Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Препоръчан отговор


Здравейте!От известно време системата ми започна сериозно да се забавя и това се забелязва най-вече в случаите когато не ползвам компютъра доста време през деня.Сканирах с AdwCleaner,който откри някои неща.След почистването пак го стартирах и уж всичко беше чисто,докато не стартирах Google Chrome и пак AdwCleaner и пак почистване.Просто нещата не искат да се махнат.Нулирах настойките на Chrome,но пак същата история.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-03-2017
Ran by Mat (administrator) on ZDRAVE (13-03-2017 18:08:02)
Running from C:\Users\Mat\Desktop
Loaded Profiles: Mat (Available Profiles: Mat)
Platform: Windows 8.1 Connected (Update) (X64) Language: Английски (Съединени щати)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Maxthon\bin\Maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Intel® Corporation) C:\Program Files\Intel\CAM\bin\CAMService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
() C:\Windows\System32\igfxTray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BitTorrent Inc.) C:\Users\Mat\AppData\Roaming\uTorrent\uTorrent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
(BitTorrent Inc.) C:\Users\Mat\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(BitTorrent Inc.) C:\Users\Mat\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-02-27] (Realtek semiconductor)
HKLM\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [384232 2012-07-13] (BillP Studios)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140640 2009-11-03] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-02] (AVAST Software)
HKLM-x32\...\Run: [PowerDVD13Agent] => C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [513048 2013-05-03] (CyberLink Corp.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe [1286392 2009-11-03] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe [885000 2009-11-03] (Acronis)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-651715680-3413174133-539334514-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-651715680-3413174133-539334514-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-651715680-3413174133-539334514-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-06] (Ruiware)
HKU\S-1-5-21-651715680-3413174133-539334514-1001\...\Run: [uTorrent] => C:\Users\Mat\AppData\Roaming\uTorrent\uTorrent.exe [2400960 2017-02-11] (BitTorrent Inc.)
Lsa: [Authentication Packages] msv1_0 relog_ap
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-02] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-02] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 212.39.90.42 8.8.8.8
Tcpip\..\Interfaces\{1A12D0E6-4762-47F6-A801-BE161ABACF99}: [DhcpNameServer] 150.209.1.3
Tcpip\..\Interfaces\{6E8CF172-AF6F-4E98-9153-00479EF19E28}: [DhcpNameServer] 212.39.90.42 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\S-1-5-21-651715680-3413174133-539334514-1001 -> {F3D9EAD1-C76C-4677-92DC-54DF1CCFCD49} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-27] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-02] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-27] (Oracle Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-02] (AVAST Software)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: lzm9qrfd.default
FF ProfilePath: C:\Users\Mat\AppData\Roaming\Mozilla\Firefox\Profiles\lzm9qrfd.default [2017-03-13]
FF Homepage: Mozilla\Firefox\Profiles\lzm9qrfd.default -> hxxp://www.google.bg/
FF Extension: (Avast Passwords) - C:\Users\Mat\AppData\Roaming\Mozilla\Firefox\Profiles\lzm9qrfd.default\Extensions\[email protected] [2017-02-23]
FF Extension: (Adblock Plus) - C:\Users\Mat\AppData\Roaming\Mozilla\Firefox\Profiles\lzm9qrfd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-09]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-03-02]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-03-02]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\pam\FF
FF Extension: (Avast Passwords) - C:\Program Files\AVAST Software\Avast\pam\FF [2017-03-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\pam\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-27] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.omniboxes.com/?type=hp&ts=1435739360&z=2b2a0b8bd20ceb587af5c4fgfz4cbwdm4cct8cbwew&from=tti&uid=WDCXWD10JPCX-24UE4T0_WD-WXK1E8417USX17USX
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.bg/","hxxp://www.omniboxes.com/?type=hp&ts=1435739360&z=2b2a0b8bd20ceb587af5c4fgfz4cbwdm4cct8cbwew&from=tti&uid=WDCXWD10JPCX-24UE4T0_WD-WXK1E8417USX17USX"
CHR Profile: C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default [2017-03-13]
CHR Extension: (Google Презентации) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-12]
CHR Extension: (Google Документи) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-12]
CHR Extension: (Google Диск) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-12]
CHR Extension: (Adblock Plus) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-11]
CHR Extension: (Google Търсене) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (АБВ Уведомител) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje [2017-01-22]
CHR Extension: (Avast SafePrice) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-25]
CHR Extension: (Електронни таблици от Google) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-12]
CHR Extension: (Google Документи офлайн) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-26]
CHR Extension: (Avast Online Security) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-05]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-12]
CHR Extension: (Chrome Media Router) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-02] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-02] (AVAST Software)
R2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-09-03] (Intel® Corporation)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-05-03] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-05-03] (CyberLink)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121304 2014-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-12-12] (Lenovo(beijing) Limited)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872808 2015-11-27] (Maxthon)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-02] (AVAST Software s.r.o.)
R0 aswbidsh; C:\windows\system32\drivers\aswbidsha.sys [189768 2017-03-02] (AVAST Software s.r.o.)
R0 aswblog; C:\windows\system32\drivers\aswbloga.sys [334600 2017-03-02] (AVAST Software s.r.o.)
R0 aswbuniv; C:\windows\system32\drivers\aswbuniva.sys [48528 2017-03-02] (AVAST Software s.r.o.)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [38296 2017-03-02] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [32088 2017-03-02] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [126600 2017-03-02] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [100640 2017-03-02] (AVAST Software)
R0 aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [75704 2017-03-02] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [993608 2017-03-02] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [548928 2017-03-10] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [162528 2017-03-02] (AVAST Software)
R0 aswVmm; C:\windows\system32\drivers\aswVmm.sys [337592 2017-03-02] (AVAST Software)
R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1424184 2014-06-17] (Motorola Solutions, Inc.)
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [220104 2014-08-07] (Intel Corporation)
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3497240 2015-03-23] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 RtNdPt630; C:\windows\system32\DRIVERS\RtNdPt630.sys [28888 2013-09-26] (Realtek Semiconductor Corp.)
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [9109720 2014-02-27] (Realtek Semiconductor Corp.)
S3 RTTEAMPT; C:\windows\system32\DRIVERS\RtTeam620.sys [59608 2014-09-02] (Realtek Corporation)
R0 snapman380; C:\windows\System32\DRIVERS\snman380.sys [237600 2017-01-01] (Acronis)
S3 ssudserd; C:\windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-05-03] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-13 18:08 - 2017-03-13 18:09 - 00024198 _____ C:\Users\Mat\Desktop\FRST.txt
2017-03-13 18:07 - 2017-03-13 18:08 - 00000000 ____D C:\FRST
2017-03-13 18:06 - 2017-03-13 18:06 - 02424832 _____ (Farbar) C:\Users\Mat\Desktop\FRST64.exe
2017-03-12 13:48 - 2017-03-12 13:48 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-12 12:35 - 2017-03-13 18:04 - 00000000 ____D C:\AdwCleaner
2017-03-12 12:33 - 2017-03-12 12:33 - 04031440 _____ C:\Users\Mat\Downloads\AdwCleaner v.n.exe
2017-03-11 07:59 - 2017-03-11 07:59 - 00003888 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1466312439
2017-03-11 07:58 - 2017-03-11 07:58 - 00001030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-03-03 11:16 - 2017-03-08 20:42 - 00000000 ____D C:\The Voice USA-12 сезон-Други релийзи
2017-03-02 12:43 - 2017-03-02 12:43 - 00001909 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-03-02 12:43 - 2017-03-02 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-03-02 12:40 - 2017-03-02 12:40 - 00398408 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2017-03-01 10:46 - 2017-03-01 10:47 - 00000000 ____D C:\The Voice USA-12 сезон
2017-02-28 07:27 - 2017-03-13 17:40 - 00000000 ____D C:\Users\Mat\AppData\LocalLow\uTorrent
2017-02-23 11:16 - 2017-02-23 11:18 - 00000000 ____D C:\The Voice US S09
2017-02-23 06:46 - 2017-02-06 21:41 - 00835576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-02-23 06:46 - 2017-02-06 21:41 - 00177656 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-17 21:26 - 2017-02-26 00:43 - 00000000 ____D C:\Users\Mat\Desktop\11.Али Колдуел и Били Гилман
2017-02-17 21:22 - 2017-02-26 00:44 - 00000000 ____D C:\Users\Mat\Desktop\Шалия Феъринг
2017-02-17 21:17 - 2017-02-17 21:17 - 00993632 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2017-02-17 21:17 - 2017-02-17 21:17 - 00987848 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2017-02-17 21:17 - 2017-02-17 21:17 - 00690016 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2017-02-17 21:17 - 2017-02-17 21:17 - 00484552 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2017-02-17 21:17 - 2017-02-17 21:17 - 00030912 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2017-02-17 21:17 - 2017-02-17 21:17 - 00029376 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2017-02-17 21:17 - 2017-02-17 21:17 - 00018600 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll
2017-02-17 21:17 - 2017-02-17 21:17 - 00018592 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll
2017-02-17 21:15 - 2017-02-26 00:43 - 00000000 ____D C:\Users\Mat\Desktop\Касиди Поуп
2017-02-17 21:11 - 2017-02-28 22:36 - 00000000 ____D C:\Users\Mat\Desktop\9.Гласът на Америка 2015-Сезон 9
2017-02-17 21:07 - 2017-02-17 21:12 - 00000000 ____D C:\Users\Mat\Desktop\10.Гласът на Америка 2016-Сезон 10
2017-02-17 21:03 - 2017-02-17 21:03 - 01429344 _____ (Microsoft Corporation) C:\Users\Mat\Downloads\NDP462-KB3151802-Web.exe
2017-02-17 20:56 - 2017-02-17 20:57 - 00000000 ____D C:\КОМЕДИЯ,РОМАНТИЧЕН
2017-02-17 20:42 - 2017-02-17 20:42 - 25824792 _____ C:\Users\Mat\Downloads\WindowsServer2003-KB942288-v4-ia64.exe
2017-02-16 17:29 - 2017-02-16 17:31 - 00000000 ____D C:\Бягство от затвора-сезон 1
2017-02-15 21:16 - 2017-02-15 21:20 - 00000000 ____D C:\American Idol S11,5
2017-02-15 21:12 - 2017-02-15 21:14 - 00000000 ____D C:\American Idol S11
2017-02-11 13:51 - 2017-03-03 19:34 - 00082944 ___SH C:\Users\Mat\Downloads\Thumbs.db
2017-02-11 07:21 - 2017-02-11 07:21 - 00002685 _____ C:\Users\Mat\Desktop\µTorrent.lnk
2017-02-11 07:20 - 2017-03-13 18:10 - 00000000 ____D C:\Users\Mat\AppData\Roaming\uTorrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-13 17:52 - 2015-03-22 11:52 - 00000000 ____D C:\Users\Mat\AppData\Roaming\Skype
2017-03-13 17:45 - 2015-05-14 10:20 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-651715680-3413174133-539334514-1001
2017-03-13 17:42 - 2016-06-19 07:36 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-03-13 17:41 - 2015-03-18 11:14 - 00000000 ___DO C:\Users\Mat\OneDrive
2017-03-13 17:40 - 2015-03-18 11:11 - 00000000 __SHD C:\Users\Mat\IntelGraphicsProfiles
2017-03-13 17:39 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-03-13 17:37 - 2015-07-05 19:29 - 00000000 ____D C:\Users\Mat\AppData\Local\CrashDumps
2017-03-13 15:59 - 2016-12-10 19:55 - 00000000 ____D C:\Users\Mat\AppData\LocalLow\Mozilla
2017-03-13 14:38 - 2015-03-18 12:08 - 00003950 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{8746BB1A-F223-4A4A-A0A4-03E022F93E77}
2017-03-12 22:59 - 2015-05-15 07:23 - 00000000 ____D C:\Users\Mat\AppData\Local\ClassicShell
2017-03-12 13:57 - 2016-06-01 10:28 - 06858912 _____ (ESET spol. s r.o.) C:\Users\Mat\Downloads\ESETOnlineScanner_ENU.exe
2017-03-12 13:08 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2017-03-12 12:54 - 2013-08-22 15:25 - 00524288 ___SH C:\windows\system32\config\BBI
2017-03-12 12:51 - 2014-03-18 11:53 - 00866884 _____ C:\windows\system32\PerfStringBackup.INI
2017-03-12 12:35 - 2015-04-03 18:59 - 00000000 ____D C:\Users\Mat\AppData\LocalLow\Adblock Plus for IE
2017-03-11 11:55 - 2015-08-02 13:11 - 00000000 ____D C:\Users\Mat\AppData\Roaming\Nitro PDF
2017-03-10 12:42 - 2015-05-18 10:07 - 00548928 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2017-03-10 11:48 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2017-03-10 11:42 - 2017-01-14 19:35 - 00133632 ___SH C:\Users\Mat\Desktop\Thumbs.db
2017-03-07 07:42 - 2015-05-10 10:47 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-02 12:42 - 2017-02-08 14:14 - 00003914 _____ C:\windows\System32\Tasks\Avast Emergency Update
2017-03-02 12:40 - 2015-05-18 10:07 - 00337592 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2017-03-02 12:40 - 2015-05-18 10:07 - 00162528 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2017-03-02 12:40 - 2015-05-18 10:07 - 00126600 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2017-03-02 12:40 - 2015-05-18 10:07 - 00100640 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2017-03-02 12:40 - 2015-05-18 10:07 - 00075704 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2017-03-02 12:40 - 2015-05-18 10:07 - 00038296 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2017-03-02 12:39 - 2016-06-17 08:53 - 00032088 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2017-03-02 12:39 - 2015-05-18 10:07 - 00993608 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2017-03-02 12:37 - 2017-02-08 14:14 - 00334600 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbloga.sys
2017-03-02 12:37 - 2017-02-08 14:14 - 00309272 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsdrivera.sys
2017-03-02 12:37 - 2017-02-08 14:14 - 00189768 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsha.sys
2017-03-02 12:37 - 2017-02-08 14:14 - 00048528 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbuniva.sys
2017-02-28 22:55 - 2016-09-10 05:47 - 00000000 ____D C:\ProgramData\clone.AD
2017-02-26 17:50 - 2016-09-22 15:32 - 00000000 ____D C:\p2pbg.com
2017-02-26 14:34 - 2014-12-12 12:54 - 00000000 ____D C:\ProgramData\Temp
2017-02-26 13:32 - 2013-08-22 17:36 - 00000000 ____D C:\windows\rescache
2017-02-26 00:33 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\NDF
2017-02-24 07:46 - 2015-03-20 22:09 - 00000000 ____D C:\windows\system32\MRT
2017-02-24 07:46 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2017-02-24 07:42 - 2015-03-20 22:08 - 138020592 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-02-17 21:16 - 2016-04-24 15:22 - 00000000 ____D C:\Users\Mat\Desktop\Клипове-The Voice S09
2017-02-17 20:58 - 2015-08-22 09:55 - 00000000 ____D C:\1,35-3
2017-02-17 16:22 - 2015-03-22 11:52 - 00000000 ____D C:\ProgramData\Skype
2017-02-16 21:57 - 2015-08-22 16:28 - 00000000 ____D C:\Users\Mat\AppData\Roaming\VideoReDo-TVSuite4
2017-02-16 18:18 - 2016-12-25 22:52 - 00000000 ____D C:\Users\Mat\Desktop\The Voice US-Вокални битки и т.н
2017-02-14 15:42 - 2016-06-19 07:36 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 15:42 - 2013-08-22 17:36 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-02-14 15:42 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\Macromed
2017-02-11 19:05 - 2015-05-18 10:04 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-11 07:47 - 2016-02-26 07:21 - 00000000 ____D C:\Users\Mat\AppData\Local\ElevatedDiagnostics
2017-02-11 07:20 - 2015-05-02 09:41 - 00000000 ____D C:\ПРОГРАМИ

