Премини към съдържанието

    Препоръчан отговор


    Здравейте!

    От известно време забелязвам нещо странно, което се случва средно 2-3 пъти на ден. Докато пиша нещо на компютъра (било то в сайт или в документ), в един момент все едно съм натиснал някъде и трябва пак да кликна с мишката, за да продължа да пиша. Съмнявам се за троянски кон или нещо подобно, а на компютъра ми има ценни файлове и не искам да се случи нещо с тях.  Addition.txt е прикачен.

    Ето какво ми излезе от  FRST.txt :

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:Addition.txt 21-08-2016 01
    Ran by Home (administrator) on USER (22-08-2016 16:23:03)
    Running from C:\Users\Home\Desktop
    Loaded Profiles: Home (Available Profiles: Home)
    Platform: Windows 8.1 Pro (Update) (X64) Language: Български (България)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (LolBoT.) C:\Users\Home\Desktop\Spam BoT v1.6.exe
    (CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
    (CyberGhost S.R.L.) C:\Program Files\CyberGhost 6\CyberGhost.exe
    (The OpenVPN Project) C:\Program Files\CyberGhost 6\Data\OpenVPN\openvpn.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Farbar) C:\Users\Home\Desktop\FRST64 (1).exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
    HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1156656 2016-08-18] (CyberGhost S.R.L.)
    HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-07-19] (SUPERAntiSpyware)
    HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 217.18.241.110 62.221.132.218
    Tcpip\..\Interfaces\{A5B8694A-AE79-46DB-880E-D71D678D76AD}: [DhcpNameServer] 194.187.251.67 185.93.180.131 38.132.106.139
    Tcpip\..\Interfaces\{F0633EB8-7F25-4AC3-B3AF-52B66A40127F}: [NameServer] 194.187.251.67,185.93.180.131
    Tcpip\..\Interfaces\{F0633EB8-7F25-4AC3-B3AF-52B66A40127F}: [DhcpNameServer] 217.18.241.110 62.221.132.218

    Internet Explorer:
    ==================
    HKU\S-1-5-21-340910651-1706132204-2474600806-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.bg/
    SearchScopes: HKU\S-1-5-21-340910651-1706132204-2474600806-1001 -> DefaultScope {E6A0ADEC-9673-4D7B-AAF9-A6CD68FBC2DD} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-340910651-1706132204-2474600806-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-340910651-1706132204-2474600806-1001 -> {E6A0ADEC-9673-4D7B-AAF9-A6CD68FBC2DD} URL = hxxp://www.google.com/search?q={searchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\9c9lz5ps.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-11-29] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-11-29] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
    FF Extension: AdBlocker Ultimate - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\9c9lz5ps.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-07-02]

    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.google.bg/
    CHR StartupUrls: Default -> "hxxps://www.google.bg/"
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Презентации) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-11]
    CHR Extension: (Google Документи) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-11]
    CHR Extension: (Google Диск) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-11]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-08]
    CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-11]
    CHR Extension: (Google Търсене) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-11]
    CHR Extension: (Електронни таблици от Google) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-11]
    CHR Extension: (Google Документи офлайн) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (AdBlock) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-28]
    CHR Extension: (goo.gl URL Shortener) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2016-01-11]
    CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
    CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-11]
    CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]

    Opera: 
    =======
    StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
    R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [71728 2016-08-18] (CyberGhost S.R.L)
    R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2541192 2016-06-23] (ESET)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164736 2012-11-29] (Intel Corporation)
    S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4192344 2016-03-09] (INCA Internet Co., Ltd.)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2015-05-29] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263336 2016-06-23] (ESET)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET)
    S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15488 2016-06-23] (ESET)
    R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [197288 2016-06-23] (ESET)
    R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [181416 2016-06-23] (ESET)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [119712 2016-06-16] (Oracle Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    U4 ekbdflt; \SystemRoot\system32\DRIVERS\ekbdflt.sys [X]
    U4 epfw; \SystemRoot\system32\DRIVERS\epfw.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-22 16:23 - 2016-08-22 16:23 - 00015571 _____ C:\Users\Home\Desktop\FRST.txt
    2016-08-22 16:22 - 2016-08-22 16:22 - 02396672 _____ (Farbar) C:\Users\Home\Desktop\FRST64 (1).exe
    2016-08-19 23:42 - 2016-08-19 23:43 - 00000000 ____D C:\Users\Home\AppData\Local\CyberGhost
    2016-08-19 23:40 - 2016-08-20 05:57 - 00001744 _____ C:\Users\Home\Desktop\CyberGhost 6.lnk
    2016-08-19 23:40 - 2016-08-19 23:42 - 00000000 ____D C:\Program Files\TAP-Windows
    2016-08-19 23:40 - 2016-08-19 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6
    2016-08-19 21:41 - 2013-08-22 16:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160819-214126.backup
    2016-08-19 21:35 - 2016-08-19 21:35 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-08-19 21:35 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
    2016-08-19 21:33 - 2016-08-19 22:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-08-19 21:33 - 2016-08-19 22:05 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-08-19 21:33 - 2016-08-19 21:33 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2016-08-19 21:33 - 2016-08-19 21:33 - 00001391 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2016-08-19 21:33 - 2016-08-19 21:33 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
    2016-08-19 21:33 - 2016-08-19 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2016-08-19 21:33 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
    2016-08-12 23:13 - 2016-08-12 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    2016-08-12 23:13 - 2016-08-12 23:13 - 00000000 ____D C:\ProgramData\ESET
    2016-08-12 22:53 - 2016-08-12 22:53 - 00000000 ____D C:\Users\Home\AppData\Local\ESET
    2016-08-12 19:11 - 2016-08-22 16:23 - 00000000 ____D C:\FRST
    2016-08-12 18:52 - 2016-08-12 19:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
    2016-08-12 18:48 - 2016-08-12 18:48 - 00000000 ____D C:\Users\Home\AppData\Local\PackageAware
    2016-08-12 18:48 - 2016-08-12 18:48 - 00000000 ____D C:\ProgramData\Webroot
    2016-08-10 23:04 - 2016-08-10 23:35 - 00135698 _____ C:\Windows\ntbtlog.txt
    2016-08-10 22:54 - 2016-08-10 23:04 - 00000000 ____D C:\Users\Home\AppData\Local\FSDART
    2016-08-10 22:54 - 2016-08-10 22:56 - 00000000 ____D C:\ProgramData\F-Secure
    2016-08-10 22:54 - 2016-08-10 22:54 - 00000000 ____D C:\Users\Home\AppData\Local\F-Secure
    2016-08-10 22:39 - 2016-08-22 14:39 - 00000518 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e948b6d5-3326-404d-a121-aaf5de858a09.job
    2016-08-10 22:39 - 2016-08-10 22:39 - 00003480 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e948b6d5-3326-404d-a121-aaf5de858a09
    2016-08-10 22:39 - 2016-08-10 22:39 - 00000000 ____D C:\Users\Home\AppData\Roaming\SUPERAntiSpyware.com
    2016-08-10 22:38 - 2016-08-10 22:39 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-08-10 22:38 - 2016-08-10 22:38 - 00001780 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2016-08-10 22:38 - 2016-08-10 22:38 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2016-08-10 22:38 - 2016-08-10 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2016-08-10 13:50 - 2016-08-02 09:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-08-10 13:50 - 2016-08-02 09:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-08-10 13:50 - 2016-08-02 09:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-08-10 13:50 - 2016-08-02 09:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-08-10 13:50 - 2016-08-02 09:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-08-10 13:50 - 2016-08-02 09:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-08-10 13:50 - 2016-08-02 08:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-08-10 13:50 - 2016-08-02 08:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-08-10 13:50 - 2016-08-02 08:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-08-10 13:50 - 2016-08-02 08:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-08-10 13:50 - 2016-08-02 08:46 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2016-08-10 13:50 - 2016-08-02 08:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-08-10 13:50 - 2016-08-02 08:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-08-10 13:50 - 2016-08-02 08:39 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-08-10 13:50 - 2016-08-02 08:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-08-10 13:50 - 2016-08-02 08:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-08-10 13:50 - 2016-08-02 08:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-08-10 13:50 - 2016-08-02 08:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-08-10 13:50 - 2016-08-02 08:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-08-10 13:50 - 2016-08-02 08:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-08-10 13:50 - 2016-08-02 08:20 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-08-10 13:50 - 2016-08-02 08:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-08-10 13:50 - 2016-08-02 08:15 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-08-10 13:50 - 2016-08-02 08:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-08-10 13:50 - 2016-08-02 08:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-08-10 13:50 - 2016-08-02 08:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-08-10 13:50 - 2016-08-02 07:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-08-10 13:50 - 2016-08-02 07:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-08-10 13:50 - 2016-08-02 07:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-08-10 13:50 - 2016-08-02 07:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-08-10 13:50 - 2016-07-08 17:18 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-08-10 13:48 - 2016-07-12 17:08 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
    2016-08-10 13:48 - 2016-07-09 03:09 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-08-10 13:48 - 2016-07-09 03:08 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-08-10 13:48 - 2016-07-08 17:32 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
    2016-08-10 13:48 - 2016-07-08 17:25 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
    2016-08-10 13:48 - 2016-07-08 17:22 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-08-10 13:48 - 2016-07-08 17:19 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
    2016-08-10 13:48 - 2016-07-08 17:17 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
    2016-08-10 13:48 - 2016-07-08 01:33 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-08-10 13:48 - 2016-07-08 00:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-08-10 13:48 - 2016-07-07 23:06 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-08-10 13:48 - 2016-07-06 17:26 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
    2016-08-10 13:48 - 2016-07-06 17:26 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
    2016-08-10 13:48 - 2016-07-06 17:23 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
    2016-08-10 13:48 - 2016-07-06 17:21 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
    2016-07-31 12:03 - 2016-08-04 00:14 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-07-31 12:03 - 2016-08-04 00:14 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-07-31 12:02 - 2016-08-22 16:12 - 00001016 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-07-31 12:02 - 2016-08-22 12:12 - 00001012 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-07-31 12:02 - 2016-07-31 12:07 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-07-28 04:44 - 2016-03-09 13:51 - 04192344 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
    2016-07-28 04:43 - 2016-07-28 04:43 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
    2016-07-28 04:43 - 2004-12-30 15:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
    2016-07-28 04:43 - 2003-07-16 00:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
    2016-07-28 04:36 - 2016-07-28 04:36 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webzen
    2016-07-28 04:21 - 2016-07-28 04:27 - 00000000 ____D C:\ProgramData\WEBZEN

