Премини към съдържанието

Препоръчан отговор


Здравейте,

Търся помощ за следния проблем - от няколко дни, като се опитам да стартирам медия плейър, торент програма и дори Avira, ми излиза грешка 'COM Surrogate спря да работи', която не изчезва, докато не затворя съответната програма. Имам чувството, че проблемът се разпространява и по други програми. Нямам ОС диск, ето лога:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-09-2017
Ran by Lena (administrator) on ELE (01-10-2017 10:33:03)
Running from C:\Users\Lena\Desktop
Loaded Profiles: Lena (Available Profiles: Lena)
Platform: Windows 8.1 Pro (X64) Language: Английски (Обединено кралство)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(ASUS) C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(STMicroelectronics) C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\48.0.2685.32\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ASUS HDD Protection Tray Application] => C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe [54272 2013-12-04] (STMicroelectronics)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [919032 2017-09-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [{7a4579ba-01bc-4cca-b13c-451f77ab96b6}] => C:\ProgramData\Package Cache\{7a4579ba-01bc-4cca-b13c-451f77ab96b6}\Avira.OE.Setup.Bundle.exe [1288960 2017-09-28] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27214296 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\...\Run: [Spotify Web Helper] => C:\Users\Lena\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-05-07] (Spotify Ltd)
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\...\Run: [Spotify] => C:\Users\Lena\AppData\Roaming\Spotify\Spotify.exe [7064176 2017-05-07] (Spotify Ltd)
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\...\MountPoints2: {b97f3f73-4e73-11e5-8263-801934637ecc} - "E:\SETUP.EXE" 
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\...\MountPoints2: {b97f4291-4e73-11e5-8263-801934637ecc} - "G:\SETUP.EXE" 
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\...\MountPoints2: {c63ff7f0-a126-11e7-8284-801934637ecc} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\...\MountPoints2: {ea505492-4bf1-11e5-8260-801934637ecc} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWOW64\ASUS.scr
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.39.90.42 8.8.8.8
Tcpip\..\Interfaces\{04D1F568-9DB5-4D56-8CA5-64FC1C79595E}: [DhcpNameServer] 212.39.90.42 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2995889451-2405539215-1952637314-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-04-24] (pdfforge GmbH)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-18] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-18] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-24] (pdfforge GmbH)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
IE Session Restore: HKU\S-1-5-21-2995889451-2405539215-1952637314-1001 -> is enabled.

FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\ZwRfThxB.default [2017-09-30]
FF Extension: (Avira Browser Safety) - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\ZwRfThxB.default\Extensions\abs@avira.com.xpi [2017-09-08]
FF Extension: (AdBlock) - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\ZwRfThxB.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-09-08]
FF Extension: (Rikaichan Japanese-English Dictionary File) - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\ZwRfThxB.default\Extensions\rikaichan-jpen@polarcloud.com [2017-04-25]
FF Extension: (Rikaichan) - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\ZwRfThxB.default\Extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}.xpi [2017-04-25]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: (PDF Architect 3 Creator) - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-08-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-05-15] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-18] (Oracle Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Evernote Web Clipper) - C:\Users\Lena\AppData\Roaming\Opera Software\Opera Stable\Extensions\afgbccjghcnbcdjgogpckamibfkceahd [2017-09-24]
OPR Extension: (AdBlock) - C:\Users\Lena\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2016-05-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-09-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-09-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-09-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-09-01] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [404816 2017-09-13] (Avira Operations GmbH & Co. KG)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-05-21] (SurfRight B.V.)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-05-09] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-18] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R3 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TransformService; C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe [69776 2014-04-30] (ASUS) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-05-17] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-17] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
S2 McAfee SiteAdvisor Service; "c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [60920 2017-06-17] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176856 2017-09-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [167464 2017-09-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [44488 2017-03-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [88488 2017-03-24] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
R3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-08-30] (Disc Soft Ltd)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-08-08] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [192456 2014-05-09] (Intel Corporation)
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ST_ACCEL; C:\Windows\system32\DRIVERS\ST_Accel.sys [83456 2013-09-14] (STMicroelectronics)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-05-17] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [237400 2014-05-17] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-05-17] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-01 10:33 - 2017-10-01 10:33 - 000022799 _____ C:\Users\Lena\Desktop\FRST.txt
2017-10-01 10:32 - 2017-10-01 10:32 - 000000000 ____D C:\Users\Lena\Desktop\FRST-OlderVersion
2017-09-28 22:01 - 2017-09-28 22:01 - 000003122 _____ C:\Windows\System32\Tasks\Avira SystrayStartTrigger
2017-09-24 16:12 - 2017-10-01 10:33 - 000000000 ____D C:\FRST
2017-09-24 16:10 - 2017-10-01 10:32 - 002399744 _____ (Farbar) C:\Users\Lena\Desktop\FRST64.exe
2017-09-16 13:33 - 2017-09-16 13:33 - 000000302 _____ C:\Users\Lena\Downloads\Viber messages.zip
2017-09-09 16:54 - 2017-09-09 16:57 - 135026070 _____ C:\Users\Lena\Downloads\Lightning_65288__12521__12452__12488__12491__12531__12464__65289_2017_24180_02_26376__21495_Vol_274.cbr
2017-09-09 16:54 - 2017-09-09 16:56 - 091767852 _____ C:\Users\Lena\Downloads\LDK__12456__12523__12539__12487__12451__12540__12539__12465__12540__2017_24180_05_26376__21495.cbr
2017-09-09 16:53 - 2017-09-09 16:54 - 073898244 _____ C:\Users\Lena\Downloads\GO_OUT__12468__12540__12450__12454__12488__2017_24180_03_26376__21495.cbr
2017-09-08 12:37 - 2017-09-08 15:56 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-09-08 12:37 - 2017-09-08 14:07 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-09-08 12:37 - 2017-09-08 12:37 - 000001409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-09-08 12:37 - 2017-09-08 12:37 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-09-08 12:37 - 2017-09-08 12:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-09-08 12:37 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2017-09-08 12:04 - 2017-09-08 12:04 - 000014518 _____ C:\Users\Lena\Downloads\[avistaz.to] Double Vision (2002).torrent
2017-09-07 12:10 - 2017-09-07 12:10 - 000479796 _____ C:\Users\Lena\Downloads\wetransfer-f2f579.zip
2017-09-07 12:09 - 2017-09-07 12:09 - 002526579 _____ C:\Users\Lena\Downloads\FILE X PROD  PREVIEW PE18 CAPASCA.zip
2017-09-07 12:09 - 2017-09-07 12:09 - 002526579 _____ C:\Users\Lena\Downloads\FILE X PROD  PREVIEW PE18 CAPASCA (1).zip
2017-09-04 22:25 - 2017-09-24 15:57 - 000506398 _____ C:\Windows\system32\perfh011.dat
2017-09-04 22:25 - 2017-09-24 15:57 - 000135664 _____ C:\Windows\system32\perfc011.dat
2017-09-04 22:25 - 2017-09-04 22:23 - 000144476 _____ C:\Windows\system32\perfi011.dat
2017-09-04 22:25 - 2017-09-04 22:23 - 000033362 _____ C:\Windows\system32\perfd011.dat
2017-09-04 22:23 - 2017-09-04 22:23 - 000000000 ____D C:\Windows\SysWOW64\XPSViewer
2017-09-04 22:23 - 2017-09-04 22:23 - 000000000 ____D C:\Windows\SysWOW64\ja
2017-09-04 22:23 - 2017-09-04 22:23 - 000000000 ____D C:\Windows\system32\ja
2017-09-04 22:15 - 2013-08-21 22:15 - 000248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lzhfldr2.dll
2017-09-04 22:14 - 2013-08-22 05:30 - 000267264 _____ (Microsoft Corporation) C:\Windows\system32\lzhfldr2.dll
2017-09-02 13:04 - 2017-09-02 20:14 - 000168550 _____ C:\Windows\ntbtlog.txt
2017-09-01 18:25 - 2017-09-01 18:25 - 000322279 _____ C:\Users\Lena\Downloads\IPL.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-01 10:03 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\system32\NDF
2017-10-01 09:09 - 2016-04-24 14:49 - 000000035 _____ C:\Users\Lena\AppData\Roaming\sp_data.sys
2017-09-30 21:47 - 2015-10-29 12:58 - 000000000 ____D C:\Users\Lena\AppData\Roaming\vlc
2017-09-30 21:47 - 2015-08-28 10:13 - 000000000 ____D C:\KMPlayer
2017-09-30 10:12 - 2016-01-24 16:52 - 000022069 _____ C:\Users\Lena\Documents\Bilancio.xlsx
2017-09-30 09:58 - 2015-08-26 16:03 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2995889451-2405539215-1952637314-1001
2017-09-30 09:48 - 2017-06-30 19:45 - 000001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2017-09-30 09:48 - 2015-08-27 08:12 - 000003836 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1440652343
2017-09-30 09:48 - 2015-08-27 08:12 - 000000000 ____D C:\Program Files (x86)\Opera
2017-09-28 22:01 - 2016-04-24 12:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-09-28 22:00 - 2014-11-02 01:29 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-24 15:58 - 2015-08-27 10:57 - 000000000 ____D C:\Users\Lena\AppData\Roaming\uTorrent
2017-09-24 15:57 - 2014-03-18 18:25 - 001496524 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-24 15:57 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Inf
2017-09-24 15:49 - 2013-08-22 17:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-24 15:49 - 2013-08-22 16:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-09-17 14:15 - 2016-11-02 23:30 - 000000000 ____D C:\Users\Lena\Documents\ViberDownloads
2017-09-17 13:37 - 2017-08-27 12:39 - 000000000 ____D C:\Users\Lena\AppData\Local\Viber
2017-09-17 13:37 - 2016-11-02 23:28 - 000000000 ____D C:\Users\Lena\AppData\Roaming\ViberPC
2017-09-10 10:36 - 2017-08-12 12:39 - 000019907 _____ C:\Users\Lena\Desktop\gaikokugo.xlsx
2017-09-08 12:58 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\tracing
2017-09-08 11:24 - 2017-05-20 16:38 - 000000000 ____D C:\Users\Lena\AppData\LocalLow\Mozilla
2017-09-07 08:59 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\rescache
2017-09-04 22:25 - 2013-08-22 18:20 - 000000000 ____D C:\Windows\CbsTemp
2017-09-04 22:24 - 2014-03-18 18:10 - 000000000 ____D C:\Program Files\Windows Journal
2017-09-04 22:24 - 2014-03-18 17:58 - 000000000 ____D C:\Windows\SysWOW64\winrm
2017-09-04 22:24 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\WinStore
2017-09-04 22:24 - 2013-08-22 18:36 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-04 22:24 - 2013-08-22 18:36 - 000000000 ____D C:\Program Files\Windows Defender
2017-09-04 22:24 - 2013-08-22 18:36 - 000000000 ____D C:\Program Files\Common Files\System
2017-09-04 22:24 - 2013-08-22 18:36 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-04 22:24 - 2013-08-22 18:36 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-09-04 22:24 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\SysWOW64\oobe
2017-09-04 22:24 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\servicing
2017-09-04 22:23 - 2014-03-18 17:58 - 000000000 ____D C:\Windows\SysWOW64\WCN
2017-09-04 22:23 - 2014-03-18 17:58 - 000000000 ____D C:\Windows\SysWOW64\slmgr
2017-09-04 22:23 - 2014-03-18 17:58 - 000000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2017-09-04 22:23 - 2014-03-18 17:58 - 000000000 ____D C:\Windows\system32\winrm
2017-09-04 22:23 - 2014-03-18 17:58 - 000000000 ____D C:\Windows\system32\WCN
2017-09-04 22:23 - 2014-03-18 17:58 - 000000000 ____D C:\Windows\system32\slmgr
2017-09-04 22:23 - 2014-03-18 17:58 - 000000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2017-09-04 22:23 - 2013-08-22 18:36 - 000000000 ___SD C:\Windows\system32\dsc
2017-09-04 22:23 - 2013-08-22 18:36 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2017-09-04 22:23 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\SysWOW64\MUI
2017-09-04 22:23 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\SysWOW64\Com
2017-09-04 22:23 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2017-09-04 22:23 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\system32\MUI
2017-09-04 22:23 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\system32\migwiz
2017-09-04 22:23 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\system32\Com
2017-09-04 22:23 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-09-04 22:23 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\IME
2017-09-04 22:23 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\Help
2017-09-04 22:23 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\FileManager
2017-09-04 22:23 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\SysWOW64\Dism
2017-09-04 22:23 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\Sysprep
2017-09-04 22:23 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\oobe
2017-09-04 22:23 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\Dism
2017-09-03 18:52 - 2015-08-27 13:59 - 000000000 ____D C:\Users\Lena\AppData\Roaming\Skype
2017-09-02 13:35 - 2015-10-11 16:29 - 000113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-02 13:08 - 2015-09-11 17:22 - 000000000 ____D C:\Users\Lena\AppData\Local\ElevatedDiagnostics
2017-09-02 12:53 - 2015-12-04 13:24 - 000007605 _____ C:\Users\Lena\AppData\Local\Resmon.ResmonCfg
2017-09-01 22:46 - 2016-04-24 12:14 - 000176856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-09-01 22:46 - 2016-04-24 12:14 - 000167464 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-09-01 18:41 - 2016-01-08 09:52 - 000078312 _____ C:\Users\Lena\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2015-10-29 15:34 - 2015-10-29 15:53 - 000000132 _____ () C:\Users\Lena\AppData\Roaming\Adobe GIF Format CS5 Prefs
2015-09-01 17:19 - 2016-09-12 20:09 - 000000132 _____ () C:\Users\Lena\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-04-24 14:49 - 2017-10-01 09:09 - 000000035 _____ () C:\Users\Lena\AppData\Roaming\sp_data.sys
2015-10-29 15:55 - 2017-05-21 17:06 - 000001456 _____ () C:\Users\Lena\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-12-04 13:24 - 2017-09-02 12:53 - 000007605 _____ () C:\Users\Lena\AppData\Local\Resmon.ResmonCfg
2014-11-02 01:24 - 2014-11-02 01:24 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-02 01:39 - 2014-03-26 04:11 - 000000137 _____ () C:\ProgramData\RefreshReg.vbs
2014-05-17 01:11 - 2014-03-26 23:50 - 000000124 _____ () C:\ProgramData\SetStretch.cmd
2014-05-17 01:11 - 2009-07-22 13:04 - 000024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-17 01:11 - 2012-09-07 14:37 - 000000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\RefreshReg.vbs


Some files in TEMP:
====================
2016-04-24 12:15 - 2017-09-08 13:43 - 000000000 ____D () C:\Users\Lena\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-24 16:49

==================== End of FRST.txt ============================

 

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стъпка 1

Деинсталирайте от контролния панел:

Spybot - Search & Destroy

 

Стъпка 2

Прикачете следните два файла за анализиране във https://www.virustotal.com/bg/ и дайте линкове от анализите:

C:\Windows\SysWOW64\lzhfldr2.dll
C:\Windows\system32\lzhfldr2.dll

Забележка: Файловете може да са скрити!

 

Стъпка 3

Изтеглете файла fixlist и го запазете на вашия десктоп.

  • Стартирайте FRST.exe и натиснете бутона FIX веднъж!
  • Почистването ще започне, не използвайте системата!
  • След като приключи, ако ви поиска рестартиране, съгласете се.
  • След като зареди системата публикувайте лог файла с име fixlog.txt, който се намира на десктопа Ви.

Забележка: Текущия фикс да не се използва на други системи!

 

Стъпка 4

Моля изтеглете Malwarebytes Anti-Malware 3.2.2.2018 Final и я запазете на вашия десктоп.

  • Стартирайте файла mb3-setup-consumer-3.2.2.2018.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи програмата ще стартира автоматично.
  • Отидете до табът Settings => Protection > и под категорията Scan Options включете опцията "Scan for rootkits" като преместите плъзгача надясно.

xTvORSF.png

  • Отидете до табът Scan, и изберете Custom Scan и след това натиснете бутона Configure Scan.

AtYgjcc.png

  • Сложете всичките отметки и натиснете бутона Scan Now

aqnqDHI.png

  • Ще започне проверка за зловреден софтуер.

shUHK8O.png

  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи ще се появи списъка с резултатите (ако има намерени обекти). Ако програмата е минимизирана докато сканира ще се появи следното съобщение ако има открити заплахи. Натиснете бутона View Scan Results.

