jelio_jelev Публикувано Октомври 26, 2015 Report Share Публикувано Октомври 26, 2015 Здравейте. Прибирам се днес и сядам на лаптопа да видя туй-онуй и какво да видя. Всички снимки и текстови файлове са с други имена завършващи на powermeter280.jpg.id-1431423117_helpme@freespeechmail и картинката на десктопа е сменена с тази recovery.rar (Архивирах я защото не ми позволява да качвам .bmp файлове)Ето и лога от Malwarebytes: Malwarebytes Anti-Malwarewww.malwarebytes.orgДата на сканиране: 26.10.2015 г.Час на сканиране: 22:16 ч.Дневник: Malwarebytes.txtАдминистратор: ДаВерсия: 2.2.0.1024База от данни за злонамерен софтуер: v2015.10.26.06База от данни за рууткити: v2015.10.23.01Лиценз: БезплатенЗащита от злонамерен софтуер: ЗабраненоЗащита от злонамерени страници: ЗабраненоСамозащита: ЗабраненоОС: Windows 7 Service Pack 1Процесор: x64Файлова система: NTFSПотребител: ЖельоТип сканиране: Сканиране за заплахиРезултат: ЗавършеноСканиране обекти: 360515Изминало време: 38 мин. 1 сек.Памет: РазрешеноНачално стартиране: РазрешеноФайлова система: РазрешеноАрхиви: РазрешеноРууткити: РазрешеноДълбоко сканиране за рууткити: РазрешеноЕвристика: РазрешеноПНП: ПредупредиПНИ: РазрешеноПроцеси: 0(Не бяха открити злонамерени обекти)Модули: 0(Не бяха открити злонамерени обекти)Ключове в системния регистър: 1PUP.Optional.DriverHive, HKLM\SOFTWARE\WOW6432NODE\BSD\DRIVERHIVEENGINE, Не е избрано действие от потребителя, [3c52411a8dfe39fdee85b40cd231966a],Стойности в системния регистър: 2PUP.Optional.DriverHive, HKLM\SOFTWARE\WOW6432NODE\BSD\DRIVERHIVEENGINE|DriverIgnoreList, Не е избрано действие от потребителя, [3c52411a8dfe39fdee85b40cd231966a],PUP.Optional.DriverHive, HKLM\SOFTWARE\WOW6432NODE\BSD\DRIVERHIVEENGINE|DriverUploadList, Не е избрано действие от потребителя, [8a04fe5d25662313ff74dee22dd6da26],Данни в системния регистър: 0(Не бяха открити злонамерени обекти)Папки: 3PUP.Optional.DriverHive, C:\ProgramData\BSD\DriverHive, Не е избрано действие от потребителя, [0985a6b54b405bdbadc53d83af54c838],PUP.Optional.DriverHive, C:\ProgramData\BSD, Не е избрано действие от потребителя, [0985a6b54b405bdbadc53d83af54c838],PUP.Optional.DriverHive, C:\ProgramData\BSD\DriverHiveEngine, Не е избрано действие от потребителя, [0985a6b54b405bdbadc53d83af54c838],Файлове: 7PUP.Optional.DriverHive, C:\ProgramData\BSD\DriverHive\history2.dat, Не е избрано действие от потребителя, [0985a6b54b405bdbadc53d83af54c838],PUP.Optional.DriverHive, C:\ProgramData\BSD\DriverHiveEngine\scandet2.dat, Не е избрано действие от потребителя, [0985a6b54b405bdbadc53d83af54c838],PUP.Optional.DriverHive, C:\ProgramData\BSD\DriverHiveEngine\scansummary2.dat, Не е избрано действие от потребителя, [0985a6b54b405bdbadc53d83af54c838],RiskWare.Keygen, C:\Windows\AutoKMS.exe, Поставен под карантина, [2b63cc8fbdce51e5585d3fed41c0b24e],RiskWare.Tool.CK, C:\Windows\KMSEmulator.exe, Поставен под карантина, [c8c68fcc85068babc455b607eb16bc44],Trojan.Agent.Gen, C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6907.tmp, Поставен под карантина, [2e60d18aa4e740f66a34fd7eb74b4db3],Trojan.FileCryptor.Trace, C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\recovery.bmp, Поставен под карантина, [157988d3b8d3dd59d6c6b9d9ea19b947],Физически сектори: 0(Не бяха открити злонамерени обекти)(end) И от FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-10-2015 02Ran by Жельо (administrator) on JAX-LAPTOP (26-10-2015 23:10:23)Running from C:\Users\Жельо\DesktopLoaded Profiles: Жельо (Available Profiles: Жельо)Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe(Autodata Limited) C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe() C:\ProgramData\DatacardService\HWDeviceService64.exe(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe() C:\ProgramData\MobileBrServ\mbbService.exe(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe() C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\ouc.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe(Microsoft Corporation) C:\Windows\System32\alg.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe(TOSHIBA) C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-04] (NVIDIA Corporation)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)HKLM-x32\...\Run: [unlockerAssistant] => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"HKLM-x32\...\Run: [iR_SERVER] => C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exeHKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-05] (Avast Software s.r.o.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.js <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.js <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTIONHKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.com <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTIONHKLM Group Policy restriction on software: ** <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.com <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: cipher.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.com <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.js <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTIONHKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.com <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.js <====== ATTENTIONHKLM Group Policy restriction on software: syskey.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.js <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTIONHKLM Group Policy restriction on software: bcdedit.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\zhp\zhpcleaner.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\zhp\zhpcleaner.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\zhp\zhpcleaner.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\zhp\zhpcleaner.exe <====== ATTENTIONHKLM\...\Policies\Explorer: [NoAutorun] 2HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\Run: [TOPI.EXE] => C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe [845176 2011-02-18] (TOSHIBA)HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {cdb173f4-4794-11e4-9418-047d7b60ad51} - I:\AutoRun.exeHKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {cdb17402-4794-11e4-9418-047d7b60ad51} - H:\AutoRun.exeHKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-16] (Microsoft Corporation)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-02] (Avast Software s.r.o.