Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

kook

Адуер http://un-stop.com/wpad.dat

Препоръчан отговор


преди 3 минути, B-boy/StyLe/ написа:

Да, имаше една грешка в скрипта. Пробвайте с този => http://dox.bg/files/dw?a=e28758ad0a

Прикачете файла => export.reg, който трябва да се е създал на десктопа.

Същата работа и с този бат файл.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Този път май проработи, да. Проблемът за жалост още си е налице.

export.reg

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Интересно...

Изпълнете първо 1.reg с десен бутон Merge => 1.reg

След това 2.bat с десен бутон => run as administrator => 2.bat

След това рестартирайте системата и направете нова проверка с FRST Като сложите отметка пред Addition.txt преди да натиснете бутона SCAN.

Прикачете FRST.txt и Addition.txt в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Прикачвам логовете.

FRST.txt

Addition.txt

След като стартирах 1.reg проблемът като че ли вече се оправи. Антивирусната не ме известява, а също и проверих в regedit.. ключът който правеше проблема вече перманентно го няма (преди се възобновяваше).


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Понеже мислех, че имаме още работа и указания за премахване на комбофикс и другите програми, затова не бързах да изказажа благодарности за помощта. И понеже ми е интересно и се чудя как и от къде го бях прихванал този адуер, бих желал, ако е възможно разбира се, да ми обясниш и защо толкова трудно го премахнахме.
Малуърбайтс (изключителна програма, на която се доверявам от години) откриваше адуера, но не успяваше трайно да го премахне..

Благодаря най-искрено за оказаната помощ ! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да, логовете са чисти вече. Можете да изтриете следните ключове от регистрите на Google, защото заради тях в момента FRST дори мисли, че имате инсталиран Google Chrome:

Цитат

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-878371416-534066379-273716249-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-878371416-534066379-273716249-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx

Ключовете, които трябва да изтриете са следните: В търсачката на Windows въведете CMD.exe => кликнете с десен бутон върху файла CMD.exe и изберете Run as administrator.

С десен бутон Copy копирайте долните редове един по един и с десен бутон Paste ги поставете в CMD. Натиснете Enter след всяка една команда.


reg delete "HKEY_CURRENT_USER\SOFTWARE\Google" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Google" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google" /f

Ако използвате следната програма си я преинсталирайте, защото бе затрита от Combofix по погрешка => InViewer

Можем да я върнем и със скрипт разбира се: (но е по-лесно да я преинсталирате, защото Combofix премахна и информацията за нея от Add/Remove Programs - скрипта е по-скоро информативен, но вие решете, кой е по-добрия метод за вас):

Отворете Notepad.exe и се уверете, че пред Format => няма отметка пред Word Wrap (ако има я махнете).

Публикувано изображение

С copy/paste въведете следната информация:

Цитат

DeQuarantine::
C:\Qoobox\Quarantine\C\program files (x86)\InViewer
Quit::

Запазете файла с име CFScript.txt и го провлачете и пуснете в Combofix (както на картинката отдолу):

Публикувано изображение

Публикувайте лог файл в следващия си пост.

Колкото до гадината...тя просто използва една тънкост като променя настройките на ключа

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

и на други места и прави доста трудно премахването на Proxy адреса в браузъра. Само че при вас имаше доста промени и трябваше да впрегна всичките си познания към момента за да ги отстраня. Доста добри съвети има тук, но съвсем не са всичките разбира => http://answers.microsoft.com/en-us/ie/forum/ie11-iewindows8_1/lan-connection-settings-keep-changing-back-to/76a0f5d2-167f-41fa-bf40-1461b8c01642?auth=1

Смешното е, че аз премахнах с 1.reg именно настройки добавени явно от настройките на доставчика:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"skat"=-
"s"=-

Skat са точно на доставчика ви:

Country bg.png Bulgaria
Region Turgovishte
City Omurtag
Latitude 43.1
Longitude 26.41667
ZIP Code 7900
Time Zone UTC +03:00
ISP IP networks for SKAT-Omurtag
Domain neterra.net
Net Speed DSL
Usage Type Fixed Line ISP
IDD Code 359
Area Code 060
Elevation 559 meters
Weather Sliven (BUXX0017)
Weather Condition View Weather

Аз лично бих променил и DNS настройките с тези на Google

8.8.8.8

8.8.4.4

Вместо да използвам тези на доставчика:

DNS Servers: 87.120.67.1

K1zEE2t.jpg

Кликнете с десен бутон върху иконата на мрежовия адаптер в системния трей => Open network and sharing center => change adapter settings (линка вляво) => десен бутон върху мрежовия адаптер => properties => плъзнете плъзгача до Internet protocol version 4 (TCP/IPv4) =>   Properties и ще ги видите.

Ето малко финални препоръки: (Не е задължително да ги прилагате всичките, а само тези, които сметнете за необходими. Направете обаче една нова точка за възстановяване докато всичко работи преди да започнете да прилагате съветите):

http://windows.microsoft.com/bg-bg/windows7/create-a-restore-point

1. За да почистим използваните от нас инструменти направете следното:

Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools и Purge system restore (трябва да има такава по-подразбиране, но все пак да си кажа) => натиснете бутона Run. Инструмента ще се самоизтрие след като приключи своята задача!

Ако има папки, които не са се изтрили след гореспоменатите процедури пишете и ще ги премахнем ръчно.

2. Проверете за стари приложения с помощта на PatchMyPC или с програмата Secunia Personal Software Inspector.

3. Инсталирайте Unchecky за да се предпазите от адуер по време на инсталацията на даден софтуер.

4. За защита от криптовирусите, освен обновяване на ОС и антивирусната програма е добре да имунизирате системата си с CryptoPrevent и профила Maximum Protection: (Не използвайте последната опция, защото още е бъгава и не работи коректно).

mtBkCIZ.jpg

Ако имате проблеми с инсталацията на програми след използването на CryptoPrevent вижте следните съвети както и тези.

Не забравяйте да изключите и Autorun в Windows, защото криптовирусите могат да се настанят и на външните дискове и флашки и да заразят информацията на тези носители при свързването им с инфектирана система и след това да заразят и други системи при свързването на външните дискове към други компютри (и така да го предадете и на тях). Microsoft са създали автоматичен инструмент за целта => MSFixIt. Добре е също така след като вкарате външния диск дори и при спрян Autorun просто да сканирате буквата на устройството с обновена антивирусна програма преди да започнете да прехвърляте данни от и към външния диск.

Има и други програми, но са главно за напреднали потребители и няма да се спирам много задълбочено на тях, защото са сравнително по-сложни за употреба на средностатистическите потребители.. Затова ще ги пропусна. Добре е да не се спира System RestoreFile History в Windows 8), да не се спира UAC - User Account Control (даже да се направи на максималното ниво на защита), да не се спира SmartScreen (наличен само в Windows 8), да се внимава с прикачените файлове към електронната поща. Добра идея е и да забраните скриптовете, ако не използвате такива с помощта на инструмента - Noscript.exe. Стартирайте го и изберете Disable. Ако ви потрябва да стартирате някога (js или vbs файлове, просто стартирайте инструмента и го направете на Enable). Добре е да се внимава и с PDF файловете (повечето програми позволяват да се изключи java script в PDF четците, да се забрани на PDF файловете да стартират външни програми и да комуникират с интернет и прочие), да се внимава с офис файловете за макрос вируси и експлоити (пак може да се затегне сигурността от настройките на офис пакетите), добре е да се внимава за файлове с двойни разширения (например ако в My Computer => Tools => Folder Options => не е премахната отметката пред "Hide extensions for known file types" ако свалите даден файл от интернет с името image.exe.jpg, вие ще го видите като image.jpg, но всъщност файла ще е image.exe и щом го стартирате това ще задейства и вируса).

5. Добра идея е да инсталирате Malwarebytes Anti-Exploit за да си осигурите спокойствие при сърфиране. Трудничко е, но просто няма как. Потребителите трябва да се научат да проявяват бдителност и хигиена при сърфиране.

6. За подобряване на производителността (ако системата ви се вижда мудна) вижте следните няколко теми:

Оптимизиране на Windows с цел по-добра производителност

Ръководство за поддръжка на Windows (XP, Vista и 7) [Revision 2.0]

Какво да направя, ако компютърът ми работи бавно

7. Проверете системата си актуални драйвери от сайтовете на производителите на компонентите ако ви се занимава (не използвайте програми за автоматично обновяване на драйверите за да си спестите главоболията после) и направете пълна проверка за гадини с наличната ви антивирусна програма за всеки случай.

8. Винаги правете бекъп на важните си документи на външни носители и за не толкова ценните неща на cloud услуги. Научете се да не инсталирате програми от съмнителни източници. Добра идея е да се научите да си създавате огледални образи на текущото работещо състояние на дяла на който се намира Операционната Система. Възстановяването на такъв образ при нужда в пъти по-лесен и бърз начин за връщане на работещото състояние на системата от преинсталация или опит за ръчно премахване на даден проблем. Такъв образ може да се създаде с външна програма като Macrium Reflect Free. Можете да видите и тази тема

Поздрави и усмихната седмица! Ще маркирам случая като решен! :bye1:

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Имайки налице ЕСЕТ и AdGuard не съм смятал никога, че някога от някъде мога да лепна адуер. Още по-малко като считам, че поддържам добра хигиена на браузване и махам всички отметки при инсталиране на програми, които идват с разни бонуси, тулбари и прочие. Още веднъж се потвърждава твърдението, че 100% защита обаче няма и никой не е застрахован. Благодаря за изчерпателния отговор, поясненията и още веднъж за помощта ! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Забравих само да спомена как се деинсталира Combofix:

Отворете Start => в полето за търсене въведете командата Combofix /Uninstall (има място между Combofix и /Uninstall) и натиснете Enter

windows-7-start-menu.jpg

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.