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-22 15:44 - 2016-01-11 17:43 - 00000000 ____D C:\Users\Home\AppData\Local\ClassicShell
    2016-08-22 15:25 - 2016-01-11 17:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-08-22 13:19 - 2016-01-11 17:28 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{00D94D0E-AC24-41C8-A8A1-1ECCB56AC88E}
    2016-08-22 01:13 - 2016-01-11 17:40 - 00000284 _____ C:\Windows\Tasks\AutoKMS.job
    2016-08-21 23:08 - 2016-01-11 17:24 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-340910651-1706132204-2474600806-1001
    2016-08-21 05:47 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Inf
    2016-08-21 03:53 - 2016-01-14 22:43 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
    2016-08-21 02:21 - 2016-01-11 20:55 - 09648128 ___SH C:\Users\Home\Desktop\Thumbs.db
    2016-08-21 02:07 - 2016-04-10 01:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-08-21 02:05 - 2016-01-12 19:12 - 00047512 _____ C:\Windows\system32\perfh002.dat
    2016-08-21 02:05 - 2016-01-12 19:12 - 00011800 _____ C:\Windows\system32\perfc002.dat
    2016-08-21 02:05 - 2014-03-18 18:45 - 00907186 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-08-19 23:43 - 2016-07-11 13:25 - 00000000 ____D C:\Program Files\CyberGhost 6
    2016-08-19 17:51 - 2016-01-11 17:27 - 00000000 ____D C:\Users\Home\AppData\Local\Google
    2016-08-18 03:55 - 2016-01-11 17:44 - 00000000 __SHD C:\Users\Home\IntelGraphicsProfiles
    2016-08-18 03:55 - 2013-08-22 17:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-08-18 02:17 - 2016-06-23 20:20 - 00007620 _____ C:\Users\Home\AppData\Local\Resmon.ResmonCfg
    2016-08-18 01:00 - 2016-01-12 18:23 - 00000000 ____D C:\Users\Home\AppData\Local\ElevatedDiagnostics
    2016-08-17 15:33 - 2013-08-22 18:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-08-12 23:58 - 2016-01-12 01:22 - 00000000 ____D C:\Users\Home\AppData\Roaming\vlc
    2016-08-12 23:13 - 2016-01-11 17:41 - 00000000 ____D C:\Program Files\ESET
    2016-08-12 23:07 - 2016-01-11 17:17 - 00000000 ____D C:\Program Files\KMSpico
    2016-08-12 20:25 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\AppReadiness
    2016-08-12 19:45 - 2016-01-11 20:27 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-08-12 19:27 - 2016-04-16 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-08-11 16:48 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\rescache
    2016-08-10 15:55 - 2013-08-22 17:44 - 00483920 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-08-10 15:54 - 2013-08-22 16:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2016-08-10 15:52 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\LiveKernelReports
    2016-08-10 15:50 - 2013-08-22 18:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-08-10 15:44 - 2016-01-11 20:27 - 00000000 ____D C:\Windows\system32\MRT
    2016-08-10 15:37 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
    2016-08-10 13:46 - 2016-06-24 21:45 - 00563024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2016-08-10 13:46 - 2016-06-24 21:45 - 00397232 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2016-08-10 13:46 - 2016-06-24 21:45 - 00340880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2016-08-10 13:46 - 2016-06-24 21:45 - 00178016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-08-07 21:24 - 2016-05-12 16:40 - 00000000 ____D C:\Program Files\CyberGhost 5
    2016-08-07 18:08 - 2016-01-11 17:18 - 00000000 ____D C:\Users\Home\AppData\Local\Packages
    2016-08-05 14:24 - 2013-08-22 18:36 - 00000000 ___HD C:\Windows\ELAMBKUP
    2016-07-31 12:07 - 2016-01-11 17:26 - 00003988 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-07-31 12:02 - 2016-01-11 17:26 - 00000000 ____D C:\Program Files (x86)\Google
    2016-07-31 02:18 - 2014-03-18 18:17 - 00000000 ____D C:\Windows\ShellNew
    2016-07-28 08:07 - 2016-01-11 17:38 - 00000000 ____D C:\Users\Home\AppData\Roaming\uTorrent
    2016-07-28 04:41 - 2016-01-11 17:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-07-27 22:25 - 2016-01-11 19:56 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2016-07-23 07:07 - 2016-01-11 17:45 - 00000000 ____D C:\Users\Home\AppData\Roaming\Skype
    2016-07-23 07:01 - 2016-01-11 17:32 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-07-23 07:01 - 2016-01-11 17:32 - 00000000 ____D C:\ProgramData\Skype

    ==================== Files in the root of some directories =======

    2016-06-23 20:20 - 2016-08-18 02:17 - 0007620 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
    2016-06-27 20:07 - 2016-06-27 20:07 - 0000259 _____ () C:\ProgramData\fontcacheev1.dat

    Files to move or delete:
    ====================
    C:\ProgramData\fontcacheev1.dat


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-08-19 12:12

    ==================== End of FRST.txt ============================

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте.

    Вие ли добавяхте адреси в Hosts файла? 

    Цитат

    There are 15554 more lines.

     

    Качете следните файлове за сканиране във VirusTotal.com и дайте линкове от сканиранията.

