Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

kook

Адуер http://un-stop.com/wpad.dat

Препоръчан отговор


Привет, HJT :)
Днес цял ден антивирусната ми подскача и блокира някаква страница un-stop.com/wpad.dat. Попрочетох в нета какво представлява. Оказа се някакъв вид кофти адуер. Сканирах с МБАМ (прикачил съм скан лога), която откри зловреден ключ от регистъра и уж го изтри, но той отново се появява. Реснах и браузъра (Мозила)... без ефект. Ако може да погледнете и да установим проблема.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
Ran by hristo (administrator) on HRISTO-LAPTOP (29-04-2016 20:17:45)
Running from C:\Users\hristo\Downloads
Loaded Profiles: hristo (Available Profiles: hristo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartupDelayer] => C:\Program Files\Startup Delayer\Startup Launcher.exe [1257544 2014-07-21] (r2 Studios)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-25] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-07] (IDT, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [389368 2014-02-17] (IVT Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-878371416-534066379-273716249-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-878371416-534066379-273716249-1000\...\MountPoints2: G - G:\OriginInstaller.exe
HKU\S-1-5-21-878371416-534066379-273716249-1000\...\MountPoints2: {68d495ce-56b1-11e4-907f-a01d48a8ae2a} - G:\LaunchU3.exe -a
HKU\S-1-5-21-878371416-534066379-273716249-1000\...\MountPoints2: {a6881a01-aa5c-11e4-a10a-a01d48a8ae2a} - G:\LG_PC_Programs.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-878371416-534066379-273716249-1000] => hxxp://un-stop.com/wpad.dat?b086b8b5f759e0af1174f8cf3b134c136742116
Tcpip\..\Interfaces\{114E42A2-F4B3-4376-AEC5-69FA8E0C66E4}: [NameServer] 87.120.67.1

Internet Explorer:
==================
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: iSkysoft Video Converter Ultimate 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-28] (Wondershare)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll [2013-12-16] (Skype Technologies)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File

FireFox:
========
FF ProfilePath: C:\Users\hristo\AppData\Roaming\Mozilla\Firefox\Profiles\ahve1d5k.default-1461948878163
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @spoon.net/Spoon Plugin 3.33 -> C:\Program Files (x86)\Spoon\3.33.637.0\npMozillaSpoonPlugin.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin HKU\S-1-5-21-878371416-534066379-273716249-1000: @acestream.net/acestreamplugin,version=3.0.9 -> C:\Users\hristo\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-878371416-534066379-273716249-1000: @acestream.net/acestreamplugin,version=3.1.2 -> C:\Users\hristo\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-878371416-534066379-273716249-1000: jpl.nasa.gov/NASAEyes -> C:\Users\hristo\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [No File]
FF Plugin HKU\S-1-5-21-878371416-534066379-273716249-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]_xpi
FF Extension: iSkysoft iMedia Converter Deluxe - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]_xpi [2016-04-25]
FF HKU\S-1-5-21-878371416-534066379-273716249-1000\...\Firefox\Extensions: [acewebextension_unlisted[email protected]] - C:\Users\hristo\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found

Chrome:
=======
CHR Profile: C:\Users\hristo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\hristo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-13]
CHR Extension: (No Name) - C:\Users\hristo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-13]
CHR Extension: (No Name) - C:\Users\hristo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-13]
CHR Extension: (No Name) - C:\Users\hristo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-878371416-534066379-273716249-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-878371416-534066379-273716249-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1579880 2014-02-17] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-12-16] (IVT Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-17] (Nitro PDF Software)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2013-11-07] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13317960 2016-04-27] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [51936 2014-01-20] (Ralink Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [168208 2015-07-13] (ESET)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-29] ()
R3 m76usb; C:\Windows\System32\DRIVERS\m76usb.sys [539336 2014-04-29] (Ralink Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216 2016-04-29] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [429272 2013-08-21] (Realsil Semiconductor Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1513208 2013-11-20] (Sunplus)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-11] ()
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [202656 2016-04-29] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [202656 2016-04-29] (Zemana Ltd.)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-29 20:17 - 2016-04-29 20:18 - 00014935 _____ C:\Users\hristo\Downloads\FRST.txt
2016-04-29 20:17 - 2016-04-29 20:17 - 00000000 ____D C:\FRST
2016-04-29 20:14 - 2016-04-29 20:14 - 02376704 _____ (Farbar) C:\Users\hristo\Downloads\FRST64.exe
2016-04-29 20:05 - 2016-04-29 20:05 - 03581504 _____ C:\Users\hristo\Downloads\adwcleaner_5.114.exe
2016-04-29 19:53 - 2016-04-29 19:53 - 00092276 _____ C:\Users\hristo\Desktop\bookmarks.html
2016-04-29 18:20 - 2016-04-29 18:20 - 00000000 _____ C:\autoexec.bat
2016-04-29 18:19 - 2016-04-29 18:19 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-04-29 17:52 - 2016-04-29 17:52 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-04-29 17:52 - 2016-04-29 17:52 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-04-29 17:38 - 2016-04-29 20:10 - 00000000 ____D C:\AdwCleaner
2016-04-29 17:24 - 2016-04-29 20:13 - 00029742 _____ C:\Windows\ZAM.krnl.trace
2016-04-29 17:24 - 2016-04-29 20:11 - 00000119 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-04-29 17:24 - 2016-04-29 17:24 - 00202656 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-04-29 17:24 - 2016-04-29 17:24 - 00202656 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-04-29 17:24 - 2016-04-29 17:24 - 00001144 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-04-29 17:24 - 2016-04-29 17:24 - 00000000 ____D C:\Users\hristo\AppData\Local\Zemana
2016-04-29 17:24 - 2016-04-29 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-04-29 17:24 - 2016-04-29 17:24 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-04-27 14:05 - 2016-04-27 14:24 - 00000000 ____D C:\Users\proba
2016-04-27 13:33 - 2016-04-27 13:33 - 00001646 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Sound+.lnk
2016-04-27 13:33 - 2013-11-07 00:07 - 08157184 _____ (IDT, Inc.) C:\Windows\system32\IDTNHP.dll
2016-04-27 13:33 - 2013-11-07 00:07 - 08131584 _____ (IDT, Inc.) C:\Windows\system32\IDTNGUI.exe
2016-04-27 13:33 - 2013-11-07 00:07 - 06154240 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll
2016-04-27 13:33 - 2013-11-07 00:07 - 02233344 _____ (IDT, Inc.) C:\Windows\system32\IDTNX.dll
2016-04-27 13:33 - 2013-11-07 00:07 - 01897984 _____ (IDT, Inc.) C:\Windows\system32\IDTNC64.cpl
2016-04-27 13:33 - 2013-11-07 00:07 - 01703424 _____ (IDT, Inc.) C:\Windows\sttray64.exe
2016-04-27 13:33 - 2013-11-07 00:07 - 00253952 _____ (IDT, Inc.) C:\Windows\system32\IDTNJ.exe
2016-04-27 13:33 - 2013-03-12 11:19 - 00031804 _____ C:\Windows\system32\SS15DTS.XML
2016-04-27 13:33 - 2011-05-17 17:25 - 00464384 _____ (SRS Labs, Inc.) C:\Windows\system32\slapoi64.dll
2016-04-25 21:05 - 2016-04-25 21:07 - 1913046522 _____ C:\Users\hristo\Desktop\JJoe Satriani Front and Center.avi
2016-04-25 20:27 - 2016-04-25 20:30 - 00000000 ____D C:\Users\hristo\Documents\iSkysoft Video Converter
2016-04-25 20:27 - 2016-04-25 20:27 - 00000000 ____D C:\Users\hristo\AppData\Roaming\iSkysoft Video Converter
2016-04-25 20:26 - 2016-04-29 16:34 - 00000000 ____D C:\ProgramData\iSkysoft Video Converter
2016-04-25 20:26 - 2016-04-25 20:27 - 00000000 ____D C:\ProgramData\iSkysoft
2016-04-25 20:26 - 2016-04-25 20:26 - 00001327 _____ C:\Users\Public\Desktop\iSkysoft Video Converter.lnk
2016-04-25 20:26 - 2016-04-25 20:26 - 00000000 ____D C:\Users\hristo\AppData\Local\iSkysoft
2016-04-25 20:26 - 2016-04-25 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2016-04-25 20:26 - 2016-04-25 20:26 - 00000000 ____D C:\Program Files (x86)\iSkysoft
2016-04-25 20:26 - 2015-02-27 14:54 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio.sys
2016-04-25 20:26 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\ISCM64.dll
2016-04-25 20:26 - 2015-02-27 14:38 - 00214528 _____ () C:\Windows\SysWOW64\ISCM32.dll
2016-04-25 20:24 - 2016-04-25 20:25 - 46597368 _____ (iSkysoft Software ) C:\Program Files (x86)\video-converter-win_full165.exe
2016-04-13 13:09 - 2016-04-13 13:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-08 16:33 - 2016-04-08 16:33 - 05934784 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-29 20:16 - 2014-05-31 20:59 - 00000000 ____D C:\Users\hristo\AppData\Roaming\BitTorrent
2016-04-29 20:15 - 2009-07-14 08:13 - 00785366 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-29 20:15 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-04-29 20:11 - 2014-04-28 17:04 - 00000983 _____ C:\Windows\SysWOW64\bscs.ini
2016-04-29 20:11 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-29 19:51 - 2009-07-14 07:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-29 19:51 - 2009-07-14 07:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-29 19:21 - 2015-01-13 17:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-29 17:34 - 2015-04-01 18:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-29 17:26 - 2014-05-31 16:02 - 00000000 ____D C:\Users\hristo
2016-04-28 20:16 - 2014-08-25 21:32 - 00000000 ____D C:\Users\hristo\AppData\Local\ElevatedDiagnostics
2016-04-28 20:16 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-28 13:42 - 2015-09-24 19:35 - 00000000 ____D C:\Users\hristo\AppData\Roaming\Nitro PDF
2016-04-27 13:33 - 2014-05-31 21:47 - 00000000 ____D C:\Program Files\IDT
2016-04-25 20:43 - 2014-06-01 15:56 - 00000000 ____D C:\Users\hristo\Desktop\Tools
2016-04-21 15:47 - 2014-06-01 18:43 - 00000000 ____D C:\ProgramData\Oracle
2016-04-21 15:18 - 2014-06-01 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-21 15:18 - 2014-06-01 18:42 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-21 15:17 - 2016-02-26 21:03 - 00000000 ____D C:\Users\hristo\.oracle_jre_usage
2016-04-21 15:17 - 2014-06-01 18:42 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-17 23:50 - 2015-01-13 17:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-13 16:39 - 2014-10-20 19:24 - 00000000 ____D C:\Users\hristo\Desktop\UCTM
2016-04-08 16:33 - 2015-01-13 17:11 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 16:33 - 2015-01-13 17:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-08 16:33 - 2015-01-13 17:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-01 01:36 - 2014-06-07 14:22 - 00000000 ____D C:\Users\hristo\AppData\Roaming\DMCache
2016-03-31 18:52 - 2016-03-23 21:17 - 00000000 ____D C:\Users\hristo\Desktop\Daddys.Home.2015.BDRip.x264.DTS-HUD
2016-03-31 18:51 - 2016-03-23 21:29 - 00000000 ____D C:\Users\hristo\Desktop\Star.Wars.Episode.VII.The.Force.Awakens.2015.BRRip.XviD.AC3-iFT

==================== Files in the root of some directories =======

2014-06-01 13:37 - 2015-01-02 23:35 - 73898496 _____ () C:\Program Files\eav_nt64_ENU.msi
2014-06-13 17:40 - 2014-06-13 17:40 - 2782320 _____ (Beepa Pty Ltd) C:\Program Files\Fraps 3.5.99 Build 15618.exe
2014-08-20 20:09 - 2014-08-20 20:09 - 18080656 _____ (Tracker Software Products Ltd                               ) C:\Program Files\PDFXVwer.exe
2015-01-06 14:28 - 2015-01-06 14:29 - 33551464 _____ (Ashampoo GmbH & Co. KG                                      ) C:\Program Files (x86)\ashampoo_burning_studio_free_1.14.5_sm.exe
2014-06-01 12:24 - 2014-06-01 12:24 - 22180353 _____ (Audacity Team                                               ) C:\Program Files (x86)\audacity-win-2.0.5.exe
2014-05-31 20:58 - 2014-05-31 20:59 - 4770672 _____ (BitTorrent, Inc.) C:\Program Files (x86)\BitTorrent-7.2.1.exe
2014-06-02 19:30 - 2014-05-19 18:47 - 32935208 _____ () C:\Program Files (x86)\MSIAfterburnerSetup300.exe
2014-08-22 12:28 - 2014-08-22 12:29 - 35594856 _____ (Skype Technologies S.A.) C:\Program Files (x86)\SkypeSetupFull.exe
2014-09-12 22:37 - 2014-09-12 22:37 - 6308192 _____ (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer_Setup_bg.exe
2016-04-25 20:24 - 2016-04-25 20:25 - 46597368 _____ (iSkysoft Software                                           ) C:\Program Files (x86)\video-converter-win_full165.exe
2014-08-20 22:44 - 2015-07-16 02:11 - 0022016 ___SH () C:\Users\hristo\AppData\Roaming\Thumbs.db
2014-06-01 20:56 - 2015-01-25 17:39 - 0007597 _____ () C:\Users\hristo\AppData\Local\resmon.resmoncfg
2014-08-20 22:39 - 2014-08-20 22:45 - 0864256 _____ () C:\Users\hristo\AppData\Local\SageThumbs.db3

Some files in TEMP:
====================
C:\Users\hristo\AppData\Local\Temp\libeay32.dll
C:\Users\hristo\AppData\Local\Temp\msvcr120.dll
C:\Users\hristo\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-28 18:08

==================== End of FRST.txt ============================

Addition.txt          /           MBAM scan log.txt             /           eset.jpg

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Лог файла от FRST го направихте преди или след като проверихте системата с Malwarebytes Anti-Malware?