  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от ivan.ivanov.543
      Здрасти! Предварително се извинявам за опростеното и неграмотно обяснение, не разбирам много от компютри, надявам се да е достатъчно разбираемо.   
       
      Преди няколко дена си изтеглих един учебник в pdf формат от замунда, но беше заключен от към търсене на думи в него, копиране и принтиране, също така беше много голям (270мб) за да го кача в онлайн програмите за откючване на pdf файлове който намерих, затова реших да потърся офлайн такава, която да изтегля и без да се замисля  изтеглих  и инсталирах първата програма която намерих в гугъл (понежене в замунда не можах да намеря такава) и тя се оказа вирус. След като я инсталирах, започна автоматично да изтегля и инсталира някакви програми. 
       
      Спрях интернета, деинсталирах програмите който бяха се инсталирали (вкючително и първата програма - вируса) и пробвах да пусна windows defender, но пишеше нещо от сорта на "програмата е блокирана от групата" . Пуснах пак интернета за да потъся как в този случай да пусна дефендъра и в момента в който отворих хрома, автоматично се отвори и затвори нов раздел в браузъра и пак започнаха да се теглят и да се инсталират програми. Спрях отново интернета, деинсталирах пак програмите и от допълнителните системни настройки пуснах възстановяване на системата.
       
      След като възстановяването мина, забелязах, че повечето ми файлове завършват на .qewe. и не може да се отворят и като им сменям формата в такъв какъвто си бяха(pdf, jped или mp4) ми изписва "невалиден файл"Потърсих в ютюб "How to remove .qewe virus " цъкнах на един от туториалите с повече гледания и следвах стъпките - натиснах windows key+r, написах msconfig, влязох в boot, после цъкнах на сейфти мод с нетуърк, натиснах ок и после рестартиране, лаптопа се рестартира и влезе в безопасен режим, после влязох в C:/ не помня къде точно, последната директории бяха drivesr и ect или нещо такова и отворих един фаил с notepad, май се казваше host, изтрих последните 2 ред, май бяха някакъв Ip адрес - нз, след това влязох в хром и изтеглих malwarebytes, пуснах я, намери 118 файла, натиснах да ги сложи под карантина и след като програмата си свърши работата, натиснах пак win.key+r, msconfig и махнах тикчето от сейфти буут-а, рестартирах лаптопа и си помислих, че всичко вече ще си е нормално. Когато влизах в хром вече автоматично не се теглеха и инсталираха различни програми, но повечето файлове си останаха .qewe и win.def. не се отваряше.
       
      Потърсих пак в тубата как да оправя дефендъра, намерих туториал, следвах стъпките (win.key+r, regedit, влязох някъде и изтрих един файл) и дефендъра тръгна, пуснах го да сканира - не намери нищо. Потърсих из ютюб малко информация за .qewe - каквъ формат е и т.н, и се оказа, че е някакъв вид криптиране и че вирусът който съм инсталирал се казва ransomware и такива вируси се ползват за искане на подкуп. Подкуп никой не ми е искал, но забелязах нещо странно в фейсбук - някой ми е влязъл в фейсбука с ip адрес от щатите, въпреки, че съм с google authenticator, т.е дори да ми зане паролата, му трябва да въведе код от приложението google authenticator което е инсталирано на телефона ми. Някакви страници е правено от фбка ми, реклами са пускани за някви хранителни добавки и най-странното беше, че когато си смених паролата на фейсбука и се опитах пак да се логна в него от компа, (понеже като си я сменях цъкнах да се лог офне от всички устойства) ми влезе в някакъв съвсем различен фейсбук, без профилна снимка и с някфо странно име. Този фб е бил регнат в деня в който инсталирах вируса и беше регистриран с телефонният ми номер и беше админ на тези страници, от които са се пускали рекламите, т.е в този момен имаше 2 фейсбука с регистриран еднакъв основен телефонен номер. Изтрих страниците от този фейсбук, направих имейл в абв от сорта на [email protected] и сложих този имейл за основен, след това си изтрих телефонният номер от този фб акаунт и после изтрих и самият акаунт. След това като се опитах да се логна в фб с тел.си номер вече си влезе в моят си фб. 
       
      За сега всичко изглежда наред, но не съм сигурен дали съм махнал вируса напълно. Лаптопа си бачка както преди с изключение на това, че се включва по бавно и повечето ми файлове са .qewe. Може ли да ми помогнете да разбера дали наистина съм махнал вируса напълно и как да си възстановя файловете? 
       
    • от porata
      Добър ден след като стартирам пц-то може би 10-на минути след това ми излзиа един прозорец като "цмд" 
      Който се казва Таскенг.ехе интересно ми е дали това  не е вирус тъй като ми казаха че може да е троянец 



       
      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2020
      Ran by GAMEPC (13-04-2020 13:05:30)
      Running from C:\Users\GAMEPC\Downloads
      Windows 7 Home Premium Service Pack 1 (X64) (2017-09-08 09:32:01)
      Boot Mode: Normal
      ==========================================================