    Цитат

    C:\Windows\SysWOW64\GameMon.des
    C:\Windows\SysWOW64\npptNT2.sys

    Забележка: Файловете може да са скрити!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Стъпка 1

    • Деинсталирайте от контролния панел следния софтуер:
      Цитат

      Spybot - Search & Destroy

      SUPERAntiSpyware

       

    Стъпка 2

    Изтеглете: 8864095R.jpg Malwarebytes Anti-Malware.

    • Стартирайте инсталационния файл и следвайте съветника за инсталация.
    • Преди края на инсталацията премахнете отметката от: "Enable free trial of Malwarebytes Anti-Malware Premium" и се уверете че има отметка пред "Launch Malwarebytes Anti-Malware".
    • Отидете до табът Settings => Detection and Protection => сложете отметка на "Scan for rootkits".
    • Отидете до табът Dashboard => натиснете бутона "SCAN NOW".
    • Програмата автоматично ще провери за актуализации и ще започне сканирането.

    Забележка: Ако видите съобщението "Could not load DDA driver" натиснете бутона "YES". След което разрешете на системата да се рестартира.

    • След като проверката приключи натиснете бутона "Apply Actions".
    • Системата ще поиска рестарт, съгласете се.
    • След като системата зареди MBAB ще зареди.
    • Отидете до табът History => Applications Logs.
    • Потърсете лог с име "SCAN LOG" с последната дата и час и натиснете върху него.
    • Натиснете бутона EXPORT => Copy to Clipboard.
    • Поставете съдържанието на лога с клавишната комбинация CTRL+V към следващия Ви коментар.

     

    Стъпка 3

    Изтеглете: 8864024K.jpgEmsissoft Emergency Kit

    • Стартирайте файла и посочете къде да се разархивира програмата - например в (C:\EEK), натискайки бутона Extract.
    • Стартирайте файла Start Emsisoft Emergency Kit от десктопа за да стартирате програмата.
    • Натиснете бутона "Yes", когато бъдете подканени да обновите дефинициите на програмата.
    • След като обновяването на дефинициите приключи натиснете бутона "Scan".
    • Програмата ще Ви попита дали искате да включите засичането на Potentially Unwanted Applications,  натиснете бутона "Yes".
    • Натиснете бутона "Custom Scan". Премахнете от списъка оставете само дял C:\.
    • Натиснете "Next" за да започне проверката.
    • Когато проверката приключи натиснете бутона "View Report".
    • Копирайте съдържанието на лог файла в следващия Ви коментар.

     

    Стъпка 4

    • Направете нови логове с FRST и ги прикачете към следващия ви коментар.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Деинсталирах двете програми. Вече имах версия на Malwarebytes, ето го и лога от сканирането:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Дата на сканиране: 22.8.2016 г.
    Час на сканиране: 22:57
    Дневник: 
    Администратор: Да

    Версия: 2.2.1.1043
    База от данни за злонамерен софтуер: v2016.08.22.08
    База от данни за рууткити: v2016.08.15.01
    Лиценз: Безплатен
    Защита от злонамерен софтуер: Забранено
    Защита от злонамерени страници: Забранено
    Самозащита: Забранено

    ОС: Windows 8.1
    Процесор: x64
    Файлова система: NTFS
    Потребител: Home

    Тип сканиране: Сканиране за заплахи
    Резултат: Завършено
    Сканиране обекти: 295880
    Изминало време: 12 мин. 20 сек.

    Памет: Разрешено
    Начално стартиране: Разрешено
    Файлова система: Разрешено
    Архиви: Разрешено
    Рууткити: Разрешено
    Евристика: Разрешено
    ПНП: Разрешено
    ПНИ: Разрешено

    Процеси: 0
    (Не бяха открити злонамерени обекти)

    Модули: 0
    (Не бяха открити злонамерени обекти)

    Ключове в системния регистър: 0
    (Не бяха открити злонамерени обекти)

    Стойности в системния регистър: 0
    (Не бяха открити злонамерени обекти)

    Данни в системния регистър: 0
    (Не бяха открити злонамерени обекти)

    Папки: 0
    (Не бяха открити злонамерени обекти)

    Файлове: 0
    (Не бяха открити злонамерени обекти)

    Физически сектори: 0
    (Не бяха открити злонамерени обекти)


    (end)

     

    След като натиснах на  View Report, прилагам следния лог :

    Emsisoft Emergency Kit - Version 11.9
    Last update: 22.8.2016 г. 23:18:04
    User account: USER\Home
    Computer name: USER
    OS version: Windows 8.1x64 

    Scan settings:

    Scan type: Custom Scan
    Objects: Rootkits, Memory, Traces, C:\

    Detect PUPs: On
    Scan archives: On
    ADS Scan: On
    File extension filter: Off
    Advanced caching: On
    Direct disk access: Off

    Scan start:    22.8.2016 г. 23:19:13
    C:\Windows\SECOH-QAD.dll     detected: Riskware.NetTool (A)

    Scanned    258484
    Found    1

    Scan end:    22.8.2016 г. 23:50:11
    Scan time:    0:30:58
     

    И лог от   FRST.txt :

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
    Ran by Home (administrator) on USER (22-08-2016 23:57:49)
    Running from C:\Users\Home\Desktop
    Loaded Profiles: Home (Available Profiles: Home)
    Platform: Windows 8.1 Pro (Update) (X64) Language: Български (България)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (LolBoT.) C:\Users\Home\Desktop\Spam BoT v1.6.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Emsisoft Ltd) C:\EEK\bin64\a2emergencykit.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Farbar) C:\Users\Home\Desktop\FRST64 (1).exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
    HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1156656 2016-08-18] (CyberGhost S.R.L.)
    HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 217.18.241.110 62.221.132.218
    Tcpip\..\Interfaces\{F0633EB8-7F25-4AC3-B3AF-52B66A40127F}: [DhcpNameServer] 217.18.241.110 62.221.132.218

    Internet Explorer:
    ==================
    HKU\S-1-5-21-340910651-1706132204-2474600806-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.bg/
    SearchScopes: HKU\S-1-5-21-340910651-1706132204-2474600806-1001 -> DefaultScope {E6A0ADEC-9673-4D7B-AAF9-A6CD68FBC2DD} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-340910651-1706132204-2474600806-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-340910651-1706132204-2474600806-1001 -> {E6A0ADEC-9673-4D7B-AAF9-A6CD68FBC2DD} URL = hxxp://www.google.com/search?q={searchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\9c9lz5ps.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-11-29] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-11-29] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
    FF Extension: AdBlocker Ultimate - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\9c9lz5ps.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-07-02]

    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.google.bg/
    CHR StartupUrls: Default -> "hxxps://www.google.bg/"
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Презентации) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-11]
    CHR Extension: (Google Документи) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-11]
    CHR Extension: (Google Диск) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-11]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-08]
    CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-11]
    CHR Extension: (Google Търсене) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-11]
    CHR Extension: (Електронни таблици от Google) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-11]
    CHR Extension: (Google Документи офлайн) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (AdBlock) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-28]
    CHR Extension: (goo.gl URL Shortener) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2016-01-11]
    CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
    CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-11]
    CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]