 

СТЪПКА 1

 

  • Изтеглете и стартирайте 6sv1DN9.jpgAdwCleaner.exe.
  • Натиснете бутона Scan.
  • AdwCleaner ще започне да проверява компютъра.
  • След като проверката приключи натиснете бутона Clean.
  • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
  • Ще се появи автоматично лог файл с името (AdwCleaner[S1].txt и  AdwCleaner[С1].txt) в C:\Adwcleaner
  • Публикувайте съдържанието на  AdwCleaner[С1].txt в следващия си коментар.

 

СТЪПКА 2

 

Моля изтеглете icon1448041809.pngJunkware Removal Tool на вашия десктоп.

  • Спрете временно работата на защитните програми. Вижте тук ако се затруднявате как.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Натиснете което и да е копче от клавиатурата.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

СТЪПКА 3

 

icon_zps423a0d9f.jpgМоля изтеглете ZHPcleaner и я запазете на вашия десктоп.

  • Стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
  • Кликнете върху Ashampoo_Snap_20140819_13h09m50s_001__zp за да се съгласите с лицензионното споразумение.
  • Изберете бутона y3pI4LR.png.
  • Браузърите ще бъдат затворени автоматично.
  • След края на проверката натиснете бутона Report
  • Ще се създаде лог файл на десктопа. Публикувайте лог файла в следващия си коментар.

 

Това е засега! :)

Поздрави! ;)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Лог файла от ФРСТ го направих след сканирането с МБАМ.
Вирустотал за страницата, която бива блокирана: Вирустотал

Иначе ето логовете от сканиранията с другите 3 програмки..

# AdwCleaner v5.114 - Logfile created 29/04/2016 at 21:20:01
# Updated 27/04/2016 by Xplode
# Database : 2016-04-27.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : hristo - HRISTO-LAPTOP
# Running from : C:\Users\hristo\Downloads\adwcleaner_5.114(1).exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2773 bytes] - [29/04/2016 20:10:26]
C:\AdwCleaner\AdwCleaner[S1].txt - [3417 bytes] - [29/04/2016 17:38:58]
C:\AdwCleaner\AdwCleaner[S2].txt - [3207 bytes] - [29/04/2016 20:05:19]
C:\AdwCleaner\AdwCleaner[S3].txt - [871 bytes] - [29/04/2016 21:20:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [943 bytes] ##########

 

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Ultimate x64
Ran by hristo (Administrator) on ЇҐв 29.04.2016 Ј. at 21:22:56,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 14

Successfully deleted: C:\ProgramData\drivergenius (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\hristo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\hristo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\hristo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\hristo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\hristo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LM90TPXT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\hristo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXIJY418 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LM90TPXT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXIJY418 (Temporary Internet Files Folder)

 

Registry: 0

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ЇҐв 29.04.2016 Ј. at 21:24:23,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~ ZHPCleaner v2016.4.28.59 by Nicolas Coolman (2016/04/28)
~ Run by hristo (Administrator)  (29/04/2016 21:26:21)
~ Site : http://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\hristo\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\hristo\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.


---\\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.


---\\ Result of repair
~ Any repair made
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 67141
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 0


~ End of search in 00h03mn31s
~====================
ZHPCleaner--29042016-21_29_52.txt

Редактирано от kook (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Хммм...моля почистете отново с Malwarebytes Anti-Malware без да рестартирате системата все още.

След това направете следното:

Изтеглете Process Monitor и я разархивирайте на удобно място и стартирайте файла Procmon.exe. От меню Options изберете Enable Boot Logging и потвърдете с OK. Рестартирайте системата. Изчакайте докато проблема се появи пак (поработете малко със системата нормално докато се появи, ако не се появи тогава изчакайте не повече от 5 мин.), стартирайте Process Monitor отново и на въпроса за запазване на събраната информация отговорете с Yes. Запазете файла на удобно място, архивирайте го с архиватор по избор, качете го на някой файлов хостинг и публикувайте линк за изтегляне на архива в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сканирах отново с Малуърбайтс. Намери отново същия ключ от регистъра и го прати в карантината. Дотук добре, но както и преди, ключът се възобнови и при влизане в Мозила (в ИЕ също), ЕСЕТ блокира многократно тази страница un-stop.com ... Направих буутлоговете от ПроцесМонитор-а (станаха 3 на брой, не знам защо, но съм прикачил и трите).

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30.4.2016 г.
Scan Time: 12:17 ч.
Logfile: MBAM LOG.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.30.02
Rootkit Database: v2016.04.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: hristo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 369888
Time Elapsed: 21 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-878371416-534066379-273716249-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, http://un-stop.com/wpad.dat?b086b8b5f759e0af1174f8cf3b134c136742116, Quarantined, [6f8b07add1c88caa1fd2c4eb0afa47b9]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Буутлог

Буутлог-1

Буутлог-2


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Интересно. Според лога от Process Monitor Firefox.exe променя настройките на

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL

P4Tshfo.png

Под това, че сте "Реснах и браузъра (Мозила)" какво точно се разбира - че сте му направили Refresh или сте го преинсталирали?

 

Все пак изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

След това пишете как е положението! ;)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Refresh направих на Мозилата. Не съм я преинсталирал.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изпълнете тогава скрипта и пишете за резултатите. Ако промяна няма тогава ще преинсталираме мозилата, като преди това премахнем всички остатъци от нея с GeekUninstaller.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Положението е същото. Явно трябва да пробваме и с деинстал на браузъра. Пак казвам обаче. Със Интернет експлорера също го има проблемът.

Fixlog.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 9 минути, kook написа:

Положението е същото. Явно трябва да пробваме и с деинстал на браузъра. Пак казвам обаче. Със Интернет експлорера също го има проблемът.

Fixlog.txt

И аз пак казвам firefox.exe променя ключа, който се използва и от IE и е нормално и там да го има проблема.

Изтеглете програмата GeekUninstaller и я запазете на десктопа.

Разархивирайте я и стартирайте файла geek.exe IxXO5oO.jpg
От списъка намерете Mozilla Firefox

Кликнете с десен бутон върху програмата и изберете Uninstall
 
XhV2QLa.png
 
След края на инсталацията ще се отвори прозорец подканващ ви да премахнете всички остатъци от програмата (ако има такива, ако няма този прозорец няма да се появи):
 
Пример за Mozilla браузъра:

geekuninstaller-3.png

Натиснете бутона Finish за да изтриете останките от програмата.

След това вече изтеглете и инсталирайте последната стабилна версия на Mozilla Firefox оттук => https://www.kaldata.com/comments.php?catid=1&id=51239

След това изпълнете скрипта отново и после пишете как е положението.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Преинсталирах Мозила, пуснах скрипта отново, но проблемът все още е налице.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Използвате ли Sync в Mozilla? Ако да, тогава изключете синхронизацията за да сме сигурни, че заразата не се връща от бекъп копието на браузъра. Странен проблем...обикновено се маха доста лесно и дори в момента преглеждам темите на колегите (не правят нищо повече от това, което съм направил аз в темата).

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Sync не използвам.

Хмм, не знам честно казано откъде се появи тоя проблем. ЕСЕТ обаче продължава да сигнализира, блокирайки un-stop.com ...

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Неда да сканираме с още един инструмент:

Изтеглете ZOEK (by Smeenk) и да го запишете на вашия работен плот
Временно деактивирайте вашата антивирусна и антишпионска защита - инструкции при необходимост ще намерите тук

  • Щракнете с десния бутон върху тази икона  51a612a8b27e2-Zoek.pngи изберете RunAsAdmin.jpg Run as Administrator, за да стартирате инструмента.
  • Изчакайте търпеливо, докато  се появи  главната конзола (може да отнеме минута или две).

52b6de58f1952-Zoek_Startpagina_5.0.0.0.P

  • В главния прозорец, моля поставете в следния скрипт:
Цитат

createsrpoint;
IEDefaults;
FFDefaults;
CHRDefaults;
autoclean;

  • Уверете се, че  опцията Scan All Users е маркирана.
  • Натиснете Run Script и изчакайте. Сканирането може да отнеме няколко минути.
  • Когато сканирането приключи, ще се отвори лог файл с име zoek-results.
  • Ако е необходимо рестартиране, той ще се отвори след това.
  • Копирайте съдържанието му в следващия си отговор.

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by hristo on бкЎ 30.04.2016 Ј. at 21:53:43,63.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\hristo\Desktop\zoek.exe    [Scan all users] [Script inserted]

==== System Restore Info ======================

30.4.2016 г. 21:54:38 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\IDM deleted successfully
C:\PROGRA~3\Ubisoft deleted successfully
C:\Users\hristo\AppData\Roaming\25735 deleted successfully
C:\Users\hristo\AppData\Roaming\DMCache deleted successfully
C:\Users\hristo\AppData\Roaming\iSkysoft Video Converter deleted successfully
C:\Users\hristo\AppData\Local\Adobe deleted successfully
C:\Users\hristo\AppData\Local\Opera Software deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\hristo\AppData\Roaming\Mozilla\Firefox\Profiles\m1va6xgc.default\prefs.js:

Added to C:\Users\hristo\AppData\Roaming\Mozilla\Firefox\Profiles\m1va6xgc.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Users\hristo\.android deleted
C:\PROGRA~2\SopCast deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\PROGRA~3\BSD deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\hristo\AppData\Local\Wondershare deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\hristo\AppData\Roaming\Mozilla\Firefox\Profiles\m1va6xgc.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\hristo\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hegneaniplmfjcmohoclabblbahcbjoe - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
hegneaniplmfjcmohoclabblbahcbjoe - No path found[]
mjbepbhonbojpoaenhckjocchgfiaofo - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\hristo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\hristo\AppData\Local\Mozilla\Firefox\Profiles\m1va6xgc.default\cache2 will be emptied at reboot

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=167 folders=61 41196913 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\hristo\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\hristo\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on бкЎ 30.04.2016 Ј. at 22:07:07,38 ======================

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Проблема продължава ли?

Ако да, случайно да използвате интернет от флашка? Питам, защото при един колега именно там бе разковничето. Проблема се получаваше само, когато потребителя ползва интернет, не от вградената си карта, а от флашка.

При друг случай проблема се оправи след преинсталацията на Google Chrome, но вие нямата инсталиран Chrome (това, което имахте бе фалшив профил инсталиран от adware-a, който zoek изтри), а вече преинсталирахте Mozilla Firefox изцяло.

Доста странен проблем.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не, не използвам интернет от флашка. Проблемът се появи като че ли от вчера, когато ръгнах ЛАН кабела за интернета... В момента не съм си вкъщи и ми се налага за няколко дни да ползвам интернет от друг доставчик през ЛАН. Само че и друг път съм го ползвал и съм нямал никакви проблеми... Не знам откъде дойде този адуер.

Редактирано от kook (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

А този IP адрес познат ли ви е? 87.120.67.1

А и не писахте дали проблема продължава.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 1 минута, B-boy/StyLe/ написа:

87.120.67.1

Spoiler
IP Address 87.120.67.1
Host 87.120.67.1
Country Bulgaria
Region Turgovishte
City Antonovo
Postal Code 7970
ISP Neterra Ltd.
Organization IP Networks For SKAT-Omurtag

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Така само цифрите нищо не ми говорят. Но сега проверих в Гуугъл. Явява се, че това е едно от АйПи-тата на доставчика, който ползвам от вчера. Те идваха и правиха настройки по лаптопа, но беше преди почти 2 години. А ползвам така временно интернет от тях от доста време, проблем не съм имал.

