKLM\SOFTWARE\mtAirtostrong []  =>PUP.Optional.Salus
FOUND key: HKLM\SOFTWARE\Systweak []  =>.Superfluous.Systweak
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5092715B-E66F-449E-80FE-FF871DE1280D} [Company]  =>PUP.Optional.Company
FOUND key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caMyciloP.exe []  =>PUP.Optional.caMycilo
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{36ce2cd0-41dc-4ccc-b914-b0e00d22dfd2}\InprocServer32 [C:\Program Files\YouetubeAdBlocke\HjUATx5SB9lTIz.dll (Not File)]  =>Adware.Sambreel
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{36ce2cd0-41dc-4ccc-b914-b0e00d22dfd2} [YouetubeAdBlocke]  =>Adware.Sambreel


---\\  Summary of the elements found (18)
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Monetization
http://www.nicolascoolman.fr/?p=180  =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/pup-objectbrowser/  =>PUP.Optional.ObjectBrowser
http://www.nicolascoolman.fr/ppup-optional-swiftsearch/  =>.Superfluous.SwiftSearch
http://www.nicolascoolman.fr/?p=1804  =>HackTool.AutoKMS
http://www.nicolascoolman.fr/pup-salus/  =>PUP.Optional.Salus
http://www.nicolascoolman.fr/pup-systweak/  =>.Superfluous.Systweak
http://www.nicolascoolman.fr/?p=546  =>PUP.Optional.Browser
http://www.nicolascoolman.fr/?p=1209  =>PUP.Optional.SystSupportDock
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.WidgiToolbar
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Generic
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.BuyNSave
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.YouTubeAdBlock
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Happy2Save
http://www.nicolascoolman.fr/?p=336  =>PUP.Optional.AdvancedSystemProtector
http://www.nicolascoolman.fr/link-657/  =>PUP.Optional.Company
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.caMycilo
http://www.nicolascoolman.fr/pup-optional-sambreel/  =>Adware.Sambreel


---\\ Result of repair
~ Any repair made
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 50636
~ Items found : 91
~ Items cancelled : 0
~ Items repaired : 0


~ End of search in 00h06mn06s
===================
ZHPCleaner--05022016-09_00_54.txt
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Дата на сканиране: 05.02.2016
Час на сканиране: 9:50 ч.
Дневник: 
Администратор: Да

Версия: 2.2.0.1024
База от данни за злонамерен софтуер: v2016.02.05.01
База от данни за рууткити: v2016.01.20.01
Лиценз: Безплатен
Защита от злонамерен софтуер: Забранено
Защита от злонамерени страници: Забранено
Самозащита: Забранено

ОС: Windows 7 Service Pack 1
Процесор: x86
Файлова система: NTFS
Потребител: burgas

Тип сканиране: Сканиране за заплахи
Резултат: Завършено
Сканиране обекти: 298540
Изминало време: 11 мин. 49 сек.

Памет: Разрешено
Начално стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
Рууткити: Разрешено
Евристика: Разрешено
ПНП: Разрешено
ПНИ: Разрешено

Процеси: 0
(Не бяха открити злонамерени обекти)

Модули: 0
(Не бяха открити злонамерени обекти)

Ключове в системния регистър: 6
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\dream.capture.1, Поставен под карантина, [4cc91944a6f3c37363dc5b43ca387789], 
PUP.Optional.Linkury, HKLM\SOFTWARE\mtAirtostrong, Поставен под карантина, [eb2a9cc1f0a98da9a1d0a3ac17edb24e], 
PUP.Optional.Linkury, HKLM\SOFTWARE\mtcaMyciloP, Поставен под карантина, [67ae2a333e5bc27438ad5bf3bb49a25e], 
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\caMyciloP.exe, Поставен под карантина, [26ef6df01e7b8caa0ed5a6a855afcf31], 
PUP.Optional.Linkury, HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\SOFTWARE\mtAirtostrong, Поставен под карантина, [d14471ecbbde0135cea028277a8a639d], 
PUP.Optional.Linkury, HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\SOFTWARE\mtcaMyciloP, Поставен под карантина, [9580ed707a1f5dd92bb276d8d1331ae6], 

Стойности в системния регистър: 2
PUP.Optional.Linkury, HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=BG&userid=f08dd892-6399-2808-26d8-6c3eff74d984&searchtype=sc&installDate=01.02.2016&barcodeid=50045888&channelid=888&av=windows, Поставен под карантина, [66af90cd02970f27a617f6eafe058080]
PUP.Optional.Linkury, HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\ENVIRONMENT|SNF, C:\ProgramData\Airtostrongs\snp.sc, Поставен под карантина, [6da871ec4a4fd1653686be22d231d828]

Данни в системния регистър: 1
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Добър: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Лош: ({ielnksrch}),Заменен,[110498c5c6d3ab8bd8e4e8ec09fb639d]

Папки: 0
(Не бяха открити злонамерени обекти)

Файлове: 0
(Не бяха открити злонамерени обекти)

Физически сектори: 0
(Не бяха открити злонамерени обекти)


(end)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Emsisoft Emergency Kit - Version 11.0
Last update: 05.02.2016 11:17:24
User account: burgas-PC\burgas

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    05.02.2016 11:18:54
Key: HKEY_USERS\S-1-5-21-1576859958-4174361920-3613543742-1000\SOFTWARE\SYSTWEAK     detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK     detected: Application.InstallAd (A)
C:\FRST\Quarantine\C\Program Files\Common Files\gccrnt0l\66ebf4nk14phj.exe     detected: Gen:Variant.Adware.MSILPerseus.11675 (B)
C:\FRST\Quarantine\C\Program Files\Common Files\Trioqvobam\uninstall.exe     detected: Gen:Variant.Midie.7032 (B)
C:\FRST\Quarantine\C\ProgramData\Airtostrong\Airtostrong.exe     detected: Gen:Variant.Midie.7032 (B)
C:\FRST\Quarantine\C\Program Files\Common Files\xfjbicol.exe.xBAD -> (NSIS o) -> zlib_nsis0003     detected: Gen:Variant.Midie.7032 (B)
C:\FRST\Quarantine\C\ProgramData\Airtostrong\Refax.exe     detected: Adware.Agent.QGV (B)
C:\FRST\Quarantine\C\ProgramData\Airtostrong\SingHold.dll     detected: Adware.Agent.QGV (B)
C:\Program Files\BitTorrent\bin\222ae069-bbae-484e-bf35-e27aaf375bc7\Jackson.exe -> (NSIS o) -> zlib_nsis0003     detected: Gen:Variant.Midie.7032 (B)
C:\Program Files\BitTorrent\bin\222ae069-bbae-484e-bf35-e27aaf375bc7\Jackson.exe -> (NSIS o) -> zlib_nsis0006     detected: Adware.Linkury.BG (B)
C:\Program Files\BitTorrent\bin\222ae069-bbae-484e-bf35-e27aaf375bc7\xtc.exe     detected: Trojan.Generic.15444432 (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{56E44A6D-D533-C383-6F4D-D6255D5BD182}-amisetup0932__10235.exe -> (Quarantine-PE)     detected: Gen:Variant.Razy.11579 (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{3EF1B844-DDE2-9FC4-DCDF-647860F8973C}-amisetup9306__10235.exe -> (Quarantine-PE)     detected: Gen:Variant.Razy.9421 (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{6DD35978-DAF5-F252-9E8C-4077DF8EC623}-amisetup3691__10235.exe -> (Quarantine-PE)     detected: Gen:Variant.Razy.11579 (B)
C:\Users\burgas\AppData\Roaming\e60ac6ff-0c07-404d-8ced-7ce556cd4298\e60ac6ff-0c07-404d-8ced-7ce556cd4298.exe     detected: Gen:Variant.Graftor.269551 (B)

Scanned    171916
Found    15

Scan end:    05.02.2016 12:04:41
Scan time:    0:45:47
 

 

Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player     20.0.0.286  
 Mozilla Thunderbird (38.5.0) 
 Google Chrome (48.0.2564.103) 
 Google Chrome (48.0.2564.97) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbam.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
 

HitmanPro_20160205_1029.log

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Почти сме готови.

 

СТЪПКА 1

 

Направете и нова проверка с ZPHCleaner и след като тя приключи този път натиснете бутона Repair. Като се отвори списъка с намерените неща за почистване се разходете из категориите => File => премахнете отметките пред редовете свързани с AutoKMS и натиснете бутона Validate. Сега отидете до Folder => и отново премахнете редовете свързани с AutoKMS и натиснете Validate. Вече натиснете бутона Repair. Като приключи натиснете бутона Report и запазете файла на десктопа и го публикувайте в следващия си коментар.

 

СТЪПКА 2

 

Изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

След това пишете как е положението. ;)

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

много Ви благодаря за помощта. Ще направя последните инструкции в понеделник.

Приятен уикенд.:wink12:

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

~ ZHPCleaner v2016.2.4.22 by Nicolas Coolman (2016/02/04)
~ Run by burgas (Administrator)  (08/02/2016 09:39:40)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\burgas\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\burgas\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (3)
DELETED: [hpxqp8ob.default-1415263838908] - user_pref("extensions.aae44639e43f24cd1aa8039d5d2e18fa9gmailcom68153.68153.internaldb.monetization_p[...]  =>PUP.Optional.Monetization
DELETED: [hpxqp8ob.default-1415263838908] - user_pref("extensions.aae44639e43f24cd1aa8039d5d2e18fa9gmailcom68153.68153.name", "SensePlus");  =>PUP.Optional.CrossRider
DELETED: [hpxqp8ob.default-1415263838908] - user_pref("extensions.aae44639e43f24cd1aa8039d5d2e18fa9gmailcom68153.68153.publisher", "Object Brows[...]  =>PUP.Optional.ObjectBrowser


---\\  Hosts file (1)
~ The hosts file is legitimate (1)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (1)
MOVED file: C:\Windows\System32\SSGR1ci.exe [SS - SSCoInstExe]  =>.Superfluous.SwiftSearch


