Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Препоръчан отговор


Здравейте,

снощи пуснах тема в "Сигурност и антивирусна защита", където ми препоръчаха да пиша тук.
Копирам всичко написано от предходната тема + някои допълнения.

Машина:
Лаптоп ASUS F550V с Windows 10 Education (Платен).

Симптоми:

     Не мога да ъпдейта Windows-a.

    Windows Defender не работи.

    Troubleshooter-a не върши никаква работа.
  
    Kaspersky не се стартира.
     
    Host Service 64 е постоянно включен и понякога използва доста ресурси.

 *Подробности относно проблемите в предишната ми тема.

Допълнения:

Снощи вечер пуснах проверка с RogueKiller. Прикачвам снимка с резултата, както и с резултат от премахването, но Host services 64 вече не се вижда в task manager-a, но все още не мога да ъпдейтна windows.

sfc /scannow
DISM /Online /Cleanup-Image /RestoreHealth

Написах следните команди като администратор. Всичко беше поправено или наред.

Прикачвам резултатите от Farbar Recovery Scan Tool. Направих сканиратено след проверката с RogueKiller.

RogueKillerDeleteRes.jpg

Addition.txt FRST.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Може ли да прикачите лог файла от сканирането с RogieKiller, че скрийншотът е доста неясен. Ще го намерите в папката C:\ProgramData\RogueKiller\logs.

Лог файловете са чисти. Има няколко неактивни остатъка от евентуалната зараза. Проблема с Windows Defender най-вероятно се корени в това, че имате инсталиран (или поне частично) продукт на Kaspersky, който е регистриран в Security Center-a. Това автоматично забранява Windows Defender. Колкото до Windows Update това не е темата за този проблем, но можем да пробваме и за него няколко стъпки после.

Добре е да прикачите и лог файловете от командите, които сте извършили.

За да се появи рапорта от SFC /SCANNOW изпълнете командата за Command Prompt (CMD)

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

и прикачете лог файла SFCDETAILS.TXT, който трябва да се е появил на десктопа.

За да се появи лог файла от проверката на chkdsk изпълнете командите за PowerShell:

get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername –match "wininit"} | fl timecreated, message | out-file C:\Users\iveli\Desktop\CHKDSK_SCAN.txt
get-winevent -FilterHashTable @{logname="Application"; id="26226"}| ?{$_.providername –match "Chkdsk"} | fl timecreated, message | out-file
C:\Users\iveli\Desktop\CHKDSK_SCAN2.txt

и прикачете лог файла CHKDSK_SCAN и CHKDSK_SCAN2.txt, които трябва да са се появили на десктопа.

Докато сте в PowerShell изпълнете и командата Repair-Volume -DriveLetter C и направете снимка на резултатите.

За да премахнете Kaspersky изтеглете следния инструмент и следвайте инструкциите:

http://media.kaspersky.com/utilities/ConsumerUtilities/kavremvr.exe

Стартирайте инструмента, съгласете се с лицензионното споразумение, от падащото меню на списъка изберете инсталираната от вас версия на програмата (в случая Kaspersky Security Cloud), въведете кода от картинката и натиснете Remove. И след това се съгласете, че трябва да рестартирате.

След това за да премахнем остатъците от заразата, Kaspersky и от забраната за стартиране на Windows Defender, направете следното:

Изтеглете fixlist.txt и го запазете в папката, където сте свалили FRST64.exe (D:\Programs\Virus Removal)

Стартирайте FRST64.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

Това е засега.

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Прикачил съм лог файла от сканирането с RogieKiller, рапорта от SFC /SCANNOW и лог файла CHKDSK_SCAN.
Имах проблем с втората команда get-winevent -FilterHashTable @{logname="Application"; id="26226"}| ?{$_.providername –match "Chkdsk"} | fl timecreated, message | out-file C:\Users\iveli\Desktop\CHKDSK_SCAN2.txt

Резултатът е следният:

Цитат

get-winevent : No events were found that match the specified selection criteria.
At line:1 char:1
+ get-winevent -FilterHashTable @{logname="Application"; id="26226"}| ? ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (:) [Get-WinEvent], Exception
    + FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand

След командата Repair-Volume -DriveLetter C, резултатът бе:

Цитат

NoErrorsFound

Прикачил съм и fixlog.txt.

CHKDSK_SCAN.txt RogueKiller Custom Scan Report.txt RogueKiller Deleted Report.txt sfcdetails.txt Fixlog.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Няма проблеми относно втората команда за CHKDSK. Тя беше дадена за да създаде рапорт, ако е сканиран дял различен от системния. Тогава се появява в Event Viewer под друго име CHKDSK (вместо WinInit) и с друго ID (26226) вместо 1001. Можете да тествате и сами някой ден ако решите да сканирате дял различен от системен. :)

В лог файла на RogueKiller видях, че са намерени доста записи свързани с Bitcoin Miner копачи. Видях, че имате инсталиран и емулатора за виртуални машини QEMU. Имайте предвид, че той също може да се ползва от копачите и също присъства в рапорта на RogueKiller. Аз бих го деинсталирал както е описано в клипа - или с програма като Revo Uninstaller или ръчно. Вижте целия клип:

[Tr.Gen (Malicious)] Host Services x64.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\StartUp\Host Services x64.lnk (lnk => C:\PROGRA~1\qemu\HOSTSE~2.EXE []) -> Deleted

[Tr.Gen (Malicious)] Host Services x64.exe -- %ProgramFiles%\qemu\Host Services x64.exe -> Deleted
 

Скрипта се е изпълнил коректно. Видях, че са се премахнали забраните за стартиране на Windows Defender, както и остатъците от заразата:

Цитат

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully

Цитат

C:\WINDOWS\system32\WinUpdates105.dat => moved successfully
C:\WINDOWS\system32\wdbcache.tmp => moved successfully
C:\WINDOWS\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450 => moved successfully
C:\WINDOWS\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B => moved successfully
C:\WINDOWS\system32\setup4.2.6.tmp => moved successfully

Видях обаче, че е имали проблеми с изпълнението на командата на bitsadmin

Цитат

BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to cancel {D846C90D-944A-48BD-B81C-C1A854A4A36F}.
Unable to cancel {D3B5BC2C-0B35-4735-8FBC-096BEA829543}.
0 out of 2 jobs canceled.

Затова изпълнете следния скрипт за FRST:

Изтеглете fixlist.txt и го запазете в папката, където сте свалили FRST64.exe (D:\Programs\Virus Removal)

Стартирайте FRST64.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

Стартира ли се сега Windows Defender след като забраната е премахната и Kaspersky деинсталиран? Има ли проблеми още с Windows Update? Нека да видим какво е състоянието на услугите, защото понякога този вирус им изтрива важни настройки от регистрите:

 

Моля изтеглете Farbar Service Scanner и я стартирайте.

  • Сложете всички отметки.
  • Натиснете бутона Scan.
  • Ще се създаде лог файл с името (FSS.txt) в папката откъдето стартирате инструмента.
  • Копирайте съдържанието на лог файла в следващия си пост.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Qemu е деинсталиран.
Все още Windows Update и Windows Defender не се включва (а самият прозорец стой бял).
Прикачил съм Fixlog.txt и FSS.txt

windows defender security center.jpg

Fixlog.txt FSS.txt


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Мда...както си и мислех.

Изтеглете следните файлове на десктопа:

wscsvc.reg

wuauserv.reg

WinDefend.reg

Кликнете с десен бутон на всеки един от тях и изберете Merge.

Съгласете се с YES.

Рестартирайте системата и направете нова проверка с FSS и прикачете новия лог файл.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добра работа. Сега стартират ли Windows Defender и Windows Update? Ако не ще продължи така:

Обикновено белите полета в Windows Update са дело на нерегистрирани системни файлове. В CMD.exe стартиран с десен бутон и Run as administrator въведете командата и натиснете Enter:

For /F %s in ('dir /b *.dll') do regsvr32 /s %s

Изчакайте да се изпълни. Може да отнеме няколко минути. Игнорирайте грешките, които може да се появят при регистрацията на някои от файловете (потвърждавайки е Enter на прозорците с грешките).

Пишете после как е положението.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Все същото. 🙁
Забелязах единствено, че Defender-a се стартира за секунди в началото и после изчезва.
Относно Update-а виждам, че вече се появява нова грешка (0x80070006).

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изпълнете следния скрипт за FRST както преди (запазвате го в папката на FRST, стартирате FRST64.exe и натискате FIX) и след това прикачете лог файла.

fixlist.txt

Рестартирайте системата и пишете дали има някаква промяна.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Няма промяна.
Прикачил съм лог-а.

Fixlog.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Брей. Изтеглете следния файл и го запазете в папка по избор.

https://www.tenforums.com/tutorials/24742-reset-windows-update-windows-10-a.html

Стартирайте го с десен бутон и Run as administrator. Рестартирайте системата и вижте дали има промяна.

Можете да пробвате и с този:

https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Май ми намирисва на преинсталация.
Все си е същото.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Има нещо такова. Досега вече трябваше да е всичко тип-топ, защото съм се срещал с тази гадина и стъпките са проверени.

Изтеглете fixlist.txt и го запазете в папката, където сте свалили FRST64.exe (D:\Programs\Virus Removal)

Стартирайте FRST64.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

Ако това не помогне бих препоръчал да пробвате и със следния инструмент:

Интерфейса на програмата може вече да е различен, защото снимките в инструкциите са леко остарели, но мисля, че ще се ориентирате.

Изтеглете програмата Windows Repair (all in one) оттук.

Рестартирайте системата си в безопасен режим Safe Mode.

Разархивирайте архива в папка по избор и след това кликнете върху файла Repair_Windows.exe.

На диалоговия прозорец с лицензионното споразумение изберете 4YtWvjD.png

Отидете до менюто Backup Tools и създайте нова точка за възстановяване на системата и бекъп на текущото състояние на регистрите...
 
Под Registry Backup (Recommended) натиснете бутона Backup. След като приключи под System Restore натиснете бутона Create.

MiBNMrv.png

Сега вече изберете менюто Repairs - Main и натиснете Open Repairs.
 
ZiP7DS3.png
 
Сложете отметка пред 1, 2, 3, 4, 10, 14, 15, 16, 25, 26, 28 и премахнете останалите.