==================== Files in the root of some directories =======

2016-09-25 17:14 - 2016-09-25 17:47 - 0000104 _____ () C:\Users\Mat\AppData\Local\vmrWorkAround.log
2014-12-12 12:19 - 2014-12-12 12:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-09 10:20

==================== End of FRST.txt ============================

Addition.txt

Линк към този отговор
Сподели в други сайтове

Здравейте..! Огледах дневниците и в интерес на истината не виждам за какво да се хвана..За мен са чисти...! Да направим още проверки..!

GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

Моля, изтеглете Malwarebytes Anti-Malware 2.2.0.1024 Final и я запазете на вашия десктоп.

  • Стартирайте файла mbam-setup-bc.хххх-х.х.х.хххх.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката. Т.е. премахнете първата отметка:

DkgJ7Zr.png

  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категориятаDetection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.

65ZBqkR.jpg

  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
  • Сега вече поставете съдържанието на лог файла с клавишната комбинацияCtrl + V и го публикувайте в следващия си коментар.

 

Изтеглете RogueKiller и го запазете на десктопа.

Забележка: Трябва да изтеглите версия съвместима с вашата система.

  • RogueKiller.exe
  • RogueKillerX64.exe
  • Моля,затворете всички стартирани програми
  • Моля, изключете USB или външни дискове от компютъра, преди да стартирате това сканиране
  • Стартирайте RogueKiller.exe , В новия прозорец  изберете "Scan", след което изберете "Start Scan"

imageproxy.php.jpg

  • Когато сканирането завърши изберете "Open Report"

imageproxy_php.jpg.ceade71b14348d9d769803ee1363ad11.jpg

  • В новия прозорец изберете  "Export text"  Ще се създаде лог файл RK.txt

imageproxy_php.jpg.a6fb1d95a7797d220dda74baeb2d4975.jpg

  • Публикувайте лог файла в следващия си пост.

 

pfNZP4A.png  Дневници

  • Дневник от Malwarebytes Anti -Malware
  • RKreport.txt
Линк към този отговор
Сподели в други сайтове

Здравейте..! Ще мога да огледам нещата довечера...! Сега съм служебно ангажиран..! :)

А между другото:

 

122.jpg?1414578932  Моля, изтеглете  Check Browsers' LNK by Dragokas & regist

  • Запомнете архива на вашия декстоп,разархивирате.
  • Временно спрете вашия  антивирусен софтуер.
  • Стартирайте файла Check Browsers LNK.exe от името на администратор.
  • Изчакайте програмата да завърши работата си.Това може да отнеме до 5 минути. Моля бъдете търпеливи. След сканирането, отворете генерираната папка LOG и публикувайте отчета Check_Browsers_LNK.log, в следвашия си пост.