      ==================== Accounts: =============================
      Administrator (S-1-5-21-2297230751-1021565052-1431566534-500 - Administrator - Disabled)
      GAMEPC (S-1-5-21-2297230751-1021565052-1431566534-1000 - Administrator - Enabled) => C:\Users\GAMEPC
      Guest (S-1-5-21-2297230751-1021565052-1431566534-501 - Limited - Disabled)
      ==================== Security Center ========================
      (If an entry is included in the fixlist, it will be removed.)
      AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      ==================== Installed Programs ======================
      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
      Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
      Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.344 - Adobe)
      Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.344 - Adobe)
      Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
      AIDA64 Extreme v6.10 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.10 - FinalWire Ltd.)
      Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.3.3 - Electronic Arts, Inc.)
      ATI Catalyst Install Manager (HKLM\...\{DC9C8BC1-72CE-B5FE-EA4F-6D9127E51746}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
      Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
      CpuCoreParking (HKLM-x32\...\{0984C56D-2985-4786-AB62-39AB985E269C}) (Version: 2.1.2.0 - CpuCoreParking)
      DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
      Discord (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Discord) (Version: 0.0.306 - Discord Inc.)
      Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
      Euro Truck Simulator 2 Road to the Black Sea (HKLM-x32\...\Euro Truck Simulator 2 Road to the Black Sea_is1) (Version:  - )
      FiveM (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\CitizenFX_FiveM) (Version:  - The CitizenFX Collective)
      GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.14.5270 - Gretech Corporation)
      Google Chrome (HKLM\...\{DA081EB6-F64C-358C-9BB0-AF1EA8001F34}) (Version: 80.0.3987.163 - Google, Inc.)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
      Heroes of Might and Magic III HD Edition (HKLM-x32\...\SGVyb2Vzb2ZNaWdodGFuZE1hZ2ljSUlJSERFZGl0aW9u_is1) (Version: 1 - )
      Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version:  - )
      House Flipper Garden (HKLM-x32\...\House Flipper Garden_is1) (Version:  - )
      Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
      Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
      Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32\...\{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 - Microsoft Corporation)
      Kinect for Windows Speech Recognition Language Pack (en-CA) (HKLM-x32\...\{9C5505DA-F9C1-46CB-9F8F-AC38F8EA518A}) (Version: 11.0.7400.336 - Microsoft Corporation)
      Kinect for Windows Speech Recognition Language Pack (en-GB) (HKLM-x32\...\{A0186231-0A8B-455A-8A25-B64AABCC11A6}) (Version: 11.0.7400.336 - Microsoft Corporation)
      Kinect for Windows Speech Recognition Language Pack (en-US) (HKLM-x32\...\{8AAA44BB-487E-4D01-AF76-484ACB90DBFE}) (Version: 11.0.7400.336 - Microsoft Corporation)
      Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
      Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains)
      Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
      Microsoft Office Language Pack 2010 - Bulgarian/български (HKLM-x32\...\Office14.OMUI.bg-bg) (Version: 14.0.4763.1021 - Microsoft Corporation)
      Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
      Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
      Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
      Mozilla Firefox 67.0 (x64 bg) (HKLM\...\Mozilla Firefox 67.0 (x64 bg)) (Version: 67.0 - Mozilla)
      Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
      NVIDIA Graphics Driver 442.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 442.74 - NVIDIA Corporation)
      NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
      NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
      OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.2.1 - OBS Project)
      OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
      Origin (HKLM-x32\...\Origin) (Version: 10.5.67.39484 - Electronic Arts, Inc.)
      PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 200317 - Kakao Corp.)
      PotPlayer-64 bit (HKLM-x32\...\PotPlayer64) (Version: 1.7.8556 - Kakao Corp.)
      qBittorrent 4.2.1 (HKLM-x32\...\qBittorrent) (Version: 4.2.1 - The qBittorrent project)
      Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.18.217 - Rockstar Games)
      Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.4.8 - Rockstar Games)
      Shutdown8 (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Shutdown8) (Version: 1.08 - Bandisoft.com)
      Spotify (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Spotify) (Version: 1.1.30.658.gf13cde74 - Spotify AB)
      StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
      Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
      StreamLabels 0.3.1 (only current user) (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\8000d50a-fcb7-5b38-8a3b-a02a0ec79daa) (Version: 0.3.1 - Streamlabs)
      StreamLabels 0.3.8 (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\{8000d50a-fcb7-5b38-8a3b-a02a0ec79daa}) (Version: 0.3.8 - Streamlabs)
      Streamlabs OBS 0.16.3 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 0.16.3 - General Workings, Inc.)
      swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
      TeamSpeak 3 Client (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
      TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
      Uplay (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft)
      VALORANT (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
      Viber (HKLM-x32\...\{0B3F5AEE-47B2-4A5F-8D02-289B7E0828E6}) (Version: 11.9.1.3 - Viber Media S.a.r.l) Hidden
      Viber (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\{8b6836ad-bf1d-4591-9f20-735338e295ea}) (Version: 11.9.1.3 - Viber Media S.a.r.l)
      Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
      WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
      WinRAR 5.50 (64-битова версия) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
      ==================== Custom CLSID (Whitelisted): ==============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\ChromeHTML: ->  <==== ATTENTION
      ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
      ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
      ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
      ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2020-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
      ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
      ==================== Codecs (Whitelisted) ====================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\system32\prodad-codec.dll [607256 2019-10-15] (proDAD GmbH -> proDAD GmbH)
      HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\SysWOW64\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
      HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\SysWOW64\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
      HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\SysWOW64\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
      HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
      HKLM\...\Drivers32: [msacm.lame] => C:\Windows\SysWOW64\lame.ax [245760 2005-08-01] () [File not signed]
      HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
      HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
      HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
      HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
      HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [139264 2004-07-03] () [File not signed]
      HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
      HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
      HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
      HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
      HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
      ==================== Shortcuts & WMI ========================
      (The entries could be listed to be restored or removed.)
      Shortcut: C:\Users\GAMEPC\Desktop\OSC - Пряк път.lnk -> C:\Users\GAMEPC\Desktop\moi neshta\OSC 1.9\OSC.exe (Frawzy) <==== Cyrillic
      ShortcutWithArgument: C:\Users\GAMEPC\Desktop\moi neshta\Tinder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hejiihbkifllpgdfndalmghiodgkefan
      ShortcutWithArgument: C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения в Chrome\Tinder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hejiihbkifllpgdfndalmghiodgkefan
      ShortcutWithArgument: C:\Users\GAMEPC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
      ==================== Loaded Modules (Whitelisted) =============
      2017-09-08 12:27 - 2017-09-08 12:27 - 002651136 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wuaueng2.dll
      ==================== Alternate Data Streams (Whitelisted) ========
      (If an entry is included in the fixlist, only the ADS will be removed.)
      AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
      AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
      AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
      AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [474]
      ==================== Safe Mode (Whitelisted) ==================
      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      ==================== Association (Whitelisted) =================
      ==================== Internet Explorer trusted/restricted ==========
      ==================== Hosts content: =========================
      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
      2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
      ==================== Other Areas ===========================
      (Currently there is no automatic fix for this section.)
      HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.0.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.
      ==================== MSCONFIG/TASK MANAGER disabled items ==
      (If an entry is included in the fixlist, it will be removed.)
      MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
      MSCONFIG\startupreg: EpicGamesLauncher => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
      MSCONFIG\startupreg: FACEIT => "C:\Users\GAMEPC\AppData\Local\FACEITApp\update.exe" --processStart "FACEIT.exe"
      MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
      MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
      MSCONFIG\startupreg: Spotify => C:\Users\GAMEPC\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
      MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      MSCONFIG\startupreg: Viber => "C:\Users\GAMEPC\AppData\Local\Viber\Viber.exe" StartMinimized
      ==================== FirewallRules (Whitelisted) ================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      FirewallRules: [{11074DEE-7B8C-4DC2-AE4C-93DF0A309913}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
      FirewallRules: [{D19357FE-92D5-4C15-865D-6BA1144E3141}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
      FirewallRules: [{21EB0059-8DA7-4F26-8EBC-947F0C4E2AAA}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
      FirewallRules: [{F8BB1871-4D02-4C5E-A222-4D557710B3E1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
      FirewallRules: [{1EE7FB5D-9E25-4DA9-ACB5-D608ECDBB452}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe No File
      FirewallRules: [{84ACAD4A-CAC3-405E-BED8-CCE7B6F558B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe No File
      FirewallRules: [{5C9FEA0E-0037-4228-8A5E-308AD75AC1DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe No File
      FirewallRules: [{FD05E114-41E1-4EC3-B5A2-BBA593EE39E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe No File
      FirewallRules: [{831352BE-7396-43E6-9657-9ED9D8BAB30D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
      FirewallRules: [{AB5ACC3F-22CB-469F-9EB3-8D69417E7CD5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
      FirewallRules: [{43ADA9C0-2E56-45D1-B73D-9C89040C463D}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
      FirewallRules: [{06129773-C563-4DFF-8D34-BEA82843A4F0}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
      FirewallRules: [TCP Query User{0D1FADB8-FCE1-4E0E-B19A-D5490965A994}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
      FirewallRules: [UDP Query User{F6FECCC1-1C2E-45A5-B7AC-EAF4B88229DF}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
      FirewallRules: [TCP Query User{DEFA441A-0140-4630-9B49-0F0DB88705EC}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
      FirewallRules: [UDP Query User{2F3AD7BE-C36D-4E24-BFFA-EED5BE5D11F4}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
      FirewallRules: [{B5E37EE1-9BE1-4B57-9AD5-EEF981D7F031}] => (Allow) D:\SteamLibrary\steamapps\common\TheLongDark\tld.exe () [File not signed]
      FirewallRules: [{DC6EA5CC-0B14-4DA5-BA55-E772E5860678}] => (Allow) D:\SteamLibrary\steamapps\common\TheLongDark\tld.exe () [File not signed]
      FirewallRules: [{FF76D716-DBA6-437A-A34F-847AF6AB88AD}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
      FirewallRules: [{13A0D233-1007-4376-A4B4-1DA27C101ECB}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
      FirewallRules: [TCP Query User{86D55748-40A6-4288-AEF7-2C0B25BDF778}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
      FirewallRules: [UDP Query User{D8AE6DDF-C0F2-475C-AB9C-B84C11DDC8AB}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
      FirewallRules: [TCP Query User{695C8135-FF2C-4E94-9566-E526643684CA}C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe
      FirewallRules: [UDP Query User{3091889E-265D-4648-88DF-CEE54431325D}C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe
      FirewallRules: [{DB2F74E8-C7EB-44B3-81D7-12B84175E2EA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
      FirewallRules: [{E44676E1-030C-4238-B65F-434792B61DE5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
      FirewallRules: [TCP Query User{0E86F5BD-F2B3-4EF9-8B0C-48823DA809CB}D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe No File
      FirewallRules: [UDP Query User{0C5E839A-52EC-40D4-969E-24F12ED8D2D0}D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe No File
      FirewallRules: [TCP Query User{8796E73D-79C0-4D0B-AF34-FB3AF9BCC9BA}D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe No File
      FirewallRules: [UDP Query User{EFB29360-AB3A-4A44-9CB4-EF91CEBDB39C}D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe No File
      FirewallRules: [TCP Query User{91266298-136D-4BB3-8C13-A850A76C9BF1}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [UDP Query User{E3EAEE44-6095-4A5E-BE2F-F3E3F8349E0A}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [{2D541380-97BF-4291-BDBE-2F2228CAEA60}] => (Allow) D:\SteamLibrary\steamapps\common\EasyAntiCheat\EasyAntiCheat.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
      FirewallRules: [{127D37C8-619F-462E-BE1A-E32131065FF4}] => (Allow) D:\SteamLibrary\steamapps\common\EasyAntiCheat\EasyAntiCheat.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
      FirewallRules: [TCP Query User{3DE0592A-8D12-447D-939D-BCA439AFF137}C:\users\gamepc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gamepc\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
      FirewallRules: [UDP Query User{33216198-C2C2-482B-9DC9-2D0D13DBB4FA}C:\users\gamepc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gamepc\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
      FirewallRules: [TCP Query User{270B0322-3799-457B-960A-455318931953}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
      FirewallRules: [UDP Query User{A13AA196-1978-4C67-902B-2460B54A5BBF}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
      FirewallRules: [{59D96386-6E3E-4356-8348-CF3CFA65A81B}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
      FirewallRules: [{FFA55DD9-7016-4EC4-A808-1A467A45E95C}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
      FirewallRules: [TCP Query User{DC649560-4400-4885-84A1-B96EE04BD03C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
      FirewallRules: [UDP Query User{962C91EA-9380-4D1D-8A2F-E951089E3F37}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
      FirewallRules: [TCP Query User{DA0687C4-1D0D-4E01-B34C-68E8FF09FF9F}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
      FirewallRules: [UDP Query User{0C271F5D-81B6-4DA7-A0B8-50362178C932}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
      FirewallRules: [TCP Query User{5EFBA878-9A61-49AC-9416-CAFD7167CF8E}D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe No File
      FirewallRules: [UDP Query User{C837A044-1793-46A0-A9B2-FFC280606631}D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe No File
      FirewallRules: [TCP Query User{6C87ADBA-41D8-49FB-A494-F0A177B7F2E5}D:\12323\icarus\appdata\bin64\launcher.exe] => (Allow) D:\12323\icarus\appdata\bin64\launcher.exe No File
      FirewallRules: [UDP Query User{D3766998-33A3-4AAC-836F-4BC92BA34D50}D:\12323\icarus\appdata\bin64\launcher.exe] => (Allow) D:\12323\icarus\appdata\bin64\launcher.exe No File
      FirewallRules: [TCP Query User{5540B6FC-35DB-4545-AF53-B4FE05B85DD6}D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe] => (Allow) D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe No File
      FirewallRules: [UDP Query User{ED42665E-2CA2-4092-A15B-69F686B8F831}D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe] => (Allow) D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe No File
      FirewallRules: [{A6CE7A48-587B-440C-A6B7-9B3AB8F758E0}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [{CD3B56C1-242C-4706-81ED-FF29362608F3}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [TCP Query User{9A6D9654-27A6-4122-9C9C-4D7727258BAA}C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (cfx-collective) [File not signed]
      FirewallRules: [UDP Query User{E49D6701-B325-4215-8711-030A5EC46C9B}C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (cfx-collective) [File not signed]
      FirewallRules: [{279065A7-F5E9-4060-BA27-39476EE213D2}] => (Allow) C:\Users\GAMEPC\Downloads\bin\BlackDesert32.exe No File
      FirewallRules: [{B218AD4A-5B74-40DE-AB02-A3681FCE9C1C}] => (Allow) C:\Users\GAMEPC\Downloads\bin64\BlackDesert64.exe No File
      FirewallRules: [{10F99049-3DA4-4E89-A086-C023E8CD82B2}] => (Allow) C:\Users\GAMEPC\Downloads\BlackDesert_Launcher.exe No File
      FirewallRules: [{3FD78764-41FE-4680-9342-001EA21ECF27}] => (Allow) C:\Users\GAMEPC\Downloads\BlackDesert_Downloader.exe No File
      FirewallRules: [{CD2DAD40-C60E-41F0-ABBF-63FED12CD684}] => (Allow) D:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe No File
      FirewallRules: [{9BAD4B07-A517-4574-ABA6-922FE4DA36F4}] => (Allow) D:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe No File
      FirewallRules: [TCP Query User{757DFE1C-9664-41C4-B600-E39F75F3E007}D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
      FirewallRules: [UDP Query User{00AC97A7-683C-4F74-9AF6-EBFD84CB000D}D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
      FirewallRules: [TCP Query User{391AE70C-4E68-4DE8-A05A-D56058FAEBFA}D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
      FirewallRules: [UDP Query User{61C858A3-948F-407A-A7BF-2712693C1649}D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
      FirewallRules: [TCP Query User{CBB94106-0926-4293-AA94-864143E7ACDC}D:\city\city car driving\bin\win32\starter.exe] => (Allow) D:\city\city car driving\bin\win32\starter.exe No File
      FirewallRules: [UDP Query User{1602653C-F8D6-481F-B4DE-483B83E4A081}D:\city\city car driving\bin\win32\starter.exe] => (Allow) D:\city\city car driving\bin\win32\starter.exe No File
      FirewallRules: [{D70481FE-EDB4-4F66-A879-015B84C54F1C}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation )
      FirewallRules: [{0255AAE2-A93D-49F6-84EA-91CF71112821}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation )
      FirewallRules: [{3EEC0786-9E2E-4EAC-9CB1-97F68AE8DBDA}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForever.exe () [File not signed]
      FirewallRules: [{F07A3467-6DA2-4A61-BFA9-75DFE2760BAA}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForever.exe () [File not signed]
      FirewallRules: [{7BCD6AF7-E264-49EC-B3DF-0B903C656894}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe () [File not signed]
      FirewallRules: [{9796C8A1-0246-4D08-94F7-97B3A81204AF}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe () [File not signed]
      FirewallRules: [TCP Query User{4194E6A1-B90A-4C01-AAC1-A150648BD511}D:\1.6\hl.exe] => (Allow) D:\1.6\hl.exe No File
      FirewallRules: [UDP Query User{39B944DB-8264-4416-BBBA-052EEC50F7FC}D:\1.6\hl.exe] => (Allow) D:\1.6\hl.exe No File
      FirewallRules: [TCP Query User{857D0C4A-0661-4E7D-B23A-735FF8ADABA1}D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe No File
      FirewallRules: [UDP Query User{29AE9F40-6F4A-4698-8241-A75FE2382548}D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe No File
      FirewallRules: [TCP Query User{92B59CE8-E0C7-43A9-9D55-2AEDA2AA9FA5}D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
      FirewallRules: [UDP Query User{8AEEF23D-67B8-4B6C-9DA0-D61F44EFC129}D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
      FirewallRules: [{A383D054-F8C2-45B5-A517-E63819807BB6}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [{FD87341A-3B7F-44E8-B09F-ADFBDF1B247D}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [{2C2C2027-2BB8-4A51-9A9C-ED9A4BBCB358}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe No File
      FirewallRules: [{9B1767CE-81DE-4826-8906-9DEFCC351FAB}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe No File
      FirewallRules: [{E2FEE995-77A6-4556-A200-30CB17D4ABA6}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe No File
      FirewallRules: [{DFB2A3C2-EA05-4944-B38A-7A85B48E8A1F}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe No File
      FirewallRules: [TCP Query User{5A72CD9B-BF9D-4B23-A72B-26D40F24F859}D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
      FirewallRules: [UDP Query User{8312C3A6-76BE-4C56-A5A6-DE950D9F08F1}D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
      FirewallRules: [TCP Query User{F64B2B06-1EDF-4393-8640-332BC5898996}D:\apex\apex\r5apex.exe] => (Allow) D:\apex\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
      FirewallRules: [UDP Query User{E2BBA317-E554-46F4-9705-DB7E4991BF19}D:\apex\apex\r5apex.exe] => (Allow) D:\apex\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
      FirewallRules: [TCP Query User{06645CA2-731E-4100-8BFC-CF2887EC9BD4}C:\users\gamepc\appdata\local\fivem\fivem.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.exe (cfx-collective) [File not signed]
      FirewallRules: [UDP Query User{68EFF667-1BA0-46F4-B7E4-B8AC10475E9D}C:\users\gamepc\appdata\local\fivem\fivem.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.exe (cfx-collective) [File not signed]
      FirewallRules: [{B94666B2-3213-45DC-9A55-A01D147CA93D}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
      FirewallRules: [{35AD171F-75C6-469B-A634-4E9ABEFB99C0}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
      FirewallRules: [TCP Query User{8333A1F9-D09D-4985-B9CD-10A78C408300}C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe (Innovative Digital Technologies -> )
      FirewallRules: [UDP Query User{D9E8A289-BA55-45AE-A241-45085DACBF2D}C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe (Innovative Digital Technologies -> )
      FirewallRules: [{F60269A0-9AA8-46D8-98B9-0A888500723C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
      FirewallRules: [{C584D871-7182-4224-96CC-26C664539C6B}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
      FirewallRules: [TCP Query User{0E05C3B9-C433-4C3A-8C01-FF69520BF241}C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe] => (Allow) C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe No File
      FirewallRules: [UDP Query User{76E5872D-7EB0-40F2-9AD9-61CD16A593A8}C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe] => (Allow) C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe No File
      FirewallRules: [TCP Query User{20420812-2158-4116-BD8E-FE273007CA43}C:\users\gamepc\downloads\fivem.exe] => (Allow) C:\users\gamepc\downloads\fivem.exe (cfx-collective) [File not signed]
      FirewallRules: [UDP Query User{1C53FDAE-2CE7-44AD-8F95-828A28E4D6B1}C:\users\gamepc\downloads\fivem.exe] => (Allow) C:\users\gamepc\downloads\fivem.exe (cfx-collective) [File not signed]
      FirewallRules: [TCP Query User{0DE874C5-C399-4C71-A2FB-7D012892D73B}C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe No File
      FirewallRules: [UDP Query User{201BA7D9-6E59-4592-89FE-45240B104987}C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe No File
      FirewallRules: [TCP Query User{42114D4D-52E5-4B29-A4B1-5EA3A87CE648}D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe No File
      FirewallRules: [UDP Query User{ADC3D6A5-74A9-43BE-9C8E-0EA092058F7B}D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe No File
      FirewallRules: [{5C7D63B1-F70B-4ED6-A325-B196C2FEBB19}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
      FirewallRules: [{0ECBF459-D321-4FFE-A103-D92F19E70819}] => (Allow) D:\apex\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
      FirewallRules: [{41EE669E-05F2-472E-BD87-338219AB5C30}] => (Allow) D:\apex\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
      ==================== Restore Points =========================
      07-04-2020 04:20:29 Планирана контролна точка
      08-04-2020 21:01:42 Installed DirectX
      08-04-2020 21:03:15 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
      12-04-2020 03:12:38 Installed DirectX
      12-04-2020 03:14:16 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
      ==================== Faulty Device Manager Devices ============
      Name: Realtek RTL8139/810x Family Fast Ethernet NIC
      Description: Realtek RTL8139/810x Family Fast Ethernet NIC
      Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
      Manufacturer: Realtek Semiconductor Corp.
      Service: RTL8023x64
      Problem: : This device is disabled. (Code 22)
      Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