и сложете отметка пред Restart/Shutdown System => Restart System и натиснете бутона Start Repairs
 
QkggPgD.png

НЕ използвайте компютъра докато се извършва поправката.
След като всички приключи, компютъра ще се рестартира.
Архивирайте всички логове от папката в която сте разархивирали програмата - например:
C:\Users\iveli\Desktop \tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\Logs
и качете архива на следния адрес => dox.bg и публикувайте линка към архива в следващия си коментар.

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Дълго време стоеше (час и половина някъде) на 25 или 26, при което имаше инструкции, ако нищо не се вижда в task manager-a да затворя командния прозорец, за да продължи нататък.
Та натиснах го, всичко приключи добре, компютърът се рестартира и Ъпдейтите вече си работят нормално🤘. Инсталирах първите, сега чакам вторите. Но Windows Defender все си стой с бял прозорец.
Възможно ли е да е от това, че прекъснах 25 или 26?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Едва ли, но все пак е добре да повторите стъпките с програмата първо пробвайте в Normal Mode само за 25, 26 и 28.

Колкото до Windows Defender от снимката виждам, че е бяла само секцията Home. Какво става ако кликнете на Virus & threat protection или на трите чертички над Home или на бутона Settings долу вляво?

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Най-накрая стана!
След последния ъпдейт Windows-ът се надстрой до версия 1909, което оправи Defender-а, че и нови функции има, и всичко за сега си работи идеално!

А сега виждам, че имам дори още ъпдейти за тая версия 1909.

Огромни благодарности и поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да, това бе един от вариантите за поправка. Да се поправи текущата инсталация със запазване на настройките, да се обнови до по-нов build или да го мъчим още. Освен горните съвети се канех да проверя състоянието и на другите услуги, които подозирам, че може би са били "замесени" в проблема в следствие на вируса най-вероятно:

Sense => тя не съществува обаче във версии под Enterprise (та тази щеше да отпадне)
WdNisSvc => според лог файла на FRST уж беше наред, но все пак => S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\NisSrv.exe [2496144 2020-07-03] (Microsoft Windows Publisher -> Microsoft Corporation)
MpsSvc
SecurityHealthService => тази подозирам най-много ако трябва да бъдем честни
WinDefend => тази вече я оправихме

и още други настройки в регистрите, но се радвам, че сега това няма нужда. Остава като всичко приключи да направите една проверка на системата с Windows Defender-a поне на системния дял. За по-пълна настройки на антивирусната можете да пробвате следния инструмент:

ConfigureDefender1.png

https://github.com/AndyFul/ConfigureDefender/raw/master/ConfigureDefender.exe

 

За да премахнем Farbar Recovery Scan Tool направете следното:

Преименувайте изпълнимия файл FRST64.exe на Uninstall.exe.

image.png.9cf9e0ab76b122782aff3552f54c5829.png     =>     image.png.44f957ce25ef61c76206655a46425152.png

Кликнете с десен бутон на мишката върху Uninstall.exe и изберете Run as administrator. Ще бъдете уведомени, че трябва да рестартирате системата, за да изтриете инструмента.

image.png.abcc20b28654d54fae08e7451bb5dc3b.png

След рестарта инструмента и прилежащите към него файлове ще бъдат изтрити.

 

Изтеглете  KpRm от kernel-panik и го запишете на вашия работен плот. 

  • Щракнете с десния бутон върху kprm_2.8.exe и изберете Run as administrator
  • Когато инструментът се отвори сложете всички отметки и натиснете бутона Run.

111.PNG

  • След като приключите, щракнете върху OK. 
  • В Notepad ще се отвори лог файла, копирайте съдържанието му в следващия си отговор.

 

Поздрави! :bye1:

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Готово.

Цитат

# Run at 03/08/2020 19:14:57
# KpRm (Kernel-panik) version 2.8
# Website https://kernel-panik.me/tool/kprm/
# Run by iveli from D:\Programs\Virus Removal\KpRm 2.8
# Computer Name: DESKTOP-2MSRV7S
# OS: Windows 10 X64 (18363)
# Number of passes: 1

- Checked options -

    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point

- Create Registry Backup -

   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\iveli\NTUSER.dat backed up

     [OK] Registry Backup: C:\KPRM\backup\2020-08-03-19-14-57

- Delete Tools -


  ## TDSSKiller
     [OK] C:\TDSSKiller.3.1.0.28_01.08.2020_20.12.20_log.txt deleted
     [OK] C:\TDSSKiller.3.1.0.28_01.08.2020_20.14.01_log.txt deleted
     [OK] C:\TDSSKiller.3.1.0.28_02.08.2020_15.31.36_log.txt deleted

- Other Lines -


  ## Quarantines keeped
    ~ C:\KVRT_Data (Kaspersky Virus Removal Tool)
    ~ C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine (Malwarebytes Anti-Rootkit)
    ~ C:\ProgramData\RogueKiller\quarantine (RogueKiller)

- Restore System Settings -

     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files

- Restore UAC -

     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

   ~ [OK] RP named Windows Update created at 08/02/2020 20:56:03 deleted
   ~ [OK] RP named Windows Update created at 08/02/2020 20:56:25 deleted
     [OK] All system restore points have been successfully deleted

- Create Restore Point -

     [OK] System Restore Point created

- Display System Restore Point -

   ~ RP named KpRm created at 08/03/2020 16:15:10

-- KPRM finished in 31.85s --

Имам един въпрос.
По-рано споделихте, че Kaspersky блокира Windows Defender-а.
Бихте ли препоръчали, дали да инсталирам отново Kaspersky или да опитам с друго?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Можете да изтриете следните папки:

C:\KVRT_Data
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
C:\ProgramData\RogueKiller\quarantine

преди 13 минути, ivchodx написа:

Готово.

Имам един въпрос.
По-рано споделихте, че Kaspersky блокира Windows Defender-а.
Бихте ли препоръчали, дали да инсталирам отново Kaspersky или да опитам с друго?

Не само Kaspersky. При всяка външна антивирусна би забранила Windows Defender, защото не е препоръчително две антивирусни да работят по едно и също време. Просто във вашия случай това беше Kaspersky. Но освено него самия Windows Defender беше и повреден (най-вероятно от вируса) и положението бе по-тежко. Колкото до това, коя антивирусна да използвате, това е деликатна тема и малко въпрос на личен избор и вкус. При Windows 10, Windows Defender е доста по-мощен от версиите при предходните версии на Windows и според мен можете да си останете и с нея. (Особено ако я конфигурирате с Configure Defender). Разбира се, тя макар да има защита на файлове и папки от ransomware, няма пълноценна такава защита и може би е добра идея към нея да добавите инструмента Kaspersky Anti-Ransomware for Business или AppCheck Anti-Ransomware. Алтернативен вариант е да сложите Kaspersky Security Cloud Free. Като цяло 100%-ова защита няма и е добре да не сваляте файлове от съмнителни сайтове, прикачени файлове, да правите често бекъп на важните документи, да държите използвания софтуер и Операционната Система обновени с последните кръпки и разбира се да по-затегнете малко сигурността на самата Операционна Система (т.нар. hardening) - има доста писано по въпроса (само че трябва сами да намерите баланса между ограниченията и удобството на работа) с цел да ограничите векторите на атака над вашата система. Заслужава си да хвърлите един поглед на инструменти като NovirusThanks SysHardener или Hard_Configurator (от автора на Configure Defender). Но пък тези инструменти са и за по-напреднали потребители и трябва да се внимава с тях, защото можете да си отворите повече проблеми, отколкото да решите. Начини за защита има много - използване на пясъчници като Sandboxie и подобните, програми за виртуализация като Shadow Defender, HIPS програми като Comodo Firewall, anti-exe програми като NovirusThanks ExeRadar Pro, AppGuard, default-deny (работа с черни и бели списъци) програми като VoodooShield, SecureAplus, вградените възможности на Windows (Software Restriction Policies (SRP), AppLocker - налични главно в Enterprise версиите) и т.н. Честно казано според мен се придържайте към това, което ви е най-удобно за работа. Keep it simple, понякога е по-добре. ;)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.


  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от achodemo
      Здравейте .
      Не успявам да премахна (предполагам е) вирус . Проблема е следния : записват се едни файлове на всяка флашка , която се постави в PC-то .
      Файловете ги трия ръчно , форматирам флашката и на момента се записват пак .
      Петте файла плюс папка "RECYCLER", в която се създават други папки с произволни имена и във всяка от тях два файла , които се размножават до безкрайно с произволни имена , през цялото време до като флашката стои включена .
      Имам "Malwarebytes " , при сканиране ми премахна доста вредители , но проблема остава .
      Пробвах и с Avast , при включване флашката веднага пуска аларма за autorun-а , че записва 4-те шорткъта и до там , при сканиране не открива нищо на PC-то .

      Моля за съвет и насока , какво може да бъде това и как, с какво , да го премахна ?!

      Търсих в Google , има информация за такъв проблем , но решение не намерих работещо .
      И като цяло виждам че в таск менажера има прекалено много работещи процеси , които нямам идея какви са , но заемат почти цялата ми RAM . 

      Давам снимки  и логовете най-отдолу :

       


      FRST.txt    Addition.txt     
    • от ivan.ivanov.543
      Здрасти! Предварително се извинявам за опростеното и неграмотно обяснение, не разбирам много от компютри, надявам се да е достатъчно разбираемо.   
       
      Преди няколко дена си изтеглих един учебник в pdf формат от замунда, но беше заключен от към търсене на думи в него, копиране и принтиране, също така беше много голям (270мб) за да го кача в онлайн програмите за откючване на pdf файлове който намерих, затова реших да потърся офлайн такава, която да изтегля и без да се замисля  изтеглих  и инсталирах първата програма която намерих в гугъл (понежене в замунда не можах да намеря такава) и тя се оказа вирус. След като я инсталирах, започна автоматично да изтегля и инсталира някакви програми. 
       
      Спрях интернета, деинсталирах програмите който бяха се инсталирали (вкючително и първата програма - вируса) и пробвах да пусна windows defender, но пишеше нещо от сорта на "програмата е блокирана от групата" . Пуснах пак интернета за да потъся как в този случай да пусна дефендъра и в момента в който отворих хрома, автоматично се отвори и затвори нов раздел в браузъра и пак започнаха да се теглят и да се инсталират програми. Спрях отново интернета, деинсталирах пак програмите и от допълнителните системни настройки пуснах възстановяване на системата.
       