37b.png

  • . Натиснете бутона Quarantine Selected.

2CfXEk1.png

  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.

8Jc9dl9.png

  • След рестарта, стартирайте отново Malwarebytes Anti-Malware.
  • Отидете то табът Reports и отворете лог файла с името Scan Report.

X0ha4sd.png

  • Натиснете бутона Export и след това =>  "Copy to Clipboard"

fE9qzai.png

  • Поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

 

 

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Благодаря за бързия отговор!

Ето линковете от virustotal:

https://www.virustotal.com/bg/file/50dde53572b09ceefa334c0ff3a1e0a63c0eb98c68e1ef718dbf21d9bfd679e8/analysis/1506857949/

https://www.virustotal.com/bg/file/50dde53572b09ceefa334c0ff3a1e0a63c0eb98c68e1ef718dbf21d9bfd679e8/analysis/1506857949/

 

Когато стартирах FRST пак ми излезе 'COM surrogate спря да работи', но това не ми попречи да направя fix.

Проблемът е, че по време на fix-a, се включи Avira и блокира достъпа до host файловете. Копирам лога и моля за инструкции дали да продължа с Malwarebytes. Благодаря.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-10-2017
Ran by Lena (01-10-2017 14:43:40) Run:1
Running from C:\Users\Lena\Desktop
Loaded Profiles: Lena (Available Profiles: Lena)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\...\MountPoints2: {b97f3f73-4e73-11e5-8263-801934637ecc} - "E:\SETUP.EXE" 
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\...\MountPoints2: {b97f4291-4e73-11e5-8263-801934637ecc} - "G:\SETUP.EXE" 
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\...\MountPoints2: {c63ff7f0-a126-11e7-8284-801934637ecc} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\...\MountPoints2: {ea505492-4bf1-11e5-8260-801934637ecc} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2995889451-2405539215-1952637314-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S2 McAfee SiteAdvisor Service; "c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe" [X]
U0 msahci; system32\drivers\msahci.sys [X]
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
C:\Program Files\Common Files\mcafee
2017-09-08 12:37 - 2017-09-08 15:56 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-09-08 12:37 - 2017-09-08 14:07 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-09-08 12:37 - 2017-09-08 12:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-09-08 12:37 - 2017-09-08 12:37 - 000001409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-09-04 22:25 - 2017-09-24 15:57 - 000506398 _____ C:\Windows\system32\perfh011.dat
2017-09-04 22:25 - 2017-09-24 15:57 - 000135664 _____ C:\Windows\system32\perfc011.dat
2017-09-04 22:25 - 2017-09-04 22:23 - 000144476 _____ C:\Windows\system32\perfi011.dat
2017-09-04 22:25 - 2017-09-04 22:23 - 000033362 _____ C:\Windows\system32\perfd011.dat
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {3A66352B-05C5-44C2-AC0C-943C64CF521C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
2017-09-08 12:37 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-09-08 12:37 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-09-08 12:37 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-09-08 12:37 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
FirewallRules: [{DF5D9998-7C12-470B-977D-4F5189A1BE78}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
2014-11-02 01:24 - 2014-11-02 01:24 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-02 01:39 - 2014-03-26 04:11 - 000000137 _____ () C:\ProgramData\RefreshReg.vbs
2014-05-17 01:11 - 2014-03-26 23:50 - 000000124 _____ () C:\ProgramData\SetStretch.cmd
2014-05-17 01:11 - 2009-07-22 13:04 - 000024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-17 01:11 - 2012-09-07 14:37 - 000000103 _____ () C:\ProgramData\SetStretch.VBS
Hosts:
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
EmptyTemp:
Reboot:
end
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found. 
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b97f3f73-4e73-11e5-8263-801934637ecc} => key removed successfully
HKLM\Software\Classes\CLSID\{b97f3f73-4e73-11e5-8263-801934637ecc} => key not found. 
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b97f4291-4e73-11e5-8263-801934637ecc} => key removed successfully
HKLM\Software\Classes\CLSID\{b97f4291-4e73-11e5-8263-801934637ecc} => key not found. 
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c63ff7f0-a126-11e7-8284-801934637ecc} => key removed successfully
HKLM\Software\Classes\CLSID\{c63ff7f0-a126-11e7-8284-801934637ecc} => key not found. 
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea505492-4bf1-11e5-8260-801934637ecc} => key removed successfully
HKLM\Software\Classes\CLSID\{ea505492-4bf1-11e5-8260-801934637ecc} => key not found. 
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2995889451-2405539215-1952637314-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\System\CurrentControlSet\Services\McAfee SiteAdvisor Service => key removed successfully
McAfee SiteAdvisor Service => service removed successfully
HKLM\System\CurrentControlSet\Services\msahci => key removed successfully
msahci => service removed successfully
HKLM\System\CurrentControlSet\Services\mfeelamk => key removed successfully
mfeelamk => service removed successfully
"C:\Program Files\Common Files\mcafee" => not found.
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk" => not found.
C:\Windows\system32\perfh011.dat => moved successfully
C:\Windows\system32\perfc011.dat => moved successfully
C:\Windows\system32\perfi011.dat => moved successfully
C:\Windows\system32\perfd011.dat => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A66352B-05C5-44C2-AC0C-943C64CF521C} => key not found. 
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key not found. 
"C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll" => not found.
"C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl" => not found.
"C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl" => not found.
"C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF5D9998-7C12-470B-977D-4F5189A1BE78} => value removed successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\RefreshReg.vbs => moved successfully
C:\ProgramData\SetStretch.cmd => moved successfully
C:\ProgramData\SetStretch.exe => moved successfully
C:\ProgramData\SetStretch.VBS => moved successfully
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 16777216 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20263141 B
Java, Flash, Steam htmlcache => 922 B
Windows/system/drivers => 1611552 B
Edge => 0 B
Chrome => 0 B
Firefox => 379010269 B
Opera => 731669423 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 135091 B
systemprofile32 => 128 B
LocalService => 17486088 B
NetworkService => 6066 B
Lena => 59256716 B

RecycleBin => 2239236634 B
EmptyTemp: => 3.2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-10-2017 14:46:08)

"C:\Windows\System32\Drivers\etc\hosts" => Could not move
Could not restore Hosts.

==== End of Fixlog 14:46:09 ====

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Проблемът засега изчезна, благодаря много за помощта.

Ето и лога на Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/1/17
Scan Time: 4:21 PM
Log File: 77319644-a6ab-11e7-9e78-801934637ecc.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2926
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Ele\Lena

-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 397296
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 4 hr, 19 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.InstallCore, D:\BOCCONI\THESIS\THESIS 1\L\JOURNAL.OF.APPLIED.SOCIAL.PSYCHOLOGY.VOL.41.NO.6.JUN.2011.PDF.FULL_DOWNLOADER.EXE, Quarantined, [2], [99885],1.0.2926

Physical Sector: 0
(No malicious items detected)


(end)

В крайна сметка, каква може да е била причината за проблема?

 


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Оправи ли се проблема?

Стъпка 1

Изтеглете: 8864097u.png ADWCleaner.

  • Затворете всички браузъри и стартирайте AdwCleaner.exe.
  • Натиснете бутона SCAN.
  • След като приключи проверката натиснете бутона CLEAN.
  • Програмата ще затвори излишния софтуер и ще започне почистването.
  • След като приключи почистването ADWCleaner ще поиска рестарт. Съгласете се.
  • След зареждането на системата отидете до: C:\AdwCleaner и потърсете лог файл с името AdwCleaner[C0].txt.
  • Публикувайте съдържанието на "AdwCleaner[C0]" в следващия Ви коментар.

 

Стъпка 2

Изтеглете: QlYrtp7.jpg HitmanPro.

  • Запазете файла на вашия десктоп.
  • Стартирайте програмата.

Забележка: Програмата ще се актуализира, след актуализацията HitmanPro ще се рестартира.