Иначе да, ЕСЕТ продължава да блокира многократно ън-стоп.ком

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 1 минута, ExaFlop написа:
  Затвори скритото съдържание
IP Address 87.120.67.1
Host 87.120.67.1
Country Bulgaria
Region Turgovishte
City Antonovo
Postal Code 7970
ISP Neterra Ltd.
Organization IP Networks For SKAT-Omurtag

 

Това съм го видял...исках да видя дали просто знае IP-то на новия доставчик, който ползва и дали съвпада с данните. :)

преди 1 минута, kook написа:

Иначе да, ЕСЕТ продължава да блокира многократно ън-стоп.ком

Едва ли тогава ще можем да направим нещо по въпроса. Сигурно идва нещо от новия доставчик на интернет. Прегледах 100 теми на колеги...това е елементарно за премахване...просто сигурно на новия доставчик мрежата е зоологическа градина.

1. Изтеглете ComboFix от BleepingComputer
и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:
2exprgh.jpg
След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:
29eqjuq.jpg

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.


3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.


4. Ако получите предупреждение от UAC, съгласете се.


5 ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на Combofix, моля да прочетете това: Manually restoring the Internet connection section.


6 Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:
157m978.jpg

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

Забележка: Ако се появи следното съобщение при отварянето на различни програми след завършване на сканирането с Combofix - "illegal operation on a registry key that has been marked for deletion." просто рестартирайте компютъра още веднъж и то ще изчезне.
По време на сканирането не използвайте компютъра си !

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Може би отскоро е станала мрежата им зоологическа градина, защото преди проблеми нямаше. Ето лога от Комбофикс: (Проблемът продължава и след интервенцията на Комбофикс...)

ComboFix 16-04-29.01 - hristo 04.2016 г.  22:47:51.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1033.18.8073.6681 [GMT 3:00]
Running from: c:\users\hristo\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\InViewer
c:\program files (x86)\InViewer\AxInterop.WMPLib.dll
c:\program files (x86)\InViewer\changelog.txt
c:\program files (x86)\InViewer\gpl.txt
c:\program files (x86)\InViewer\Interop.WMPLib.dll
c:\program files (x86)\InViewer\invhelper.exe
c:\program files (x86)\InViewer\inviewer.exe
c:\program files (x86)\InViewer\readme.txt
c:\program files (x86)\InViewer\unins000.dat
c:\program files (x86)\InViewer\unins000.exe
c:\programdata\ntuser.pol
c:\windows\system\bdt52exf.dll
c:\windows\system\bivbx31.32n
c:\windows\winhelp.ini
.
.
(((((((((((((((((((((((((   Files Created from 2016-03-28 to 2016-04-30  )))))))))))))))))))))))))))))))
.
.
2016-04-30 19:52 . 2016-04-30 19:52    --------    d-----w-    c:\users\Default\AppData\Local\temp
2016-04-30 19:19 . 2016-04-30 19:19    --------    d-----w-    C:\zoek
2016-04-30 19:06 . 2016-04-30 19:52    --------    d-----w-    c:\users\hristo\AppData\Local\Temp
2016-04-30 17:21 . 2016-04-30 17:21    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2016-04-30 17:21 . 2016-04-30 17:21    --------    d-----w-    c:\program files\Mozilla Firefox
2016-04-29 18:25 . 2016-04-29 18:29    --------    d-----w-    c:\users\hristo\AppData\Roaming\ZHP
2016-04-29 17:17 . 2016-04-30 17:25    --------    d-----w-    C:\FRST
2016-04-29 15:19 . 2016-04-29 15:19    22704    ----a-w-    c:\windows\system32\drivers\EsgScanner.sys
2016-04-29 14:52 . 2016-04-29 14:52    290304    ----a-w-    c:\windows\SysWow64\subinacl.exe
2016-04-29 14:52 . 2016-04-29 14:52    --------    d-----w-    c:\program files (x86)\Adware Removal Tool by TSA
2016-04-29 14:38 . 2016-04-29 18:20    --------    d-----w-    C:\AdwCleaner
2016-04-29 14:24 . 2016-04-29 14:24    202656    ----a-w-    c:\windows\system32\drivers\zam64.sys
2016-04-29 14:24 . 2016-04-29 14:24    202656    ----a-w-    c:\windows\system32\drivers\zamguard64.sys
2016-04-29 14:24 . 2016-04-29 14:24    --------    d-----w-    c:\program files (x86)\Zemana AntiMalware
2016-04-29 14:24 . 2016-04-29 14:24    --------    d-----w-    c:\users\hristo\AppData\Local\Zemana
2016-04-27 11:05 . 2016-04-27 11:24    --------    d-----w-    c:\users\proba
2016-04-27 10:33 . 2013-11-06 21:07    8157184    ----a-w-    c:\windows\system32\IDTNHP.dll
2016-04-27 10:33 . 2013-11-06 21:07    8131584    ----a-w-    c:\windows\system32\IDTNGUI.exe
2016-04-27 10:33 . 2013-11-06 21:07    6154240    ----a-w-    c:\windows\system32\stlang64.dll
2016-04-27 10:33 . 2013-11-06 21:07    253952    ----a-w-    c:\windows\system32\IDTNJ.exe
2016-04-27 10:33 . 2013-11-06 21:07    2233344    ----a-w-    c:\windows\system32\IDTNX.dll
2016-04-27 10:33 . 2013-11-06 21:07    1897984    ----a-w-    c:\windows\system32\IDTNC64.cpl
2016-04-27 10:33 . 2013-11-06 21:07    1703424    ----a-w-    c:\windows\sttray64.exe
2016-04-27 10:33 . 2011-05-17 14:25    464384    ----a-w-    c:\windows\system32\slapoi64.dll
2016-04-25 17:26 . 2016-04-25 17:26    --------    d-----w-    c:\users\hristo\AppData\Local\iSkysoft
2016-04-25 17:26 . 2016-04-25 17:26    --------    d-----w-    c:\program files (x86)\Common Files\iSkysoft
2016-04-25 17:26 . 2015-02-27 11:38    721263    ----a-w-    c:\windows\SysWow64\ISCM64.dll
2016-04-25 17:26 . 2015-02-27 11:38    214528    ----a-w-    c:\windows\SysWow64\ISCM32.dll
2016-04-25 17:26 . 2015-02-27 11:54    31080    ----a-w-    c:\windows\system32\drivers\VirtualAudio.sys
2016-04-25 17:26 . 2016-04-29 13:34    --------    d-----w-    c:\programdata\iSkysoft Video Converter
2016-04-25 17:26 . 2016-04-25 17:27    --------    d-----w-    c:\programdata\iSkysoft
2016-04-25 17:26 . 2016-04-25 17:26    --------    d-----w-    c:\program files (x86)\iSkysoft
2016-04-25 17:24 . 2016-04-25 17:25    46597368    ----a-w-    c:\program files (x86)\video-converter-win_full165.exe
2016-04-21 12:17 . 2016-04-21 12:17    --------    d-----w-    c:\program files (x86)\Common Files\Java
2016-04-08 13:33 . 2016-04-08 13:33    5934784    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-30 09:16 . 2015-04-01 15:49    192216    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-21 12:17 . 2014-06-01 15:42    97856    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-04-08 13:33 . 2015-01-13 14:11    797376    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-08 13:33 . 2015-01-13 14:11    142528    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-10 11:09 . 2015-04-01 15:49    64896    ----a-w-    c:\windows\system32\drivers\mwac.sys
2016-03-10 11:08 . 2015-04-01 15:49    140672    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2016-03-10 11:08 . 2015-04-01 15:49    27008    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-01-06 11:29 . 2015-01-06 11:28    33551464    ----a-w-    c:\program files (x86)\ashampoo_burning_studio_free_1.14.5_sm.exe
2015-01-02 20:35 . 2014-06-01 10:37    73898496    ----a-w-    c:\program files\eav_nt64_ENU.msi
2014-09-12 19:37 . 2014-09-12 19:37    6308192    ----a-w-    c:\program files (x86)\TeamViewer_Setup_bg.exe
2014-08-22 09:29 . 2014-08-22 09:28    35594856    ----a-w-    c:\program files (x86)\SkypeSetupFull.exe
2014-08-20 17:09 . 2014-08-20 17:09    18080656    ----a-w-    c:\program files\PDFXVwer.exe
2014-06-13 14:40 . 2014-06-13 14:40    2782320    ----a-w-    c:\program files\Fraps 3.5.99 Build 15618.exe
2014-06-01 09:24 . 2014-06-01 09:24    22180353    ----a-w-    c:\program files (x86)\audacity-win-2.0.5.exe
2014-05-31 17:59 . 2014-05-31 17:58    4770672    ----a-w-    c:\program files (x86)\BitTorrent-7.2.1.exe
2014-05-19 15:47 . 2014-06-02 16:30    32935208    ----a-w-    c:\program files (x86)\MSIAfterburnerSetup300.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2014-04-17 1967616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-12-20 292848]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-09-16 134616]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2014-02-17 389368]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-03-31 596504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\system32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\system32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;c:\program files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe;c:\program files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\system32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 m76usb;M76USB Bluetooth Device Driver;c:\windows\system32\DRIVERS\m76usb.sys;c:\windows\SYSNATIVE\DRIVERS\m76usb.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2016-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13 13:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupDelayer"="c:\program files\Startup Delayer\Startup Launcher.exe" [2014-07-20 1257544]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-10-16 444400]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-10-16 407536]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-07-08 5595848]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-11-06 1703424]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{114E42A2-F4B3-4376-AEC5-69FA8E0C66E4}: NameServer = 87.120.67.1
FF - ProfilePath - c:\users\hristo\AppData\Roaming\Mozilla\Firefox\Profiles\m1va6xgc.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SopCast - c:\program files (x86)\SopCast\uninst.exe
AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\setup.exe
AddRemove-{6e8f74e0-43bd-4dce-8477-6ff6828acc07} - c:\programdata\Package Cache\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}\vcredist_x64.exe
AddRemove-{7E575733-1DF5-4064-AE38-289BA932398A}_is1 - c:\program files (x86)\InViewer\unins000.exe
AddRemove-{8e70e4e1-06d7-470b-9f74-a51bef21088e} - c:\programdata\Package Cache\{8e70e4e1-06d7-470b-9f74-a51bef21088e}\vcredist_x86.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-878371416-534066379-273716249-1000_Classes\Wow6432Node\CLSID\{22fea51b-d6d8-4c3d-9dc6-122a63db5967}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000160
"Therad"=dword:00000025
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,37,98,fc,d1,02,1b,64,e6,e3,7d,c9,98,63,5f,7c,e7,2c,63,1a,65,1a,de,\
.
[HKEY_USERS\S-1-5-21-878371416-534066379-273716249-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ac,97,d5,0d,bf,67,dc,7a,06,0b,74,2c,5b,4c,b1,3b,86,de,14,7b,af,
   4b,b9,7e,ec,1d,43,2d,98,53,f7,f8,05,8e,ab,f6,e6,ed,2b,22,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-878371416-534066379-273716249-1000_Classes\Wow6432Node\CLSID\{6d36db83-0dde-4af5-b333-3abf8c8a728e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000005a
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-878371416-534066379-273716249-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b2,f4,d4,68,89,cf,59,5f,0a,14,85,8c,1d,03,cb,64,56,37,a5,f9,58,
   e2,0d,95,8c,65,7f,5b,e5,a5,a0,57,da,6d,ea,bb,24,55,38,a6,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-04-30  22:55:39
ComboFix-quarantined-files.txt  2016-04-30 19:55
.
Pre-Run: 114 021 396 480 bytes free
Post-Run: 113 841 238 016 bytes free
.
- - End Of File - - 345AC29A6FE3D55C60EFA8262CE1F75F
A36C5E4F47E84449FF07ED3517B43A31

 

Редактирано от kook (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изтеглете следния файл и го стартирайте => internet.bat

След рестарта пишете дали проблема остава.

Прикачете и файла c:\check.reg, който трябва да се е създал след изпълнението на bat файла.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Христос Воскресе!

Изтеглих бат файла, но при стартирането му се отваря за много кратко (за части от секундата) конзолата и се затваря светкавично. Нищо не се случва и нито иска рестарт, нито нищо. Създаден файл също няма. Може би нещо не е сработило.. Иначе проблемът още продължава.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да, имаше една грешка в скрипта. Пробвайте с този => http://dox.bg/files/dw?a=e28758ad0a

Прикачете файла => export.reg, който трябва да се е създал на десктопа.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.


  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от ivan.ivanov.543
      Здрасти! Предварително се извинявам за опростеното и неграмотно обяснение, не разбирам много от компютри, надявам се да е достатъчно разбираемо.   
       