---\\  Registry ( Key, Value, Data) (70)
DELETED key*: HKEY_USERS\S-1-5-21-1576859958-4174361920-3613543742-1000\SOFTWARE\Systweak []  =>.Superfluous.Systweak
DELETED key: HKCU\Software\Systweak []  =>.Superfluous.Systweak
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1183689A-DE12-4684-9165-15421DECEB7B} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1338E832-34ED-4343-BFBC-89187CE59E6} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DB32EF4-7A50-4EC4-A627-B5F6F3C902A} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1EEB5F97-863B-40DA-9C12-6E57D32B24D} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20904EDD-1C7F-441C-832-1E05EB2B54F} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A111892-390F-499D-952E-95C7B3F2346B} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B1568F5-8031-40B1-B92C-DD5C9D1CEF71} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{323282FD-148F-40F8-8BBB-A5E6D94574} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33F78092-48D3-4804-908-5145D7DA814D} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{350AA7F2-15E4-4429-A018-FFE77C73E081} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37D44B4B-14BB-4149-B399-163E0FEF944} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A9F4709-AE67-476D-BC2A-3E42F0AF5C1B} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B98840C-32CA-43CA-AB76-3CA9AE48EB8} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CDC5D4C-FDB7-4A09-A96F-202F437F8F2} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44713C29-2188-439A-87FE-36C72ADB83B6} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47E07FE6-A94-453B-A3F6-1A457B767329} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49C9582C-1B24-4DBA-9292-80B58573CB2D} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FE58EEF-2C56-4B88-B9D7-1FDE42C411EE} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{555548DB-6AC5-429E-AEA0-6FE08BF8345} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{590AF3DC-1865-47A0-A080-5242D6701C80} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68DCAA5E-3D11-4608-8AF-5466DE558AAD} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F5C519E-A2E8-4503-A511-7895BD85684} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70CF60C1-910F-4C7B-94DD-668E4470C1F6} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74108E8A-C5BB-4960-94C5-9A1CFE3FA2E8} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{785A504-6001-410E-871-17D4DBE05952} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C197D83-66C5-41D1-AB48-38C5658F7B22} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DEC0B0B-353F-45D8-8BDA-CDA8FE9BDA99} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{807322BF-3DCC-4AD7-9158-BB99A03B5870} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80AA6F59-9646-48BA-A13B-5C806D26E28} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81017C8D-EA98-4FF0-988A-7715B1B11A5} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8176599C-5CD7-42D8-9996-5A5338AED369} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9224380B-4A25-4CB2-8B14-CD89671811B} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93D42FCF-F12-4ECC-91A8-D09CF4109C65} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98543DF4-4DC2-4CFA-8323-B7DCBFDC2662} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2FDC856-8F17-4B31-B445-7A95A11A4143} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A515B776-45B4-4E37-9D55-5AECA9ABCAF} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A676EC2C-18CC-4804-9BBA-8EE58B33C6} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6FF7A87-F89-473C-923E-C85254B87B1} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF6E5C09-28CE-4526-80A3-FC6624332B5E} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB8B6CC-F50C-4DFB-A580-383FF8F8386F} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0816D31-3F37-4384-A343-70C8C4B48B8E} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B274520F-7FFE-480F-A41D-5FBCBDBBE1A5} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2B68011-B805-4868-8253-68E34A99F038} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4EFE58E-FEA2-4B69-B9EA-6FA4A9B7D53} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8CDCA14-9FBA-4A8C-AC2-58A74CF1455} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BACEBDA0-FA9D-4B04-A2AD-BF9B66788E88} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4853D7B-C215-4F6C-866E-61427A6336} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC6A2183-91DF-4A6C-BF63-6E1868D3A1A4} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0CC9549-7020-4C5B-9194-EBF4A216EC2} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8BD340F-E59C-4D0A-A7CE-72447567F7B} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDFAFA04-7E39-43AA-B093-9566CFE3295} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E451B79D-3FCF-421D-A946-9F202811B18} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0FC44D1-E13D-431C-8AC-DE7B788C7AD3} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F95B6EAB-D2C7-4C23-826-3E958D744AC1} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdncache-a.akamaihd.net [227]  =>PUP.Optional.Browser
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\systweak.com []  =>PUP.Optional.SystSupportDock
DELETED key*: HKCU\Software\Start Page []  =>PUP.Optional.WidgiToolbar
DELETED key*: HKLM\SOFTWARE\Classes\..9 [YouetubeAdBlocke]  =>PUP.Optional.Generic
DELETED key*: HKLM\SOFTWARE\Classes\BuyNsave.BuyNsave [BuyNsAve]  =>PUP.Optional.BuyNSave
DELETED key*: HKLM\SOFTWARE\Classes\BuyNsave.BuyNsave.9 [BuyNsAve]  =>PUP.Optional.BuyNSave
DELETED key*: HKLM\SOFTWARE\Classes\CLSID\{36ce2cd0-41dc-4ccc-b914-b0e00d22dfd2} [YouetubeAdBlocke]  =>PUP.Optional.YouTubeAdBlock
DELETED key*: HKLM\SOFTWARE\Classes\CLSID\{5cb2688f-cf29-4776-885b-964cc2b20390} [HaPpY2Save]  =>PUP.Optional.Happy2Save
DELETED key*: HKLM\SOFTWARE\Classes\CLSID\{ac365cee-84fc-4443-a32d-bba5101584f9} [BuyNsAve]  =>PUP.Optional.BuyNSave
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Advanced System~Protector []  =>PUP.Optional.AdvancedSystemProtector
DELETED key*: HKLM\SOFTWARE\Systweak []  =>.Superfluous.Systweak
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5092715B-E66F-449E-80FE-FF871DE1280D} [Company]  =>PUP.Optional.Company
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caMyciloP.exe []  =>PUP.Optional.caMycilo
DELETED key: HKLM\SOFTWARE\Classes\CLSID\{36ce2cd0-41dc-4ccc-b914-b0e00d22dfd2}\InprocServer32 [C:\Program Files\YouetubeAdBlocke\HjUATx5SB9lTIz.dll (Not File)]  =>Adware.Sambreel


---\\  Summary of the elements found (16)
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Monetization
http://www.nicolascoolman.fr/?p=180  =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/pup-objectbrowser/  =>PUP.Optional.ObjectBrowser
http://www.nicolascoolman.fr/ppup-optional-swiftsearch/  =>.Superfluous.SwiftSearch
http://www.nicolascoolman.fr/pup-systweak/  =>.Superfluous.Systweak
http://www.nicolascoolman.fr/?p=546  =>PUP.Optional.Browser
http://www.nicolascoolman.fr/?p=1209  =>PUP.Optional.SystSupportDock
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.WidgiToolbar
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Generic
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.BuyNSave
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.YouTubeAdBlock
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Happy2Save
http://www.nicolascoolman.fr/?p=336  =>PUP.Optional.AdvancedSystemProtector
http://www.nicolascoolman.fr/link-657/  =>PUP.Optional.Company
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.caMycilo
http://www.nicolascoolman.fr/pup-optional-sambreel/  =>Adware.Sambreel


---\\  Other deletions. (9)
~ Registry Keys Tracing deleted (9)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 906
~ Items found : 0
~ Items cancelled : 2
~ Items repaired : 82


~ End of clean in 00h01mn48s
===================
ZHPCleaner-[R]-08022016-09_41_28.txt
ZHPCleaner--05022016-09_00_54.txt
ZHPCleaner--08022016-09_38_59.txt
 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by burgas (2016-02-08 09:44:41) Run:3
Running from C:\Users\burgas\Downloads
Loaded Profiles: burgas (Available Profiles: burgas)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
C:\Program Files\BitTorrent\bin\222ae069-bbae-484e-bf35-e27aaf375bc7
Folder: C:\Program Files\BitTorrent
C:\Users\burgas\AppData\Roaming\e60ac6ff-0c07-404d-8ced-7ce556cd4298
cmd: Dir "C:\Users\burgas\AppData\Roaming" /a:i /o:gd
cmd: dir "C:\Users\burgas\AppData\Local\Microsoft\Start Menu"
cmd: del "C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\*.*" /f /s /q
DeleteKey: HKEY_USERS\S-1-5-21-1576859958-4174361920-3613543742-1000\SOFTWARE\SYSTWEAK
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{444785F1-DE89-4295-863A-D46C3A781394}
cmd: sc query wscsvc
end
*****************

C:\Program Files\BitTorrent\bin\222ae069-bbae-484e-bf35-e27aaf375bc7 => moved successfully

========================= Folder: C:\Program Files\BitTorrent ========================

2015-03-10 09:12 - 2015-03-10 09:12 - 0000190 _____ () C:\Program Files\BitTorrent\BitTorrent.exe.config
2016-01-28 16:37 - 2016-02-01 10:31 - 0002304 _____ () C:\Program Files\BitTorrent\config.conf
2016-01-28 19:37 - 2016-02-08 09:44 - 0000000 ____D () C:\Program Files\BitTorrent\bin
2016-02-01 10:30 - 2016-02-01 10:30 - 0000000 ____D () C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0

====== End of Folder: ======

C:\Users\burgas\AppData\Roaming\e60ac6ff-0c07-404d-8ced-7ce556cd4298 => moved successfully

=========  Dir "C:\Users\burgas\AppData\Roaming" /a:i /o:gd =========

 Volume in drive C is Windows
 Volume Serial Number is CABE-F4F5

 Directory of C:\Users\burgas\AppData\Roaming

20.11.2010  22:57    <DIR>          Identities
02.09.2014  09:00    <DIR>          DAEMON Tools Lite
05.09.2014  09:43    <DIR>          Mozilla
05.09.2014  09:57    <DIR>          TeamViewer
05.09.2014  10:00    <DIR>          Thunderbird
05.09.2014  10:35    <DIR>          HP
05.09.2014  14:39    <DIR>          Macromedia
21.10.2014  09:21    <DIR>          WinRAR
25.11.2014  17:41    <DIR>          uTorrent
20.02.2015  16:28    <DIR>          COWON
24.04.2015  08:43    <DIR>          Adobe
28.04.2015  08:59    <DIR>          Foxit Software
02.02.2016  17:41    <DIR>          Microsoft
08.02.2016  09:43    <DIR>          ZHP
08.02.2016  09:44    <DIR>          .
08.02.2016  09:44    <DIR>          ..
               0 File(s)              0 bytes
              16 Dir(s)  42�130�255�872 bytes free

========= End of CMD: =========


=========  dir "C:\Users\burgas\AppData\Local\Microsoft\Start Menu" =========

 Volume in drive C is Windows
 Volume Serial Number is CABE-F4F5

 Directory of C:\Users\burgas\AppData\Local\Microsoft\Start Menu

File Not Found

========= End of CMD: =========


=========  del "C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\*.*" /f /s /q =========

Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{10C6AECE-2FD5-4DDC-F52F-58EEF92EBFBD}
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{38CA3F26-3A55-B8B6-FEFC-BC951505E6D0}-amt_mysites123.exe
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{3EF1B844-DDE2-9FC4-DCDF-647860F8973C}-amisetup9306__10235.exe
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{4A28339D-167A-84C7-D05A-E3BBD47FE87E}
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{56E44A6D-D533-C383-6F4D-D6255D5BD182}-amisetup0932__10235.exe
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{618B0E05-7E57-186C-1F51-B6F416666671}
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{6DD35978-DAF5-F252-9E8C-4077DF8EC623}-amisetup3691__10235.exe
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{764C91D3-78D1-D451-101F-F10A582FA2F9}
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{7EC27753-3B82-409A-A8D3-9DA76E4F9E8C}
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{8FACC3CD-99CE-8E38-5D96-5EB4B0E84257}
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{9707BD38-1AB8-BBCA-911A-881A5E5E71B6}
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{D8C5C0D0-3B44-A133-5E3F-87CD309CE63F}-amt_mysites123.exe
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{DB6BEBAB-DA8D-2CBE-3BA8-E3F6B17AF96D}
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{F88489F2-5292-A296-6EA9-AEE5A5E6B6FD}-Secure Preferences
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{FA0696CE-EC22-EAF1-1A5E-9E6EBE09DDF0}-Secure Preferences
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{FDB925FC-86A6-0D86-B34B-7A60C8FB67A0}

========= End of CMD: =========

HKEY_USERS\S-1-5-21-1576859958-4174361920-3613543742-1000\SOFTWARE\SYSTWEAK => key not found. 
HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{444785F1-DE89-4295-863A-D46C3A781394} => key removed successfully.

=========  sc query wscsvc =========


SERVICE_NAME: wscsvc 
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 1  STOPPED 
        WIN32_EXIT_CODE    : 1077  (0x435)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

========= End of CMD: =========


==== End of Fixlog 09:46:26 ====

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изникнаха само две малки подробности...има още една изненада в папката на Bittorent и услугата Security Center не работи.

Да поправим и това.

Изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

След това пишете как е положението. ;)

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Според мен всичко е наред. Нямам никакви проблеми нито с интернет браузъра, нито ката цяло с компютъра.

Ето последния лог файл

Fix result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by burgas (2016-02-08 12:06:08) Run:4
Running from C:\Users\burgas\Downloads
Loaded Profiles: burgas (Available Profiles: burgas)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Folder: C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0
C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0
Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
cmd: sc config wscsvc start= auto
Reg: reg add "HKLM\SYSTEM\CurrentControlSet\services\wscsvc" /v Start /t REG_DWORD /d 2 /f
cmd: net start wscsvc
Reboot:
end

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.

========================= Folder: C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0 ========================


====== End of Folder: ======

C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0 => moved successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc" => key was unlocked

=========  sc config wscsvc start= auto =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========


========= reg add "HKLM\SYSTEM\CurrentControlSet\services\wscsvc" /v Start /t REG_DWORD /d 2 /f =========

ЋЇҐа жЁпв  § ўкаиЁ гбЇҐи­®.


========= End of Reg: =========


=========  net start wscsvc =========

The Security Center service is starting.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Това мисля, че не е пълния лог файла. Можете ли да го публикувате отново?