  • Натиснете бутона "Напред".
  • Сложете отметка на лицензионното споразумение и натиснете отново бутона "Напред".
  • Кликнете върху "Не, искам да извърша еднократно сканиране на компютъра" и натиснете бутона "Напред".
  • Програмата ще започне да сканира. Сканирането ще отнеме ~2 минути.
  • След като сканирането приключи от списъка с намерените обекти(ако има такива) изберете Apply to all => Ignore.
  • Натиснете бутона "Next" и след това бутона "Изнеси резултатите от сканирането в XML файл" и запазете лог файла на десктопа.
  • Отворете лог файла, копирайте съдържанието му и го поставете в следващия Ви коментар.

Забележка: Ако от падащото меню няма Ignore тогава просто затворете програмата след края на проверката без да премахвате нищо!

От My Computer => Tools => Folder Options => View => Сложете отметка пред "Show hidden files, folders and drives".
Натиснете Apply.

Влезте в C:\Programdata\HitmanPro\Logs прикачете лога към следващия Ви коментар.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

За да ти дам още стъпки, значи има още неща, които трябва да се премахнат и да се провери системата отново.  Кое причинява грешката е трудно да се каже, доста неща се изчистиха, вероятно едно от всичките. ;) 

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Темата се маркира като решена, защото основният проблем е решен, а останалото бяха просто профилактични проверки.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от kalinm
      Здравейте,
      Имам проблем с JRT и AdwCleaner. Имам ги и двете, но не могат да се стартират. Като щракна в папката на AdwCleaner, се затваря файловия мениджър (експлорер) и не мога да достигна до .ехе файла. Същото се случва и когато отида на страницата за изтегляне на AdwCleaner. Явно имам някаква зараза. Това се случи, след сваляне на една програма  и се накачиха вируси, които засече Windows Defender и уж ги изчисти, но това остана като проблем.
      Промени се и началната страница за зареждане на мозилата, но го оправих. Дори текстов файл, в заглавието на който има име AdwCleaner не се отворя. По някакъв начин един път успях да отворя програмата AdwCleaner и сканирам компа, която откри доста неща, които  видях в лог файла след сканирането, че са премахнати и докато се наканих да го запаша в друга директория, той се затвори и се е записал в папката на AdwCleaner, която не мога да отворя. Добре че първия текстов лог файл при първоначалното сканиране записах какво е открил, но го преименувах с име промяна.txt , защото с име AdwCleaner(...).тхт не се отваря. Прикачвам го.
      JRT уж се стартира, но приключва без видимо стартиране.
      Въпросът ми е, може ли да ми помогнете с решаването на този проблем.
      За всеки случай, моят Е-майл: kalinm@gbg.bg. Използвам лицензиран Windows 10 Home, който актуализирах да последната версия 1803 на 7 май.
      Интересното е, че и точките за възстановяване на системата ги няма. Все едно че тази опция не е избирана, т.е. казва ми да включа опцията за възстановяване. А беше включена...
      Дефендера казва, че няма вируси, но явно има нещо много нередно.
      А не ми се иска да преинсталирам
      В момента не разполагам с компакт диск за операционната система WINDOWS 10 Home 64 bit for OEM версия 1511, тъй като съм в друго населено място. Имам диск дори и втори, който създадох миналата година с по-новата версия  1607, но не са при мен, но разполагам с  Регистрационния 25-знаков продуктов ключ. Сега съм с Windows 10 Home последната версия 1803, който обнових, но след заразата.
    • от Rustislav Petrov
      Здравейте, от някакво време забелязвам, че компютърът ми започва да се натоварва и вентилаторите бучат по-силно като го оставя да стои без да го пипам да кажем след около 30 мин, също някой път много ми забива, отварям си Task Manager-а и най-натоварващата програма откъм диск и рам е мозилата, която със отворен 1 таб на ютюб и 1 таб facebook ми точи около 3гб рам(което мисля че е твърде много)
      Addition.txt
      FRST.txt
    • от v3cko
      Здравейте , напоследък много често през хром ми дава че е засечен необичаен трафик и да потвърдя че не съм робот
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.04.2018
      Ran by USER (administrator) on NB4-031017 (04-05-2018 10:28:50)
      Running from C:\Users\USER\Downloads
      Loaded Profiles: USER (Available Profiles: USER)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Английски (Съединени щати)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Hewlett-Packard) C:\Windows\System32\hpservice.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
      (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
      (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
      (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
      (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
      (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      (Skillbrains) C:\Program Files\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
      () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
      HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
      HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1721640 2010-05-14] (Synaptics Incorporated)
      HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)
      HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
      HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-06-29] (Adobe Systems Incorporated)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-05] (AVAST Software)
      HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
      Winlogon\Notify\ScCertProp: wlnotify.dll [X]
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: G - G:\Lenovo_Suite.exe
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: {2266d480-0128-11e8-9d2e-002713343a56} - G:\Lenovo_Suite.exe
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\...\MountPoints2: {b041fd1c-4532-11e8-ad0d-f4ce46ad0471} - G:\HiSuiteDownLoader.exe
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-10-03]
      ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{536A229A-CF6B-40F3-A422-B91758B05919}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{B985E446-CCC9-4317-97EE-CC040A2A18B2}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3304134733-819666466-2278347041-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.bg/
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
      FireFox:
      ========
      FF ProfilePath: C:\Users\USER\AppData\Roaming\K-Meleon\y7sqykvz.default [2018-05-04]
      FF user.js: detected! => C:\Users\USER\AppData\Roaming\K-Meleon\y7sqykvz.default\user.js [2006-04-06]
      FF Homepage: K-Meleon\y7sqykvz.default -> google.bg
      FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-12] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
      FF Plugin: @photodex.com/PhotodexPresenter -> C:\Program Files\Photodex Presenter\npPxPlay.dll [No File]
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-24] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-24] (Google Inc.)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
      Chrome: 
      =======
      CHR HomePage: Default -> hxxp://google.bg/
      CHR StartupUrls: Default -> "hxxps://www.google.bg/"
      CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2018-05-04]
      CHR Extension: (Презентации) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-24]
      CHR Extension: (Документи) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-24]
      CHR Extension: (Google Диск) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-03]
      CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-03]
      CHR Extension: (Chrome Cleaner Pro) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2018-04-20]
      CHR Extension: (Adblock Plus) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27]
      CHR Extension: (Таблици) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-24]
      CHR Extension: (Google Документи офлайн) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-03]
      CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-04-07]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
      CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-03]
      CHR Extension: (Chrome Media Router) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02]
      CHR HKLM\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-05] (AVAST Software)
      S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
      S4 ScsiAccess; C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 AIDA64Driver; D:\_Install\AIDA64 Extreme Edition 5.80.4000\kerneld.x32 [44176 2016-10-24] ()
      R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-04-05] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-04-05] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-04-12] (AVAST Software)
      R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100544 2018-04-05] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-04-05] (AVAST Software)
      R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783600 2018-04-05] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-04-05] (AVAST Software)
      R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-04-05] (AVAST Software)
      R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-04-05] (AVAST Software)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2017-10-03] (Disc Soft Ltd)
      S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
      R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [27872 2017-01-11] (LogMeIn, Inc.)
      R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