      ==================== Event log errors: ========================
      Application errors:
      ==================
      Error: (04/13/2020 12:43:23 PM) (Source: SetupARService) (EventID: 0) (User: )
      Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
         at SetupAfterRebootService.SetupARService.OnStart(String[] args)
         at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
      Error: (04/13/2020 12:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Име на приложение с грешки: FreemakeUtilsService.exe, версия: 1.0.0.0, времево клеймо: 0x5e454538
      Име на модул с грешки: KERNELBASE.dll, версия: 6.1.7601.24408, времево клеймо: 0x5c92f101
      Код на изключение: 0xe0434352
      Отместване на грешка: 0x0000c5af
      ИД на процес на грешка: 0x5a4
      Начален час на приложението с грешки: 0x01d61177bc69c281
      Път на приложението с грешки: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
      Път на модула с грешки: C:\Windows\syswow64\KERNELBASE.dll
      ИД на доклад: 078618cf-7d6b-11ea-a16d-94de809321cd
      Error: (04/13/2020 12:41:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
      Description: Application: FreemakeUtilsService.exe
      Framework Version: v4.0.30319
      Description: The process was terminated due to an unhandled exception.
      Exception Info: System.IO.FileNotFoundException
         at FreemakeUtilsService.Program.Main(System.String[])
      Error: (04/12/2020 01:52:27 PM) (Source: SetupARService) (EventID: 0) (User: )
      Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
         at SetupAfterRebootService.SetupARService.OnStart(String[] args)
         at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
      Error: (04/12/2020 01:51:13 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Име на приложение с грешки: FreemakeUtilsService.exe, версия: 1.0.0.0, времево клеймо: 0x5e454538
      Име на модул с грешки: KERNELBASE.dll, версия: 6.1.7601.24408, времево клеймо: 0x5c92f101
      Код на изключение: 0xe0434352
      Отместване на грешка: 0x0000c5af
      ИД на процес на грешка: 0x5a0
      Начален час на приложението с грешки: 0x01d610b83a55eadf
      Път на приложението с грешки: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
      Път на модула с грешки: C:\Windows\syswow64\KERNELBASE.dll
      ИД на доклад: 8671c75e-7cab-11ea-97de-94de809321cd
      Error: (04/12/2020 01:50:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
      Description: Application: FreemakeUtilsService.exe
      Framework Version: v4.0.30319
      Description: The process was terminated due to an unhandled exception.
      Exception Info: System.IO.FileNotFoundException
         at FreemakeUtilsService.Program.Main(System.String[])
      Error: (04/09/2020 09:03:40 AM) (Source: SetupARService) (EventID: 0) (User: )
      Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
         at SetupAfterRebootService.SetupARService.OnStart(String[] args)
         at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
      Error: (04/09/2020 09:02:22 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Име на приложение с грешки: FreemakeUtilsService.exe, версия: 1.0.0.0, времево клеймо: 0x5e454538
      Име на модул с грешки: KERNELBASE.dll, версия: 6.1.7601.24408, времево клеймо: 0x5c92f101
      Код на изключение: 0xe0434352
      Отместване на грешка: 0x0000c5af
      ИД на процес на грешка: 0x5ac
      Начален час на приложението с грешки: 0x01d60e346165c638
      Път на приложението с грешки: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
      Път на модула с грешки: C:\Windows\syswow64\KERNELBASE.dll
      ИД на доклад: ad3e8ed0-7a27-11ea-99ea-94de809321cd