      След като възстановяването мина, забелязах, че повечето ми файлове завършват на .qewe. и не може да се отворят и като им сменям формата в такъв какъвто си бяха(pdf, jped или mp4) ми изписва "невалиден файл"Потърсих в ютюб "How to remove .qewe virus " цъкнах на един от туториалите с повече гледания и следвах стъпките - натиснах windows key+r, написах msconfig, влязох в boot, после цъкнах на сейфти мод с нетуърк, натиснах ок и после рестартиране, лаптопа се рестартира и влезе в безопасен режим, после влязох в C:/ не помня къде точно, последната директории бяха drivesr и ect или нещо такова и отворих един фаил с notepad, май се казваше host, изтрих последните 2 ред, май бяха някакъв Ip адрес - нз, след това влязох в хром и изтеглих malwarebytes, пуснах я, намери 118 файла, натиснах да ги сложи под карантина и след като програмата си свърши работата, натиснах пак win.key+r, msconfig и махнах тикчето от сейфти буут-а, рестартирах лаптопа и си помислих, че всичко вече ще си е нормално. Когато влизах в хром вече автоматично не се теглеха и инсталираха различни програми, но повечето файлове си останаха .qewe и win.def. не се отваряше.
       
      Потърсих пак в тубата как да оправя дефендъра, намерих туториал, следвах стъпките (win.key+r, regedit, влязох някъде и изтрих един файл) и дефендъра тръгна, пуснах го да сканира - не намери нищо. Потърсих из ютюб малко информация за .qewe - каквъ формат е и т.н, и се оказа, че е някакъв вид криптиране и че вирусът който съм инсталирал се казва ransomware и такива вируси се ползват за искане на подкуп. Подкуп никой не ми е искал, но забелязах нещо странно в фейсбук - някой ми е влязъл в фейсбука с ip адрес от щатите, въпреки, че съм с google authenticator, т.е дори да ми зане паролата, му трябва да въведе код от приложението google authenticator което е инсталирано на телефона ми. Някакви страници е правено от фбка ми, реклами са пускани за някви хранителни добавки и най-странното беше, че когато си смених паролата на фейсбука и се опитах пак да се логна в него от компа, (понеже като си я сменях цъкнах да се лог офне от всички устойства) ми влезе в някакъв съвсем различен фейсбук, без профилна снимка и с някфо странно име. Този фб е бил регнат в деня в който инсталирах вируса и беше регистриран с телефонният ми номер и беше админ на тези страници, от които са се пускали рекламите, т.е в този момен имаше 2 фейсбука с регистриран еднакъв основен телефонен номер. Изтрих страниците от този фейсбук, направих имейл в абв от сорта на [email protected] и сложих този имейл за основен, след това си изтрих телефонният номер от този фб акаунт и после изтрих и самият акаунт. След това като се опитах да се логна в фб с тел.си номер вече си влезе в моят си фб. 
       
      За сега всичко изглежда наред, но не съм сигурен дали съм махнал вируса напълно. Лаптопа си бачка както преди с изключение на това, че се включва по бавно и повечето ми файлове са .qewe. Може ли да ми помогнете да разбера дали наистина съм махнал вируса напълно и как да си възстановя файловете? 
       
    • от porata
      Добър ден след като стартирам пц-то може би 10-на минути след това ми излзиа един прозорец като "цмд" 
      Който се казва Таскенг.ехе интересно ми е дали това  не е вирус тъй като ми казаха че може да е троянец 



       
      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2020
      Ran by GAMEPC (13-04-2020 13:05:30)
      Running from C:\Users\GAMEPC\Downloads
      Windows 7 Home Premium Service Pack 1 (X64) (2017-09-08 09:32:01)
      Boot Mode: Normal
      ==========================================================