      R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1805872 2009-07-01] ()
      S4 LMIRfsClientNP; no ImagePath
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-05-04 10:28 - 2018-05-04 10:29 - 000012608 _____ C:\Users\USER\Downloads\FRST.txt
      2018-05-04 10:28 - 2018-05-04 10:28 - 002066432 _____ (Farbar) C:\Users\USER\Downloads\FRST.exe
      2018-05-04 10:28 - 2018-05-04 10:28 - 000000000 ____D C:\FRST
      2018-05-04 00:41 - 2018-05-04 10:00 - 000000000 ____D C:\Users\USER\AppData\Local\Puffin
      2018-05-04 00:41 - 2018-05-04 00:41 - 000000937 _____ C:\Users\Public\Desktop\Puffin.lnk
      2018-05-04 00:41 - 2018-05-04 00:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puffin Browser
      2018-05-04 00:40 - 2018-05-04 00:41 - 000000000 ____D C:\Program Files\Puffin
      2018-05-03 22:47 - 2018-05-03 22:51 - 068539808 _____ (CloudMosa, Inc. ) C:\Users\USER\Downloads\PuffinBetaSetup.exe
      2018-05-02 21:46 - 2018-05-02 21:46 - 000218295 _____ C:\Users\USER\Downloads\14415951001_20180501_1245790475.pdf
      2018-05-02 16:25 - 2018-05-02 16:25 - 000408064 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-05-02 01:17 - 2018-05-02 01:17 - 000109280 _____ C:\Users\USER\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-05-02 01:11 - 2018-05-02 01:11 - 000001264 _____ C:\Users\Public\Desktop\Skype.lnk
      2018-05-02 01:11 - 2018-05-02 01:11 - 000000000 ____D C:\Users\USER\AppData\Roaming\Skype
      2018-05-02 01:11 - 2018-05-02 01:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      2018-05-02 01:09 - 2018-05-02 01:11 - 018529206 _____ (Skype Technologies S.A.) C:\Users\USER\Downloads\Непотвърдено 702826.crdownload
      2018-05-02 01:09 - 2018-05-02 01:10 - 062741696 _____ (Skype Technologies S.A.) C:\Users\USER\Downloads\Skype-8.20.0.9.exe
      2018-04-28 12:22 - 2018-04-28 12:22 - 000001194 _____ C:\Users\Public\Desktop\Easy2Convert JPG to DDS.lnk
      2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\Users\USER\AppData\Roaming\Easy2Convert
      2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy2Convert Software
      2018-04-28 12:22 - 2018-04-28 12:22 - 000000000 ____D C:\Program Files\Easy2Convert Software
      2018-04-28 12:20 - 2018-04-28 12:20 - 003340649 _____ (Easy2Convert Software ) C:\Users\USER\Downloads\jpg2dds.exe
      2018-04-28 12:18 - 2018-04-28 12:18 - 000162944 _____ C:\Users\USER\Downloads\XRG_Nikaz_Sport_R34.dds
      2018-04-28 06:02 - 2018-04-28 06:02 - 000029105 _____ C:\Users\USER\Downloads\XRGT_Alloy2.7z
      2018-04-28 05:35 - 2018-04-28 05:35 - 000000132 _____ C:\Users\USER\Downloads\XRG_BL1_HL_133550.set
      2018-04-28 05:24 - 2018-04-28 05:24 - 000000132 _____ C:\Users\USER\Downloads\XRG_BL1_HL_132690.set
      2018-04-27 20:03 - 2018-04-27 20:03 - 000417869 _____ C:\Users\USER\Downloads\mustang-sport.rar
      2018-04-27 20:02 - 2018-04-27 20:02 - 000474539 _____ C:\Users\USER\Downloads\Непотвърдено 315132.crdownload
      2018-04-27 20:02 - 2018-04-27 20:02 - 000474539 _____ C:\Users\USER\Downloads\Непотвърдено 122074.crdownload
      2018-04-21 23:38 - 2018-04-23 18:54 - 006268764 _____ C:\Users\USER\Documents\NB4-031017.arn
      2018-04-21 23:32 - 2018-04-21 23:32 - 000735888 _____ (Sysinternals - www.sysinternals.com) C:\Users\USER\Downloads\autoruns.exe
      2018-04-21 15:16 - 2017-06-30 11:30 - 000002111 _____ C:\Users\USER\Documents\XFG.cfg_v2
      2018-04-21 15:16 - 2016-01-20 10:53 - 000001528 _____ C:\Users\USER\Documents\XFG.cfg
      2018-04-21 14:38 - 2018-04-21 14:39 - 012258354 _____ C:\Users\USER\Downloads\BMW_M4_14 LB BY MARK.rar
      2018-04-21 11:28 - 2018-04-21 11:28 - 000012006 _____ C:\Users\USER\Downloads\DiscATEST.zip
      2018-04-20 19:08 - 2018-04-20 19:09 - 000000782 _____ C:\DelFix.txt
      2018-04-20 18:10 - 2018-04-20 18:10 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-04-20 18:10 - 2018-04-20 18:10 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-04-20 18:10 - 2018-03-19 12:57 - 000058656 _____ C:\Windows\system32\Drivers\mbae.sys
      2018-04-20 18:08 - 2018-04-20 18:09 - 073430920 _____ (Malwarebytes ) C:\Users\USER\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4792.exe
      2018-04-14 19:26 - 2018-04-14 19:26 - 001254569 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R12.exe
      2018-04-13 21:28 - 2018-04-13 21:28 - 000001704 _____ C:\Users\USER\Documents\1.txt
      2018-04-09 23:16 - 2018-04-09 23:16 - 001018015 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R11.exe
      2018-04-09 10:31 - 2018-04-09 10:31 - 000000000 ____D C:\Users\USER\AppData\Roaming\Nero
      2018-04-09 07:37 - 2018-04-09 07:37 - 000972765 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R10.exe
      2018-04-07 15:06 - 2018-04-08 07:53 - 000000000 ____D C:\Users\USER\Documents\My Games
      2018-04-07 15:05 - 2018-04-07 15:05 - 000000000 ____D C:\Users\USER\AppData\Roaming\Microsoft Games
      2018-04-07 15:03 - 2018-04-07 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
      2018-04-07 06:57 - 2018-04-07 06:57 - 000974910 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R9.exe
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000413 _____ C:\Users\USER\AppData\Local\UserProducts.xml
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000000 ____D C:\Program Files\Skillbrains
      2018-04-07 06:54 - 2018-04-07 06:54 - 002731128 _____ (Skillbrains ) C:\Users\USER\Downloads\setup-lightshot.exe
      2018-04-06 10:36 - 2018-04-06 10:36 - 000974764 _____ (Igor Pavlov) C:\Users\USER\Downloads\LFS_PATCH_6R_TO_6R8.exe
      2018-04-06 09:51 - 2018-04-06 09:51 - 003148854 _____ C:\Users\USER\Downloads\cheats.bmp
      2018-04-05 10:06 - 2018-04-05 10:06 - 000320728 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-05-04 07:45 - 2018-01-24 22:57 - 000000000 ____D C:\LFS
      2018-05-04 00:41 - 2018-02-26 19:19 - 000000000 ____D C:\Users\USER\AppData\Local\CrashDumps
      2018-05-03 16:48 - 2017-10-03 14:33 - 000000277 _____ C:\ProgramData\HPWALog.txt
      2018-05-03 16:30 - 2009-07-14 07:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-05-03 16:30 - 2009-07-14 07:34 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-05-03 16:22 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-05-02 17:32 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\NDF
      2018-05-02 16:31 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-05-02 16:31 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-05-02 03:27 - 2017-10-03 14:10 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-05-02 03:27 - 2017-10-03 14:10 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-05-01 16:43 - 2018-03-10 17:08 - 000000000 ____D C:\Users\USER\AppData\Local\PrivaZer
      2018-04-20 11:34 - 2009-07-14 07:53 - 000032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
      2018-04-15 14:58 - 2017-10-03 15:09 - 000000000 ____D C:\Users\USER\AppData\Roaming\MPC-HC
      2018-04-12 22:07 - 2017-10-03 16:08 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2018-04-10 22:02 - 2017-10-03 14:07 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-04-10 22:02 - 2017-10-03 14:07 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-04-10 22:02 - 2017-10-03 14:07 - 000000000 ____D C:\Windows\system32\Macromed
      2018-04-07 14:08 - 2018-03-23 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Producer
      2018-04-05 10:06 - 2018-01-24 20:07 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000783600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000152344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000100544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2018-04-05 10:06 - 2017-10-03 16:08 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      ==================== Files in the root of some directories =======
      2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\AtStart.txt
      2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\DSwitch.txt
      2017-10-03 14:33 - 2017-10-03 14:33 - 000000000 _____ () C:\Users\USER\AppData\Local\QSwitch.txt
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000003 _____ () C:\Users\USER\AppData\Local\updater.log
      2018-04-07 06:56 - 2018-04-07 06:56 - 000000413 _____ () C:\Users\USER\AppData\Local\UserProducts.xml
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-04-28 21:03
      ==================== End of FRST.txt ============================
      Addition.txt
    • от mamasve
      Здравейте , 
      имам вирус на компютъра , който постоянно ми инсталира икона на десктопа Panda viewer и когато отворя който и да е браузър започва да ме пренасочва към всевъзможни сайтове и практически не мога да си ползвам компа вече . Помощ , моля ! 
    • от AHybuC
      Здравейте!
      От тази сутрин не съм способен нормално да стартирам компютъра си. Веднага щом зареди Windows-a, появява се прозорче, в което пише "Windows has encountered a critical problem and will restart automatically in one minute" и както съобщението гласи, след една минута се рестартирва компютъра. Понякога дори се появява директно синия екран, още преди да е успял да зареди Windows-a, с код на грешката 0x000000F4. Направих пълно сканиране с Malwarebytes и Kaspersky Rescue CD 10, отстраниха проблемите, които откриха, но проблемът с рестартирването е все още присъстващ. Редно е да спомена, че в Safe Mode не изпитвам автоматични рестартирвания. Също така, премахнах отметката от Startup and Recovery -> System Failure -> Automatically Restart, но продължават да са налични рестартирванията, само че отметката я бях премахнал, докато бях в Safe Mode. Не знам дали това е от значение, но все пак исках да спомена това.
       