      Преди няколко дена си изтеглих един учебник в pdf формат от замунда, но беше заключен от към търсене на думи в него, копиране и принтиране, също така беше много голям (270мб) за да го кача в онлайн програмите за откючване на pdf файлове който намерих, затова реших да потърся офлайн такава, която да изтегля и без да се замисля  изтеглих  и инсталирах първата програма която намерих в гугъл (понежене в замунда не можах да намеря такава) и тя се оказа вирус. След като я инсталирах, започна автоматично да изтегля и инсталира някакви програми. 
       
      Спрях интернета, деинсталирах програмите който бяха се инсталирали (вкючително и първата програма - вируса) и пробвах да пусна windows defender, но пишеше нещо от сорта на "програмата е блокирана от групата" . Пуснах пак интернета за да потъся как в този случай да пусна дефендъра и в момента в който отворих хрома, автоматично се отвори и затвори нов раздел в браузъра и пак започнаха да се теглят и да се инсталират програми. Спрях отново интернета, деинсталирах пак програмите и от допълнителните системни настройки пуснах възстановяване на системата.
       
      След като възстановяването мина, забелязах, че повечето ми файлове завършват на .qewe. и не може да се отворят и като им сменям формата в такъв какъвто си бяха(pdf, jped или mp4) ми изписва "невалиден файл"Потърсих в ютюб "How to remove .qewe virus " цъкнах на един от туториалите с повече гледания и следвах стъпките - натиснах windows key+r, написах msconfig, влязох в boot, после цъкнах на сейфти мод с нетуърк, натиснах ок и после рестартиране, лаптопа се рестартира и влезе в безопасен режим, после влязох в C:/ не помня къде точно, последната директории бяха drivesr и ect или нещо такова и отворих един фаил с notepad, май се казваше host, изтрих последните 2 ред, май бяха някакъв Ip адрес - нз, след това влязох в хром и изтеглих malwarebytes, пуснах я, намери 118 файла, натиснах да ги сложи под карантина и след като програмата си свърши работата, натиснах пак win.key+r, msconfig и махнах тикчето от сейфти буут-а, рестартирах лаптопа и си помислих, че всичко вече ще си е нормално. Когато влизах в хром вече автоматично не се теглеха и инсталираха различни програми, но повечето файлове си останаха .qewe и win.def. не се отваряше.
       
      Потърсих пак в тубата как да оправя дефендъра, намерих туториал, следвах стъпките (win.key+r, regedit, влязох някъде и изтрих един файл) и дефендъра тръгна, пуснах го да сканира - не намери нищо. Потърсих из ютюб малко информация за .qewe - каквъ формат е и т.н, и се оказа, че е някакъв вид криптиране и че вирусът който съм инсталирал се казва ransomware и такива вируси се ползват за искане на подкуп. Подкуп никой не ми е искал, но забелязах нещо странно в фейсбук - някой ми е влязъл в фейсбука с ip адрес от щатите, въпреки, че съм с google authenticator, т.е дори да ми зане паролата, му трябва да въведе код от приложението google authenticator което е инсталирано на телефона ми. Някакви страници е правено от фбка ми, реклами са пускани за някви хранителни добавки и най-странното беше, че когато си смених паролата на фейсбука и се опитах пак да се логна в него от компа, (понеже като си я сменях цъкнах да се лог офне от всички устойства) ми влезе в някакъв съвсем различен фейсбук, без профилна снимка и с някфо странно име. Този фб е бил регнат в деня в който инсталирах вируса и беше регистриран с телефонният ми номер и беше админ на тези страници, от които са се пускали рекламите, т.е в този момен имаше 2 фейсбука с регистриран еднакъв основен телефонен номер. Изтрих страниците от този фейсбук, направих имейл в абв от сорта на [email protected] и сложих този имейл за основен, след това си изтрих телефонният номер от този фб акаунт и после изтрих и самият акаунт. След това като се опитах да се логна в фб с тел.си номер вече си влезе в моят си фб. 
       
      За сега всичко изглежда наред, но не съм сигурен дали съм махнал вируса напълно. Лаптопа си бачка както преди с изключение на това, че се включва по бавно и повечето ми файлове са .qewe. Може ли да ми помогнете да разбера дали наистина съм махнал вируса напълно и как да си възстановя файловете? 
       
    • от porata
      Добър ден след като стартирам пц-то може би 10-на минути след това ми излзиа един прозорец като "цмд" 
      Който се казва Таскенг.ехе интересно ми е дали това  не е вирус тъй като ми казаха че може да е троянец 



       
      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2020
      Ran by GAMEPC (13-04-2020 13:05:30)
      Running from C:\Users\GAMEPC\Downloads
      Windows 7 Home Premium Service Pack 1 (X64) (2017-09-08 09:32:01)
      Boot Mode: Normal
      ==========================================================