      ==================== Accounts: =============================
      Administrator (S-1-5-21-2297230751-1021565052-1431566534-500 - Administrator - Disabled)
      GAMEPC (S-1-5-21-2297230751-1021565052-1431566534-1000 - Administrator - Enabled) => C:\Users\GAMEPC
      Guest (S-1-5-21-2297230751-1021565052-1431566534-501 - Limited - Disabled)
      ==================== Security Center ========================
      (If an entry is included in the fixlist, it will be removed.)
      AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      ==================== Installed Programs ======================
      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
      Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
      Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.344 - Adobe)
      Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.344 - Adobe)
      Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
      AIDA64 Extreme v6.10 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.10 - FinalWire Ltd.)
      Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.3.3 - Electronic Arts, Inc.)
      ATI Catalyst Install Manager (HKLM\...\{DC9C8BC1-72CE-B5FE-EA4F-6D9127E51746}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
      Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
      CpuCoreParking (HKLM-x32\...\{0984C56D-2985-4786-AB62-39AB985E269C}) (Version: 2.1.2.0 - CpuCoreParking)
      DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
      Discord (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Discord) (Version: 0.0.306 - Discord Inc.)
      Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
      Euro Truck Simulator 2 Road to the Black Sea (HKLM-x32\...\Euro Truck Simulator 2 Road to the Black Sea_is1) (Version:  - )
      FiveM (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\CitizenFX_FiveM) (Version:  - The CitizenFX Collective)
      GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.14.5270 - Gretech Corporation)
      Google Chrome (HKLM\...\{DA081EB6-F64C-358C-9BB0-AF1EA8001F34}) (Version: 80.0.3987.163 - Google, Inc.)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
      Heroes of Might and Magic III HD Edition (HKLM-x32\...\SGVyb2Vzb2ZNaWdodGFuZE1hZ2ljSUlJSERFZGl0aW9u_is1) (Version: 1 - )
      Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version:  - )
      House Flipper Garden (HKLM-x32\...\House Flipper Garden_is1) (Version:  - )
      Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
      Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
      Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32\...\{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 - Microsoft Corporation)
      Kinect for Windows Speech Recognition Language Pack (en-CA) (HKLM-x32\...\{9C5505DA-F9C1-46CB-9F8F-AC38F8EA518A}) (Version: 11.0.7400.336 - Microsoft Corporation)
      Kinect for Windows Speech Recognition Language Pack (en-GB) (HKLM-x32\...\{A0186231-0A8B-455A-8A25-B64AABCC11A6}) (Version: 11.0.7400.336 - Microsoft Corporation)
      Kinect for Windows Speech Recognition Language Pack (en-US) (HKLM-x32\...\{8AAA44BB-487E-4D01-AF76-484ACB90DBFE}) (Version: 11.0.7400.336 - Microsoft Corporation)
      Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
      Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains)
      Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
      Microsoft Office Language Pack 2010 - Bulgarian/български (HKLM-x32\...\Office14.OMUI.bg-bg) (Version: 14.0.4763.1021 - Microsoft Corporation)
      Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
      Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
      Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
      Mozilla Firefox 67.0 (x64 bg) (HKLM\...\Mozilla Firefox 67.0 (x64 bg)) (Version: 67.0 - Mozilla)
      Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
      NVIDIA Graphics Driver 442.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 442.74 - NVIDIA Corporation)
      NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
      NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
      OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.2.1 - OBS Project)
      OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
      Origin (HKLM-x32\...\Origin) (Version: 10.5.67.39484 - Electronic Arts, Inc.)
      PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 200317 - Kakao Corp.)
      PotPlayer-64 bit (HKLM-x32\...\PotPlayer64) (Version: 1.7.8556 - Kakao Corp.)
      qBittorrent 4.2.1 (HKLM-x32\...\qBittorrent) (Version: 4.2.1 - The qBittorrent project)
      Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.18.217 - Rockstar Games)
      Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.4.8 - Rockstar Games)
      Shutdown8 (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Shutdown8) (Version: 1.08 - Bandisoft.com)
      Spotify (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Spotify) (Version: 1.1.30.658.gf13cde74 - Spotify AB)
      StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
      Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
      StreamLabels 0.3.1 (only current user) (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\8000d50a-fcb7-5b38-8a3b-a02a0ec79daa) (Version: 0.3.1 - Streamlabs)
      StreamLabels 0.3.8 (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\{8000d50a-fcb7-5b38-8a3b-a02a0ec79daa}) (Version: 0.3.8 - Streamlabs)
      Streamlabs OBS 0.16.3 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 0.16.3 - General Workings, Inc.)
      swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
      TeamSpeak 3 Client (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
      TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
      Uplay (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft)
      VALORANT (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
      Viber (HKLM-x32\...\{0B3F5AEE-47B2-4A5F-8D02-289B7E0828E6}) (Version: 11.9.1.3 - Viber Media S.a.r.l) Hidden
      Viber (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\{8b6836ad-bf1d-4591-9f20-735338e295ea}) (Version: 11.9.1.3 - Viber Media S.a.r.l)
      Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
      WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
      WinRAR 5.50 (64-битова версия) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
      ==================== Custom CLSID (Whitelisted): ==============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\ChromeHTML: ->  <==== ATTENTION
      ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
      ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
      ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
      ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2020-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
      ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
      ==================== Codecs (Whitelisted) ====================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\system32\prodad-codec.dll [607256 2019-10-15] (proDAD GmbH -> proDAD GmbH)
      HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\SysWOW64\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
      HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\SysWOW64\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
      HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\SysWOW64\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
      HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
      HKLM\...\Drivers32: [msacm.lame] => C:\Windows\SysWOW64\lame.ax [245760 2005-08-01] () [File not signed]
      HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
      HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
      HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
      HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
      HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [139264 2004-07-03] () [File not signed]
      HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
      HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
      HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
      HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
      HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
      ==================== Shortcuts & WMI ========================
      (The entries could be listed to be restored or removed.)
      Shortcut: C:\Users\GAMEPC\Desktop\OSC - Пряк път.lnk -> C:\Users\GAMEPC\Desktop\moi neshta\OSC 1.9\OSC.exe (Frawzy) <==== Cyrillic
      ShortcutWithArgument: C:\Users\GAMEPC\Desktop\moi neshta\Tinder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hejiihbkifllpgdfndalmghiodgkefan
      ShortcutWithArgument: C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения в Chrome\Tinder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hejiihbkifllpgdfndalmghiodgkefan
      ShortcutWithArgument: C:\Users\GAMEPC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
      ==================== Loaded Modules (Whitelisted) =============
      2017-09-08 12:27 - 2017-09-08 12:27 - 002651136 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wuaueng2.dll
      ==================== Alternate Data Streams (Whitelisted) ========
      (If an entry is included in the fixlist, only the ADS will be removed.)
      AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
      AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
      AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
      AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [474]
      ==================== Safe Mode (Whitelisted) ==================
      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      ==================== Association (Whitelisted) =================
      ==================== Internet Explorer trusted/restricted ==========
      ==================== Hosts content: =========================
      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
      2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
      ==================== Other Areas ===========================
      (Currently there is no automatic fix for this section.)
      HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.0.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.
      ==================== MSCONFIG/TASK MANAGER disabled items ==
      (If an entry is included in the fixlist, it will be removed.)
      MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
      MSCONFIG\startupreg: EpicGamesLauncher => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
      MSCONFIG\startupreg: FACEIT => "C:\Users\GAMEPC\AppData\Local\FACEITApp\update.exe" --processStart "FACEIT.exe"
      MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
      MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
      MSCONFIG\startupreg: Spotify => C:\Users\GAMEPC\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
      MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      MSCONFIG\startupreg: Viber => "C:\Users\GAMEPC\AppData\Local\Viber\Viber.exe" StartMinimized
      ==================== FirewallRules (Whitelisted) ================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      FirewallRules: [{11074DEE-7B8C-4DC2-AE4C-93DF0A309913}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
      FirewallRules: [{D19357FE-92D5-4C15-865D-6BA1144E3141}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
      FirewallRules: [{21EB0059-8DA7-4F26-8EBC-947F0C4E2AAA}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
      FirewallRules: [{F8BB1871-4D02-4C5E-A222-4D557710B3E1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
      FirewallRules: [{1EE7FB5D-9E25-4DA9-ACB5-D608ECDBB452}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe No File
      FirewallRules: [{84ACAD4A-CAC3-405E-BED8-CCE7B6F558B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe No File
      FirewallRules: [{5C9FEA0E-0037-4228-8A5E-308AD75AC1DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe No File
      FirewallRules: [{FD05E114-41E1-4EC3-B5A2-BBA593EE39E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe No File
      FirewallRules: [{831352BE-7396-43E6-9657-9ED9D8BAB30D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
      FirewallRules: [{AB5ACC3F-22CB-469F-9EB3-8D69417E7CD5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
      FirewallRules: [{43ADA9C0-2E56-45D1-B73D-9C89040C463D}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
      FirewallRules: [{06129773-C563-4DFF-8D34-BEA82843A4F0}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
      FirewallRules: [TCP Query User{0D1FADB8-FCE1-4E0E-B19A-D5490965A994}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
      FirewallRules: [UDP Query User{F6FECCC1-1C2E-45A5-B7AC-EAF4B88229DF}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
      FirewallRules: [TCP Query User{DEFA441A-0140-4630-9B49-0F0DB88705EC}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
      FirewallRules: [UDP Query User{2F3AD7BE-C36D-4E24-BFFA-EED5BE5D11F4}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
      FirewallRules: [{B5E37EE1-9BE1-4B57-9AD5-EEF981D7F031}] => (Allow) D:\SteamLibrary\steamapps\common\TheLongDark\tld.exe () [File not signed]
      FirewallRules: [{DC6EA5CC-0B14-4DA5-BA55-E772E5860678}] => (Allow) D:\SteamLibrary\steamapps\common\TheLongDark\tld.exe () [File not signed]
      FirewallRules: [{FF76D716-DBA6-437A-A34F-847AF6AB88AD}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
      FirewallRules: [{13A0D233-1007-4376-A4B4-1DA27C101ECB}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
      FirewallRules: [TCP Query User{86D55748-40A6-4288-AEF7-2C0B25BDF778}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
      FirewallRules: [UDP Query User{D8AE6DDF-C0F2-475C-AB9C-B84C11DDC8AB}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
      FirewallRules: [TCP Query User{695C8135-FF2C-4E94-9566-E526643684CA}C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe
      FirewallRules: [UDP Query User{3091889E-265D-4648-88DF-CEE54431325D}C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe
      FirewallRules: [{DB2F74E8-C7EB-44B3-81D7-12B84175E2EA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
      FirewallRules: [{E44676E1-030C-4238-B65F-434792B61DE5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
      FirewallRules: [TCP Query User{0E86F5BD-F2B3-4EF9-8B0C-48823DA809CB}D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe No File
      FirewallRules: [UDP Query User{0C5E839A-52EC-40D4-969E-24F12ED8D2D0}D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe No File
      FirewallRules: [TCP Query User{8796E73D-79C0-4D0B-AF34-FB3AF9BCC9BA}D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe No File
      FirewallRules: [UDP Query User{EFB29360-AB3A-4A44-9CB4-EF91CEBDB39C}D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe No File
      FirewallRules: [TCP Query User{91266298-136D-4BB3-8C13-A850A76C9BF1}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [UDP Query User{E3EAEE44-6095-4A5E-BE2F-F3E3F8349E0A}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [{2D541380-97BF-4291-BDBE-2F2228CAEA60}] => (Allow) D:\SteamLibrary\steamapps\common\EasyAntiCheat\EasyAntiCheat.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
      FirewallRules: [{127D37C8-619F-462E-BE1A-E32131065FF4}] => (Allow) D:\SteamLibrary\steamapps\common\EasyAntiCheat\EasyAntiCheat.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
      FirewallRules: [TCP Query User{3DE0592A-8D12-447D-939D-BCA439AFF137}C:\users\gamepc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gamepc\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
      FirewallRules: [UDP Query User{33216198-C2C2-482B-9DC9-2D0D13DBB4FA}C:\users\gamepc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gamepc\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
      FirewallRules: [TCP Query User{270B0322-3799-457B-960A-455318931953}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
      FirewallRules: [UDP Query User{A13AA196-1978-4C67-902B-2460B54A5BBF}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
      FirewallRules: [{59D96386-6E3E-4356-8348-CF3CFA65A81B}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
      FirewallRules: [{FFA55DD9-7016-4EC4-A808-1A467A45E95C}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
      FirewallRules: [TCP Query User{DC649560-4400-4885-84A1-B96EE04BD03C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
      FirewallRules: [UDP Query User{962C91EA-9380-4D1D-8A2F-E951089E3F37}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
      FirewallRules: [TCP Query User{DA0687C4-1D0D-4E01-B34C-68E8FF09FF9F}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
      FirewallRules: [UDP Query User{0C271F5D-81B6-4DA7-A0B8-50362178C932}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
      FirewallRules: [TCP Query User{5EFBA878-9A61-49AC-9416-CAFD7167CF8E}D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe No File
      FirewallRules: [UDP Query User{C837A044-1793-46A0-A9B2-FFC280606631}D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe No File
      FirewallRules: [TCP Query User{6C87ADBA-41D8-49FB-A494-F0A177B7F2E5}D:\12323\icarus\appdata\bin64\launcher.exe] => (Allow) D:\12323\icarus\appdata\bin64\launcher.exe No File
      FirewallRules: [UDP Query User{D3766998-33A3-4AAC-836F-4BC92BA34D50}D:\12323\icarus\appdata\bin64\launcher.exe] => (Allow) D:\12323\icarus\appdata\bin64\launcher.exe No File
      FirewallRules: [TCP Query User{5540B6FC-35DB-4545-AF53-B4FE05B85DD6}D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe] => (Allow) D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe No File
      FirewallRules: [UDP Query User{ED42665E-2CA2-4092-A15B-69F686B8F831}D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe] => (Allow) D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe No File
      FirewallRules: [{A6CE7A48-587B-440C-A6B7-9B3AB8F758E0}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [{CD3B56C1-242C-4706-81ED-FF29362608F3}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [TCP Query User{9A6D9654-27A6-4122-9C9C-4D7727258BAA}C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (cfx-collective) [File not signed]
      FirewallRules: [UDP Query User{E49D6701-B325-4215-8711-030A5EC46C9B}C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (cfx-collective) [File not signed]
      FirewallRules: [{279065A7-F5E9-4060-BA27-39476EE213D2}] => (Allow) C:\Users\GAMEPC\Downloads\bin\BlackDesert32.exe No File
      FirewallRules: [{B218AD4A-5B74-40DE-AB02-A3681FCE9C1C}] => (Allow) C:\Users\GAMEPC\Downloads\bin64\BlackDesert64.exe No File
      FirewallRules: [{10F99049-3DA4-4E89-A086-C023E8CD82B2}] => (Allow) C:\Users\GAMEPC\Downloads\BlackDesert_Launcher.exe No File
      FirewallRules: [{3FD78764-41FE-4680-9342-001EA21ECF27}] => (Allow) C:\Users\GAMEPC\Downloads\BlackDesert_Downloader.exe No File
      FirewallRules: [{CD2DAD40-C60E-41F0-ABBF-63FED12CD684}] => (Allow) D:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe No File
      FirewallRules: [{9BAD4B07-A517-4574-ABA6-922FE4DA36F4}] => (Allow) D:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe No File
      FirewallRules: [TCP Query User{757DFE1C-9664-41C4-B600-E39F75F3E007}D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
      FirewallRules: [UDP Query User{00AC97A7-683C-4F74-9AF6-EBFD84CB000D}D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
      FirewallRules: [TCP Query User{391AE70C-4E68-4DE8-A05A-D56058FAEBFA}D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
      FirewallRules: [UDP Query User{61C858A3-948F-407A-A7BF-2712693C1649}D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
      FirewallRules: [TCP Query User{CBB94106-0926-4293-AA94-864143E7ACDC}D:\city\city car driving\bin\win32\starter.exe] => (Allow) D:\city\city car driving\bin\win32\starter.exe No File
      FirewallRules: [UDP Query User{1602653C-F8D6-481F-B4DE-483B83E4A081}D:\city\city car driving\bin\win32\starter.exe] => (Allow) D:\city\city car driving\bin\win32\starter.exe No File
      FirewallRules: [{D70481FE-EDB4-4F66-A879-015B84C54F1C}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation )
      FirewallRules: [{0255AAE2-A93D-49F6-84EA-91CF71112821}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation )
      FirewallRules: [{3EEC0786-9E2E-4EAC-9CB1-97F68AE8DBDA}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForever.exe () [File not signed]
      FirewallRules: [{F07A3467-6DA2-4A61-BFA9-75DFE2760BAA}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForever.exe () [File not signed]
      FirewallRules: [{7BCD6AF7-E264-49EC-B3DF-0B903C656894}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe () [File not signed]
      FirewallRules: [{9796C8A1-0246-4D08-94F7-97B3A81204AF}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe () [File not signed]
      FirewallRules: [TCP Query User{4194E6A1-B90A-4C01-AAC1-A150648BD511}D:\1.6\hl.exe] => (Allow) D:\1.6\hl.exe No File
      FirewallRules: [UDP Query User{39B944DB-8264-4416-BBBA-052EEC50F7FC}D:\1.6\hl.exe] => (Allow) D:\1.6\hl.exe No File
      FirewallRules: [TCP Query User{857D0C4A-0661-4E7D-B23A-735FF8ADABA1}D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe No File
      FirewallRules: [UDP Query User{29AE9F40-6F4A-4698-8241-A75FE2382548}D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe No File
      FirewallRules: [TCP Query User{92B59CE8-E0C7-43A9-9D55-2AEDA2AA9FA5}D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
      FirewallRules: [UDP Query User{8AEEF23D-67B8-4B6C-9DA0-D61F44EFC129}D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
      FirewallRules: [{A383D054-F8C2-45B5-A517-E63819807BB6}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [{FD87341A-3B7F-44E8-B09F-ADFBDF1B247D}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
      FirewallRules: [{2C2C2027-2BB8-4A51-9A9C-ED9A4BBCB358}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe No File
      FirewallRules: [{9B1767CE-81DE-4826-8906-9DEFCC351FAB}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe No File
      FirewallRules: [{E2FEE995-77A6-4556-A200-30CB17D4ABA6}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe No File
      FirewallRules: [{DFB2A3C2-EA05-4944-B38A-7A85B48E8A1F}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe No File
      FirewallRules: [TCP Query User{5A72CD9B-BF9D-4B23-A72B-26D40F24F859}D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
      FirewallRules: [UDP Query User{8312C3A6-76BE-4C56-A5A6-DE950D9F08F1}D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
      FirewallRules: [TCP Query User{F64B2B06-1EDF-4393-8640-332BC5898996}D:\apex\apex\r5apex.exe] => (Allow) D:\apex\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
      FirewallRules: [UDP Query User{E2BBA317-E554-46F4-9705-DB7E4991BF19}D:\apex\apex\r5apex.exe] => (Allow) D:\apex\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
      FirewallRules: [TCP Query User{06645CA2-731E-4100-8BFC-CF2887EC9BD4}C:\users\gamepc\appdata\local\fivem\fivem.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.exe (cfx-collective) [File not signed]
      FirewallRules: [UDP Query User{68EFF667-1BA0-46F4-B7E4-B8AC10475E9D}C:\users\gamepc\appdata\local\fivem\fivem.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.exe (cfx-collective) [File not signed]
      FirewallRules: [{B94666B2-3213-45DC-9A55-A01D147CA93D}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
      FirewallRules: [{35AD171F-75C6-469B-A634-4E9ABEFB99C0}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
      FirewallRules: [TCP Query User{8333A1F9-D09D-4985-B9CD-10A78C408300}C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe (Innovative Digital Technologies -> )
      FirewallRules: [UDP Query User{D9E8A289-BA55-45AE-A241-45085DACBF2D}C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe (Innovative Digital Technologies -> )
      FirewallRules: [{F60269A0-9AA8-46D8-98B9-0A888500723C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
      FirewallRules: [{C584D871-7182-4224-96CC-26C664539C6B}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
      FirewallRules: [TCP Query User{0E05C3B9-C433-4C3A-8C01-FF69520BF241}C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe] => (Allow) C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe No File
      FirewallRules: [UDP Query User{76E5872D-7EB0-40F2-9AD9-61CD16A593A8}C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe] => (Allow) C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe No File
      FirewallRules: [TCP Query User{20420812-2158-4116-BD8E-FE273007CA43}C:\users\gamepc\downloads\fivem.exe] => (Allow) C:\users\gamepc\downloads\fivem.exe (cfx-collective) [File not signed]
      FirewallRules: [UDP Query User{1C53FDAE-2CE7-44AD-8F95-828A28E4D6B1}C:\users\gamepc\downloads\fivem.exe] => (Allow) C:\users\gamepc\downloads\fivem.exe (cfx-collective) [File not signed]
      FirewallRules: [TCP Query User{0DE874C5-C399-4C71-A2FB-7D012892D73B}C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe No File
      FirewallRules: [UDP Query User{201BA7D9-6E59-4592-89FE-45240B104987}C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe No File
      FirewallRules: [TCP Query User{42114D4D-52E5-4B29-A4B1-5EA3A87CE648}D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe No File
      FirewallRules: [UDP Query User{ADC3D6A5-74A9-43BE-9C8E-0EA092058F7B}D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe No File
      FirewallRules: [{5C7D63B1-F70B-4ED6-A325-B196C2FEBB19}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
      FirewallRules: [{0ECBF459-D321-4FFE-A103-D92F19E70819}] => (Allow) D:\apex\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
      FirewallRules: [{41EE669E-05F2-472E-BD87-338219AB5C30}] => (Allow) D:\apex\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
      ==================== Restore Points =========================
      07-04-2020 04:20:29 Планирана контролна точка
      08-04-2020 21:01:42 Installed DirectX
      08-04-2020 21:03:15 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
      12-04-2020 03:12:38 Installed DirectX
      12-04-2020 03:14:16 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
      ==================== Faulty Device Manager Devices ============
      Name: Realtek RTL8139/810x Family Fast Ethernet NIC
      Description: Realtek RTL8139/810x Family Fast Ethernet NIC
      Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
      Manufacturer: Realtek Semiconductor Corp.
      Service: RTL8023x64
      Problem: : This device is disabled. (Code 22)
      Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