Дневници
 
В следващия си отговор, моля да включите (като копирате целите съдържания ) следните дневници:

  • Check_Browsers_LNK.log

 

Линк към този отговор
Сподели в други сайтове

Check Browsers' LNK  by Alex Dragokas & regist                                 ver. 2.2.0.12

OS:       x64 Windows 8.1 (Home), 6.3.9600, Service Pack: 0        ( Personal + SingleUserTS / Workstation )
Time:     15.03.2017 - 20:55
Language: OS: English (0x409). Display: Bulgarian (0x402). Non-Unicode: Bulgarian (0x402). Codepage: OEM - c_866.nls (ok), ANSI - c_1251.nls (ok)
Elevated: Yes
User:     Mat    (group: Administrator) on ZDRAVE


* Suspicious objects will be marked with prefix >>>

===========================================================================
              ((((((        BROWSER shortcuts        ))))))
===========================================================================

[____________________  Browser’s name is incorrect  ______________________]

>>>  "C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk"     -> ["C:\Program Files (x86)\Maxthon\Bin\MxStart.exe"] -> (155936 bytes) (MD5: 85111BA781CC2D2CAB9CD3055A2545E4) -> (PE EXE)
>>>  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser\Maxthon Cloud Browser.lnk"    -> ["C:\Program Files (x86)\Maxthon\Bin\MxStart.exe"] -> (155936 bytes) (MD5: 85111BA781CC2D2CAB9CD3055A2545E4) -> (PE EXE)
>>>  "C:\Users\Mat\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Maxthon Cloud Browser.lnk"         -> ["C:\Program Files (x86)\Maxthon\Bin\MxStart.exe"] -> (155936 bytes) (MD5: 85111BA781CC2D2CAB9CD3055A2545E4) -> (PE EXE)

[=========================================================================]
                ((((((       Other shortcuts       ))))))
===========================================================================

[______________________  Suspicious ( low risk )  ________________________]

-[HTTP] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMB\Official Website.lnk"   -> ["(Internet Explorer)"  =>> hxxp://yamb.unite-video.com/]

[_______________________  Target does not exist  _________________________]

>>>  "C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop\Help\Manual (Bulgarian).lnk"  -> ["C:\Program Files (x86)\Subtitle Workshop\Manual\ManualBG.html"]
>>>  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft\Subtitle Workshop\Help\Manual (Espaсol).lnk"          -> ["C:\Program Files (x86)\URUSoft\Subtitle Workshop\Manual\ManualSPA.html"]
>>>  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMB\YAMB.lnk"        -> ["C:\Program Files (x86)\YAMB\Yamb.exe"]
>>>  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMB\Uninstall.lnk"   -> ["C:\Program Files (x86)\YAMB\Uninstall.exe"]
>>>  "C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop\Help\Manual (Russian).lnk"    -> ["C:\Program Files (x86)\Subtitle Workshop\Manual\ManualRUS.html"]
>>>  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft\Subtitle Workshop\Help\Manual (English).lnk"          -> ["C:\Program Files (x86)\URUSoft\Subtitle Workshop\Manual\Manual.html"]
>>>  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft\Subtitle Workshop\Help\Manual (Bulgarian).lnk"        -> ["C:\Program Files (x86)\URUSoft\Subtitle Workshop\Manual\ManualBG.html"]
>>>  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft\Subtitle Workshop\Help\Manual (Russian).lnk"          -> ["C:\Program Files (x86)\URUSoft\Subtitle Workshop\Manual\ManualRUS.html"]
>>>  "C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop\Help\Manual (English).lnk"    -> ["C:\Program Files (x86)\Subtitle Workshop\Manual\Manual.html"]
>>>  "C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop\Subtitle Workshop.lnk"        -> ["C:\Program Files (x86)\Subtitle Workshop\subtitleworkshop.exe"]
>>>  "C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop\Uninstall Subtitle Workshop.lnk"        -> ["C:\Program Files (x86)\Subtitle Workshop\uninstall.exe"]
>>>  "C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk"       -> ["C:\Users\Mat\AppData\Local\Pokki\Engine\HostAppService.exe"  =>> /OPEN"04bb6df446330549a2cb8d67fbd1a745025b7bd1"]
>>>  "C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk"   -> ["C:\Users\Mat\AppData\Local\Pokki\Engine\HostAppService.exe"  =>> /OPEN"menu"]
>>>  "C:\Users\Mat\Downloads\RipBot264v1.19.4\Tools\remuxtool\FileCutter.lnk"    -> ["D:\remuxTool\remuxTool.jar"  =>> FileCutter]

[__________________  Target on remote / network device  __________________]

- "C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BD-ROM устройство (F) OFFICE12.lnk"      -> ["F:\"]  ( F:\ - Disconnected disk )

[=========================================================================]
                 ((((((      Internet shortcuts       ))))))
===========================================================================

- "C:\Users\Default\Desktop\FREE CALLS with Voxox.url"  ->            hxxp://vvv.voxox.com/lenovo
- "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Need For Speed Hot Pursuit 2\Check For Update.url"  -> hxxp://patches.ea.com/nfshp2/EN-US/home.html
- "C:\Users\Mat\Desktop\Adobe Photo Offer.url"  ->                    hxxp://adobe.com/go/LenovoPhotoOffer
- "C:\Users\Mat\Desktop\FREE CALLS with Voxox.url"  ->                hxxp://vvv.voxox.com/lenovo
- "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uGet VGI\uGet в Интернет.url"  ->           hxxp://vvv.uget.in/
- "C:\Users\Default\Desktop\Adobe Photo Offer.url"  ->                hxxp://adobe.com/go/LenovoPhotoOffer
- "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit\Help and Support\Online Help.url"  ->             hxxp://vvv.nikse.dk/SubtitleEdit/Help
- "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit\Help and Support\Subtitle Edit в Интернет.url"  ->               hxxp://vvv.nikse.dk/SubtitleEdit/
- "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My MP4Box GUI\My MP4Box GUI on the Web.url"  ->  hxxp://my-mp4box-gui.zymichost.com
- "C:\Users\Default\Favorites\AmazonBrowserBar.url"  ->               hxxp://vvv.amazon.com/gp/BIT/AmazonBrowserBar/ref=bit_lnv_fav?tag=lenovo-abb-bm-us-ie-20
- "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser\Visit Maxthon Forum.url"  ->              hxxp://go.maxthon.com/redir/mx4/feature_post.htm?f=mx4forum
- "C:\Users\Default\Favorites\Voxox Free Calls.url"  ->               hxxp://vvv.voxox.com/lenovo
- "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4Tools\Сайт MP4Tools в Интернете.url"  ->      hxxp://vvv.mp4joiner.org/
- "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Need For Speed Hot Pursuit 2\Need For Speed Top Speed.url"  ->        hxxp://ea.pogo.com/rooms/roomtabs.jsp?game=topspeed&site=eaga
- "C:\Users\Mat\Downloads\RipBot264v1.19.4\RipBot264 Distributed Encoding Tutorial.url"  ->         hxxp://youtu.be/b-BICnj62iE
- "C:\Users\Mat\Downloads\RipBot264v1.19.4\Tools\mkvtoolnix\MKVToolNix.url"  ->                     hxxps://vvv.bunkus.org/videotools/mkvtoolnix/
- "C:\Users\Mat\Downloads\GOTSent24b8\GOTSent\MKVToolnix\MKVtoolnix.url"  ->                        hxxp://vvv.bunkus.org/videotools/mkvtoolnix/

[_____________________________  Favorites  _______________________________]

- "C:\Users\Mat\Favorites\Voxox Free Calls.url"  ->                   hxxp://vvv.voxox.com/lenovo
- "C:\Users\Mat\Favorites\AmazonBrowserBar.url"  ->                   hxxp://vvv.amazon.com/gp/BIT/AmazonBrowserBar/ref=bit_lnv_fav?tag=lenovo-abb-bm-us-ie-20
- "C:\Users\Mat\Favorites\Алтернатива на пастата за зъби - стр. 4 - Здравни конспирации - Форум за конспирации, уфология и мистика..url"  ->          hxxp://forum.xnetbg.net/index.php?topic=14563.45

[____________________ Statistics ___________________]

Threats found:      17
Files listed:       220087 (folders: 49336, shortcuts: 311)
Time spent:         80 sec. (search: 71 sec., analysis: 5 sec.) (MFT)

Been verified:
C:\Users\Mat
C:\Users\Default
C:\Users\Public
C:\ProgramData
_____________________________ End of Log _________________________________16616 bytes, CRC32: FFFFFFFF. Sign: 럃㷻


Линк към този отговор
Сподели в други сайтове

102.jpg?1414583023 Моля, изтеглете ClearLNK by Dragokas & regist.

  • Запомнете архива на вашия декстоп,разархивирате програмата ClearLNK
  • Влачите и пускате файла Check_Browsers_LNK.log (логът генериран от програмата Check Browsers LNK в предния ми инструкция) на иконката на програмата ClearLNK.


[IMG]

  • Ще се генерира отчет ClearLNK-<Дата>.log, който ще бъде създаден в папката LOG. Публикувайте дневника в следващия си пост.

Дневници
 
В следващия си отговор, моля да включите (като копирате целите съдържания ) следните дневници:

  • Дневник ClearLNK-<Дата>.log
Линк към този отговор
Сподели в други сайтове

ClearLNK by Alex Dragokas                                 ver. 2.9.0.11

OS:       x64 Windows 8.1 Home, 6.3.9600, Service Pack: 0
Time:     16.03.2017 - 20:08
Language: OS: EN (0x409). Display: BG (0x402). Non-Unicode: BG (0x402)
Elevated: Yes
User:     Mat    (group: Administrator)

_____________________________ Begin of Log ______________________________
.
[ OK ] 1  "C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk"    -> [ "C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe" ]   (Method R5-A2)   (OK)
[ OK ] 2  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser\Maxthon Cloud Browser.lnk"    -> [ "C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe" ]   (Method R5-A2)   (OK)
[ OK ] 3  "C:\Users\Mat\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Maxthon Cloud Browser.lnk"    -> [ "C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe" ]   (Method R5-A2)   (OK)
.
[DEL ] 4  "C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop\Help\Manual (Bulgarian).lnk"    (target was not recovered)
[DEL ] 5  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft\Subtitle Workshop\Help\Manual (Espaсol).lnk"    (target was not recovered)
[DEL ] 6  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMB\YAMB.lnk"    (target was not recovered)
[DEL ] 7  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMB\Uninstall.lnk"    (target was not recovered)
[DEL ] 8  "C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop\Help\Manual (Russian).lnk"    (target was not recovered)
[DEL ] 9  "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft\Subtitle Workshop\Help\Manual (English).lnk"    (target was not recovered)
[DEL ] 10 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft\Subtitle Workshop\Help\Manual (Bulgarian).lnk"    (target was not recovered)
[DEL ] 11 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\URUSoft\Subtitle Workshop\Help\Manual (Russian).lnk"    (target was not recovered)
[DEL ] 12 "C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop\Help\Manual (English).lnk"    (target was not recovered)
[DEL ] 13 "C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop\Subtitle Workshop.lnk"    (target was not recovered)
[DEL ] 14 "C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop\Uninstall Subtitle Workshop.lnk"    (target was not recovered)
[DEL ] 15 "C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk"    (target was not recovered)
[DEL ] 16 "C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk"    (target was not recovered)
[DEL ] 17 "C:\Users\Mat\Downloads\RipBot264v1.19.4\Tools\remuxtool\FileCutter.lnk"    (target was not recovered)
.
______________________________ Statistics _______________________________
Cure ran per today: 1 times.