      ==================== Accounts: =============================
      Administrator (S-1-5-21-2297230751-1021565052-1431566534-500 - Administrator - Disabled)
      GAMEPC (S-1-5-21-2297230751-1021565052-1431566534-1000 - Administrator - Enabled) => C:\Users\GAMEPC
      Guest (S-1-5-21-2297230751-1021565052-1431566534-501 - Limited - Disabled)
      ==================== Security Center ========================
      (If an entry is included in the fixlist, it will be removed.)
      AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      ==================== Installed Programs ======================
      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
      Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
      Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.344 - Adobe)
      Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.344 - Adobe)
      Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
      AIDA64 Extreme v6.10 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.10 - FinalWire Ltd.)
      Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.3.3 - Electronic Arts, Inc.)
      ATI Catalyst Install Manager (HKLM\...\{DC9C8BC1-72CE-B5FE-EA4F-6D9127E51746}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
      Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
      CpuCoreParking (HKLM-x32\...\{0984C56D-2985-4786-AB62-39AB985E269C}) (Version: 2.1.2.0 - CpuCoreParking)
      DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
      Discord (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Discord) (Version: 0.0.306 - Discord Inc.)
      Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
      Euro Truck Simulator 2 Road to the Black Sea (HKLM-x32\...\Euro Truck Simulator 2 Road to the Black Sea_is1) (Version:  - )
      FiveM (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\CitizenFX_FiveM) (Version:  - The CitizenFX Collective)
      GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.14.5270 - Gretech Corporation)
      Google Chrome (HKLM\...\{DA081EB6-F64C-358C-9BB0-AF1EA8001F34}) (Version: 80.0.3987.163 - Google, Inc.)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
      Heroes of Might and Magic III HD Edition (HKLM-x32\...\SGVyb2Vzb2ZNaWdodGFuZE1hZ2ljSUlJSERFZGl0aW9u_is1) (Version: 1 - )
      Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version:  - )
      House Flipper Garden (HKLM-x32\...\House Flipper Garden_is1) (Version:  - )
      Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
      Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
      Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32\...\{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 - Microsoft Corporation)
      Kinect for Windows Speech Recognition Language Pack (en-CA) (HKLM-x32\...\{9C5505DA-F9C1-46CB-9F8F-AC38F8EA518A}) (Version: 11.0.7400.336 - Microsoft Corporation)
      Kinect for Windows Speech Recognition Language Pack (en-GB) (HKLM-x32\...\{A0186231-0A8B-455A-8A25-B64AABCC11A6}) (Version: 11.0.7400.336 - Microsoft Corporation)
      Kinect for Windows Speech Recognition Language Pack (en-US) (HKLM-x32\...\{8AAA44BB-487E-4D01-AF76-484ACB90DBFE}) (Version: 11.0.7400.336 - Microsoft Corporation)
      Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
      Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains)
      Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
      Microsoft Office Language Pack 2010 - Bulgarian/български (HKLM-x32\...\Office14.OMUI.bg-bg) (Version: 14.0.4763.1021 - Microsoft Corporation)
      Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
      Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
      Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
      Mozilla Firefox 67.0 (x64 bg) (HKLM\...\Mozilla Firefox 67.0 (x64 bg)) (Version: 67.0 - Mozilla)
      Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
      NVIDIA Graphics Driver 442.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 442.74 - NVIDIA Corporation)
      NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
      NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
      OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.2.1 - OBS Project)
      OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
      Origin (HKLM-x32\...\Origin) (Version: 10.5.67.39484 - Electronic Arts, Inc.)
      PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 200317 - Kakao Corp.)
      PotPlayer-64 bit (HKLM-x32\...\PotPlayer64) (Version: 1.7.8556 - Kakao Corp.)
      qBittorrent 4.2.1 (HKLM-x32\...\qBittorrent) (Version: 4.2.1 - The qBittorrent project)
      Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.18.217 - Rockstar Games)
      Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.4.8 - Rockstar Games)
      Shutdown8 (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Shutdown8) (Version: 1.08 - Bandisoft.com)
      Spotify (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Spotify) (Version: 1.1.30.658.gf13cde74 - Spotify AB)
      StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
      Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
      StreamLabels 0.3.1 (only current user) (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\8000d50a-fcb7-5b38-8a3b-a02a0ec79daa) (Version: 0.3.1 - Streamlabs)
      StreamLabels 0.3.8 (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\{8000d50a-fcb7-5b38-8a3b-a02a0ec79daa}) (Version: 0.3.8 - Streamlabs)
      Streamlabs OBS 0.16.3 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 0.16.3 - General Workings, Inc.)
      swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
      TeamSpeak 3 Client (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
      TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
      Uplay (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft)
      VALORANT (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
      Viber (HKLM-x32\...\{0B3F5AEE-47B2-4A5F-8D02-289B7E0828E6}) (Version: 11.9.1.3 - Viber Media S.a.r.l) Hidden
      Viber (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\{8b6836ad-bf1d-4591-9f20-735338e295ea}) (Version: 11.9.1.3 - Viber Media S.a.r.l)
      Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
      WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
      WinRAR 5.50 (64-битова версия) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
      ==================== Custom CLSID (Whitelisted): ==============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\ChromeHTML: ->  <==== ATTENTION
      ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
      ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
      ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
      ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2020-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
      ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
      ==================== Codecs (Whitelisted) ====================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\system32\prodad-codec.dll [607256 2019-10-15] (proDAD GmbH -> proDAD GmbH)
      HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\SysWOW64\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
      HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\SysWOW64\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
      HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\SysWOW64\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
      HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
      HKLM\...\Drivers32: [msacm.lame] => C:\Windows\SysWOW64\lame.ax [245760 2005-08-01] () [File not signed]
      HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
      HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
      HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
      HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
      HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [139264 2004-07-03] () [File not signed]
      HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
      HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
      HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
      HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
      HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
      ==================== Shortcuts & WMI ========================
      (The entries could be listed to be restored or removed.)
      Shortcut: C:\Users\GAMEPC\Desktop\OSC - Пряк път.lnk -> C:\Users\GAMEPC\Desktop\moi neshta\OSC 1.9\OSC.exe (Frawzy) <==== Cyrillic
      ShortcutWithArgument: C:\Users\GAMEPC\Desktop\moi neshta\Tinder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hejiihbkifllpgdfndalmghiodgkefan
      ShortcutWithArgument: C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения в Chrome\Tinder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hejiihbkifllpgdfndalmghiodgkefan
      ShortcutWithArgument: C:\Users\GAMEPC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
      ==================== Loaded Modules (Whitelisted) =============
      2017-09-08 12:27 - 2017-09-08 12:27 - 002651136 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wuaueng2.dll
      ==================== Alternate Data Streams (Whitelisted) ========
      (If an entry is included in the fixlist, only the ADS will be removed.)
      AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
      AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
      AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
      AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [474]
      ==================== Safe Mode (Whitelisted) ==================
      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      ==================== Association (Whitelisted) =================
      ==================== Internet Explorer trusted/restricted ==========
      ==================== Hosts content: =========================
      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
      2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
      ==================== Other Areas ===========================
      (Currently there is no automatic fix for this section.)
      HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.0.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.
      ==================== MSCONFIG/TASK MANAGER disabled items ==
      (If an entry is included in the fixlist, it will be removed.)
      MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
      MSCONFIG\startupreg: EpicGamesLauncher => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
      MSCONFIG\startupreg: FACEIT => "C:\Users\GAMEPC\AppData\Local\FACEITApp\update.exe" --processStart "FACEIT.exe"
      MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
      MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
      MSCONFIG\startupreg: Spotify => C:\Users\GAMEPC\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
      MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      MSCONFIG\startupreg: Viber => "C:\Users\GAMEPC\AppData\Local\Viber\Viber.exe" StartMinimized
      ==================== FirewallRules (Whitelisted) ================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      FirewallRules: [{11074DEE-7B8C-4DC2-AE4C-93DF0A309913}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
      FirewallRules: [{D19357FE-92D5-4C15-865D-6BA1144E3141}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
      FirewallRules: [{21EB0059-8DA7-4F26-8EBC-947F0C4E2AAA}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
      FirewallRules: [{F8BB1871-4D02-4C5E-A222-4D557710B3E1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
      FirewallRules: [{1EE7FB5D-9E25-4DA9-ACB5-D608ECDBB452}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe No File
      FirewallRules: [{84ACAD4A-CAC3-405E-BED8-CCE7B6F558B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe No File
      FirewallRules: [{5C9FEA0E-0037-4228-8A5E-308AD75AC1DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe No File
      FirewallRules: [{FD05E114-41E1-4EC3-B5A2-BBA593EE39E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe No File
      FirewallRules: [{831352BE-7396-43E6-9657-9ED9D8BAB30D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
      FirewallRules: [{AB5ACC3F-22CB-469F-9EB3-8D69417E7CD5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
      FirewallRules: [{43ADA9C0-2E56-45D1-B73D-9C89040C463D}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
      FirewallRules: [{06129773-C563-4DFF-8D34-BEA82843A4F0}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
      FirewallRules: [TCP Query User{0D1FADB8-FCE1-4E0E-B19A-D5490965A994}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
      FirewallRules: [UDP Query User{F6FECCC1-1C2E-45A5-B7AC-EAF4B88229DF}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
      FirewallRules: [TCP Query User{DEFA441A-0140-4630-9B49-0F0DB88705EC}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
      FirewallRules: [UDP Query User{2F3AD7BE-C36D-4E24-BFFA-EED5BE5D11F4}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
      FirewallRules: [{B5E37EE1-9BE1-4B57-9AD5-EEF981D7F031}] => (Allow) D:\SteamLibrary\steamapps\common\TheLongDark\tld.exe () [File not signed]
      FirewallRules: [{DC6EA5CC-0B14-4DA5-BA55-E772E5860678}] => (Allow) D:\SteamLibrary\steamapps\common\TheLongDark\tld.exe () [File not signed]
      FirewallRules: [{FF76D716-DBA6-437A-A34F-847AF6AB88AD}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
      FirewallRules: [{13A0D233-1007-4376-A4B4-1DA27C101ECB}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
      FirewallRules: [TCP Query User{86D55748-40A6-4288-AEF7-2C0B25BDF778}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
      FirewallRules: [UDP Query User{D8AE6DDF-C0F2-475C-AB9C-B84C11DDC8AB}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
      FirewallRules: [TCP Query User{695C8135-FF2C-4E94-9566-E526643684CA}C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe
      FirewallRules: [UDP Query User{3091889E-265D-4648-88DF-CEE54431325D}C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe
      FirewallRules: [{DB2F74E8-C7EB-44B3-81D7-12B84175E2EA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
      FirewallRules: [{E44676E1-030C-4238-B65F-434792B61DE5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
      FirewallRules: [TCP Query User{0E86F5BD-F2B3-4EF9-8B0C-48823DA809CB}D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe No File
      FirewallRules: [UDP Query User{0C5E839A-52EC-40D4-969E-24F12ED8D2D0}D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe No File
      FirewallRules: [TCP Query User{8796E73D-79C0-4D0B-AF34-FB3AF9BCC9BA}D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe No File
      FirewallRules: [UDP Query User{EFB29360-AB3A-4A44-9CB4-EF91CEBDB39C}D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe No File
      FirewallRules: [TCP Query User{91266298-136D-4BB3-8C13-A850A76C9BF1}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [UDP Query User{E3EAEE44-6095-4A5E-BE2F-F3E3F8349E0A}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [{2D541380-97BF-4291-BDBE-2F2228CAEA60}] => (Allow) D:\SteamLibrary\steamapps\common\EasyAntiCheat\EasyAntiCheat.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
      FirewallRules: [{127D37C8-619F-462E-BE1A-E32131065FF4}] => (Allow) D:\SteamLibrary\steamapps\common\EasyAntiCheat\EasyAntiCheat.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
      FirewallRules: [TCP Query User{3DE0592A-8D12-447D-939D-BCA439AFF137}C:\users\gamepc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gamepc\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
      FirewallRules: [UDP Query User{33216198-C2C2-482B-9DC9-2D0D13DBB4FA}C:\users\gamepc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gamepc\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
      FirewallRules: [TCP Query User{270B0322-3799-457B-960A-455318931953}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
      FirewallRules: [UDP Query User{A13AA196-1978-4C67-902B-2460B54A5BBF}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
      FirewallRules: [{59D96386-6E3E-4356-8348-CF3CFA65A81B}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
      FirewallRules: [{FFA55DD9-7016-4EC4-A808-1A467A45E95C}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
      FirewallRules: [TCP Query User{DC649560-4400-4885-84A1-B96EE04BD03C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
      FirewallRules: [UDP Query User{962C91EA-9380-4D1D-8A2F-E951089E3F37}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
      FirewallRules: [TCP Query User{DA0687C4-1D0D-4E01-B34C-68E8FF09FF9F}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
      FirewallRules: [UDP Query User{0C271F5D-81B6-4DA7-A0B8-50362178C932}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
      FirewallRules: [TCP Query User{5EFBA878-9A61-49AC-9416-CAFD7167CF8E}D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe No File
      FirewallRules: [UDP Query User{C837A044-1793-46A0-A9B2-FFC280606631}D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe No File
      FirewallRules: [TCP Query User{6C87ADBA-41D8-49FB-A494-F0A177B7F2E5}D:\12323\icarus\appdata\bin64\launcher.exe] => (Allow) D:\12323\icarus\appdata\bin64\launcher.exe No File
      FirewallRules: [UDP Query User{D3766998-33A3-4AAC-836F-4BC92BA34D50}D:\12323\icarus\appdata\bin64\launcher.exe] => (Allow) D:\12323\icarus\appdata\bin64\launcher.exe No File
      FirewallRules: [TCP Query User{5540B6FC-35DB-4545-AF53-B4FE05B85DD6}D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe] => (Allow) D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe No File
      FirewallRules: [UDP Query User{ED42665E-2CA2-4092-A15B-69F686B8F831}D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe] => (Allow) D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe No File
      FirewallRules: [{A6CE7A48-587B-440C-A6B7-9B3AB8F758E0}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [{CD3B56C1-242C-4706-81ED-FF29362608F3}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [TCP Query User{9A6D9654-27A6-4122-9C9C-4D7727258BAA}C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (cfx-collective) [File not signed]
      FirewallRules: [UDP Query User{E49D6701-B325-4215-8711-030A5EC46C9B}C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (cfx-collective) [File not signed]
      FirewallRules: [{279065A7-F5E9-4060-BA27-39476EE213D2}] => (Allow) C:\Users\GAMEPC\Downloads\bin\BlackDesert32.exe No File
      FirewallRules: [{B218AD4A-5B74-40DE-AB02-A3681FCE9C1C}] => (Allow) C:\Users\GAMEPC\Downloads\bin64\BlackDesert64.exe No File
      FirewallRules: [{10F99049-3DA4-4E89-A086-C023E8CD82B2}] => (Allow) C:\Users\GAMEPC\Downloads\BlackDesert_Launcher.exe No File
      FirewallRules: [{3FD78764-41FE-4680-9342-001EA21ECF27}] => (Allow) C:\Users\GAMEPC\Downloads\BlackDesert_Downloader.exe No File
      FirewallRules: [{CD2DAD40-C60E-41F0-ABBF-63FED12CD684}] => (Allow) D:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe No File
      FirewallRules: [{9BAD4B07-A517-4574-ABA6-922FE4DA36F4}] => (Allow) D:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe No File
      FirewallRules: [TCP Query User{757DFE1C-9664-41C4-B600-E39F75F3E007}D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
      FirewallRules: [UDP Query User{00AC97A7-683C-4F74-9AF6-EBFD84CB000D}D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
      FirewallRules: [TCP Query User{391AE70C-4E68-4DE8-A05A-D56058FAEBFA}D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
      FirewallRules: [UDP Query User{61C858A3-948F-407A-A7BF-2712693C1649}D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
      FirewallRules: [TCP Query User{CBB94106-0926-4293-AA94-864143E7ACDC}D:\city\city car driving\bin\win32\starter.exe] => (Allow) D:\city\city car driving\bin\win32\starter.exe No File
      FirewallRules: [UDP Query User{1602653C-F8D6-481F-B4DE-483B83E4A081}D:\city\city car driving\bin\win32\starter.exe] => (Allow) D:\city\city car driving\bin\win32\starter.exe No File
      FirewallRules: [{D70481FE-EDB4-4F66-A879-015B84C54F1C}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation )
      FirewallRules: [{0255AAE2-A93D-49F6-84EA-91CF71112821}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation )
      FirewallRules: [{3EEC0786-9E2E-4EAC-9CB1-97F68AE8DBDA}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForever.exe () [File not signed]
      FirewallRules: [{F07A3467-6DA2-4A61-BFA9-75DFE2760BAA}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForever.exe () [File not signed]
      FirewallRules: [{7BCD6AF7-E264-49EC-B3DF-0B903C656894}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe () [File not signed]
      FirewallRules: [{9796C8A1-0246-4D08-94F7-97B3A81204AF}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe () [File not signed]
      FirewallRules: [TCP Query User{4194E6A1-B90A-4C01-AAC1-A150648BD511}D:\1.6\hl.exe] => (Allow) D:\1.6\hl.exe No File
      FirewallRules: [UDP Query User{39B944DB-8264-4416-BBBA-052EEC50F7FC}D:\1.6\hl.exe] => (Allow) D:\1.6\hl.exe No File
      FirewallRules: [TCP Query User{857D0C4A-0661-4E7D-B23A-735FF8ADABA1}D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe No File
      FirewallRules: [UDP Query User{29AE9F40-6F4A-4698-8241-A75FE2382548}D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe No File
      FirewallRules: [TCP Query User{92B59CE8-E0C7-43A9-9D55-2AEDA2AA9FA5}D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
      FirewallRules: [UDP Query User{8AEEF23D-67B8-4B6C-9DA0-D61F44EFC129}D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
      FirewallRules: [{A383D054-F8C2-45B5-A517-E63819807BB6}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [{FD87341A-3B7F-44E8-B09F-ADFBDF1B247D}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [{2C2C2027-2BB8-4A51-9A9C-ED9A4BBCB358}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe No File
      FirewallRules: [{9B1767CE-81DE-4826-8906-9DEFCC351FAB}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe No File
      FirewallRules: [{E2FEE995-77A6-4556-A200-30CB17D4ABA6}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe No File
      FirewallRules: [{DFB2A3C2-EA05-4944-B38A-7A85B48E8A1F}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe No File
      FirewallRules: [TCP Query User{5A72CD9B-BF9D-4B23-A72B-26D40F24F859}D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
      FirewallRules: [UDP Query User{8312C3A6-76BE-4C56-A5A6-DE950D9F08F1}D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
      FirewallRules: [TCP Query User{F64B2B06-1EDF-4393-8640-332BC5898996}D:\apex\apex\r5apex.exe] => (Allow) D:\apex\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
      FirewallRules: [UDP Query User{E2BBA317-E554-46F4-9705-DB7E4991BF19}D:\apex\apex\r5apex.exe] => (Allow) D:\apex\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
      FirewallRules: [TCP Query User{06645CA2-731E-4100-8BFC-CF2887EC9BD4}C:\users\gamepc\appdata\local\fivem\fivem.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.exe (cfx-collective) [File not signed]
      FirewallRules: [UDP Query User{68EFF667-1BA0-46F4-B7E4-B8AC10475E9D}C:\users\gamepc\appdata\local\fivem\fivem.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.exe (cfx-collective) [File not signed]
      FirewallRules: [{B94666B2-3213-45DC-9A55-A01D147CA93D}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
      FirewallRules: [{35AD171F-75C6-469B-A634-4E9ABEFB99C0}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
      FirewallRules: [TCP Query User{8333A1F9-D09D-4985-B9CD-10A78C408300}C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe (Innovative Digital Technologies -> )
      FirewallRules: [UDP Query User{D9E8A289-BA55-45AE-A241-45085DACBF2D}C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe (Innovative Digital Technologies -> )
      FirewallRules: [{F60269A0-9AA8-46D8-98B9-0A888500723C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
      FirewallRules: [{C584D871-7182-4224-96CC-26C664539C6B}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
      FirewallRules: [TCP Query User{0E05C3B9-C433-4C3A-8C01-FF69520BF241}C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe] => (Allow) C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe No File
      FirewallRules: [UDP Query User{76E5872D-7EB0-40F2-9AD9-61CD16A593A8}C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe] => (Allow) C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe No File
      FirewallRules: [TCP Query User{20420812-2158-4116-BD8E-FE273007CA43}C:\users\gamepc\downloads\fivem.exe] => (Allow) C:\users\gamepc\downloads\fivem.exe (cfx-collective) [File not signed]
      FirewallRules: [UDP Query User{1C53FDAE-2CE7-44AD-8F95-828A28E4D6B1}C:\users\gamepc\downloads\fivem.exe] => (Allow) C:\users\gamepc\downloads\fivem.exe (cfx-collective) [File not signed]
      FirewallRules: [TCP Query User{0DE874C5-C399-4C71-A2FB-7D012892D73B}C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe No File
      FirewallRules: [UDP Query User{201BA7D9-6E59-4592-89FE-45240B104987}C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe No File
      FirewallRules: [TCP Query User{42114D4D-52E5-4B29-A4B1-5EA3A87CE648}D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe No File
      FirewallRules: [UDP Query User{ADC3D6A5-74A9-43BE-9C8E-0EA092058F7B}D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe No File
      FirewallRules: [{5C7D63B1-F70B-4ED6-A325-B196C2FEBB19}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
      FirewallRules: [{0ECBF459-D321-4FFE-A103-D92F19E70819}] => (Allow) D:\apex\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
      FirewallRules: [{41EE669E-05F2-472E-BD87-338219AB5C30}] => (Allow) D:\apex\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
      ==================== Restore Points =========================
      07-04-2020 04:20:29 Планирана контролна точка
      08-04-2020 21:01:42 Installed DirectX
      08-04-2020 21:03:15 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
      12-04-2020 03:12:38 Installed DirectX
      12-04-2020 03:14:16 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
      ==================== Faulty Device Manager Devices ============
      Name: Realtek RTL8139/810x Family Fast Ethernet NIC
      Description: Realtek RTL8139/810x Family Fast Ethernet NIC
      Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
      Manufacturer: Realtek Semiconductor Corp.
      Service: RTL8023x64
      Problem: : This device is disabled. (Code 22)
      Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