      ==================== Event log errors: ========================
      Application errors:
      ==================
      Error: (04/13/2020 12:43:23 PM) (Source: SetupARService) (EventID: 0) (User: )
      Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
         at SetupAfterRebootService.SetupARService.OnStart(String[] args)
         at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
      Error: (04/13/2020 12:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Име на приложение с грешки: FreemakeUtilsService.exe, версия: 1.0.0.0, времево клеймо: 0x5e454538
      Име на модул с грешки: KERNELBASE.dll, версия: 6.1.7601.24408, времево клеймо: 0x5c92f101
      Код на изключение: 0xe0434352
      Отместване на грешка: 0x0000c5af
      ИД на процес на грешка: 0x5a4
      Начален час на приложението с грешки: 0x01d61177bc69c281
      Път на приложението с грешки: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
      Път на модула с грешки: C:\Windows\syswow64\KERNELBASE.dll
      ИД на доклад: 078618cf-7d6b-11ea-a16d-94de809321cd
      Error: (04/13/2020 12:41:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
      Description: Application: FreemakeUtilsService.exe
      Framework Version: v4.0.30319
      Description: The process was terminated due to an unhandled exception.
      Exception Info: System.IO.FileNotFoundException
         at FreemakeUtilsService.Program.Main(System.String[])
      Error: (04/12/2020 01:52:27 PM) (Source: SetupARService) (EventID: 0) (User: )
      Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
         at SetupAfterRebootService.SetupARService.OnStart(String[] args)
         at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
      Error: (04/12/2020 01:51:13 PM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Име на приложение с грешки: FreemakeUtilsService.exe, версия: 1.0.0.0, времево клеймо: 0x5e454538
      Име на модул с грешки: KERNELBASE.dll, версия: 6.1.7601.24408, времево клеймо: 0x5c92f101
      Код на изключение: 0xe0434352
      Отместване на грешка: 0x0000c5af
      ИД на процес на грешка: 0x5a0
      Начален час на приложението с грешки: 0x01d610b83a55eadf
      Път на приложението с грешки: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
      Път на модула с грешки: C:\Windows\syswow64\KERNELBASE.dll
      ИД на доклад: 8671c75e-7cab-11ea-97de-94de809321cd
      Error: (04/12/2020 01:50:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
      Description: Application: FreemakeUtilsService.exe
      Framework Version: v4.0.30319
      Description: The process was terminated due to an unhandled exception.
      Exception Info: System.IO.FileNotFoundException
         at FreemakeUtilsService.Program.Main(System.String[])
      Error: (04/09/2020 09:03:40 AM) (Source: SetupARService) (EventID: 0) (User: )
      Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
         at SetupAfterRebootService.SetupARService.OnStart(String[] args)
         at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
      Error: (04/09/2020 09:02:22 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Име на приложение с грешки: FreemakeUtilsService.exe, версия: 1.0.0.0, времево клеймо: 0x5e454538
      Име на модул с грешки: KERNELBASE.dll, версия: 6.1.7601.24408, времево клеймо: 0x5c92f101
      Код на изключение: 0xe0434352
      Отместване на грешка: 0x0000c5af
      ИД на процес на грешка: 0x5ac
      Начален час на приложението с грешки: 0x01d60e346165c638
      Път на приложението с грешки: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
      Път на модула с грешки: C:\Windows\syswow64\KERNELBASE.dll
      ИД на доклад: ad3e8ed0-7a27-11ea-99ea-94de809321cd

      System errors:
      =============
      Error: (04/13/2020 12:43:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
      Description: Неуспешно зареждане на следния драйвер, който се активира с включване на компютъра или стартиране на системата: 
      cdrom
      Error: (04/13/2020 12:42:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: Услуга Origin Web Helper Service не може да бъде стартирана поради следната грешка: 
      Услугата не отговори навреме на искане за стартиране или управление.
      Error: (04/13/2020 12:42:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Origin Web Helper Service да се свърже.
      Error: (04/13/2020 12:42:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: Услуга Freemake Improver не може да бъде стартирана поради следната грешка: 
      Услугата не отговори навреме на искане за стартиране или управление.
      Error: (04/13/2020 12:42:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Freemake Improver да се свърже.
      Error: (04/12/2020 01:52:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
      Description: Неуспешно зареждане на следния драйвер, който се активира с включване на компютъра или стартиране на системата: 
      cdrom
      Error: (04/12/2020 01:51:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: Услуга Origin Web Helper Service не може да бъде стартирана поради следната грешка: 
      Услугата не отговори навреме на искане за стартиране или управление.
      Error: (04/12/2020 01:51:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
      Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Origin Web Helper Service да се свърже.