  Total processed:  17

         Cured:     3
         Deleted:   14
______________________________ End of Log _______________________________CRC32: CBD7240B

Линк към този отговор
Сподели в други сайтове

Здравейте..! Какво е положението сега след процедурата..?

Моля за свежа проверка с..:

Сканиране с Farbar Recovery Scan

  • Моля изтеглете icon1337953436.pngFarbar Recovery Scan Tool (според версията на Windows изберете 32 битовата или 64 битовата версия) и го запазете надесктопа.
  • Стартирайте файла FRST.exe (или FRST64.exe)
  • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
  • Натиснете бутона YClYkft.jpg.
  • Изчакайте търпеливо проверката да приключи.
  • Ще се създадат два лог файла с името - FRST.txt и Addition.txt надесктопа.
  • Копирайте съдържанието на файла FRST.txt в следващия си пост.Прикачете Addition.txt в коментар си (погледнете опцията Прикачване на файлове, когато публикувате мнение).

 

 Дневници
 
В следващия си отговор, моля да включите (като копирате целите съдържания ) следните дневници:

  • FRST.txt (копирате цялото съдържание)
  • Addition.txt (прикачате..) 
 

 

Линк към този отговор
Сподели в други сайтове

Положението е същото!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Mat (administrator) on ZDRAVE (17-03-2017 20:29:38)
Running from C:\Users\Mat\Desktop
Loaded Profiles: Mat (Available Profiles: Mat)
Platform: Windows 8.1 Connected (Update) (X64) Language: Английски (Съединени щати)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Maxthon\bin\Maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Intel® Corporation) C:\Program Files\Intel\CAM\bin\CAMService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Windows\System32\igfxTray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(BitTorrent Inc.) C:\Users\Mat\AppData\Roaming\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BitTorrent Inc.) C:\Users\Mat\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
(BitTorrent Inc.) C:\Users\Mat\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-02-27] (Realtek semiconductor)
HKLM\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [384232 2012-07-13] (BillP Studios)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140640 2009-11-03] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-02] (AVAST Software)
HKLM-x32\...\Run: [PowerDVD13Agent] => C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [513048 2013-05-03] (CyberLink Corp.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe [1286392 2009-11-03] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe [885000 2009-11-03] (Acronis)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-651715680-3413174133-539334514-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-651715680-3413174133-539334514-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-06] (Ruiware)
HKU\S-1-5-21-651715680-3413174133-539334514-1001\...\Run: [uTorrent] => C:\Users\Mat\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-16] (BitTorrent Inc.)
HKU\S-1-5-21-651715680-3413174133-539334514-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
Lsa: [Authentication Packages] msv1_0 relog_ap
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-02] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-02] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 212.39.90.42 8.8.8.8
Tcpip\..\Interfaces\{1A12D0E6-4762-47F6-A801-BE161ABACF99}: [DhcpNameServer] 150.209.1.3
Tcpip\..\Interfaces\{6E8CF172-AF6F-4E98-9153-00479EF19E28}: [DhcpNameServer] 212.39.90.42 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\S-1-5-21-651715680-3413174133-539334514-1001 -> {62C3C0E0-7B4F-4E87-B3EB-018B03071F75} URL = 
SearchScopes: HKU\S-1-5-21-651715680-3413174133-539334514-1001 -> {F3D9EAD1-C76C-4677-92DC-54DF1CCFCD49} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-27] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-02] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-27] (Oracle Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-02] (AVAST Software)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: lzm9qrfd.default
FF ProfilePath: C:\Users\Mat\AppData\Roaming\Mozilla\Firefox\Profiles\lzm9qrfd.default [2017-03-17]
FF Homepage: Mozilla\Firefox\Profiles\lzm9qrfd.default -> hxxp://www.google.bg/
FF Extension: (Avast Passwords) - C:\Users\Mat\AppData\Roaming\Mozilla\Firefox\Profiles\lzm9qrfd.default\Extensions\[email protected] [2017-02-23]
FF Extension: (Adblock Plus) - C:\Users\Mat\AppData\Roaming\Mozilla\Firefox\Profiles\lzm9qrfd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-09]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-03-02]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-03-02]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\pam\FF
FF Extension: (Avast Passwords) - C:\Program Files\AVAST Software\Avast\pam\FF [2017-03-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\pam\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-27] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.omniboxes.com/?type=hp&ts=1435739360&z=2b2a0b8bd20ceb587af5c4fgfz4cbwdm4cct8cbwew&from=tti&uid=WDCXWD10JPCX-24UE4T0_WD-WXK1E8417USX17USX
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.bg/","hxxp://www.omniboxes.com/?type=hp&ts=1435739360&z=2b2a0b8bd20ceb587af5c4fgfz4cbwdm4cct8cbwew&from=tti&uid=WDCXWD10JPCX-24UE4T0_WD-WXK1E8417USX17USX"
CHR Profile: C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default [2017-03-17]
CHR Extension: (Google Презентации) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-12]
CHR Extension: (Google Документи) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-12]
CHR Extension: (Google Диск) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-12]
CHR Extension: (Adblock Plus) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-16]
CHR Extension: (Google Търсене) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (АБВ Уведомител) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje [2017-01-22]
CHR Extension: (Avast SafePrice) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-17]
CHR Extension: (Електронни таблици от Google) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-12]
CHR Extension: (Google Документи офлайн) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-26]
CHR Extension: (Avast Online Security) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-05]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-12]
CHR Extension: (Chrome Media Router) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-02] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-02] (AVAST Software)
R2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-09-03] (Intel® Corporation)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-05-03] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-05-03] (CyberLink)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121304 2014-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-12-12] (Lenovo(beijing) Limited)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872808 2015-11-27] (Maxthon)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-02] (AVAST Software s.r.o.)
R0 aswbidsh; C:\windows\system32\drivers\aswbidsha.sys [189768 2017-03-02] (AVAST Software s.r.o.)
R0 aswblog; C:\windows\system32\drivers\aswbloga.sys [334600 2017-03-02] (AVAST Software s.r.o.)
R0 aswbuniv; C:\windows\system32\drivers\aswbuniva.sys [48528 2017-03-02] (AVAST Software s.r.o.)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [38296 2017-03-02] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [32088 2017-03-02] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [126600 2017-03-02] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [100640 2017-03-02] (AVAST Software)
R0 aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [75704 2017-03-02] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [993608 2017-03-02] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [548928 2017-03-10] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [162528 2017-03-02] (AVAST Software)
R0 aswVmm; C:\windows\system32\drivers\aswVmm.sys [337592 2017-03-15] (AVAST Software)
R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1424184 2014-06-17] (Motorola Solutions, Inc.)
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [220104 2014-08-07] (Intel Corporation)
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3497240 2015-03-23] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 RtNdPt630; C:\windows\system32\DRIVERS\RtNdPt630.sys [28888 2013-09-26] (Realtek Semiconductor Corp.)
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [9109720 2014-02-27] (Realtek Semiconductor Corp.)
S3 RTTEAMPT; C:\windows\system32\DRIVERS\RtTeam620.sys [59608 2014-09-02] (Realtek Corporation)
R0 snapman380; C:\windows\System32\DRIVERS\snman380.sys [237600 2017-01-01] (Acronis)
S3 ssudserd; C:\windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-05-03] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-17 20:29 - 2017-03-17 20:29 - 00000000 ____D C:\Users\Mat\Desktop\FRST-OlderVersion
2017-03-17 14:25 - 2017-03-17 14:25 - 00000000 ____D C:\Users\Mat\AppData\LocalLow\uTorrent
2017-03-16 22:52 - 2017-03-16 22:52 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-16 20:08 - 2017-03-16 20:08 - 00000000 ____D C:\Users\Mat\Desktop\LOG
2017-03-16 20:04 - 2017-03-16 20:08 - 00000000 ____D C:\Users\Mat\Desktop\ClearLNK
2017-03-16 20:04 - 2017-03-16 20:04 - 00200975 _____ C:\Users\Mat\Desktop\ClearLNK.zip
2017-03-16 20:04 - 2016-11-29 21:28 - 00462976 _____ (Alex Dragokas) C:\Users\Mat\Desktop\ClearLNK.exe