    Opera: 
    =======
    StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [71728 2016-08-18] (CyberGhost S.R.L)
    R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2541192 2016-06-23] (ESET)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164736 2012-11-29] (Intel Corporation)
    S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4192344 2016-03-09] (INCA Internet Co., Ltd.)
    S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2015-05-29] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263336 2016-06-23] (ESET)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET)
    S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15488 2016-06-23] (ESET)
    R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [197288 2016-06-23] (ESET)
    R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [181416 2016-06-23] (ESET)
    R1 epp; C:\EEK\bin64\epp.sys [116944 2016-06-30] (Emsisoft Ltd)
    S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [119712 2016-06-16] (Oracle Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    U4 ekbdflt; \SystemRoot\system32\DRIVERS\ekbdflt.sys [X]
    U4 epfw; \SystemRoot\system32\DRIVERS\epfw.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-22 23:15 - 2016-08-22 23:51 - 00000000 ____D C:\EEK
    2016-08-22 22:53 - 2016-08-22 22:53 - 00000085 _____ C:\Windows\wininit.ini
    2016-08-22 16:23 - 2016-08-22 23:57 - 00013927 _____ C:\Users\Home\Desktop\FRST.txt
    2016-08-22 16:23 - 2016-08-22 16:25 - 00034268 _____ C:\Users\Home\Desktop\Addition.txt
    2016-08-22 16:22 - 2016-08-22 16:22 - 02396672 _____ (Farbar) C:\Users\Home\Desktop\FRST64 (1).exe
    2016-08-19 23:42 - 2016-08-19 23:43 - 00000000 ____D C:\Users\Home\AppData\Local\CyberGhost
    2016-08-19 23:40 - 2016-08-20 05:57 - 00001744 _____ C:\Users\Home\Desktop\CyberGhost 6.lnk
    2016-08-19 23:40 - 2016-08-19 23:42 - 00000000 ____D C:\Program Files\TAP-Windows
    2016-08-19 23:40 - 2016-08-19 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6
    2016-08-19 21:41 - 2013-08-22 16:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160819-214126.backup
    2016-08-19 21:35 - 2016-08-19 21:35 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-08-19 21:33 - 2016-08-22 22:54 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-08-19 21:33 - 2016-08-22 22:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-08-19 21:33 - 2016-08-19 21:33 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
    2016-08-12 23:13 - 2016-08-12 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    2016-08-12 23:13 - 2016-08-12 23:13 - 00000000 ____D C:\ProgramData\ESET
    2016-08-12 22:53 - 2016-08-12 22:53 - 00000000 ____D C:\Users\Home\AppData\Local\ESET
    2016-08-12 19:11 - 2016-08-22 23:57 - 00000000 ____D C:\FRST
    2016-08-12 18:52 - 2016-08-12 19:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
    2016-08-12 18:48 - 2016-08-12 18:48 - 00000000 ____D C:\Users\Home\AppData\Local\PackageAware
    2016-08-12 18:48 - 2016-08-12 18:48 - 00000000 ____D C:\ProgramData\Webroot
    2016-08-10 23:04 - 2016-08-10 23:35 - 00135698 _____ C:\Windows\ntbtlog.txt
    2016-08-10 22:54 - 2016-08-10 23:04 - 00000000 ____D C:\Users\Home\AppData\Local\FSDART
    2016-08-10 22:54 - 2016-08-10 22:56 - 00000000 ____D C:\ProgramData\F-Secure
    2016-08-10 22:54 - 2016-08-10 22:54 - 00000000 ____D C:\Users\Home\AppData\Local\F-Secure
    2016-08-10 22:39 - 2016-08-22 14:39 - 00000518 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e948b6d5-3326-404d-a121-aaf5de858a09.job
    2016-08-10 22:39 - 2016-08-10 22:39 - 00003480 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e948b6d5-3326-404d-a121-aaf5de858a09
    2016-08-10 22:39 - 2016-08-10 22:39 - 00000000 ____D C:\Users\Home\AppData\Roaming\SUPERAntiSpyware.com
    2016-08-10 22:38 - 2016-08-10 22:38 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2016-08-10 13:50 - 2016-08-02 09:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-08-10 13:50 - 2016-08-02 09:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-08-10 13:50 - 2016-08-02 09:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-08-10 13:50 - 2016-08-02 09:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-08-10 13:50 - 2016-08-02 09:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-08-10 13:50 - 2016-08-02 09:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-08-10 13:50 - 2016-08-02 08:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-08-10 13:50 - 2016-08-02 08:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-08-10 13:50 - 2016-08-02 08:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-08-10 13:50 - 2016-08-02 08:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-08-10 13:50 - 2016-08-02 08:46 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2016-08-10 13:50 - 2016-08-02 08:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-08-10 13:50 - 2016-08-02 08:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-08-10 13:50 - 2016-08-02 08:39 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-08-10 13:50 - 2016-08-02 08:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-08-10 13:50 - 2016-08-02 08:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-08-10 13:50 - 2016-08-02 08:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-08-10 13:50 - 2016-08-02 08:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-08-10 13:50 - 2016-08-02 08:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-08-10 13:50 - 2016-08-02 08:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-08-10 13:50 - 2016-08-02 08:20 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-08-10 13:50 - 2016-08-02 08:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-08-10 13:50 - 2016-08-02 08:15 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-08-10 13:50 - 2016-08-02 08:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-08-10 13:50 - 2016-08-02 08:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-08-10 13:50 - 2016-08-02 08:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-08-10 13:50 - 2016-08-02 07:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-08-10 13:50 - 2016-08-02 07:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-08-10 13:50 - 2016-08-02 07:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-08-10 13:50 - 2016-08-02 07:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-08-10 13:50 - 2016-07-08 17:18 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-08-10 13:48 - 2016-07-12 17:08 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
    2016-08-10 13:48 - 2016-07-09 03:09 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-08-10 13:48 - 2016-07-09 03:08 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-08-10 13:48 - 2016-07-08 17:32 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
    2016-08-10 13:48 - 2016-07-08 17:25 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
    2016-08-10 13:48 - 2016-07-08 17:22 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-08-10 13:48 - 2016-07-08 17:19 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
    2016-08-10 13:48 - 2016-07-08 17:17 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
    2016-08-10 13:48 - 2016-07-08 01:33 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-08-10 13:48 - 2016-07-08 00:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-08-10 13:48 - 2016-07-07 23:06 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-08-10 13:48 - 2016-07-06 17:26 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
    2016-08-10 13:48 - 2016-07-06 17:26 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
    2016-08-10 13:48 - 2016-07-06 17:23 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
    2016-08-10 13:48 - 2016-07-06 17:21 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
    2016-07-31 12:03 - 2016-08-04 00:14 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-07-31 12:03 - 2016-08-04 00:14 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-07-31 12:02 - 2016-08-22 23:12 - 00001016 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-07-31 12:02 - 2016-08-22 22:54 - 00001012 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-07-31 12:02 - 2016-07-31 12:07 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-07-28 04:44 - 2016-03-09 13:51 - 04192344 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
    2016-07-28 04:43 - 2016-07-28 04:43 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
    2016-07-28 04:43 - 2004-12-30 15:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
    2016-07-28 04:43 - 2003-07-16 00:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
    2016-07-28 04:36 - 2016-07-28 04:36 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webzen
    2016-07-28 04:21 - 2016-07-28 04:27 - 00000000 ____D C:\ProgramData\WEBZEN