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-10-26]ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)BootExecute: autocheck autochk * sdnclean64.exe==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.100.1 192.168.0.1Tcpip\..\Interfaces\{521254B9-7035-4424-A79B-C73FEF009E56}: [DhcpNameServer] 192.168.8.1 192.168.8.1Tcpip\..\Interfaces\{6408F382-43EF-45F8-A183-6E98326494E7}: [NameServer] 212.39.90.42 212.39.90.43Tcpip\..\Interfaces\{A41B8DB8-C9BE-4B37-B8E9-4F4D5D0EDF75}: [DhcpNameServer] 195.175.39.40 195.175.39.39Tcpip\..\Interfaces\{BBA08E84-E9B5-4B8C-8E2B-BE9854F9D071}: [DhcpNameServer] 192.168.8.1 192.168.8.1Tcpip\..\Interfaces\{C1BEB88E-16D3-4CA3-B902-802B99874DED}: [DhcpNameServer] 192.168.8.1 192.168.8.1Tcpip\..\Interfaces\{E53FC36D-0D30-463D-BA69-5934D48886C5}: [NameServer] 8.8.8.8,8.8.4.4Tcpip\..\Interfaces\{E53FC36D-0D30-463D-BA69-5934D48886C5}: [DhcpNameServer] 192.168.100.1 192.168.0.1Internet Explorer:==================HKU\S-1-5-21-678885870-2144746608-4001290835-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-678885870-2144746608-4001290835-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehpBHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-02] (Avast Software s.r.o.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-02] (Avast Software s.r.o.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileDPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: HKLM {CB927D12-4FF7-4A9E-A169-56E4B8A75598} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabDPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: HKLM {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/x64/ractrl.cab?lmi=1007DPF: HKLM-x32 {028C3B99-F9B0-4188-8C2C-D71CA84824D5} hxxp://77.71.2.130:7000/program/SonySncCs1011View.cabDPF: HKLM-x32 {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} hxxps://eu.mydlink.com/8D/activeX//TunnelX.ocxDPF: HKLM-x32 {6E49B4EF-9FE5-44DF-8D04-445AA94F83DB} hxxp://78.130.205.132:9999/program/SonyNetworkCameraViewer.cabDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://95.87.29.5/WebClient.exeDPF: HKLM-x32 {9F1C0B35-8230-4176-8B99-5C2485121A4E} hxxp://85.217.132.132/program/SNCActiveXViewer.cabDPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://cam1.kassabasystems.com:83/codebase/DVM_IPCam2.ocxDPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://rbweb.corpbank.bg/CSWebBankASP/capicom.cabDPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://84.54.135.77/activex/AMC.cabDPF: HKLM-x32 {EDD8DF0B-A160-45DF-A26E-67C390A57B18} hxxp://95.87.29.4:10106/webrec.cabDPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1082FireFox:========FF ProfilePath: C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\agvgq22e.defaultFF Homepage: hxxp://www.homepage.bg/?a=dhpFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll [2014-04-16] ()FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll [2014-04-16] ()FF Plugin-x32: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files\webrec\WEB30\WebPlugin\npmedia.dll [2015-05-16] ()FF Plugin-x32: @DVR/npmedia,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npmedia.dll [2015-01-30] ()FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files\webrec\WEB30\WebPlugin\npTimeGrid.dll [2015-05-16] (Unauthorized copy)FF Plugin-x32: @DVR/npTimeGrid,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npTimeGrid.dll [2015-01-30] (Unauthorized copy)FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]FF Plugin-x32: @google.com/sewebplugin -> C:\Windows\system32\npsewebplugin.dll [No File]FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-10-30] (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-10-30] (NVIDIA Corporation)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\My Program\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-678885870-2144746608-4001290835-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Жельо\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)FF Plugin HKU\S-1-5-21-678885870-2144746608-4001290835-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Жельо\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)FF Plugin HKU\S-1-5-21-678885870-2144746608-4001290835-1000: www.mydlink.com/Uplayer -> C:\Users\Жельо\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll [2015-07-09] (D-LINK CORPORATION)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)FF Extension: BitComet Video Downloader - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\agvgq22e.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2015-10-26] [not signed]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-02] [not signed]Chrome:=======CHR HomePage: Default -> hxxp://www.homepage.bg/CHR Plugin: (Shockwave Flash) - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll => No FileCHR Plugin: (Shockwave Flash) - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => No FileCHR Plugin: (Native Client) - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No FileCHR Plugin: (Chrome PDF Viewer) - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\46.0.2490.80\pdf.dll => No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)CHR Plugin: (Java Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll => No FileCHR Plugin: (Google Update) - C:\Users\Жельо\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No FileCHR Profile: C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (W2MO: Logistics Design, Optimization, WMS, 3D) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\acbokjkdobbboamnnfehlboekicdhcog [2015-03-18]CHR Extension: (Angry Birds) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-16]CHR Extension: (YouTube) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]CHR Extension: (FARMERAMA) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkfdgnfefjmciocbhnffnbpkjpdleca [2015-08-07]CHR Extension: (Google Търсене) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]CHR Extension: (Avast Online Security) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-18]CHR Extension: (Pixorial Photo & Video Sharing) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilbibicalpgnmbjnganinjppjephokai [2014-02-25]CHR Extension: (Happy Farmer by Fupa) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjdmmbgcdeojkmeablmdjkhplahnmii [2012-08-17]CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]CHR Extension: (Gmail) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]CHR Extension: (радио) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaapjbgohfgkalmmjpakodbpomahebn [2012-08-17]CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-02]StartMenuInternet: Google Chrome.MBWLTUWGU5OHAGWKF2LZRQIORY - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\chrome.exe==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)R2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2012-07-17] (Autodata Limited) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-02] (Avast Software s.r.o.)S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-02] (Avast Software)S3 BITCOMET_HELPER_SERVICE; C:\My Program\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [13080 2009-12-26] (Microsoft Corporation)R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [200704 2006-08-11] (InterVideo Inc.) [File not signed]R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-04] (NVIDIA Corporation)R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] ()S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-04] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-04] (NVIDIA Corporation)S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [241400 2015-10-13] (RaMMicHaeL)S2 VIVACOM 3G USB Modem. RunOuc; C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [651856 2013-10-26] ()R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [312184 2010-09-21] ()R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-02] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-02] (Avast Software s.r.o.)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-02] (Avast Software s.r.o.)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-02] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-02] (Avast Software s.r.o.)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-05] (Avast Software s.r.o.)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-02] (Avast Software s.r.o.)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-02] ()S3 CM2593; C:\Windows\System32\DRIVERS\CM2593.sys [12848 2008-09-30] () [File not signed]S3 CM2593; C:\Windows\SysWOW64\DRIVERS\CM2593.sys [10800 2008-09-30] () [File not signed]S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2014-04-30] () [File not signed]S3 GRemoteBus; C:\Windows\System32\DRIVERS\GRemoteBus64.sys [27336 2009-08-05] (GBM Software)S3 GRemoteJoy; C:\Windows\System32\DRIVERS\GRemoteJoy64.sys [46792 2009-08-05] (GBM Software)S3 GWHid; C:\Windows\System32\DRIVERS\GWHid.sys [22576 2008-09-30] (Microsoft Corporation) [File not signed]S3 GWHid; C:\Windows\SysWOW64\DRIVERS\GWHid.sys [18992 2008-09-30] (Microsoft Corporation) [File not signed]S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [121728 2013-10-23] (Huawei Technologies Co., Ltd.)S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [376448 2013-11-01] (Huawei Technologies Co., Ltd.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)S3 MSBDA; C:\Windows\System32\DRIVERS\UTVAD.sys [1410952 2011-07-15] (Gadmei Electronic Technology Corporation)R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-04] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [225256 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek)S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-07-10] () [File not signed]S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-04-11] (DEVGURU Co., LTD.(www.devguru.co.kr))U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-02] (Avast Software)U3 at924iiy; C:\Windows\System32\Drivers\at924iiy.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]S3 WINIO; \??\C:\Users\Жельо\Desktop\Test na sistemata\Test na sistemata\psc_2.071\winio.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-10-26 23:10 - 2015-10-26 23:10 - 00062392 _____ C:\Users\Жельо\Desktop\FRST.txt2015-10-26 23:09 - 2015-10-26 23:09 - 00003049 _____ C:\Users\Жельо\Desktop\Malwarebytes.txt2015-10-26 22:12 - 2015-10-26 23:10 - 00000000 ____D C:\FRST2015-10-26 22:11 - 2015-10-26 22:11 - 02197504 _____ (Farbar) C:\Users\Жельо\Desktop\FRST64.exe2015-10-26 22:07 - 2015-10-26 21:47 - 00401934 _____ C:\Users\Жельо\Desktop\recovery.bmp2015-10-26 22:05 - 2015-10-26 22:05 - 00016384 _____ C:\Users\Жельо\AppData\Roaming\CryptoPrevent_Test_Module.exe2015-10-26 21:47 - 2015-10-26 21:47 - 00401934 _____ C:\Users\Жельо\AppData\Roaming\recovery.bmp2015-10-26 17:26 - 2015-10-26 21:14 - 01267232 _____ C:\Users\Жельо\Desktop\2015-10-26 15.22.05.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 17:26 - 2015-10-26 21:14 - 01175603 _____ C:\Users\Жельо\Desktop\2015-10-26 15.15.49.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 17:26 - 2015-10-26 21:14 - 01172987 _____ C:\Users\Жельо\Desktop\2015-10-26 17.22.51.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 15:42 - 2015-10-26 21:14 - 49622453 _____ C:\Users\Жельо\Desktop\complete.pdf.id-1431423117_helpme@freespeechmail.org2015-10-23 12:52 - 2015-10-23 13:23 - 00000000 ____D C:\Program Files (x86)\Traccar2015-10-23 12:51 - 2015-10-23 12:51 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll2015-10-22 20:08 - 2015-10-22 20:08 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GPS Tracker2015-10-22 20:08 - 2015-10-22 20:08 - 00000000 ____D C:\Program Files (x86)\GPS Tracker2015-10-10 09:54 - 2015-10-26 21:14 - 48105315 _____ C:\Users\Жельо\Desktop\d97ddb2041r0be922d41.mp4.id-1431423117_helpme@freespeechmail.org2015-10-09 13:58 - 2015-10-26 21:14 - 00343729 _____ C:\Users\Жельо\Desktop\DSP-W215_REVA_DATASHEET_1.00_EN_US.pdf.id-1431423117_helpme@freespeechmail.org2015-10-08 07:37 - 2015-10-26 22:05 - 00009501 _____ C:\Windows\AutoKMS.log2015-10-07 12:40 - 2015-10-26 21:15 - 00064516 _____ C:\Users\Жельо\Desktop\НОЕМВРИ 1 2015.xls.id-1431423117_helpme@freespeechmail.org2015-10-07 12:39 - 2015-10-26 23:00 - 00000202 _____ C:\Windows\Tasks\AutoKMSDaily.job2015-10-07 12:39 - 2015-10-26 23:00 - 00000200 _____ C:\Windows\Tasks\AutoKMS.job2015-10-07 12:39 - 2015-10-26 22:05 - 00002740 _____ C:\Windows\System32\Tasks\AutoKMSDaily2015-10-07 12:39 - 2015-10-07 12:39 - 00002432 _____ C:\Windows\System32\Tasks\AutoKMS2015-10-07 12:39 - 2015-10-07 12:39 - 00000184 _____ C:\Windows\AutoKMS.ini2015-10-07 11:48 - 2015-10-26 21:15 - 00067588 _____ C:\Users\Жельо\Desktop\НОЕМВРИ 2015.xls.id-1431423117_helpme@freespeechmail.org2015-10-07 11:48 - 2015-10-26 21:15 - 00064516 _____ C:\Users\Жельо\Desktop\ОКТОМВРИ 2015.xls.id-1431423117_helpme@freespeechmail.org2015-10-05 12:07 - 2015-10-26 21:14 - 00008404 _____ C:\Users\Жельо\Desktop\45760977_taurus-my-bread.jpg.id-1431423117_helpme@freespeechmail.org2015-10-05 08:39 - 2015-10-26 21:15 - 23575909 _____ C:\Users\Жельо\Desktop\WWW.DOWNVIDS.NET-Декупаж для начинающих, техника декупаж.mp4.id-1431423117_helpme@freespeechmail.org2015-10-05 08:37 - 2015-10-26 21:15 - 30338387 _____ C:\Users\Жельо\Desktop\WWW.DOWNVIDS.NET-Лесна Оригами Панделка Рнструкция.mp4.id-1431423117_helpme@freespeechmail.org2015-10-05 08:36 - 2015-10-26 21:14 - 05599487 _____ C:\Users\Жельо\Desktop\11387582_873338832720180_1363359264_n.mp4.id-1431423117_helpme@freespeechmail.org2015-10-05 07:56 - 2015-10-26 21:14 - 00065428 _____ C:\Users\Жельо\Desktop\12144944_843241179122493_2699129129780439143_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-02 18:03 - 2015-10-02 18:03 - 00708660 _____ C:\Users\Жельо\Desktop\Завеждане на щета онлайн 24ins_bg.mht2015-10-01 13:52 - 2015-10-26 22:01 - 00000454 __RSH C:\ProgramData\ntuser.pol2015-10-01 13:52 - 2015-10-01 13:52 - 00053248 _____ C:\Windows\SysWOW64\zlib.dll2015-10-01 13:52 - 2015-10-01 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT2015-10-01 13:52 - 2015-10-01 13:52 - 00000000 ____D C:\ProgramData\Foolish IT2015-10-01 13:52 - 2015-10-01 13:52 - 00000000 ____D C:\Program Files (x86)\Foolish IT2015-10-01 13:49 - 2015-10-01 13:50 - 00000755 _____ C:\DelFix.txt.id-1431423117_helpme@freespeechmail.org2015-10-01 13:47 - 2015-10-01 13:47 - 00000000 ____D C:\ProgramData\Unchecky2015-10-01 13:47 - 2015-10-01 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky2015-10-01 13:47 - 2015-10-01 13:47 - 00000000 ____D C:\Program Files (x86)\Unchecky2015-10-01 13:31 - 2015-10-01 13:31 - 00001029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk2015-10-01 13:31 - 2015-10-01 13:31 - 00000000 ____D C:\Users\Жельо\AppData\Local\Secunia PSI2015-10-01 13:30 - 2015-10-01 13:30 - 00000000 ____D C:\Program Files (x86)\Secunia2015-09-28 22:03 - 2015-09-28 22:04 - 00000000 ____D C:\EEK2015-09-28 21:49 - 2015-09-28 22:01 - 00000000 ____D C:\ProgramData\HitmanPro2015-09-27 09:53 - 2015-10-26 21:14 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\ZHP2015-09-26 21:50 - 2015-09-26 21:50 - 00000000 ____D C:\SFCFix==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-10-26 23:09 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-10-26 23:09 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-10-26 23:07 - 2014-12-06 18:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-10-26 23:05 - 2012-07-10 12:44 - 01785717 _____ C:\Windows\WindowsUpdate.log2015-10-26 23:02 - 2012-08-23 16:41 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update2015-10-26 23:01 - 2012-08-21 11:46 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics2015-10-26 23:01 - 2009-07-14 06:51 - 00069118 _____ C:\Windows\setupact.log2015-10-26 23:00 - 2013-08-09 18:15 - 00065536 _____ C:\Windows\system32\Ikeext.etl2015-10-26 23:00 - 2013-04-28 17:02 - 00000686 ____H C:\Windows\Tasks\{F78FF1FF-7F8C-40BF-956E-099D61E0547F}.job2015-10-26 23:00 - 2012-07-10 12:59 - 00000000 ____D C:\ProgramData\NVIDIA2015-10-26 23:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-10-26 22:59 - 2012-07-10 16:13 - 00509992 _____ C:\Windows\PFRO.log2015-10-26 22:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\IME2015-10-26 22:28 - 2012-08-17 07:39 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-678885870-2144746608-4001290835-1000UA.job2015-10-26 22:14 - 2014-12-06 18:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-10-26 22:11 - 2009-07-14 07:13 - 00796930 _____ C:\Windows\system32\PerfStringBackup.INI2015-10-26 22:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing2015-10-26 21:58 - 2012-07-10 14:16 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\TOSHIBA Online Product Information2015-10-26 21:43 - 2013-04-08 11:54 - 01878020 _____ C:\Drive Gamepad Corsair.iso.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2015-07-31 16:50 - 00000000 ____D C:\ProgramData\Home Media Server2015-10-26 21:20 - 2014-09-29 13:13 - 00000000 ____D C:\ProgramData\DatacardService2015-10-26 21:20 - 2014-08-19 11:02 - 10057732 _____ C:\Users\Жельо\Documents\Shinyek.com_20140819_120246.avi.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2014-08-16 19:18 - 00053338 _____ C:\Users\Жельо\Downloads\1978664_814568958574694_2136114907737541147_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2014-08-09 16:39 - 35673092 _____ C:\Users\Жельо\Documents\Shinyek.com_20140809_173924.avi.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2014-08-09 14:55 - 29987844 _____ C:\Users\Жельо\Documents\Shinyek.com_20140809_155535.avi.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-12-23 21:47 - 00000000 ____D C:\Users\Жельо\Documents\Файлове на Outlook2015-10-26 21:20 - 2013-10-26 20:03 - 00026116 _____ C:\Users\Жельо\Downloads\Zadaca_Genka.doc.