2017-03-16 19:26 - 2017-03-16 19:26 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-16 19:26 - 2017-03-16 19:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-16 19:26 - 2017-03-16 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-16 18:15 - 2017-02-22 16:35 - 01609216 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2017-03-16 18:15 - 2017-02-22 16:35 - 01286144 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2017-03-16 18:15 - 2017-02-22 16:35 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2017-03-16 18:15 - 2017-02-22 16:35 - 00233984 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2017-03-16 18:14 - 2017-02-23 16:50 - 00093360 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2017-03-16 18:14 - 2017-02-22 16:35 - 00646656 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2017-03-16 18:14 - 2017-02-22 16:35 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2017-03-16 18:14 - 2017-02-22 16:35 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2017-03-16 18:14 - 2017-02-22 16:35 - 00133632 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2017-03-16 18:12 - 2017-03-04 10:01 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-03-16 18:12 - 2017-03-04 09:59 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-03-16 18:12 - 2017-03-04 08:54 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-03-16 18:12 - 2017-03-04 08:12 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-03-16 18:12 - 2017-03-04 06:18 - 20281856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-03-16 18:12 - 2017-03-02 20:01 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-03-16 18:12 - 2017-03-02 19:55 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-03-16 18:12 - 2017-03-02 19:49 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-03-16 18:12 - 2017-03-02 19:25 - 00880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2017-03-16 18:12 - 2017-03-02 19:22 - 04604416 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-03-16 18:12 - 2017-03-02 19:19 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-03-16 18:12 - 2017-03-02 19:11 - 13654528 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-03-16 18:12 - 2017-03-02 18:53 - 02767360 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-03-16 18:12 - 2017-03-02 18:50 - 01312768 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-03-16 18:12 - 2017-02-11 07:12 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2017-03-16 18:12 - 2017-02-11 06:58 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-03-16 18:12 - 2017-02-11 06:56 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-03-16 18:12 - 2017-02-10 07:10 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-03-16 18:12 - 2017-02-10 07:09 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2017-03-16 18:12 - 2017-02-10 07:08 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-03-16 18:12 - 2017-02-10 07:01 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-03-16 18:12 - 2017-02-10 07:00 - 00330752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-03-16 18:12 - 2017-02-10 06:59 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-03-16 18:11 - 2017-03-04 09:48 - 25746944 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-03-16 18:11 - 2017-03-04 09:44 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-03-16 18:11 - 2017-03-04 09:31 - 06045696 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-03-16 18:11 - 2017-03-04 09:05 - 01033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2017-03-16 18:11 - 2017-03-04 08:26 - 15259648 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-03-16 18:11 - 2017-03-04 08:25 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-03-16 18:11 - 2017-03-04 08:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-03-16 18:11 - 2017-03-02 18:50 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-03-16 18:11 - 2017-02-11 07:12 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-03-16 18:11 - 2017-02-11 07:00 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-03-16 18:11 - 2017-02-10 21:09 - 04169728 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-03-16 18:11 - 2017-02-10 02:12 - 01375960 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2017-03-16 18:11 - 2017-02-09 17:16 - 01094656 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2017-03-16 18:11 - 2017-02-04 22:32 - 07444832 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-03-16 18:11 - 2017-02-04 22:30 - 01663184 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-03-16 18:11 - 2017-02-04 22:30 - 01523216 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2017-03-16 18:11 - 2017-02-04 22:30 - 01490128 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-03-16 18:11 - 2017-02-04 22:30 - 01358960 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2017-03-16 18:11 - 2017-01-05 20:09 - 07076864 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2017-03-16 18:10 - 2017-02-09 17:28 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2017-03-16 18:10 - 2017-02-09 17:19 - 01377792 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2017-03-16 18:10 - 2017-02-09 17:16 - 01560064 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2017-03-16 18:10 - 2017-02-04 21:30 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2017-03-16 18:10 - 2017-02-04 19:40 - 01754112 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2017-03-16 18:10 - 2017-01-21 19:48 - 01437696 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-03-16 18:10 - 2017-01-11 21:37 - 02345984 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2017-03-16 18:10 - 2017-01-10 21:08 - 01549312 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2017-03-16 18:10 - 2017-01-05 19:29 - 05273600 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2017-03-16 18:10 - 2017-01-05 19:13 - 07796224 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2017-03-16 18:09 - 2017-03-04 09:45 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-03-16 18:09 - 2017-02-11 21:25 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2017-03-16 18:09 - 2017-02-10 07:34 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-03-16 18:09 - 2017-02-10 03:31 - 01549144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2017-03-16 18:09 - 2017-02-09 16:59 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2017-03-16 18:09 - 2017-02-09 16:58 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2017-03-16 18:09 - 2017-02-09 16:58 - 00252416 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2017-03-16 18:09 - 2017-02-04 21:32 - 00251392 _____ (Microsoft Corporation) C:\windows\system32\microsoft-windows-system-events.dll
2017-03-16 18:09 - 2017-02-04 20:14 - 01001472 _____ (Microsoft Corporation) C:\windows\HelpPane.exe
2017-03-16 18:09 - 2017-02-04 19:50 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\icm32.dll
2017-03-16 18:09 - 2017-02-04 19:32 - 00584704 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2017-03-16 18:09 - 2017-02-04 19:17 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\icm32.dll
2017-03-16 18:09 - 2017-02-04 19:10 - 01491456 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2017-03-16 18:09 - 2017-02-04 19:05 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2017-03-16 18:09 - 2017-01-21 23:37 - 00567152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2017-03-16 18:09 - 2017-01-21 21:27 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-03-16 18:09 - 2017-01-21 21:27 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-03-16 18:09 - 2017-01-21 21:22 - 00201728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-03-16 18:09 - 2017-01-21 21:20 - 00401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-03-16 18:09 - 2017-01-21 20:40 - 00756736 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-03-16 18:09 - 2017-01-21 20:40 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-03-16 18:09 - 2017-01-21 20:37 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-03-16 18:09 - 2017-01-21 19:58 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-03-16 18:09 - 2017-01-14 19:49 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\wininit.exe
2017-03-16 18:09 - 2017-01-05 20:20 - 01697792 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2017-03-16 18:09 - 2017-01-05 19:36 - 01501184 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2017-03-16 18:09 - 2017-01-05 18:57 - 05268480 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2017-03-16 18:09 - 2016-11-09 21:22 - 00681472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2017-03-15 20:53 - 2017-03-15 20:55 - 00000000 ____D C:\Users\Mat\Desktop\CheckBrowsersLNK
2017-03-15 20:48 - 2017-03-15 20:49 - 00385466 _____ C:\Users\Mat\Desktop\CheckBrowsersLNK.zip
2017-03-14 22:18 - 2017-03-14 22:18 - 00006358 _____ C:\Users\Mat\Desktop\RogueKiller-14.03.2017.txt
2017-03-14 20:45 - 2017-03-14 20:45 - 00028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2017-03-14 20:44 - 2017-03-14 22:22 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-14 20:42 - 2017-03-14 20:42 - 26131528 _____ C:\Users\Mat\Desktop\RogueKillerX64.exe
2017-03-14 20:39 - 2017-03-14 20:39 - 00000000 _____ C:\Users\Mat\Desktop\RogueKiller.exe
2017-03-14 20:38 - 2017-03-14 20:38 - 00001263 _____ C:\Users\Mat\Desktop\MBAM-14.03.2017.txt
2017-03-13 18:10 - 2017-03-13 18:12 - 00038670 _____ C:\Users\Mat\Desktop\Addition.txt
2017-03-13 18:08 - 2017-03-17 20:32 - 00024448 _____ C:\Users\Mat\Desktop\FRST.txt
2017-03-13 18:07 - 2017-03-17 20:29 - 00000000 ____D C:\FRST
2017-03-13 18:06 - 2017-03-17 20:29 - 02424832 _____ (Farbar) C:\Users\Mat\Desktop\FRST64.exe
2017-03-12 12:35 - 2017-03-17 20:20 - 00000000 ____D C:\AdwCleaner
2017-03-12 12:33 - 2017-03-12 12:33 - 04031440 _____ C:\Users\Mat\Downloads\AdwCleaner v.n.exe
2017-03-11 07:59 - 2017-03-11 07:59 - 00003888 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1466312439
2017-03-11 07:58 - 2017-03-11 07:58 - 00001030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-03-03 11:16 - 2017-03-16 20:57 - 00000000 ____D C:\The Voice USA-12 сезон-Други релийзи
2017-03-02 12:43 - 2017-03-02 12:43 - 00001909 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-03-02 12:43 - 2017-03-02 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-03-02 12:40 - 2017-03-02 12:40 - 00398408 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2017-03-01 10:46 - 2017-03-01 10:47 - 00000000 ____D C:\The Voice USA-12 сезон
2017-02-23 11:16 - 2017-02-23 11:18 - 00000000 ____D C:\The Voice US S09
2017-02-23 06:46 - 2017-03-10 06:34 - 00835576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-02-23 06:46 - 2017-03-10 06:34 - 00177656 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-17 21:26 - 2017-02-26 00:43 - 00000000 ____D C:\Users\Mat\Desktop\11.Али Колдуел и Били Гилман
2017-02-17 21:22 - 2017-02-26 00:44 - 00000000 ____D C:\Users\Mat\Desktop\Шалия Феъринг
2017-02-17 21:17 - 2017-02-17 21:17 - 00993632 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2017-02-17 21:17 - 2017-02-17 21:17 - 00987848 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2017-02-17 21:17 - 2017-02-17 21:17 - 00690016 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2017-02-17 21:17 - 2017-02-17 21:17 - 00484552 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2017-02-17 21:17 - 2017-02-17 21:17 - 00030912 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2017-02-17 21:17 - 2017-02-17 21:17 - 00029376 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2017-02-17 21:17 - 2017-02-17 21:17 - 00018600 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll
2017-02-17 21:17 - 2017-02-17 21:17 - 00018592 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll
2017-02-17 21:15 - 2017-02-26 00:43 - 00000000 ____D C:\Users\Mat\Desktop\Касиди Поуп
2017-02-17 21:11 - 2017-02-28 22:36 - 00000000 ____D C:\Users\Mat\Desktop\9.Гласът на Америка 2015-Сезон 9
2017-02-17 21:07 - 2017-02-17 21:12 - 00000000 ____D C:\Users\Mat\Desktop\10.Гласът на Америка 2016-Сезон 10
2017-02-17 21:03 - 2017-02-17 21:03 - 01429344 _____ (Microsoft Corporation) C:\Users\Mat\Downloads\NDP462-KB3151802-Web.exe
2017-02-17 20:56 - 2017-02-17 20:57 - 00000000 ____D C:\КОМЕДИЯ,РОМАНТИЧЕН
2017-02-17 20:42 - 2017-02-17 20:42 - 25824792 _____ C:\Users\Mat\Downloads\WindowsServer2003-KB942288-v4-ia64.exe
2017-02-16 17:29 - 2017-02-16 17:31 - 00000000 ____D C:\Бягство от затвора-сезон 1
2017-02-15 21:16 - 2017-02-15 21:20 - 00000000 ____D C:\American Idol S11,5
2017-02-15 21:12 - 2017-02-15 21:14 - 00000000 ____D C:\American Idol S11