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15.04.2018
      Ran by IvailoCOMP (administrator) on IVAILOCOMP-PC (18-04-2018 19:02:33)
      Running from C:\Users\IvailoCOMP\Desktop
      Loaded Profiles: IvailoCOMP (Available Profiles: IvailoCOMP)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
      Internet Explorer Version 11 (Default browser: FF)
      Boot Mode: Safe Mode (with Networking)
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
      (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [] => [X]
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\...\Policies\Explorer: [NoSMBalloonTip] 0
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
      HKU\S-1-5-21-1339006810-3010099187-1440784813-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\..\Interfaces\{1290CD49-798E-4B6B-9CB6-A0F176F07BD0}: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Internet Explorer:
      ==================
      BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
      BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-12] (Oracle Corporation)
      BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll => No File
      BHO: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)
      BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-12] (Oracle Corporation)
      BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
      Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
      FireFox:
      ========
      FF ProfilePath: C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default [2018-04-18]
      FF Homepage: Mozilla\Firefox\Profiles\qhtq97on.default -> google.bg
      FF NewTab: Mozilla\Firefox\Profiles\qhtq97on.default -> about:home
      FF Session Restore: Mozilla\Firefox\Profiles\qhtq97on.default -> is enabled.
      FF NewTabOverride: Mozilla\Firefox\Profiles\qhtq97on.default -> Enabled: newtaboverride@agenedia.com
      FF Extension: (Adblocker X) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\@adblock57.xpi [2018-04-11]
      FF Extension: (MEGA) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\firefox@mega.co.nz.xpi [2018-04-13]
      FF Extension: (UniverseView Extension) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\firefox@universeview.ext.xpi [2017-03-01]
      FF Extension: (h264ify) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\jid1-TSgSxBhncsPBWQ@jetpack.xpi [2017-08-03]
      FF Extension: (New Tab Override) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\newtaboverride@agenedia.com.xpi [2018-02-04]
      FF Extension: (Greasemonkey) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-03-17]
      FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\features\{15eba6de-45fd-4321-9dcb-85b0a795c148}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-08] [Legacy]
      FF SearchPlugin: C:\Users\IvailoCOMP\AppData\Roaming\Mozilla\Firefox\Profiles\qhtq97on.default\searchplugins\yahoo-lavasoft.xml [2016-07-21]
      FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
      FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-09-28] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-11] ()
      FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-12] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-12] (Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll [2017-03-22] (Nexon)
      FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
      FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
      FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll [No File]
      FF Plugin: @Webzen.com/NPBrowserExt -> C:\Program Files\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll [2012-03-27] (WEBZEN)
      FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
      FF Plugin HKU\S-1-5-21-1339006810-3010099187-1440784813-1001: @fancyguo.com/FancyGame,version=1.0.0.1 -> C:\Users\IvailoCOMP\AppData\Local\Fancy\npfancygame.dll [2015-05-10] (Hongfeng Hengyu (Beijing) Tech Ltd.)
      FF Plugin HKU\S-1-5-21-1339006810-3010099187-1440784813-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\IvailoCOMP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-13] (Unity Technologies ApS)
      FF Plugin HKU\S-1-5-21-1339006810-3010099187-1440784813-1001: xyzgl-plugin@xyz-soft.com -> C:\Program Files\Alfheim\npxyzgl.dll [2012-06-13] (XYZ-SOFT Inc.)
      Chrome:
      =======
      CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S2 CachemanService; C:\Program Files\Cacheman\CachemanServ.exe [210944 2009-05-16] (Outertech) [File not signed]
      S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [382504 2017-05-17] (EasyAntiCheat Ltd)
      S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1353720 2015-07-08] (ESET)
      S2 EslWireHelper; D:\Games\EslWire\service\WireHelperSvc.exe [614416 2014-01-28] ()
      S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [133632 2012-07-25] (Microsoft Corporation) [File not signed]
      S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [930240 2016-06-14] (NVIDIA Corporation)
      R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2283432 2017-06-29] (LogMeIn Inc.)
      S2 HiPatchService; D:\Program Files\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-11] (Hi-Rez Studios) [File not signed]
      S2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [405424 2016-05-27] (LogMeIn, Inc.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4707104 2018-03-27] (Malwarebytes)
      S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [239880 2016-03-11] (McAfee, Inc.)
      S3 npggsvc; C:\Windows\system32\GameMon.des [5284208 2013-10-30] (INCA Internet Co., Ltd.)
      S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
      S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2904000 2016-06-14] (NVIDIA Corporation)
      S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016704 2016-06-14] (NVIDIA Corporation)
      S2 OracleOraDb11g_home1TNSListener; D:\app\IvailoCOMP\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe [512000 2010-03-31] (Oracle Corporation) [File not signed]
      S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [1453384 2018-04-08] (Overwolf LTD)
      S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2014-10-13] ()
      S3 Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [94208 2012-07-25] (Microsoft Corporation) [File not signed]
      S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 1394hub; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
      S3 apf004; C:\Windows\system32\apf004.sys [15112 2015-02-14] ()
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-11-22] (DT Soft Ltd)
      S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202704 2015-07-14] (ESET)
      S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [144536 2015-07-14] (ESET)
      S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [132152 2015-07-14] (ESET)
      R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [31008 2015-02-12] (<Turtle Entertainment>)
      S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [42496 2007-05-15] (Eugene V. Muzychenko) [File not signed]
      R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [167656 2018-04-18] (Malwarebytes)
      S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40160 2018-04-18] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-04-18] (Malwarebytes)
      S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26048 2016-06-14] (NVIDIA Corporation)
      S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-04-14] (NVIDIA Corporation)
      S3 SDGame; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
      S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [63352 2006-07-05] (Protection Technology (StarForce))
      S0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [59776 2006-08-11] (Protection Technology (StarForce))
      S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [33664 2016-03-11] (The OpenVPN Project)
      S3 VSPerfDrv110; C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [55416 2012-07-13] (Microsoft Corporation)
      U4 CiSvc; no ImagePath
      U4 Messenger; no ImagePath
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-04-18 19:02 - 2018-04-18 19:04 - 000014732 _____ C:\Users\IvailoCOMP\Desktop\FRST.txt
      2018-04-18 19:02 - 2018-04-18 19:02 - 000000000 ____D C:\FRST
      2018-04-18 19:01 - 2018-04-18 19:02 - 001763840 _____ (Farbar) C:\Users\IvailoCOMP\Desktop\FRST.exe
      2018-04-18 18:29 - 2018-04-18 18:55 - 000040160 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-04-18 18:29 - 2018-04-18 18:29 - 000167656 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-04-18 18:28 - 2018-04-18 18:28 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-04-18 18:28 - 2018-04-18 18:28 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-04-18 18:28 - 2018-04-18 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-04-18 18:28 - 2018-04-18 18:28 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-04-18 18:28 - 2018-04-18 18:28 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-04-18 18:28 - 2018-03-19 12:57 - 000058656 _____ C:\Windows\system32\Drivers\mbae.sys
      2018-04-18 18:27 - 2018-04-18 18:27 - 073254968 _____ (Malwarebytes ) C:\Users\IvailoCOMP\Desktop\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4766.exe
      2018-04-18 18:22 - 2018-04-18 18:22 - 000001270 _____ C:\Users\IvailoCOMP\Desktop\asda.lnk
      2018-04-18 18:04 - 2018-04-18 18:07 - 000005192 _____ C:\Users\IvailoCOMP\Desktop\Rkill.txt
      2018-04-18 17:54 - 2018-04-18 17:54 - 000003408 ____N C:\bootsqm.dat
      2018-04-18 17:52 - 2018-04-18 17:52 - 000000000 __SHD C:\found.000
      2018-04-18 17:37 - 2018-04-18 17:37 - 000151072 _____ C:\Windows\Minidump\041818-20997-01.dmp