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-08-29 21:13 - 00057213 _____ C:\Users\Жельо\Downloads\1000393_540182566018498_411413383_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-08-05 20:10 - 00100842 _____ C:\Users\Жельо\Downloads\970476_187009254808738_412620130_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-06-06 17:45 - 00097232 _____ C:\Users\Жельо\Downloads\945078_10152804088520054_406764555_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-06-06 17:43 - 00000000 ____D C:\Users\Жельо\Downloads\(2) Facebook_files2015-10-26 21:20 - 2013-06-06 17:32 - 00134818 _____ C:\Users\Жельо\Downloads\264531_10152851727670054_1987382369_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-06-06 17:21 - 00075690 _____ C:\Users\Жельо\Downloads\601942_10152905450015054_1452536488_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-05-22 21:16 - 00024948 _____ C:\Users\Жельо\Downloads\969768_367118476733347_1879884072_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-05-21 14:18 - 00080665 _____ C:\Users\Жельо\Downloads\47972_640260875987866_284246366_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-04-15 21:27 - 00028980 _____ C:\Users\Жельо\Downloads\529236_488111517923385_917255643_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-04-09 21:55 - 00107475 _____ C:\Users\Жельо\Downloads\28180_568426666522129_680828922_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-04-03 13:13 - 00151541 _____ C:\Users\Жельо\Downloads\20911_507559255947496_1851089258_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-04-03 12:47 - 00100370 _____ C:\Users\Жельо\Downloads\576380_210473035756381_417519601_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-04-03 12:46 - 00070257 _____ C:\Users\Жельо\Downloads\397679_212150595588625_2023657086_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-03-11 10:08 - 00104729 _____ C:\Users\Жельо\Downloads\582442_555954764428496_1552000269_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-03-10 21:09 - 00096033 _____ C:\Users\Жельо\Downloads\734402_576864342338415_1208552921_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-03-08 21:49 - 00071461 _____ C:\Users\Жельо\Downloads\431106_10150601345356932_2105304855_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-03-04 11:43 - 00096371 _____ C:\Users\Жельо\Downloads\537636_498080160228211_2144130645_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-03-02 18:01 - 00052564 _____ C:\Users\Жельо\Downloads\522759_340900102676628_1003475426_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-02-27 22:04 - 00068292 _____ C:\Users\Жельо\Downloads\544425_485568728146566_1343531914_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-02-27 14:51 - 00160118 _____ C:\Users\Жельо\Downloads\11019_4377585923653_1022236283_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-02-21 17:02 - 00070021 _____ C:\Users\Жельо\Downloads\Adhoc_C03_BG.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-01-23 23:20 - 00068905 _____ C:\Users\Жельо\Downloads\59623_240574779405635_761545342_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-01-16 19:42 - 00066084 _____ C:\Users\Жельо\Downloads\75028_455612271165693_184100950_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-01-16 19:38 - 00045463 _____ C:\Users\Жельо\Downloads\602691_455613547832232_87005173_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-01-16 19:34 - 00106368 _____ C:\Users\Жельо\Downloads\184451_455614161165504_77676019_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2013-01-16 19:34 - 00075498 _____ C:\Users\Жельо\Downloads\580453_455614254498828_1409363729_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2012-12-29 09:59 - 00059047 _____ C:\Users\Жельо\Downloads\199780_443182352413723_1092760575_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:20 - 2012-09-16 18:36 - 00000000 ____D C:\Users\Жельо\Documents\The KMPlayer2015-10-26 21:20 - 2012-07-10 18:39 - 00000020 _____ C:\Users\Жельо\Downloads\Microsoft Office Professional Edition 2003 MUI-BG only.rar.id-1431423117_helpme@freespeechmail.org2015-10-26 21:18 - 2015-07-21 13:34 - 00000000 ____D C:\Users\Жельо\Documents\HMS.2_012015-10-26 21:18 - 2014-12-17 15:12 - 10798482 _____ C:\Users\Жельо\Documents\FarmingSimulator2015.rar.id-1431423117_helpme@freespeechmail.org2015-10-26 21:18 - 2012-10-22 10:38 - 00000000 ____D C:\Users\Жельо\Documents\Euro Truck Simulator 22015-10-26 21:18 - 2012-07-29 12:40 - 00000000 ____D C:\Users\Жельо\Documents\My Games2015-10-26 21:18 - 2012-07-10 13:22 - 00000000 ____D C:\Users\Жельо\Documents\Bluetooth2015-10-26 21:15 - 2015-09-06 15:10 - 00040807 _____ C:\Users\Жельо\Desktop\Statements.zip.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2015-08-19 13:59 - 12227038 _____ C:\Users\Жельо\Desktop\Rykovodstvo chast 1.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2015-08-19 13:28 - 02656179 _____ C:\Users\Жельо\Desktop\naredba3.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2015-08-13 12:55 - 00064516 _____ C:\Users\Жельо\Desktop\АВГУСТ 2015.xls.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2015-08-07 10:09 - 00016516 _____ C:\Users\Жельо\Desktop\powermeter280.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2015-07-18 09:20 - 00000052 _____ C:\Users\Жельо\Desktop\Вар.txt.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2015-06-15 16:24 - 00000000 ____D C:\Users\Жельо\Desktop\Бг Снимки2015-10-26 21:15 - 2015-05-20 19:48 - 07921289 _____ C:\Users\Жельо\Desktop\STBs_System Setup.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2015-05-11 19:16 - 00000000 ____D C:\Users\Жельо\Desktop\Екскурзия2015-10-26 21:15 - 2015-03-30 08:11 - 00000000 ____D C:\Users\Жельо\Desktop\Стари снимки-Раднево2015-10-26 21:15 - 2015-03-20 07:30 - 00000000 ____D C:\Users\Жельо\Desktop\БЕЛЕЖКИ2015-10-26 21:15 - 2015-02-09 22:06 - 00000000 ____D C:\Users\Жельо\Desktop\razni2015-10-26 21:15 - 2015-02-09 20:27 - 00028260 _____ C:\Users\Жельо\Desktop\imga305c17f85b99588ce35cb4e9cd6134f.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2015-02-08 21:10 - 00030025 _____ C:\Users\Жельо\Desktop\img26c2cea56d0bc574a2215095b727b56e.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2015-01-10 18:21 - 00000000 ____D C:\Users\Жельо\Desktop\METRO2015-10-26 21:15 - 2015-01-08 21:03 - 00000000 ____D C:\Users\Жельо\Desktop\Животни с махмурлук2015-10-26 21:15 - 2014-12-01 20:36 - 00000000 ____D C:\Users\Жельо\Desktop\pletkite na maika2015-10-26 21:15 - 2014-11-17 15:02 - 00024580 _____ C:\Users\Жельо\Desktop\ТВ Програми.doc.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2014-11-03 15:10 - 00116228 _____ C:\Users\Жельо\Desktop\Naredba-01-2014-protokol.doc.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2014-09-11 07:13 - 00032260 _____ C:\Users\Жельо\Desktop\етикети.doc.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2014-09-11 06:27 - 00015108 _____ C:\Users\Жельо\Desktop\Нов Документ на Microsoft Word.docx.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2014-08-03 18:19 - 00082985 _____ C:\Users\Жельо\Desktop\Юли 2014.xls.