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-08-22 23:52 - 2016-01-11 20:52 - 00000000 ____D C:\Users\Home\Desktop\Архив - ДС
    2016-08-22 23:25 - 2016-01-11 17:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-08-22 23:09 - 2016-01-11 17:43 - 00000000 ____D C:\Users\Home\AppData\Local\ClassicShell
    2016-08-22 22:59 - 2016-01-11 17:24 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-340910651-1706132204-2474600806-1001
    2016-08-22 22:57 - 2016-04-10 01:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-08-22 22:54 - 2016-01-11 17:44 - 00000000 __SHD C:\Users\Home\IntelGraphicsProfiles
    2016-08-22 22:54 - 2016-01-11 17:40 - 00000284 _____ C:\Windows\Tasks\AutoKMS.job
    2016-08-22 22:54 - 2016-01-11 17:18 - 00000000 ____D C:\Users\Home
    2016-08-22 22:54 - 2013-08-22 17:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-08-22 22:50 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\NDF
    2016-08-22 19:46 - 2016-01-11 17:28 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{00D94D0E-AC24-41C8-A8A1-1ECCB56AC88E}
    2016-08-22 17:35 - 2016-01-11 20:55 - 09635840 ___SH C:\Users\Home\Desktop\Thumbs.db
    2016-08-21 05:47 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Inf
    2016-08-21 03:53 - 2016-01-14 22:43 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
    2016-08-21 02:05 - 2016-01-12 19:12 - 00047512 _____ C:\Windows\system32\perfh002.dat
    2016-08-21 02:05 - 2016-01-12 19:12 - 00011800 _____ C:\Windows\system32\perfc002.dat
    2016-08-21 02:05 - 2014-03-18 18:45 - 00907186 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-08-19 23:43 - 2016-07-11 13:25 - 00000000 ____D C:\Program Files\CyberGhost 6
    2016-08-19 17:51 - 2016-01-11 17:27 - 00000000 ____D C:\Users\Home\AppData\Local\Google
    2016-08-18 02:17 - 2016-06-23 20:20 - 00007620 _____ C:\Users\Home\AppData\Local\Resmon.ResmonCfg
    2016-08-18 01:00 - 2016-01-12 18:23 - 00000000 ____D C:\Users\Home\AppData\Local\ElevatedDiagnostics
    2016-08-17 15:33 - 2013-08-22 18:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-08-12 23:58 - 2016-01-12 01:22 - 00000000 ____D C:\Users\Home\AppData\Roaming\vlc
    2016-08-12 23:13 - 2016-01-11 17:41 - 00000000 ____D C:\Program Files\ESET
    2016-08-12 23:07 - 2016-01-11 17:17 - 00000000 ____D C:\Program Files\KMSpico
    2016-08-12 20:25 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\AppReadiness
    2016-08-12 19:45 - 2016-01-11 20:27 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-08-12 19:27 - 2016-04-16 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-08-11 16:48 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\rescache
    2016-08-10 15:55 - 2013-08-22 17:44 - 00483920 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-08-10 15:54 - 2013-08-22 16:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2016-08-10 15:52 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\LiveKernelReports
    2016-08-10 15:50 - 2013-08-22 18:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-08-10 15:44 - 2016-01-11 20:27 - 00000000 ____D C:\Windows\system32\MRT
    2016-08-10 15:37 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
    2016-08-10 13:46 - 2016-06-24 21:45 - 00563024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2016-08-10 13:46 - 2016-06-24 21:45 - 00397232 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2016-08-10 13:46 - 2016-06-24 21:45 - 00340880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2016-08-10 13:46 - 2016-06-24 21:45 - 00178016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-08-07 21:24 - 2016-05-12 16:40 - 00000000 ____D C:\Program Files\CyberGhost 5
    2016-08-07 18:08 - 2016-01-11 17:18 - 00000000 ____D C:\Users\Home\AppData\Local\Packages
    2016-08-05 14:24 - 2013-08-22 18:36 - 00000000 ___HD C:\Windows\ELAMBKUP
    2016-07-31 12:07 - 2016-01-11 17:26 - 00003988 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-07-31 12:02 - 2016-01-11 17:26 - 00000000 ____D C:\Program Files (x86)\Google
    2016-07-31 02:18 - 2014-03-18 18:17 - 00000000 ____D C:\Windows\ShellNew
    2016-07-28 08:07 - 2016-01-11 17:38 - 00000000 ____D C:\Users\Home\AppData\Roaming\uTorrent
    2016-07-28 04:41 - 2016-01-11 17:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-07-27 22:25 - 2016-01-11 19:56 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2016-07-23 07:07 - 2016-01-11 17:45 - 00000000 ____D C:\Users\Home\AppData\Roaming\Skype
    2016-07-23 07:01 - 2016-01-11 17:32 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-07-23 07:01 - 2016-01-11 17:32 - 00000000 ____D C:\ProgramData\Skype

    ==================== Files in the root of some directories =======

    2016-06-23 20:20 - 2016-08-18 02:17 - 0007620 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
    2016-06-27 20:07 - 2016-06-27 20:07 - 0000259 _____ () C:\ProgramData\fontcacheev1.dat

    Files to move or delete:
    ====================
    C:\ProgramData\fontcacheev1.dat


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-08-19 12:12

    ==================== End of FRST.txt ============================


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    • Горещи теми в момента

    • Подобни теми

      • от qqrr
        Здравейте.От няколко дни компютъра ми блокира по време на работа,отблокирването става само ,като включа task manager.Тръгва всичко нормално,но след няколко минути отново забива.С windows 8.1 съм.Mawlarebytes я инсталирам ,но не ми дава да се стартира.Очаквам помощ дали проблема е от вирус или проблем в хардуера.
        Addition.txt
        FRST.txt
      • от ForzaInter1908
        Добър вечер!
         
        Занимавах се с едни несигурни програми за gta и май сам прихванал вирус,постояно се товари се товари и забива на отваряне на папка
        Може ли да проверим регистрите дали има нещо защото имам много важни програми.
        Благодаря!
         
         
         