И не е зле да включите System Restore за системния дял:

http://windows.microsoft.com/bg-bg/windows7/create-a-restore-point

След това ще ви дам финалните инструкции как да почистите използваните от нас инструменти.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Fix result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by burgas (2016-02-08 12:06:08) Run:4
Running from C:\Users\burgas\Downloads
Loaded Profiles: burgas (Available Profiles: burgas)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Folder: C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0
C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0
Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
cmd: sc config wscsvc start= auto
Reg: reg add "HKLM\SYSTEM\CurrentControlSet\services\wscsvc" /v Start /t REG_DWORD /d 2 /f
cmd: net start wscsvc
Reboot:
end

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.

========================= Folder: C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0 ========================


====== End of Folder: ======

C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0 => moved successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc" => key was unlocked

=========  sc config wscsvc start= auto =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========


========= reg add "HKLM\SYSTEM\CurrentControlSet\services\wscsvc" /v Start /t REG_DWORD /d 2 /f =========

ЋЇҐа жЁпв  § ўкаиЁ гбЇҐи­®.


========= End of Reg: =========


=========  net start wscsvc =========

The Security Center service is starting.
The Security Center service was started successfully.


========= End of CMD: =========

The system needed a reboot.

==== End of Fixlog 12:06:15 ====

Включих си и точка на възстановяване

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Готови сме! :)

Ето и няколко финални препоръки:

1. За да почистим използваните от нас инструменти направете следното:

Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools и Purge system restore (трябва да има такава по-подразбиране, но все пак да си кажа) => натиснете бутона Run. Инструмента ще се самоизтрие след като приключи своята задача!

Ако има папки, които не са се изтрили след гореспоменатите процедури пишете и ще ги премахнем ръчно.

2. Проверете за стари приложения с помощта на PatchMyPC или с програмата Secunia Personal Software Inspector.

3. Инсталирайте Unchecky за да се предпазите от адуер по време на инсталацията на даден софтуер.

4. За защита от криптовирусите, освен обновяване на ОС и антивирусната програма е добре да имунизирате системата си с CryptoPrevent и профила Maximum Protection: (Не използвайте последната опция, защото още е бъгава и не работи коректно).

mtBkCIZ.jpg

Ако имате проблеми с инсталацията на програми след използването на CryptoPrevent вижте следните съвети

както и тези

Не забравяйте да изключите и Autorun в Windows, защото криптовирусите могат да се настанят и на външните дискове и флашки и да заразят информацията на тези носители при свързването им с инфектирана система и след това да заразят и други системи при свързването на външните дискове към други компютри (и така да го предадете и на тях). Microsoft са създали автоматичен инструмент за целта => MSFixIt. Добре е също така след като вкарате външния диск дори и при спрян Autorun просто да сканирате буквата на устройството с обновена антивирусна програма преди да започнете да прехвърляте данни от и към външния диск.

Има и други програми, но са главно за напреднали потребители и няма да се спирам много задълбочено на тях, защото са сравнително по-сложни за употреба на средностатистическите потребители.. Затова ще ги пропусна. Добре е да не се спира System RestoreFile History в Windows 8), да не се спира UAC - User Account Control (даже да се направи на максималното ниво на защита), да не се спира SmartScreen (наличен само в Windows 8), да се внимава с прикачените файлове към електронната поща. Добра идея е и да забраните скриптовете, ако не използвате такива с помощта на инструмента - Noscript.exe. Стартирайте го и изберете Disable. Ако ви потрябва да стартирате някога (js или vbs файлове, просто стартирайте инструмента и го направете на Enable). Добре е да се внимава и с PDF файловете (повечето програми позволяват да се изключи java script в PDF четците, да се забрани на PDF файловете да стартират външни програми и да комуникират с интернет и прочие), да се внимава с офис файловете за макрос вируси и експлоити (пак може да се затегне сигурността от настройките на офис пакетите), добре е да се внимава за файлове с двойни разширения (например ако в My Computer => Tools => Folder Options => не е премахната отметката пред "Hide extensions for known file types" ако свалите даден файл от интернет с името image.exe.jpg, вие ще го видите като image.jpg, но всъщност файла ще е image.exe и щом го стартирате това ще задейства и вируса).

5. Добра идея е да инсталирате Malwarebytes Anti-Exploit за да си осигурите спокойствие при сърфиране. Трудничко е, но просто няма как. Потребителите трябва да се научат да проявяват бдителност и хигиена при сърфиране.

6. За подобряване на производителността (ако системата ви се вижда мудна) вижте следните няколко теми:

Оптимизиране на Windows с цел по-добра производителност

Ръководство за поддръжка на Windows (XP, Vista и 7) [Revision 2.0]

Какво да направя, ако компютърът ми работи бавно

7. Проверете системата си актуални драйвери от сайтовете на производителите на компонентите ако ви се занимава (не използвайте програми за автоматично обновяване на драйверите за да си спестите главоболията после) и направете пълна проверка за гадини с наличната ви антивирусна програма за всеки случай.

8. Винаги правете бекъп на важните си документи на външни носители и за не толкова ценните неща на cloud услуги. Научете се да не инсталирате програми от съмнителни източници. Добра идея е да се научите да си създавате огледални образи на текущото работещо състояние на дяла на който се намира Операционната Система. Възстановяването на такъв образ при нужда в пъти по-лесен и бърз начин за връщане на работещото състояние на системата от преинсталация или опит за ръчно премахване на даден проблем. Такъв образ може да се създаде с външна програма като Macrium Reflect Free. Можете да видите и тази тема

Поздрави и усмихната седмица! Ще маркирам случая като РЕШЕН! :bye1:

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход


  • Подобни теми

    • от beemer
      Здравейте, както съм споделил тук, имам съмнение за заразен компютър, като опитвайки се да инсталирам Malwarebytes не успявам да го отворя по никакъв начин, което ме навява още по-силно на съмнението, че съм барнал вирус.
      Прикачвам репорт файловете.
      Ще помоля за вашето съдействие.
       
      Addition.txt
      FRST.txt
    • от porata
      Добър ден. Мисля че съм се заразил от някъде с доста неприятни вируси
      Днес забелязах че след рестарт на машината първото нещо което стартира след като се пусне лин-а е някакъв произволен сайт в този случай сайт с няккакви реклами..
      Както и самата машина някак си започна да забива и насича 
      Ети логовете



