Премини към съдържанието

Препоръчан отговор


Здравейте,

от няколко дни ми се променят настройките на Google Chrome. Отваря се начална страница http://search.safefinder.com/. Появяват се непрекъснато реклами, отварят ми се непознати страници.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016
Ran by burgas (administrator) on BURGAS-PC (03-02-2016 10:40:19)
Running from C:\Users\burgas\Downloads
Loaded Profiles: burgas (Available Profiles: burgas)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: Български (България)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\ProgramData\Airtostrong\Airtostrong.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd., Samsung Software Center.) C:\Program Files\SAMSUNG\SmarThru\Portctrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel) C:\Program Files\Intel\AMT\LMS.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Intel) C:\Program Files\Intel\AMT\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\ProgramData\Airtostrong\Airtostrong.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(JetAudio, Inc.) C:\Program Files\JetAudio\JetAudio.exe
() C:\__TM2004\tm2004.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1282048 2007-08-02] (Analog Devices, Inc.)
HKLM\...\Run: [GW Port Controller] => C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE [163840 2006-12-14] (Samsung Electronics Co., Ltd., Samsung Software Center.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\...\Run: [tgbhdpgwgg] => explorer "hxxp://opatolo.ru/?utm_source=uoua03n&utm_content=53ec9cba11c4c68db945b0faedd19cda&utm_term=9A29711C2921EE8733606F746A7A2295" <===== ATTENTION
HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\...\Policies\Explorer: [HideSCAHealth] 0
AppInit_DLLs: C:\ProgramData\Airtostrong\SingHold.dll => C:\ProgramData\Airtostrong\SingHold.dll [257536 2016-02-01] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E3BA6648-D53C-4AD5-BD44-9E8392E1F9A5}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130861943982661353&GUID=822FDA39-CE33-4D5A-AE25-7BA1920874C3
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2tg73Z4W1XMKLUEUMy2KLkblu3fWYL5Knmpvz7ZW7rWruUSaHb-5wiBn74eqnjzAFTXoTVyV4NOmh2s3Df1-ZIvtVY9oHVO9QpXq47vkczqr-_3hSsAtRQa3A59bWzKO85yylUeMPDliTk1uanuof6eYbbN_838,&q={searchTerms}
HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130988805395755492&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2tg73Z4W1XMKLUEUMy2KLkblu3fWYL5Knmpvz7ZW7rWruUSaHb-5wiBn74eqnjzAFTXoTVyV4NOmh2s3Df1-ZIvtVY9oHVO9QpXq47vkczqr-_3hSsAtRQa3A59bWzKO85yylUeMPDliTk1uanuof6eYbbN_838,&q={searchTerms}
HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2tg73Z4W1XMKLUEUMy2KLkblu3fWYL5Knmpvz7ZW7rWruUSaHb-5wiBn74eqnjzAFTXoTVyV4NOmh2s3Df1-ZIvtVY9oHVO9QpXq47vkczqr-_3hSsAtRQa3A59bWzKO85yylUeMPDliTk1uanuof6eYbbN_838,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-01-20] (Microsoft Corporation)
DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://online.bulbank.bg/capicom.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908
FF NewTab: C:\\ProgramData\\Airtostrongs\\ff.NT
FF SelectedSearchEngine: Поиск@Mail.Ru
FF Homepage: hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.2&gp=801007
FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id=%7BD1BECE92-0571-4F07-893D-3AFC6AA6ADA5%7D&gp=801507
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-20] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [not found]
FF Extension: 50uCouuippons - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\Extensions\5@9g.edu [2015-01-06] [not signed]
FF Extension: YouetubeAdBlocke - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\Extensions\5@L2QH.org [2014-12-12] [not signed]
FF Extension: Домашняя страница Mail.Ru - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\Extensions\homepage@mail.ru [2016-01-28]
FF Extension: DoealEExxpreess - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\Extensions\iol@A.net [2015-01-05] [not signed]
FF Extension: BuyNsaVe - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\Extensions\JF9Xfr0CEm@W.edu [2014-12-12] [not signed]
FF Extension: nogroovesharkadstobbitk - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\Extensions\nogroovesharkads@tobbi.tk [2014-12-19] [not signed]
FF Extension: Поиск@Mail.Ru - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\Extensions\search@mail.ru [2016-01-28]
FF Extension: Adblock Plus - C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-17] [not signed]

Chrome: 
=======
CHR HomePage: Profile 2 -> mail.ru/cnt/11956636
CHR StartupUrls: Profile 2 -> "hxxps://www.google.bg/"
CHR DefaultSearchURL: Profile 2 -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2tg73Z4W1XMKLUEUMy2KLkblu3fWYL5Knmpvz7ZW7rWruUSaHb-5wiBn74eqnjzAFTX_lVKA34PV4u6LseiDKR1tbEwCzvJ0KclarERakF_KbqiMGYL8xdyC3AmkxRhVTcI5QL2RTYj_QvuHJSfWsA5ohdCqEcE,&q={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> feed.sonic-search.com_
CHR DefaultSuggestURL: Profile 2 -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Презентации) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Документи) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Диск) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Търсене) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Електронни таблици от Google) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Документи офлайн) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Profile: C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Документи) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-02]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\burgas\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-02]
CHR HKLM\...\Chrome\Extension: [eioddfaepdoeifbhjphfefgipcjcdieo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iflppbjnpneiigcbdfjpnkebidmkjmoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ppoilmfkbpckodoifdlkmkepcajfjmhl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Airtostrong; C:\ProgramData\\Airtostrong\\Airtostrong.exe [531456 2016-02-01] () [File not signed]
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1887928 2015-12-22] (Microsoft Corporation)
R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-01-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-02] (Disc Soft Ltd)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [232312 2012-10-30] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics) [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2014-01-14] (Microsoft Corporation) [File not signed]
S1 dogqxxnk; \??\C:\Windows\system32\drivers\dogqxxnk.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 sdfhgdf; system32\DRIVERS\sdfhgdf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-03 10:40 - 2016-02-03 10:40 - 00015114 _____ C:\Users\burgas\Downloads\FRST.txt
2016-02-03 10:40 - 2016-02-03 10:40 - 00000000 ____D C:\FRST
2016-02-03 10:39 - 2016-02-03 10:39 - 01721856 _____ (Farbar) C:\Users\burgas\Downloads\FRST.exe
2016-02-02 17:16 - 2016-02-03 08:46 - 00000000 ____D C:\Users\burgas\AppData\Roaming\Systweak
2016-02-02 17:15 - 2016-02-02 17:15 - 00000000 ____D C:\Users\burgas\AppData\Local\Systweak
2016-02-02 17:14 - 2016-02-02 17:15 - 05822720 _____ (Advanced System Protector ) C:\Users\burgas\Downloads\aspsetup.exe
2016-02-02 16:58 - 2016-02-03 08:38 - 00000370 _____ C:\Windows\Tasks\AmiUpdXp.job
2016-02-02 16:58 - 2016-02-02 17:42 - 00000000 ____D C:\Users\burgas\AppData\Local\15389
2016-02-02 15:26 - 2016-02-02 15:26 - 01508352 _____ C:\Users\burgas\Downloads\adwcleaner_5.032.exe
2016-02-02 13:02 - 2016-02-03 10:07 - 00000986 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-02 13:02 - 2016-02-03 08:38 - 00000982 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-02 13:02 - 2016-02-02 16:35 - 00002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-02 12:54 - 2016-02-02 12:54 - 00242304 _____ C:\Users\burgas\Downloads\Firefox Setup Stub 44.0.exe
2016-02-02 12:25 - 2016-02-02 13:02 - 00000000 ____D C:\Users\burgas\AppData\Local\Deployment
2016-02-02 12:25 - 2016-02-02 12:25 - 00000000 ____D C:\Users\burgas\AppData\Local\Apps\2.0
2016-02-01 17:40 - 2016-02-01 17:40 - 00000000 ____D C:\ProgramData\Airtostrongs
2016-02-01 17:39 - 2016-02-01 17:39 - 03250516 _____ () C:\Program Files\Common Files\xfjbicol.exe
2016-02-01 11:03 - 2016-02-02 09:52 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2016-01-29 12:27 - 2015-12-24 00:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-29 12:27 - 2015-12-12 20:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-29 12:27 - 2015-12-12 19:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-29 12:27 - 2015-12-12 19:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-29 12:27 - 2015-12-12 19:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-29 12:27 - 2015-12-12 19:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-29 12:27 - 2015-12-12 19:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-29 12:27 - 2015-12-12 19:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-29 12:27 - 2015-12-12 19:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-29 12:27 - 2015-12-12 19:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-29 12:27 - 2015-12-12 19:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-29 12:27 - 2015-12-12 19:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-29 12:27 - 2015-12-12 19:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-29 12:27 - 2015-12-12 19:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-29 12:27 - 2015-12-12 19:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-29 12:27 - 2015-12-12 19:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-29 12:27 - 2015-12-12 19:27 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-29 12:27 - 2015-12-12 19:22 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-29 12:27 - 2015-12-12 19:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-29 12:27 - 2015-12-12 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-29 12:27 - 2015-12-12 19:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-29 12:27 - 2015-12-12 19:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-29 12:27 - 2015-12-12 19:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-29 12:27 - 2015-12-12 19:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-29 12:27 - 2015-12-12 19:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-29 12:27 - 2015-12-12 19:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-29 12:27 - 2015-12-12 19:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-29 12:27 - 2015-12-12 19:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-29 12:27 - 2015-12-12 19:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-29 12:27 - 2015-12-12 19:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-29 12:27 - 2015-12-12 19:00 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-29 12:27 - 2015-12-12 18:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-29 12:27 - 2015-12-12 18:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-29 12:27 - 2015-12-12 18:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-29 12:27 - 2015-11-10 20:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-01-29 12:27 - 2015-11-10 20:39 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-01-29 12:27 - 2015-11-10 20:39 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-01-29 12:26 - 2015-12-30 20:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-01-29 12:26 - 2015-12-30 20:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-29 12:26 - 2015-12-30 20:47 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-29 12:26 - 2015-12-30 20:47 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-29 12:26 - 2015-12-30 20:44 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-29 12:26 - 2015-12-30 20:41 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-29 12:26 - 2015-12-30 20:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-29 12:26 - 2015-12-30 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-29 12:26 - 2015-12-30 20:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-29 12:26 - 2015-12-30 20:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-29 12:26 - 2015-12-30 20:40 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-29 12:26 - 2015-12-30 20:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-29 12:26 - 2015-12-30 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-29 12:26 - 2015-12-30 20:39 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-29 12:26 - 2015-12-30 20:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-29 12:26 - 2015-12-30 20:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-29 12:26 - 2015-12-30 20:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-29 12:26 - 2015-12-30 20:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-29 12:26 - 2015-12-30 20:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-29 12:26 - 2015-12-30 20:38 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-29 12:26 - 2015-12-30 20:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-29 12:26 - 2015-12-30 20:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-29 12:26 - 2015-12-30 20:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-29 12:26 - 2015-12-30 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-29 12:26 - 2015-12-30 19:38 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-29 12:26 - 2015-12-30 19:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-29 12:26 - 2015-12-30 19:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-29 12:26 - 2015-12-30 19:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-29 12:26 - 2015-12-30 19:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-29 12:26 - 2015-12-30 19:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-29 12:26 - 2015-12-30 19:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-29 12:26 - 2015-12-30 19:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-29 12:26 - 2015-12-11 20:35 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-29 12:26 - 2015-12-08 23:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-29 12:26 - 2015-11-17 02:45 - 00022464 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-29 12:26 - 2015-11-17 02:42 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-29 12:26 - 2015-11-17 02:42 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-29 12:26 - 2015-11-17 02:42 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-29 12:26 - 2015-11-17 02:42 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-29 12:26 - 2015-11-17 02:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-29 12:26 - 2015-11-16 22:12 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-29 12:26 - 2015-11-11 20:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-01-29 12:26 - 2015-11-11 20:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-01-29 12:26 - 2015-11-05 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-01-29 12:26 - 2015-10-29 19:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2016-01-29 12:26 - 2015-10-29 19:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-01-29 12:26 - 2015-10-29 19:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2016-01-29 12:26 - 2015-10-29 19:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-01-29 12:26 - 2015-10-13 18:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-01-29 12:26 - 2015-10-13 18:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-01-29 12:26 - 2015-10-13 06:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-01-29 12:26 - 2015-09-23 15:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-01-29 12:26 - 2015-09-23 15:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-01-29 12:26 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-01-29 12:25 - 2015-12-08 23:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-29 12:25 - 2015-12-08 23:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-29 12:25 - 2015-12-08 23:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-29 12:25 - 2015-12-08 23:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-29 12:25 - 2015-12-08 23:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-29 12:25 - 2015-12-08 23:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-29 12:25 - 2015-12-08 23:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-29 12:25 - 2015-12-08 23:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-29 12:25 - 2015-12-08 23:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-29 12:25 - 2015-12-08 23:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-29 12:25 - 2015-12-08 23:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-29 12:25 - 2015-12-08 23:11 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-29 12:25 - 2015-12-08 23:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-29 12:25 - 2015-12-08 23:00 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-29 12:25 - 2015-11-20 20:34 - 02956800 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-01-29 12:25 - 2015-11-20 20:34 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-01-29 12:25 - 2015-11-20 20:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-01-29 12:25 - 2015-11-20 20:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-01-29 12:25 - 2015-11-20 20:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-01-29 12:25 - 2015-11-20 20:34 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-01-29 12:25 - 2015-11-20 20:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-01-29 12:25 - 2015-11-20 20:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-01-29 12:25 - 2015-11-20 20:33 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-01-29 12:25 - 2015-11-20 20:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-01-29 12:25 - 2015-11-20 20:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-01-29 12:25 - 2015-11-14 00:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-29 12:25 - 2015-11-14 00:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-29 12:25 - 2015-11-14 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-29 12:25 - 2015-11-05 21:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-01-29 12:25 - 2015-11-05 11:48 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-01-29 12:25 - 2015-11-03 20:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-01-29 12:25 - 2015-11-03 20:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-01-29 12:25 - 2015-10-01 19:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-01-29 12:25 - 2015-10-01 19:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-01-29 12:25 - 2015-10-01 19:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-01-29 12:25 - 2015-10-01 19:50 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-01-29 12:25 - 2015-10-01 19:50 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-01-29 12:25 - 2015-10-01 19:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-01-29 12:25 - 2015-10-01 19:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-01-29 12:25 - 2015-10-01 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-01-29 12:25 - 2015-08-06 19:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-01-29 12:25 - 2015-08-06 19:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-01-29 10:42 - 2016-02-01 11:34 - 00000080 _____ C:\Users\burgas\AppData\Roaming\Microsoft\Windows\Start Menu\чTorrent.lnk
2016-01-28 17:39 - 2016-02-03 08:39 - 00000000 ____D C:\ProgramData\Airtostrong
2016-01-28 17:37 - 2016-01-28 17:37 - 00000000 ____D C:\Program Files\Common Files\gccrnt0l
2016-01-28 16:37 - 2016-01-28 16:47 - 00000000 ____D C:\Program Files\Common Files\Trioqvobam
2016-01-28 16:36 - 2016-02-01 11:33 - 00000000 ____D C:\Program Files\BitTorrent
2016-01-28 16:36 - 2016-01-28 16:36 - 00041472 _____ C:\Users\burgas\AppData\Local\Saodom.dat
2016-01-28 16:36 - 2016-01-28 16:36 - 00000187 _____ C:\Users\burgas\AppData\Local\Saodom.exe.config
2016-01-28 15:42 - 2016-01-28 15:42 - 00000000 ____D C:\Users\burgas\AppData\Local\Вконтактe
2016-01-28 15:37 - 2016-01-28 15:37 - 00000000 ____D C:\Users\burgas\AppData\Local\Вoйти в Интeрнет
2016-01-28 15:34 - 2016-01-28 15:34 - 00000000 ____D C:\Users\Public\Documents\GenieSoft
2016-01-28 15:34 - 2016-01-28 15:34 - 00000000 ____D C:\Users\burgas\AppData\Roaming\MicrosoftUpdater
2016-01-28 15:32 - 2016-01-28 15:32 - 00000000 ____D C:\Users\burgas\AppData\Roaming\Calculator
2016-01-28 15:31 - 2016-01-28 15:31 - 00000000 ____D C:\Users\burgas\AppData\Local\Поиcк в Интeрнете
2016-01-28 15:29 - 2016-01-29 10:41 - 00000000 ____D C:\Users\burgas\AppData\Local\SystemDir
2016-01-28 15:29 - 2016-01-28 15:38 - 00000000 ____D C:\Users\burgas\AppData\Roaming\MailProducts
2016-01-28 15:29 - 2016-01-28 15:36 - 00000000 ____D C:\Users\burgas\AppData\LocalLow\Unity
2016-01-28 15:29 - 2016-01-28 15:36 - 00000000 ____D C:\Users\burgas\AppData\Local\Unity
2016-01-28 15:27 - 2016-01-28 15:27 - 00000000 __RSH C:\MSDOS.SYS
2016-01-28 15:27 - 2016-01-28 15:27 - 00000000 __RSH C:\IO.SYS
2016-01-27 13:05 - 2016-01-27 13:12 - 00000000 ____D C:\Users\burgas\Documents\ViberDownloads
2016-01-27 13:01 - 2016-01-22 08:44 - 05452800 _____ C:\Users\burgas\Desktop\Price list_Motip Dupli all 09.12.2015.xls
2016-01-20 10:03 - 2016-01-20 10:03 - 00010240 _____ C:\Users\burgas\Desktop\sp_orderkomp.xls
2016-01-13 08:57 - 2016-01-13 08:58 - 00000000 ____D C:\Users\burgas\Desktop\радио
2016-01-08 14:43 - 2016-01-11 08:49 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-03 10:15 - 2014-09-05 14:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-03 08:52 - 2009-07-14 06:34 - 00031680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-03 08:52 - 2009-07-14 06:34 - 00031680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-03 08:45 - 2010-11-20 23:01 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-03 08:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-02-03 08:38 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-02 13:02 - 2014-11-27 09:17 - 00000000 ____D C:\Program Files\Google
2016-02-02 10:02 - 2014-09-02 08:56 - 00000000 ____D C:\Install
2016-02-02 09:09 - 2010-10-01 12:05 - 00006866 _____ C:\Windows\NAV.INI
2016-02-02 09:08 - 2014-09-12 14:13 - 00002560 _____ C:\Windows\MKDEWE.TRN
2016-02-02 08:46 - 2015-08-25 12:51 - 00298496 _____ C:\Users\burgas\Desktop\Kana price list roller & brushes 2015 NALICHNO+EAN 01.03.2015 correction 04.08.2015.xls
2016-02-01 17:40 - 2014-09-01 17:19 - 00001420 _____ C:\Users\burgas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-01 17:40 - 2014-02-10 10:55 - 00001407 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-01 17:40 - 2014-02-10 10:55 - 00001407 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-01 11:34 - 2015-10-16 11:12 - 00002112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-01 11:34 - 2015-04-24 08:39 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-01 11:34 - 2015-02-20 16:27 - 00001784 _____ C:\Users\Public\Desktop\jetAudio.lnk
2016-02-01 11:34 - 2014-11-20 14:57 - 00002178 _____ C:\Users\burgas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-02-01 11:34 - 2014-09-08 13:59 - 00001938 _____ C:\Users\Public\Desktop\SmarThru 3.lnk
2016-02-01 11:34 - 2014-09-05 10:00 - 00002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-02-01 11:34 - 2014-09-05 09:57 - 00001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2016-02-01 11:34 - 2014-09-05 09:57 - 00001049 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2016-02-01 11:34 - 2014-09-02 08:49 - 00001369 _____ C:\Users\Public\Desktop\Business Navigator for Windows.lnk
2016-02-01 11:34 - 2014-09-02 08:47 - 00000510 _____ C:\Users\burgas\Desktop\TM2004.lnk
2016-02-01 11:34 - 2014-09-02 08:36 - 00000528 _____ C:\Users\burgas\Desktop\VPN връзка.lnk
2016-02-01 11:34 - 2014-02-10 10:55 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-02-01 11:34 - 2014-02-10 10:55 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-02-01 11:34 - 2009-07-14 06:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-01 11:34 - 2009-07-14 06:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-02-01 11:34 - 2009-07-14 06:42 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-02-01 11:34 - 2009-07-14 06:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-02-01 11:34 - 2009-07-14 06:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-02-01 11:34 - 2009-07-14 06:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-02-01 11:34 - 2009-07-14 06:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-02-01 10:45 - 2014-10-13 09:13 - 00177664 _____ C:\Users\burgas\Desktop\sp_order.xls
2016-02-01 09:30 - 2015-04-06 17:17 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-01 09:22 - 2009-07-14 06:33 - 00367952 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-01 09:21 - 2014-12-11 08:34 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-01 09:21 - 2014-09-02 11:57 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-01 09:20 - 2011-04-12 04:24 - 00000000 ____D C:\Program Files\Windows Journal
2016-01-29 17:49 - 2014-09-02 11:47 - 00000000 ____D C:\Windows\system32\MRT
2016-01-29 17:44 - 2014-09-02 11:47 - 141317472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-28 15:52 - 2015-04-15 12:09 - 00000000 __SHD C:\Users\burgas\AppData\Local\EmieBrowserModeList
2016-01-28 15:52 - 2014-09-02 12:09 - 00000000 __SHD C:\Users\burgas\AppData\Local\EmieUserList
2016-01-28 15:52 - 2014-09-02 12:09 - 00000000 __SHD C:\Users\burgas\AppData\Local\EmieSiteList
2016-01-28 15:51 - 2014-09-01 17:19 - 00000000 ____D C:\Users\burgas
2016-01-20 11:15 - 2014-09-05 14:39 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-01-20 11:15 - 2014-09-05 14:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-01-20 08:59 - 2014-11-20 14:51 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-20 08:58 - 2014-11-20 14:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-15 09:44 - 2015-01-30 10:28 - 00000000 ____D C:\Users\burgas\Desktop\Ценови листи 2015
2016-01-12 08:43 - 2014-09-02 13:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2016-02-01 17:39 - 2016-02-01 17:39 - 3250516 _____ () C:\Program Files\Common Files\xfjbicol.exe
2016-01-28 16:36 - 2016-01-28 16:36 - 0041472 _____ () C:\Users\burgas\AppData\Local\Saodom.dat
2016-01-28 16:36 - 2016-01-28 16:36 - 0000187 _____ () C:\Users\burgas\AppData\Local\Saodom.exe.config