        f.txt
        HitmanPro_20171016_2331.log
        AdwCleaner[S0].txt
      • от unrealizable
        Здравейте,и двата шифта не работят както трябва.Работят с някои клавиши,но като цъкам тези клавиши и другите се оправят.Въпроса ми е да не би да е вирус,защото теглих autodata и след това мисля,че се получи проблема,а TS360 ми изпищя,че има троянец във торента,разбира се предполагах от краковете.Също и фпс-то на цс-а падна на 70-80 от 160-200.Прикачвам лог от FRST.
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-10-2017
        Ran by bobby (administrator) on BOBY (02-10-2017 13:00:48)
        Running from C:\Users\bobby\Downloads
        Loaded Profiles: bobby (Available Profiles: bobby)
        Platform: Windows 8.1 (Update) (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
        (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
        (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
        (Microsoft Corporation) C:\Windows\System32\wlanext.exe
        (Autodata Limited) C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
        (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
        (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
        (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
        (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
        (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
        (@ByELDI) D:\Downloads\KMSpico_10.2.0\KMSpico\Service_KMS.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
        (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
        (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
        (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
        (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
        (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
        (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
        (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
        (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
        (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
        (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
        (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
        (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
        (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
        (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
        (Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
        (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
        (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Microsoft Corporation) C:\Windows\System32\cmd.exe
        (Qihu 360 Software Co., Ltd.) C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        ==================== Registry (Whitelisted) ===========================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-10-13] (Conexant Systems, Inc.)
        HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
        HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft)
        HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [345000 2017-08-29] (QIHU 360 SOFTWARE CO. LIMITED)
        HKU\S-1-5-21-3041877358-191924833-3829036719-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-17] (Disc Soft Ltd)
        HKU\S-1-5-21-3041877358-191924833-3829036719-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074336 2017-09-27] (Valve Corporation)
        HKU\S-1-5-21-3041877358-191924833-3829036719-1001\...\MountPoints2: {0380623e-8e5a-11e7-8251-28c2dd571342} - "G:\Inst.exe" 
        HKU\S-1-5-21-3041877358-191924833-3829036719-1001\...\MountPoints2: {038063b1-8e5a-11e7-8251-28c2dd571342} - "H:\SETUP.EXE" 
        HKU\S-1-5-21-3041877358-191924833-3829036719-1001\...\MountPoints2: {23735b35-8e79-11e7-8253-28c2dd571342} - "I:\SETUP.EXE" 
        GroupPolicy: Restriction <==== ATTENTION
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
        Tcpip\Parameters: [DhcpNameServer] 192.168.31.1
        Tcpip\..\Interfaces\{9683ECB9-59D8-4E91-BF28-375C96FC72EE}: [DhcpNameServer] 192.168.31.1
        Tcpip\..\Interfaces\{9ADF9BFB-322E-4398-8E1F-99E9E89E7B3E}: [DhcpNameServer] 192.168.31.1
        Internet Explorer:
        ==================
        HKU\S-1-5-21-3041877358-191924833-3829036719-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
        BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
        BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
        BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
        BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2017-08-29] (Qihu 360 Software Co., Ltd.)
        BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
        BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
        BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
        BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
        BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2017-08-29] (Qihu 360 Software Co., Ltd.)
        BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft)
        Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
        Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
        FireFox:
        ========
        FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
        FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
        FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
        FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
        FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-31] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-31] (Google Inc.)
        Chrome: 
        =======
        CHR HomePage: Default -> hxxp://www.google.bg/
        CHR StartupUrls: Default -> "hxxps://www.google.bg/"
        CHR Profile: C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default [2017-10-02]
        CHR Extension: (Easy Auto Refresh) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2017-09-26]
        CHR Extension: (Steam Community SteamRep Integration) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaclmldkenecanphogeaacolljiphmnk [2017-08-31]
        CHR Extension: (Google Презентации) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-31]
        CHR Extension: (Google Документи) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-31]
        CHR Extension: (Google Диск) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-31]
        CHR Extension: (Unlocker for WakeLockDetector) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgeplmmblegmdackkcemjkpngngocgjp [2017-08-31]
        CHR Extension: (YouTube) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-31]
        CHR Extension: (Steam Inventory Helper) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-10-02]
        CHR Extension: (Lounge Assistant) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjonnlehciedbcidabdglnnihcncbml [2017-08-31]
        CHR Extension: (uBlock) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2017-08-31]
        CHR Extension: (Електронни таблици от Google) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-31]
        CHR Extension: (Отдалечен работен плот на Chrome) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-08-31]
        CHR Extension: (LoungeDestroyer) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2017-08-31]
        CHR Extension: (Google Документи офлайн) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-31]
        CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-09-15]
        CHR Extension: (360 Internet Protection) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2017-08-31]
        CHR Extension: (Invite All Friends on Facebook) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2017-09-27]
        CHR Extension: (CS:GO Lounge Bump Bot) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhfkidfnhjcjjamcbdepeohblphlamgk [2017-08-31]
        CHR Extension: (Floating for YouTube™) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjphmlaoffndcnecccgemfdaaoighkel [2017-08-31]
        CHR Extension: (Message/Chat Downloader) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkinapjekllgfipphkgpmombekfclghe [2017-08-31]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-31]
        CHR Extension: (NeoBux AdAlert) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaepeijninfcgjdnighjnlgdkkgpnaen [2017-09-30]
        CHR Extension: (Gmail) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-31]
        CHR Extension: (Chrome Media Router) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-19]
        CHR Extension: (Abstract Blue) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2017-08-31]
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2017-09-28] (Autodata Limited) [File not signed]
        S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291392 2017-08-17] (Disc Soft Ltd)
        S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-09-15] (EasyAntiCheat Ltd)
        S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
        R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
        S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
        R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
        R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-09-19] (NVIDIA Corporation)
        S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-09-19] (NVIDIA Corporation)
        R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-22] (NVIDIA Corporation)
        R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-09-19] (NVIDIA Corporation)
        R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [929888 2017-08-29] (QIHU 360 SOFTWARE CO. LIMITED)
        R2 Service KMSELDI; D:\Downloads\KMSpico_10.2.0\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed]
        R3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-17] (TeamViewer GmbH)
        S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
        S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [175040 2017-08-29] (360.cn)
        R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2017-08-29] (360.cn)
        R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2017-08-29] (360.cn)
        R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2017-08-29] (360.cn)
        R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [49088 2017-08-29] (360.cn)
        R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [423360 2017-08-29] (360.cn)
        R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-12-31] (ASUS Corporation)
        R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [190400 2017-08-29] (360.cn)
        R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-08-31] (Disc Soft Ltd)
        R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-08-31] (Disc Soft Ltd)
        R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79528 2014-10-16] (Intel Corporation)
        R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
        S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-09-19] (NVIDIA Corporation)
        R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-08-22] (NVIDIA Corporation)
        R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57976 2017-08-22] (NVIDIA Corporation)
        R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation)
        R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2014-10-07] (Realtek Semiconductor Corporation )
        S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
        S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
        S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-10-02 13:00 - 2017-10-02 13:01 - 000019333 _____ C:\Users\bobby\Downloads\FRST.txt
        2017-10-02 13:00 - 2017-10-02 13:00 - 000000000 ____D C:\FRST
        2017-10-02 12:59 - 2017-10-02 12:59 - 002399744 _____ (Farbar) C:\Users\bobby\Downloads\FRST64.exe
        2017-09-30 13:11 - 2017-09-30 13:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
        2017-09-30 11:40 - 2017-09-30 11:40 - 001790024 _____ (Malwarebytes) C:\Users\bobby\Downloads\Непотвърдено 889483.crdownload
        2017-09-30 11:39 - 2017-09-30 11:41 - 000000000 ____D C:\AdwCleaner
        2017-09-30 11:39 - 2017-09-30 11:39 - 008250832 _____ (Malwarebytes) C:\Users\bobby\Downloads\adwcleaner_7.0.3.1.exe
        2017-09-30 11:26 - 2017-09-30 11:26 - 000000000 ____D C:\ProgramData\Malwarebytes
        2017-09-30 11:25 - 2017-09-30 11:25 - 000000000 ____D C:\Windows\system32\Drivers\etc\BACKUP
        2017-09-30 11:25 - 2017-09-30 11:25 - 000000000 ____D C:\ProgramData\MB2Migration
        2017-09-30 11:24 - 2017-09-30 11:24 - 000011576 _____ C:\Users\bobby\Downloads\Malwarebytes Anti-Malware Premium v3.2.2.2029 RePack.torrent
        2017-09-28 18:00 - 2017-09-28 18:00 - 000000600 _____ C:\Users\Public\Desktop\Autodata CDA-3.lnk
        2017-09-28 18:00 - 2017-09-28 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodata
        2017-09-28 17:59 - 2017-09-28 18:00 - 000000000 ____D C:\ADCDA2
        2017-09-28 17:59 - 2017-09-28 17:59 - 000000000 ____D C:\ADCDTEMP
        2017-09-28 15:04 - 2017-09-28 18:00 - 000000000 ____D C:\Users\bobby\Documents\Autodata
        2017-09-28 15:04 - 2017-09-28 15:04 - 000003022 _____ C:\Windows\System32\Tasks\{F057C150-4601-40D5-93CB-FB66F88AA4FC}
        2017-09-28 14:59 - 2017-09-28 14:59 - 000018978 _____ C:\Users\bobby\Downloads\Autodata_3.18.iso.torrent
        2017-09-28 14:54 - 2017-09-28 14:54 - 000014138 _____ C:\Users\bobby\Downloads\AD3.38EN.torrent
        2017-09-27 20:01 - 2017-09-27 20:01 - 000017910 _____ C:\Users\bobby\Downloads\AutoData CDA 3.45.torrent
        2017-09-23 21:06 - 2017-09-23 21:06 - 082471739 _____ C:\Users\bobby\Downloads\facebook-bobito981.zip
        2017-09-18 17:58 - 2017-09-18 17:58 - 000001402 _____ C:\Users\bobby\Desktop\aida64 - Shortcut.lnk
        2017-09-18 17:57 - 2017-09-18 17:57 - 000000000 ____D C:\Program Files (x86)\AIDA64
        2017-09-18 17:12 - 2017-09-18 17:12 - 000007908 _____ C:\Users\bobby\Downloads\AIDA64-5.75.3900.torrent
        2017-09-15 22:08 - 2017-09-15 22:08 - 000000000 ____D C:\Users\bobby\AppData\Roaming\EasyAntiCheat
        2017-09-15 22:06 - 2017-09-15 22:07 - 000000000 ____D C:\Users\bobby\AppData\Local\HirezLauncherUI
        2017-09-15 22:05 - 2017-10-02 12:28 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
        2017-09-15 22:05 - 2017-09-30 13:11 - 000000000 ____D C:\ProgramData\Hi-Rez Studios
        2017-09-15 21:33 - 2017-09-15 21:33 - 000000222 _____ C:\Users\bobby\Desktop\Paladins.url
        2017-09-15 19:28 - 2017-09-15 19:28 - 000000222 _____ C:\Users\bobby\Desktop\PlanetSide 2.url
        2017-09-14 22:08 - 2017-09-14 22:08 - 000000000 ____D C:\Users\bobby\AppData\Roaming\Shooter
        2017-09-14 22:06 - 2017-09-15 22:08 - 000000000 ____D C:\Users\bobby\Documents\My Games
        2017-09-14 21:59 - 2017-09-15 21:33 - 000382504 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
        2017-09-14 20:32 - 2017-09-14 20:32 - 000000222 _____ C:\Users\bobby\Desktop\Dirty Bomb.url
        2017-09-13 11:06 - 2017-08-19 20:27 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
        2017-09-13 11:06 - 2017-08-19 19:48 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
        2017-09-13 11:06 - 2017-08-18 01:07 - 000537200 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
        2017-09-13 11:06 - 2017-08-18 01:07 - 000140016 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
        2017-09-13 11:06 - 2017-08-18 01:03 - 000450392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
        2017-09-13 11:06 - 2017-08-18 01:03 - 000136832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
        2017-09-13 11:06 - 2017-08-15 17:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
        2017-09-13 11:06 - 2017-08-15 17:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
        2017-09-13 11:06 - 2017-08-15 17:01 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
        2017-09-13 11:06 - 2017-08-15 17:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
        2017-09-13 11:06 - 2017-08-15 16:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
        2017-09-13 11:06 - 2017-08-13 21:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
        2017-09-13 11:06 - 2017-08-13 20:19 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
        2017-09-13 11:06 - 2017-08-13 20:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
        2017-09-13 11:06 - 2017-08-13 20:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
        2017-09-13 11:06 - 2017-08-13 19:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
        2017-09-13 11:06 - 2017-08-13 19:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
        2017-09-13 11:06 - 2017-08-13 19:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
        2017-09-13 11:06 - 2017-08-13 19:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
        2017-09-13 11:06 - 2017-08-13 19:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
        2017-09-13 11:06 - 2017-08-13 19:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
        2017-09-13 11:06 - 2017-08-13 19:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
        2017-09-13 11:06 - 2017-08-13 19:21 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
        2017-09-13 11:06 - 2017-08-13 19:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
        2017-09-13 11:06 - 2017-08-13 19:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
        2017-09-13 11:06 - 2017-08-13 19:15 - 007078912 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
        2017-09-13 11:06 - 2017-08-13 19:14 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
        2017-09-13 11:06 - 2017-08-13 19:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
        2017-09-13 11:06 - 2017-08-13 19:05 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
        2017-09-13 11:06 - 2017-08-13 19:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
        2017-09-13 11:06 - 2017-08-13 19:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
        2017-09-13 11:06 - 2017-08-13 19:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
        2017-09-13 11:06 - 2017-08-13 18:52 - 005274624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
        2017-09-13 11:06 - 2017-08-13 18:52 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
        2017-09-13 11:06 - 2017-08-13 18:51 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
        2017-09-13 11:06 - 2017-08-13 18:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
        2017-09-13 11:06 - 2017-08-13 18:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
        2017-09-13 11:06 - 2017-08-13 18:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
        2017-09-13 11:06 - 2017-08-13 18:44 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
        2017-09-13 11:06 - 2017-08-13 18:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
        2017-09-13 11:06 - 2017-08-13 18:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
        2017-09-13 11:06 - 2017-08-13 18:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
        2017-09-13 11:06 - 2017-08-13 18:25 - 007797248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
        2017-09-13 11:06 - 2017-08-13 18:18 - 005270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
        2017-09-13 11:06 - 2017-08-13 18:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
        2017-09-13 11:06 - 2017-08-13 18:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
        2017-09-13 11:06 - 2017-08-13 18:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
        2017-09-13 11:06 - 2017-08-13 18:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
        2017-09-13 11:06 - 2017-08-12 12:30 - 022361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
        2017-09-13 11:06 - 2017-08-12 12:26 - 019789736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
        2017-09-13 11:06 - 2017-08-12 03:39 - 001364552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
        2017-09-13 11:06 - 2017-08-12 02:59 - 007440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
        2017-09-13 11:06 - 2017-08-12 02:58 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
        2017-09-13 11:06 - 2017-08-12 02:58 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
        2017-09-13 11:06 - 2017-08-11 23:46 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
        2017-09-13 11:06 - 2017-08-11 23:29 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
        2017-09-13 11:06 - 2017-08-11 23:13 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
        2017-09-13 11:06 - 2017-08-11 06:30 - 004170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
        2017-09-13 11:06 - 2017-08-11 06:27 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
        2017-09-13 11:06 - 2017-08-11 06:27 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
        2017-09-13 11:06 - 2017-08-11 05:38 - 000477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
        2017-09-13 11:06 - 2017-08-11 05:08 - 001753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
        2017-09-13 11:06 - 2017-08-11 05:08 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
        2017-09-13 11:06 - 2017-08-11 05:02 - 001084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
        2017-09-13 11:06 - 2017-08-11 04:52 - 001491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
        2017-09-13 11:06 - 2017-08-11 04:49 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
        2017-09-13 11:06 - 2017-08-11 04:44 - 001095680 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
        2017-09-13 11:06 - 2017-08-11 04:43 - 000865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
        2017-09-13 11:06 - 2017-08-11 04:41 - 000307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
        2017-09-13 11:06 - 2017-08-07 00:20 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
        2017-09-13 11:06 - 2017-08-06 10:13 - 000530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
        2017-09-13 11:06 - 2017-07-22 21:34 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll
        2017-09-13 11:06 - 2017-07-22 20:32 - 000027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll
        2017-09-13 11:06 - 2017-07-17 22:53 - 004298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
        2017-09-13 11:06 - 2017-07-17 02:55 - 003551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
        2017-09-13 11:06 - 2017-07-14 02:03 - 002013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
        2017-09-13 11:06 - 2017-07-12 23:29 - 000420440 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll
        2017-09-13 11:06 - 2017-07-12 23:29 - 000075440 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
        2017-09-13 11:06 - 2017-07-12 23:25 - 000308872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtapi.dll
        2017-09-13 11:06 - 2017-07-12 23:25 - 000066112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
        2017-09-13 11:06 - 2017-07-08 22:03 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
        2017-09-13 11:06 - 2017-07-08 21:43 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
        2017-09-13 11:06 - 2017-07-08 21:30 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
        2017-09-13 11:06 - 2017-07-08 21:20 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
        2017-09-13 11:06 - 2017-07-08 20:25 - 001436160 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
        2017-09-13 11:06 - 2017-07-08 20:00 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
        2017-09-13 11:06 - 2017-07-08 06:14 - 000100184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
        2017-09-11 11:53 - 2017-09-11 11:53 - 000066783 _____ C:\Users\bobby\Downloads\CV - Български.pdf
        2017-09-08 16:21 - 2017-09-08 16:21 - 001130328 _____ (Google Inc.) C:\Users\bobby\Downloads\ChromeSetup.exe
        2017-09-08 12:11 - 2017-10-02 12:47 - 000000258 __RSH C:\ProgramData\ntuser.pol
        2017-09-06 11:27 - 2017-09-06 11:27 - 000000000 ____D C:\Users\bobby\AppData\Roaming\vlc
        2017-09-06 09:46 - 2017-09-06 09:46 - 000000000 ____D C:\Users\bobby\AppData\Roaming\dvdcss
        2017-09-04 13:20 - 2017-09-04 13:23 - 000000000 ____D C:\Users\bobby\Documents\ETS2MP
        2017-09-04 13:15 - 2017-09-04 13:17 - 000000000 ____D C:\ProgramData\TruckersMP
        2017-09-04 13:15 - 2017-09-04 13:15 - 000000901 _____ C:\Users\Public\Desktop\TruckersMP.lnk
        2017-09-04 13:15 - 2017-09-04 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TruckersMP Launcher
        2017-09-04 13:15 - 2017-09-04 13:15 - 000000000 ____D C:\Program Files\TruckersMP Launcher
        2017-09-04 13:14 - 2017-09-04 13:14 - 000667351 _____ C:\Users\bobby\Downloads\launcher_1004.zip
        2017-09-04 13:10 - 2017-09-04 23:19 - 000000000 ____D C:\Users\bobby\Documents\Euro Truck Simulator 2
        2017-09-03 19:02 - 2017-09-03 19:02 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-10-02 13:01 - 2017-08-31 21:18 - 000000000 ____D C:\Users\bobby\AppData\LocalLow\360WD
        2017-10-02 12:55 - 2017-09-01 19:51 - 000000000 ____D C:\Users\bobby\AppData\Roaming\TeamViewer
        2017-10-02 12:55 - 2017-09-01 04:04 - 000000000 ____D C:\Windows\Panther
        2017-10-02 12:55 - 2017-08-31 18:17 - 000000000 ____D C:\Users\bobby\AppData\Local\CrashDumps
        2017-10-02 12:55 - 2017-08-31 18:10 - 000000000 ____D C:\ProgramData\ClassicShell
        2017-10-02 12:55 - 2017-08-31 18:05 - 000000000 ____D C:\Program Files (x86)\Steam
        2017-10-02 12:55 - 2017-08-31 17:51 - 000000000 ____D C:\Users\bobby\AppData\Roaming\uTorrent
        2017-10-02 12:55 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Inf
        2017-10-02 12:54 - 2017-08-31 23:46 - 000000000 ____D C:\ProgramData\360Quarant
        2017-10-02 12:54 - 2017-08-31 18:18 - 000000000 ____D C:\Users\bobby\AppData\Local\ClassicShell
        2017-10-02 12:46 - 2017-08-31 17:18 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
        2017-10-02 12:46 - 2017-08-31 17:18 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
        2017-10-02 12:34 - 2017-08-31 17:20 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3041877358-191924833-3829036719-1001
        2017-10-02 12:32 - 2017-08-31 17:30 - 000000000 ____D C:\ProgramData\NVIDIA
        2017-10-02 12:32 - 2017-08-31 17:18 - 000003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C64354CA-BA3D-40EC-B714-8157E7D25B88}
        2017-10-02 12:28 - 2013-08-22 17:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-10-02 01:14 - 2017-08-31 17:49 - 000000000 ____D C:\Users\bobby\AppData\Roaming\AIMP
        2017-10-01 23:35 - 2014-11-21 11:44 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-10-01 12:32 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\AppReadiness
        2017-09-30 14:05 - 2017-08-31 21:18 - 000000000 ____D C:\Users\bobby\AppData\Roaming\360safe
        2017-09-30 13:11 - 2017-08-31 17:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
        2017-09-30 11:24 - 2017-08-31 21:23 - 000000000 ____D C:\Users\bobby\AppData\LocalLow\uTorrent
        2017-09-29 22:56 - 2017-08-31 23:48 - 000000000 __SHD C:\$360Section
        2017-09-29 22:56 - 2017-08-31 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
        2017-09-28 23:56 - 2017-08-31 17:14 - 000000000 ____D C:\Users\bobby
        2017-09-28 18:00 - 2013-08-22 16:25 - 000000240 _____ C:\Windows\win.ini
        2017-09-28 15:04 - 2017-08-31 17:14 - 000000000 ____D C:\Users\bobby\AppData\Local\VirtualStore
        2017-09-25 22:16 - 2017-08-31 17:24 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
        2017-09-23 14:41 - 2013-08-22 18:36 - 000000000 ___HD C:\Program Files\WindowsApps
        2017-09-22 12:52 - 2017-08-31 17:19 - 000002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2017-09-22 00:01 - 2017-08-31 17:31 - 000003740 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
        2017-09-22 00:01 - 2017-08-31 17:31 - 000003732 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
        2017-09-22 00:01 - 2017-08-31 17:31 - 000003556 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
        2017-09-21 22:18 - 2017-08-31 17:40 - 000000000 ____D C:\Users\bobby\AppData\Local\NVIDIA Corporation
        2017-09-21 22:18 - 2017-08-31 17:31 - 000003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
        2017-09-21 22:18 - 2017-08-31 17:31 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
        2017-09-21 22:18 - 2017-08-31 17:31 - 000001428 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
        2017-09-21 22:18 - 2017-08-31 17:23 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
        2017-09-21 22:17 - 2017-08-31 17:31 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
        2017-09-21 22:17 - 2017-08-31 17:31 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
        2017-09-21 22:17 - 2017-08-31 17:31 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
        2017-09-21 22:17 - 2017-08-31 17:23 - 000000000 ____D C:\Program Files\NVIDIA Corporation
        2017-09-19 10:23 - 2017-08-31 17:31 - 001923008 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
        2017-09-19 10:23 - 2017-08-31 17:31 - 001755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
        2017-09-19 10:23 - 2017-08-31 17:31 - 001505728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
        2017-09-19 10:23 - 2017-08-31 17:31 - 001317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
        2017-09-19 10:23 - 2017-08-31 17:31 - 000179136 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
        2017-09-19 10:23 - 2017-08-31 17:31 - 000146368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
        2017-09-19 10:23 - 2017-08-31 17:31 - 000121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll
        2017-09-19 00:29 - 2017-08-31 17:31 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
        2017-09-18 17:02 - 2017-08-31 21:18 - 000000000 _RSHD C:\360SANDBOX
        2017-09-16 14:29 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\rescache
        2017-09-15 22:06 - 2017-08-31 17:29 - 000000000 ____D C:\ProgramData\Package Cache
        2017-09-15 21:33 - 2017-08-31 20:17 - 000000000 ____D C:\Users\bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
        2017-09-15 00:22 - 2013-08-22 16:25 - 000262144 ___SH C:\Windows\system32\config\BBI
        2017-09-15 00:20 - 2013-08-22 18:36 - 000000000 ___RD C:\Windows\ToastData
        2017-09-13 13:27 - 2017-08-31 19:06 - 000000000 ____D C:\Windows\system32\MRT
        2017-09-13 13:25 - 2017-08-31 19:06 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
        2017-09-13 13:25 - 2013-08-22 18:20 - 000000000 ____D C:\Windows\CbsTemp
        2017-09-10 17:28 - 2017-08-31 18:14 - 000000000 ____D C:\Users\bobby\AppData\Local\Steam
        2017-09-08 12:11 - 2013-08-22 18:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy
        2017-09-08 12:11 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
        2017-09-04 11:03 - 2017-08-31 17:38 - 000000000 __SHD C:\Users\bobby\IntelGraphicsProfiles
        2017-09-03 19:09 - 2013-08-22 18:36 - 000000000 ____D C:\Program Files\Common Files\System
        2017-09-02 02:54 - 2017-08-31 20:27 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
        2017-09-02 02:54 - 2017-08-31 20:27 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-09-30 12:38
        ==================== End of FRST.txt ============================
         