       
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
      Ran by GAMEPC (administrator) on GAMEPC-PC (10-01-2018 17:49:26)
      Running from C:\Users\GAMEPC\Downloads
      Loaded Profiles: GAMEPC (Available Profiles: GAMEPC)
      Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Български (България)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [AutoKMS] => C:\Windows\AutoKMS.exe [615936 2017-09-08] ()
      HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-17] (Disc Soft Ltd)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Viber] => C:\Users\GAMEPC\AppData\Local\Viber\Viber.exe [34472016 2017-12-12] (Viber Media S.à r.l.)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Discord] => C:\Users\GAMEPC\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [GAMEPC] => explorer.exe hxxp://ozirizsoos.info <==== ATTENTION
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\MountPoints2: {609d2171-c4d2-11e7-a1c0-048d38748987} - E:\Lenovo_Suite.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 87.121.24.12
      Tcpip\..\Interfaces\{F8E6BFBF-08DD-4CEC-8468-25670AF9DFE4}: [DhcpNameServer] 87.121.24.12
      Internet Explorer:
      ==================
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-21] (Oracle Corporation)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-21] (Oracle Corporation)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-21] (Oracle Corporation)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-21] (Oracle Corporation)
      FireFox:
      ========
      FF DefaultProfile: mrpwyf7s.default
      FF ProfilePath: C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default [2018-01-10]
      FF Homepage: Mozilla\Firefox\Profiles\mrpwyf7s.default -> google.bg
      FF Extension: (uBlock Origin) - C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\Extensions\uBlock0@raymondhill.net.xpi [2017-12-26]
      FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-21] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-21] (Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
      FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-21] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-21] (Oracle Corporation)
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-04] (NVIDIA Corporation)
      FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-04] (NVIDIA Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
      Chrome: 
      =======
      CHR StartupUrls: Default -> "hxxp://google.bg/"
      CHR Profile: C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default [2018-01-10]
      CHR Extension: (Презентации) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Документи) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Диск) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-08]
      CHR Extension: (YouTube) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-08]
      CHR Extension: (Таблици) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Документи офлайн) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-08]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-08]
      CHR Extension: (Gmail) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-08]
      CHR Extension: (Chrome Media Router) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-12]
      Opera: 
      =======
      OPR Extension: (uBlock Origin) - C:\Users\GAMEPC\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2017-12-16]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-16] ()
      R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291392 2017-08-17] (Disc Soft Ltd)
      S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2017-12-08] (EasyAntiCheat Ltd)
      R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
      S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
      S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2017-09-08] (Realtek Semiconductor.) [File not signed]
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-06-20] (Microsoft Corporation)
      R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651136 2017-09-08] (Microsoft Corporation) [File not signed]
      R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
      R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2017-09-08] (Advanced Micro Devices Inc.)
      R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-09-11] (Disc Soft Ltd)
      R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-09-11] (Disc Soft Ltd)
      R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-09-08] (REALiX(tm))
      S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2017-09-08] (Qualcomm Atheros Co., Ltd.)
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-16] (NVIDIA Corporation)
      R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-11-16] (NVIDIA Corporation)
      R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-11-16] (NVIDIA Corporation)
      R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [61656 2017-09-08] (Realtek Semiconductor Corporation )
      S3 BEDaisy; \??\C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [X]
      S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-01-10 17:49 - 2018-01-10 17:49 - 000013425 _____ C:\Users\GAMEPC\Downloads\FRST.txt
      2018-01-10 17:48 - 2018-01-10 17:49 - 000000000 ____D C:\FRST
      2018-01-10 17:47 - 2018-01-10 17:47 - 002393088 _____ (Farbar) C:\Users\GAMEPC\Downloads\FRST64.exe
      2018-01-10 16:50 - 2018-01-10 16:50 - 000047308 _____ C:\Users\GAMEPC\Downloads\Malcolm.S05.BGAUDIO.torrent
      2018-01-10 15:52 - 2018-01-09 21:50 - 000000230 ___SH C:\Users\Public\Libraries.ini
      2018-01-08 22:48 - 2018-01-08 22:48 - 000025438 _____ C:\Users\GAMEPC\Downloads\Malcolm in the Middle Season 4 TVRip BGAudio [***].torrent
      2018-01-08 18:01 - 2018-01-08 18:01 - 000000000 ____D C:\Program Files (x86)\VulkanRT
      2018-01-08 18:01 - 2018-01-04 02:01 - 000137528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
      2018-01-08 18:01 - 2017-11-02 22:15 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
      2018-01-08 18:01 - 2017-11-02 22:15 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
      2018-01-08 18:01 - 2017-11-02 22:15 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
      2018-01-08 18:01 - 2017-11-02 22:14 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
      2018-01-08 18:00 - 2018-01-08 18:00 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
      2018-01-08 17:58 - 2018-01-04 03:39 - 040269624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 035278136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 035179080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 027856456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 019796008 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 018730328 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 017303112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
      2018-01-08 17:58 - 2018-01-04 03:39 - 016450056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 015408072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 013430632 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 012842984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 011015584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 010900248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 003902448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 003874728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 003432944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 001975184 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439065.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 001674544 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439065.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 001134952 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 001125688 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 001054512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000988144 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000939504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000885680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000616240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000528312 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000506672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000447424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000226760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
      2018-01-08 17:58 - 2018-01-04 03:39 - 000171896 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000154208 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000149736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000132072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000045600 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
      2018-01-08 17:58 - 2018-01-04 03:39 - 000000669 _____ C:\Windows\system32\nv-vk64.json
      2018-01-06 18:55 - 2018-01-06 18:55 - 000019998 _____ C:\Users\GAMEPC\Downloads\Malcolm in the Middle Season 3 TVRip BGAudio [***].torrent
      2018-01-05 18:31 - 2018-01-05 18:31 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Electronic Arts
      2018-01-05 18:13 - 2018-01-05 18:13 - 000000000 ____D C:\Users\GAMEPC\Documents\PCSX2
      2018-01-05 18:12 - 2018-01-05 18:12 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\PCSX2
      2018-01-05 18:02 - 2018-01-05 18:02 - 000039666 _____ C:\Users\GAMEPC\Downloads\Harry.Potter.and.the.Deathly.Hallows.Part.2-SKIDROW.torrent
      2018-01-05 18:02 - 2018-01-05 18:02 - 000039666 _____ C:\Users\GAMEPC\Downloads\Harry.Potter.and.the.Deathly.Hallows.Part.2-SKIDROW (1).torrent
      2018-01-05 18:02 - 2018-01-05 18:02 - 000006830 _____ C:\Users\GAMEPC\Downloads\Harry.Potter.and.The.Deathly.Hallows.Part.2.Proper.CRACK.ONLY-RELOADED.torrent
      2018-01-05 17:59 - 2018-01-05 17:59 - 000060214 _____ C:\Users\GAMEPC\Downloads\Crash_titans_pc_rus.iso (1).torrent
      2018-01-05 17:58 - 2018-01-05 17:58 - 000060214 _____ C:\Users\GAMEPC\Downloads\Crash_titans_pc_rus.iso.torrent
      2018-01-04 22:15 - 2018-01-04 22:15 - 000024355 _____ C:\Users\GAMEPC\Downloads\Malcolm.In.Тhe.Middle.S02.TVRiP.BGAUDiO-GOMBO.torrent
      2018-01-03 21:18 - 2018-01-03 21:18 - 000016750 _____ C:\Users\GAMEPC\Downloads\Malcolm.In.Тhe.Middle.S01.TVRiP.BGAUDiO-GOMBO.torrent
      2018-01-02 14:13 - 2018-01-02 14:13 - 000014967 _____ C:\Users\GAMEPC\Downloads\The.X.Files.I.Want.to.Believe.2008.DVDRip.XviD.BGAUDiO-SiSO.torrent
      2018-01-02 14:12 - 2018-01-02 14:12 - 000034573 _____ C:\Users\GAMEPC\Downloads\The.X.Files.I.Want.to.Believe.2008.DC.480p.BDRip.XviD.AC3-AsA.torrent
      2018-01-02 14:12 - 2018-01-02 14:12 - 000025883 _____ C:\Users\GAMEPC\Downloads\The.X.Files.I.Want.to.Believe.2008.DirCut.720p.BluRay.DTS.x264_ESiR.(subs.sab.bz).rar
      2018-01-02 13:49 - 2018-01-02 13:49 - 000014977 _____ C:\Users\GAMEPC\Downloads\The.X.Files.1998.BDRip.XviD.Dual.Audio[Bul-Eng]-TBO (1).torrent
      2018-01-02 13:47 - 2018-01-02 13:47 - 000014977 _____ C:\Users\GAMEPC\Downloads\The.X.Files.1998.BDRip.XviD.Dual.Audio[Bul-Eng]-TBO.torrent
      2018-01-02 09:53 - 2018-01-02 09:53 - 000114625 _____ C:\Users\GAMEPC\Downloads\Bright.2017.HDRip.XviD.AC3-EVO.torrent
      2018-01-02 09:53 - 2018-01-02 09:53 - 000039426 _____ C:\Users\GAMEPC\Downloads\bright.2017.1080p.nf.web-dl.dd5.1.h.264-ika(subsunacs.net).rar
      2017-12-28 21:02 - 2017-12-28 21:02 - 000035829 _____ C:\Users\GAMEPC\Downloads\The X Files S01 ep10-12.torrent
      2017-12-28 21:02 - 2017-12-28 21:02 - 000034149 _____ C:\Users\GAMEPC\Downloads\The X Files S01 ep07-09.torrent
      2017-12-28 18:17 - 2017-12-28 18:17 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\TslGame
      2017-12-28 17:03 - 2017-12-28 17:03 - 000000222 _____ C:\Users\GAMEPC\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS.url
      2017-12-28 17:03 - 2017-12-28 17:03 - 000000222 _____ C:\Users\GAMEPC\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS (Test Server).url
      2017-12-27 21:05 - 2017-12-27 21:05 - 000034969 _____ C:\Users\GAMEPC\Downloads\The X Files S01 ep04-06.torrent
      2017-12-27 21:04 - 2017-12-27 21:04 - 000070165 _____ C:\Users\GAMEPC\Downloads\The X Files S01 ep01-03 (1).torrent
      2017-12-27 19:01 - 2017-12-27 19:01 - 000070165 _____ C:\Users\GAMEPC\Downloads\The X Files S01 ep01-03.torrent
      2017-12-27 17:54 - 2017-12-27 17:54 - 000068903 _____ C:\Users\GAMEPC\Downloads\The.X-Files.S10.1080p.BluRay.AVC.x264.MULTi.AC3-STM.torrent
      2017-12-26 18:47 - 2017-12-26 18:47 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\GAMEPC\Downloads\flashplayer28_ka_install.exe
      2017-12-25 18:43 - 2017-12-25 18:43 - 000014387 _____ C:\Users\GAMEPC\Downloads\Scooby.Doo.And.The.Loch.Ness.Monster.2004.DVDRip.XviD.BGAUDIO-RRGroup.torrent
      2017-12-25 18:42 - 2017-12-25 18:42 - 000014469 _____ C:\Users\GAMEPC\Downloads\Scooby.Doo.Pirates.Ahoy.2006.DVDRip.XviD.BGAUDIO-RRGroup.torrent
      2017-12-25 18:41 - 2017-12-25 18:41 - 000016605 _____ C:\Users\GAMEPC\Downloads\Scooby-Doo.and.the.Alien.Invaders(2000)[BGAudio]TVRip.XviD-CoveR.avi.torrent
      2017-12-25 18:40 - 2017-12-25 18:40 - 000015973 _____ C:\Users\GAMEPC\Downloads\Scooby-Doo! and the Monster of Mexico (2003) [BG Audio] TVRip.XviD-CoveR.avi.torrent
      2017-12-25 18:40 - 2017-12-25 18:40 - 000015973 _____ C:\Users\GAMEPC\Downloads\Scooby-Doo! and the Monster of Mexico (2003) [BG Audio] TVRip.XviD-CoveR.avi (1).torrent
      2017-12-24 20:09 - 2017-12-24 20:09 - 000014490 _____ C:\Users\GAMEPC\Downloads\The.Nut.Job.2014.BDRip.XviD.BGaudio-REFLUX.torrent
      2017-12-24 14:27 - 2017-12-24 14:27 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Adobe
      2017-12-23 21:42 - 2017-12-23 21:42 - 001556480 _____ C:\Users\GAMEPC\Downloads\Непотвърдено 653969.crdownload
      2017-12-21 16:16 - 2017-12-16 02:21 - 001990128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438871.dll
      2017-12-21 16:16 - 2017-12-16 02:21 - 001674736 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438871.dll
      2017-12-17 17:07 - 2017-12-17 17:47 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Might & Magic Heroes VI
      2017-12-17 17:07 - 2017-12-17 17:17 - 000000000 ____D C:\Users\GAMEPC\Documents\Might & Magic Heroes VI
      2017-12-17 17:07 - 2017-12-17 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Repack by Fenixx
      2017-12-17 16:27 - 2017-12-17 16:27 - 000038163 _____ C:\Users\GAMEPC\Downloads\Might & Magic.Heroes 6.Gold Edition.v 2.1.1.0 + 4 DLC.(Бука).(2012).Repack.torrent
      2017-12-17 15:54 - 2017-12-17 15:54 - 000003429 _____ C:\Users\GAMEPC\Downloads\DiRT Rally Hotfix v1.0.109.3940 - BAT.torrent
      2017-12-17 15:53 - 2017-12-17 15:53 - 000105021 _____ C:\Users\GAMEPC\Downloads\DiRT.Rally-RELOADED.torrent
      2017-12-16 22:49 - 2017-12-16 22:50 - 004228256 _____ (Husdawg, LLC) C:\Users\GAMEPC\Downloads\Detection.exe
      2017-12-16 16:33 - 2017-12-16 16:33 - 000000000 ____D C:\Users\GAMEPC\Documents\Diablo III
      2017-12-16 13:58 - 2017-12-16 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
      2017-12-16 13:53 - 2017-12-16 15:13 - 000000000 ____D C:\Users\GAMEPC\Documents\StarCraft II
      2017-12-16 13:52 - 2017-12-16 14:34 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
      2017-12-16 13:48 - 2017-12-16 14:38 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Blizzard Entertainment
      2017-12-16 13:47 - 2017-12-16 13:47 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Blizzard
      2017-12-16 13:46 - 2017-12-16 13:47 - 000000000 ____D C:\ProgramData\Battle.net
      2017-12-16 13:46 - 2017-12-16 13:46 - 004215792 _____ (Blizzard Entertainment) C:\Users\GAMEPC\Downloads\StarCraft-II-Setup.exe
      2017-12-14 14:20 - 2017-12-14 14:21 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Viber
      2017-12-11 21:56 - 2018-01-10 16:01 - 000002131 _____ C:\Users\GAMEPC\Desktop\Discord.lnk
      2017-12-11 21:55 - 2018-01-10 16:01 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Discord
      2017-12-11 21:55 - 2017-12-11 21:55 - 054332920 _____ (Discord Inc.) C:\Users\GAMEPC\Downloads\DiscordSetup (1).exe
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-01-10 17:45 - 2009-07-14 07:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-01-10 17:45 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2018-01-10 17:41 - 2017-12-06 18:25 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\ViberPC
      2018-01-10 17:41 - 2017-09-23 17:42 - 000000000 ____D C:\Program Files (x86)\Steam
      2018-01-10 17:41 - 2017-09-08 13:25 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Skype
      2018-01-10 17:40 - 2017-09-08 13:03 - 000000000 ____D C:\ProgramData\NVIDIA
      2018-01-10 17:39 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-01-10 17:32 - 2009-07-14 06:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-01-10 17:32 - 2009-07-14 06:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-01-10 17:30 - 2017-09-08 12:34 - 000000000 ____D C:\Program Files (x86)\Opera
      2018-01-10 17:16 - 2017-09-10 00:33 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\qBittorrent
      2018-01-10 16:34 - 2017-09-08 12:51 - 000000000 ____D C:\Users\GAMEPC\AppData\LocalLow\Mozilla
      2018-01-10 16:01 - 2017-10-13 15:36 - 000000000 ____D C:\Users\GAMEPC\Documents\ViberDownloads
      2018-01-10 16:01 - 2017-09-09 21:09 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
      2018-01-10 16:01 - 2017-09-09 21:09 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\discord
      2018-01-10 16:01 - 2017-09-08 13:05 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\NVIDIA
      2018-01-10 15:58 - 2017-09-08 12:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2018-01-10 15:58 - 2017-09-08 12:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2018-01-09 21:27 - 2017-09-18 18:14 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2018-01-09 21:27 - 2017-09-18 18:14 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2018-01-09 21:27 - 2017-09-18 18:14 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
      2018-01-09 21:27 - 2017-09-18 18:14 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2018-01-09 21:27 - 2017-09-18 18:14 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2018-01-09 21:27 - 2017-09-18 18:14 - 000000000 ____D C:\Windows\system32\Macromed
      2018-01-09 17:15 - 2017-09-08 12:35 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-01-09 17:15 - 2017-09-08 12:35 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-01-08 18:02 - 2017-09-08 13:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
      2018-01-08 18:02 - 2017-09-08 12:20 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
      2018-01-08 18:02 - 2017-09-08 12:20 - 000000000 ____D C:\Program Files\NVIDIA Corporation
      2018-01-05 18:41 - 2017-09-08 14:54 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\CrashDumps
      2018-01-05 18:28 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2018-01-04 16:47 - 2017-09-27 00:35 - 000000000 ____D C:\Users\GAMEPC\Documents\Euro Truck Simulator 2
      2018-01-04 03:39 - 2017-09-08 13:02 - 019677112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
      2018-01-04 03:39 - 2017-09-08 13:02 - 004375648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
      2018-01-04 03:39 - 2017-09-08 13:02 - 000492048 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
      2018-01-04 03:39 - 2017-09-08 12:22 - 022573984 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
      2018-01-04 03:39 - 2017-09-08 12:21 - 000045386 _____ C:\Windows\system32\nvinfo.pb
      2018-01-04 03:39 - 2017-09-08 12:19 - 001682288 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
      2018-01-04 02:33 - 2017-09-08 13:03 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
      2018-01-04 01:50 - 2017-09-08 13:03 - 005951336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 002588232 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 001768480 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 000631880 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 000450352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 000123704 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 000081992 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
      2017-12-28 18:18 - 2017-09-08 13:05 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\NVIDIA Corporation
      2017-12-28 18:17 - 2017-09-08 12:20 - 000000000 ____D C:\ProgramData\Package Cache
      2017-12-25 18:46 - 2017-09-10 00:39 - 000000973 _____ C:\Users\GAMEPC\Desktop\PotPlayer 64 bit.lnk
      2017-12-24 21:07 - 2017-09-08 13:03 - 007928821 _____ C:\Windows\system32\nvcoproc.bin
      2017-12-21 16:10 - 2017-09-08 12:35 - 000003864 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1504866897
      2017-12-17 17:48 - 2017-11-29 18:58 - 000000000 ____D C:\ProgramData\Codemasters
      2017-12-17 17:48 - 2017-09-28 19:51 - 000000000 ____D C:\Users\GAMEPC\Documents\My Games
      2017-12-17 17:07 - 2017-11-28 17:35 - 000000000 ____D C:\ProgramData\Orbit
      2017-12-16 21:51 - 2017-09-08 12:51 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Mozilla
      2017-12-15 15:29 - 2017-09-08 12:20 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
      2017-12-11 21:56 - 2017-09-09 21:09 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\SquirrelTemp
      Some files in TEMP:
      ====================
      2017-12-28 18:19 - 2017-12-28 18:19 - 000000180 _____ () C:\Users\GAMEPC\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
      2017-12-28 18:19 - 2018-01-09 18:20 - 000000016 _____ () C:\Users\GAMEPC\AppData\Local\Temp\9cfeec25b194d212cb1a549f559db4ab.dll
      2011-04-29 03:10 - 2011-04-29 03:10 - 002027328 _____ (Electronic Arts, Inc.) C:\Users\GAMEPC\AppData\Local\Temp\installerdll1824963827.dll
      2011-04-29 03:10 - 2011-04-29 03:10 - 002027328 _____ (Electronic Arts, Inc.) C:\Users\GAMEPC\AppData\Local\Temp\installerdll1824966448.dll
      2017-10-21 13:00 - 2017-10-21 13:00 - 001856576 _____ (Oracle Corporation) C:\Users\GAMEPC\AppData\Local\Temp\jre-8u151-windows-au.exe
      2017-11-15 00:12 - 2017-10-27 18:06 - 000760032 _____ (NVIDIA Corporation) C:\Users\GAMEPC\AppData\Local\Temp\nvSCPAPI.dll
      2017-09-08 13:03 - 2017-12-16 00:47 - 000874880 _____ (NVIDIA Corporation) C:\Users\GAMEPC\AppData\Local\Temp\nvSCPAPI64.dll
      2017-11-15 00:09 - 2017-12-16 00:47 - 000371000 _____ (NVIDIA Corporation) C:\Users\GAMEPC\AppData\Local\Temp\nvStInst.exe
      2011-04-29 03:31 - 2011-04-29 03:31 - 034523568 _____ (Electronic Arts, Inc.) C:\Users\GAMEPC\AppData\Local\Temp\Setup.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-01-10 17:08
      ==================== End of FRST.txt ============================











       
      Addition_10-01-2018 17.50.21.txt
    • от Васил Джамбазов
      Както казва заглавието когато влизам в различни страници и трябва да ми излезе това captcha дето проверавя дали съм робот но не ми излиза нищо. Или само си върти или напълно нищо не показва. Пробвал съм със 4 различни браузъри и наквсякъде е същото. Рових в нета сумати време и нищо не ми помага. Де-инсталирах антивирусна, махах всички екстенжъни на браузърите и няма резултат. Мисля че проблема ми е в самия компютър някъде.  
      - Не разполагам с компакт диск за ОС. 
       
       
      Addition.txt
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
      Ran by userr (administrator) on USERR-PC (24-12-2017 01:13:05)
      Running from E:\scoped_dir3952_30355
      Loaded Profiles: userr (Available Profiles: userr)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Bulgarian (Bulgaria)
      Internet Explorer Version 11 (Default browser: Opera)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
      (Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      () C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      () C:\Windows\SysWOW64\PnkBstrA.exe
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
      () C:\Program Files (x86)\qBittorrent\qbittorrent.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Gaijin Entertainment) C:\Users\userr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
      (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
      HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
      HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-23] (AVAST Software)
      HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
      HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2014-01-30] (ABBYY Production LLC.)
      HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2016-03-03] ()
      HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "D:\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [15377920 2014-04-29] ()
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [Gaijin.Net Agent] => C:\Users\userr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2268232 2017-11-01] (Gaijin Entertainment)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\MountPoints2: {87819dae-0c57-11e4-9eea-d050991a0dfa} - G:\setup.exe
      AppInit_DLLs: C:\Users\userr\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => No File
      IFEO\bitguard.exe: [Debugger] tasklist.exe
      IFEO\bprotect.exe: [Debugger] tasklist.exe
      IFEO\bpsvc.exe: [Debugger] tasklist.exe
      IFEO\browserdefender.exe: [Debugger] tasklist.exe
      IFEO\browserprotect.exe: [Debugger] tasklist.exe
      IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
      IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
      IFEO\jumpflip: [Debugger] tasklist.exe
      IFEO\protectedsearch.exe: [Debugger] tasklist.exe
      IFEO\searchinstaller.exe: [Debugger] tasklist.exe
      IFEO\searchprotection.exe: [Debugger] tasklist.exe
      IFEO\searchprotector.exe: [Debugger] tasklist.exe
      IFEO\searchsettings.exe: [Debugger] tasklist.exe
      IFEO\searchsettings64.exe: [Debugger] tasklist.exe
      IFEO\snapdo.exe: [Debugger] tasklist.exe
      IFEO\stinst32.exe: [Debugger] tasklist.exe
      IFEO\stinst64.exe: [Debugger] tasklist.exe
      IFEO\umbrella.exe: [Debugger] tasklist.exe
      IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
      IFEO\volaro: [Debugger] tasklist.exe
      IFEO\vonteera: [Debugger] tasklist.exe
      IFEO\websteroids.exe: [Debugger] tasklist.exe
      IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
      Startup: C:\Users\userr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Изрязване на екран и стартиране на OneNote 2010.lnk [2017-04-19]
      ShortcutTarget: Изрязване на екран и стартиране на OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      AutoConfigURL: [S-1-5-21-845983760-1135253478-3104952537-1000] => hxxp://un-stop.net/wpad.dat?c88dfa84e125e454a786d466e2e3db8a7686672
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
      Tcpip\..\Interfaces\{5650381A-159B-4673-BC63-260706D9F749}: [DhcpNameServer] 192.168.100.1
      ManualProxies: 0hxxp://un-stop.net/wpad.dat?c88dfa84e125e454a786d466e2e3db8a7686672
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1431722435&z=60bd0491cc64661fd12a8edg0zcc0g3m0oeo1zbcat&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13800&tm=449&src=ds&p={searchTerms}
      SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13800&tm=449&src=ds&p={searchTerms}
      SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-15] (Oracle Corporation)
      BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-12-23] (AVAST Software)
      BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
      BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-15] (Oracle Corporation)
      BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-15] (Oracle Corporation)
      BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-12-23] (AVAST Software)
      BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-15] (Oracle Corporation)
      StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1431722400&z=cc566e9454f28cf2ca26295g0z7cdgamco6odz3eec&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX
      FireFox:
      ========
      FF ProfilePath: C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default [2017-12-24]
      FF user.js: detected! => C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\user.js [2016-03-15]
      FF Extension: (Avast SafePrice) - C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\Extensions\sp@avast.com.xpi [2017-12-23]
      FF Extension: (Avast Online Security) - C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\Extensions\wrc@avast.com.xpi [2017-12-23]
      FF SearchPlugin: C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\searchplugins\default-search.xml [2014-08-24]
      FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-15] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-15] (Oracle Corporation)
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-12-05] (Adobe Systems, Inc.)
      FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-15] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-15] (Oracle Corporation)
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-01] (NVIDIA Corporation)
      FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-01] (NVIDIA Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR Profile: C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default [2017-12-24]
      CHR Extension: (Assassin's Creed IV Black Flag) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibflpbghgmiinfaefgnldmfajdance [2017-06-01]
      CHR Extension: (Docs) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-19]
      CHR Extension: (YouTube) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-20]
      CHR Extension: (Google Docs Offline) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
      CHR Extension: (Gmail) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-19]
      CHR Extension: (Chrome Media Router) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\userr\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [2014-08-24]
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      Opera: 
      =======
      OPR Extension: (Adblock Plus) - C:\Users\userr\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-09-29]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC)
      S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-23] (AVAST Software)
      R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2015-09-25] (Autodesk) [File not signed]
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-23] (AVAST Software)
      S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-01-26] (BitRaider, LLC)
      S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6532664 2016-08-06] (GOG.com)
      S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
      R2 mi-raysat_3dsMax2009_64; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [65536 2008-03-09] () [File not signed]
      S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4121080 2011-06-13] (INCA Internet Co., Ltd.) [File not signed]
      R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
      S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
      R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-04-01] (NVIDIA Corporation)
      R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
      R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-24] ()
      S3 TunngleService; D:\Tunngle\TnglCtrl.exe [809424 2015-10-27] (Tunngle.net GmbH) [File not signed]
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      S2 Ds3Service; "D:\Downloads\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe" [X]
      S3 GalaxyClientService; "C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe" [X]
      S2 Hamachi2Svc; "D:\LogMeIn Hamachi\x64\hamachi-2.exe" -s [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2017-12-23] (AVAST Software)
      S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2017-12-23] (AVAST Software)
      S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2017-12-23] (AVAST Software)
      S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2017-12-23] (AVAST Software)
      S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2017-12-23] (AVAST Software)
      R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2017-12-23] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2017-12-23] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146664 2017-12-23] (AVAST Software)
      S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2017-12-23] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2017-12-23] (AVAST Software)
      S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2017-12-23] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457400 2017-12-23] (AVAST Software)
      S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2017-12-23] (AVAST Software)
      S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2017-12-23] (AVAST Software)
      S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2016-06-30] ()
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-07-15] (DT Soft Ltd)
      S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-01-24] ()
      R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2016-06-30] ()
      R3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2014-09-16] (MotioninJoy) [File not signed]
      S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
      R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
      R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-04-01] (NVIDIA Corporation)
      R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
      S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [21888 2006-01-29] (Syncrosoft GmbH) [File not signed]
      R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
      U3 aswbdisk; no ImagePath
      S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
      S3 dump_wmimmc; \??\D:\Phantasy Star Universe\PHANTASY STAR UNIVERSE\GameGuard\dump_wmimmc.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-24 01:12 - 2017-12-24 01:13 - 000000000 ____D C:\FRST
      2017-12-23 12:34 - 2017-12-23 12:34 - 000000000 ____D C:\ProgramData\SWCUTemp
      2017-12-23 03:20 - 2017-12-23 03:20 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-23 03:20 - 2017-12-23 03:20 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-23 03:20 - 2017-12-23 03:20 - 000004474 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
      2017-12-23 03:20 - 2017-12-23 03:20 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-23 02:44 - 2017-12-23 02:44 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
      2017-12-23 02:44 - 2017-12-23 02:44 - 000001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2017-12-23 02:44 - 2017-12-23 02:44 - 000000000 ____D C:\Users\userr\AppData\Roaming\AVAST Software
      2017-12-23 02:44 - 2017-12-23 02:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
      2017-12-23 02:43 - 2017-12-23 02:41 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      2017-12-23 02:43 - 2017-12-23 02:41 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
      2017-12-23 02:39 - 2017-12-23 02:39 - 000000000 ____D C:\Program Files\AVAST Software
      2017-12-23 02:30 - 2017-12-23 02:38 - 000000000 ____D C:\Users\userr\AppData\Local\AvgSetupLog
      2017-12-23 02:07 - 2017-12-24 01:10 - 000000000 ____D C:\Users\userr\AppData\LocalLow\Mozilla
      2017-12-23 02:06 - 2017-12-23 02:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-12-23 02:06 - 2017-12-23 02:06 - 000000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-12-10 18:50 - 2017-12-10 19:16 - 000000000 ____D C:\Users\userr\AppData\Roaming\Kodi
      2017-12-10 18:50 - 2017-12-10 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
      2017-12-10 18:49 - 2017-12-10 18:50 - 000000000 ____D C:\Program Files (x86)\Kodi
      2017-12-06 22:46 - 2017-12-06 22:46 - 000000000 ____D C:\Program Files\Common Files\Avast Software
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-24 00:38 - 2014-07-15 18:17 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-23 12:42 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 12:42 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 12:34 - 2014-07-15 17:50 - 000000000 ____D C:\ProgramData\NVIDIA
      2017-12-23 12:33 - 2014-08-24 19:53 - 000000000 ____D C:\Users\userr\AppData\Roaming\AVG
      2017-12-23 12:33 - 2014-08-24 19:53 - 000000000 ____D C:\Users\userr\AppData\Local\AVG
      2017-12-23 12:33 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-12-23 03:20 - 2014-08-26 10:46 - 000000000 ____D C:\Users\userr\AppData\Local\Adobe
      2017-12-23 03:20 - 2014-07-15 18:17 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-23 03:16 - 2016-01-03 00:01 - 000000000 ____D C:\Users\userr\AppData\Local\CrashDumps
      2017-12-23 02:38 - 2016-05-15 19:06 - 000000000 ____D C:\ProgramData\AVAST Software
      2017-12-23 02:38 - 2014-08-24 19:52 - 000000000 ____D C:\ProgramData\AVG
      2017-12-23 02:07 - 2014-07-15 18:21 - 000000000 ____D C:\Users\userr\AppData\Roaming\Mozilla
      2017-12-23 02:06 - 2014-07-15 18:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-21 04:29 - 2014-10-16 22:00 - 000003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1413489654
      2017-12-21 04:29 - 2014-07-15 18:15 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2017-12-21 04:29 - 2014-07-15 18:15 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2017-12-20 12:42 - 2014-07-15 22:11 - 000000000 ____D C:\Program Files (x86)\Opera
      2017-12-12 02:54 - 2014-07-15 18:15 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-10 19:02 - 2014-07-18 10:15 - 000000000 ____D C:\Program Files (x86)\Winamp
      2017-12-02 15:06 - 2016-02-27 13:58 - 000000000 ____D C:\Users\userr\AppData\Roaming\vlc
      2017-11-30 19:55 - 2009-07-14 07:13 - 000800086 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-11-30 19:55 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      ==================== Files in the root of some directories =======
      2015-06-28 11:25 - 2015-06-28 12:50 - 000003958 _____ () C:\Users\userr\AppData\Roaming\LTspiceIV.ini
      2016-01-01 23:01 - 2016-01-15 22:41 - 000007168 _____ () C:\Users\userr\AppData\Roaming\SQLiteManager3.pref
      2016-03-10 19:19 - 2016-03-10 19:19 - 000003584 _____ () C:\Users\userr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2014-07-23 18:59 - 2016-02-24 12:08 - 000000601 _____ () C:\Users\userr\AppData\Local\DialogChoices.xml
      2016-12-14 12:38 - 2016-12-14 12:38 - 000000600 _____ () C:\Users\userr\AppData\Local\PUTTY.RND
      2015-05-29 13:21 - 2015-05-29 13:21 - 000003992 _____ () C:\Users\userr\AppData\Local\recently-used.xbel
      2016-01-01 23:13 - 2009-09-24 21:36 - 000000486 _____ () C:\Users\userr\AppData\Local\uninstall.html
      Some files in TEMP:
      ====================
      2015-09-25 10:11 - 2014-07-31 18:54 - 000015752 _____ (Autodesk, Inc.) C:\Users\userr\AppData\Local\Temp\AcDeltree.exe
      2016-12-09 15:51 - 2016-12-09 15:51 - 000223744 _____ (Un4seen Developments) C:\Users\userr\AppData\Local\Temp\Bass.dll
      2016-12-09 15:51 - 2016-12-09 15:51 - 000647168 _____ (radio42) C:\Users\userr\AppData\Local\Temp\Bass.Net.dll
      2016-04-16 11:05 - 2016-04-16 11:05 - 000385024 _____ (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\Crysis_Patch_1_2_launcher.exe
      2016-04-22 16:02 - 2016-04-23 19:52 - 000208896 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7340014.dll
      2016-04-22 16:08 - 2016-04-23 19:41 - 000204800 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7370014.dll
      2016-04-23 19:57 - 2016-04-24 10:30 - 000204800 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7390004.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000027352 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\DseShExt-x64.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000029912 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\DseShExt-x86.dll
      2015-12-15 08:20 - 2015-12-15 08:20 - 000010240 _____ () C:\Users\userr\AppData\Local\Temp\fh2communityupdaterselfupdate.exe
      2016-06-13 18:37 - 2016-06-13 18:37 - 001962752 _____ (Flexera Software LLC) C:\Users\userr\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
      2015-01-29 15:58 - 2006-01-09 06:35 - 000159744 ____R () C:\Users\userr\AppData\Local\Temp\GMfc.dll
      2016-03-21 16:06 - 2016-03-21 16:06 - 001022043 _____ (                                                            ) C:\Users\userr\AppData\Local\Temp\ICReinstall_HDVideoPlayer.exe
      2016-07-28 09:16 - 2016-07-28 09:16 - 000741440 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u101-windows-au.exe
      2016-10-22 10:00 - 2016-10-22 10:00 - 000737856 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u111-windows-au.exe
      2017-01-21 09:41 - 2017-01-21 09:41 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u121-windows-au.exe
      2017-04-25 10:50 - 2017-04-25 10:50 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u131-windows-au.exe
      2017-07-21 08:54 - 2017-07-21 08:54 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u141-windows-au.exe
      2017-11-15 11:43 - 2017-11-15 11:43 - 001856576 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u151-windows-au.exe
      2016-03-27 09:48 - 2016-03-27 09:48 - 000736320 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u77-windows-au.exe
      2016-04-24 10:15 - 2016-04-24 10:15 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u91-windows-au.exe
      2015-01-29 15:58 - 1999-12-17 14:00 - 000995383 ____R (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\Mfc42.dll
      2015-01-29 15:58 - 1999-12-17 14:00 - 000295000 ____R (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\MSVCRT.dll
      2016-03-07 10:20 - 2016-03-07 10:20 - 005495448 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe
      2016-08-16 17:42 - 2016-08-16 17:42 - 006359496 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.23.exe
      2016-01-25 13:38 - 2016-01-25 13:38 - 006350128 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.6.exe
      2017-01-02 12:39 - 2017-01-02 12:39 - 006456560 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.63.11.exe
      2017-06-14 10:20 - 2017-06-14 10:20 - 006441096 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.63.14.exe
      2015-09-01 18:07 - 2016-08-25 22:50 - 000746088 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvSCPAPI.dll
      2015-11-22 12:40 - 2015-11-14 07:54 - 000835776 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvSCPAPI64.dll
      2015-10-13 12:53 - 2015-07-23 02:46 - 000783688 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvStInst.exe
      2015-08-04 14:25 - 2015-08-04 14:25 - 000032984 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\SDShelEx-win32.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000031960 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\SDShelEx-x64.dll
      2006-01-04 09:04 - 2006-01-04 09:04 - 000098304 ____R () C:\Users\userr\AppData\Local\Temp\Setup.exe
      2016-06-23 10:10 - 2016-07-05 21:28 - 000192512 _____ () C:\Users\userr\AppData\Local\Temp\sfamcc00001.dll
      2015-02-10 19:56 - 2015-02-10 19:56 - 000105984 _____ () C:\Users\userr\AppData\Local\Temp\sfextra.dll
      2016-09-12 19:41 - 2016-09-12 19:42 - 036634172 _____ (Bogdan Ureche                                               ) C:\Users\userr\AppData\Local\Temp\SQLiteExpertPersSetup.exe
      2015-01-29 15:58 - 2006-01-09 18:37 - 000393216 ____R () C:\Users\userr\AppData\Local\Temp\UnivUI.dll
      2015-12-20 20:03 - 2015-12-20 20:03 - 013977352 _____ (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\vcredist_2015_Update_1_x86.exe
      2016-09-02 18:27 - 2016-09-02 18:28 - 000003584 _____ () C:\Users\userr\AppData\Local\Temp\_j5iljyu.dll
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-19 00:16
      ==================== End of FRST.txt ============================
      FRST.txt
    • от Емилиян Радоев
      Лаптома ми се товарии загрява мисля, че имам вируси в системата
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
      Ran by Emiliyan (administrator) on WISE (20-12-2017 16:03:52)
      Running from C:\Users\Emiliyan\Downloads
      Loaded Profiles: Emiliyan (Available Profiles: Emiliyan)
      Platform: Windows 8 (X64) Language: English (United States)
      Internet Explorer Version 10 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AMD) C:\Windows\System32\atiesrxx.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
      (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
      (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
      (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
      (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
      (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [] => [X]
      HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
      HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
      HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
      HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
      HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
      HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
      HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
      HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-12-19] (AVAST Software)
      HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
      HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-22] (Pegatron Corporation)
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-17] (Disc Soft Ltd)
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\Run: [Chromium] => "c:\users\emiliyan\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\MountPoints2: {3200876f-a128-11e7-be97-74e543b067e1} - "E:\stp-fifa17.exe" 
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\MountPoints2: {5d49cdaf-cde8-11e7-bea2-74e543b067e1} - "F:\Install.exe" 
      Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Tcpip\..\Interfaces\{4162F2B5-AEAE-42DB-9CD1-CF34657B6E2D}: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Tcpip\..\Interfaces\{72560D0F-2D93-4ECB-9356-DBA41E983165}: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
      SearchScopes: HKU\S-1-5-21-3433298263-1705697951-3842491668-1001 -> DefaultScope {0117524D-8F49-4D9B-B308-983D78D06507} URL = 
      BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
      BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
      Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
      Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
      FireFox:
      ========
      FF DefaultProfile: 1dnbjirw.default
      FF ProfilePath: C:\Users\Emiliyan\AppData\Roaming\Mozilla\Firefox\Profiles\1dnbjirw.default [2017-12-20]
      FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
      FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-07-24] (Nero AG)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
      FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
      Chrome: 
      =======
      CHR Profile: C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default [2017-12-20]
      CHR Extension: (Slides) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Docs) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Google Drive) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-21]
      CHR Extension: (YouTube) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-21]
      CHR Extension: (Google Docs Offline) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-21]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-21]
      CHR Extension: (Gmail) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-21]
      CHR Extension: (Chrome Media Router) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-12-19] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-12-19] (AVAST Software)
      R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291392 2017-08-17] (Disc Soft Ltd)
      R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
      R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
      R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
      R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-08-03] (McAfee, Inc.)
      R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-08-03] (McAfee, Inc.)
      R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-08-03] (McAfee, Inc.)
      S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
      R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-05-26] (McAfee, Inc.)
      R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-05-26] (McAfee, Inc.)
      R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-05-26] (McAfee, Inc.)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
      S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-12-19] (AVAST Software)
      S1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-12-19] (AVAST Software s.r.o.)
      R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-12-19] (AVAST Software s.r.o.)
      R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-12-19] (AVAST Software s.r.o.)
      R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-12-19] (AVAST Software s.r.o.)
      S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-12-19] (AVAST Software)
      R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-12-19] (AVAST Software)
      R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-12-19] (AVAST Software)
      R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-12-19] (AVAST Software)
      R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-12-19] (AVAST Software)
      R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-12-19] (AVAST Software)
      R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-12-19] (AVAST Software)
      R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-12-19] (AVAST Software)
      R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
      S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [69672 2012-08-03] (McAfee, Inc.)
      S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
      R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-09-24] (Disc Soft Ltd)
      R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-09-24] (Disc Soft Ltd)
      R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [169320 2012-08-03] (McAfee, Inc.)
      R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [300392 2012-08-03] (McAfee, Inc.)
      S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [66736 2012-07-19] (McAfee, Inc.)
      R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [513456 2012-08-03] (McAfee, Inc.)
      R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [752672 2012-08-03] (McAfee, Inc.)
      S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [106112 2012-08-03] (McAfee, Inc.)
      R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [335784 2012-08-03] (McAfee, Inc.)
      R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
      R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
      S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-20 16:03 - 2017-12-20 16:04 - 000015501 _____ C:\Users\Emiliyan\Downloads\FRST.txt
      2017-12-20 16:03 - 2017-12-20 16:03 - 002392064 _____ (Farbar) C:\Users\Emiliyan\Downloads\FRST64.exe
      2017-12-20 16:03 - 2017-12-20 16:03 - 000000000 ____D C:\FRST
      2017-12-20 15:51 - 2017-12-20 15:51 - 001931969 _____ C:\Users\Emiliyan\Downloads\ProcessExplorer.zip
      2017-12-19 22:11 - 2017-12-20 00:14 - 000000000 ____D C:\Users\Emiliyan\Downloads\In.Time.2011.BRRip.XviD.BGAudio-SLSS
      2017-12-19 22:10 - 2017-12-19 22:23 - 000000000 ____D C:\Users\Emiliyan\Downloads\We're.the.Millers.2013.BDRip.XviD.BGAUDiO-SLSS
      2017-12-19 19:41 - 2017-12-19 19:42 - 000000000 ____D C:\Users\Emiliyan\Downloads\Spico
      2017-12-19 19:35 - 2017-12-19 19:44 - 000000000 ____D C:\Users\Emiliyan\Downloads\KMSpico 9.2.3
      2017-12-19 19:32 - 2017-12-19 19:32 - 000000000 ____D C:\ProgramData\SWCUTemp
      2017-12-19 19:27 - 2017-12-19 19:27 - 000000000 ____D C:\Users\Emiliyan\Downloads\KMSpico_10.2.0
      2017-12-19 19:12 - 2017-12-20 15:36 - 000000000 ____D C:\Program Files\KMSpico
      2017-12-19 19:12 - 2017-12-19 19:12 - 000003742 _____ C:\WINDOWS\System32\Tasks\Optimize Thumbnail Cache Files
      2017-12-19 19:12 - 2017-12-19 19:12 - 000003272 _____ C:\WINDOWS\System32\Tasks\InstallShield® Update Service Scheduler
      2017-12-19 18:45 - 2017-12-19 18:45 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\AVAST Software
      2017-12-19 18:43 - 2017-12-19 19:11 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
      2017-12-19 18:43 - 2017-12-19 18:43 - 000001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2017-12-19 18:43 - 2017-12-19 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
      2017-12-19 18:43 - 2017-12-19 18:43 - 000000000 ____D C:\Program Files\Common Files\Avast Software
      2017-12-19 18:42 - 2017-12-19 18:43 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
      2017-12-19 18:42 - 2017-12-19 18:42 - 000001087 _____ C:\Users\Emiliyan\Desktop\Your Unin-staller!.lnk
      2017-12-19 18:42 - 2017-12-19 18:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
      2017-12-19 18:42 - 2017-12-19 18:42 - 000000000 ____D C:\Program Files (x86)\Your Uninstaller! 7
      2017-12-19 18:42 - 2017-12-19 18:41 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
      2017-12-19 18:41 - 2017-12-20 15:36 - 000000000 ____D C:\Users\Emiliyan\AppData\Local\{F5EAC3B6-D142-AF0E-BCDA-8AE698B2767E}
      2017-12-19 18:41 - 2017-12-19 18:54 - 000000000 ____D C:\ProgramData\TEMP
      2017-12-19 18:41 - 2017-12-19 18:41 - 006822592 _____ (URSoft, Inc. ) C:\Users\Emiliyan\Downloads\your_uninstaller [1].exe
      2017-12-19 18:41 - 2017-12-19 18:41 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
      2017-12-19 18:41 - 2017-12-19 18:41 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\URSoft
      2017-12-19 18:39 - 2017-12-20 15:37 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Opera Software
      2017-12-19 18:39 - 2017-12-20 15:37 - 000000000 ____D C:\Users\Emiliyan\AppData\Local\Opera Software
      2017-12-19 18:39 - 2017-12-19 18:39 - 000000000 ____D C:\Program Files\AVAST Software
      2017-12-19 18:38 - 2017-12-19 18:38 - 007289800 _____ (URSoft, Inc. ) C:\Users\Emiliyan\Downloads\yusetup7.exe
      2017-12-19 18:38 - 2017-12-19 18:38 - 000002657 _____ C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk
      2017-12-19 13:42 - 2017-12-19 13:42 - 000281568 _____ C:\WINDOWS\Minidump\121917-26937-01.dmp
      2017-12-19 13:30 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\DigitalPlayground -  Janice Griffith (50 Ways To Fuck) 12 november 2014 [.mp4]
      2017-12-19 13:28 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\TeensLikeItBig - Elsa Jean, Gia Paige, Gina Valentina (The Cocksuckers Club)
      2017-12-19 13:27 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\Naughty Bookworms - Lexi Diamond
      2017-12-19 13:27 - 2017-12-19 13:27 - 000008240 _____ C:\Users\Emiliyan\Downloads\TeensLikeItBig - Elsa Jean, Gia Paige, Gina Valentina (The Cocksuckers Club).torrent
      2017-12-19 13:26 - 2017-12-19 13:26 - 000017308 _____ C:\Users\Emiliyan\Downloads\Naughty Bookworms - Lexi Diamond.torrent
      2017-12-19 13:26 - 2017-12-19 13:26 - 000013206 _____ C:\Users\Emiliyan\Downloads\DigitalPlayground -  Janice Griffith (50 Ways To Fuck) 12 november 2014 [.mp4].torrent
      2017-12-19 13:22 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\Tiny4K- Elsa Jean - Big Game Tiny Hole
      2017-12-19 13:22 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\KAYLEE HAZE aka Kylie Nicole - Break My Hymen
      2017-12-19 13:22 - 2017-12-19 13:22 - 000019856 _____ C:\Users\Emiliyan\Downloads\Tiny4K- Elsa Jean - Big Game Tiny Hole.torrent
      2017-12-19 13:22 - 2017-12-19 13:22 - 000016441 _____ C:\Users\Emiliyan\Downloads\KAYLEE HAZE aka Kylie Nicole - Break My Hymen.torrent
      2017-12-19 13:18 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\RKPrimeReality - Apolonia Lapiedra - Apolonias Blew Movie
      2017-12-19 13:17 - 2017-12-19 13:17 - 000013807 _____ C:\Users\Emiliyan\Downloads\RKPrimeReality - Apolonia Lapiedra - Apolonias Blew Movie.torrent
      2017-12-19 13:15 - 2017-12-19 13:15 - 000019694 _____ C:\Users\Emiliyan\Downloads\TeensLikeItBig - Janice Griffith.torrent
      2017-12-19 13:15 - 2017-12-19 13:15 - 000018341 _____ C:\Users\Emiliyan\Downloads\BangbrosClips - Piper Perri (Pipe Her!! And By Her, We Mean Pipeperr!) NEW February 19 2015 SD MP4s.torrent
      2017-12-19 13:08 - 2017-12-19 13:08 - 000014431 _____ C:\Users\Emiliyan\Downloads\RKPrime - Tiffany Watson (Naughty Trainer).torrent
      2017-12-19 12:57 - 2017-12-19 12:57 - 000016656 _____ C:\Users\Emiliyan\Downloads\Elsa Jean - Bubble Blonde.torrent
      2017-12-19 12:19 - 2017-12-19 12:19 - 018316917 _____ C:\Users\Emiliyan\Downloads\Drift Pack.rar
      2017-12-17 23:39 - 2017-12-17 23:39 - 000000627 _____ C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\arhiv.lnk
      2017-12-14 00:48 - 2017-12-14 00:48 - 000000000 _____ C:\Users\Emiliyan\Desktop\New Text Document (2).txt
      2017-12-12 14:12 - 2017-12-12 14:12 - 000281512 _____ C:\WINDOWS\Minidump\121217-37562-01.dmp
      2017-12-11 20:22 - 2017-12-11 20:22 - 000000000 ____D C:\Mu BattleZone Hard (No Sound)(1)
      2017-12-11 20:01 - 2017-12-11 20:02 - 092586941 _____ C:\Mu BattleZone Hard (No Sound)(1).rar
      2017-12-07 16:14 - 2017-12-07 16:14 - 000000000 ____D C:\Users\Emiliyan\Downloads\1231
      2017-12-07 16:13 - 2017-12-07 16:14 - 092586941 _____ C:\Users\Emiliyan\Downloads\1231.rar
      2017-12-07 13:12 - 2017-12-07 13:12 - 000015260 _____ C:\Users\Emiliyan\Downloads\ReVolt_17.1124a.exe.torrent
      2017-11-24 14:44 - 2017-11-24 14:44 - 016270006 _____ C:\Users\Emiliyan\Downloads\sa-mp-0.3.7-install (1).exe
      2017-11-24 14:38 - 2017-12-18 18:43 - 000000000 ____D C:\Users\Emiliyan\Documents\GTA San Andreas User Files
      2017-11-24 14:38 - 2017-11-24 14:38 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
      2017-11-24 14:38 - 2017-11-24 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
      2017-11-24 14:28 - 2017-11-24 14:28 - 000001914 _____ C:\Users\Public\Desktop\GTA San Andreas.lnk
      2017-11-24 14:28 - 2017-11-24 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
      2017-11-24 14:28 - 2017-11-24 14:28 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
      2017-11-24 14:04 - 2017-11-24 14:04 - 016270006 _____ C:\Users\Emiliyan\Downloads\sa-mp-0.3.7-install.exe
      2017-11-24 14:04 - 2017-11-24 14:04 - 000000000 ____D C:\Users\Emiliyan\Downloads\crack
      2017-11-24 14:03 - 2017-11-24 14:03 - 004811976 _____ C:\Users\Emiliyan\Downloads\crack.rar
      2017-11-24 14:03 - 2017-11-24 14:03 - 000162504 _____ C:\Users\Emiliyan\Downloads\[ArenaBG.com]-Grand Theft Auto (GTA) San Andreas-HOODLUM.torrent
      2017-11-23 17:55 - 2017-12-19 18:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-20 15:51 - 2017-06-22 01:33 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\uTorrent
      2017-12-20 15:46 - 2017-06-22 14:55 - 000000000 ____D C:\Users\Emiliyan\AppData\LocalLow\Mozilla
      2017-12-20 12:14 - 2017-06-22 14:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2017-12-19 19:37 - 2012-07-26 09:28 - 000848230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2017-12-19 19:37 - 2012-07-26 07:37 - 000000000 ____D C:\WINDOWS\Inf
      2017-12-19 19:31 - 2017-06-22 00:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
      2017-12-19 19:30 - 2012-07-26 09:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-12-19 19:12 - 2012-08-29 23:53 - 000000000 ____D C:\WINDOWS\System32\Tasks\Toshiba
      2017-12-19 19:10 - 2017-07-07 21:08 - 000000000 ____D C:\Users\Emiliyan\Downloads\simson
      2017-12-19 18:52 - 2012-08-30 09:14 - 000000000 ____D C:\WINDOWS\Panther
      2017-12-19 18:52 - 2012-07-26 10:12 - 000000000 ___HD C:\Program Files\WindowsApps
      2017-12-19 18:52 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\AUInstallAgent
      2017-12-19 18:41 - 2017-09-24 18:24 - 000000000 ____D C:\ProgramData\AVAST Software
      2017-12-19 13:56 - 2017-11-19 22:13 - 000000000 ____D C:\Users\Emiliyan\Downloads1
      2017-12-19 13:42 - 2017-06-22 12:00 - 000000000 ____D C:\WINDOWS\Minidump
      2017-12-19 13:42 - 2017-06-22 11:59 - 715990818 _____ C:\WINDOWS\MEMORY.DMP
      2017-12-18 21:49 - 2017-10-12 12:37 - 000222208 ___SH C:\Users\Emiliyan\Desktop\Thumbs.db
      2017-12-12 22:20 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
      2017-12-12 22:20 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2017-12-12 14:11 - 2017-06-22 14:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-12 08:49 - 2017-09-21 16:27 - 000002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-12 08:49 - 2017-09-21 16:27 - 000002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-12-11 00:40 - 2017-06-22 14:53 - 000000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-11-24 15:37 - 2017-09-25 19:03 - 000281088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2017-11-24 15:36 - 2012-07-26 07:26 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
      2017-11-24 14:28 - 2012-08-29 23:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
      2017-11-23 17:56 - 2017-06-22 14:55 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Mozilla
      2017-11-23 17:56 - 2017-06-22 14:53 - 000000935 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
      ==================== Files in the root of some directories =======
      2017-06-22 01:24 - 2017-06-22 01:24 - 000007606 _____ () C:\Users\Emiliyan\AppData\Local\Resmon.ResmonCfg
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-15 14:17
      ==================== End of FRST.txt ============================
      Addition.txt
    • от embolado
      Здравейте! От няколко дни NOD32 периодично ми изкарва съобщението от картинката, което ме кара да се съмянвам, че компютъра ми има вирус.