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2014-07-22 15:15 - 02746864 _____ C:\Users\Жельо\Desktop\Пролетна емоция 480p.mp3.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2014-07-22 11:40 - 00919556 _____ C:\Users\Жельо\Desktop\UPS600L_User_manual-ivg-sinio.doc.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2014-07-19 13:35 - 00105127 _____ C:\Users\Жельо\Desktop\Юни 2014.xls.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2013-12-15 22:13 - 00014340 ___SH C:\Users\Жельо\Desktop\Thumbs.db.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2013-12-01 11:46 - 00000180 ____H C:\Users\Жельо\Desktop\~$се лист.doc.id-1431423117_helpme@freespeechmail.org2015-10-26 21:15 - 2012-07-10 16:50 - 00000000 ___RD C:\Users\Жельо\Desktop\OPTIONS2015-10-26 21:14 - 2015-09-24 09:32 - 00573485 _____ C:\Users\Жельо\Desktop\379131-an-01-ml-X4_TECH_7Zoll_TFT_MONITOR_de_en.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-09-24 09:25 - 00181771 _____ C:\Users\Жельо\Desktop\379131-an-01-nl-kleurenmonitor_X4_TECH.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-09-12 14:01 - 00245808 _____ C:\Users\Жельо\Desktop\15598215001_20150908_1190143446.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-08-19 22:19 - 00205151 _____ C:\Users\Жельо\Desktop\1024px-Muzeum_Polskiej_Techniki_Wojskowej.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-08-19 14:00 - 01712170 _____ C:\Users\Жельо\Desktop\ES_CHAPTER_G_BG.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-08-19 13:58 - 00410388 _____ C:\Users\Жельо\Desktop\bakalavar_uch-vaprosi_17-32_rev.26.02.10.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-08-19 13:32 - 00988417 _____ C:\Users\Жельо\Desktop\file_31_bg.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-08-18 08:57 - 00074420 _____ C:\Users\Жельо\Desktop\FIB_BG10FINV915010BGN05SM0_01_07_2015-31_07_2015.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-08-18 08:56 - 00063681 _____ C:\Users\Жельо\Desktop\FIB_BG10FINV915010BGN05SM0_22072015-22072015.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-08-12 19:42 - 00250386 _____ C:\Users\Жельо\Desktop\15598215001_20150808_1188308123.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-08-09 20:43 - 00069546 _____ C:\Users\Жельо\Desktop\11826001_944975695561197_5663055655366077629_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-08-04 12:31 - 00135127 _____ C:\Users\Жельо\Desktop\317200371.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-08-03 20:15 - 01345442 _____ C:\Users\Жельо\Desktop\fuji-electric_fujitsu_rsa07lgc_rsa09lgc_rsa12lgc.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-07-22 13:34 - 01093140 _____ C:\Users\Жельо\Desktop\28596_1.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-07-21 12:42 - 01447877 _____ C:\Users\Жельо\Desktop\23389_1524.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-07-21 12:23 - 04273320 _____ C:\Users\Жельо\Desktop\Goclever_Cineo_100.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-05-15 16:15 - 00023940 _____ C:\Users\Жельо\Desktop\20022_10152857369049562_7545979365560403622_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-05-11 15:51 - 00133269 _____ C:\Users\Жельо\Desktop\CS8P-RRCP-Bg.pdf.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-04-18 22:21 - 00056662 _____ C:\Users\Жельо\Desktop\11103943_956376487726091_2024356767_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-04-18 08:14 - 00056630 _____ C:\Users\Жельо\Desktop\143.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-04-07 08:10 - 00097193 _____ C:\Users\Жельо\Desktop\11138521_1080050578678334_4401811882120231237_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-03-27 18:44 - 04958724 _____ C:\Users\Жельо\Desktop\cenova lista ganchev.xls.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-03-19 09:43 - 00507880 _____ C:\Users\Жельо\Desktop\DVR 5116C.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-03-19 08:57 - 00042234 _____ C:\Users\Жельо\Desktop\cid___1foxmail.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-03-19 07:52 - 00053774 _____ C:\Users\Жельо\Desktop\026236782.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-03-19 07:52 - 00051887 _____ C:\Users\Жельо\Desktop\026236779.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-03-19 07:52 - 00045086 _____ C:\Users\Жельо\Desktop\026236780.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-03-13 14:25 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\ViberPC2015-10-26 21:14 - 2015-03-13 14:25 - 00000000 ____D C:\Users\Жельо\AppData\Local\Viber2015-10-26 21:14 - 2015-03-05 08:58 - 00313860 _____ C:\Users\Жельо\Desktop\DNS-HOWTO-BG.doc.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2015-01-25 14:19 - 00104605 _____ C:\Users\Жельо\Desktop\960284_10155184894970381_7675235045610530839_n.jpg.id-1431423117_helpme@freespeechmail.org2015-10-26 21:14 - 2014-11-15 12:51 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\HSAR2015-10-26 21:14 - 2014-06-23 18:26 - 00000000 ____D C:\Users\Жельо\AppData\Local\SteelBytes2015-10-26 21:14 - 2013-08-25 15:02 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\FileZilla2015-10-26 21:14 - 2012-08-11 16:55 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\Samsung2015-10-26 21:14 - 2012-08-05 08:41 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\TeamViewer2015-10-26 21:14 - 2012-07-30 10:21 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\FarmingSimulator20082015-10-26 21:14 - 2012-07-10 20:17 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\Skype2015-10-26 21:14 - 2012-07-10 15:57 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\DAEMON Tools Lite2015-10-26 21:14 - 2012-07-10 15:55 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\Winamp2015-10-26 21:14 - 2012-07-10 15:14 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\BitComet2015-10-26 21:14 - 2012-07-10 12:49 - 00000000 ____D C:\Users\Жельо\AppData\Local\VirtualStore2015-10-26 21:13 - 2015-09-25 20:25 - 03409199 ____H C:\Users\Жельо\AppData\Local\IconCache.db.id-1431423117_helpme@freespeechmail.org2015-10-26 15:28 - 2012-08-17 07:39 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-678885870-2144746608-4001290835-1000Core.job2015-10-25 09:30 - 2012-08-17 07:40 - 00002364 _____ C:\Users\Жельо\Desktop\Google