         
        Addition_02-10-2017 13.01.49.txt
      • от D101149
        Здравейте! Нещо имам проблем с игрите, но проблемът не се дължи на хардуера. След преинсталация се оправя, но не мога през месец да го преинсталирам просто не ми се занимава Съмнява ме нещо вирус или някакви временни файлове. Много пъти съм се доверявал на вашата помощ. Благодаря
        Addition.txt
        FRST.txt
      • от ivan_pop
        Здравейте!
        Имах вируси на USB флашки и на един лаптоп.Там проблемите мисля че ги реших.За това бях писал в една друга тема.
        Имам една стара машина декстоп,която ползвам всеки ден.Тази машина работи нормално според мен.Проблема е,че като включа флашка на този декстоп,на флашката се качва някакъв вирус.Флашката проверявам на един лаптоп с MCShield в параноиден режим.Качих на заразения декстоп MCShield,тази програма не намира проблеми там.
        Сканирах декстопа с Farbar Recovery Scan Tool.Накрая на сканирането тулчето изписа някаква грешка.
        Прилагам двата файла от сканирането.Ако може да окажете помощ ще съм благодарен!
        Благодаря за вниманието!
        FRST.txt
        Addition.txt
    • Разглеждащи в момента   0 потребители

      Няма регистрирани потребители разглеждащи тази страница.

    • Дарение

    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.