      2018-04-18 17:11 - 2018-04-18 17:11 - 000151312 _____ C:\Windows\Minidump\041818-23821-01.dmp
      2018-04-18 13:42 - 2018-04-18 20:07 - 000000000 ____D C:\Kaspersky Rescue Disk 10.0
      2018-04-18 10:33 - 2018-04-18 10:33 - 000001261 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 18.lnk
      2018-04-18 10:33 - 2018-04-18 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
      2018-04-18 10:26 - 2018-04-18 10:33 - 000000221 _____ C:\Users\Public\Desktop\Ashampoo Deals.url
      2018-04-18 10:26 - 2018-04-18 10:33 - 000000000 ____D C:\ProgramData\Ashampoo
      2018-04-18 10:14 - 2018-04-18 10:18 - 338960384 _____ C:\Users\IvailoCOMP\Desktop\kav_rescue_10.iso
      2018-04-18 10:12 - 2018-04-18 10:12 - 000001270 _____ C:\Users\IvailoCOMP\Desktop\shutdown.exe.lnk
      2018-04-18 10:11 - 2018-04-18 18:54 - 000424982 _____ C:\Windows\ntbtlog.txt
      2018-04-18 10:10 - 2018-04-18 10:10 - 000000000 _____ C:\Users\IvailoCOMP\Desktop\New shortcut.lnk
      2018-04-18 09:57 - 2018-04-18 09:57 - 000151696 _____ C:\Windows\Minidump\041818-19999-01.dmp
      2018-04-18 09:54 - 2018-04-18 09:54 - 000151696 _____ C:\Windows\Minidump\041818-18954-01.dmp
      2018-04-18 09:40 - 2018-04-18 17:37 - 286301067 _____ C:\Windows\MEMORY.DMP
      2018-04-18 09:40 - 2018-04-18 17:37 - 000000000 ____D C:\Windows\Minidump
      2018-04-18 09:40 - 2018-04-18 09:40 - 000152656 _____ C:\Windows\Minidump\041818-29546-01.dmp
      2018-04-16 10:43 - 2018-03-31 04:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
      2018-04-16 10:43 - 2018-03-31 04:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-04-16 10:43 - 2018-03-31 04:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
      2018-04-16 10:43 - 2018-03-31 04:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
      2018-04-16 10:43 - 2018-03-31 04:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
      2018-04-16 10:43 - 2018-03-31 04:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
      2018-04-16 10:43 - 2018-03-31 04:39 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
      2018-04-16 10:43 - 2018-03-31 04:12 - 001310480 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
      2018-04-16 10:43 - 2018-03-31 04:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
      2018-04-16 10:43 - 2018-03-31 03:51 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
      2018-04-16 10:43 - 2018-03-31 03:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
      2018-04-16 10:43 - 2018-03-31 03:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
      2018-04-16 10:43 - 2018-03-31 03:51 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
      2018-04-16 10:43 - 2018-03-31 03:51 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
      2018-04-16 10:43 - 2018-03-31 03:49 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
      2018-04-16 10:43 - 2018-03-31 03:49 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
      2018-04-16 10:43 - 2018-03-31 03:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-04-16 10:43 - 2018-03-31 03:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
      2018-04-16 10:43 - 2018-03-31 03:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
      2018-04-16 10:43 - 2018-03-31 03:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
      2018-04-16 10:43 - 2018-03-28 10:18 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
      2018-04-16 10:43 - 2018-03-23 20:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-04-16 10:43 - 2018-03-23 00:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-04-16 10:43 - 2018-03-23 00:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-04-16 10:43 - 2018-03-23 00:04 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-04-16 10:43 - 2018-03-22 23:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-04-16 10:43 - 2018-03-22 23:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-04-16 10:43 - 2018-03-22 23:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-04-16 10:43 - 2018-03-22 23:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-04-16 10:43 - 2018-03-22 23:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-04-16 10:43 - 2018-03-22 23:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-04-16 10:43 - 2018-03-22 23:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-04-16 10:43 - 2018-03-22 23:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-04-16 10:43 - 2018-03-22 23:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-04-16 10:43 - 2018-03-22 23:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-04-16 10:43 - 2018-03-22 23:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-04-16 10:43 - 2018-03-22 23:42 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-04-16 10:43 - 2018-03-22 23:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-04-16 10:43 - 2018-03-22 23:36 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-04-16 10:43 - 2018-03-22 23:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-04-16 10:43 - 2018-03-22 23:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-04-16 10:43 - 2018-03-22 23:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-04-16 10:43 - 2018-03-22 23:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-04-16 10:43 - 2018-03-22 23:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-04-16 10:43 - 2018-03-22 23:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-04-16 10:43 - 2018-03-22 23:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-04-16 10:43 - 2018-03-22 23:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-04-16 10:43 - 2018-03-22 23:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-04-16 10:43 - 2018-03-22 23:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-04-16 10:43 - 2018-03-22 23:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-04-16 10:43 - 2018-03-22 23:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-04-16 10:43 - 2018-03-22 23:15 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-04-16 10:43 - 2018-03-22 23:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-04-16 10:43 - 2018-03-22 23:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-04-16 10:43 - 2018-03-22 22:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-04-16 10:43 - 2018-03-22 22:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-04-16 10:43 - 2018-03-22 22:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-04-16 10:43 - 2018-03-10 20:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
      2018-04-16 10:43 - 2018-03-09 21:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
      2018-04-16 10:43 - 2018-03-09 21:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
      2018-04-16 10:43 - 2018-03-09 21:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
      2018-04-16 10:43 - 2018-03-09 21:12 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
      2018-04-16 10:43 - 2018-03-09 21:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
      2018-04-16 10:43 - 2018-03-09 20:31 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
      2018-04-16 10:43 - 2018-03-06 21:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
      2018-04-16 10:43 - 2018-03-06 21:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
      2018-04-16 10:43 - 2018-03-06 21:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
      2018-04-16 10:43 - 2018-02-22 06:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
      2018-04-16 10:43 - 2018-02-19 00:34 - 000535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
      2018-04-16 10:43 - 2018-02-10 21:49 - 000162496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000154304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000104640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000057024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000053440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000051904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:49 - 000046272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000032448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000027840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000021696 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
      2018-04-16 10:43 - 2018-02-10 21:49 - 000013504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
      2018-04-16 10:43 - 2018-02-10 21:49 - 000011840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
      2018-04-16 10:43 - 2018-02-10 21:48 - 000274624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
      2018-04-16 10:43 - 2018-02-10 21:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS
      2018-04-16 10:43 - 2018-02-10 21:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
      2018-04-16 10:43 - 2018-02-10 21:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
      2018-04-16 10:43 - 2018-02-10 21:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
      2018-04-16 10:43 - 2018-02-10 21:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
      2018-04-16 10:43 - 2018-02-10 21:23 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
      2018-04-16 10:43 - 2018-02-10 20:36 - 000537600 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
      2018-04-16 10:43 - 2018-02-10 20:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
      2018-04-16 10:43 - 2018-02-10 20:36 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
      2018-04-16 10:43 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
      2018-04-16 10:43 - 2018-02-10 20:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
      2018-04-16 10:43 - 2018-02-02 21:54 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
      2018-04-16 10:43 - 2018-02-02 21:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