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-17 20:32 - 2017-02-11 07:20 - 00000000 ____D C:\Users\Mat\AppData\Roaming\uTorrent
2017-03-17 20:28 - 2015-07-05 19:29 - 00000000 ____D C:\Users\Mat\AppData\Local\CrashDumps
2017-03-17 20:25 - 2015-03-22 11:52 - 00000000 ____D C:\Users\Mat\AppData\Roaming\Skype
2017-03-17 18:35 - 2015-03-18 12:08 - 00003950 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{8746BB1A-F223-4A4A-A0A4-03E022F93E77}
2017-03-17 16:33 - 2015-04-03 18:59 - 00000000 ____D C:\Users\Mat\AppData\LocalLow\Adblock Plus for IE
2017-03-17 14:27 - 2016-12-10 19:55 - 00000000 ____D C:\Users\Mat\AppData\LocalLow\Mozilla
2017-03-17 14:25 - 2015-03-18 11:14 - 00000000 ___DO C:\Users\Mat\OneDrive
2017-03-17 14:24 - 2015-03-18 11:11 - 00000000 __SHD C:\Users\Mat\IntelGraphicsProfiles
2017-03-16 23:03 - 2015-05-15 07:23 - 00000000 ____D C:\Users\Mat\AppData\Local\ClassicShell
2017-03-16 22:32 - 2015-05-14 10:20 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-651715680-3413174133-539334514-1001
2017-03-16 22:09 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-03-16 22:09 - 2013-08-22 16:44 - 00493368 _____ C:\windows\system32\FNTCACHE.DAT
2017-03-16 22:02 - 2015-03-22 11:42 - 00000000 ____D C:\windows\system32\appraiser
2017-03-16 22:02 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2017-03-16 20:08 - 2017-01-17 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser
2017-03-16 20:08 - 2016-09-16 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMB
2017-03-16 20:08 - 2015-03-29 17:17 - 00000000 ____D C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop
2017-03-16 20:08 - 2014-12-12 12:57 - 00001173 _____ C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk
2017-03-16 19:27 - 2015-03-22 11:52 - 00000000 ____D C:\ProgramData\Skype
2017-03-16 19:21 - 2014-12-12 12:09 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-16 18:43 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2017-03-16 18:35 - 2015-03-20 22:09 - 00000000 ____D C:\windows\system32\MRT
2017-03-16 18:28 - 2015-03-20 22:08 - 138634176 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-03-15 12:42 - 2015-05-18 10:07 - 00337592 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2017-03-15 09:27 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-15 09:27 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2017-03-15 06:09 - 2016-09-24 16:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-14 18:42 - 2015-05-10 10:47 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-14 18:29 - 2014-03-18 11:53 - 00866884 _____ C:\windows\system32\PerfStringBackup.INI
2017-03-14 14:43 - 2016-06-19 07:36 - 00004288 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-03-14 14:43 - 2013-08-22 17:36 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-03-14 14:43 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\Macromed
2017-03-12 13:57 - 2016-06-01 10:28 - 06858912 _____ (ESET spol. s r.o.) C:\Users\Mat\Downloads\ESETOnlineScanner_ENU.exe
2017-03-12 12:54 - 2013-08-22 15:25 - 00524288 ___SH C:\windows\system32\config\BBI
2017-03-11 11:55 - 2015-08-02 13:11 - 00000000 ____D C:\Users\Mat\AppData\Roaming\Nitro PDF
2017-03-10 12:42 - 2015-05-18 10:07 - 00548928 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2017-03-10 11:42 - 2017-01-14 19:35 - 00133632 ___SH C:\Users\Mat\Desktop\Thumbs.db
2017-03-03 19:34 - 2017-02-11 13:51 - 00082944 ___SH C:\Users\Mat\Downloads\Thumbs.db
2017-03-02 12:42 - 2017-02-08 14:14 - 00003914 _____ C:\windows\System32\Tasks\Avast Emergency Update
2017-03-02 12:40 - 2015-05-18 10:07 - 00162528 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2017-03-02 12:40 - 2015-05-18 10:07 - 00126600 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2017-03-02 12:40 - 2015-05-18 10:07 - 00100640 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2017-03-02 12:40 - 2015-05-18 10:07 - 00075704 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2017-03-02 12:40 - 2015-05-18 10:07 - 00038296 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2017-03-02 12:39 - 2016-06-17 08:53 - 00032088 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2017-03-02 12:39 - 2015-05-18 10:07 - 00993608 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2017-03-02 12:37 - 2017-02-08 14:14 - 00334600 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbloga.sys
2017-03-02 12:37 - 2017-02-08 14:14 - 00309272 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsdrivera.sys
2017-03-02 12:37 - 2017-02-08 14:14 - 00189768 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsha.sys
2017-03-02 12:37 - 2017-02-08 14:14 - 00048528 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbuniva.sys
2017-02-28 22:55 - 2016-09-10 05:47 - 00000000 ____D C:\ProgramData\clone.AD
2017-02-26 17:50 - 2016-09-22 15:32 - 00000000 ____D C:\p2pbg.com
2017-02-26 14:34 - 2014-12-12 12:54 - 00000000 ____D C:\ProgramData\Temp
2017-02-26 13:32 - 2013-08-22 17:36 - 00000000 ____D C:\windows\rescache
2017-02-26 00:33 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\NDF
2017-02-17 21:16 - 2016-04-24 15:22 - 00000000 ____D C:\Users\Mat\Desktop\Клипове-The Voice S09
2017-02-17 20:58 - 2015-08-22 09:55 - 00000000 ____D C:\1,35-3
2017-02-16 21:57 - 2015-08-22 16:28 - 00000000 ____D C:\Users\Mat\AppData\Roaming\VideoReDo-TVSuite4
2017-02-16 18:18 - 2016-12-25 22:52 - 00000000 ____D C:\Users\Mat\Desktop\The Voice US-Вокални битки и т.н

==================== Files in the root of some directories =======

2016-09-25 17:14 - 2016-09-25 17:47 - 0000104 _____ () C:\Users\Mat\AppData\Local\vmrWorkAround.log
2014-12-12 12:19 - 2014-12-12 12:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-03-14 20:44 - 2016-08-13 09:40 - 1737080 _____ (Microsoft Corporation) C:\Users\Mat\AppData\Local\Temp\dllnt_dump.dll
2017-03-16 19:20 - 2017-03-16 19:20 - 14456872 _____ (Microsoft Corporation) C:\Users\Mat\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-09 10:20

==================== End of FRST.txt ============================

Addition.txt

Линк към този отговор
Сподели в други сайтове

Фикс с Farbar Recovery Scan Tool

 

icon13.gif Изтеглете прикачения файл fixlist.txt и го запазете там, където сте свалили FRST.exe
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.

Press%20the%20FIX%20button_zpsdd5zi3mt.p


Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.
 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

Пишете за резултата..!

pfNZP4A.png  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • FixLog.txt
Линк към този отговор
Сподели в други сайтове

 Следвайте инструкциите от стъпка 1, за да почистите вашия браузър Chrome чрез chrome_cleanup_tool

Clean Chrome of unwanted ads, pop-ups, & malware - Chrome Help

Chrome Cleanup Tool

 

BY4dvz9.png Сканиране с AdwCleaner

 
Моля, изтеглете и стартирайте програмата Malwarebytes AdwCleaner (by Xplode):

  • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте A49sxPr.pngScan (провери).
  • След завършване, кликнете на 6cyn5v5.pngLogfile (дневник).Ще се отвори прозорец в който се намира дневника (AdwCleaner [S0] .txt).Кликнете два пъти върх реда и ще се отвори съдържанието на дневника.Публикувайте го в следващия си пост
  • Върнете се към основния прозорец на AdwCleaner .маркирайте MqHawIb.pngClean (Почисти)
  • Следвайте указанията и разрешете на компютъра да се рестартира.
  • След рестарта ще се отвори дневник AdwCleaner[C0].txt . Моля копирайте съдържанието на лог файла в следващия си пост.

 

E3feWj5.png  Сканиране с Junkware Removal Tool
 
Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

Сканиране с ESET Online Scan

 

  • Моля изтеглете и стартирайте изпълнимия файл от линка: ESET Online Scanner
  • Сложете отметката пред qy7AMI8.jpg (ако опцията е налична) и натиснете бутона ePL5oyv.jpg.
  • Добре е да изключите вашата антивирусна преди началото на проверката. За да видите списъка с инсталираната от вас антивирусна програма, която трябва да изключите натиснете бутона E5rfZI9.png.
  • Ще се появи списък с инсталираната от вас антивирусна програма:

c4VVzVO.png

  • Изключете антивирусната си програма.
  • Сложете отметката пред: Enable detection of potentially unwanted applications.
  • Сега кликнете на Advanced Settings и се уверете, че опцията Clean threats automatically не е маркирана, а следните са маркирани:

 

  • Enable detection of potentially unsafe applications
  • Enable detection of suspicious applications
  • Scan archives
  • Enable Anti-Stealth Technology

 

  • Изберете сега бутона Change и поставете отметки пред следните обекти Operating memory, Autostart locations и дял C:\

yKulboi.jpg

  • Натиснете бутона dtoGjAL.png за да започне проверката.
  • ESET ще започне да сваля и инсталира актуализации за вирусните дефиниции и след това ще започне да сканира компютъра. Бъдете търпеливи, защото процеса е бавен и може да отнеме доста време.

8L8IBHJ.png

  • След като проверката приключи списъка с намерените зарази ще се отвори автоматично (ако такива са намерени).

imxEgHt.png

  • Натиснете бутонаcRhRYZ8.png и запазете файла на десктопа с име по избор като например (ESETScan.txt). Копирайте резултата в следващия си коментар.
  • Натиснете бутона 9IjfdXq.png
  • Сложете отметка пред RHzfZB1.png за да почистите следите от приложението след затварянето му.
  • Натиснете бутона Vc3btaC.png и след това затворете приложението от хикса в горния десен ъгъл.