Chrome.lnk2015-10-23 12:52 - 2015-08-27 22:21 - 00000000 ____D C:\Users\Жельо\.oracle_jre_usage2015-10-23 12:51 - 2014-04-16 18:00 - 00000000 ____D C:\Program Files\Java2015-10-23 12:51 - 2013-10-20 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2015-10-23 11:04 - 2013-10-20 15:55 - 00000000 ____D C:\ProgramData\Oracle2015-10-23 11:03 - 2013-07-13 14:52 - 00000000 ____D C:\Program Files (x86)\Java2015-10-22 11:33 - 2012-07-17 10:26 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\vlc2015-10-10 11:44 - 2012-07-17 16:18 - 00007596 _____ C:\Users\Жельо\AppData\Local\Resmon.ResmonCfg2015-10-10 11:26 - 2009-07-14 07:08 - 00032536 _____ C:\Windows\Tasks\SCHEDLGU.TXT2015-10-07 12:34 - 2012-07-10 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint2015-10-07 12:34 - 2012-07-10 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office2015-10-07 12:34 - 2012-07-10 19:06 - 00000000 ____D C:\ProgramData\Microsoft Help2015-10-05 09:50 - 2014-12-06 18:27 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys2015-10-05 09:50 - 2014-12-06 18:27 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-10-05 09:50 - 2012-08-22 19:07 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys2015-10-03 06:52 - 2009-07-14 09:46 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents2015-09-27 09:38 - 2012-07-10 12:49 - 00000000 ____D C:\Users\Жельо2015-09-26 22:21 - 2015-09-24 15:08 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\Windows Photo Viewer2015-09-26 21:53 - 2015-09-24 15:11 - 00000000 ____D C:\Users\Жельо\AppData\LocalLow\BitComet==================== Files in the root of some directories =======2013-09-01 09:52 - 2013-09-01 09:52 - 0039523 _____ () C:\Program Files (x86)\CMS Setup Log.txt2012-05-04 09:04 - 2012-05-04 09:04 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll2013-09-30 13:38 - 2013-09-30 13:38 - 0000053 _____ () C:\Users\Жельо\AppData\Roaming\Battery Meter_Data.ini2015-10-26 22:05 - 2015-10-26 22:05 - 0016384 _____ () C:\Users\Жельо\AppData\Roaming\CryptoPrevent_Test_Module.exe2012-07-17 10:20 - 2014-12-07 07:09 - 0000180 _____ () C:\Users\Жельо\AppData\Roaming\default.rss2013-08-06 17:10 - 2013-08-06 19:48 - 0000018 _____ () C:\Users\Жельо\AppData\Roaming\Network Meter_Usage.ini2015-10-26 21:47 - 2015-10-26 21:47 - 0401934 _____ () C:\Users\Жельо\AppData\Roaming\recovery.bmp2012-08-22 11:27 - 2012-10-16 13:49 - 0005120 _____ () C:\Users\Жельо\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-02-10 21:27 - 2014-02-10 21:27 - 0000093 _____ () C:\Users\Жельо\AppData\Local\fusioncache.dat2015-03-26 13:56 - 2015-03-26 13:56 - 0000054 _____ () C:\Users\Жельо\AppData\Local\oPlayer.ini2012-07-17 16:18 - 2015-10-10 11:44 - 0007596 _____ () C:\Users\Жельо\AppData\Local\Resmon.ResmonCfg2012-06-21 11:04 - 2012-06-21 17:07 - 0055545 _____ () C:\ProgramData\Cutevideoconverter.ini2012-06-21 11:04 - 2011-07-23 12:24 - 0111450 _____ () C:\ProgramData\Cutevideoformat.iniFiles to move or delete:====================C:\Users\Жельо\Network_Meter_Data.jsC:\Windows\Tasks\{F78FF1FF-7F8C-40BF-956E-099D61E0547F}.jobSome files in TEMP:====================C:\Users\Жельо\AppData\Local\Temp\jre-8u65-windows-au.exeC:\Users\Жельо\AppData\Local\Temp\SkypeSetup.exeC:\Users\Жельо\AppData\Local\Temp\sqlite3.dllC:\Users\Жельо\AppData\Local\Temp\{DC3891D6-BC1E-4763-8197-1AEC6CFC7FEA}-46.0.2490.71_45.0.2454.101_chrome_updater.exe==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedATTENTION: ==> Could not access BCD.LastRegBack: 2015-10-21 08:43==================== End of FRST.txt ============================ Addition.txt Цитирай Link to comment Сподели другаде More sharing options...
B-boy/StyLe/ Публикувано Октомври 27, 2015 Report Share Публикувано Октомври 27, 2015 Този път нищо не може да се направи. Заразите, дори и да ги изчистим (а аз такива не видях и обикновено няма такива след този вид вредители, защото след свършване на своята работа се само-изтриват) то криптираните файлове ще си останат такива. Специално за този вариант няма декриптор и скоро не се очаква да има такъв. Можете да пробвате следните неща: 1. С програми от сорта на Recuva, Photorec (testdisk), ShadowExplorer да проверите дали не можете да намерите чисти копия на оригиналните си файлове (или поне предишни техни, но работещи версии)... 2. Нещо което не препоръчвам е да си заплатите на злосторниците за декриптор (но обикновено той се равнява на 750 долара или 3 биткойна) и пак няма гаранция, че ще работи декриптора, който ще ви пратят. 3. Просто пиете една студена вода и забравяте за файловете си. Интересно на каква степен на защита е бил поставен CryptoPrevent при вас, защото гледам не се е справил със заплахата? Това донякъде е и очаквано, защото за новите криптиращи гадини се изисква допълнителна защита като Malwarebytes Anti-Exploit (или HitmanPro.Alert или EMET), програми за защита на определени папки като Comodo Internet Security (с опцията си Protected Files and Folders) или Panda (с опцията си в платената версия - DataShield). Подобна защита има и в безплатната 360 Total Security (в лицето на Data Hijacking Protection), минаване на UAC на най-високото ниво на защита, евентуално използването на Default-Deny или Anti-executable програми като VoodooShield, SecureAPlus, Appguard или използване на вградените в Windows средства като Secure Restriction Policies, Applocker и Limited User Account...Но вече е късно за тях. Аз лично не ги споменавам често, защото пък те са леко неудобни за фирмени или служебни системи...за домашни стават, но за работни системи ще отклоняват вниманието на служителя в друга насока от основната му дейност поне докато програмите не бъдат нагодени до неговите нужди (а затова се изисква период на обучаване на програмите и на персонала). Поздрави! Цитирай Link to comment Сподели другаде More sharing options...
jelio_jelev Публикувано Октомври 27, 2015 Author Report Share Публикувано Октомври 27, 2015 И 5 долара да искат пак няма да им ги дам. Имам снимка която обаче е на същия хард, но е на скрит дял. Дали файловете там са засегнати. Бих ли могъл да го възстановя от нея, като форматирам преди това всичко, или ще се наложи нова инсталация? Цитирай Link to comment Сподели другаде More sharing options...