      2018-04-16 10:43 - 2018-02-02 21:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
      2018-04-16 10:43 - 2018-02-02 21:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
      2018-04-16 10:43 - 2018-02-02 21:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
      2018-04-16 10:43 - 2018-02-02 21:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
      2018-04-16 10:43 - 2018-02-02 20:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
      2018-04-16 10:43 - 2018-01-25 17:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
      2018-04-16 10:43 - 2018-01-25 17:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
      2018-04-16 10:43 - 2018-01-15 22:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
      2018-04-16 10:43 - 2018-01-12 19:29 - 001309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-04-16 10:43 - 2018-01-12 19:29 - 000250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
      2018-04-16 10:43 - 2018-01-12 19:29 - 000240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-04-16 10:43 - 2018-01-12 19:29 - 000187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-04-16 10:43 - 2018-01-12 19:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
      2018-04-16 10:43 - 2018-01-12 19:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
      2018-04-16 10:43 - 2018-01-12 19:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
      2018-04-16 10:43 - 2018-01-12 19:05 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
      2018-04-16 10:43 - 2018-01-12 19:05 - 000025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
      2018-04-16 10:43 - 2018-01-12 19:05 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
      2018-04-16 10:43 - 2018-01-11 19:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001155584 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 001004032 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
      2018-04-16 10:43 - 2018-01-01 05:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:54 - 001214184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
      2018-04-16 10:43 - 2018-01-01 04:54 - 000712936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
      2018-04-16 10:43 - 2018-01-01 04:54 - 000201960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
      2018-04-16 10:43 - 2018-01-01 04:54 - 000173288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
      2018-04-16 10:43 - 2018-01-01 04:50 - 000317952 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
      2018-04-16 10:43 - 2018-01-01 04:44 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
      2018-04-16 10:43 - 2018-01-01 04:43 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
      2018-04-16 10:43 - 2018-01-01 04:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
      2018-04-16 10:43 - 2018-01-01 04:43 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
      2018-04-16 10:43 - 2018-01-01 04:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
      2018-04-16 10:43 - 2018-01-01 04:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
      2018-04-16 10:43 - 2018-01-01 04:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
      2018-04-16 10:43 - 2018-01-01 04:38 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-04-16 10:43 - 2018-01-01 04:38 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
      2018-04-16 10:43 - 2018-01-01 04:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
      2018-04-16 10:43 - 2018-01-01 04:38 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
      2018-04-16 10:43 - 2018-01-01 04:36 - 000314368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
      2018-04-16 10:43 - 2018-01-01 04:36 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
      2018-04-16 10:43 - 2018-01-01 04:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-04-16 10:43 - 2018-01-01 04:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
      2018-04-16 10:43 - 2017-12-05 20:08 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
      2018-04-16 10:43 - 2017-12-05 18:54 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
      2018-04-16 10:43 - 2017-12-05 18:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
      2018-04-14 17:05 - 2018-04-15 21:31 - 000003238 _____ C:\Users\IvailoCOMP\Desktop\Стражева Кула 14.04.2018.txt
      2018-04-14 14:36 - 2016-06-18 07:13 - 039293587 ____N C:\Users\IvailoCOMP\Desktop\MPS-temi.pdf
      2018-04-11 21:09 - 2018-04-15 22:57 - 000000340 _____ C:\Users\IvailoCOMP\Desktop\Програма за четене на Библията.txt
      2018-04-11 20:05 - 2018-04-11 20:05 - 000724759 _____ C:\Users\IvailoCOMP\Desktop\sbr_BL.pdf
      2018-04-11 02:08 - 2018-03-14 20:18 - 000116928 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
      2018-04-11 02:08 - 2018-03-14 20:14 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 001893376 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
      2018-04-11 02:08 - 2018-03-14 16:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000507392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
      2018-04-11 02:08 - 2018-03-14 16:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
      2018-04-09 21:55 - 2018-04-09 21:55 - 000003743 _____ C:\Users\IvailoCOMP\Desktop\Ще бъде ли тя добра съпруга.txt
      2018-04-01 23:39 - 2018-04-01 23:39 - 010353227 _____ C:\Users\IvailoCOMP\Desktop\yp2_BL.pdf
      2018-03-23 22:10 - 2018-03-23 22:10 - 002276028 _____ C:\Users\IvailoCOMP\Desktop\Илиянка.rar
      2018-03-23 22:02 - 2018-03-23 22:14 - 000000000 ____D C:\Users\IvailoCOMP\Desktop\Илиянка
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-04-18 19:00 - 2010-11-21 00:01 - 000785704 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-04-18 19:00 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-04-18 18:57 - 2016-11-18 12:35 - 000000000 ____D C:\Users\IvailoCOMP\AppData\LocalLow\Mozilla
      2018-04-18 18:51 - 2013-11-21 16:12 - 000000000 ____D C:\ProgramData\NVIDIA
      2018-04-18 18:51 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-04-18 18:06 - 2014-10-30 10:05 - 000000000 ____D C:\Windows\pss
      2018-04-18 17:58 - 2017-11-23 09:54 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Local\LogMeIn Hamachi
      2018-04-18 10:38 - 2013-11-21 16:17 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\BitComet
      2018-04-18 10:34 - 2013-11-21 16:05 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\Ashampoo
      2018-04-18 10:34 - 2013-11-21 16:05 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Local\Ashampoo
      2018-04-18 10:32 - 2013-11-21 16:00 - 000000000 ____D C:\Program Files\Ashampoo
      2018-04-18 10:19 - 2013-11-22 16:19 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\DAEMON Tools Lite
      2018-04-18 01:15 - 2009-07-14 07:34 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-04-18 01:15 - 2009-07-14 07:34 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-04-18 01:09 - 2013-12-23 20:48 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\Skype
      2018-04-17 23:11 - 2016-02-29 01:23 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Local\CrashDumps
      2018-04-17 10:17 - 2009-07-14 07:33 - 000452024 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-04-17 10:13 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-04-16 22:13 - 2013-11-21 17:15 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\vlc
      2018-04-15 10:51 - 2013-11-21 16:04 - 000000000 ____D C:\Windows\system32\Macromed
      2018-04-12 19:52 - 2016-07-07 19:51 - 000000000 ____D C:\Program Files\Common Files\Overwolf
      2018-04-12 19:52 - 2013-12-14 11:50 - 000000000 ____D C:\Program Files\Overwolf
      2018-04-12 01:04 - 2014-12-11 09:05 - 000000000 ____D C:\Windows\system32\appraiser
      2018-04-11 11:04 - 2017-07-31 12:21 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-04-11 11:04 - 2017-07-31 12:21 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-04-11 03:13 - 2014-07-15 11:08 - 000000000 ____D C:\Windows\system32\MRT
      2018-04-11 03:06 - 2017-10-11 01:18 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
      2018-04-11 03:06 - 2014-07-15 11:08 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
      2018-04-08 17:50 - 2018-03-01 23:22 - 000000000 ____D C:\Users\IvailoCOMP\AppData\Roaming\.minecraft
      2018-03-29 09:46 - 2013-12-21 10:14 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
      2018-03-28 11:20 - 2016-11-16 21:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2018-03-26 12:53 - 2018-02-26 10:26 - 000000000 ____D C:\Users\IvailoCOMP\Desktop\Songs
      ==================== Files in the root of some directories =======
      2016-03-26 15:29 - 2016-03-28 23:17 - 000000646 _____ () C:\Users\IvailoCOMP\AppData\Roaming\MPQEditor.ini
      2013-11-21 17:59 - 2017-11-03 12:59 - 000007599 _____ () C:\Users\IvailoCOMP\AppData\Local\Resmon.ResmonCfg
      Some files in TEMP:
      ====================
      2017-09-29 10:49 - 2017-10-30 16:41 - 000000000 _____ () C:\Users\IvailoCOMP\AppData\Local\Temp\88653d972532a3bfb1eacaae78f1f650.dll
      2017-09-29 10:49 - 2017-10-30 14:33 - 000000088 _____ () C:\Users\IvailoCOMP\AppData\Local\Temp\a4c3de51ada6927383f066bdc8c54e16.dll
      2018-04-08 08:12 - 2018-04-08 08:12 - 058834376 _____ (Skype Technologies S.A.) C:\Users\IvailoCOMP\AppData\Local\Temp\SkypeSetup.exe
      2018-03-01 23:34 - 2018-03-01 23:23 - 000069259 _____ () C:\Users\IvailoCOMP\AppData\Local\Temp\Uninstall.exe
      2017-08-13 10:55 - 2017-08-13 10:55 - 000750560 _____ (adaware) C:\Users\IvailoCOMP\AppData\Local\Temp\WCU002.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2016-05-09 08:13
      ==================== End of FRST.txt ============================
      Addition.txt
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.