      System errors:
      =============
      Error: (04/13/2020 12:43:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
      Description: Неуспешно зареждане на следния драйвер, който се активира с включване на компютъра или стартиране на системата: 
      cdrom
      Error: (04/13/2020 12:42:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: Услуга Origin Web Helper Service не може да бъде стартирана поради следната грешка: 
      Услугата не отговори навреме на искане за стартиране или управление.
      Error: (04/13/2020 12:42:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Origin Web Helper Service да се свърже.
      Error: (04/13/2020 12:42:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: Услуга Freemake Improver не може да бъде стартирана поради следната грешка: 
      Услугата не отговори навреме на искане за стартиране или управление.
      Error: (04/13/2020 12:42:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Freemake Improver да се свърже.
      Error: (04/12/2020 01:52:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
      Description: Неуспешно зареждане на следния драйвер, който се активира с включване на компютъра или стартиране на системата: 
      cdrom
      Error: (04/12/2020 01:51:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: Услуга Origin Web Helper Service не може да бъде стартирана поради следната грешка: 
      Услугата не отговори навреме на искане за стартиране или управление.
      Error: (04/12/2020 01:51:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Origin Web Helper Service да се свърже.

      CodeIntegrity:
      ===================================
      Date: 2019-06-09 17:12:15.330
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-53D9481D\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 17:12:15.275
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-53D9481D\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 16:10:34.363
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-53D9481D\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 16:10:34.318
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-53D9481D\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 05:58:19.154
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-6F3B2470\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 05:58:19.101
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-6F3B2470\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 05:31:45.759
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-6F3B2470\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 05:31:45.707
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-6F3B2470\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      ==================== Memory info =========================== 
      BIOS: Award Software International, Inc. F4b 04/26/2013
      Motherboard: Gigabyte Technology Co., Ltd. GA-78LMT-S2P
      Processor: AMD FX-8320E Eight-Core Processor 
      Percentage of memory in use: 30%
      Total physical RAM: 16381.54 MB
      Available physical RAM: 11368.57 MB
      Total Virtual: 32761.22 MB
      Available Virtual: 26564.91 MB
      ==================== Drives ================================
      Drive 😄 () (Fixed) (Total:150 GB) (Free:33.1 GB) NTFS
      Drive d: () (Fixed) (Total:781.41 GB) (Free:352.36 GB) NTFS
      \\?\Volume{2f050b3f-9477-11e7-8c98-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
      ==================== MBR & Partition Table ====================
      ==========================================================
      Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0C59AE75)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=781.4 GB) - (Type=05)
      ==================== End of Addition.txt =======================





       
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-04-2020
      Ran by GAMEPC (administrator) on GAMEPC-PC (Gigabyte Technology Co., Ltd. GA-78LMT-S2P) (13-04-2020 13:04:14)
      Running from C:\Users\GAMEPC\Downloads
      Loaded Profiles: GAMEPC (Available Profiles: GAMEPC)
      Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Български (България)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Discord Inc. -> Discord Inc.) C:\Users\GAMEPC\AppData\Local\Discord\app-0.0.306\Discord.exe <6>
      (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <28>
      (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
      (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
      (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
      (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
      ==================== Registry (Whitelisted) ===================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Spotify] => C:\Users\GAMEPC\AppData\Roaming\Spotify\Spotify.exe [22932200 2020-04-09] (Spotify AB -> Spotify Ltd)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [GAMEPC] => explorer.exe hxxp://dinoraptzor.org <==== ATTENTION
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [FACEIT] => "C:\Users\GAMEPC\AppData\Local\FACEITApp\update.exe" --processStart "FACEIT.exe"
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [gtarcade] => "C:\Users\GAMEPC\AppData\Local\Gtarcade\app\gtarcade.exe"   /auto_start=1 
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Discord] => C:\Users\GAMEPC\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\MountPoints2: {2d2c5be0-94b8-11e7-8704-048d38748987} - E:\setup.exe
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\MountPoints2: {609d2171-c4d2-11e7-a1c0-048d38748987} - E:\Lenovo_Suite.exe
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-08] (Google LLC -> Google LLC)
      Startup: C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK [2019-05-20]
      ShortcutTarget: Registration Heroes of Might & Magic 5 - Tribes of the East.LNK -> D:\heroes 3\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe (No File)
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Scheduled Tasks (Whitelisted) ============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      Task: {29CD2B59-F360-4EA0-8046-E993FB989355} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_pepper.exe [1453624 2020-03-11] (Adobe Inc. -> Adobe)
      Task: {31987656-F768-4D69-96DF-7AD4AB429034} - System32\Tasks\update-S-1-5-21-2297230751-1021565052-1431566534-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
      Task: {3DAD135E-7AD5-4D57-B3E2-9E7F6AD9E01C} - System32\Tasks\{76A40252-E785-4407-9A98-34E12F6F05C9} => C:\Windows\system32\pcalua.exe -a "c:\program files (x86)\hi-rez studios\HiRezGamesDiagAndSupport.exe" -c uninstall=0
      Task: {5A3FE129-72EA-42EB-BA09-CBF91559E528} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
      Task: {64503CA0-D96B-485A-A2ED-32E1ADEC5130} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-08] (Google Inc -> Google Inc.)
      Task: {A19D33FF-7FBC-4D6F-B122-FFBC2947D956} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-03-11] (Adobe Inc. -> Adobe)
      Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
      Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
      Task: {C84BADD3-E09D-4A90-9F80-FC6F9C4BF9D6} - System32\Tasks\GAMEPC => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v GAMEPC /t REG_SZ /d "explorer.exe hxxp://dinoraptzor.org" <==== ATTENTION
      Task: {F67C982E-B27B-4B4D-B6F1-B5474BEA2341} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_Plugin.exe [1458232 2020-03-11] (Adobe Inc. -> Adobe)
      Task: {FB761E82-2ABF-4B7D-A0A8-3F00F3533DD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-08] (Google Inc -> Google Inc.)
      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
      Task: C:\Windows\Tasks\update-S-1-5-21-2297230751-1021565052-1431566534-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
      Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{BFE47783-CFC6-4DEE-8858-A9889FC23A55}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{F8E6BFBF-08DD-4CEC-8468-25670AF9DFE4}: [DhcpNameServer] 94.72.140.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      FireFox:
      ========
      FF DefaultProfile: mrpwyf7s.default
      FF ProfilePath: C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default [2020-03-02]
      FF user.js: detected! => C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\user.js [2019-01-02]
      FF Homepage: Mozilla\Firefox\Profiles\mrpwyf7s.default -> google.bg
      FF Notifications: Mozilla\Firefox\Profiles\mrpwyf7s.default -> hxxps://www.instagram.com
      FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\Extensions\[email protected] [2020-01-04]
      FF Extension: (uBlock Origin) - C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\Extensions\[email protected] [2019-01-31]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )
      FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )
      FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.) [File not signed]
      FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR Profile: C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default [2020-04-13]
      CHR Notifications: Default -> hxxps://csgofast.com; hxxps://forum.dmg-inc.com; hxxps://ghost-recon.ubisoft.com; hxxps://tinder.com; hxxps://www.emag.bg
      CHR StartupUrls: Default -> "hxxp://google.bg/"
      CHR DefaultSearchURL: Default -> hxxps://tinder.com/static/android-chrome-192x192.png
      CHR Extension: (Презентации) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Документи) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Диск) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
      CHR Extension: (YouTube) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-08]
      CHR Extension: (Таблици) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Документи офлайн) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-10]
      CHR Extension: (Tinder) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hejiihbkifllpgdfndalmghiodgkefan [2019-04-05]
      CHR Extension: (Hoxx VPN Proxy) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2020-03-17]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
      CHR Extension: (Gmail) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
      CHR Extension: (Chrome Media Router) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-03]
      CHR Profile: C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\System Profile [2020-02-17]
      Opera: 
      =======
      OPR Extension: (uBlock Origin) - C:\Users\GAMEPC\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2020-01-04]
      ==================== Services (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8402648 2019-11-20] (BattlEye Innovations e.K. -> )
      S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291392 2017-08-17] (Disc Soft Ltd -> Disc Soft Ltd)
      S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-11-12] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
      S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2020-02-13] (Mixbyte Inc -> Freemake)
      S3 mracsvc; C:\Windows\System32\mracsvc.exe [18534552 2019-08-24] (Mail.Ru LLC -> LLC Mail.Ru)
      S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [8019808 2018-03-29] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
      S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2495792 2020-04-12] (Electronic Arts, Inc. -> Electronic Arts)
      S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3447608 2020-04-12] (Electronic Arts, Inc. -> Electronic Arts)
      S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1688720 2020-03-05] (Rockstar Games, Inc. -> Rockstar Games)
      S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2017-09-08] (Realtek Semiconductor.) [File not signed]
      S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-11-08] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-06-20] (Microsoft Windows -> Microsoft Corporation)
      R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651136 2017-09-08] (Microsoft Corporation) [File not signed]
      S3 FACEITService; C:/Program Files/FACEIT AC/FACEITService.exe [X]
      R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
      S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe" [X]
      ===================== Drivers (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2017-09-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
      R0 amdsata; C:\Windows\System32\DRIVERS\amdsata.sys [67128 2009-04-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
      R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [28216 2009-04-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
      R0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [16440 2009-05-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
      R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-09-11] (Disc Soft Ltd -> Disc Soft Ltd)
      R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-09-11] (Disc Soft Ltd -> Disc Soft Ltd)
      R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-09-08] (Martin Malik - REALiX -> REALiX(tm))
      R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2017-09-08] (Qualcomm Atheros -> Qualcomm Atheros Co., Ltd.)
      S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [17770920 2019-08-24] (Mail.Ru LLC -> LLC Mail.Ru)
      S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69840 2019-07-18] (NVIDIA Corporation -> NVIDIA Corporation)
      S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [61656 2017-09-08] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
      R3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [34872 2009-04-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
      S3 VOICEMOD_Driver; C:\Windows\System32\drivers\vmdrv.sys [27648 2019-07-02] (Windows (R) Win 7 DDK provider) [File not signed]
      S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
      S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
      S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
      S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One month (created) ===================
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2020-04-13 13:04 - 2020-04-13 13:05 - 000018493 _____ C:\Users\GAMEPC\Downloads\FRST.txt
      2020-04-13 13:03 - 2020-04-13 13:04 - 000000000 ____D C:\FRST
      2020-04-13 13:02 - 2020-04-13 13:03 - 002281984 _____ (Farbar) C:\Users\GAMEPC\Downloads\FRST64.exe
      2020-04-13 13:02 - 2020-04-13 13:02 - 002281984 _____ (Farbar) C:\Users\GAMEPC\Downloads\Непотвърдено 720436.crdownload
      2020-04-12 15:52 - 2020-04-12 15:54 - 021108919 _____ C:\Users\GAMEPC\Downloads\IMG_0571.mov
      2020-04-11 14:13 - 2020-04-11 14:13 - 000013913 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Longest.Railway.Tunnel.2020.1080i.HDTV.x264.torrent
      2020-04-11 14:13 - 2020-04-11 14:13 - 000013724 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Super.Stadium.2020.1080i.HDTV.x264.torrent
      2020-04-11 14:07 - 2020-04-11 14:07 - 000020396 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Tallest.Building.On.Earth.2020.720p.HDTV.x264.torrent
      2020-04-11 14:07 - 2020-04-11 14:07 - 000013420 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Mega.Ship.2020.1080i.HDTV.x264.torrent
      2020-04-10 13:56 - 2020-04-10 13:56 - 000011541 _____ C:\Users\GAMEPC\Downloads\Busty.Coeds.vs.Lusty.Cheerleaders.2011.HDRip.720p.x264.mp4.torrent
      2020-04-09 13:58 - 2020-04-09 14:13 - 169566096 _____ C:\Users\GAMEPC\Downloads\twerk.AVI
      2020-04-09 13:58 - 2020-04-09 14:06 - 058040907 _____ C:\Users\GAMEPC\Downloads\MOV01556.mpeg
      2020-04-07 15:07 - 2020-04-07 15:07 - 000001655 _____ C:\Users\Public\Desktop\VALORANT.lnk
      2020-04-07 15:07 - 2020-04-07 15:07 - 000001655 _____ C:\ProgramData\Desktop\VALORANT.lnk
      2020-04-07 15:07 - 2020-04-07 15:07 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games
      2020-04-07 15:07 - 2020-04-07 15:07 - 000000000 ____D C:\Riot Games
      2020-04-07 15:07 - 2020-04-07 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
      2020-04-07 15:06 - 2020-04-07 15:07 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Riot Games
      2020-04-07 15:06 - 2020-04-07 15:07 - 000000000 ____D C:\ProgramData\Riot Games
      2020-04-07 15:05 - 2020-04-07 15:06 - 068288168 _____ (Riot Games, Inc.) C:\Users\GAMEPC\Downloads\Install VALORANT.exe
      2020-04-06 20:12 - 2020-04-06 20:12 - 000016557 _____ C:\Users\GAMEPC\Downloads\Now.You.See.Me.2013.EXTENDED.480p.BDRip.x265.AC3.BGaudio-REFLUX.torrent
      2020-04-06 20:08 - 2020-04-06 20:08 - 000011672 _____ C:\Users\GAMEPC\Downloads\The.Lone.Ranger.2013.BDRip.x264.BGAUDiO-SLSS.torrent
      2020-04-06 20:05 - 2020-04-06 20:05 - 000014150 _____ C:\Users\GAMEPC\Downloads\Jack.the.Giant.Slayer.2013.576p.BDRip.x265.DUAL-REFLUX.torrent
      2020-04-05 02:03 - 2020-04-05 02:03 - 000151200 _____ C:\Users\GAMEPC\Downloads\The.Penguins.of.Madagascar.2008.DVDRip.XviD.BGAUDIO-nikio96.torrent
      2020-04-04 15:32 - 2020-04-04 15:32 - 000173894 _____ C:\Users\GAMEPC\Downloads\Hawaii.Five-0.S01.720p.WEB-DL.BG.ENG.H.264-smsliverpool.torrent
      2020-04-04 14:41 - 2020-04-04 14:41 - 000053564 _____ C:\Users\GAMEPC\Downloads\Arrival__2016.(subs.sab.bz).rar
      2020-04-04 14:41 - 2020-04-04 14:41 - 000011894 _____ C:\Users\GAMEPC\Downloads\Arrival.2016.576p.BDRIP.x264.AAC-GOD.torrent
      2020-04-02 01:56 - 2020-04-02 01:56 - 000014519 _____ C:\Users\GAMEPC\Downloads\National.Treasure.2004.BRRip.XviD.BGAUDiO-ZmN.torrent
      2020-04-01 02:07 - 2020-04-01 02:07 - 000055713 _____ C:\Users\GAMEPC\Downloads\Meet The Fockers [DVDRip][2004][BGAudio][BugzBunny].avi.torrent
      2020-03-31 23:21 - 2020-03-31 23:21 - 000089245 _____ C:\Users\GAMEPC\Downloads\Addams.Family.Values.1993.1080p.BluRay.x264-SlzD.torrent
      2020-03-31 23:21 - 2020-03-31 23:21 - 000026602 _____ C:\Users\GAMEPC\Downloads\addams.family.values.1993.bluray.bg(subsunacs.net).rar
      2020-03-31 23:19 - 2020-03-31 23:19 - 000026083 _____ C:\Users\GAMEPC\Downloads\the_addams_family(subsunacs.net).zip
      2020-03-31 23:19 - 2020-03-31 23:19 - 000015432 _____ C:\Users\GAMEPC\Downloads\The.Addams.Family.1991.HDTVRip.XviD.AC3-KiNGS.torrent
      2020-03-30 23:36 - 2020-03-31 00:08 - 000000000 ____D C:\Users\GAMEPC\Documents\Assassin's Creed Syndicate
      2020-03-30 23:36 - 2020-03-30 23:36 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\uplay
      2020-03-30 21:17 - 2020-03-30 21:17 - 000058328 _____ C:\Users\GAMEPC\Downloads\Assassin's Creed Syndicate - Gold Edition + v1.5 + All DLCs [FitGirl Repack].torrent
      2020-03-30 20:08 - 2020-03-30 20:08 - 001024240 _____ C:\Users\GAMEPC\Downloads\filmora-idco_setup_full1901.exe
      2020-03-30 20:07 - 2020-03-30 20:07 - 001153264 _____ C:\Users\GAMEPC\Downloads\filmorapro_setup_full4895.exe
      2020-03-30 20:03 - 2020-03-30 20:03 - 000000000 ____D C:\Users\GAMEPC\Documents\New Folder(2)
      2020-03-30 20:03 - 2020-03-30 20:03 - 000000000 ____D C:\Users\GAMEPC\Documents\New Folder(1)