      CodeIntegrity:
      ===================================
      Date: 2019-06-09 17:12:15.330
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-53D9481D\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 17:12:15.275
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-53D9481D\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 16:10:34.363
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-53D9481D\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 16:10:34.318
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-53D9481D\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 05:58:19.154
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-6F3B2470\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 05:58:19.101
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-6F3B2470\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 05:31:45.759
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-6F3B2470\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      Date: 2019-06-09 05:31:45.707
      Description: 
      Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-6F3B2470\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
      ==================== Memory info =========================== 
      BIOS: Award Software International, Inc. F4b 04/26/2013
      Motherboard: Gigabyte Technology Co., Ltd. GA-78LMT-S2P
      Processor: AMD FX-8320E Eight-Core Processor 
      Percentage of memory in use: 30%
      Total physical RAM: 16381.54 MB
      Available physical RAM: 11368.57 MB
      Total Virtual: 32761.22 MB
      Available Virtual: 26564.91 MB
      ==================== Drives ================================
      Drive 😄 () (Fixed) (Total:150 GB) (Free:33.1 GB) NTFS
      Drive d: () (Fixed) (Total:781.41 GB) (Free:352.36 GB) NTFS
      \\?\Volume{2f050b3f-9477-11e7-8c98-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
      ==================== MBR & Partition Table ====================
      ==========================================================
      Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0C59AE75)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=781.4 GB) - (Type=05)
      ==================== End of Addition.txt =======================