Files to move or delete:
====================
C:\Users\burgas\del_tmp.bat


Some files in TEMP:
====================
C:\Users\burgas\AppData\Local\Temp\1536.tmp.exe
C:\Users\burgas\AppData\Local\Temp\38E.tmp.exe
C:\Users\burgas\AppData\Local\Temp\9FDF.tmp.exe
C:\Users\burgas\AppData\Local\Temp\AF51.tmp.exe
C:\Users\burgas\AppData\Local\Temp\amisetup0847__16582.exe
C:\Users\burgas\AppData\Local\Temp\amisetup0896__10235.exe
C:\Users\burgas\AppData\Local\Temp\amisetup0932__10235.exe
C:\Users\burgas\AppData\Local\Temp\amisetup3610__16582.exe
C:\Users\burgas\AppData\Local\Temp\amisetup3662__10235.exe
C:\Users\burgas\AppData\Local\Temp\amisetup3691__10235.exe
C:\Users\burgas\AppData\Local\Temp\DD94.tmp.exe
C:\Users\burgas\AppData\Local\Temp\E5CC.tmp.exe
C:\Users\burgas\AppData\Local\Temp\F3F1.tmp.exe
C:\Users\burgas\AppData\Local\Temp\FA17.tmp.exe
C:\Users\burgas\AppData\Local\Temp\FAVxXv9touaF.exe
C:\Users\burgas\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\burgas\AppData\Local\Temp\HitmanPro.exe
C:\Users\burgas\AppData\Local\Temp\nsz60DE.exe
C:\Users\burgas\AppData\Local\Temp\ose00000.exe
C:\Users\burgas\AppData\Local\Temp\sqlite3.dll
C:\Users\burgas\AppData\Local\Temp\u1ElmH7axTUj.exe
C:\Users\burgas\AppData\Local\Temp\XnSRyYAXQAWD.exe
C:\Users\burgas\AppData\Local\Temp\yMZoPGRjLmTI.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-29 00:12

==================== End of FRST.txt ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

След това пишете как е положението! ;)

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

не мога да кача лог файла, в момента в който го поставям страницата забива и ме изхвърля.

Какво да правя?

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Нека да проверим за остатъци:

 

СТЪПКА 1

 

  • Изтеглете и стартирайтe 6sv1DN9.jpgAdwCleaner.exe.
  • Натиснете бутона Scan.
  • AdwCleaner ще започне да проверява компютъра.
  • След като проверката приключи натиснете бутона Clean.
  • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
  • Ще се появи автоматично лог файл с името (AdwCleaner[C0].txt) в C:\Adwcleaner
  • Публикувайте съдържанието му в следващия си коментар.

 

СТЪПКА 2

 

Моля изтеглете icon1448041809.pngJunkware Removal Tool на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

СТЪПКА 3

 

Направете нова проверка с FRST като сложите отметка пред Addition.txt преди да натиснете бутона SCAN и след това прикачете новите резултати.

 

Това е засега! :)

Поздрави!

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

# AdwCleaner v5.032 - Лог файлът е създаден 04/02/2016 при 15:03:09
# Обновен 31/01/2016 от Xplode
# База данни : 2016-02-02.1 [Сървър]
# Операционна система : Windows 7 Professional Service Pack 1 (x86)
# Потребителско име : burgas - BURGAS-PC
# Изпълнява се от : C:\Users\burgas\Downloads\adwcleaner_5.032.exe
# Опция : Изчистване
# Поддръжка : http://toolslib.net/forum

***** [ Сервизи ] *****


***** [ Папки ] *****


***** [ Файлове ] *****


***** [ DLLs ] *****


***** [ Преки пътища ] *****


***** [ Планирани задачи ] *****

[-] Задача Изтрито : amiupdaterExd
[-] Задача Изтрито : amiupdaterExi

***** [ Регистър ] *****

[-] Ключ Изтрито : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Stpro.exe
[-] Ключ Изтрито : HKLM\SOFTWARE\Classes\CLSID\{117270FA-48AC-45BB-9171-B63D1B42A910}
[-] Ключ Изтрито : HKLM\SOFTWARE\mysites123Software

***** [ Уеб браузъри ] *****


*************************

:: "Tracing" ключове отстраняват
:: Настройките на Winsock са нулирани

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1311 байта] ##########


 

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Professional x86 
Ran by burgas (Administrator) on 04.02.2016 at 15:07:06.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 9 

Successfully deleted: C:\Users\burgas\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\burgas\AppData\Local\installer (Folder) 
Successfully deleted: C:\Users\burgas\AppData\Local\systemdir (Folder) 
Successfully deleted: C:\Users\burgas\AppData\Roaming\mailproducts (Folder) 
Successfully deleted: C:\Windows\System32\ai_recyclebin (Folder) 
Successfully deleted: C:\Users\burgas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94U63VWV (Folder) 
Successfully deleted: C:\Users\burgas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIGMCJ83 (Folder) 
Successfully deleted: C:\Users\burgas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IU12NO0V (Folder) 
Successfully deleted: C:\Users\burgas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4RZDXJ4 (Folder) 

Deleted the following from C:\Users\burgas\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqp8ob.default-1415263838908\prefs.js
user_pref(extensions.5cT1M3Es3wA0r1i0.scode, try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\acebook\)>-1||url.indexOf(\warnale
user_pref(extensions.IjGjnbMxuhD2IF6A.scode, try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\acebook\)>-1||url.indexOf(\warnale
user_pref(extensions.homepage@mail.ru.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_id=%7B96496CE0-83C9-440E-8F5D-C1F89FFF431C%7D&install_id=%7B2C0C77A0-940B-4FFC-A
user_pref(extensions.homepage@mail.ru.install_id, {2C0C77A0-940B-4FFC-A9E5-F86666F80F7E});
user_pref(extensions.homepage@mail.ru.lastHomepage, hxxp://opatolo.ru/?utm_content=83d5920a52d67260f4213f8bddf9126c&utm_source=startpm&utm_term=9A29711C2921EE8733606F746A7A
user_pref(extensions.homepage@mail.ru.lastPageType, 1);
user_pref(extensions.homepage@mail.ru.metric_state_go_metric, {\lastDayNumber\:1,\lastDayDate\:\2016-02-02T00:00:00.000Z\});
user_pref(extensions.homepage@mail.ru.metric_state_installPartnerMetric, {\wasSent\:true});
user_pref(extensions.homepage@mail.ru.metric_state_mrds_metric, {\lastDayNumber\:1,\lastDayDate\:\2016-02-02T00:00:00.000Z\});
user_pref(extensions.homepage@mail.ru.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.txt?type=product_online_metric&product_id=%7B96496CE0-83C9-440E-8F5D-C1F89FFF431
user_pref(extensions.homepage@mail.ru.partner_product_online_url, hxxp://soqouguxmupm.reportersleeve.ru/affect?hetag=78e1f979120009559de44cacb4c89804&guid={2C0C77A0-940B-4F
user_pref(extensions.homepage@mail.ru.product_id, {96496CE0-83C9-440E-8F5D-C1F89FFF431C});
user_pref(extensions.homepage@mail.ru.product_type, ff_xtnhp);
user_pref(extensions.homepage@mail.ru.rfr, 801007);
user_pref(extensions.search@mail.ru.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_id=%7B3DCAB8D0-FE98-43D6-B076-D559A2FE60B2%7D&install_id=%7B2C0C77A0-940B-4FFC-A9E
user_pref(extensions.search@mail.ru.install_id, {2C0C77A0-940B-4FFC-A9E5-F86666F80F7E});
user_pref(extensions.search@mail.ru.metric_state_go_metric, {\lastDayNumber\:1,\lastDayDate\:\2016-02-02T00:00:00.000Z\});
user_pref(extensions.search@mail.ru.metric_state_installPartnerMetric, {\wasSent\:true});
user_pref(extensions.search@mail.ru.metric_state_mrds_metric, {\lastDayNumber\:1,\lastDayDate\:\2016-02-02T00:00:00.000Z\});
user_pref(extensions.search@mail.ru.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.txt?type=product_online_metric&product_id=%7B3DCAB8D0-FE98-43D6-B076-D559A2FE60B2%
user_pref(extensions.search@mail.ru.partner_product_online_url, hxxp://soqouguxmupm.reportersleeve.ru/affect?hetag=78e1f979120009559de44cacb4c89804&guid={2C0C77A0-940B-4FFC
user_pref(extensions.search@mail.ru.product_id, {3DCAB8D0-FE98-43D6-B076-D559A2FE60B2});
user_pref(extensions.search@mail.ru.product_type, ff_xtndse);
user_pref(extensions.search@mail.ru.rfr, 801507);
user_pref(extensions.xpiState, {\app-profile\:{\5@9g.edu\:{\d\:\C:\\\\Users\\\\burgas\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hpxqp8ob.default-141
user_pref(extensions.{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_id=%7B6926429E-9157-454B-B774-4F8A1A3AFDB3%7D&install_id=%
user_pref(extensions.{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.txt?type=product_online_metric&product_id=%7B6926429E-9157

Registry: 3 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value) 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.02.2016 at 15:08:17.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

FRST.txt

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Нека да видим какво още е останало.

 

СТЪПКА 1

 

Изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

СТЪПКА 2

 

icon_zps423a0d9f.jpgМоля изтеглете ZHPcleaner и я запазете на вашия десктоп.

  • Стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
  • Кликнете върху Ashampoo_Snap_20140819_13h09m50s_001__zp за да се съгласите с лицензионното споразумение.
  • Изберете бутона y3pI4LR.png.
  • Браузърите ще бъдат затворени автоматично.
  • Ще се отвори лог файл след прикючването на проверката.
  • Публикувайте лог файла в следващия си коментар.

 

СТЪПКА 3

 

 

Моля изтеглете Malwarebytes Anti-Malware 2.2.0.1024 Final и я запазете на вашия десктоп.

  • Стартирайте файла mbam-setup-2.1.8.1057.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката. Т.е. премахнете първата отметка:

DkgJ7Zr.png

  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.

65ZBqkR.jpg

  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

 

СТЪПКА 4

 

1.Изтеглете Hitman Pro.

За 32-битова система - dEMD6.gif.
За 64-битова система - Download-button3.gif

2.Стартирайте програмата.
3.След като сте стартирали програмата като кликнете върху иконата 5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).

4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.
 
Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:
 
6-scanfin-choose.jpg
 
Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:\Programdata\HitmanPro\Logs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

Забележка: Папката C:\ProgramData е скрита и затова трябва да направите скритите файлове видими по-следния начин:

От My Computer => Tools => Folder Options => View:

Сложете отметка пред "Show hidden files, folders and drives"

и махнете отметката пред "Hide protected operating system files (recommended)".

Натиснете Apply.

Сега проверете за лог файла в папката C:\Programdata\HitmanPro\Logs и го прикачете в следващия си коментар. :)

 

СТЪПКА 5

 

emsisoft_emergency_kit.pnglogo.png

  • Моля изтеглете EmsisoftEmergencyKit, стартирайте exe файла и посочете къде да се разархивира програмата - например в (C:\EEK), натискайки бутона Extract.
  • Стартирайте иконата на файла Start Emsisoft Emergency Kit от десктопа за да стартирате приложението.
  • Натиснете бутона"Yes", когато бъдете подканени да обновите дефинициите на програмата.

EKK.gif

  • След като процеса по обновяването на дефинициите приключи натиснете бутона "Scan".
  • Натиснете бутона "Yes", когато бъдете попитани дали да програмата да включи засичането на потенциално нежелани приложения (Potentially Unwanted Applications).
  • Сега вече изберете бутона Custom Scan. Премахнете от списъка всички дялове без C:\ (т.е. нека да остане само дял C:\ в списъка).
  • Натиснете Next за да започне проверката.
  • Когато проверката приключи натиснете бутона View Report.
  • Копирайте съдържанието на лог файла в следващия си коментар.

 

СТЪПКА 6

 

Изтеглете Публикувано изображение Security Check от screen317 от този линк и го запаметете на вашия десктоп.

Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.

Накрая, автоматично ще се отвори текстов документ, наречен checkup.txt, моля поставете съдържанието му в следващия ви коментар в тази тема.

 

Поздрави! ;)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Fix result of Farbar Recovery Scan Tool (x86) Version:27-01-2016
Ran by burgas (2016-02-05 08:49:40) Run:2
Running from C:\Users\burgas\Downloads
Loaded Profiles: burgas (Available Profiles: burgas)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CHR HomePage: Profile 2 -> mail.ru/cnt/11956636
CHR DefaultSearchURL: Profile 2 -> hxxp://go.mail.ru/search?q={searchTerms}&fr=xtn11
CHR DefaultSearchKeyword: Profile 2 -> mail.ru
CHR DefaultSuggestURL: Profile 2 -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
2016-01-28 15:42 - 2016-01-28 15:42 - 00000000 ____D C:\Users\burgas\AppData\Local\Вконтактe
2016-01-28 15:37 - 2016-01-28 15:37 - 00000000 ____D C:\Users\burgas\AppData\Local\Вoйти в Интeрнет
2016-01-28 15:34 - 2016-01-28 15:34 - 00000000 ____D C:\Users\Public\Documents\GenieSoft
2016-01-28 15:34 - 2016-01-28 15:34 - 00000000 ____D C:\Users\burgas\AppData\Roaming\MicrosoftUpdater
2016-01-28 15:32 - 2016-01-28 15:32 - 00000000 ____D C:\Users\burgas\AppData\Roaming\Calculator
2016-01-28 15:31 - 2016-01-28 15:31 - 00000000 ____D C:\Users\burgas\AppData\Local\Поиcк в Интeрнете
C:\Users\burgas\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk
cmd: dir C:\Users\burgas\AppData\Local\Microsoft\Start Menu
FirewallRules: [{F559452B-097B-46AC-A11D-B298C3CA3742}] => (Allow) C:\Program Files\Mobogenie3\mobogenieP2sp.exe
FirewallRules: [{9768295F-D945-43F9-8F61-E0F9319D4EE8}] => (Allow) C:\Program Files\Mobogenie3\mobogenieP2sp.exe
EmptyTemp:
end

*****************

Error: (0) Failed to create a restore point.
Chrome HomePage => removed successfully.
Chrome DefaultSearchURL => removed successfully.
Chrome DefaultSearchKeyword => removed successfully.
Chrome DefaultSuggestURL => removed successfully.
C:\Users\burgas\AppData\Local\Вконтактe => moved successfully
C:\Users\burgas\AppData\Local\Вoйти в Интeрнет => moved successfully
C:\Users\Public\Documents\GenieSoft => moved successfully
"C:\Users\burgas\AppData\Roaming\MicrosoftUpdater" => not found.
C:\Users\burgas\AppData\Roaming\Calculator => moved successfully
C:\Users\burgas\AppData\Local\Поиcк в Интeрнете => moved successfully
C:\Users\burgas\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk => moved successfully

=========  dir C:\Users\burgas\AppData\Local\Microsoft\Start Menu =========

 Volume in drive C is Windows
 Volume Serial Number is CABE-F4F5

 Directory of C:\Users\burgas\AppData\Local\Microsoft

File Not Found

 Directory of C:\Users\burgas\Downloads

File Not Found

========= End of CMD: =========

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F559452B-097B-46AC-A11D-B298C3CA3742} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9768295F-D945-43F9-8F61-E0F9319D4EE8} => value removed successfully.
EmptyTemp: => 155.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 08:49:46 ====

 

 

~ ZHPCleaner v2016.2.4.22 by Nicolas Coolman (2016/02/04)
~ Run by burgas (Administrator)  (05/02/2016 08:54:48)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\burgas\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\burgas\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (3)
FOUND: [hpxqp8ob.default-1415263838908] - user_pref("extensions.aae44639e43f24cd1aa8039d5d2e18fa9gmailcom68153.68153.internaldb.monetization_p[...]  =>PUP.Optional.Monetization
FOUND: [hpxqp8ob.default-1415263838908] - user_pref("extensions.aae44639e43f24cd1aa8039d5d2e18fa9gmailcom68153.68153.name", "SensePlus");  =>PUP.Optional.CrossRider
FOUND: [hpxqp8ob.default-1415263838908] - user_pref("extensions.aae44639e43f24cd1aa8039d5d2e18fa9gmailcom68153.68153.publisher", "Object Brows[...]  =>PUP.Optional.ObjectBrowser


---\\  Hosts file (1)
~ The hosts file is legitimate (1)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (4)
FOUND file: C:\Windows\System32\SSGR1ci.exe [SS - SSCoInstExe]  =>.Superfluous.SwiftSearch
FOUND file: C:\Windows\AutoKMS\AutoKMS.log    =>HackTool.AutoKMS
FOUND file: C:\Windows\AutoKMS\AutoKMS.ini    =>HackTool.AutoKMS
FOUND folder: C:\Windows\AutoKMS  =>HackTool.AutoKMS


---\\  Registry ( Key, Value, Data) (74)
FOUND key: HKEY_USERS\S-1-5-21-1576859958-4174361920-3613543742-1000\SOFTWARE\mtAirtostrong []  =>PUP.Optional.Salus
FOUND key: HKEY_USERS\S-1-5-21-1576859958-4174361920-3613543742-1000\SOFTWARE\Systweak []  =>.Superfluous.Systweak
FOUND key: HKCU\Software\mtAirtostrong []  =>PUP.Optional.Salus
FOUND key: HKCU\Software\Systweak []  =>.Superfluous.Systweak
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1183689A-DE12-4684-9165-15421DECEB7B} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1338E832-34ED-4343-BFBC-89187CE59E6} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DB32EF4-7A50-4EC4-A627-B5F6F3C902A} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1EEB5F97-863B-40DA-9C12-6E57D32B24D} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20904EDD-1C7F-441C-832-1E05EB2B54F} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A111892-390F-499D-952E-95C7B3F2346B} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B1568F5-8031-40B1-B92C-DD5C9D1CEF71} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{323282FD-148F-40F8-8BBB-A5E6D94574} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33F78092-48D3-4804-908-5145D7DA814D} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{350AA7F2-15E4-4429-A018-FFE77C73E081} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37D44B4B-14BB-4149-B399-163E0FEF944} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A9F4709-AE67-476D-BC2A-3E42F0AF5C1B} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B98840C-32CA-43CA-AB76-3CA9AE48EB8} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CDC5D4C-FDB7-4A09-A96F-202F437F8F2} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44713C29-2188-439A-87FE-36C72ADB83B6} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47E07FE6-A94-453B-A3F6-1A457B767329} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49C9582C-1B24-4DBA-9292-80B58573CB2D} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FE58EEF-2C56-4B88-B9D7-1FDE42C411EE} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{555548DB-6AC5-429E-AEA0-6FE08BF8345} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{590AF3DC-1865-47A0-A080-5242D6701C80} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68DCAA5E-3D11-4608-8AF-5466DE558AAD} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F5C519E-A2E8-4503-A511-7895BD85684} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70CF60C1-910F-4C7B-94DD-668E4470C1F6} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74108E8A-C5BB-4960-94C5-9A1CFE3FA2E8} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{785A504-6001-410E-871-17D4DBE05952} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C197D83-66C5-41D1-AB48-38C5658F7B22} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DEC0B0B-353F-45D8-8BDA-CDA8FE9BDA99} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{807322BF-3DCC-4AD7-9158-BB99A03B5870} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80AA6F59-9646-48BA-A13B-5C806D26E28} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81017C8D-EA98-4FF0-988A-7715B1B11A5} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8176599C-5CD7-42D8-9996-5A5338AED369} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9224380B-4A25-4CB2-8B14-CD89671811B} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93D42FCF-F12-4ECC-91A8-D09CF4109C65} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98543DF4-4DC2-4CFA-8323-B7DCBFDC2662} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2FDC856-8F17-4B31-B445-7A95A11A4143} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A515B776-45B4-4E37-9D55-5AECA9ABCAF} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A676EC2C-18CC-4804-9BBA-8EE58B33C6} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6FF7A87-F89-473C-923E-C85254B87B1} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF6E5C09-28CE-4526-80A3-FC6624332B5E} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB8B6CC-F50C-4DFB-A580-383FF8F8386F} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0816D31-3F37-4384-A343-70C8C4B48B8E} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B274520F-7FFE-480F-A41D-5FBCBDBBE1A5} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2B68011-B805-4868-8253-68E34A99F038} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4EFE58E-FEA2-4B69-B9EA-6FA4A9B7D53} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8CDCA14-9FBA-4A8C-AC2-58A74CF1455} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BACEBDA0-FA9D-4B04-A2AD-BF9B66788E88} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4853D7B-C215-4F6C-866E-61427A6336} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC6A2183-91DF-4A6C-BF63-6E1868D3A1A4} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0CC9549-7020-4C5B-9194-EBF4A216EC2} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8BD340F-E59C-4D0A-A7CE-72447567F7B} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDFAFA04-7E39-43AA-B093-9566CFE3295} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E451B79D-3FCF-421D-A946-9F202811B18} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0FC44D1-E13D-431C-8AC-DE7B788C7AD3} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F95B6EAB-D2C7-4C23-826-3E958D744AC1} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
FOUND key: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdncache-a.akamaihd.net [227]  =>PUP.Optional.Browser
FOUND key: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\systweak.com []  =>PUP.Optional.SystSupportDock
FOUND key: HKCU\Software\Start Page []  =>PUP.Optional.WidgiToolbar
FOUND key: HKLM\SOFTWARE\Classes\..9 [YouetubeAdBlocke]  =>PUP.Optional.Generic
FOUND key: HKLM\SOFTWARE\Classes\BuyNsave.BuyNsave [BuyNsAve]  =>PUP.Optional.BuyNSave
FOUND key: HKLM\SOFTWARE\Classes\BuyNsave.BuyNsave.9 [BuyNsAve]  =>PUP.Optional.BuyNSave
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{36ce2cd0-41dc-4ccc-b914-b0e00d22dfd2} [YouetubeAdBlocke]  =>PUP.Optional.YouTubeAdBlock
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{5cb2688f-cf29-4776-885b-964cc2b20390} [HaPpY2Save]  =>PUP.Optional.Happy2Save
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{ac365cee-84fc-4443-a32d-bba5101584f9} [BuyNsAve]  =>PUP.Optional.BuyNSave
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Advanced System~Protector []  =>PUP.Optional.AdvancedSystemProtector
FOUND key: HKLM\SOFTWARE\mtAirtostrong []  =>PUP.Optional.Salus
FOUND key: HKLM\SOFTWARE\Systweak []  =>.Superfluous.Systweak
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5092715B-E66F-449E-80FE-FF871DE1280D} [Company]  =>PUP.Optional.Company
FOUND key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caMyciloP.exe []  =>PUP.Optional.caMycilo
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{36ce2cd0-41dc-4ccc-b914-b0e00d22dfd2}\InprocServer32 [C:\Program Files\YouetubeAdBlocke\HjUATx5SB9lTIz.dll (Not File)]  =>Adware.Sambreel
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{36ce2cd0-41dc-4ccc-b914-b0e00d22dfd2} [YouetubeAdBlocke]  =>Adware.Sambreel


---\\  Summary of the elements found (18)
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Monetization
http://www.nicolascoolman.fr/?p=180  =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/pup-objectbrowser/  =>PUP.Optional.ObjectBrowser
http://www.nicolascoolman.fr/ppup-optional-swiftsearch/  =>.Superfluous.SwiftSearch
http://www.nicolascoolman.fr/?p=1804  =>HackTool.AutoKMS
http://www.nicolascoolman.fr/pup-salus/  =>PUP.Optional.Salus
http://www.nicolascoolman.fr/pup-systweak/  =>.Superfluous.Systweak
http://www.nicolascoolman.fr/?p=546  =>PUP.Optional.Browser
http://www.nicolascoolman.fr/?p=1209  =>PUP.Optional.SystSupportDock
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.WidgiToolbar
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Generic
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.BuyNSave
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.YouTubeAdBlock
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Happy2Save
http://www.nicolascoolman.fr/?p=336  =>PUP.Optional.AdvancedSystemProtector
http://www.nicolascoolman.fr/link-657/  =>PUP.Optional.Company
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.caMycilo
http://www.nicolascoolman.fr/pup-optional-sambreel/  =>Adware.Sambreel


---\\ Result of repair
~ Any repair made
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 50636
~ Items found : 91
~ Items cancelled : 0
~ Items repaired : 0


~ End of search in 00h06mn06s
===================
ZHPCleaner--05022016-09_00_54.txt
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Дата на сканиране: 05.02.2016
Час на сканиране: 9:50 ч.
Дневник: 
Администратор: Да

Версия: 2.2.0.1024
База от данни за злонамерен софтуер: v2016.02.05.01
База от данни за рууткити: v2016.01.20.01
Лиценз: Безплатен
Защита от злонамерен софтуер: Забранено
Защита от злонамерени страници: Забранено
Самозащита: Забранено

ОС: Windows 7 Service Pack 1
Процесор: x86
Файлова система: NTFS
Потребител: burgas

Тип сканиране: Сканиране за заплахи
Резултат: Завършено
Сканиране обекти: 298540
Изминало време: 11 мин. 49 сек.

Памет: Разрешено
Начално стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
Рууткити: Разрешено
Евристика: Разрешено
ПНП: Разрешено
ПНИ: Разрешено

Процеси: 0
(Не бяха открити злонамерени обекти)

Модули: 0
(Не бяха открити злонамерени обекти)

Ключове в системния регистър: 6
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\dream.capture.1, Поставен под карантина, [4cc91944a6f3c37363dc5b43ca387789], 
PUP.Optional.Linkury, HKLM\SOFTWARE\mtAirtostrong, Поставен под карантина, [eb2a9cc1f0a98da9a1d0a3ac17edb24e], 
PUP.Optional.Linkury, HKLM\SOFTWARE\mtcaMyciloP, Поставен под карантина, [67ae2a333e5bc27438ad5bf3bb49a25e], 
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\caMyciloP.exe, Поставен под карантина, [26ef6df01e7b8caa0ed5a6a855afcf31], 
PUP.Optional.Linkury, HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\SOFTWARE\mtAirtostrong, Поставен под карантина, [d14471ecbbde0135cea028277a8a639d], 
PUP.Optional.Linkury, HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\SOFTWARE\mtcaMyciloP, Поставен под карантина, [9580ed707a1f5dd92bb276d8d1331ae6], 

Стойности в системния регистър: 2
PUP.Optional.Linkury, HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=BG&userid=f08dd892-6399-2808-26d8-6c3eff74d984&searchtype=sc&installDate=01.02.2016&barcodeid=50045888&channelid=888&av=windows, Поставен под карантина, [66af90cd02970f27a617f6eafe058080]
PUP.Optional.Linkury, HKU\S-1-5-21-1576859958-4174361920-3613543742-1000\ENVIRONMENT|SNF, C:\ProgramData\Airtostrongs\snp.sc, Поставен под карантина, [6da871ec4a4fd1653686be22d231d828]

Данни в системния регистър: 1
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Добър: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Лош: ({ielnksrch}),Заменен,[110498c5c6d3ab8bd8e4e8ec09fb639d]

Папки: 0
(Не бяха открити злонамерени обекти)

Файлове: 0
(Не бяха открити злонамерени обекти)

Физически сектори: 0
(Не бяха открити злонамерени обекти)


(end)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Emsisoft Emergency Kit - Version 11.0
Last update: 05.02.2016 11:17:24
User account: burgas-PC\burgas

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    05.02.2016 11:18:54
Key: HKEY_USERS\S-1-5-21-1576859958-4174361920-3613543742-1000\SOFTWARE\SYSTWEAK     detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK     detected: Application.InstallAd (A)
C:\FRST\Quarantine\C\Program Files\Common Files\gccrnt0l\66ebf4nk14phj.exe     detected: Gen:Variant.Adware.MSILPerseus.11675 (B)
C:\FRST\Quarantine\C\Program Files\Common Files\Trioqvobam\uninstall.exe     detected: Gen:Variant.Midie.7032 (B)
C:\FRST\Quarantine\C\ProgramData\Airtostrong\Airtostrong.exe     detected: Gen:Variant.Midie.7032 (B)
C:\FRST\Quarantine\C\Program Files\Common Files\xfjbicol.exe.xBAD -> (NSIS o) -> zlib_nsis0003     detected: Gen:Variant.Midie.7032 (B)
C:\FRST\Quarantine\C\ProgramData\Airtostrong\Refax.exe     detected: Adware.Agent.QGV (B)
C:\FRST\Quarantine\C\ProgramData\Airtostrong\SingHold.dll     detected: Adware.Agent.QGV (B)
C:\Program Files\BitTorrent\bin\222ae069-bbae-484e-bf35-e27aaf375bc7\Jackson.exe -> (NSIS o) -> zlib_nsis0003     detected: Gen:Variant.Midie.7032 (B)
C:\Program Files\BitTorrent\bin\222ae069-bbae-484e-bf35-e27aaf375bc7\Jackson.exe -> (NSIS o) -> zlib_nsis0006     detected: Adware.Linkury.BG (B)
C:\Program Files\BitTorrent\bin\222ae069-bbae-484e-bf35-e27aaf375bc7\xtc.exe     detected: Trojan.Generic.15444432 (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{56E44A6D-D533-C383-6F4D-D6255D5BD182}-amisetup0932__10235.exe -> (Quarantine-PE)     detected: Gen:Variant.Razy.11579 (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{3EF1B844-DDE2-9FC4-DCDF-647860F8973C}-amisetup9306__10235.exe -> (Quarantine-PE)     detected: Gen:Variant.Razy.9421 (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{6DD35978-DAF5-F252-9E8C-4077DF8EC623}-amisetup3691__10235.exe -> (Quarantine-PE)     detected: Gen:Variant.Razy.11579 (B)
C:\Users\burgas\AppData\Roaming\e60ac6ff-0c07-404d-8ced-7ce556cd4298\e60ac6ff-0c07-404d-8ced-7ce556cd4298.exe     detected: Gen:Variant.Graftor.269551 (B)

Scanned    171916
Found    15

Scan end:    05.02.2016 12:04:41
Scan time:    0:45:47
 

 

Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player     20.0.0.286  
 Mozilla Thunderbird (38.5.0) 
 Google Chrome (48.0.2564.103) 
 Google Chrome (48.0.2564.97) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbam.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
 

HitmanPro_20160205_1029.log

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Почти сме готови.

 

СТЪПКА 1

 

Направете и нова проверка с ZPHCleaner и след като тя приключи този път натиснете бутона Repair. Като се отвори списъка с намерените неща за почистване се разходете из категориите => File => премахнете отметките пред редовете свързани с AutoKMS и натиснете бутона Validate. Сега отидете до Folder => и отново премахнете редовете свързани с AutoKMS и натиснете Validate. Вече натиснете бутона Repair. Като приключи натиснете бутона Report и запазете файла на десктопа и го публикувайте в следващия си коментар.

 

СТЪПКА 2

 

Изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

След това пишете как е положението. ;)

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

много Ви благодаря за помощта. Ще направя последните инструкции в понеделник.

Приятен уикенд.:wink12:

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

~ ZHPCleaner v2016.2.4.22 by Nicolas Coolman (2016/02/04)
~ Run by burgas (Administrator)  (08/02/2016 09:39:40)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\burgas\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\burgas\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (3)
DELETED: [hpxqp8ob.default-1415263838908] - user_pref("extensions.aae44639e43f24cd1aa8039d5d2e18fa9gmailcom68153.68153.internaldb.monetization_p[...]  =>PUP.Optional.Monetization
DELETED: [hpxqp8ob.default-1415263838908] - user_pref("extensions.aae44639e43f24cd1aa8039d5d2e18fa9gmailcom68153.68153.name", "SensePlus");  =>PUP.Optional.CrossRider
DELETED: [hpxqp8ob.default-1415263838908] - user_pref("extensions.aae44639e43f24cd1aa8039d5d2e18fa9gmailcom68153.68153.publisher", "Object Brows[...]  =>PUP.Optional.ObjectBrowser


---\\  Hosts file (1)
~ The hosts file is legitimate (1)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (1)
MOVED file: C:\Windows\System32\SSGR1ci.exe [SS - SSCoInstExe]  =>.Superfluous.SwiftSearch


---\\  Registry ( Key, Value, Data) (70)
DELETED key*: HKEY_USERS\S-1-5-21-1576859958-4174361920-3613543742-1000\SOFTWARE\Systweak []  =>.Superfluous.Systweak
DELETED key: HKCU\Software\Systweak []  =>.Superfluous.Systweak
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1183689A-DE12-4684-9165-15421DECEB7B} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1338E832-34ED-4343-BFBC-89187CE59E6} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DB32EF4-7A50-4EC4-A627-B5F6F3C902A} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1EEB5F97-863B-40DA-9C12-6E57D32B24D} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20904EDD-1C7F-441C-832-1E05EB2B54F} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A111892-390F-499D-952E-95C7B3F2346B} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B1568F5-8031-40B1-B92C-DD5C9D1CEF71} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{323282FD-148F-40F8-8BBB-A5E6D94574} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33F78092-48D3-4804-908-5145D7DA814D} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{350AA7F2-15E4-4429-A018-FFE77C73E081} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37D44B4B-14BB-4149-B399-163E0FEF944} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A9F4709-AE67-476D-BC2A-3E42F0AF5C1B} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B98840C-32CA-43CA-AB76-3CA9AE48EB8} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CDC5D4C-FDB7-4A09-A96F-202F437F8F2} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44713C29-2188-439A-87FE-36C72ADB83B6} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47E07FE6-A94-453B-A3F6-1A457B767329} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49C9582C-1B24-4DBA-9292-80B58573CB2D} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FE58EEF-2C56-4B88-B9D7-1FDE42C411EE} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{555548DB-6AC5-429E-AEA0-6FE08BF8345} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{590AF3DC-1865-47A0-A080-5242D6701C80} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68DCAA5E-3D11-4608-8AF-5466DE558AAD} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F5C519E-A2E8-4503-A511-7895BD85684} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70CF60C1-910F-4C7B-94DD-668E4470C1F6} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74108E8A-C5BB-4960-94C5-9A1CFE3FA2E8} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{785A504-6001-410E-871-17D4DBE05952} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C197D83-66C5-41D1-AB48-38C5658F7B22} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DEC0B0B-353F-45D8-8BDA-CDA8FE9BDA99} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{807322BF-3DCC-4AD7-9158-BB99A03B5870} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80AA6F59-9646-48BA-A13B-5C806D26E28} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81017C8D-EA98-4FF0-988A-7715B1B11A5} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8176599C-5CD7-42D8-9996-5A5338AED369} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9224380B-4A25-4CB2-8B14-CD89671811B} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93D42FCF-F12-4ECC-91A8-D09CF4109C65} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98543DF4-4DC2-4CFA-8323-B7DCBFDC2662} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2FDC856-8F17-4B31-B445-7A95A11A4143} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A515B776-45B4-4E37-9D55-5AECA9ABCAF} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A676EC2C-18CC-4804-9BBA-8EE58B33C6} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6FF7A87-F89-473C-923E-C85254B87B1} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF6E5C09-28CE-4526-80A3-FC6624332B5E} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB8B6CC-F50C-4DFB-A580-383FF8F8386F} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0816D31-3F37-4384-A343-70C8C4B48B8E} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B274520F-7FFE-480F-A41D-5FBCBDBBE1A5} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2B68011-B805-4868-8253-68E34A99F038} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4EFE58E-FEA2-4B69-B9EA-6FA4A9B7D53} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8CDCA14-9FBA-4A8C-AC2-58A74CF1455} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BACEBDA0-FA9D-4B04-A2AD-BF9B66788E88} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4853D7B-C215-4F6C-866E-61427A6336} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC6A2183-91DF-4A6C-BF63-6E1868D3A1A4} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0CC9549-7020-4C5B-9194-EBF4A216EC2} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8BD340F-E59C-4D0A-A7CE-72447567F7B} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDFAFA04-7E39-43AA-B093-9566CFE3295} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E451B79D-3FCF-421D-A946-9F202811B18} [C:\Program Files\SensePlus (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0FC44D1-E13D-431C-8AC-DE7B788C7AD3} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F95B6EAB-D2C7-4C23-826-3E958D744AC1} [C:\Program Files\iWebar (Not File)]  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdncache-a.akamaihd.net [227]  =>PUP.Optional.Browser
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\systweak.com []  =>PUP.Optional.SystSupportDock
DELETED key*: HKCU\Software\Start Page []  =>PUP.Optional.WidgiToolbar
DELETED key*: HKLM\SOFTWARE\Classes\..9 [YouetubeAdBlocke]  =>PUP.Optional.Generic
DELETED key*: HKLM\SOFTWARE\Classes\BuyNsave.BuyNsave [BuyNsAve]  =>PUP.Optional.BuyNSave
DELETED key*: HKLM\SOFTWARE\Classes\BuyNsave.BuyNsave.9 [BuyNsAve]  =>PUP.Optional.BuyNSave
DELETED key*: HKLM\SOFTWARE\Classes\CLSID\{36ce2cd0-41dc-4ccc-b914-b0e00d22dfd2} [YouetubeAdBlocke]  =>PUP.Optional.YouTubeAdBlock
DELETED key*: HKLM\SOFTWARE\Classes\CLSID\{5cb2688f-cf29-4776-885b-964cc2b20390} [HaPpY2Save]  =>PUP.Optional.Happy2Save
DELETED key*: HKLM\SOFTWARE\Classes\CLSID\{ac365cee-84fc-4443-a32d-bba5101584f9} [BuyNsAve]  =>PUP.Optional.BuyNSave
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Advanced System~Protector []  =>PUP.Optional.AdvancedSystemProtector
DELETED key*: HKLM\SOFTWARE\Systweak []  =>.Superfluous.Systweak
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5092715B-E66F-449E-80FE-FF871DE1280D} [Company]  =>PUP.Optional.Company
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caMyciloP.exe []  =>PUP.Optional.caMycilo
DELETED key: HKLM\SOFTWARE\Classes\CLSID\{36ce2cd0-41dc-4ccc-b914-b0e00d22dfd2}\InprocServer32 [C:\Program Files\YouetubeAdBlocke\HjUATx5SB9lTIz.dll (Not File)]  =>Adware.Sambreel


---\\  Summary of the elements found (16)
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Monetization
http://www.nicolascoolman.fr/?p=180  =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/pup-objectbrowser/  =>PUP.Optional.ObjectBrowser
http://www.nicolascoolman.fr/ppup-optional-swiftsearch/  =>.Superfluous.SwiftSearch
http://www.nicolascoolman.fr/pup-systweak/  =>.Superfluous.Systweak
http://www.nicolascoolman.fr/?p=546  =>PUP.Optional.Browser
http://www.nicolascoolman.fr/?p=1209  =>PUP.Optional.SystSupportDock
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.WidgiToolbar
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Generic
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.BuyNSave
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.YouTubeAdBlock
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Happy2Save
http://www.nicolascoolman.fr/?p=336  =>PUP.Optional.AdvancedSystemProtector
http://www.nicolascoolman.fr/link-657/  =>PUP.Optional.Company
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.caMycilo
http://www.nicolascoolman.fr/pup-optional-sambreel/  =>Adware.Sambreel


---\\  Other deletions. (9)
~ Registry Keys Tracing deleted (9)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 906
~ Items found : 0
~ Items cancelled : 2
~ Items repaired : 82


~ End of clean in 00h01mn48s
===================
ZHPCleaner-[R]-08022016-09_41_28.txt
ZHPCleaner--05022016-09_00_54.txt
ZHPCleaner--08022016-09_38_59.txt
 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by burgas (2016-02-08 09:44:41) Run:3
Running from C:\Users\burgas\Downloads
Loaded Profiles: burgas (Available Profiles: burgas)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
C:\Program Files\BitTorrent\bin\222ae069-bbae-484e-bf35-e27aaf375bc7
Folder: C:\Program Files\BitTorrent
C:\Users\burgas\AppData\Roaming\e60ac6ff-0c07-404d-8ced-7ce556cd4298
cmd: Dir "C:\Users\burgas\AppData\Roaming" /a:i /o:gd
cmd: dir "C:\Users\burgas\AppData\Local\Microsoft\Start Menu"
cmd: del "C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\*.*" /f /s /q
DeleteKey: HKEY_USERS\S-1-5-21-1576859958-4174361920-3613543742-1000\SOFTWARE\SYSTWEAK
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{444785F1-DE89-4295-863A-D46C3A781394}
cmd: sc query wscsvc
end
*****************

C:\Program Files\BitTorrent\bin\222ae069-bbae-484e-bf35-e27aaf375bc7 => moved successfully

========================= Folder: C:\Program Files\BitTorrent ========================

2015-03-10 09:12 - 2015-03-10 09:12 - 0000190 _____ () C:\Program Files\BitTorrent\BitTorrent.exe.config
2016-01-28 16:37 - 2016-02-01 10:31 - 0002304 _____ () C:\Program Files\BitTorrent\config.conf
2016-01-28 19:37 - 2016-02-08 09:44 - 0000000 ____D () C:\Program Files\BitTorrent\bin
2016-02-01 10:30 - 2016-02-01 10:30 - 0000000 ____D () C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0

====== End of Folder: ======

C:\Users\burgas\AppData\Roaming\e60ac6ff-0c07-404d-8ced-7ce556cd4298 => moved successfully

=========  Dir "C:\Users\burgas\AppData\Roaming" /a:i /o:gd =========

 Volume in drive C is Windows
 Volume Serial Number is CABE-F4F5

 Directory of C:\Users\burgas\AppData\Roaming

20.11.2010  22:57    <DIR>          Identities
02.09.2014  09:00    <DIR>          DAEMON Tools Lite
05.09.2014  09:43    <DIR>          Mozilla
05.09.2014  09:57    <DIR>          TeamViewer
05.09.2014  10:00    <DIR>          Thunderbird
05.09.2014  10:35    <DIR>          HP
05.09.2014  14:39    <DIR>          Macromedia
21.10.2014  09:21    <DIR>          WinRAR
25.11.2014  17:41    <DIR>          uTorrent
20.02.2015  16:28    <DIR>          COWON
24.04.2015  08:43    <DIR>          Adobe
28.04.2015  08:59    <DIR>          Foxit Software
02.02.2016  17:41    <DIR>          Microsoft
08.02.2016  09:43    <DIR>          ZHP
08.02.2016  09:44    <DIR>          .
08.02.2016  09:44    <DIR>          ..
               0 File(s)              0 bytes
              16 Dir(s)  42�130�255�872 bytes free

========= End of CMD: =========


=========  dir "C:\Users\burgas\AppData\Local\Microsoft\Start Menu" =========

 Volume in drive C is Windows
 Volume Serial Number is CABE-F4F5

 Directory of C:\Users\burgas\AppData\Local\Microsoft\Start Menu

File Not Found

========= End of CMD: =========


=========  del "C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\*.*" /f /s /q =========

Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{10C6AECE-2FD5-4DDC-F52F-58EEF92EBFBD}
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{38CA3F26-3A55-B8B6-FEFC-BC951505E6D0}-amt_mysites123.exe
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{3EF1B844-DDE2-9FC4-DCDF-647860F8973C}-amisetup9306__10235.exe
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{4A28339D-167A-84C7-D05A-E3BBD47FE87E}
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{56E44A6D-D533-C383-6F4D-D6255D5BD182}-amisetup0932__10235.exe
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{618B0E05-7E57-186C-1F51-B6F416666671}
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{6DD35978-DAF5-F252-9E8C-4077DF8EC623}-amisetup3691__10235.exe
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{764C91D3-78D1-D451-101F-F10A582FA2F9}
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{7EC27753-3B82-409A-A8D3-9DA76E4F9E8C}
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{8FACC3CD-99CE-8E38-5D96-5EB4B0E84257}
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{9707BD38-1AB8-BBCA-911A-881A5E5E71B6}
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{D8C5C0D0-3B44-A133-5E3F-87CD309CE63F}-amt_mysites123.exe
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{DB6BEBAB-DA8D-2CBE-3BA8-E3F6B17AF96D}
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{F88489F2-5292-A296-6EA9-AEE5A5E6B6FD}-Secure Preferences
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{FA0696CE-EC22-EAF1-1A5E-9E6EBE09DDF0}-Secure Preferences
Deleted file - C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{FDB925FC-86A6-0D86-B34B-7A60C8FB67A0}

========= End of CMD: =========

HKEY_USERS\S-1-5-21-1576859958-4174361920-3613543742-1000\SOFTWARE\SYSTWEAK => key not found. 
HKEY_LOCAL_MACHINE\SOFTWARE\SYSTWEAK => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{444785F1-DE89-4295-863A-D46C3A781394} => key removed successfully.

=========  sc query wscsvc =========


SERVICE_NAME: wscsvc 
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 1  STOPPED 
        WIN32_EXIT_CODE    : 1077  (0x435)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

========= End of CMD: =========


==== End of Fixlog 09:46:26 ====

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изникнаха само две малки подробности...има още една изненада в папката на Bittorent и услугата Security Center не работи.

Да поправим и това.

Изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

След това пишете как е положението. ;)

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Според мен всичко е наред. Нямам никакви проблеми нито с интернет браузъра, нито ката цяло с компютъра.

Ето последния лог файл

Fix result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by burgas (2016-02-08 12:06:08) Run:4
Running from C:\Users\burgas\Downloads
Loaded Profiles: burgas (Available Profiles: burgas)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Folder: C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0
C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0
Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
cmd: sc config wscsvc start= auto
Reg: reg add "HKLM\SYSTEM\CurrentControlSet\services\wscsvc" /v Start /t REG_DWORD /d 2 /f
cmd: net start wscsvc
Reboot:
end

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.

========================= Folder: C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0 ========================


====== End of Folder: ======

C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0 => moved successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc" => key was unlocked

=========  sc config wscsvc start= auto =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========


========= reg add "HKLM\SYSTEM\CurrentControlSet\services\wscsvc" /v Start /t REG_DWORD /d 2 /f =========

ЋЇҐа жЁпв  § ўкаиЁ гбЇҐи­®.


========= End of Reg: =========


=========  net start wscsvc =========

The Security Center service is starting.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Това мисля, че не е пълния лог файла. Можете ли да го публикувате отново?

И не е зле да включите System Restore за системния дял:

http://windows.microsoft.com/bg-bg/windows7/create-a-restore-point

След това ще ви дам финалните инструкции как да почистите използваните от нас инструменти.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Fix result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by burgas (2016-02-08 12:06:08) Run:4
Running from C:\Users\burgas\Downloads
Loaded Profiles: burgas (Available Profiles: burgas)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Folder: C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0
C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0
Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
cmd: sc config wscsvc start= auto
Reg: reg add "HKLM\SYSTEM\CurrentControlSet\services\wscsvc" /v Start /t REG_DWORD /d 2 /f
cmd: net start wscsvc
Reboot:
end

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.

========================= Folder: C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0 ========================


====== End of Folder: ======

C:\Program Files\BitTorrent\bin\ed266f3d-46ea-47dc-a8f6-79c52791e1c0 => moved successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc" => key was unlocked

=========  sc config wscsvc start= auto =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========


========= reg add "HKLM\SYSTEM\CurrentControlSet\services\wscsvc" /v Start /t REG_DWORD /d 2 /f =========

ЋЇҐа жЁпв  § ўкаиЁ гбЇҐи­®.


========= End of Reg: =========


=========  net start wscsvc =========

The Security Center service is starting.
The Security Center service was started successfully.


========= End of CMD: =========

The system needed a reboot.

==== End of Fixlog 12:06:15 ====

Включих си и точка на възстановяване

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Готови сме! :)

Ето и няколко финални препоръки:

1. За да почистим използваните от нас инструменти направете следното:

Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools и Purge system restore (трябва да има такава по-подразбиране, но все пак да си кажа) => натиснете бутона Run. Инструмента ще се самоизтрие след като приключи своята задача!

Ако има папки, които не са се изтрили след гореспоменатите процедури пишете и ще ги премахнем ръчно.

2. Проверете за стари приложения с помощта на PatchMyPC или с програмата Secunia Personal Software Inspector.

3. Инсталирайте Unchecky за да се предпазите от адуер по време на инсталацията на даден софтуер.

4. За защита от криптовирусите, освен обновяване на ОС и антивирусната програма е добре да имунизирате системата си с CryptoPrevent и профила Maximum Protection: (Не използвайте последната опция, защото още е бъгава и не работи коректно).

mtBkCIZ.jpg

Ако имате проблеми с инсталацията на програми след използването на CryptoPrevent вижте следните съвети

както и тези

Не забравяйте да изключите и Autorun в Windows, защото криптовирусите могат да се настанят и на външните дискове и флашки и да заразят информацията на тези носители при свързването им с инфектирана система и след това да заразят и други системи при свързването на външните дискове към други компютри (и така да го предадете и на тях). Microsoft са създали автоматичен инструмент за целта => MSFixIt. Добре е също така след като вкарате външния диск дори и при спрян Autorun просто да сканирате буквата на устройството с обновена антивирусна програма преди да започнете да прехвърляте данни от и към външния диск.

Има и други програми, но са главно за напреднали потребители и няма да се спирам много задълбочено на тях, защото са сравнително по-сложни за употреба на средностатистическите потребители.. Затова ще ги пропусна. Добре е да не се спира System RestoreFile History в Windows 8), да не се спира UAC - User Account Control (даже да се направи на максималното ниво на защита), да не се спира SmartScreen (наличен само в Windows 8), да се внимава с прикачените файлове към електронната поща. Добра идея е и да забраните скриптовете, ако не използвате такива с помощта на инструмента - Noscript.exe. Стартирайте го и изберете Disable. Ако ви потрябва да стартирате някога (js или vbs файлове, просто стартирайте инструмента и го направете на Enable). Добре е да се внимава и с PDF файловете (повечето програми позволяват да се изключи java script в PDF четците, да се забрани на PDF файловете да стартират външни програми и да комуникират с интернет и прочие), да се внимава с офис файловете за макрос вируси и експлоити (пак може да се затегне сигурността от настройките на офис пакетите), добре е да се внимава за файлове с двойни разширения (например ако в My Computer => Tools => Folder Options => не е премахната отметката пред "Hide extensions for known file types" ако свалите даден файл от интернет с името image.exe.jpg, вие ще го видите като image.jpg, но всъщност файла ще е image.exe и щом го стартирате това ще задейства и вируса).

5. Добра идея е да инсталирате Malwarebytes Anti-Exploit за да си осигурите спокойствие при сърфиране. Трудничко е, но просто няма как. Потребителите трябва да се научат да проявяват бдителност и хигиена при сърфиране.

6. За подобряване на производителността (ако системата ви се вижда мудна) вижте следните няколко теми:

Оптимизиране на Windows с цел по-добра производителност

Ръководство за поддръжка на Windows (XP, Vista и 7) [Revision 2.0]

Какво да направя, ако компютърът ми работи бавно

7. Проверете системата си актуални драйвери от сайтовете на производителите на компонентите ако ви се занимава (не използвайте програми за автоматично обновяване на драйверите за да си спестите главоболията после) и направете пълна проверка за гадини с наличната ви антивирусна програма за всеки случай.

8. Винаги правете бекъп на важните си документи на външни носители и за не толкова ценните неща на cloud услуги. Научете се да не инсталирате програми от съмнителни източници. Добра идея е да се научите да си създавате огледални образи на текущото работещо състояние на дяла на който се намира Операционната Система. Възстановяването на такъв образ при нужда в пъти по-лесен и бърз начин за връщане на работещото състояние на системата от преинсталация или опит за ръчно премахване на даден проблем. Такъв образ може да се създаде с външна програма като Macrium Reflect Free. Можете да видите и тази тема

Поздрави и усмихната седмица! Ще маркирам случая като РЕШЕН! :bye1:

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от kalinm
      Здравейте,
      Имам проблем с JRT и AdwCleaner. Имам ги и двете, но не могат да се стартират. Като щракна в папката на AdwCleaner, се затваря файловия мениджър (експлорер) и не мога да достигна до .ехе файла. Същото се случва и когато отида на страницата за изтегляне на AdwCleaner. Явно имам някаква зараза. Това се случи, след сваляне на една програма  и се накачиха вируси, които засече Windows Defender и уж ги изчисти, но това остана като проблем.
      Промени се и началната страница за зареждане на мозилата, но го оправих. Дори текстов файл, в заглавието на който има име AdwCleaner не се отворя. По някакъв начин един път успях да отворя програмата AdwCleaner и сканирам компа, която откри доста неща, които  видях в лог файла след сканирането, че са премахнати и докато се наканих да го запаша в друга директория, той се затвори и се е записал в папката на AdwCleaner, която не мога да отворя. Добре че първия текстов лог файл при първоначалното сканиране записах какво е открил, но го преименувах с име промяна.txt , защото с име AdwCleaner(...).тхт не се отваря. Прикачвам го.
      JRT уж се стартира, но приключва без видимо стартиране.
      Въпросът ми е, може ли да ми помогнете с решаването на този проблем.
      За всеки случай, моят Е-майл: kalinm@gbg.bg. Използвам лицензиран Windows 10 Home, който актуализирах да последната версия 1803 на 7 май.
      Интересното е, че и точките за възстановяване на системата ги няма. Все едно че тази опция не е избирана, т.е. казва ми да включа опцията за възстановяване. А беше включена...
      Дефендера казва, че няма вируси, но явно има нещо много нередно.
      А не ми се иска да преинсталирам
      В момента не разполагам с компакт диск за операционната система WINDOWS 10 Home 64 bit for OEM версия 1511, тъй като съм в друго населено място. Имам диск дори и втори, който създадох миналата година с по-новата версия  1607, но не са при мен, но разполагам с  Регистрационния 25-знаков продуктов ключ. Сега съм с Windows 10 Home последната версия 1803, който обнових, но след заразата.
    • от Rustislav Petrov
      Здравейте, от някакво време забелязвам, че компютърът ми започва да се натоварва и вентилаторите бучат по-силно като го оставя да стои без да го пипам да кажем след около 30 мин, също някой път много ми забива, отварям си Task Manager-а и най-натоварващата програма откъм диск и рам е мозилата, която със отворен 1 таб на ютюб и 1 таб facebook ми точи около 3гб рам(което мисля че е твърде много)
      Addition.txt
      FRST.txt
    • от v3cko
      Здравейте , напоследък много често през хром ми дава че е засечен необичаен трафик и да потвърдя че не съм робот
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.04.2018
      Ran by USER (administrator) on NB4-031017 (04-05-2018 10:28:50)
      Running from C:\Users\USER\Downloads
      Loaded Profiles: USER (Available Profiles: USER)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Английски (Съединени щати)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Hewlett-Packard) C:\Windows\System32\hpservice.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
      (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
      (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
      (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
      (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
      (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      (Skillbrains) C:\Program Files\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
      () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
      HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
      HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-14] (Synaptics Incorporated)
      HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)
      HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
      HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-06-29] (Adobe Systems Incorporated)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-05] (AVAST Software)
      HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
      Winlogon\Notify\ScCertProp: wlnotify.dll [X]
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: G - G:\Lenovo_Suite.exe
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: {2266d480-0128-11e8-9d2e-002713343a56} - G:\Lenovo_Suite.exe
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: {b041fd1c-4532-11e8-ad0d-f4ce46ad0471} - G:\HiSuiteDownLoader.exe
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-10-03]
      ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{536A229A-CF6B-40F3-A422-B91758B05919}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{B985E446-CCC9-4317-97EE-CC040A2A18B2}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.bg/
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
      FireFox:
      ========
      FF ProfilePath: C:\Users\USER\AppData\Roaming\K-Meleon\y7sqykvz.default [2018-05-04]
      FF user.js: detected! => C:\Users\USER\AppData\Roaming\K-Meleon\y7sqykvz.default\user.js [2006-04-06]
      FF Homepage: K-Meleon\y7sqykvz.default -> google.bg
      FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-12] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
      FF Plugin: @photodex.com/PhotodexPresenter -> C:\Program Files\Photodex Presenter\npPxPlay.dll [No File]
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-24] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-24] (Google Inc.)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
      Chrome: 
      =======
      CHR HomePage: Default -> hxxp://google.bg/
      CHR StartupUrls: Default -> "hxxps://www.google.bg/"
      CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2018-05-04]
      CHR Extension: (Презентации) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-24]
      CHR Extension: (Документи) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-24]
      CHR Extension: (Google Диск) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-03]
      CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-03]
      CHR Extension: (Chrome Cleaner Pro) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2018-04-20]
      CHR Extension: (Adblock Plus) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27]
      CHR Extension: (Таблици) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-24]
      CHR Extension: (Google Документи офлайн) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-03]
      CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-04-07]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
      CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-03]
      CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02]
      CHR HKLM\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-05] (AVAST Software)
      S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
      S4 ScsiAccess; C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 AIDA64Driver; D:\_Install\AIDA64 Extreme Edition 5.80.4000\kerneld.x32 [44176 2016-10-24] ()
      R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-04-05] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-04-05] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-04-12] (AVAST Software)
      R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100544 2018-04-05] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-04-05] (AVAST Software)
      R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783600 2018-04-05] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-04-05] (AVAST Software)
      R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-04-05] (AVAST Software)
      R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-04-05] (AVAST Software)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2017-10-03] (Disc Soft Ltd)
      S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
      R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [27872 2017-01-11] (LogMeIn, Inc.)
      R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
      R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1805872 2009-07-01] ()
      S4 LMIRfsClientNP; no ImagePath
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-05-04 10:28 - 2018-05-04 10:29 - 000012608 _____ C:\Users\USER\Downloads\FRST.txt
      2018-05-04 10:28 - 2018-05-04 10:28 - 002066432 _____ (Farbar) C:\Users\USER\Downloads\FRST.exe
      2018-05-04 10:28 - 2018-05-04 10:28 - 000000000 ____D C:\FRST
      2018-05-04 00:41 - 2018-05-04 10:00 - 000000000 ____D C:\Users\USER\AppData\Local\Puffin
      2018-05-04 00:41 - 2018-05-04 00:41 - 000000937 _____ C:\Users\Public\Desktop\Puffin.lnk
      2018-05-04 00:41 - 2018-05-04 00:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puffin Browser
      2018-05-04 00:40 - 2018-05-04 00:41 - 000000000 ____D C:\Program Files\Puffin
      2018-05-03 22:47 - 2018-05-03 22:51 - 068539808 _____ (CloudMosa, Inc. ) C:\Users\USER\Downloads\PuffinBetaSetup.exe
      2018-05-02 21:46 - 2018-05-02 21:46 - 000218295 _____ C:\Users\USER\Downloads\14415951001_20180501_1245790475.pdf
      2018-05-02 16:25 - 2018-05-02 16:25 - 000408064 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-05-02 01:17 - 2018-05-02 01:17 - 000109280 _____ C:\Users\USER\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-05-02 01:11 - 2018-05-02 01:11 - 000001264 _____ C:\Users\Public\Desktop\Skype.lnk
      2018-05-02 01:11 - 2018-05-02 01:11 - 000000000 ____D C:\Users\USER\AppData\Roaming\Skype
      2018-05-02 01:11 - 2018-05-02 01:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      2018-05-02 01:09 - 2018-05-02 01:11 - 018529206 _____ (Skype Technologies S.A.) C:\Users\USER\Downloads\Непотвърдено 702826.crdownload
      2018-05-02 01:09 - 2018-05-02 01:10 - 062741696 _____ (Skype Technologies S.A.) C:\Users\USER\Downloads\Skype-8.20.0.9.exe
      2018-04-28 12:22 - 2018-04-28 12:22 - 000001194 _____ C:\Users\Public\Desktop\Easy2Convert JPG to DDS.lnk
      2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\Users\USER\AppData\Roaming\Easy2Convert
      2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy2Convert Software
      2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\Program Files\Easy2Convert Software
      2018-04-28 12:20 - 2018-04-28 12:20 - 003340649 _____ (Easy2Convert Software ) C:\Users\USER\Downloads\jpg2dds.exe
      2018-04-28 12:18 - 2018-04-28 12:18 - 000162944 _____ C:\Users\USER\Downloads\XRG_Nikaz_Sport_R34.dds
      2018-04-28 06:02 - 2018-04-28 06:02 - 000029105 _____ C:\Users\USER\Downloads\XRGT_Alloy2.7z
      2018-04-28 05:35 - 2018-04-28 05:35 - 000000132 _____ C:\Users\USER\Downloads\XRG_BL1_HL_133550.set
      2018-04-28 05:24 - 2018-04-28 05:24 - 000000132 _____ C:\Users\USER\Downloads\XRG_BL1_HL_132690.set
      2018-04-27 20:03 - 2018-04-27 20:03 - 000417869 _____ C:\Users\USER\Downloads\mustang-sport.rar
      2018-04-27 20:02 - 2018-04-27 20:02 - 000474539 _____ C:\Users\USER\Downloads\Непотвърдено 315132.crdownload
      2018-04-27 20:02 - 2018-04-27 20:02 - 000474539 _____ C:\Users\USER\Downloads\Непотвърдено 122074.crdownload
      2018-04-21 23:38 - 2018-04-23 18:54 - 006268764 _____ C:\Users\USER\Documents\NB4-031017.arn
      2018-04-21 23:32 - 2018-04-21 23:32 - 000735888 _____ (Sysinternals - www.sysinternals.com) C:\Users\USER\Downloads\autoruns.exe
      2018-04-21 15:16 - 2017-06-30 11:30 - 000002111 _____ C:\Users\USER\Documents\XFG.cfg_v2
      2018-04-21 15:16 - 2016-01-20 10:53 - 000001528 _____ C:\Users\USER\Documents\XFG.cfg
      2018-04-21 14:38 - 2018-04-21 14:39 - 012258354 _____ C:\Users\USER\Downloads\BMW_M4_14 LB BY MARK.rar
      2018-04-21 11:28 - 2018-04-21 11:28 - 000012006 _____ C:\Users\USER\Downloads\DiscATEST.zip
      2018-04-20 19:08 - 2018-04-20 19:09 - 000000782 _____ C:\DelFix.txt
      2018-04-20 18:10 - 2018-04-20 18:10 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-04-20 18:10 - 2018-03-19 12:57 - 000058656 _____ C:\Windows\system32\Drivers\mbae.sys
      2018-04-20 18:08 - 2018-04-20 18:09 - 073430920 _____ (Malwarebytes ) C:\Users\USER\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4792.exe
      2018-04-14 19:26 - 2018-04-14 19:26 - 001254569 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R12.exe
      2018-04-13 21:28 - 2018-04-13 21:28 - 000001704 _____ C:\Users\USER\Documents\1.txt
      2018-04-09 23:16 - 2018-04-09 23:16 - 001018015 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R11.exe
      2018-04-09 10:31 - 2018-04-09 10:31 - 000000000 ____D C:\Users\USER\AppData\Roaming\Nero
      2018-04-09 07:37 - 2018-04-09 07:37 - 000972765 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R10.exe
      2018-04-07 15:06 - 2018-04-08 07:53 - 000000000 ____D C:\Users\USER\Documents\My Games
      2018-04-07 15:05 - 2018-04-07 15:05 - 000000000 ____D C:\Users\USER\AppData\Roaming\Microsoft Games
      2018-04-07 15:03 - 2018-04-07 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
      2018-04-07 06:57 - 2018-04-07 06:57 - 000974910 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R9.exe
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000413 _____ C:\Users\USER\AppData\Local\UserProducts.xml
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000000 ____D C:\Program Files\Skillbrains
      2018-04-07 06:54 - 2018-04-07 06:54 - 002731128 _____ (Skillbrains ) C:\Users\USER\Downloads\setup-lightshot.exe
      2018-04-06 10:36 - 2018-04-06 10:36 - 000974764 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R8.exe
      2018-04-06 09:51 - 2018-04-06 09:51 - 003148854 _____ C:\Users\USER\Downloads\cheats.bmp
      2018-04-05 10:06 - 2018-04-05 10:06 - 000320728 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-05-04 07:45 - 2018-01-24 22:57 - 000000000 ____D C:\LFS
      2018-05-04 00:41 - 2018-02-26 19:19 - 000000000 ____D C:\Users\USER\AppData\Local\CrashDumps
      2018-05-03 16:48 - 2017-10-03 14:33 - 000000277 _____ C:\ProgramData\HPWALog.txt
      2018-05-03 16:30 - 2009-07-14 07:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-05-03 16:30 - 2009-07-14 07:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-05-03 16:22 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-05-02 17:32 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\NDF
      2018-05-02 16:31 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-05-02 16:31 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-05-02 03:27 - 2017-10-03 14:10 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-05-02 03:27 - 2017-10-03 14:10 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-05-01 16:43 - 2018-03-10 17:08 - 000000000 ____D C:\Users\USER\AppData\Local\PrivaZer
      2018-04-20 11:34 - 2009-07-14 07:53 - 000032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2018-04-15 14:58 - 2017-10-03 15:09 - 000000000 ____D C:\Users\USER\AppData\Roaming\MPC-HC
      2018-04-12 22:07 - 2017-10-03 16:08 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2018-04-10 22:02 - 2017-10-03 14:07 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-04-10 22:02 - 2017-10-03 14:07 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-04-10 22:02 - 2017-10-03 14:07 - 000000000 ____D C:\Windows\system32\Macromed
      2018-04-07 14:08 - 2018-03-23 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Producer
      2018-04-05 10:06 - 2018-01-24 20:07 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000783600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000152344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000100544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      ==================== Files in the root of some directories =======
      2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\AtStart.txt
      2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\DSwitch.txt
      2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\QSwitch.txt
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000003 _____ () C:\Users\USER\AppData\Local\updater.log
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000413 _____ () C:\Users\USER\AppData\Local\UserProducts.xml
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-04-28 21:03
      ==================== End of FRST.txt ============================
      Addition.txt
    • от mamasve
      Здравейте , 
      имам вирус на компютъра , който постоянно ми инсталира икона на десктопа Panda viewer и когато отворя който и да е браузър започва да ме пренасочва към всевъзможни сайтове и практически не мога да си ползвам компа вече . Помощ , моля ! 
    • от AHybuC
      Здравейте!
      От тази сутрин не съм способен нормално да стартирам компютъра си. Веднага щом зареди Windows-a, появява се прозорче, в което пише "Windows has encountered a critical problem and will restart automatically in one minute" и както съобщението гласи, след една минута се рестартирва компютъра. Понякога дори се появява директно синия екран, още преди да е успял да зареди Windows-a, с код на грешката 0x000000F4. Направих пълно сканиране с Malwarebytes и Kaspersky Rescue CD 10, отстраниха проблемите, които откриха, но проблемът с рестартирването е все още присъстващ. Редно е да спомена, че в Safe Mode не изпитвам автоматични рестартирвания. Също така, премахнах отметката от Startup and Recovery -> System Failure -> Automatically Restart, но продължават да са налични рестартирванията, само че отметката я бях премахнал, докато бях в Safe Mode. Не знам дали това е от значение, но все пак исках да спомена това.
       
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15.04.2018
      Ran by IvailoCOMP (administrator) on IVAILOCOMP-PC (18-04-2018 19:02:33)
      Running from C:\Users\IvailoCOMP\Desktop
      Loaded Profiles: IvailoCOMP (Available Profiles: IvailoCOMP)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
      Internet Explorer Version 11 (Default browser: FF)
      Boot Mode: Safe Mode (with Networking)
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
      (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [] => [X]
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\...\Policies\Explorer: [NoSMBalloonTip] 0
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\..\Interfaces\{1290CD49-798E-4B6B-9CB6-A0F176F07BD0}: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Internet Explorer:
      ==================
      BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
      BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-12] (Oracle Corporation)
      BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll => No File
      BHO: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)
      BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-12] (Oracle Corporation)
      BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
      Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
      FireFox:
      ========
      FF ProfilePath: C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default [2018-04-18]
      FF Homepage: Mozilla\Firefox\Profiles\qhtq97on.default -> google.bg
      FF NewTab: Mozilla\Firefox\Profiles\qhtq97on.default -> about:home
      FF Session Restore: Mozilla\Firefox\Profiles\qhtq97on.default -> is enabled.
      FF NewTabOverride: Mozilla\Firefox\Profiles\qhtq97on.default -> Enabled: newtaboverride@agenedia.com
      FF Extension: (Adblocker X) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\@adblock57.xpi [2018-04-11]
      FF Extension: (MEGA) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\firefox@mega.co.nz.xpi [2018-04-13]
      FF Extension: (UniverseView Extension) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\firefox@universeview.ext.xpi [2017-03-01]
      FF Extension: (h264ify) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\jid1-TSgSxBhncsPBWQ@jetpack.xpi [2017-08-03]
      FF Extension: (New Tab Override) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\newtaboverride@agenedia.com.xpi [2018-02-04]
      FF Extension: (Greasemonkey) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-03-17]
      FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\features\{15eba6de-45fd-4321-9dcb-85b0a795c148}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-08] [Legacy]
      FF SearchPlugin: C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\searchplugins\yahoo-lavasoft.xml [2016-07-21]
      FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
      FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-09-28] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-11] ()
      FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-12] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-12] (Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll [2017-03-22] (Nexon)
      FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
      FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
      FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll [No File]
      FF Plugin: @Webzen.com/NPBrowserExt -> C:\Program Files\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll [2012-03-27] (WEBZEN)
      FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
      FF Plugin HKU\S-1-5-21-1339006810-3010099187-1440784813-1001: @fancyguo.com/FancyGame,version=1.0.0.1 -> C:\Users\IvailoCOMP\AppData\Local\Fancy\npfancygame.dll [2015-05-10] (Hongfeng Hengyu (Beijing) Tech Ltd.)
      FF Plugin HKU\S-1-5-21-1339006810-3010099187-1440784813-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\IvailoCOMP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-13] (Unity Technologies ApS)
      FF Plugin HKU\S-1-5-21-1339006810-3010099187-1440784813-1001: xyzgl-plugin@xyz-soft.com -> C:\Program Files\Alfheim\npxyzgl.dll [2012-06-13] (XYZ-SOFT Inc.)
      Chrome:
      =======
      CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S2 CachemanService; C:\Program Files\Cacheman\CachemanServ.exe [210944 2009-05-16] (Outertech) [File not signed]
      S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [382504 2017-05-17] (EasyAntiCheat Ltd)
      S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1353720 2015-07-08] (ESET)
      S2 EslWireHelper; D:\Games\EslWire\service\WireHelperSvc.exe [614416 2014-01-28] ()
      S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [133632 2012-07-25] (Microsoft Corporation) [File not signed]
      S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [930240 2016-06-14] (NVIDIA Corporation)
      R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2283432 2017-06-29] (LogMeIn Inc.)
      S2 HiPatchService; D:\Program Files\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-11] (Hi-Rez Studios) [File not signed]
      S2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [405424 2016-05-27] (LogMeIn, Inc.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes)
      S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [239880 2016-03-11] (McAfee, Inc.)
      S3 npggsvc; C:\Windows\system32\GameMon.des [5284208 2013-10-30] (INCA Internet Co., Ltd.)
      S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
      S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2904000 2016-06-14] (NVIDIA Corporation)
      S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016704 2016-06-14] (NVIDIA Corporation)
      S2 OracleOraDb11g_home1TNSListener; D:\app\IvailoCOMP\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe [512000 2010-03-31] (Oracle Corporation) [File not signed]
      S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [1453384 2018-04-08] (Overwolf LTD)
      S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2014-10-13] ()
      S3 Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [94208 2012-07-25] (Microsoft Corporation) [File not signed]
      S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 1394hub; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
      S3 apf004; C:\Windows\system32\apf004.sys [15112 2015-02-14] ()
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-11-22] (DT Soft Ltd)
      S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202704 2015-07-14] (ESET)
      S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [144536 2015-07-14] (ESET)
      S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [132152 2015-07-14] (ESET)
      R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [31008 2015-02-12] (<Turtle Entertainment>)
      S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [42496 2007-05-15] (Eugene V. Muzychenko) [File not signed]
      R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [167656 2018-04-18] (Malwarebytes)
      S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40160 2018-04-18] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-04-18] (Malwarebytes)
      S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26048 2016-06-14] (NVIDIA Corporation)
      S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-04-14] (NVIDIA Corporation)
      S3 SDGame; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
      S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [63352 2006-07-05] (Protection Technology (StarForce))
      S0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [59776 2006-08-11] (Protection Technology (StarForce))
      S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [33664 2016-03-11] (The OpenVPN Project)
      S3 VSPerfDrv110; C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [55416 2012-07-13] (Microsoft Corporation)
      U4 CiSvc; no ImagePath
      U4 Messenger; no ImagePath
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-04-18 19:02 - 2018-04-18 19:04 - 000014732 _____ C:\Users\IvailoCOMP\Desktop\FRST.txt
      2018-04-18 19:02 - 2018-04-18 19:02 - 000000000 ____D C:\FRST
      2018-04-18 19:01 - 2018-04-18 19:02 - 001763840 _____ (Farbar) C:\Users\IvailoCOMP\Desktop\FRST.exe
      2018-04-18 18:29 - 2018-04-18 18:55 - 000040160 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-04-18 18:29 - 2018-04-18 18:29 - 000167656 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-04-18 18:28 - 2018-04-18 18:28 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-04-18 18:28 - 2018-04-18 18:28 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-04-18 18:28 - 2018-04-18 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-04-18 18:28 - 2018-04-18 18:28 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-04-18 18:28 - 2018-04-18 18:28 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-04-18 18:28 - 2018-03-19 12:57 - 000058656 _____ C:\Windows\system32\Drivers\mbae.sys
      2018-04-18 18:27 - 2018-04-18 18:27 - 073254968 _____ (Malwarebytes ) C:\Users\IvailoCOMP\Desktop\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4766.exe
      2018-04-18 18:22 - 2018-04-18 18:22 - 000001270 _____ C:\Users\IvailoCOMP\Desktop\asda.lnk
      2018-04-18 18:04 - 2018-04-18 18:07 - 000005192 _____ C:\Users\IvailoCOMP\Desktop\Rkill.txt
      2018-04-18 17:54 - 2018-04-18 17:54 - 000003408 ____N C:\bootsqm.dat
      2018-04-18 17:52 - 2018-04-18 17:52 - 000000000 __SHD C:\found.000
      2018-04-18 17:37 - 2018-04-18 17:37 - 000151072 _____ C:\Windows\Minidump\041818-20997-01.dmp
      2018-04-18 17:11 - 2018-04-18 17:11 - 000151312 _____ C:\Windows\Minidump\041818-23821-01.dmp
      2018-04-18 13:42 - 2018-04-18 20:07 - 000000000 ____D C:\Kaspersky Rescue Disk 10.0
      2018-04-18 10:33 - 2018-04-18 10:33 - 000001261 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 18.lnk
      2018-04-18 10:33 - 2018-04-18 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
      2018-04-18 10:26 - 2018-04-18 10:33 - 000000221 _____ C:\Users\Public\Desktop\Ashampoo Deals.url
      2018-04-18 10:26 - 2018-04-18 10:33 - 000000000 ____D C:\ProgramData\Ashampoo
      2018-04-18 10:14 - 2018-04-18 10:18 - 338960384 _____ C:\Users\IvailoCOMP\Desktop\kav_rescue_10.iso
      2018-04-18 10:12 - 2018-04-18 10:12 - 000001270 _____ C:\Users\IvailoCOMP\Desktop\shutdown.exe.lnk
      2018-04-18 10:11 - 2018-04-18 18:54 - 000424982 _____ C:\Windows\ntbtlog.txt
      2018-04-18 10:10 - 2018-04-18 10:10 - 000000000 _____ C:\Users\IvailoCOMP\Desktop\New shortcut.lnk
      2018-04-18 09:57 - 2018-04-18 09:57 - 000151696 _____ C:\Windows\Minidump\041818-19999-01.dmp
      2018-04-18 09:54 - 2018-04-18 09:54 - 000151696 _____ C:\Windows\Minidump\041818-18954-01.dmp
      2018-04-18 09:40 - 2018-04-18 17:37 - 286301067 _____ C:\Windows\MEMORY.DMP
      2018-04-18 09:40 - 2018-04-18 17:37 - 000000000 ____D C:\Windows\Minidump
      2018-04-18 09:40 - 2018-04-18 09:40 - 000152656 _____ C:\Windows\Minidump\041818-29546-01.dmp
      2018-04-16 10:43 - 2018-03-31 04:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
      2018-04-16 10:43 - 2018-03-31 04:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-04-16 10:43 - 2018-03-31 04:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
      2018-04-16 10:43 - 2018-03-31 04:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
      2018-04-16 10:43 - 2018-03-31 04:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
      2018-04-16 10:43 - 2018-03-31 04:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
      2018-04-16 10:43 - 2018-03-31 04:39 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
      2018-04-16 10:43 - 2018-03-31 04:12 - 001310480 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
      2018-04-16 10:43 - 2018-03-31 03:51 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
      2018-04-16 10:43 - 2018-03-31 03:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
      2018-04-16 10:43 - 2018-03-31 03:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
      2018-04-16 10:43 - 2018-03-31 03:51 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
      2018-04-16 10:43 - 2018-03-31 03:51 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
      2018-04-16 10:43 - 2018-03-31 03:49 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
      2018-04-16 10:43 - 2018-03-31 03:49 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-04-16 10:43 - 2018-03-31 03:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
      2018-04-16 10:43 - 2018-03-31 03:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
      2018-04-16 10:43 - 2018-03-31 03:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
      2018-04-16 10:43 - 2018-03-28 10:18 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2018-04-16 10:43 - 2018-03-23 20:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-04-16 10:43 - 2018-03-23 00:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-04-16 10:43 - 2018-03-23 00:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-04-16 10:43 - 2018-03-23 00:04 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-04-16 10:43 - 2018-03-22 23:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-04-16 10:43 - 2018-03-22 23:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-04-16 10:43 - 2018-03-22 23:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-04-16 10:43 - 2018-03-22 23:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-04-16 10:43 - 2018-03-22 23:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-04-16 10:43 - 2018-03-22 23:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-04-16 10:43 - 2018-03-22 23:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-04-16 10:43 - 2018-03-22 23:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-04-16 10:43 - 2018-03-22 23:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-04-16 10:43 - 2018-03-22 23:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-04-16 10:43 - 2018-03-22 23:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-04-16 10:43 - 2018-03-22 23:42 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-04-16 10:43 - 2018-03-22 23:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-04-16 10:43 - 2018-03-22 23:36 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-04-16 10:43 - 2018-03-22 23:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-04-16 10:43 - 2018-03-22 23:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-04-16 10:43 - 2018-03-22 23:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-04-16 10:43 - 2018-03-22 23:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-04-16 10:43 - 2018-03-22 23:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-04-16 10:43 - 2018-03-22 23:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-04-16 10:43 - 2018-03-22 23:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-04-16 10:43 - 2018-03-22 23:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-04-16 10:43 - 2018-03-22 23:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-04-16 10:43 - 2018-03-22 23:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-04-16 10:43 - 2018-03-22 23:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-04-16 10:43 - 2018-03-22 23:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-04-16 10:43 - 2018-03-22 23:15 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-04-16 10:43 - 2018-03-22 23:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-04-16 10:43 - 2018-03-22 23:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-04-16 10:43 - 2018-03-22 22:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-04-16 10:43 - 2018-03-22 22:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-04-16 10:43 - 2018-03-22 22:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-04-16 10:43 - 2018-03-10 20:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
      2018-04-16 10:43 - 2018-03-09 21:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2018-04-16 10:43 - 2018-03-09 21:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2018-04-16 10:43 - 2018-03-09 21:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2018-04-16 10:43 - 2018-03-09 21:12 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2018-04-16 10:43 - 2018-03-09 21:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2018-04-16 10:43 - 2018-03-09 20:31 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2018-04-16 10:43 - 2018-03-06 21:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
      2018-04-16 10:43 - 2018-03-06 21:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
      2018-04-16 10:43 - 2018-03-06 21:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
      2018-04-16 10:43 - 2018-02-22 06:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
      2018-04-16 10:43 - 2018-02-19 00:34 - 000535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
      2018-04-16 10:43 - 2018-02-10 21:49 - 000162496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000154304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000104640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000057024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000053440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000051904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000046272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000032448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000027840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000021696 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
      2018-04-16 10:43 - 2018-02-10 21:49 - 000013504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000011840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
      2018-04-16 10:43 - 2018-02-10 21:48 - 000274624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
      2018-04-16 10:43 - 2018-02-10 21:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
      2018-04-16 10:43 - 2018-02-10 21:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
      2018-04-16 10:43 - 2018-02-10 21:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
      2018-04-16 10:43 - 2018-02-10 21:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
      2018-04-16 10:43 - 2018-02-10 21:23 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
      2018-04-16 10:43 - 2018-02-10 20:36 - 000537600 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
      2018-04-16 10:43 - 2018-02-10 20:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
      2018-04-16 10:43 - 2018-02-10 20:36 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
      2018-04-16 10:43 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
      2018-04-16 10:43 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
      2018-04-16 10:43 - 2018-02-02 21:54 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
      2018-04-16 10:43 - 2018-02-02 21:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
      2018-04-16 10:43 - 2018-02-02 21:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
      2018-04-16 10:43 - 2018-02-02 21:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
      2018-04-16 10:43 - 2018-02-02 21:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
      2018-04-16 10:43 - 2018-02-02 21:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
      2018-04-16 10:43 - 2018-02-02 20:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
      2018-04-16 10:43 - 2018-01-25 17:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
      2018-04-16 10:43 - 2018-01-15 22:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
      2018-04-16 10:43 - 2018-01-12 19:29 - 001309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-04-16 10:43 - 2018-01-12 19:29 - 000250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
      2018-04-16 10:43 - 2018-01-12 19:29 - 000240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-04-16 10:43 - 2018-01-12 19:29 - 000187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-04-16 10:43 - 2018-01-12 19:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
      2018-04-16 10:43 - 2018-01-12 19:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
      2018-04-16 10:43 - 2018-01-12 19:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
      2018-04-16 10:43 - 2018-01-12 19:05 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
      2018-04-16 10:43 - 2018-01-12 19:05 - 000025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
      2018-04-16 10:43 - 2018-01-12 19:05 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
      2018-04-16 10:43 - 2018-01-11 19:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001155584 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001004032 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:54 - 001214184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
      2018-04-16 10:43 - 2018-01-01 04:54 - 000712936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
      2018-04-16 10:43 - 2018-01-01 04:54 - 000201960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
      2018-04-16 10:43 - 2018-01-01 04:54 - 000173288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
      2018-04-16 10:43 - 2018-01-01 04:50 - 000317952 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
      2018-04-16 10:43 - 2018-01-01 04:44 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
      2018-04-16 10:43 - 2018-01-01 04:43 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
      2018-04-16 10:43 - 2018-01-01 04:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
      2018-04-16 10:43 - 2018-01-01 04:43 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
      2018-04-16 10:43 - 2018-01-01 04:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
      2018-04-16 10:43 - 2018-01-01 04:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
      2018-04-16 10:43 - 2018-01-01 04:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
      2018-04-16 10:43 - 2018-01-01 04:38 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-04-16 10:43 - 2018-01-01 04:38 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
      2018-04-16 10:43 - 2018-01-01 04:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
      2018-04-16 10:43 - 2018-01-01 04:38 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
      2018-04-16 10:43 - 2018-01-01 04:36 - 000314368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
      2018-04-16 10:43 - 2018-01-01 04:36 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
      2018-04-16 10:43 - 2017-12-05 18:54 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
      2018-04-16 10:43 - 2017-12-05 18:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
      2018-04-14 17:05 - 2018-04-15 21:31 - 000003238 _____ C:\Users\IvailoCOMP\Desktop\Стражева Кула 14.04.2018.txt
      2018-04-14 14:36 - 2016-06-18 07:13 - 039293587 ____N C:\Users\IvailoCOMP\Desktop\MPS-temi.pdf
      2018-04-11 21:09 - 2018-04-15 22:57 - 000000340 _____ C:\Users\IvailoCOMP\Desktop\Програма за четене на Библията.txt
      2018-04-11 20:05 - 2018-04-11 20:05 - 000724759 _____ C:\Users\IvailoCOMP\Desktop\sbr_BL.pdf
      2018-04-11 02:08 - 2018-03-14 20:18 - 000116928 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
      2018-04-11 02:08 - 2018-03-14 20:14 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 001893376 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
      2018-04-11 02:08 - 2018-03-14 16:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000507392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
      2018-04-09 21:55 - 2018-04-09 21:55 - 000003743 _____ C:\Users\IvailoCOMP\Desktop\Ще бъде ли тя добра съпруга.txt
      2018-04-01 23:39 - 2018-04-01 23:39 - 010353227 _____ C:\Users\IvailoCOMP\Desktop\yp2_BL.pdf
      2018-03-23 22:10 - 2018-03-23 22:10 - 002276028 _____ C:\Users\IvailoCOMP\Desktop\Илиянка.rar
      2018-03-23 22:02 - 2018-03-23 22:14 - 000000000 ____D C:\Users\IvailoCOMP\Desktop\Илиянка
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-04-18 19:00 - 2010-11-21 00:01 - 000785704 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-04-18 19:00 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-04-18 18:57 - 2016-11-18 12:35 - 000000000 ____D C:\Users\IvailoCOMP\AppData\LocalLow\Mozilla
      2018-04-18 18:51 - 2013-11-21 16:12 - 000000000 ____D C:\ProgramData\NVIDIA
      2018-04-18 18:51 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-04-18 18:06 - 2014-10-30 10:05 - 000000000 ____D C:\Windows\pss
      2018-04-18 17:58 - 2017-11-23 09:54 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Local\LogMeIn Hamachi
      2018-04-18 10:38 - 2013-11-21 16:17 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\BitComet
      2018-04-18 10:34 - 2013-11-21 16:05 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\Ashampoo
      2018-04-18 10:34 - 2013-11-21 16:05 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Local\Ashampoo
      2018-04-18 10:32 - 2013-11-21 16:00 - 000000000 ____D C:\Program Files\Ashampoo
      2018-04-18 10:19 - 2013-11-22 16:19 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\DAEMON Tools Lite
      2018-04-18 01:15 - 2009-07-14 07:34 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-04-18 01:15 - 2009-07-14 07:34 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-04-18 01:09 - 2013-12-23 20:48 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\Skype
      2018-04-17 23:11 - 2016-02-29 01:23 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Local\CrashDumps
      2018-04-17 10:17 - 2009-07-14 07:33 - 000452024 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-04-17 10:13 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-04-16 22:13 - 2013-11-21 17:15 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\vlc
      2018-04-15 10:51 - 2013-11-21 16:04 - 000000000 ____D C:\Windows\system32\Macromed
      2018-04-12 19:52 - 2016-07-07 19:51 - 000000000 ____D C:\Program Files\Common Files\Overwolf
      2018-04-12 19:52 - 2013-12-14 11:50 - 000000000 ____D C:\Program Files\Overwolf
      2018-04-12 01:04 - 2014-12-11 09:05 - 000000000 ____D C:\Windows\system32\appraiser
      2018-04-11 11:04 - 2017-07-31 12:21 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-04-11 11:04 - 2017-07-31 12:21 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-04-11 03:13 - 2014-07-15 11:08 - 000000000 ____D C:\Windows\system32\MRT
      2018-04-11 03:06 - 2017-10-11 01:18 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
      2018-04-11 03:06 - 2014-07-15 11:08 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2018-04-08 17:50 - 2018-03-01 23:22 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\.minecraft
      2018-03-29 09:46 - 2013-12-21 10:14 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
      2018-03-28 11:20 - 2016-11-16 21:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2018-03-26 12:53 - 2018-02-26 10:26 - 000000000 ____D C:\Users\IvailoCOMP\Desktop\Songs
      ==================== Files in the root of some directories =======
      2016-03-26 15:29 - 2016-03-28 23:17 - 000000646 _____ () C:\Users\IvailoCOMP\AppData\Roaming\MPQEditor.ini
      2013-11-21 17:59 - 2017-11-03 12:59 - 000007599 _____ () C:\Users\IvailoCOMP\AppData\Local\Resmon.ResmonCfg
      Some files in TEMP:
      ====================
      2017-09-29 10:49 - 2017-10-30 16:41 - 000000000 _____ () C:\Users\IvailoCOMP\AppData\Local\Temp\88653d972532a3bfb1eacaae78f1f650.dll
      2017-09-29 10:49 - 2017-10-30 14:33 - 000000088 _____ () C:\Users\IvailoCOMP\AppData\Local\Temp\a4c3de51ada6927383f066bdc8c54e16.dll
      2018-04-08 08:12 - 2018-04-08 08:12 - 058834376 _____ (Skype Technologies S.A.) C:\Users\IvailoCOMP\AppData\Local\Temp\SkypeSetup.exe
      2018-03-01 23:34 - 2018-03-01 23:23 - 000069259 _____ () C:\Users\IvailoCOMP\AppData\Local\Temp\Uninstall.exe
      2017-08-13 10:55 - 2017-08-13 10:55 - 000750560 _____ (adaware) C:\Users\IvailoCOMP\AppData\Local\Temp\WCU002.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2016-05-09 08:13
      ==================== End of FRST.txt ============================
      Addition.txt
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.