      2020-03-30 20:02 - 2020-03-30 20:02 - 000000000 ____D C:\Users\GAMEPC\Documents\New Folder
      2020-03-30 19:35 - 2020-03-30 19:37 - 135856128 _____ C:\Users\GAMEPC\Downloads\blender-2.82a-windows64.msi
      2020-03-28 04:34 - 2020-03-28 04:35 - 018548431 _____ C:\Users\GAMEPC\Downloads\voicemod crack .rar
      2020-03-28 04:22 - 2020-03-28 04:22 - 023272680 _____ (Voicemod S.L. ) C:\Users\GAMEPC\Downloads\VoicemodSetup.exe
      2020-03-28 04:22 - 2019-07-02 17:50 - 000027648 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\vmdrv.sys
      2020-03-26 16:39 - 2020-03-26 16:39 - 000021708 _____ C:\Users\GAMEPC\Downloads\the_hunt(subsunacs.net).7z
      2020-03-26 16:38 - 2020-03-26 16:38 - 000038078 _____ C:\Users\GAMEPC\Downloads\The.Hunt.2020.1080p.AMZN.WEBRip.DDP5.1.x264-NTG.torrent
      2020-03-25 22:47 - 2019-01-01 00:02 - 006045924 _____ C:\Users\GAMEPC\Desktop\meepoof_legacy_nonQcast.exe
      2020-03-25 22:45 - 2020-03-25 22:45 - 005896438 _____ C:\Users\GAMEPC\Downloads\meepoofv1_legacy_nonQcast.zip
      2020-03-25 02:45 - 2020-03-25 02:45 - 000002971 _____ C:\Users\GAMEPC\Downloads\Unacknowledged.2017.1080p.WEB.x265.AAC-Dr3adLoX.torrent
      2020-03-25 02:42 - 2020-03-25 02:42 - 000013592 _____ C:\Users\GAMEPC\Downloads\Most.Evil.Egocentric.Killers.1080i.HDTV.x264.torrent
      2020-03-24 19:05 - 2020-03-24 19:05 - 000002374 _____ C:\Users\GAMEPC\Desktop\StreamLabels.lnk
      2020-03-24 19:04 - 2020-03-24 19:05 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\streamlabels-updater
      2020-03-23 15:18 - 2020-03-23 15:18 - 000045449 _____ C:\Users\GAMEPC\Downloads\The_Invisible_Man.(subs.sab.bz).zip
      2020-03-23 15:18 - 2020-03-23 15:18 - 000039071 _____ C:\Users\GAMEPC\Downloads\The.Invisible.Man.2020.1080p.WEB-DL.H264.AC3-EVO.torrent
      2020-03-23 15:14 - 2020-03-23 15:14 - 000012215 _____ C:\Users\GAMEPC\Downloads\Toy.Story.4.2019.BRRip.x265.AC3.BGAUDiO-SiSO.torrent
      2020-03-22 14:43 - 2020-03-22 14:43 - 000315856 _____ C:\Users\GAMEPC\Downloads\SHUTDOWN8-SETUP.EXE
      2020-03-22 14:43 - 2020-03-22 14:43 - 000001043 _____ C:\Users\GAMEPC\Desktop\Shutdown8.lnk
      2020-03-22 14:43 - 2020-03-22 14:43 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Shutdown8
      2020-03-22 14:42 - 2020-03-22 14:42 - 000566784 _____ C:\Users\GAMEPC\Downloads\ShutDown.exe
      2020-03-22 14:32 - 2020-03-16 16:07 - 039835432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
      2020-03-22 14:32 - 2020-03-16 16:07 - 022106560 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
      2020-03-22 14:32 - 2020-03-16 16:07 - 018416616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
      2020-03-22 14:32 - 2020-03-16 16:06 - 004257984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 001729440 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
      2020-03-22 14:32 - 2020-03-16 13:10 - 001729440 _____ C:\Windows\system32\vulkaninfo.exe
      2020-03-22 14:32 - 2020-03-16 13:10 - 001329576 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
      2020-03-22 14:32 - 2020-03-16 13:10 - 001329576 _____ C:\Windows\SysWOW64\vulkaninfo.exe
      2020-03-22 14:32 - 2020-03-16 13:10 - 001079208 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 001079208 _____ C:\Windows\system32\vulkan-1.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 000937920 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 000937920 _____ C:\Windows\SysWOW64\vulkan-1.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 000440040 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 000343784 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 127357328 _____ (NVIDIA Corp.) C:\Windows\system32\nvoptix.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 040314976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 029930728 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl64.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 027555560 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtum64.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 025239952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl32.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 011834784 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 010161040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 000420240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 029545584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 022880352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
      2020-03-22 14:32 - 2020-03-16 13:08 - 017464208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 015029992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 004988136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 004447648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 002068368 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001720208 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6444274.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001560808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001482984 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6444274.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001476536 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001363176 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001139832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001057696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000625776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000539880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000517232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000422328 _____ C:\Windows\system32\nvofapi64.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000373360 _____ C:\Windows\SysWOW64\nvofapi.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000182368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000164464 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000158304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000143288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
      2020-03-22 14:32 - 2020-03-16 13:07 - 040502176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
      2020-03-22 14:32 - 2020-03-16 13:07 - 035371424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
      2020-03-22 14:32 - 2020-03-16 13:07 - 000518560 _____ (NVIDIA Corporation) C:\Windows\system32\nvcbl64.dll
      2020-03-22 14:28 - 2020-03-22 14:29 - 554302392 _____ (NVIDIA Corporation) C:\Users\GAMEPC\Downloads\442.74-desktop-win8-win7-64bit-international-whql.exe
      2020-03-21 05:08 - 2020-03-21 05:08 - 000021014 _____ C:\Users\GAMEPC\Downloads\Scooby Doo Mystery Incorporated Season 2 DVDRip BG Audio - SPYRO.torrent
      2020-03-20 16:09 - 2020-03-20 16:09 - 000077329 _____ C:\Users\GAMEPC\Downloads\_Yavka.net_The.Outsider.S01E01.WEBRip.x264-ION10.zip
      2020-03-20 16:09 - 2020-03-20 16:09 - 000041769 _____ C:\Users\GAMEPC\Downloads\The.Outsider.2020.S01E01.WEB.H264-XLF.torrent
      2020-03-20 15:11 - 2020-03-20 15:11 - 000056630 _____ C:\Users\GAMEPC\Downloads\Secret.Window.2004.DVDrip.XviD.Brutus-WORKZ.torrent
      2020-03-20 15:08 - 2020-03-20 15:08 - 000025691 _____ C:\Users\GAMEPC\Downloads\1408.2007.Director_s.Cut.720p.HDDVD.x264_CtrlHD.(subs.sab.bz).rar
      2020-03-20 15:07 - 2020-03-20 15:07 - 000014658 _____ C:\Users\GAMEPC\Downloads\1408.2007.BRRip.XViD.AC3 -playXD.torrent
      2020-03-20 15:03 - 2020-03-20 15:03 - 000014435 _____ C:\Users\GAMEPC\Downloads\Daybreakers.2009.BDRip.x264.AAC.BGAUDiO-SiSO.torrent
      2020-03-20 14:59 - 2020-03-20 14:59 - 000056731 _____ C:\Users\GAMEPC\Downloads\Dreamcatcher.DVDrip.AC3.torrent
      2020-03-19 14:12 - 2020-03-19 14:22 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\ShootersPool
      2020-03-19 14:12 - 2020-03-19 14:12 - 000000000 ____D C:\Users\GAMEPC\Documents\ShootersPool
      2020-03-19 14:12 - 2020-03-19 14:12 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\ShootersPool
      2020-03-19 13:39 - 2020-03-19 13:57 - 1545182216 _____ C:\Users\GAMEPC\Downloads\ShootersPool-1.8.2c_Setup.exe
      2020-03-17 16:31 - 2020-03-17 16:31 - 000033204 _____ C:\Users\GAMEPC\Downloads\swtros_2019_web_unacs_team(subsunacs.net).rar
      2020-03-17 16:30 - 2020-03-17 16:30 - 000027541 _____ C:\Users\GAMEPC\Downloads\Star.Wars.Episode.IX.The.Rise.of.Skywalker.2020.HDRip.AC3.x264-CMRG.torrent
      2020-03-15 14:48 - 2020-03-15 14:48 - 000013669 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Austria's.Mega.Dam.2020.1080i.HDTV.x264.torrent
      2020-03-15 00:26 - 2020-03-15 00:30 - 068914501 _____ C:\Users\GAMEPC\Downloads\FullSizeRender.mov
      2020-03-14 19:01 - 2020-03-14 19:08 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\CitizenFX
      2020-03-14 18:50 - 2020-04-09 18:17 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\FiveM
      2020-03-14 18:50 - 2020-03-14 18:50 - 008885192 _____ (cfx-collective) C:\Users\GAMEPC\Downloads\FiveM.exe
      2020-03-14 18:50 - 2020-03-14 18:50 - 000002024 _____ C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM Singleplayer.lnk
      2020-03-14 18:50 - 2020-03-14 18:50 - 000002016 _____ C:\Users\GAMEPC\Desktop\FiveM Singleplayer.lnk
      2020-03-14 18:50 - 2020-03-14 18:50 - 000002016 _____ C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM.lnk
      2020-03-14 18:50 - 2020-03-14 18:50 - 000002008 _____ C:\Users\GAMEPC\Desktop\FiveM.lnk
      ==================== One month (modified) ==================
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2020-04-13 12:56 - 2017-09-23 18:42 - 000000000 ____D C:\Program Files (x86)\Steam
      2020-04-13 12:51 - 2009-07-14 07:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2020-04-13 12:51 - 2009-07-14 07:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2020-04-13 12:49 - 2019-03-14 23:38 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Spotify
      2020-04-13 12:44 - 2017-09-09 22:09 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\discord
      2020-04-13 12:42 - 2019-03-14 23:37 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Spotify
      2020-04-13 12:42 - 2017-09-08 14:03 - 000000000 ____D C:\ProgramData\NVIDIA
      2020-04-13 12:41 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2020-04-13 03:59 - 2019-07-31 00:33 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\obs-studio
      2020-04-13 03:38 - 2019-08-14 02:36 - 000000390 _____ C:\Windows\Tasks\update-sys.job
      2020-04-13 02:45 - 2019-08-14 02:36 - 000000390 _____ C:\Windows\Tasks\update-S-1-5-21-2297230751-1021565052-1431566534-1000.job
      2020-04-12 03:45 - 2019-12-26 03:14 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Origin
      2020-04-12 03:12 - 2019-02-11 22:09 - 000000000 ____D C:\ProgramData\Origin
      2020-04-12 03:11 - 2019-12-26 03:16 - 000000000 ____D C:\Program Files (x86)\Origin
      2020-04-12 03:11 - 2019-12-26 03:14 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Origin
      2020-04-11 17:11 - 2017-09-10 01:33 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\qBittorrent
      2020-04-08 00:03 - 2018-11-16 15:10 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2020-04-08 00:03 - 2018-11-16 15:10 - 000002181 _____ C:\ProgramData\Desktop\Google Chrome.lnk
      2020-04-08 00:03 - 2017-09-08 13:35 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2020-04-06 03:47 - 2017-09-19 23:12 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\TS3Client
      2020-04-03 11:39 - 2018-01-11 17:53 - 000640612 _____ C:\Windows\system32\perfh002.dat
      2020-04-03 11:39 - 2018-01-11 17:53 - 000114470 _____ C:\Windows\system32\perfc002.dat
      2020-04-03 11:39 - 2009-07-14 08:13 - 001498588 _____ C:\Windows\system32\PerfStringBackup.INI
      2020-04-03 11:39 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
      2020-03-31 00:08 - 2009-07-14 08:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2020-03-30 20:00 - 2019-08-08 04:08 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\NVIDIA
      2020-03-28 04:27 - 2017-09-08 15:54 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\CrashDumps
      2020-03-24 19:05 - 2019-10-04 14:40 - 000002382 _____ C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamLabels.lnk
      2020-03-24 19:02 - 2019-07-31 03:15 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\slobs-client
      2020-03-24 19:01 - 2019-07-31 03:14 - 000000000 ____D C:\Program Files\Streamlabs OBS
      2020-03-21 16:32 - 2018-11-03 19:10 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\DigitalEntitlements
      2020-03-21 02:54 - 2017-09-08 13:35 - 000003434 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
      2020-03-21 02:54 - 2017-09-08 13:35 - 000003306 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
      2020-03-20 21:19 - 2017-09-18 19:14 - 000000000 ____D C:\ProgramData\McAfee
      2020-03-20 17:01 - 2017-12-06 19:25 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\ViberPC
      2020-03-19 14:12 - 2018-07-27 18:56 - 000466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
      2020-03-19 14:12 - 2018-07-27 18:56 - 000444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
      2020-03-19 14:12 - 2018-07-27 18:56 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
      2020-03-19 14:12 - 2018-07-27 18:56 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
      2020-03-19 03:22 - 2018-10-18 17:36 - 000000979 _____ C:\Users\Public\Desktop\PotPlayer 64 bit.lnk
      2020-03-19 03:22 - 2018-10-18 17:36 - 000000979 _____ C:\ProgramData\Desktop\PotPlayer 64 bit.lnk
      2020-03-16 16:07 - 2020-03-11 03:56 - 034369720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
      2020-03-16 16:07 - 2017-09-08 14:02 - 004813752 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
      2020-03-16 13:09 - 2017-09-08 14:02 - 000502672 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
      2020-03-16 13:08 - 2020-03-11 03:56 - 000469904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
      2020-03-14 01:34 - 2017-09-08 13:21 - 000052925 _____ C:\Windows\system32\nvinfo.pb
      2020-03-14 00:04 - 2017-09-08 14:03 - 005580272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 002631480 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 001759032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 000660792 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 000447464 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 000121328 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 000074552 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
      ==================== Files in the root of some directories ========
      2020-02-19 00:22 - 2020-02-19 00:22 - 000000733 _____ () C:\Users\GAMEPC\AppData\Local\recently-used.xbel
      2018-12-17 21:42 - 2018-12-23 19:48 - 000007597 _____ () C:\Users\GAMEPC\AppData\Local\Resmon.ResmonCfg
      2019-08-14 02:36 - 2019-08-14 02:36 - 000000003 _____ () C:\Users\GAMEPC\AppData\Local\updater.log
      2019-08-14 02:36 - 2019-08-14 02:36 - 000000424 _____ () C:\Users\GAMEPC\AppData\Local\UserProducts.xml
      ==================== SigCheck ============================
      (There is no automatic fix for files that do not pass verification.)