      ==================== Event log errors: ========================
      Application errors:
      ==================
      Error: (04/13/2020 12:43:23 PM) (Source: SetupARService) (EventID: 0) (User: )
      Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
         at SetupAfterRebootService.SetupARService.OnStart(String[] args)
         at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
      Error: (04/13/2020 12:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Име на приложение с грешки: FreemakeUtilsService.exe, версия: 1.0.0.0, времево клеймо: 0x5e454538
      Име на модул с грешки: KERNELBASE.dll, версия: 6.1.7601.24408, времево клеймо: 0x5c92f101
      Код на изключение: 0xe0434352
      Отместване на грешка: 0x0000c5af
      ИД на процес на грешка: 0x5a4
      Начален час на приложението с грешки: 0x01d61177bc69c281
      Път на приложението с грешки: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
      Път на модула с грешки: C:\Windows\syswow64\KERNELBASE.dll
      ИД на доклад: 078618cf-7d6b-11ea-a16d-94de809321cd
      Error: (04/13/2020 12:41:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
      Description: Application: FreemakeUtilsService.exe
      Framework Version: v4.0.30319
      Description: The process was terminated due to an unhandled exception.
      Exception Info: System.IO.FileNotFoundException
         at FreemakeUtilsService.Program.Main(System.String[])
      Error: (04/12/2020 01:52:27 PM) (Source: SetupARService) (EventID: 0) (User: )
      Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
         at SetupAfterRebootService.SetupARService.OnStart(String[] args)
         at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
      Error: (04/12/2020 01:51:13 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Име на приложение с грешки: FreemakeUtilsService.exe, версия: 1.0.0.0, времево клеймо: 0x5e454538
      Име на модул с грешки: KERNELBASE.dll, версия: 6.1.7601.24408, времево клеймо: 0x5c92f101
      Код на изключение: 0xe0434352
      Отместване на грешка: 0x0000c5af
      ИД на процес на грешка: 0x5a0
      Начален час на приложението с грешки: 0x01d610b83a55eadf
      Път на приложението с грешки: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
      Път на модула с грешки: C:\Windows\syswow64\KERNELBASE.dll
      ИД на доклад: 8671c75e-7cab-11ea-97de-94de809321cd
      Error: (04/12/2020 01:50:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
      Description: Application: FreemakeUtilsService.exe
      Framework Version: v4.0.30319
      Description: The process was terminated due to an unhandled exception.
      Exception Info: System.IO.FileNotFoundException
         at FreemakeUtilsService.Program.Main(System.String[])
      Error: (04/09/2020 09:03:40 AM) (Source: SetupARService) (EventID: 0) (User: )
      Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
         at SetupAfterRebootService.SetupARService.OnStart(String[] args)
         at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
      Error: (04/09/2020 09:02:22 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Име на приложение с грешки: FreemakeUtilsService.exe, версия: 1.0.0.0, времево клеймо: 0x5e454538
      Име на модул с грешки: KERNELBASE.dll, версия: 6.1.7601.24408, времево клеймо: 0x5c92f101
      Код на изключение: 0xe0434352
      Отместване на грешка: 0x0000c5af
      ИД на процес на грешка: 0x5ac
      Начален час на приложението с грешки: 0x01d60e346165c638
      Път на приложението с грешки: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
      Път на модула с грешки: C:\Windows\syswow64\KERNELBASE.dll
      ИД на доклад: ad3e8ed0-7a27-11ea-99ea-94de809321cd

      System errors:
      =============
      Error: (04/13/2020 12:43:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
      Description: Неуспешно зареждане на следния драйвер, който се активира с включване на компютъра или стартиране на системата: 
      cdrom
      Error: (04/13/2020 12:42:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: Услуга Origin Web Helper Service не може да бъде стартирана поради следната грешка: 
      Услугата не отговори навреме на искане за стартиране или управление.
      Error: (04/13/2020 12:42:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Origin Web Helper Service да се свърже.
      Error: (04/13/2020 12:42:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: Услуга Freemake Improver не може да бъде стартирана поради следната грешка: 
      Услугата не отговори навреме на искане за стартиране или управление.
      Error: (04/13/2020 12:42:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Freemake Improver да се свърже.
      Error: (04/12/2020 01:52:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
      Description: Неуспешно зареждане на следния драйвер, който се активира с включване на компютъра или стартиране на системата: 
      cdrom
      Error: (04/12/2020 01:51:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: Услуга Origin Web Helper Service не може да бъде стартирана поради следната грешка: 
      Услугата не отговори навреме на искане за стартиране или управление.
      Error: (04/12/2020 01:51:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Origin Web Helper Service да се свърже.

      CodeIntegrity:
      ===================================
      Date: 2019-06-09 17:12:15.330
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-53D9481D\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 17:12:15.275
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-53D9481D\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 16:10:34.363
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-53D9481D\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 16:10:34.318
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-53D9481D\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 05:58:19.154
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-6F3B2470\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 05:58:19.101
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-6F3B2470\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 05:31:45.759
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-6F3B2470\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 05:31:45.707
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-6F3B2470\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      ==================== Memory info =========================== 
      BIOS: Award Software International, Inc. F4b 04/26/2013
      Motherboard: Gigabyte Technology Co., Ltd. GA-78LMT-S2P
      Processor: AMD FX-8320E Eight-Core Processor 
      Percentage of memory in use: 30%
      Total physical RAM: 16381.54 MB
      Available physical RAM: 11368.57 MB
      Total Virtual: 32761.22 MB
      Available Virtual: 26564.91 MB
      ==================== Drives ================================
      Drive 😄 () (Fixed) (Total:150 GB) (Free:33.1 GB) NTFS
      Drive d: () (Fixed) (Total:781.41 GB) (Free:352.36 GB) NTFS
      \\?\Volume{2f050b3f-9477-11e7-8c98-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
      ==================== MBR & Partition Table ====================
      ==========================================================
      Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0C59AE75)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=781.4 GB) - (Type=05)
      ==================== End of Addition.txt =======================





       
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-04-2020
      Ran by GAMEPC (administrator) on GAMEPC-PC (Gigabyte Technology Co., Ltd. GA-78LMT-S2P) (13-04-2020 13:04:14)
      Running from C:\Users\GAMEPC\Downloads
      Loaded Profiles: GAMEPC (Available Profiles: GAMEPC)
      Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Български (България)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Discord Inc. -> Discord Inc.) C:\Users\GAMEPC\AppData\Local\Discord\app-0.0.306\Discord.exe <6>
      (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <28>
      (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
      (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
      (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
      (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
      ==================== Registry (Whitelisted) ===================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Spotify] => C:\Users\GAMEPC\AppData\Roaming\Spotify\Spotify.exe [22932200 2020-04-09] (Spotify AB -> Spotify Ltd)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [GAMEPC] => explorer.exe hxxp://dinoraptzor.org <==== ATTENTION
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [FACEIT] => "C:\Users\GAMEPC\AppData\Local\FACEITApp\update.exe" --processStart "FACEIT.exe"
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [gtarcade] => "C:\Users\GAMEPC\AppData\Local\Gtarcade\app\gtarcade.exe"   /auto_start=1 
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Discord] => C:\Users\GAMEPC\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\MountPoints2: {2d2c5be0-94b8-11e7-8704-048d38748987} - E:\setup.exe
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\MountPoints2: {609d2171-c4d2-11e7-a1c0-048d38748987} - E:\Lenovo_Suite.exe
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-08] (Google LLC -> Google LLC)
      Startup: C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK [2019-05-20]
      ShortcutTarget: Registration Heroes of Might & Magic 5 - Tribes of the East.LNK -> D:\heroes 3\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe (No File)
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Scheduled Tasks (Whitelisted) ============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      Task: {29CD2B59-F360-4EA0-8046-E993FB989355} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_pepper.exe [1453624 2020-03-11] (Adobe Inc. -> Adobe)
      Task: {31987656-F768-4D69-96DF-7AD4AB429034} - System32\Tasks\update-S-1-5-21-2297230751-1021565052-1431566534-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
      Task: {3DAD135E-7AD5-4D57-B3E2-9E7F6AD9E01C} - System32\Tasks\{76A40252-E785-4407-9A98-34E12F6F05C9} => C:\Windows\system32\pcalua.exe -a "c:\program files (x86)\hi-rez studios\HiRezGamesDiagAndSupport.exe" -c uninstall=0
      Task: {5A3FE129-72EA-42EB-BA09-CBF91559E528} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
      Task: {64503CA0-D96B-485A-A2ED-32E1ADEC5130} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-08] (Google Inc -> Google Inc.)
      Task: {A19D33FF-7FBC-4D6F-B122-FFBC2947D956} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-03-11] (Adobe Inc. -> Adobe)
      Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
      Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
      Task: {C84BADD3-E09D-4A90-9F80-FC6F9C4BF9D6} - System32\Tasks\GAMEPC => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v GAMEPC /t REG_SZ /d "explorer.exe hxxp://dinoraptzor.org" <==== ATTENTION
      Task: {F67C982E-B27B-4B4D-B6F1-B5474BEA2341} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_Plugin.exe [1458232 2020-03-11] (Adobe Inc. -> Adobe)
      Task: {FB761E82-2ABF-4B7D-A0A8-3F00F3533DD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-08] (Google Inc -> Google Inc.)
      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
      Task: C:\Windows\Tasks\update-S-1-5-21-2297230751-1021565052-1431566534-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
      Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{BFE47783-CFC6-4DEE-8858-A9889FC23A55}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{F8E6BFBF-08DD-4CEC-8468-25670AF9DFE4}: [DhcpNameServer] 94.72.140.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      FireFox:
      ========
      FF DefaultProfile: mrpwyf7s.default
      FF ProfilePath: C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default [2020-03-02]
      FF user.js: detected! => C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\user.js [2019-01-02]
      FF Homepage: Mozilla\Firefox\Profiles\mrpwyf7s.default -> google.bg
      FF Notifications: Mozilla\Firefox\Profiles\mrpwyf7s.default -> hxxps://www.instagram.com
      FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\Extensions\[email protected] [2020-01-04]
      FF Extension: (uBlock Origin) - C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\Extensions\[email protected] [2019-01-31]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )
      FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )
      FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.) [File not signed]
      FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR Profile: C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default [2020-04-13]
      CHR Notifications: Default -> hxxps://csgofast.com; hxxps://forum.dmg-inc.com; hxxps://ghost-recon.ubisoft.com; hxxps://tinder.com; hxxps://www.emag.bg
      CHR StartupUrls: Default -> "hxxp://google.bg/"
      CHR DefaultSearchURL: Default -> hxxps://tinder.com/static/android-chrome-192x192.png
      CHR Extension: (Презентации) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Документи) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Диск) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
      CHR Extension: (YouTube) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-08]
      CHR Extension: (Таблици) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Документи офлайн) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-10]
      CHR Extension: (Tinder) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hejiihbkifllpgdfndalmghiodgkefan [2019-04-05]
      CHR Extension: (Hoxx VPN Proxy) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2020-03-17]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
      CHR Extension: (Gmail) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
      CHR Extension: (Chrome Media Router) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-03]
      CHR Profile: C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\System Profile [2020-02-17]
      Opera: 
      =======
      OPR Extension: (uBlock Origin) - C:\Users\GAMEPC\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2020-01-04]
      ==================== Services (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8402648 2019-11-20] (BattlEye Innovations e.K. -> )
      S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291392 2017-08-17] (Disc Soft Ltd -> Disc Soft Ltd)
      S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-11-12] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
      S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2020-02-13] (Mixbyte Inc -> Freemake)
      S3 mracsvc; C:\Windows\System32\mracsvc.exe [18534552 2019-08-24] (Mail.Ru LLC -> LLC Mail.Ru)
      S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [8019808 2018-03-29] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
      S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2495792 2020-04-12] (Electronic Arts, Inc. -> Electronic Arts)
      S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3447608 2020-04-12] (Electronic Arts, Inc. -> Electronic Arts)
      S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1688720 2020-03-05] (Rockstar Games, Inc. -> Rockstar Games)
      S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2017-09-08] (Realtek Semiconductor.) [File not signed]
      S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-11-08] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-06-20] (Microsoft Windows -> Microsoft Corporation)
      R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651136 2017-09-08] (Microsoft Corporation) [File not signed]
      S3 FACEITService; C:/Program Files/FACEIT AC/FACEITService.exe [X]
      R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
      S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe" [X]
      ===================== Drivers (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2017-09-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
      R0 amdsata; C:\Windows\System32\DRIVERS\amdsata.sys [67128 2009-04-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
      R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [28216 2009-04-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
      R0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [16440 2009-05-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
      R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-09-11] (Disc Soft Ltd -> Disc Soft Ltd)
      R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-09-11] (Disc Soft Ltd -> Disc Soft Ltd)
      R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-09-08] (Martin Malik - REALiX -> REALiX(tm))
      R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2017-09-08] (Qualcomm Atheros -> Qualcomm Atheros Co., Ltd.)
      S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [17770920 2019-08-24] (Mail.Ru LLC -> LLC Mail.Ru)
      S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69840 2019-07-18] (NVIDIA Corporation -> NVIDIA Corporation)
      S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [61656 2017-09-08] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
      R3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [34872 2009-04-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
      S3 VOICEMOD_Driver; C:\Windows\System32\drivers\vmdrv.sys [27648 2019-07-02] (Windows (R) Win 7 DDK provider) [File not signed]
      S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
      S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
      S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
      S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One month (created) ===================
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2020-04-13 13:04 - 2020-04-13 13:05 - 000018493 _____ C:\Users\GAMEPC\Downloads\FRST.txt
      2020-04-13 13:03 - 2020-04-13 13:04 - 000000000 ____D C:\FRST
      2020-04-13 13:02 - 2020-04-13 13:03 - 002281984 _____ (Farbar) C:\Users\GAMEPC\Downloads\FRST64.exe
      2020-04-13 13:02 - 2020-04-13 13:02 - 002281984 _____ (Farbar) C:\Users\GAMEPC\Downloads\Непотвърдено 720436.crdownload
      2020-04-12 15:52 - 2020-04-12 15:54 - 021108919 _____ C:\Users\GAMEPC\Downloads\IMG_0571.mov
      2020-04-11 14:13 - 2020-04-11 14:13 - 000013913 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Longest.Railway.Tunnel.2020.1080i.HDTV.x264.torrent
      2020-04-11 14:13 - 2020-04-11 14:13 - 000013724 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Super.Stadium.2020.1080i.HDTV.x264.torrent
      2020-04-11 14:07 - 2020-04-11 14:07 - 000020396 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Tallest.Building.On.Earth.2020.720p.HDTV.x264.torrent
      2020-04-11 14:07 - 2020-04-11 14:07 - 000013420 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Mega.Ship.2020.1080i.HDTV.x264.torrent
      2020-04-10 13:56 - 2020-04-10 13:56 - 000011541 _____ C:\Users\GAMEPC\Downloads\Busty.Coeds.vs.Lusty.Cheerleaders.2011.HDRip.720p.x264.mp4.torrent
      2020-04-09 13:58 - 2020-04-09 14:13 - 169566096 _____ C:\Users\GAMEPC\Downloads\twerk.AVI
      2020-04-09 13:58 - 2020-04-09 14:06 - 058040907 _____ C:\Users\GAMEPC\Downloads\MOV01556.mpeg
      2020-04-07 15:07 - 2020-04-07 15:07 - 000001655 _____ C:\Users\Public\Desktop\VALORANT.lnk
      2020-04-07 15:07 - 2020-04-07 15:07 - 000001655 _____ C:\ProgramData\Desktop\VALORANT.lnk
      2020-04-07 15:07 - 2020-04-07 15:07 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games
      2020-04-07 15:07 - 2020-04-07 15:07 - 000000000 ____D C:\Riot Games
      2020-04-07 15:07 - 2020-04-07 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
      2020-04-07 15:06 - 2020-04-07 15:07 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Riot Games
      2020-04-07 15:06 - 2020-04-07 15:07 - 000000000 ____D C:\ProgramData\Riot Games
      2020-04-07 15:05 - 2020-04-07 15:06 - 068288168 _____ (Riot Games, Inc.) C:\Users\GAMEPC\Downloads\Install VALORANT.exe
      2020-04-06 20:12 - 2020-04-06 20:12 - 000016557 _____ C:\Users\GAMEPC\Downloads\Now.You.See.Me.2013.EXTENDED.480p.BDRip.x265.AC3.BGaudio-REFLUX.torrent
      2020-04-06 20:08 - 2020-04-06 20:08 - 000011672 _____ C:\Users\GAMEPC\Downloads\The.Lone.Ranger.2013.BDRip.x264.BGAUDiO-SLSS.torrent
      2020-04-06 20:05 - 2020-04-06 20:05 - 000014150 _____ C:\Users\GAMEPC\Downloads\Jack.the.Giant.Slayer.2013.576p.BDRip.x265.DUAL-REFLUX.torrent
      2020-04-05 02:03 - 2020-04-05 02:03 - 000151200 _____ C:\Users\GAMEPC\Downloads\The.Penguins.of.Madagascar.2008.DVDRip.XviD.BGAUDIO-nikio96.torrent
      2020-04-04 15:32 - 2020-04-04 15:32 - 000173894 _____ C:\Users\GAMEPC\Downloads\Hawaii.Five-0.S01.720p.WEB-DL.BG.ENG.H.264-smsliverpool.torrent
      2020-04-04 14:41 - 2020-04-04 14:41 - 000053564 _____ C:\Users\GAMEPC\Downloads\Arrival__2016.(subs.sab.bz).rar
      2020-04-04 14:41 - 2020-04-04 14:41 - 000011894 _____ C:\Users\GAMEPC\Downloads\Arrival.2016.576p.BDRIP.x264.AAC-GOD.torrent
      2020-04-02 01:56 - 2020-04-02 01:56 - 000014519 _____ C:\Users\GAMEPC\Downloads\National.Treasure.2004.BRRip.XviD.BGAUDiO-ZmN.torrent
      2020-04-01 02:07 - 2020-04-01 02:07 - 000055713 _____ C:\Users\GAMEPC\Downloads\Meet The Fockers [DVDRip][2004][BGAudio][BugzBunny].avi.torrent
      2020-03-31 23:21 - 2020-03-31 23:21 - 000089245 _____ C:\Users\GAMEPC\Downloads\Addams.Family.Values.1993.1080p.BluRay.x264-SlzD.torrent
      2020-03-31 23:21 - 2020-03-31 23:21 - 000026602 _____ C:\Users\GAMEPC\Downloads\addams.family.values.1993.bluray.bg(subsunacs.net).rar
      2020-03-31 23:19 - 2020-03-31 23:19 - 000026083 _____ C:\Users\GAMEPC\Downloads\the_addams_family(subsunacs.net).zip
      2020-03-31 23:19 - 2020-03-31 23:19 - 000015432 _____ C:\Users\GAMEPC\Downloads\The.Addams.Family.1991.HDTVRip.XviD.AC3-KiNGS.torrent
      2020-03-30 23:36 - 2020-03-31 00:08 - 000000000 ____D C:\Users\GAMEPC\Documents\Assassin's Creed Syndicate
      2020-03-30 23:36 - 2020-03-30 23:36 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\uplay
      2020-03-30 21:17 - 2020-03-30 21:17 - 000058328 _____ C:\Users\GAMEPC\Downloads\Assassin's Creed Syndicate - Gold Edition + v1.5 + All DLCs [FitGirl Repack].torrent
      2020-03-30 20:08 - 2020-03-30 20:08 - 001024240 _____ C:\Users\GAMEPC\Downloads\filmora-idco_setup_full1901.exe
      2020-03-30 20:07 - 2020-03-30 20:07 - 001153264 _____ C:\Users\GAMEPC\Downloads\filmorapro_setup_full4895.exe
      2020-03-30 20:03 - 2020-03-30 20:03 - 000000000 ____D C:\Users\GAMEPC\Documents\New Folder(2)
      2020-03-30 20:03 - 2020-03-30 20:03 - 000000000 ____D C:\Users\GAMEPC\Documents\New Folder(1)
      2020-03-30 20:02 - 2020-03-30 20:02 - 000000000 ____D C:\Users\GAMEPC\Documents\New Folder
      2020-03-30 19:35 - 2020-03-30 19:37 - 135856128 _____ C:\Users\GAMEPC\Downloads\blender-2.82a-windows64.msi
      2020-03-28 04:34 - 2020-03-28 04:35 - 018548431 _____ C:\Users\GAMEPC\Downloads\voicemod crack .rar
      2020-03-28 04:22 - 2020-03-28 04:22 - 023272680 _____ (Voicemod S.L. ) C:\Users\GAMEPC\Downloads\VoicemodSetup.exe
      2020-03-28 04:22 - 2019-07-02 17:50 - 000027648 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\vmdrv.sys
      2020-03-26 16:39 - 2020-03-26 16:39 - 000021708 _____ C:\Users\GAMEPC\Downloads\the_hunt(subsunacs.net).7z
      2020-03-26 16:38 - 2020-03-26 16:38 - 000038078 _____ C:\Users\GAMEPC\Downloads\The.Hunt.2020.1080p.AMZN.WEBRip.DDP5.1.x264-NTG.torrent
      2020-03-25 22:47 - 2019-01-01 00:02 - 006045924 _____ C:\Users\GAMEPC\Desktop\meepoof_legacy_nonQcast.exe
      2020-03-25 22:45 - 2020-03-25 22:45 - 005896438 _____ C:\Users\GAMEPC\Downloads\meepoofv1_legacy_nonQcast.zip
      2020-03-25 02:45 - 2020-03-25 02:45 - 000002971 _____ C:\Users\GAMEPC\Downloads\Unacknowledged.2017.1080p.WEB.x265.AAC-Dr3adLoX.torrent
      2020-03-25 02:42 - 2020-03-25 02:42 - 000013592 _____ C:\Users\GAMEPC\Downloads\Most.Evil.Egocentric.Killers.1080i.HDTV.x264.torrent
      2020-03-24 19:05 - 2020-03-24 19:05 - 000002374 _____ C:\Users\GAMEPC\Desktop\StreamLabels.lnk
      2020-03-24 19:04 - 2020-03-24 19:05 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\streamlabels-updater
      2020-03-23 15:18 - 2020-03-23 15:18 - 000045449 _____ C:\Users\GAMEPC\Downloads\The_Invisible_Man.(subs.sab.bz).zip
      2020-03-23 15:18 - 2020-03-23 15:18 - 000039071 _____ C:\Users\GAMEPC\Downloads\The.Invisible.Man.2020.1080p.WEB-DL.H264.AC3-EVO.torrent
      2020-03-23 15:14 - 2020-03-23 15:14 - 000012215 _____ C:\Users\GAMEPC\Downloads\Toy.Story.4.2019.BRRip.x265.AC3.BGAUDiO-SiSO.torrent
      2020-03-22 14:43 - 2020-03-22 14:43 - 000315856 _____ C:\Users\GAMEPC\Downloads\SHUTDOWN8-SETUP.EXE
      2020-03-22 14:43 - 2020-03-22 14:43 - 000001043 _____ C:\Users\GAMEPC\Desktop\Shutdown8.lnk
      2020-03-22 14:43 - 2020-03-22 14:43 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Shutdown8
      2020-03-22 14:42 - 2020-03-22 14:42 - 000566784 _____ C:\Users\GAMEPC\Downloads\ShutDown.exe
      2020-03-22 14:32 - 2020-03-16 16:07 - 039835432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
      2020-03-22 14:32 - 2020-03-16 16:07 - 022106560 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
      2020-03-22 14:32 - 2020-03-16 16:07 - 018416616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
      2020-03-22 14:32 - 2020-03-16 16:06 - 004257984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 001729440 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
      2020-03-22 14:32 - 2020-03-16 13:10 - 001729440 _____ C:\Windows\system32\vulkaninfo.exe
      2020-03-22 14:32 - 2020-03-16 13:10 - 001329576 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
      2020-03-22 14:32 - 2020-03-16 13:10 - 001329576 _____ C:\Windows\SysWOW64\vulkaninfo.exe
      2020-03-22 14:32 - 2020-03-16 13:10 - 001079208 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 001079208 _____ C:\Windows\system32\vulkan-1.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 000937920 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 000937920 _____ C:\Windows\SysWOW64\vulkan-1.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 000440040 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 000343784 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 127357328 _____ (NVIDIA Corp.) C:\Windows\system32\nvoptix.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 040314976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 029930728 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl64.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 027555560 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtum64.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 025239952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl32.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 011834784 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 010161040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 000420240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 029545584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 022880352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
      2020-03-22 14:32 - 2020-03-16 13:08 - 017464208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 015029992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 004988136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 004447648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 002068368 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001720208 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6444274.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001560808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001482984 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6444274.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001476536 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001363176 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001139832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001057696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000625776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000539880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000517232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000422328 _____ C:\Windows\system32\nvofapi64.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000373360 _____ C:\Windows\SysWOW64\nvofapi.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000182368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000164464 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000158304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000143288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
      2020-03-22 14:32 - 2020-03-16 13:07 - 040502176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
      2020-03-22 14:32 - 2020-03-16 13:07 - 035371424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
      2020-03-22 14:32 - 2020-03-16 13:07 - 000518560 _____ (NVIDIA Corporation) C:\Windows\system32\nvcbl64.dll
      2020-03-22 14:28 - 2020-03-22 14:29 - 554302392 _____ (NVIDIA Corporation) C:\Users\GAMEPC\Downloads\442.74-desktop-win8-win7-64bit-international-whql.exe
      2020-03-21 05:08 - 2020-03-21 05:08 - 000021014 _____ C:\Users\GAMEPC\Downloads\Scooby Doo Mystery Incorporated Season 2 DVDRip BG Audio - SPYRO.torrent
      2020-03-20 16:09 - 2020-03-20 16:09 - 000077329 _____ C:\Users\GAMEPC\Downloads\_Yavka.net_The.Outsider.S01E01.WEBRip.x264-ION10.zip
      2020-03-20 16:09 - 2020-03-20 16:09 - 000041769 _____ C:\Users\GAMEPC\Downloads\The.Outsider.2020.S01E01.WEB.H264-XLF.torrent
      2020-03-20 15:11 - 2020-03-20 15:11 - 000056630 _____ C:\Users\GAMEPC\Downloads\Secret.Window.2004.DVDrip.XviD.Brutus-WORKZ.torrent
      2020-03-20 15:08 - 2020-03-20 15:08 - 000025691 _____ C:\Users\GAMEPC\Downloads\1408.2007.Director_s.Cut.720p.HDDVD.x264_CtrlHD.(subs.sab.bz).rar
      2020-03-20 15:07 - 2020-03-20 15:07 - 000014658 _____ C:\Users\GAMEPC\Downloads\1408.2007.BRRip.XViD.AC3 -playXD.torrent
      2020-03-20 15:03 - 2020-03-20 15:03 - 000014435 _____ C:\Users\GAMEPC\Downloads\Daybreakers.2009.BDRip.x264.AAC.BGAUDiO-SiSO.torrent
      2020-03-20 14:59 - 2020-03-20 14:59 - 000056731 _____ C:\Users\GAMEPC\Downloads\Dreamcatcher.DVDrip.AC3.torrent
      2020-03-19 14:12 - 2020-03-19 14:22 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\ShootersPool
      2020-03-19 14:12 - 2020-03-19 14:12 - 000000000 ____D C:\Users\GAMEPC\Documents\ShootersPool
      2020-03-19 14:12 - 2020-03-19 14:12 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\ShootersPool
      2020-03-19 13:39 - 2020-03-19 13:57 - 1545182216 _____ C:\Users\GAMEPC\Downloads\ShootersPool-1.8.2c_Setup.exe
      2020-03-17 16:31 - 2020-03-17 16:31 - 000033204 _____ C:\Users\GAMEPC\Downloads\swtros_2019_web_unacs_team(subsunacs.net).rar
      2020-03-17 16:30 - 2020-03-17 16:30 - 000027541 _____ C:\Users\GAMEPC\Downloads\Star.Wars.Episode.IX.The.Rise.of.Skywalker.2020.HDRip.AC3.x264-CMRG.torrent
      2020-03-15 14:48 - 2020-03-15 14:48 - 000013669 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Austria's.Mega.Dam.2020.1080i.HDTV.x264.torrent
      2020-03-15 00:26 - 2020-03-15 00:30 - 068914501 _____ C:\Users\GAMEPC\Downloads\FullSizeRender.mov
      2020-03-14 19:01 - 2020-03-14 19:08 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\CitizenFX
      2020-03-14 18:50 - 2020-04-09 18:17 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\FiveM
      2020-03-14 18:50 - 2020-03-14 18:50 - 008885192 _____ (cfx-collective) C:\Users\GAMEPC\Downloads\FiveM.exe
      2020-03-14 18:50 - 2020-03-14 18:50 - 000002024 _____ C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM Singleplayer.lnk
      2020-03-14 18:50 - 2020-03-14 18:50 - 000002016 _____ C:\Users\GAMEPC\Desktop\FiveM Singleplayer.lnk
      2020-03-14 18:50 - 2020-03-14 18:50 - 000002016 _____ C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM.lnk
      2020-03-14 18:50 - 2020-03-14 18:50 - 000002008 _____ C:\Users\GAMEPC\Desktop\FiveM.lnk
      ==================== One month (modified) ==================
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2020-04-13 12:56 - 2017-09-23 18:42 - 000000000 ____D C:\Program Files (x86)\Steam
      2020-04-13 12:51 - 2009-07-14 07:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2020-04-13 12:51 - 2009-07-14 07:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2020-04-13 12:49 - 2019-03-14 23:38 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Spotify
      2020-04-13 12:44 - 2017-09-09 22:09 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\discord
      2020-04-13 12:42 - 2019-03-14 23:37 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Spotify
      2020-04-13 12:42 - 2017-09-08 14:03 - 000000000 ____D C:\ProgramData\NVIDIA
      2020-04-13 12:41 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2020-04-13 03:59 - 2019-07-31 00:33 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\obs-studio
      2020-04-13 03:38 - 2019-08-14 02:36 - 000000390 _____ C:\Windows\Tasks\update-sys.job
      2020-04-13 02:45 - 2019-08-14 02:36 - 000000390 _____ C:\Windows\Tasks\update-S-1-5-21-2297230751-1021565052-1431566534-1000.job
      2020-04-12 03:45 - 2019-12-26 03:14 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Origin
      2020-04-12 03:12 - 2019-02-11 22:09 - 000000000 ____D C:\ProgramData\Origin
      2020-04-12 03:11 - 2019-12-26 03:16 - 000000000 ____D C:\Program Files (x86)\Origin
      2020-04-12 03:11 - 2019-12-26 03:14 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Origin
      2020-04-11 17:11 - 2017-09-10 01:33 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\qBittorrent
      2020-04-08 00:03 - 2018-11-16 15:10 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2020-04-08 00:03 - 2018-11-16 15:10 - 000002181 _____ C:\ProgramData\Desktop\Google Chrome.lnk
      2020-04-08 00:03 - 2017-09-08 13:35 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2020-04-06 03:47 - 2017-09-19 23:12 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\TS3Client
      2020-04-03 11:39 - 2018-01-11 17:53 - 000640612 _____ C:\Windows\system32\perfh002.dat
      2020-04-03 11:39 - 2018-01-11 17:53 - 000114470 _____ C:\Windows\system32\perfc002.dat
      2020-04-03 11:39 - 2009-07-14 08:13 - 001498588 _____ C:\Windows\system32\PerfStringBackup.INI
      2020-04-03 11:39 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
      2020-03-31 00:08 - 2009-07-14 08:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2020-03-30 20:00 - 2019-08-08 04:08 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\NVIDIA
      2020-03-28 04:27 - 2017-09-08 15:54 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\CrashDumps
      2020-03-24 19:05 - 2019-10-04 14:40 - 000002382 _____ C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamLabels.lnk
      2020-03-24 19:02 - 2019-07-31 03:15 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\slobs-client
      2020-03-24 19:01 - 2019-07-31 03:14 - 000000000 ____D C:\Program Files\Streamlabs OBS
      2020-03-21 16:32 - 2018-11-03 19:10 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\DigitalEntitlements
      2020-03-21 02:54 - 2017-09-08 13:35 - 000003434 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
      2020-03-21 02:54 - 2017-09-08 13:35 - 000003306 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
      2020-03-20 21:19 - 2017-09-18 19:14 - 000000000 ____D C:\ProgramData\McAfee
      2020-03-20 17:01 - 2017-12-06 19:25 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\ViberPC
      2020-03-19 14:12 - 2018-07-27 18:56 - 000466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
      2020-03-19 14:12 - 2018-07-27 18:56 - 000444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
      2020-03-19 14:12 - 2018-07-27 18:56 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
      2020-03-19 14:12 - 2018-07-27 18:56 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
      2020-03-19 03:22 - 2018-10-18 17:36 - 000000979 _____ C:\Users\Public\Desktop\PotPlayer 64 bit.lnk
      2020-03-19 03:22 - 2018-10-18 17:36 - 000000979 _____ C:\ProgramData\Desktop\PotPlayer 64 bit.lnk
      2020-03-16 16:07 - 2020-03-11 03:56 - 034369720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
      2020-03-16 16:07 - 2017-09-08 14:02 - 004813752 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
      2020-03-16 13:09 - 2017-09-08 14:02 - 000502672 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
      2020-03-16 13:08 - 2020-03-11 03:56 - 000469904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
      2020-03-14 01:34 - 2017-09-08 13:21 - 000052925 _____ C:\Windows\system32\nvinfo.pb
      2020-03-14 00:04 - 2017-09-08 14:03 - 005580272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 002631480 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 001759032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 000660792 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 000447464 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 000121328 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 000074552 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
      ==================== Files in the root of some directories ========
      2020-02-19 00:22 - 2020-02-19 00:22 - 000000733 _____ () C:\Users\GAMEPC\AppData\Local\recently-used.xbel
      2018-12-17 21:42 - 2018-12-23 19:48 - 000007597 _____ () C:\Users\GAMEPC\AppData\Local\Resmon.ResmonCfg
      2019-08-14 02:36 - 2019-08-14 02:36 - 000000003 _____ () C:\Users\GAMEPC\AppData\Local\updater.log
      2019-08-14 02:36 - 2019-08-14 02:36 - 000000424 _____ () C:\Users\GAMEPC\AppData\Local\UserProducts.xml
      ==================== SigCheck ============================
      (There is no automatic fix for files that do not pass verification.)