      Ето и логовете от FRST
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
      Ran by USER (administrator) on USER-PC (23-12-2017 17:16:05)
      Running from C:\Users\USER\Desktop
      Loaded Profiles: USER (Available Profiles: USER)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
      Internet Explorer Version 10 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
      (Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
      (Node.js) C:\Windows\Prey\versions\1.7.2\bin\node.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
      () D:\Install\Testing Tools\quietHDD\quietHDD.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
      (Fork, Ltd.) C:\Windows\Prey\versions\1.7.2\node_modules\triggers\bin\lightevt.exe
      (HP) C:\Windows\System32\HPSIsvc.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
      (ESET) C:\Program Files\ESET\ESET Security\egui.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [324352 2017-12-21] (ESET)
      HKLM-x32\...\Run: [] => [X]
      HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
      HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [322432 2012-04-04] (Hewlett-Packard Company)
      HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-05-14] (IVT Corporation)
      Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
      Winlogon\Notify\WgaLogon:
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {027c0954-011d-11e7-92c7-b4b52f788ef4} - F:\DriverPack.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {95871b5f-00b7-11e7-8cf1-b4b52f788ef4} - F:\DriverPack.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {d96b13d4-6d84-11e5-92f1-b4b52f788ef4} - H:\setup.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {e6bf35c6-0111-11e7-8df9-b4b52f788ef4} - F:\DriverPack.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {e80d797e-c983-11e5-bc97-b4b52f788ef4} - F:\setup.exe
      AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2014-05-16] (Jaksta Technologies Pty Ltd)
      Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quietHDD.lnk [2013-03-09]
      ShortcutTarget: quietHDD.lnk -> D:\Install\Testing Tools\quietHDD\quietHDD.exe ()
      GroupPolicy: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      ProxyServer: [S-1-5-21-2316775370-2964681540-2297035872-1000] => https=127.0.0.1:54745
      Hosts: 127.0.0.1   www.martau.com
      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{3D41CC7B-1CA0-4A34-B378-EF83D183B83F}: [NameServer] 8.8.8.8,8.8.4.4
      Tcpip\..\Interfaces\{42A1B73C-2FD5-4744-A1AC-DD4C68DBB756}: [DhcpNameServer] 192.168.1.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.bg/
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      SearchScopes: HKU\S-1-5-21-2316775370-2964681540-2297035872-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
      BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
      BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
      Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
      Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
      FireFox:
      ========
      FF DefaultProfile: bx4xcpl7.default
      FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default [2017-12-23]
      FF Homepage: Mozilla\Firefox\Profiles\bx4xcpl7.default -> google.bg
      FF NewTabOverride: Mozilla\Firefox\Profiles\bx4xcpl7.default -> Enabled: "id":"{66E978CD-981F-47DF-AC42-E3CF417C1467
      FF Extension: (MEGA) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\firefox@mega.co.nz.xpi [2017-11-17]
      FF Extension: (New Tab Homepage) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2017-11-18]
      FF Extension: (image-save) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{6f99b5da-d696-4a33-8cc4-072873422204}.xpi [2017-11-17]
      FF Extension: (Adblock Plus) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-13] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1630456 2013-06-07] (IVT Corporation)
      R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-05-14] (IVT Corporation)
      R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2017-11-22] (Fork, Ltd.) [File not signed]
      R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1940584 2017-12-21] (ESET)
      R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [368512 2012-04-04] (Hewlett-Packard Company)
      S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
      S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
      S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-09-06] (DEVGURU Co., LTD.)
      S4 STacSV; C:\Program Files\IDT\WDM\stacsv64.exe [323072 2012-09-20] (IDT, Inc.) [File not signed]
      S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [283480 2017-03-04] (Sysprogs OU)
      U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
      R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
      R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24840 2009-01-07] (IVT Corporation.)
      S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
      S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [35848 2008-12-07] ()
      S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-06] (Samsung Electronics Co., Ltd.)
      S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-06-04] (Disc Soft Ltd)
      S3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-10-08] (DT Soft Ltd)
      R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [134368 2017-12-08] (ESET)
      R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180088 2017-12-08] (ESET)
      R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [106304 2017-12-08] (ESET)
      S1 ISODrive; C:\Windows\SysWOW64\Drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
      S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [31624 2008-07-02] (IVT Corporation.)
      S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
      R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1162952 2013-07-13] (Ralink Technology, Corp.)
      R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1864328 2012-10-03] ()
      S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-06] (Samsung Electronics Co., Ltd.)
      U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
      U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
      S3 BT; system32\DRIVERS\btnetdrv.sys [X]
      S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
      S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
      S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
      S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
      S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
      S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
      S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
      S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
      S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
      S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
      S3 VComm; system32\DRIVERS\VComm.sys [X]
      S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
      S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-23 17:16 - 2017-12-23 17:16 - 000012226 _____ C:\Users\USER\Desktop\FRST.txt
      2017-12-23 17:15 - 2017-12-23 17:16 - 000000000 ____D C:\FRST
      2017-12-23 16:58 - 2017-12-23 16:58 - 002392064 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
      2017-12-14 23:52 - 2017-12-14 23:52 - 000000000 ____D C:\Users\USER\AppData\Local\Viber
      2017-11-29 17:30 - 2017-11-29 17:30 - 000000000 ____D C:\Users\USER\AppData\Roaming\ABBYY
      2017-11-28 23:28 - 2017-11-28 23:28 - 000002697 _____ C:\Users\Public\Desktop\Skype.lnk
      2017-11-28 23:28 - 2017-11-28 23:28 - 000000000 ___RD C:\Program Files (x86)\Skype
      2017-11-28 23:28 - 2017-11-28 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      2017-11-24 13:58 - 2017-12-11 17:13 - 000001438 _____ C:\Users\USER\Desktop\Mozilla Firefox.lnk
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-23 17:15 - 2017-03-03 19:29 - 000000000 ____D C:\Users\USER\AppData\LocalLow\Mozilla
      2017-12-23 17:14 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 17:14 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 17:09 - 2017-05-08 00:51 - 000000000 ____D C:\Users\USER\AppData\Roaming\Skype
      2017-12-23 17:08 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2017-12-23 17:06 - 2017-11-22 20:05 - 000000000 ____D C:\Windows\Prey
      2017-12-23 17:06 - 2013-09-13 16:20 - 000001017 _____ C:\Windows\SysWOW64\bscs.ini
      2017-12-23 17:06 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-12-23 16:55 - 2009-07-14 07:13 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-12-23 02:05 - 2013-04-26 22:50 - 000000000 ____D C:\Users\USER\AppData\Local\CrashDumps
      2017-12-23 00:51 - 2017-11-22 19:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
      2017-12-22 18:37 - 2014-11-03 20:17 - 000004096 _____ C:\Users\USER\AppData\Local\keyfile3.drm
      2017-12-22 01:38 - 2017-07-11 22:53 - 000000000 ____D C:\Users\USER\AppData\Roaming\uTorrent
      2017-12-21 21:59 - 2013-11-26 22:18 - 000000000 ____D C:\Users\USER\AppData\Roaming\vlc
      2017-12-18 15:30 - 2016-03-18 02:15 - 000012288 ___SH C:\Users\USER\AppData\Roaming\Thumbs.db
      2017-12-17 10:12 - 2017-10-21 08:34 - 000000000 ____D C:\Users\USER\AppData\Roaming\ViberPC
      2017-12-13 01:23 - 2017-11-17 22:38 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-13 01:23 - 2017-11-17 22:38 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-13 01:23 - 2017-11-17 22:38 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-13 01:23 - 2013-03-28 20:01 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-13 01:23 - 2012-12-29 22:02 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-09 11:17 - 2017-11-17 21:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-08 23:22 - 2017-11-17 21:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-12-08 20:25 - 2017-11-02 09:02 - 000134368 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
      2017-12-08 20:25 - 2017-10-09 16:49 - 000180088 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
      2017-12-08 20:25 - 2017-09-19 09:05 - 000106304 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
      2017-11-28 23:28 - 2012-12-30 00:31 - 000000000 ____D C:\ProgramData\Skype
      ==================== Files in the root of some directories =======
      2016-03-18 02:15 - 2017-12-18 15:30 - 000012288 ___SH () C:\Users\USER\AppData\Roaming\Thumbs.db
      2016-02-08 01:25 - 2016-02-08 01:25 - 000006529 _____ () C:\Users\USER\AppData\Roaming\UserTile.png
      2015-06-08 18:55 - 2015-08-20 17:08 - 000000031 _____ () C:\Users\USER\AppData\Local\burnaware.ini
      2013-04-18 15:40 - 2015-08-23 12:48 - 000007680 _____ () C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2017-09-25 20:21 - 2017-09-25 20:21 - 000000036 _____ () C:\Users\USER\AppData\Local\housecall.guid.cache
      2014-11-03 20:17 - 2017-12-22 18:37 - 000004096 _____ () C:\Users\USER\AppData\Local\keyfile3.drm
      2013-02-05 23:18 - 2013-02-05 23:18 - 000000001 _____ () C:\Users\USER\AppData\Local\llftool.4.25.agreement
      2015-06-19 18:43 - 2015-06-19 18:43 - 000000001 _____ () C:\Users\USER\AppData\Local\llftool.4.40.agreement
      2017-06-20 18:27 - 2017-06-20 18:27 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.1.10.agreement
      2017-08-28 22:48 - 2017-08-28 22:48 - 000000013 _____ () C:\Users\USER\AppData\Local\RawCopy.savedialog.dir
      2017-08-28 22:48 - 2017-08-28 22:48 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.savedialog.filterindex
      2017-06-20 18:27 - 2017-08-29 12:08 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.sourcedisk.index
      2013-02-18 20:48 - 2017-11-11 20:47 - 000007652 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-19 02:06
      ==================== End of FRST.txt ============================
       
       
      Addition.txt
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.