      LastRegBack: 2020-04-07 04:13
      ==================== End of FRST.txt ========================
    • от stefanbkanev
      Здравейте, лаптопа ми е нов и със сравнително прилични характеристики, но от няколко дена като го включа и прегрява... Натоварва се изключително много, а нямам включено почти нищо (единствено браузър, скайп и още 1-2 неща дето не би трябвало да натоварват много)...  Най-вероятно съм пипнал някой вирус, ще съм благодарен, ако ми помогнете

      Addition.txt FRST.txt
    • от scorpa
      Добър ден , получих имейл от хакерчето в заглавието в абв пощата ми като в този имейл се указва как е щял да разпространи мои клипове(които не съществуват) и имал достъп до лаптопа ми като упоменава камерата и микрофон. Условието за да приключи всичко това е да направя паричен превод  от 1100 лв в негова  сметка ,която е същата  и в доста други сайтове  . Доколкото четох в  интернет това е scam , но възможността за троянски кон в системата е била голяма.  Изчетох  някои теми и доколкото разбрах за някои системи се действа индивидуално и затова ви моля за помощ  и съдействие.  Благодаря за отделеното внимание ,  ПАЗЕТЕ СЕ !!
    • от The_Nomad
      Преди няколко седмици писах с проблем при ъпдейтването на Касперски фрий. Беше зациклил на 100%. Деинсталирах и инсталирах отново - 20версия. В момента пак е зациклил от седмица на 100% и не иска да ъпдейтва. Подозирам вече някоя буба, защото при всеки старт на Уиндоус Касперски намира зловреден файл - този от снимката
      ПП Подчертавам, че ЪПДЕЙТИТЕ НА УИНДОУС съм си ги спрял аз нарочно. Ползвам и WFC Binisoft
       

      Addition.txt FRST.txt
  • Дарение

×
×
  • Добави ново...