      LastRegBack: 2020-04-07 04:13
      ==================== End of FRST.txt ========================
    • от stefanbkanev
      Здравейте, лаптопа ми е нов и със сравнително прилични характеристики, но от няколко дена като го включа и прегрява... Натоварва се изключително много, а нямам включено почти нищо (единствено браузър, скайп и още 1-2 неща дето не би трябвало да натоварват много)...  Най-вероятно съм пипнал някой вирус, ще съм благодарен, ако ми помогнете

      Addition.txt FRST.txt
    • от scorpa
      Добър ден , получих имейл от хакерчето в заглавието в абв пощата ми като в този имейл се указва как е щял да разпространи мои клипове(които не съществуват) и имал достъп до лаптопа ми като упоменава камерата и микрофон. Условието за да приключи всичко това е да направя паричен превод  от 1100 лв в негова  сметка ,която е същата  и в доста други сайтове  . Доколкото четох в  интернет това е scam , но възможността за троянски кон в системата е била голяма.  Изчетох  някои теми и доколкото разбрах за някои системи се действа индивидуално и затова ви моля за помощ  и съдействие.  Благодаря за отделеното внимание ,  ПАЗЕТЕ СЕ !!
    • от The_Nomad
      Преди няколко седмици писах с проблем при ъпдейтването на Касперски фрий. Беше зациклил на 100%. Деинсталирах и инсталирах отново - 20версия. В момента пак е зациклил от седмица на 100% и не иска да ъпдейтва. Подозирам вече някоя буба, защото при всеки старт на Уиндоус Касперски намира зловреден файл - този от снимката
      ПП Подчертавам, че ЪПДЕЙТИТЕ НА УИНДОУС съм си ги спрял аз нарочно. Ползвам и WFC Binisoft
       

      Addition.txt FRST.txt
  • Дарение

×
×
  • Добави ново...