       
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-04-2020
      Ran by GAMEPC (administrator) on GAMEPC-PC (Gigabyte Technology Co., Ltd. GA-78LMT-S2P) (13-04-2020 13:04:14)
      Running from C:\Users\GAMEPC\Downloads
      Loaded Profiles: GAMEPC (Available Profiles: GAMEPC)
      Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Български (България)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Discord Inc. -> Discord Inc.) C:\Users\GAMEPC\AppData\Local\Discord\app-0.0.306\Discord.exe <6>
      (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <28>
      (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
      (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
      (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
      (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
      ==================== Registry (Whitelisted) ===================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Spotify] => C:\Users\GAMEPC\AppData\Roaming\Spotify\Spotify.exe [22932200 2020-04-09] (Spotify AB -> Spotify Ltd)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [GAMEPC] => explorer.exe hxxp://dinoraptzor.org <==== ATTENTION
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [FACEIT] => "C:\Users\GAMEPC\AppData\Local\FACEITApp\update.exe" --processStart "FACEIT.exe"
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [gtarcade] => "C:\Users\GAMEPC\AppData\Local\Gtarcade\app\gtarcade.exe"   /auto_start=1 
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Discord] => C:\Users\GAMEPC\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\MountPoints2: {2d2c5be0-94b8-11e7-8704-048d38748987} - E:\setup.exe
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\MountPoints2: {609d2171-c4d2-11e7-a1c0-048d38748987} - E:\Lenovo_Suite.exe
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-08] (Google LLC -> Google LLC)
      Startup: C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK [2019-05-20]
      ShortcutTarget: Registration Heroes of Might & Magic 5 - Tribes of the East.LNK -> D:\heroes 3\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe (No File)
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Scheduled Tasks (Whitelisted) ============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      Task: {29CD2B59-F360-4EA0-8046-E993FB989355} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_pepper.exe [1453624 2020-03-11] (Adobe Inc. -> Adobe)
      Task: {31987656-F768-4D69-96DF-7AD4AB429034} - System32\Tasks\update-S-1-5-21-2297230751-1021565052-1431566534-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
      Task: {3DAD135E-7AD5-4D57-B3E2-9E7F6AD9E01C} - System32\Tasks\{76A40252-E785-4407-9A98-34E12F6F05C9} => C:\Windows\system32\pcalua.exe -a "c:\program files (x86)\hi-rez studios\HiRezGamesDiagAndSupport.exe" -c uninstall=0
      Task: {5A3FE129-72EA-42EB-BA09-CBF91559E528} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
      Task: {64503CA0-D96B-485A-A2ED-32E1ADEC5130} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-08] (Google Inc -> Google Inc.)
      Task: {A19D33FF-7FBC-4D6F-B122-FFBC2947D956} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-03-11] (Adobe Inc. -> Adobe)
      Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
      Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
      Task: {C84BADD3-E09D-4A90-9F80-FC6F9C4BF9D6} - System32\Tasks\GAMEPC => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v GAMEPC /t REG_SZ /d "explorer.exe hxxp://dinoraptzor.org" <==== ATTENTION
      Task: {F67C982E-B27B-4B4D-B6F1-B5474BEA2341} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_Plugin.exe [1458232 2020-03-11] (Adobe Inc. -> Adobe)
      Task: {FB761E82-2ABF-4B7D-A0A8-3F00F3533DD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-08] (Google Inc -> Google Inc.)
      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
      Task: C:\Windows\Tasks\update-S-1-5-21-2297230751-1021565052-1431566534-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
      Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{BFE47783-CFC6-4DEE-8858-A9889FC23A55}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{F8E6BFBF-08DD-4CEC-8468-25670AF9DFE4}: [DhcpNameServer] 94.72.140.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      FireFox:
      ========
      FF DefaultProfile: mrpwyf7s.default
      FF ProfilePath: C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default [2020-03-02]
      FF user.js: detected! => C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\user.js [2019-01-02]
      FF Homepage: Mozilla\Firefox\Profiles\mrpwyf7s.default -> google.bg
      FF Notifications: Mozilla\Firefox\Profiles\mrpwyf7s.default -> hxxps://www.instagram.com
      FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\Extensions\[email protected] [2020-01-04]
      FF Extension: (uBlock Origin) - C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\Extensions\[email protected] [2019-01-31]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )
      FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )
      FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.) [File not signed]
      FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR Profile: C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default [2020-04-13]
      CHR Notifications: Default -> hxxps://csgofast.com; hxxps://forum.dmg-inc.com; hxxps://ghost-recon.ubisoft.com; hxxps://tinder.com; hxxps://www.emag.bg
      CHR StartupUrls: Default -> "hxxp://google.bg/"
      CHR DefaultSearchURL: Default -> hxxps://tinder.com/static/android-chrome-192x192.png
      CHR Extension: (Презентации) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Документи) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Диск) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
      CHR Extension: (YouTube) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-08]
      CHR Extension: (Таблици) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Документи офлайн) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-10]
      CHR Extension: (Tinder) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hejiihbkifllpgdfndalmghiodgkefan [2019-04-05]
      CHR Extension: (Hoxx VPN Proxy) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2020-03-17]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
      CHR Extension: (Gmail) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
      CHR Extension: (Chrome Media Router) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-03]
      CHR Profile: C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\System Profile [2020-02-17]
      Opera: 
      =======
      OPR Extension: (uBlock Origin) - C:\Users\GAMEPC\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2020-01-04]
      ==================== Services (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8402648 2019-11-20] (BattlEye Innovations e.K. -> )
      S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291392 2017-08-17] (Disc Soft Ltd -> Disc Soft Ltd)
      S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-11-12] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
      S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2020-02-13] (Mixbyte Inc -> Freemake)
      S3 mracsvc; C:\Windows\System32\mracsvc.exe [18534552 2019-08-24] (Mail.Ru LLC -> LLC Mail.Ru)
      S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [8019808 2018-03-29] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
      S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2495792 2020-04-12] (Electronic Arts, Inc. -> Electronic Arts)
      S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3447608 2020-04-12] (Electronic Arts, Inc. -> Electronic Arts)
      S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1688720 2020-03-05] (Rockstar Games, Inc. -> Rockstar Games)
      S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2017-09-08] (Realtek Semiconductor.) [File not signed]
      S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-11-08] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-06-20] (Microsoft Windows -> Microsoft Corporation)
      R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651136 2017-09-08] (Microsoft Corporation) [File not signed]
      S3 FACEITService; C:/Program Files/FACEIT AC/FACEITService.exe [X]
      R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
      S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe" [X]
      ===================== Drivers (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2017-09-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
      R0 amdsata; C:\Windows\System32\DRIVERS\amdsata.sys [67128 2009-04-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
      R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [28216 2009-04-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
      R0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [16440 2009-05-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
      R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-09-11] (Disc Soft Ltd -> Disc Soft Ltd)
      R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-09-11] (Disc Soft Ltd -> Disc Soft Ltd)
      R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-09-08] (Martin Malik - REALiX -> REALiX(tm))
      R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2017-09-08] (Qualcomm Atheros -> Qualcomm Atheros Co., Ltd.)
      S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [17770920 2019-08-24] (Mail.Ru LLC -> LLC Mail.Ru)
      S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69840 2019-07-18] (NVIDIA Corporation -> NVIDIA Corporation)
      S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [61656 2017-09-08] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
      R3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [34872 2009-04-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
      S3 VOICEMOD_Driver; C:\Windows\System32\drivers\vmdrv.sys [27648 2019-07-02] (Windows (R) Win 7 DDK provider) [File not signed]
      S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
      S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
      S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
      S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One month (created) ===================
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2020-04-13 13:04 - 2020-04-13 13:05 - 000018493 _____ C:\Users\GAMEPC\Downloads\FRST.txt
      2020-04-13 13:03 - 2020-04-13 13:04 - 000000000 ____D C:\FRST
      2020-04-13 13:02 - 2020-04-13 13:03 - 002281984 _____ (Farbar) C:\Users\GAMEPC\Downloads\FRST64.exe
      2020-04-13 13:02 - 2020-04-13 13:02 - 002281984 _____ (Farbar) C:\Users\GAMEPC\Downloads\Непотвърдено 720436.crdownload
      2020-04-12 15:52 - 2020-04-12 15:54 - 021108919 _____ C:\Users\GAMEPC\Downloads\IMG_0571.mov
      2020-04-11 14:13 - 2020-04-11 14:13 - 000013913 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Longest.Railway.Tunnel.2020.1080i.HDTV.x264.torrent
      2020-04-11 14:13 - 2020-04-11 14:13 - 000013724 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Super.Stadium.2020.1080i.HDTV.x264.torrent
      2020-04-11 14:07 - 2020-04-11 14:07 - 000020396 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Tallest.Building.On.Earth.2020.720p.HDTV.x264.torrent
      2020-04-11 14:07 - 2020-04-11 14:07 - 000013420 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Mega.Ship.2020.1080i.HDTV.x264.torrent
      2020-04-10 13:56 - 2020-04-10 13:56 - 000011541 _____ C:\Users\GAMEPC\Downloads\Busty.Coeds.vs.Lusty.Cheerleaders.2011.HDRip.720p.x264.mp4.torrent
      2020-04-09 13:58 - 2020-04-09 14:13 - 169566096 _____ C:\Users\GAMEPC\Downloads\twerk.AVI
      2020-04-09 13:58 - 2020-04-09 14:06 - 058040907 _____ C:\Users\GAMEPC\Downloads\MOV01556.mpeg
      2020-04-07 15:07 - 2020-04-07 15:07 - 000001655 _____ C:\Users\Public\Desktop\VALORANT.lnk
      2020-04-07 15:07 - 2020-04-07 15:07 - 000001655 _____ C:\ProgramData\Desktop\VALORANT.lnk
      2020-04-07 15:07 - 2020-04-07 15:07 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games
      2020-04-07 15:07 - 2020-04-07 15:07 - 000000000 ____D C:\Riot Games
      2020-04-07 15:07 - 2020-04-07 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
      2020-04-07 15:06 - 2020-04-07 15:07 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Riot Games
      2020-04-07 15:06 - 2020-04-07 15:07 - 000000000 ____D C:\ProgramData\Riot Games
      2020-04-07 15:05 - 2020-04-07 15:06 - 068288168 _____ (Riot Games, Inc.) C:\Users\GAMEPC\Downloads\Install VALORANT.exe
      2020-04-06 20:12 - 2020-04-06 20:12 - 000016557 _____ C:\Users\GAMEPC\Downloads\Now.You.See.Me.2013.EXTENDED.480p.BDRip.x265.AC3.BGaudio-REFLUX.torrent
      2020-04-06 20:08 - 2020-04-06 20:08 - 000011672 _____ C:\Users\GAMEPC\Downloads\The.Lone.Ranger.2013.BDRip.x264.BGAUDiO-SLSS.torrent
      2020-04-06 20:05 - 2020-04-06 20:05 - 000014150 _____ C:\Users\GAMEPC\Downloads\Jack.the.Giant.Slayer.2013.576p.BDRip.x265.DUAL-REFLUX.torrent
      2020-04-05 02:03 - 2020-04-05 02:03 - 000151200 _____ C:\Users\GAMEPC\Downloads\The.Penguins.of.Madagascar.2008.DVDRip.XviD.BGAUDIO-nikio96.torrent
      2020-04-04 15:32 - 2020-04-04 15:32 - 000173894 _____ C:\Users\GAMEPC\Downloads\Hawaii.Five-0.S01.720p.WEB-DL.BG.ENG.H.264-smsliverpool.torrent
      2020-04-04 14:41 - 2020-04-04 14:41 - 000053564 _____ C:\Users\GAMEPC\Downloads\Arrival__2016.(subs.sab.bz).rar
      2020-04-04 14:41 - 2020-04-04 14:41 - 000011894 _____ C:\Users\GAMEPC\Downloads\Arrival.2016.576p.BDRIP.x264.AAC-GOD.torrent
      2020-04-02 01:56 - 2020-04-02 01:56 - 000014519 _____ C:\Users\GAMEPC\Downloads\National.Treasure.2004.BRRip.XviD.BGAUDiO-ZmN.torrent
      2020-04-01 02:07 - 2020-04-01 02:07 - 000055713 _____ C:\Users\GAMEPC\Downloads\Meet The Fockers [DVDRip][2004][BGAudio][BugzBunny].avi.torrent
      2020-03-31 23:21 - 2020-03-31 23:21 - 000089245 _____ C:\Users\GAMEPC\Downloads\Addams.Family.Values.1993.1080p.BluRay.x264-SlzD.torrent
      2020-03-31 23:21 - 2020-03-31 23:21 - 000026602 _____ C:\Users\GAMEPC\Downloads\addams.family.values.1993.bluray.bg(subsunacs.net).rar
      2020-03-31 23:19 - 2020-03-31 23:19 - 000026083 _____ C:\Users\GAMEPC\Downloads\the_addams_family(subsunacs.net).zip
      2020-03-31 23:19 - 2020-03-31 23:19 - 000015432 _____ C:\Users\GAMEPC\Downloads\The.Addams.Family.1991.HDTVRip.XviD.AC3-KiNGS.torrent
      2020-03-30 23:36 - 2020-03-31 00:08 - 000000000 ____D C:\Users\GAMEPC\Documents\Assassin's Creed Syndicate
      2020-03-30 23:36 - 2020-03-30 23:36 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\uplay
      2020-03-30 21:17 - 2020-03-30 21:17 - 000058328 _____ C:\Users\GAMEPC\Downloads\Assassin's Creed Syndicate - Gold Edition + v1.5 + All DLCs [FitGirl Repack].torrent
      2020-03-30 20:08 - 2020-03-30 20:08 - 001024240 _____ C:\Users\GAMEPC\Downloads\filmora-idco_setup_full1901.exe
      2020-03-30 20:07 - 2020-03-30 20:07 - 001153264 _____ C:\Users\GAMEPC\Downloads\filmorapro_setup_full4895.exe
      2020-03-30 20:03 - 2020-03-30 20:03 - 000000000 ____D C:\Users\GAMEPC\Documents\New Folder(2)
      2020-03-30 20:03 - 2020-03-30 20:03 - 000000000 ____D C:\Users\GAMEPC\Documents\New Folder(1)
      2020-03-30 20:02 - 2020-03-30 20:02 - 000000000 ____D C:\Users\GAMEPC\Documents\New Folder
      2020-03-30 19:35 - 2020-03-30 19:37 - 135856128 _____ C:\Users\GAMEPC\Downloads\blender-2.82a-windows64.msi
      2020-03-28 04:34 - 2020-03-28 04:35 - 018548431 _____ C:\Users\GAMEPC\Downloads\voicemod crack .rar
      2020-03-28 04:22 - 2020-03-28 04:22 - 023272680 _____ (Voicemod S.L. ) C:\Users\GAMEPC\Downloads\VoicemodSetup.exe
      2020-03-28 04:22 - 2019-07-02 17:50 - 000027648 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\vmdrv.sys
      2020-03-26 16:39 - 2020-03-26 16:39 - 000021708 _____ C:\Users\GAMEPC\Downloads\the_hunt(subsunacs.net).7z
      2020-03-26 16:38 - 2020-03-26 16:38 - 000038078 _____ C:\Users\GAMEPC\Downloads\The.Hunt.2020.1080p.AMZN.WEBRip.DDP5.1.x264-NTG.torrent
      2020-03-25 22:47 - 2019-01-01 00:02 - 006045924 _____ C:\Users\GAMEPC\Desktop\meepoof_legacy_nonQcast.exe
      2020-03-25 22:45 - 2020-03-25 22:45 - 005896438 _____ C:\Users\GAMEPC\Downloads\meepoofv1_legacy_nonQcast.zip
      2020-03-25 02:45 - 2020-03-25 02:45 - 000002971 _____ C:\Users\GAMEPC\Downloads\Unacknowledged.2017.1080p.WEB.x265.AAC-Dr3adLoX.torrent
      2020-03-25 02:42 - 2020-03-25 02:42 - 000013592 _____ C:\Users\GAMEPC\Downloads\Most.Evil.Egocentric.Killers.1080i.HDTV.x264.torrent
      2020-03-24 19:05 - 2020-03-24 19:05 - 000002374 _____ C:\Users\GAMEPC\Desktop\StreamLabels.lnk
      2020-03-24 19:04 - 2020-03-24 19:05 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\streamlabels-updater
      2020-03-23 15:18 - 2020-03-23 15:18 - 000045449 _____ C:\Users\GAMEPC\Downloads\The_Invisible_Man.(subs.sab.bz).zip
      2020-03-23 15:18 - 2020-03-23 15:18 - 000039071 _____ C:\Users\GAMEPC\Downloads\The.Invisible.Man.2020.1080p.WEB-DL.H264.AC3-EVO.torrent
      2020-03-23 15:14 - 2020-03-23 15:14 - 000012215 _____ C:\Users\GAMEPC\Downloads\Toy.Story.4.2019.BRRip.x265.AC3.BGAUDiO-SiSO.torrent
      2020-03-22 14:43 - 2020-03-22 14:43 - 000315856 _____ C:\Users\GAMEPC\Downloads\SHUTDOWN8-SETUP.EXE
      2020-03-22 14:43 - 2020-03-22 14:43 - 000001043 _____ C:\Users\GAMEPC\Desktop\Shutdown8.lnk
      2020-03-22 14:43 - 2020-03-22 14:43 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Shutdown8
      2020-03-22 14:42 - 2020-03-22 14:42 - 000566784 _____ C:\Users\GAMEPC\Downloads\ShutDown.exe
      2020-03-22 14:32 - 2020-03-16 16:07 - 039835432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
      2020-03-22 14:32 - 2020-03-16 16:07 - 022106560 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
      2020-03-22 14:32 - 2020-03-16 16:07 - 018416616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
      2020-03-22 14:32 - 2020-03-16 16:06 - 004257984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 001729440 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
      2020-03-22 14:32 - 2020-03-16 13:10 - 001729440 _____ C:\Windows\system32\vulkaninfo.exe
      2020-03-22 14:32 - 2020-03-16 13:10 - 001329576 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
      2020-03-22 14:32 - 2020-03-16 13:10 - 001329576 _____ C:\Windows\SysWOW64\vulkaninfo.exe
      2020-03-22 14:32 - 2020-03-16 13:10 - 001079208 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 001079208 _____ C:\Windows\system32\vulkan-1.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 000937920 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 000937920 _____ C:\Windows\SysWOW64\vulkan-1.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 000440040 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
      2020-03-22 14:32 - 2020-03-16 13:10 - 000343784 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 127357328 _____ (NVIDIA Corp.) C:\Windows\system32\nvoptix.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 040314976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 029930728 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl64.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 027555560 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtum64.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 025239952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl32.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 011834784 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 010161040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
      2020-03-22 14:32 - 2020-03-16 13:09 - 000420240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 029545584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 022880352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
      2020-03-22 14:32 - 2020-03-16 13:08 - 017464208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 015029992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 004988136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 004447648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 002068368 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001720208 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6444274.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001560808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001482984 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6444274.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001476536 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001363176 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001139832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 001057696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000625776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000539880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000517232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000422328 _____ C:\Windows\system32\nvofapi64.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000373360 _____ C:\Windows\SysWOW64\nvofapi.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000182368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000164464 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000158304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
      2020-03-22 14:32 - 2020-03-16 13:08 - 000143288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
      2020-03-22 14:32 - 2020-03-16 13:07 - 040502176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
      2020-03-22 14:32 - 2020-03-16 13:07 - 035371424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
      2020-03-22 14:32 - 2020-03-16 13:07 - 000518560 _____ (NVIDIA Corporation) C:\Windows\system32\nvcbl64.dll
      2020-03-22 14:28 - 2020-03-22 14:29 - 554302392 _____ (NVIDIA Corporation) C:\Users\GAMEPC\Downloads\442.74-desktop-win8-win7-64bit-international-whql.exe
      2020-03-21 05:08 - 2020-03-21 05:08 - 000021014 _____ C:\Users\GAMEPC\Downloads\Scooby Doo Mystery Incorporated Season 2 DVDRip BG Audio - SPYRO.torrent
      2020-03-20 16:09 - 2020-03-20 16:09 - 000077329 _____ C:\Users\GAMEPC\Downloads\_Yavka.net_The.Outsider.S01E01.WEBRip.x264-ION10.zip
      2020-03-20 16:09 - 2020-03-20 16:09 - 000041769 _____ C:\Users\GAMEPC\Downloads\The.Outsider.2020.S01E01.WEB.H264-XLF.torrent
      2020-03-20 15:11 - 2020-03-20 15:11 - 000056630 _____ C:\Users\GAMEPC\Downloads\Secret.Window.2004.DVDrip.XviD.Brutus-WORKZ.torrent
      2020-03-20 15:08 - 2020-03-20 15:08 - 000025691 _____ C:\Users\GAMEPC\Downloads\1408.2007.Director_s.Cut.720p.HDDVD.x264_CtrlHD.(subs.sab.bz).rar
      2020-03-20 15:07 - 2020-03-20 15:07 - 000014658 _____ C:\Users\GAMEPC\Downloads\1408.2007.BRRip.XViD.AC3 -playXD.torrent
      2020-03-20 15:03 - 2020-03-20 15:03 - 000014435 _____ C:\Users\GAMEPC\Downloads\Daybreakers.2009.BDRip.x264.AAC.BGAUDiO-SiSO.torrent
      2020-03-20 14:59 - 2020-03-20 14:59 - 000056731 _____ C:\Users\GAMEPC\Downloads\Dreamcatcher.DVDrip.AC3.torrent
      2020-03-19 14:12 - 2020-03-19 14:22 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\ShootersPool
      2020-03-19 14:12 - 2020-03-19 14:12 - 000000000 ____D C:\Users\GAMEPC\Documents\ShootersPool
      2020-03-19 14:12 - 2020-03-19 14:12 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\ShootersPool
      2020-03-19 13:39 - 2020-03-19 13:57 - 1545182216 _____ C:\Users\GAMEPC\Downloads\ShootersPool-1.8.2c_Setup.exe
      2020-03-17 16:31 - 2020-03-17 16:31 - 000033204 _____ C:\Users\GAMEPC\Downloads\swtros_2019_web_unacs_team(subsunacs.net).rar
      2020-03-17 16:30 - 2020-03-17 16:30 - 000027541 _____ C:\Users\GAMEPC\Downloads\Star.Wars.Episode.IX.The.Rise.of.Skywalker.2020.HDRip.AC3.x264-CMRG.torrent
      2020-03-15 14:48 - 2020-03-15 14:48 - 000013669 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Austria's.Mega.Dam.2020.1080i.HDTV.x264.torrent
      2020-03-15 00:26 - 2020-03-15 00:30 - 068914501 _____ C:\Users\GAMEPC\Downloads\FullSizeRender.mov
      2020-03-14 19:01 - 2020-03-14 19:08 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\CitizenFX
      2020-03-14 18:50 - 2020-04-09 18:17 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\FiveM
      2020-03-14 18:50 - 2020-03-14 18:50 - 008885192 _____ (cfx-collective) C:\Users\GAMEPC\Downloads\FiveM.exe
      2020-03-14 18:50 - 2020-03-14 18:50 - 000002024 _____ C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM Singleplayer.lnk
      2020-03-14 18:50 - 2020-03-14 18:50 - 000002016 _____ C:\Users\GAMEPC\Desktop\FiveM Singleplayer.lnk
      2020-03-14 18:50 - 2020-03-14 18:50 - 000002016 _____ C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM.lnk
      2020-03-14 18:50 - 2020-03-14 18:50 - 000002008 _____ C:\Users\GAMEPC\Desktop\FiveM.lnk
      ==================== One month (modified) ==================
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2020-04-13 12:56 - 2017-09-23 18:42 - 000000000 ____D C:\Program Files (x86)\Steam
      2020-04-13 12:51 - 2009-07-14 07:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2020-04-13 12:51 - 2009-07-14 07:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2020-04-13 12:49 - 2019-03-14 23:38 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Spotify
      2020-04-13 12:44 - 2017-09-09 22:09 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\discord
      2020-04-13 12:42 - 2019-03-14 23:37 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Spotify
      2020-04-13 12:42 - 2017-09-08 14:03 - 000000000 ____D C:\ProgramData\NVIDIA
      2020-04-13 12:41 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2020-04-13 03:59 - 2019-07-31 00:33 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\obs-studio
      2020-04-13 03:38 - 2019-08-14 02:36 - 000000390 _____ C:\Windows\Tasks\update-sys.job
      2020-04-13 02:45 - 2019-08-14 02:36 - 000000390 _____ C:\Windows\Tasks\update-S-1-5-21-2297230751-1021565052-1431566534-1000.job
      2020-04-12 03:45 - 2019-12-26 03:14 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Origin
      2020-04-12 03:12 - 2019-02-11 22:09 - 000000000 ____D C:\ProgramData\Origin
      2020-04-12 03:11 - 2019-12-26 03:16 - 000000000 ____D C:\Program Files (x86)\Origin
      2020-04-12 03:11 - 2019-12-26 03:14 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Origin
      2020-04-11 17:11 - 2017-09-10 01:33 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\qBittorrent
      2020-04-08 00:03 - 2018-11-16 15:10 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2020-04-08 00:03 - 2018-11-16 15:10 - 000002181 _____ C:\ProgramData\Desktop\Google Chrome.lnk
      2020-04-08 00:03 - 2017-09-08 13:35 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2020-04-06 03:47 - 2017-09-19 23:12 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\TS3Client
      2020-04-03 11:39 - 2018-01-11 17:53 - 000640612 _____ C:\Windows\system32\perfh002.dat
      2020-04-03 11:39 - 2018-01-11 17:53 - 000114470 _____ C:\Windows\system32\perfc002.dat
      2020-04-03 11:39 - 2009-07-14 08:13 - 001498588 _____ C:\Windows\system32\PerfStringBackup.INI
      2020-04-03 11:39 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
      2020-03-31 00:08 - 2009-07-14 08:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2020-03-30 20:00 - 2019-08-08 04:08 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\NVIDIA
      2020-03-28 04:27 - 2017-09-08 15:54 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\CrashDumps
      2020-03-24 19:05 - 2019-10-04 14:40 - 000002382 _____ C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamLabels.lnk
      2020-03-24 19:02 - 2019-07-31 03:15 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\slobs-client
      2020-03-24 19:01 - 2019-07-31 03:14 - 000000000 ____D C:\Program Files\Streamlabs OBS
      2020-03-21 16:32 - 2018-11-03 19:10 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\DigitalEntitlements
      2020-03-21 02:54 - 2017-09-08 13:35 - 000003434 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
      2020-03-21 02:54 - 2017-09-08 13:35 - 000003306 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
      2020-03-20 21:19 - 2017-09-18 19:14 - 000000000 ____D C:\ProgramData\McAfee
      2020-03-20 17:01 - 2017-12-06 19:25 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\ViberPC
      2020-03-19 14:12 - 2018-07-27 18:56 - 000466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
      2020-03-19 14:12 - 2018-07-27 18:56 - 000444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
      2020-03-19 14:12 - 2018-07-27 18:56 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
      2020-03-19 14:12 - 2018-07-27 18:56 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
      2020-03-19 03:22 - 2018-10-18 17:36 - 000000979 _____ C:\Users\Public\Desktop\PotPlayer 64 bit.lnk
      2020-03-19 03:22 - 2018-10-18 17:36 - 000000979 _____ C:\ProgramData\Desktop\PotPlayer 64 bit.lnk
      2020-03-16 16:07 - 2020-03-11 03:56 - 034369720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
      2020-03-16 16:07 - 2017-09-08 14:02 - 004813752 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
      2020-03-16 13:09 - 2017-09-08 14:02 - 000502672 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
      2020-03-16 13:08 - 2020-03-11 03:56 - 000469904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
      2020-03-14 01:34 - 2017-09-08 13:21 - 000052925 _____ C:\Windows\system32\nvinfo.pb
      2020-03-14 00:04 - 2017-09-08 14:03 - 005580272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 002631480 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 001759032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 000660792 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 000447464 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 000121328 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
      2020-03-14 00:04 - 2017-09-08 14:03 - 000074552 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
      ==================== Files in the root of some directories ========
      2020-02-19 00:22 - 2020-02-19 00:22 - 000000733 _____ () C:\Users\GAMEPC\AppData\Local\recently-used.xbel
      2018-12-17 21:42 - 2018-12-23 19:48 - 000007597 _____ () C:\Users\GAMEPC\AppData\Local\Resmon.ResmonCfg
      2019-08-14 02:36 - 2019-08-14 02:36 - 000000003 _____ () C:\Users\GAMEPC\AppData\Local\updater.log
      2019-08-14 02:36 - 2019-08-14 02:36 - 000000424 _____ () C:\Users\GAMEPC\AppData\Local\UserProducts.xml
      ==================== SigCheck ============================
      (There is no automatic fix for files that do not pass verification.)

      LastRegBack: 2020-04-07 04:13
      ==================== End of FRST.txt ========================
    • от stefanbkanev
      Здравейте, лаптопа ми е нов и със сравнително прилични характеристики, но от няколко дена като го включа и прегрява... Натоварва се изключително много, а нямам включено почти нищо (единствено браузър, скайп и още 1-2 неща дето не би трябвало да натоварват много)...  Най-вероятно съм пипнал някой вирус, ще съм благодарен, ако ми помогнете

      Addition.txt FRST.txt
    • от scorpa
      Добър ден , получих имейл от хакерчето в заглавието в абв пощата ми като в този имейл се указва как е щял да разпространи мои клипове(които не съществуват) и имал достъп до лаптопа ми като упоменава камерата и микрофон. Условието за да приключи всичко това е да направя паричен превод  от 1100 лв в негова  сметка ,която е същата  и в доста други сайтове  . Доколкото четох в  интернет това е scam , но възможността за троянски кон в системата е била голяма.  Изчетох  някои теми и доколкото разбрах за някои системи се действа индивидуално и затова ви моля за помощ  и съдействие.  Благодаря за отделеното внимание ,  ПАЗЕТЕ СЕ !!
  • Дарение

×
×
  • Добави ново...