 

Линк към този отговор
Сподели в други сайтове

Eset не откри нищо.

# AdwCleaner v6.044 - Дневникът е създаден 19/03/2017 в 12:01:20
# Обновен на 28/02/2017 от Malwarebytes
# База данни : 2017-03-18.1 [Сървърна]
# Операционна Система : Windows 8.1 Connected  (X64)
# Потребителско име : Mat - ZDRAVE
# Изпълнява се от : C:\Users\Mat\Desktop\adwcleaner_6.044.exe
# Режим: Почистване
# Поддръжка : https://www.malwarebytes.com/support

***** [ Услуги ] *****

***** [ Папки ] *****

***** [ Файлове ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Преки пътища ] *****

***** [ Планирани Задачи ] *****

***** [ Регистър ] *****

***** [ Интернет Браузъри ] *****

[-] [C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Изтрит: ask.com
[-] [C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Изтрит: hxxp://www.omniboxes.com/?type=hp&ts=1435739360&z=2b2a0b8bd20ceb587af5c4fgfz4cbwdm4cct8cbwew&from=tti&uid=WDCXWD10JPCX-24UE4T0_WD-WXK1E8417USX17USX
[-] [C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default] [homepage] Изтрит: hxxp://www.omniboxes.com/?type=hp&ts=1435739360&z=2b2a0b8bd20ceb587af5c4fgfz4cbwdm4cct8cbwew&from=tti&uid=WDCXWD10JPCX-24UE4T0_WD-WXK1E8417USX17USX


*************************

:: "Tracing" ключовете бяха изтрити
:: Winsock настройките бяха изчистени

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1577 Байта] - [12/03/2017 12:41:37]
C:\AdwCleaner\AdwCleaner[C2].txt - [1229 Байта] - [12/03/2017 12:53:47]
C:\AdwCleaner\AdwCleaner[C3].txt - [1811 Байта] - [12/03/2017 13:07:07]
C:\AdwCleaner\AdwCleaner[C4].txt - [1595 Байта] - [12/03/2017 13:14:16]
C:\AdwCleaner\AdwCleaner[C5].txt - [2249 Байта] - [12/03/2017 19:56:50]
C:\AdwCleaner\AdwCleaner[C6].txt - [2850 Байта] - [12/03/2017 19:57:16]
C:\AdwCleaner\AdwCleaner[C7].txt - [2651 Байта] - [13/03/2017 17:37:31]
C:\AdwCleaner\AdwCleaner[C8].txt - [2181 Байта] - [19/03/2017 12:01:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [1591 Байта] - [12/03/2017 12:39:12]
C:\AdwCleaner\AdwCleaner[S10].txt - [2780 Байта] - [13/03/2017 17:48:10]
C:\AdwCleaner\AdwCleaner[S11].txt - [2854 Байта] - [13/03/2017 17:57:39]
C:\AdwCleaner\AdwCleaner[S12].txt - [3807 Байта] - [13/03/2017 18:04:17]
C:\AdwCleaner\AdwCleaner[S13].txt - [3886 Байта] - [13/03/2017 18:18:32]
C:\AdwCleaner\AdwCleaner[S14].txt - [3967 Байта] - [14/03/2017 15:29:53]
C:\AdwCleaner\AdwCleaner[S15].txt - [4046 Байта] - [17/03/2017 20:20:53]
C:\AdwCleaner\AdwCleaner[S16].txt - [4123 Байта] - [18/03/2017 18:54:13]
C:\AdwCleaner\AdwCleaner[S17].txt - [4335 Байта] - [19/03/2017 11:57:15]
C:\AdwCleaner\AdwCleaner[S1].txt - [1338 Байта] - [12/03/2017 12:53:00]
C:\AdwCleaner\AdwCleaner[S2].txt - [1433 Байта] - [12/03/2017 13:00:48]
C:\AdwCleaner\AdwCleaner[S3].txt - [1902 Байта] - [12/03/2017 13:05:31]
C:\AdwCleaner\AdwCleaner[S4].txt - [1703 Байта] - [12/03/2017 13:13:59]
C:\AdwCleaner\AdwCleaner[S5].txt - [1798 Байта] - [12/03/2017 13:25:09]
C:\AdwCleaner\AdwCleaner[S6].txt - [2267 Байта] - [12/03/2017 13:46:51]
C:\AdwCleaner\AdwCleaner[S7].txt - [2340 Байта] - [12/03/2017 18:33:48]
C:\AdwCleaner\AdwCleaner[S8].txt - [2559 Байта] - [13/03/2017 17:26:34]
C:\AdwCleaner\AdwCleaner[S9].txt - [2733 Байта] - [13/03/2017 17:35:49]

########## EOF - C:\AdwCleaner\AdwCleaner[C8].txt - [3671 Байта] ##########

AdwCleaner[S17].txt

Линк към този отговор
Сподели в други сайтове

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 8.1 Connected x64 
Ran by Mat (Administrator) on ­Ґ¤ 19.03.2017 Ј. at 12:12:24,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 3 

Successfully deleted: C:\ProgramData\esellerate (Folder) 
Successfully deleted: C:\windows\hgfs.sys (File) 
Successfully deleted: C:\windows\prleth.sys (File) 

Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ­Ґ¤ 19.03.2017 Ј. at 12:15:56,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Линк към този отговор
Сподели в други сайтове

Да,първоначалният проблем си остава.Трите заплахи които се виждат в лога на AdwCleaner и уж се трият,пак се възстановяват след отваряне на Google Chrome.Как се маха това нещо за постоянно?

Линк към този отговор
Сподели в други сайтове

А това направихте ли..:

Цитат

Следвайте инструкциите от стъпка 1, за да почистите вашия браузър Chrome чрезchrome_cleanup_tool

Clean Chrome of unwanted ads, pop-ups, & malware - Chrome Help

Chrome Cleanup Tool

Нали само в Chrome е проблема..?

Линк към този отговор
Сподели в други сайтове
Цитат

Тcpip\Parameters: [DhcpNameServer] 212.39.90.42 8.8.8.8
Tcpip\..\Interfaces\{1A12D0E6-4762-47F6-A801-BE161ABACF99}: [DhcpNameServer] 150.209.1.3
Tcpip\..\Interfaces\{6E8CF172-AF6F-4E98-9153-00479EF19E28}: [DhcpNameServer] 212.39.90.42 8.8.8.8

А тези Dhcp познати ли ви са ...? Това повдигнатото е от United States

Линк към този отговор
Сподели в други сайтове

Освен това да направим следното:

Изтеглете Process Monitor и я разархивирайте на удобно място и стартирайте файла Procmon.exe. От меню Options изберете Enable Boot Logging и потвърдете с OK. Рестартирайте системата.След това направете сканиране с AdwCleaner и ако проблемните редовете се появят ги почистете. Рестартирайте системата .Стартирайте Process Monitor отново (да работи около 10 - на минути) и на въпроса за запазване на събраната информация отговорете с Yes. Запазете файла на удобно място, архивирайте го с архиватор по избор, качете го на някой файлов хостинг и публикувайте линк за изтегляне на архива в следващия си коментар.

Идеята е да засечем коя е причината след изтриване  да се появяват отново проблемните записи..

Линк към този отговор
Сподели в други сайтове

Здравейте..! Всъщност след консултация с екипа на AdwCleaner  се оказа че най - вероятната причина за проблема е синхронизацията на Chome с облака. Ако се спре проблема трябва да изчезне

Цитат

Hello!

The Chrome stuff should be linked to the Synchronization. Please let me know if it's not gone after the user has disabled and reset it, but I'm pretty sure it is.

 

п.п.Благодаря на B-boy/StyLe/ за съдействието...! :)

Линк към този отговор
Сподели в други сайтове

Нулиране на синхронизирането в Chrome

..след което направете нова проверка с AdwCleaner по инструкцията:

 

BY4dvz9.png Сканиране с AdwCleaner

 
Моля, изтеглете и стартирайте програмата Malwarebytes AdwCleaner (by Xplode):

  • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте A49sxPr.pngScan (провери).
  • След завършване, кликнете на 6cyn5v5.pngLogfile (дневник).Ще се отвори прозорец в който се намира дневника (AdwCleaner [S0] .txt).Кликнете два пъти върх реда и ще се отвори съдържанието на дневника.Публикувайте го в следващия си пост
  • Върнете се към основния прозорец на AdwCleaner .маркирайте MqHawIb.pngClean (Почисти)
  • Следвайте указанията и разрешете на компютъра да се рестартира.
  • След рестарта ще се отвори дневник AdwCleaner[C0].txt . Моля копирайте съдържанието на лог файла в следващия си пост.