B-boy/StyLe/ Публикувано Октомври 27, 2015 Report Share Публикувано Октомври 27, 2015 По принцип този вид зараза търси за мапнати дискове и споделени мрежови ресурси, успява да зарази и външни дискове (ако са вързани към компютъра в момента), както и успява да криптира файловете, които са на други дялове в една система, но щом дяла е скрит има голяма вероятност да не е засегнат. Още повече, че Image-a се води файл с някакво разширение обикновено и ако това разширение не е сред разширенията, които бацила търси и криптира може да е минал между капките и снимката да е непокътната и съответно и файловете в нея също би трябвало да са такива. Да, според мен можете да пробвате да възстановите image-a за да видите дали всичко ще си е постарому. Нова инсталация винаги може да направите, но нека да е като краен вариант в случай, че нищо друго не сработи. Предполагам обаче, че снимката е само за дял C:\? Ако да, тогава ако имате криптирани файлове на другите дялове тях просто ще се наложи да ги изтриете (ако опцията за System Restore не е била пусната и за останалите дялове - нещо в което се съмнявам). Ако все пак опцията е била пусната да защитава всички дялове то първо проверете за читави копия на файловете си на другите дялове и чак тогава върнете Image-a за да възстановите функционалността на дял C:\ защото след едно връщане на снимката и всички точки на възстановяване ще бъдат изтрити за всички дялове. Поздрави и успех! Цитирай Link to comment Сподели другаде More sharing options...
jelio_jelev Публикувано Октомври 28, 2015 Author Report Share Публикувано Октомври 28, 2015 Еиииии братушките са голяма работа. В опитите си да възстановя криптираните файлове попаднах на един декриптор на касперски. Коментарите по негов адрес бяха по-скоро негативни, но аз все пак имах търпението да го изчакам цял ден да смята там нещо си, но накрая откри алгоритъма. Още 10 часа за възстановяване на файловете и сега на харда всичко е наред. Сега го пуснах и на външния диск, че направих голямата глупост да включа и него, да видим как ще се справи и там. И тъй като въпросния декриптор е безплатен мисля, че няма да е против правилата да го споделя с останалите. Може и на някой друг да помогне. Но незнам сега какви мерки да предприема за избягване на подобен проблем, че другия път може да нямам такъв късмет.rakhnidecryptor.rar Цитирай Link to comment Сподели другаде More sharing options...
B-boy/StyLe/ Публикувано Октомври 28, 2015 Report Share Публикувано Октомври 28, 2015 Интересно. От екипа на чуждестранните експерти смятат, че има връзка между decode@india.com бацила с вашия (и изобщо с всички варианти в които се срещат @ в името), но просто не бяха сигурни и затова не ви го предложих. Иначе мненията в сайтовете като MajorGeeks, Softpedia и подобни може да не са много положителни за инструмента, но според доста потребители, където се дискутираше стария вариант на заразата (този с decode@india.com) именно този инструмент е помогнал на някои от потребителите там (но не на всички). Явно сте имали късмет. Ще го предложа тогава и на останалите потребители, които имат подобен вариант, но не баш този като вашия (но пак има @ в името). Така че благодаря за обратната връзка. Все пак бих искал да публикувате лог файла от инструмента, а не самия инструмент ако е възможно. Той инструмента така или иначе е безплатен и го има навсякъде. Поздрави и лека вечер! Цитирай Link to comment Сподели другаде More sharing options...
ozzy Публикувано Октомври 29, 2015 Report Share Публикувано Октомври 29, 2015 Но незнам сега какви мерки да предприема за избягване на подобен проблем, че другия път може да нямам такъв късмет. Мерките са да си сложиш читава антивирусна програма за резидентна защита. ESET Nod32 Antivirus хваща криптиращите вируси със сигурност.Нито една фри версия на аваст, авира, авг, или секюрити есеншълс не върши работа, а точно тях повечето потребители си слагат! Цитирай Link to comment Сподели другаде More sharing options...
B-boy/StyLe/ Публикувано Октомври 29, 2015 Report Share Публикувано Октомври 29, 2015 Антивирусна дори с HIPS като този на ESET не е достатъчно. Мерките съм ги споделил в пост 2. Цитирай Link to comment Сподели другаде More sharing options...
jelio_jelev Публикувано Октомври 29, 2015 Author Report Share Публикувано Октомври 29, 2015 Ето лога. RakhniDecryptor.1.14.0.0_27.10.2015_19.57.35_log.rar Цитирай Link to comment Сподели другаде More sharing options...
B-boy/StyLe/ Публикувано Октомври 29, 2015 Report Share Публикувано Октомври 29, 2015 Супер. А инструмента успя ли да се справи и с криптираните файлове на външния диск? Цитирай Link to comment Сподели другаде More sharing options...
jelio_jelev Публикувано Октомври 29, 2015 Author Report Share Публикувано Октомври 29, 2015 С него не се справи толкова добре. Незнам поради каква причина свърши свободното място на диска. Може и заради това да не се е справил. Сега освободих малко място и го пуснах пак да видим какво ще стане. Цитирай Link to comment Сподели другаде More sharing options...
jelio_jelev Публикувано Октомври 30, 2015 Author Report Share Публикувано Октомври 30, 2015 От втория път стана с изключение на няколко .xml файла всичко е наред. Цитирай Link to comment Сподели другаде More sharing options...
B-boy/StyLe/ Публикувано Октомври 30, 2015 Report Share Публикувано Октомври 30, 2015 Супер....на друга система с този проблем инструмента намери паролата за декриптиране, но не е успял да ги дектриптира....(поне тези по мрежата). Затова предложих на потребителя да си провери свободното място и да стартира инструмента директно от засегнатата система, а не по мрежата. Все пак ще говоря и с авторите на инструмента от Касперски дали не могат да добавят повече ключове за този нов вариант...ще им пратя и вашия лог, където действието е било успешно и неговия, където не е било и да видим какво ще стане. Ще им правя и неговия вариант на криптирания файл. Иначе днес от Касперски са пуснали декриптор с над 14 000 ключа за CoinVault и BitCrypt вариантите... Цитирай Link to comment Сподели другаде More sharing options...
jelio_jelev Публикувано Октомври 31, 2015 Author Report Share Публикувано Октомври 31, 2015 И аз имам един криптиран файл. Това е един .pdf, който бях преименувал като махнах тяхното окончание с надеждата, че ще се отвори ама уви. И вероятно след като съм го преименувал инструмента го е подминал, защото сега пак не се отваря, но мога да му върна старото окончание и да ти го пратя, ако ще е от полза. Цитирай Link to comment Сподели другаде More sharing options...
peter69pl Публикувано Ноември 2, 2015 Report Share Публикувано Ноември 2, 2015 Искам да ползвам темата поради някои съмнения.-Професионална защита даже от експлойт.-Вирусът,предполагам е от Гугъл и не е смешно.Защо смятам,че въпреки тоталната защита нещо е влязло.--ъпдейта на Супера стана бавен.--Смотаните програми направо ми блокираха системата и трябваше възстановяване.Трябва да Ви кажа,че съм бос по темата...това е първи пробивза 4 години--Сега ще възстановя системата...нещо,което експерт-боклуци не препоръчватНещо много важно...то връща вирус,но и чисти....МОЯТ ПРОБЛЕМ РЕШЕН...( Avast VIP e проблема) Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.