 Пишете за резултата...! :) 

Линк към този отговор
Сподели в други сайтове

# AdwCleaner v6.044 - Дневникът е създаден 23/03/2017 в 23:50:24
# Обновен на 28/02/2017 от Malwarebytes
# База данни : 2017-03-23.2 [Сървърна]
# Операционна Система : Windows 8.1 Connected  (X64)
# Потребителско име : Mat - ZDRAVE
# Изпълнява се от : C:\Users\Mat\Desktop\adwcleaner_6.044.exe
# Режим: Почистване
# Поддръжка : https://www.malwarebytes.com/support

***** [ Услуги ] *****

***** [ Папки ] *****

***** [ Файлове ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Преки пътища ] *****

***** [ Планирани Задачи ] *****

***** [ Регистър ] *****

***** [ Интернет Браузъри ] *****

[-] [C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Изтрит: ask.com
[-] [C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Изтрит: hxxp://www.omniboxes.com/?type=hp&ts=1435739360&z=2b2a0b8bd20ceb587af5c4fgfz4cbwdm4cct8cbwew&from=tti&uid=WDCXWD10JPCX-24UE4T0_WD-WXK1E8417USX17USX
[-] [C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default] [homepage] Изтрит: hxxp://www.omniboxes.com/?type=hp&ts=1435739360&z=2b2a0b8bd20ceb587af5c4fgfz4cbwdm4cct8cbwew&from=tti&uid=WDCXWD10JPCX-24UE4T0_WD-WXK1E8417USX17USX


*************************

:: "Tracing" ключовете бяха изтрити
:: Winsock настройките бяха изчистени

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1577 Байта] - [12/03/2017 12:41:37]
C:\AdwCleaner\AdwCleaner[C2].txt - [1229 Байта] - [12/03/2017 12:53:47]
C:\AdwCleaner\AdwCleaner[C3].txt - [1811 Байта] - [12/03/2017 13:07:07]
C:\AdwCleaner\AdwCleaner[C4].txt - [1595 Байта] - [12/03/2017 13:14:16]
C:\AdwCleaner\AdwCleaner[C5].txt - [2249 Байта] - [12/03/2017 19:56:50]
C:\AdwCleaner\AdwCleaner[C6].txt - [2850 Байта] - [12/03/2017 19:57:16]
C:\AdwCleaner\AdwCleaner[C7].txt - [2651 Байта] - [13/03/2017 17:37:31]
C:\AdwCleaner\AdwCleaner[C8].txt - [3755 Байта] - [19/03/2017 12:01:20]
C:\AdwCleaner\AdwCleaner[C9].txt - [2259 Байта] - [23/03/2017 23:50:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [1591 Байта] - [12/03/2017 12:39:12]
C:\AdwCleaner\AdwCleaner[S10].txt - [2780 Байта] - [13/03/2017 17:48:10]
C:\AdwCleaner\AdwCleaner[S11].txt - [2854 Байта] - [13/03/2017 17:57:39]
C:\AdwCleaner\AdwCleaner[S12].txt - [3807 Байта] - [13/03/2017 18:04:17]
C:\AdwCleaner\AdwCleaner[S13].txt - [3886 Байта] - [13/03/2017 18:18:32]
C:\AdwCleaner\AdwCleaner[S14].txt - [3967 Байта] - [14/03/2017 15:29:53]
C:\AdwCleaner\AdwCleaner[S15].txt - [4046 Байта] - [17/03/2017 20:20:53]
C:\AdwCleaner\AdwCleaner[S16].txt - [4123 Байта] - [18/03/2017 18:54:13]
C:\AdwCleaner\AdwCleaner[S17].txt - [4335 Байта] - [19/03/2017 11:57:15]
C:\AdwCleaner\AdwCleaner[S18].txt - [4492 Байта] - [20/03/2017 22:36:03]
C:\AdwCleaner\AdwCleaner[S19].txt - [4571 Байта] - [23/03/2017 23:49:16]
C:\AdwCleaner\AdwCleaner[S1].txt - [1338 Байта] - [12/03/2017 12:53:00]
C:\AdwCleaner\AdwCleaner[S2].txt - [1433 Байта] - [12/03/2017 13:00:48]
C:\AdwCleaner\AdwCleaner[S3].txt - [1902 Байта] - [12/03/2017 13:05:31]
C:\AdwCleaner\AdwCleaner[S4].txt - [1703 Байта] - [12/03/2017 13:13:59]
C:\AdwCleaner\AdwCleaner[S5].txt - [1798 Байта] - [12/03/2017 13:25:09]
C:\AdwCleaner\AdwCleaner[S6].txt - [2267 Байта] - [12/03/2017 13:46:51]
C:\AdwCleaner\AdwCleaner[S7].txt - [2340 Байта] - [12/03/2017 18:33:48]
C:\AdwCleaner\AdwCleaner[S8].txt - [2559 Байта] - [13/03/2017 17:26:34]
C:\AdwCleaner\AdwCleaner[S9].txt - [2733 Байта] - [13/03/2017 17:35:49]

########## EOF - C:\AdwCleaner\AdwCleaner[C9].txt - [3907 Байта] ##########
 

След нулиране на синхронизирането всичко се оправи.

Линк към този отговор
Сподели в други сайтове
преди 15 часа, Alpine Trail написа:

След нулиране на синхронизирането всичко се оправи.

Здравейте..! Това е прекрасна новина..! В такъв случай да премахнем програмите които използвахме:

 

7k2Zu73R.png.0a6a6ba63fa68fb3917cffc81bf0ccab.png Изтеглете DelFix и го стартирайте. Сложете отметка пред:

  • Remove disinfection tools <----- това ще премахне инструментите които сме използвали
  • Create registry backup <----- тази опция ще създадете резервно копие от регистъра на Windows
  • Purge system restore <---  това ще премахне всички предишни точки за възстановяване, ще бъде създадена нова точка  на състоянието на системата в момента.
  • Reset system settings <--- това ще нулира всички настройки на системата и по подразбиране, които са били променени или от нас по време на почистването или от зловреден софтуер / инфекция

DelFix.png.6f92057f93286acd2741e87aeb5876d9.png

..и след това натиснете бутона Run

  • След като операцията е завърши,ще се създаде дневник
  • Копирате го и го поставите в следващия си отговор

Инструмента ще се самоизтрие след като приключи своята задача!

Ако има нещо което използвахме в лечението до тук и не се е премахнало след последните инструкции го премахнете ръчно ,по стандартните методи..!

 

pfNZP4A.png  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • DelFix
Линк към този отговор
Сподели в други сайтове

# DelFix v1.013 - Logfile created 26/03/2017 at 19:50:34
# Updated 17/04/2016 by Xplode
# Username : Mat - ZDRAVE
# Operating System : Windows 8.1 Connected  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Mat\Desktop\FRST-OlderVersion
Deleted : C:\Users\Mat\Desktop\Addition.txt
Deleted : C:\Users\Mat\Desktop\adwcleaner_6.044.exe
Deleted : C:\Users\Mat\Desktop\Fixlog.txt.lnk
Deleted : C:\Users\Mat\Desktop\FRST.txt
Deleted : C:\Users\Mat\Desktop\JRT.exe
Deleted : C:\Users\Mat\Desktop\JRT.txt
Deleted : C:\Users\Mat\Desktop\RogueKiller-14.03.2017.txt
Deleted : C:\Users\Mat\Desktop\RogueKiller.exe
Deleted : C:\Users\Mat\Desktop\RogueKillerX64.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #218 [Restore Point Created by FRST | 03/18/2017 16:35:12]
Deleted : RP #219 [JRT Pre-Junkware Removal | 03/19/2017 10:12:32]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

Линк към този отговор
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от Yanichka
      Здравейте. Имам проблеми с лаптопа ми от известно време - много е бавен, пренатоварва се и CPU-то работи на по-малко от  50%.. Бях посъветвана първо да проверя за вируси и нежелани софтуери, преди да предприема други мерки. Лаптопът е DELL Latitude E5540, Intel inside core i7 vPro. Да кажем, че  е средно на около 6 годинки :)) Коя антивирусна програма бихте ми препоръчали? Ако имате нужда от още информация за лаптопа, само пишете ;))  Благодаря предварително
    • от Ivelin _
      Здравейте, отскоро спряха да ми се пускат някои програми - отначало  една игра от steam, обаче забелязах че и malwarebytes, и прозореца на windows defender се затваря малко след като се отвори.
      През safe mode пуснах malwarebytes, откри уж някакви вируси, карантинира ги, обаче не се оправи.
      Идея какво може да е?
      И в task manager Antimalware Executable заема 19-21% от процесора и 200-300мб рам
      FRST.txt
      Addition.txt
    • от pyrpyl
      Здравейте, нуждая се от компетентната Ви помощ. На личния ми лаптоп наблюдавам подозрителна активност от известно време. Произволно се включва браузера Google Chrome с първоначално адресиране към lktoday.ru и веднага се пренасочва към 'horux – Antivirus, Forex, Insurance horux.cz'. Не знам как се е промъкнала гадината, ползвам безплатната версия на Авира - явно не върши добра работа. Моля да ми препоръчате и добра безплатна антивирусна, ако има такава. Прилагам файловете.
      Предварително Ви благодаря. 
      FRST.txt Addition.txt
    • от Цветелин Киров
      Здравейте.
      Не съм се обръщал за ваша помощ от доста време.
      Та направо към проблема.😉
      От доста време имам странни проблеми с моят Лаптоп
      HP модел 15-da009Inu
      С операционна система WIndows 10 Pro
      С Видео карти NVIDIA Geforce MX-110 2Gb и Intel(R) UHD Graphics 1GB.
      С Процесор QuadCore Intel Pentium Silver N5000, 2600 MHz (26 x 100)
      С Рам DDR4-8GB

      Всичко започна преди около месец.
       Windows Dеfender започна да извлича съобщения (Потенциално нежелания приложения).
      След което опитах да ги премахна:
      -Първо през програмата.
      И след това ръчно.

      При първият вариант след като настисна опцията Remove или Quarantine.
      Започваше да зарежда и нищо не се слуваше в продължание на часуве.
      Изтеглих Антивирусните Zemana Anti Maware и Maware Bytes.

      След като пуснах проверка.
      Първата антививирусна засече Троянски кон.
      Но не запазих лог файла.
      Втората нищо не откри.
      Съответно и 2-те ги деинсталирах.
      Днес повторих същото и пак същият вирус като отново не запазих лог файла.

      При вториат варинат забелязах ,че това са програми който ползвам.
      Но открива и вируси който не се премахват по никакъв начин!

      В Windows Defender Съобщенията са твърде много и нито едно не реагира на премахване.
      Започва процедурата по отсраняване .Зарежда и до там.
      А ме дразни ,че почти всеки ден се появяват!
      Не зная какво може да е заразило системата но на моменти доста бавно зарежда.

      Прикачвам Лог-Файловете от FRST
      И снимка на Defender
      FRST.txt Addition.txt

  • Дарение

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване