Пак проблем с вирус

[jelio_jelev]

Здравейте. Прибирам се днес и сядам на лаптопа да видя туй-онуй и какво да видя. Всички снимки и текстови файлове са с други имена завършващи на powermeter280.jpg.id-1431423117_helpme@freespeechmail и картинката на десктопа е сменена с тази recovery.rar (Архивирах я защото не ми позволява да качвам .bmp файлове)

Ето и лога от Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Дата на сканиране: 26.10.2015 г.
Час на сканиране: 22:16 ч.
Дневник: Malwarebytes.txt
Администратор: Да

Версия: 2.2.0.1024
База от данни за злонамерен софтуер: v2015.10.26.06
База от данни за рууткити: v2015.10.23.01
Лиценз: Безплатен
Защита от злонамерен софтуер: Забранено
Защита от злонамерени страници: Забранено
Самозащита: Забранено

ОС: Windows 7 Service Pack 1
Процесор: x64
Файлова система: NTFS
Потребител: Жельо

Тип сканиране: Сканиране за заплахи
Резултат: Завършено
Сканиране обекти: 360515
Изминало време: 38 мин. 1 сек.

Памет: Разрешено
Начално стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
Рууткити: Разрешено
Дълбоко сканиране за рууткити: Разрешено
Евристика: Разрешено
ПНП: Предупреди
ПНИ: Разрешено

Процеси: 0
(Не бяха открити злонамерени обекти)

Модули: 0
(Не бяха открити злонамерени обекти)

Ключове в системния регистър: 1
PUP.Optional.DriverHive, HKLM\SOFTWARE\WOW6432NODE\BSD\DRIVERHIVEENGINE, Не е избрано действие от потребителя, [3c52411a8dfe39fdee85b40cd231966a],

Стойности в системния регистър: 2
PUP.Optional.DriverHive, HKLM\SOFTWARE\WOW6432NODE\BSD\DRIVERHIVEENGINE|DriverIgnoreList, Не е избрано действие от потребителя, [3c52411a8dfe39fdee85b40cd231966a],
PUP.Optional.DriverHive, HKLM\SOFTWARE\WOW6432NODE\BSD\DRIVERHIVEENGINE|DriverUploadList, Не е избрано действие от потребителя, [8a04fe5d25662313ff74dee22dd6da26],

Данни в системния регистър: 0
(Не бяха открити злонамерени обекти)

Папки: 3
PUP.Optional.DriverHive, C:\ProgramData\BSD\DriverHive, Не е избрано действие от потребителя, [0985a6b54b405bdbadc53d83af54c838],
PUP.Optional.DriverHive, C:\ProgramData\BSD, Не е избрано действие от потребителя, [0985a6b54b405bdbadc53d83af54c838],
PUP.Optional.DriverHive, C:\ProgramData\BSD\DriverHiveEngine, Не е избрано действие от потребителя, [0985a6b54b405bdbadc53d83af54c838],

Файлове: 7
PUP.Optional.DriverHive, C:\ProgramData\BSD\DriverHive\history2.dat, Не е избрано действие от потребителя, [0985a6b54b405bdbadc53d83af54c838],
PUP.Optional.DriverHive, C:\ProgramData\BSD\DriverHiveEngine\scandet2.dat, Не е избрано действие от потребителя, [0985a6b54b405bdbadc53d83af54c838],
PUP.Optional.DriverHive, C:\ProgramData\BSD\DriverHiveEngine\scansummary2.dat, Не е избрано действие от потребителя, [0985a6b54b405bdbadc53d83af54c838],
RiskWare.Keygen, C:\Windows\AutoKMS.exe, Поставен под карантина, [2b63cc8fbdce51e5585d3fed41c0b24e],
RiskWare.Tool.CK, C:\Windows\KMSEmulator.exe, Поставен под карантина, [c8c68fcc85068babc455b607eb16bc44],
Trojan.Agent.Gen, C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6907.tmp, Поставен под карантина, [2e60d18aa4e740f66a34fd7eb74b4db3],
Trojan.FileCryptor.Trace, C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\recovery.bmp, Поставен под карантина, [157988d3b8d3dd59d6c6b9d9ea19b947],

Физически сектори: 0
(Не бяха открити злонамерени обекти)

(end)

 

 

 

И от FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-10-2015 02
Ran by Жельо (administrator) on JAX-LAPTOP (26-10-2015 23:10:23)
Running from C:\Users\Жельо\Desktop
Loaded Profiles: Жельо (Available Profiles: Жельо)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Autodata Limited) C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
() C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\ouc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [unlockerAssistant] => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
HKLM-x32\...\Run: [iR_SERVER] => C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-05] (Avast Software s.r.o.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: bcdedit.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\zhp\zhpcleaner.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\zhp\zhpcleaner.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\zhp\zhpcleaner.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\zhp\zhpcleaner.exe <====== ATTENTION
HKLM\...\Policies\Explorer: [NoAutorun] 2
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\Run: [TOPI.EXE] => C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {cdb173f4-4794-11e4-9418-047d7b60ad51} - I:\AutoRun.exe
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {cdb17402-4794-11e4-9418-047d7b60ad51} - H:\AutoRun.exe
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-02] (Avast Software s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-10-26]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 192.168.0.1
Tcpip\..\Interfaces\{521254B9-7035-4424-A79B-C73FEF009E56}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6408F382-43EF-45F8-A183-6E98326494E7}: [NameServer] 212.39.90.42 212.39.90.43
Tcpip\..\Interfaces\{A41B8DB8-C9BE-4B37-B8E9-4F4D5D0EDF75}: [DhcpNameServer] 195.175.39.40 195.175.39.39
Tcpip\..\Interfaces\{BBA08E84-E9B5-4B8C-8E2B-BE9854F9D071}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{C1BEB88E-16D3-4CA3-B902-802B99874DED}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{E53FC36D-0D30-463D-BA69-5934D48886C5}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E53FC36D-0D30-463D-BA69-5934D48886C5}: [DhcpNameServer] 192.168.100.1 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-02] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-02] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {CB927D12-4FF7-4A9E-A169-56E4B8A75598} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/x64/ractrl.cab?lmi=1007
DPF: HKLM-x32 {028C3B99-F9B0-4188-8C2C-D71CA84824D5} hxxp://77.71.2.130:7000/program/SonySncCs1011View.cab
DPF: HKLM-x32 {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} hxxps://eu.mydlink.com/8D/activeX//TunnelX.ocx
DPF: HKLM-x32 {6E49B4EF-9FE5-44DF-8D04-445AA94F83DB} hxxp://78.130.205.132:9999/program/SonyNetworkCameraViewer.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://95.87.29.5/WebClient.exe
DPF: HKLM-x32 {9F1C0B35-8230-4176-8B99-5C2485121A4E} hxxp://85.217.132.132/program/SNCActiveXViewer.cab
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://cam1.kassabasystems.com:83/codebase/DVM_IPCam2.ocx
DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://rbweb.corpbank.bg/CSWebBankASP/capicom.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://84.54.135.77/activex/AMC.cab
DPF: HKLM-x32 {EDD8DF0B-A160-45DF-A26E-67C390A57B18} hxxp://95.87.29.4:10106/webrec.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1082

FireFox:
========
FF ProfilePath: C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\agvgq22e.default
FF Homepage: hxxp://www.homepage.bg/?a=dhp
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll [2014-04-16] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll [2014-04-16] ()
FF Plugin-x32: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files\webrec\WEB30\WebPlugin\npmedia.dll [2015-05-16] ()
FF Plugin-x32: @DVR/npmedia,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npmedia.dll [2015-01-30] ()
FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files\webrec\WEB30\WebPlugin\npTimeGrid.dll [2015-05-16] (Unauthorized copy)
FF Plugin-x32: @DVR/npTimeGrid,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npTimeGrid.dll [2015-01-30] (Unauthorized copy)
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: @google.com/sewebplugin -> C:\Windows\system32\npsewebplugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-10-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-10-30] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\My Program\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-678885870-2144746608-4001290835-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Жельо\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-678885870-2144746608-4001290835-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Жельо\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-678885870-2144746608-4001290835-1000: www.mydlink.com/Uplayer -> C:\Users\Жельо\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll [2015-07-09] (D-LINK CORPORATION)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Extension: BitComet Video Downloader - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\agvgq22e.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2015-10-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-02] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.homepage.bg/
CHR Plugin: (Shockwave Flash) - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Java Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Google Update) - C:\Users\Жельо\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (W2MO: Logistics Design, Optimization, WMS, 3D) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\acbokjkdobbboamnnfehlboekicdhcog [2015-03-18]
CHR Extension: (Angry Birds) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-16]
CHR Extension: (YouTube) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (FARMERAMA) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkfdgnfefjmciocbhnffnbpkjpdleca [2015-08-07]
CHR Extension: (Google Търсене) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
CHR Extension: (Avast Online Security) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-18]
CHR Extension: (Pixorial Photo & Video Sharing) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilbibicalpgnmbjnganinjppjephokai [2014-02-25]
CHR Extension: (Happy Farmer by Fupa) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjdmmbgcdeojkmeablmdjkhplahnmii [2012-08-17]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR Extension: (Gmail) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (радио) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaapjbgohfgkalmmjpakodbpomahebn [2012-08-17]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-02]
StartMenuInternet: Google Chrome.MBWLTUWGU5OHAGWKF2LZRQIORY - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2012-07-17] (Autodata Limited) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-02] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-02] (Avast Software)
S3 BITCOMET_HELPER_SERVICE; C:\My Program\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [13080 2009-12-26] (Microsoft Corporation)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [200704 2006-08-11] (InterVideo Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-04] (NVIDIA Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-04] (NVIDIA Corporation)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [241400 2015-10-13] (RaMMicHaeL)
S2 VIVACOM 3G USB Modem. RunOuc; C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [651856 2013-10-26] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [312184 2010-09-21] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-02] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-02] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-02] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-05] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-02] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-02] ()
S3 CM2593; C:\Windows\System32\DRIVERS\CM2593.sys [12848 2008-09-30] () [File not signed]
S3 CM2593; C:\Windows\SysWOW64\DRIVERS\CM2593.sys [10800 2008-09-30] () [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2014-04-30] () [File not signed]
S3 GRemoteBus; C:\Windows\System32\DRIVERS\GRemoteBus64.sys [27336 2009-08-05] (GBM Software)
S3 GRemoteJoy; C:\Windows\System32\DRIVERS\GRemoteJoy64.sys [46792 2009-08-05] (GBM Software)
S3 GWHid; C:\Windows\System32\DRIVERS\GWHid.sys [22576 2008-09-30] (Microsoft Corporation) [File not signed]
S3 GWHid; C:\Windows\SysWOW64\DRIVERS\GWHid.sys [18992 2008-09-30] (Microsoft Corporation) [File not signed]
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [121728 2013-10-23] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [376448 2013-11-01] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 MSBDA; C:\Windows\System32\DRIVERS\UTVAD.sys [1410952 2011-07-15] (Gadmei Electronic Technology Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [225256 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-07-10] () [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-04-11] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-02] (Avast Software)
U3 at924iiy; C:\Windows\System32\Drivers\at924iiy.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WINIO; \??\C:\Users\Жельо\Desktop\Test na sistemata\Test na sistemata\psc_2.071\winio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-26 23:10 - 2015-10-26 23:10 - 00062392 _____ C:\Users\Жельо\Desktop\FRST.txt
2015-10-26 23:09 - 2015-10-26 23:09 - 00003049 _____ C:\Users\Жельо\Desktop\Malwarebytes.txt
2015-10-26 22:12 - 2015-10-26 23:10 - 00000000 ____D C:\FRST
2015-10-26 22:11 - 2015-10-26 22:11 - 02197504 _____ (Farbar) C:\Users\Жельо\Desktop\FRST64.exe
2015-10-26 22:07 - 2015-10-26 21:47 - 00401934 _____ C:\Users\Жельо\Desktop\recovery.bmp
2015-10-26 22:05 - 2015-10-26 22:05 - 00016384 _____ C:\Users\Жельо\AppData\Roaming\CryptoPrevent_Test_Module.exe
2015-10-26 21:47 - 2015-10-26 21:47 - 00401934 _____ C:\Users\Жельо\AppData\Roaming\recovery.bmp
2015-10-26 17:26 - 2015-10-26 21:14 - 01267232 _____ C:\Users\Жельо\Desktop\2015-10-26 15.22.05.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 17:26 - 2015-10-26 21:14 - 01175603 _____ C:\Users\Жельо\Desktop\2015-10-26 15.15.49.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 17:26 - 2015-10-26 21:14 - 01172987 _____ C:\Users\Жельо\Desktop\2015-10-26 17.22.51.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 15:42 - 2015-10-26 21:14 - 49622453 _____ C:\Users\Жельо\Desktop\complete.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-23 12:52 - 2015-10-23 13:23 - 00000000 ____D C:\Program Files (x86)\Traccar
2015-10-23 12:51 - 2015-10-23 12:51 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-10-22 20:08 - 2015-10-22 20:08 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GPS Tracker
2015-10-22 20:08 - 2015-10-22 20:08 - 00000000 ____D C:\Program Files (x86)\GPS Tracker
2015-10-10 09:54 - 2015-10-26 21:14 - 48105315 _____ C:\Users\Жельо\Desktop\d97ddb2041r0be922d41.mp4.id-1431423117_helpme@freespeechmail.org
2015-10-09 13:58 - 2015-10-26 21:14 - 00343729 _____ C:\Users\Жельо\Desktop\DSP-W215_REVA_DATASHEET_1.00_EN_US.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-08 07:37 - 2015-10-26 22:05 - 00009501 _____ C:\Windows\AutoKMS.log
2015-10-07 12:40 - 2015-10-26 21:15 - 00064516 _____ C:\Users\Жельо\Desktop\НОЕМВРИ 1 2015.xls.id-1431423117_helpme@freespeechmail.org
2015-10-07 12:39 - 2015-10-26 23:00 - 00000202 _____ C:\Windows\Tasks\AutoKMSDaily.job
2015-10-07 12:39 - 2015-10-26 23:00 - 00000200 _____ C:\Windows\Tasks\AutoKMS.job
2015-10-07 12:39 - 2015-10-26 22:05 - 00002740 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2015-10-07 12:39 - 2015-10-07 12:39 - 00002432 _____ C:\Windows\System32\Tasks\AutoKMS
2015-10-07 12:39 - 2015-10-07 12:39 - 00000184 _____ C:\Windows\AutoKMS.ini
2015-10-07 11:48 - 2015-10-26 21:15 - 00067588 _____ C:\Users\Жельо\Desktop\НОЕМВРИ 2015.xls.id-1431423117_helpme@freespeechmail.org
2015-10-07 11:48 - 2015-10-26 21:15 - 00064516 _____ C:\Users\Жельо\Desktop\ОКТОМВРИ 2015.xls.id-1431423117_helpme@freespeechmail.org
2015-10-05 12:07 - 2015-10-26 21:14 - 00008404 _____ C:\Users\Жельо\Desktop\45760977_taurus-my-bread.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-05 08:39 - 2015-10-26 21:15 - 23575909 _____ C:\Users\Жельо\Desktop\WWW.DOWNVIDS.NET-Декупаж для начинающих, техника декупаж.mp4.id-1431423117_helpme@freespeechmail.org
2015-10-05 08:37 - 2015-10-26 21:15 - 30338387 _____ C:\Users\Жельо\Desktop\WWW.DOWNVIDS.NET-Лесна Оригами Панделка Рнструкция.mp4.id-1431423117_helpme@freespeechmail.org
2015-10-05 08:36 - 2015-10-26 21:14 - 05599487 _____ C:\Users\Жельо\Desktop\11387582_873338832720180_1363359264_n.mp4.id-1431423117_helpme@freespeechmail.org
2015-10-05 07:56 - 2015-10-26 21:14 - 00065428 _____ C:\Users\Жельо\Desktop\12144944_843241179122493_2699129129780439143_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-02 18:03 - 2015-10-02 18:03 - 00708660 _____ C:\Users\Жельо\Desktop\Завеждане на щета онлайн  24ins_bg.mht
2015-10-01 13:52 - 2015-10-26 22:01 - 00000454 __RSH C:\ProgramData\ntuser.pol
2015-10-01 13:52 - 2015-10-01 13:52 - 00053248 _____ C:\Windows\SysWOW64\zlib.dll
2015-10-01 13:52 - 2015-10-01 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2015-10-01 13:52 - 2015-10-01 13:52 - 00000000 ____D C:\ProgramData\Foolish IT
2015-10-01 13:52 - 2015-10-01 13:52 - 00000000 ____D C:\Program Files (x86)\Foolish IT
2015-10-01 13:49 - 2015-10-01 13:50 - 00000755 _____ C:\DelFix.txt.id-1431423117_helpme@freespeechmail.org
2015-10-01 13:47 - 2015-10-01 13:47 - 00000000 ____D C:\ProgramData\Unchecky
2015-10-01 13:47 - 2015-10-01 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-10-01 13:47 - 2015-10-01 13:47 - 00000000 ____D C:\Program Files (x86)\Unchecky
2015-10-01 13:31 - 2015-10-01 13:31 - 00001029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-10-01 13:31 - 2015-10-01 13:31 - 00000000 ____D C:\Users\Жельо\AppData\Local\Secunia PSI
2015-10-01 13:30 - 2015-10-01 13:30 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-09-28 22:03 - 2015-09-28 22:04 - 00000000 ____D C:\EEK
2015-09-28 21:49 - 2015-09-28 22:01 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-27 09:53 - 2015-10-26 21:14 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\ZHP
2015-09-26 21:50 - 2015-09-26 21:50 - 00000000 ____D C:\SFCFix

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-26 23:09 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-26 23:09 - 2009-07-14 06:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-26 23:07 - 2014-12-06 18:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-26 23:05 - 2012-07-10 12:44 - 01785717 _____ C:\Windows\WindowsUpdate.log
2015-10-26 23:02 - 2012-08-23 16:41 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-26 23:01 - 2012-08-21 11:46 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-10-26 23:01 - 2009-07-14 06:51 - 00069118 _____ C:\Windows\setupact.log
2015-10-26 23:00 - 2013-08-09 18:15 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-10-26 23:00 - 2013-04-28 17:02 - 00000686 ____H C:\Windows\Tasks\{F78FF1FF-7F8C-40BF-956E-099D61E0547F}.job
2015-10-26 23:00 - 2012-07-10 12:59 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-26 23:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-26 22:59 - 2012-07-10 16:13 - 00509992 _____ C:\Windows\PFRO.log
2015-10-26 22:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\IME
2015-10-26 22:28 - 2012-08-17 07:39 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-678885870-2144746608-4001290835-1000UA.job
2015-10-26 22:14 - 2014-12-06 18:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-26 22:11 - 2009-07-14 07:13 - 00796930 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-26 22:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2015-10-26 21:58 - 2012-07-10 14:16 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\TOSHIBA Online Product Information
2015-10-26 21:43 - 2013-04-08 11:54 - 01878020 _____ C:\Drive Gamepad Corsair.iso.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2015-07-31 16:50 - 00000000 ____D C:\ProgramData\Home Media Server
2015-10-26 21:20 - 2014-09-29 13:13 - 00000000 ____D C:\ProgramData\DatacardService
2015-10-26 21:20 - 2014-08-19 11:02 - 10057732 _____ C:\Users\Жельо\Documents\Shinyek.com_20140819_120246.avi.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2014-08-16 19:18 - 00053338 _____ C:\Users\Жельо\Downloads\1978664_814568958574694_2136114907737541147_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2014-08-09 16:39 - 35673092 _____ C:\Users\Жельо\Documents\Shinyek.com_20140809_173924.avi.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2014-08-09 14:55 - 29987844 _____ C:\Users\Жельо\Documents\Shinyek.com_20140809_155535.avi.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-12-23 21:47 - 00000000 ____D C:\Users\Жельо\Documents\Файлове на Outlook
2015-10-26 21:20 - 2013-10-26 20:03 - 00026116 _____ C:\Users\Жельо\Downloads\Zadaca_Genka.doc.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-08-29 21:13 - 00057213 _____ C:\Users\Жельо\Downloads\1000393_540182566018498_411413383_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-08-05 20:10 - 00100842 _____ C:\Users\Жельо\Downloads\970476_187009254808738_412620130_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-06-06 17:45 - 00097232 _____ C:\Users\Жельо\Downloads\945078_10152804088520054_406764555_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-06-06 17:43 - 00000000 ____D C:\Users\Жельо\Downloads\(2) Facebook_files
2015-10-26 21:20 - 2013-06-06 17:32 - 00134818 _____ C:\Users\Жельо\Downloads\264531_10152851727670054_1987382369_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-06-06 17:21 - 00075690 _____ C:\Users\Жельо\Downloads\601942_10152905450015054_1452536488_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-05-22 21:16 - 00024948 _____ C:\Users\Жельо\Downloads\969768_367118476733347_1879884072_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-05-21 14:18 - 00080665 _____ C:\Users\Жельо\Downloads\47972_640260875987866_284246366_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-04-15 21:27 - 00028980 _____ C:\Users\Жельо\Downloads\529236_488111517923385_917255643_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-04-09 21:55 - 00107475 _____ C:\Users\Жельо\Downloads\28180_568426666522129_680828922_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-04-03 13:13 - 00151541 _____ C:\Users\Жельо\Downloads\20911_507559255947496_1851089258_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-04-03 12:47 - 00100370 _____ C:\Users\Жельо\Downloads\576380_210473035756381_417519601_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-04-03 12:46 - 00070257 _____ C:\Users\Жельо\Downloads\397679_212150595588625_2023657086_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-03-11 10:08 - 00104729 _____ C:\Users\Жельо\Downloads\582442_555954764428496_1552000269_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-03-10 21:09 - 00096033 _____ C:\Users\Жельо\Downloads\734402_576864342338415_1208552921_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-03-08 21:49 - 00071461 _____ C:\Users\Жельо\Downloads\431106_10150601345356932_2105304855_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-03-04 11:43 - 00096371 _____ C:\Users\Жельо\Downloads\537636_498080160228211_2144130645_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-03-02 18:01 - 00052564 _____ C:\Users\Жельо\Downloads\522759_340900102676628_1003475426_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-02-27 22:04 - 00068292 _____ C:\Users\Жельо\Downloads\544425_485568728146566_1343531914_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-02-27 14:51 - 00160118 _____ C:\Users\Жельо\Downloads\11019_4377585923653_1022236283_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-02-21 17:02 - 00070021 _____ C:\Users\Жельо\Downloads\Adhoc_C03_BG.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-01-23 23:20 - 00068905 _____ C:\Users\Жельо\Downloads\59623_240574779405635_761545342_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-01-16 19:42 - 00066084 _____ C:\Users\Жельо\Downloads\75028_455612271165693_184100950_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-01-16 19:38 - 00045463 _____ C:\Users\Жельо\Downloads\602691_455613547832232_87005173_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-01-16 19:34 - 00106368 _____ C:\Users\Жельо\Downloads\184451_455614161165504_77676019_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2013-01-16 19:34 - 00075498 _____ C:\Users\Жельо\Downloads\580453_455614254498828_1409363729_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2012-12-29 09:59 - 00059047 _____ C:\Users\Жельо\Downloads\199780_443182352413723_1092760575_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:20 - 2012-09-16 18:36 - 00000000 ____D C:\Users\Жельо\Documents\The KMPlayer
2015-10-26 21:20 - 2012-07-10 18:39 - 00000020 _____ C:\Users\Жельо\Downloads\Microsoft Office Professional Edition 2003 MUI-BG only.rar.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:18 - 2015-07-21 13:34 - 00000000 ____D C:\Users\Жельо\Documents\HMS.2_01
2015-10-26 21:18 - 2014-12-17 15:12 - 10798482 _____ C:\Users\Жельо\Documents\FarmingSimulator2015.rar.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:18 - 2012-10-22 10:38 - 00000000 ____D C:\Users\Жельо\Documents\Euro Truck Simulator 2
2015-10-26 21:18 - 2012-07-29 12:40 - 00000000 ____D C:\Users\Жельо\Documents\My Games
2015-10-26 21:18 - 2012-07-10 13:22 - 00000000 ____D C:\Users\Жельо\Documents\Bluetooth
2015-10-26 21:15 - 2015-09-06 15:10 - 00040807 _____ C:\Users\Жельо\Desktop\Statements.zip.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2015-08-19 13:59 - 12227038 _____ C:\Users\Жельо\Desktop\Rykovodstvo chast 1.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2015-08-19 13:28 - 02656179 _____ C:\Users\Жельо\Desktop\naredba3.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2015-08-13 12:55 - 00064516 _____ C:\Users\Жельо\Desktop\АВГУСТ 2015.xls.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2015-08-07 10:09 - 00016516 _____ C:\Users\Жельо\Desktop\powermeter280.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2015-07-18 09:20 - 00000052 _____ C:\Users\Жельо\Desktop\Вар.txt.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2015-06-15 16:24 - 00000000 ____D C:\Users\Жельо\Desktop\Бг Снимки
2015-10-26 21:15 - 2015-05-20 19:48 - 07921289 _____ C:\Users\Жельо\Desktop\STBs_System Setup.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2015-05-11 19:16 - 00000000 ____D C:\Users\Жельо\Desktop\Екскурзия
2015-10-26 21:15 - 2015-03-30 08:11 - 00000000 ____D C:\Users\Жельо\Desktop\Стари снимки-Раднево
2015-10-26 21:15 - 2015-03-20 07:30 - 00000000 ____D C:\Users\Жельо\Desktop\БЕЛЕЖКИ
2015-10-26 21:15 - 2015-02-09 22:06 - 00000000 ____D C:\Users\Жельо\Desktop\razni
2015-10-26 21:15 - 2015-02-09 20:27 - 00028260 _____ C:\Users\Жельо\Desktop\imga305c17f85b99588ce35cb4e9cd6134f.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2015-02-08 21:10 - 00030025 _____ C:\Users\Жельо\Desktop\img26c2cea56d0bc574a2215095b727b56e.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2015-01-10 18:21 - 00000000 ____D C:\Users\Жельо\Desktop\METRO
2015-10-26 21:15 - 2015-01-08 21:03 - 00000000 ____D C:\Users\Жельо\Desktop\Животни с махмурлук
2015-10-26 21:15 - 2014-12-01 20:36 - 00000000 ____D C:\Users\Жельо\Desktop\pletkite na maika
2015-10-26 21:15 - 2014-11-17 15:02 - 00024580 _____ C:\Users\Жельо\Desktop\ТВ Програми.doc.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2014-11-03 15:10 - 00116228 _____ C:\Users\Жельо\Desktop\Naredba-01-2014-protokol.doc.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2014-09-11 07:13 - 00032260 _____ C:\Users\Жельо\Desktop\етикети.doc.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2014-09-11 06:27 - 00015108 _____ C:\Users\Жельо\Desktop\Нов Документ на Microsoft Word.docx.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2014-08-03 18:19 - 00082985 _____ C:\Users\Жельо\Desktop\Юли 2014.xls.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2014-07-22 15:15 - 02746864 _____ C:\Users\Жельо\Desktop\Пролетна емоция  480p.mp3.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2014-07-22 11:40 - 00919556 _____ C:\Users\Жельо\Desktop\UPS600L_User_manual-ivg-sinio.doc.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2014-07-19 13:35 - 00105127 _____ C:\Users\Жельо\Desktop\Юни 2014.xls.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2013-12-15 22:13 - 00014340 ___SH C:\Users\Жельо\Desktop\Thumbs.db.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2013-12-01 11:46 - 00000180 ____H C:\Users\Жельо\Desktop\~$се лист.doc.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:15 - 2012-07-10 16:50 - 00000000 ___RD C:\Users\Жельо\Desktop\OPTIONS
2015-10-26 21:14 - 2015-09-24 09:32 - 00573485 _____ C:\Users\Жельо\Desktop\379131-an-01-ml-X4_TECH_7Zoll_TFT_MONITOR_de_en.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-09-24 09:25 - 00181771 _____ C:\Users\Жельо\Desktop\379131-an-01-nl-kleurenmonitor_X4_TECH.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-09-12 14:01 - 00245808 _____ C:\Users\Жельо\Desktop\15598215001_20150908_1190143446.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-08-19 22:19 - 00205151 _____ C:\Users\Жельо\Desktop\1024px-Muzeum_Polskiej_Techniki_Wojskowej.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-08-19 14:00 - 01712170 _____ C:\Users\Жельо\Desktop\ES_CHAPTER_G_BG.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-08-19 13:58 - 00410388 _____ C:\Users\Жельо\Desktop\bakalavar_uch-vaprosi_17-32_rev.26.02.10.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-08-19 13:32 - 00988417 _____ C:\Users\Жельо\Desktop\file_31_bg.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-08-18 08:57 - 00074420 _____ C:\Users\Жельо\Desktop\FIB_BG10FINV915010BGN05SM0_01_07_2015-31_07_2015.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-08-18 08:56 - 00063681 _____ C:\Users\Жельо\Desktop\FIB_BG10FINV915010BGN05SM0_22072015-22072015.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-08-12 19:42 - 00250386 _____ C:\Users\Жельо\Desktop\15598215001_20150808_1188308123.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-08-09 20:43 - 00069546 _____ C:\Users\Жельо\Desktop\11826001_944975695561197_5663055655366077629_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-08-04 12:31 - 00135127 _____ C:\Users\Жельо\Desktop\317200371.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-08-03 20:15 - 01345442 _____ C:\Users\Жельо\Desktop\fuji-electric_fujitsu_rsa07lgc_rsa09lgc_rsa12lgc.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-07-22 13:34 - 01093140 _____ C:\Users\Жельо\Desktop\28596_1.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-07-21 12:42 - 01447877 _____ C:\Users\Жельо\Desktop\23389_1524.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-07-21 12:23 - 04273320 _____ C:\Users\Жельо\Desktop\Goclever_Cineo_100.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-05-15 16:15 - 00023940 _____ C:\Users\Жельо\Desktop\20022_10152857369049562_7545979365560403622_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-05-11 15:51 - 00133269 _____ C:\Users\Жельо\Desktop\CS8P-RRCP-Bg.pdf.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-04-18 22:21 - 00056662 _____ C:\Users\Жельо\Desktop\11103943_956376487726091_2024356767_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-04-18 08:14 - 00056630 _____ C:\Users\Жельо\Desktop\143.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-04-07 08:10 - 00097193 _____ C:\Users\Жельо\Desktop\11138521_1080050578678334_4401811882120231237_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-03-27 18:44 - 04958724 _____ C:\Users\Жельо\Desktop\cenova lista ganchev.xls.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-03-19 09:43 - 00507880 _____ C:\Users\Жельо\Desktop\DVR 5116C.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-03-19 08:57 - 00042234 _____ C:\Users\Жельо\Desktop\cid___1foxmail.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-03-19 07:52 - 00053774 _____ C:\Users\Жельо\Desktop\026236782.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-03-19 07:52 - 00051887 _____ C:\Users\Жельо\Desktop\026236779.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-03-19 07:52 - 00045086 _____ C:\Users\Жельо\Desktop\026236780.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-03-13 14:25 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\ViberPC
2015-10-26 21:14 - 2015-03-13 14:25 - 00000000 ____D C:\Users\Жельо\AppData\Local\Viber
2015-10-26 21:14 - 2015-03-05 08:58 - 00313860 _____ C:\Users\Жельо\Desktop\DNS-HOWTO-BG.doc.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2015-01-25 14:19 - 00104605 _____ C:\Users\Жельо\Desktop\960284_10155184894970381_7675235045610530839_n.jpg.id-1431423117_helpme@freespeechmail.org
2015-10-26 21:14 - 2014-11-15 12:51 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\HSAR
2015-10-26 21:14 - 2014-06-23 18:26 - 00000000 ____D C:\Users\Жельо\AppData\Local\SteelBytes
2015-10-26 21:14 - 2013-08-25 15:02 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\FileZilla
2015-10-26 21:14 - 2012-08-11 16:55 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\Samsung
2015-10-26 21:14 - 2012-08-05 08:41 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\TeamViewer
2015-10-26 21:14 - 2012-07-30 10:21 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\FarmingSimulator2008
2015-10-26 21:14 - 2012-07-10 20:17 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\Skype
2015-10-26 21:14 - 2012-07-10 15:57 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\DAEMON Tools Lite
2015-10-26 21:14 - 2012-07-10 15:55 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\Winamp
2015-10-26 21:14 - 2012-07-10 15:14 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\BitComet
2015-10-26 21:14 - 2012-07-10 12:49 - 00000000 ____D C:\Users\Жельо\AppData\Local\VirtualStore
2015-10-26 21:13 - 2015-09-25 20:25 - 03409199 ____H C:\Users\Жельо\AppData\Local\IconCache.db.id-1431423117_helpme@freespeechmail.org
2015-10-26 15:28 - 2012-08-17 07:39 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-678885870-2144746608-4001290835-1000Core.job
2015-10-25 09:30 - 2012-08-17 07:40 - 00002364 _____ C:\Users\Жельо\Desktop\Google Chrome.lnk
2015-10-23 12:52 - 2015-08-27 22:21 - 00000000 ____D C:\Users\Жельо\.oracle_jre_usage
2015-10-23 12:51 - 2014-04-16 18:00 - 00000000 ____D C:\Program Files\Java
2015-10-23 12:51 - 2013-10-20 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-23 11:04 - 2013-10-20 15:55 - 00000000 ____D C:\ProgramData\Oracle
2015-10-23 11:03 - 2013-07-13 14:52 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-22 11:33 - 2012-07-17 10:26 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\vlc
2015-10-10 11:44 - 2012-07-17 16:18 - 00007596 _____ C:\Users\Жельо\AppData\Local\Resmon.ResmonCfg
2015-10-10 11:26 - 2009-07-14 07:08 - 00032536 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-07 12:34 - 2012-07-10 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-10-07 12:34 - 2012-07-10 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-10-07 12:34 - 2012-07-10 19:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-05 09:50 - 2014-12-06 18:27 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2014-12-06 18:27 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2012-08-22 19:07 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-03 06:52 - 2009-07-14 09:46 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2015-09-27 09:38 - 2012-07-10 12:49 - 00000000 ____D C:\Users\Жельо
2015-09-26 22:21 - 2015-09-24 15:08 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\Windows Photo Viewer
2015-09-26 21:53 - 2015-09-24 15:11 - 00000000 ____D C:\Users\Жельо\AppData\LocalLow\BitComet

==================== Files in the root of some directories =======

2013-09-01 09:52 - 2013-09-01 09:52 - 0039523 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2012-05-04 09:04 - 2012-05-04 09:04 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2013-09-30 13:38 - 2013-09-30 13:38 - 0000053 _____ () C:\Users\Жельо\AppData\Roaming\Battery Meter_Data.ini
2015-10-26 22:05 - 2015-10-26 22:05 - 0016384 _____ () C:\Users\Жельо\AppData\Roaming\CryptoPrevent_Test_Module.exe
2012-07-17 10:20 - 2014-12-07 07:09 - 0000180 _____ () C:\Users\Жельо\AppData\Roaming\default.rss
2013-08-06 17:10 - 2013-08-06 19:48 - 0000018 _____ () C:\Users\Жельо\AppData\Roaming\Network Meter_Usage.ini
2015-10-26 21:47 - 2015-10-26 21:47 - 0401934 _____ () C:\Users\Жельо\AppData\Roaming\recovery.bmp
2012-08-22 11:27 - 2012-10-16 13:49 - 0005120 _____ () C:\Users\Жельо\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-10 21:27 - 2014-02-10 21:27 - 0000093 _____ () C:\Users\Жельо\AppData\Local\fusioncache.dat
2015-03-26 13:56 - 2015-03-26 13:56 - 0000054 _____ () C:\Users\Жельо\AppData\Local\oPlayer.ini
2012-07-17 16:18 - 2015-10-10 11:44 - 0007596 _____ () C:\Users\Жельо\AppData\Local\Resmon.ResmonCfg
2012-06-21 11:04 - 2012-06-21 17:07 - 0055545 _____ () C:\ProgramData\Cutevideoconverter.ini
2012-06-21 11:04 - 2011-07-23 12:24 - 0111450 _____ () C:\ProgramData\Cutevideoformat.ini

Files to move or delete:
====================
C:\Users\Жельо\Network_Meter_Data.js
C:\Windows\Tasks\{F78FF1FF-7F8C-40BF-956E-099D61E0547F}.job

Some files in TEMP:
====================
C:\Users\Жельо\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Жельо\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Жельо\AppData\Local\Temp\sqlite3.dll
C:\Users\Жельо\AppData\Local\Temp\{DC3891D6-BC1E-4763-8197-1AEC6CFC7FEA}-46.0.2490.71_45.0.2454.101_chrome_updater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD.

LastRegBack: 2015-10-21 08:43

==================== End of FRST.txt ============================

 

Addition.txt

 

[B-boy/StyLe/]

Този път нищо не може да се направи. Заразите, дори и да ги изчистим (а аз такива не видях и обикновено няма такива след този вид вредители, защото след свършване на своята работа се само-изтриват) то криптираните файлове ще си останат такива. Специално за този вариант няма декриптор и скоро не се очаква да има такъв.

 

Можете да пробвате следните неща:

 

1. С програми от сорта на Recuva, Photorec (testdisk), ShadowExplorer да проверите дали не можете да намерите чисти копия на оригиналните си файлове (или поне предишни техни, но работещи версии)...

 

2. Нещо което не препоръчвам е да си заплатите на злосторниците за декриптор (но обикновено той се равнява на 750 долара или 3 биткойна) и пак няма гаранция, че ще работи декриптора, който ще ви пратят.

 

3. Просто пиете една студена вода и забравяте за файловете си.

 

Интересно на каква степен на защита е бил поставен CryptoPrevent при вас, защото гледам не се е справил със заплахата? Това донякъде е и очаквано, защото за новите криптиращи гадини се изисква допълнителна защита като Malwarebytes Anti-Exploit (или HitmanPro.Alert или EMET), програми за защита на определени папки като Comodo Internet Security (с опцията си Protected Files and Folders) или Panda (с опцията си в платената версия - DataShield). Подобна защита има и в безплатната 360 Total Security (в лицето на Data Hijacking Protection), минаване на UAC на най-високото ниво на защита, евентуално използването на Default-Deny или Anti-executable програми като VoodooShield, SecureAPlus, Appguard или използване на вградените в Windows средства като Secure Restriction Policies, Applocker и Limited User Account...Но вече е късно за тях. Аз лично не ги споменавам често, защото пък те са леко неудобни за фирмени или служебни системи...за домашни стават, но за работни системи ще отклоняват вниманието на служителя в друга насока от основната му дейност поне докато програмите не бъдат нагодени до неговите нужди (а затова се изисква период на обучаване на програмите и на персонала).

 

Поздрави!

[jelio_jelev]

И 5 долара да искат пак няма да им ги дам. Имам снимка която обаче е на същия хард, но е на скрит дял. Дали файловете там са засегнати. Бих ли могъл да го възстановя от нея, като форматирам преди това всичко, или ще се наложи нова инсталация?

[B-boy/StyLe/]

По принцип този вид зараза търси за мапнати дискове и споделени мрежови ресурси, успява да зарази и външни дискове (ако са вързани към компютъра в момента), както и успява да криптира файловете, които са на други дялове в една система, но щом дяла е скрит има голяма вероятност да не е засегнат. Още повече, че Image-a се води файл с някакво разширение обикновено и ако това разширение не е сред разширенията, които бацила търси и криптира може да е минал между капките и снимката да е непокътната и съответно и файловете в нея също би трябвало да са такива. Да, според мен можете да пробвате да възстановите image-a за да видите дали всичко ще си е постарому. Нова инсталация винаги може да направите, но нека да е като краен вариант в случай, че нищо друго не сработи. Предполагам обаче, че снимката е само за дял C:\? Ако да, тогава ако имате криптирани файлове на другите дялове тях просто ще се наложи да ги изтриете (ако опцията за System Restore не е била пусната и за останалите дялове - нещо в което се съмнявам). Ако все пак опцията е била пусната да защитава всички дялове то първо проверете за читави копия на файловете си на другите дялове и чак тогава върнете Image-a за да възстановите функционалността на дял C:\ защото след едно връщане на снимката и всички точки на възстановяване ще бъдат изтрити за всички дялове.

 

Поздрави и успех!

[jelio_jelev]

Еиииии братушките са голяма работа. В опитите си да възстановя криптираните файлове попаднах на един декриптор на касперски. Коментарите по негов адрес бяха по-скоро негативни, но аз все пак имах търпението да го изчакам цял ден да смята там нещо си, но накрая откри алгоритъма. Още 10 часа за възстановяване на файловете и сега на харда всичко е наред. Сега го пуснах и на външния диск, че направих голямата глупост да включа и него, да видим как ще се справи и там. И тъй като въпросния декриптор е безплатен мисля, че няма да е против правилата да го споделя с останалите. Може и на някой друг да помогне. Но незнам сега какви мерки да предприема за избягване на подобен проблем, че другия път може да нямам такъв късмет.

rakhnidecryptor.rar

[B-boy/StyLe/]

Интересно. От екипа на чуждестранните експерти смятат, че има връзка между decode@india.com бацила с вашия (и изобщо с всички варианти в които се срещат @ в името), но просто не бяха сигурни и затова не ви го предложих. Иначе мненията в сайтовете като MajorGeeks, Softpedia и подобни може да не са много положителни за инструмента, но според доста потребители, където се дискутираше стария вариант на заразата (този с decode@india.com) именно този инструмент е помогнал на някои от потребителите там (но не на всички). Явно сте имали късмет. Ще го предложа тогава и на останалите потребители, които имат подобен вариант, но не баш този като вашия (но пак има @ в името). Така че благодаря за обратната връзка. Все пак бих искал да публикувате лог файла от инструмента, а не самия инструмент ако е възможно. Той инструмента така или иначе е безплатен и го има навсякъде.

 

Поздрави и лека вечер!

[ozzy]

Но незнам сега какви мерки да предприема за избягване на подобен проблем, че другия път може да нямам такъв късмет.

 

Мерките са да си сложиш читава антивирусна програма за резидентна защита. ESET Nod32 Antivirus хваща криптиращите вируси със сигурност.

Нито една фри версия на аваст, авира, авг, или секюрити есеншълс не върши работа, а точно тях повечето потребители си слагат!

[B-boy/StyLe/]

Антивирусна дори с HIPS като този на ESET не е достатъчно. Мерките съм ги споделил в пост 2.

[jelio_jelev]

Ето лога.

 

RakhniDecryptor.1.14.0.0_27.10.2015_19.57.35_log.rar

[B-boy/StyLe/]

Супер. А инструмента успя ли да се справи и с криптираните файлове на външния диск?

[jelio_jelev]

С него не се справи толкова добре. Незнам поради каква причина свърши свободното място на диска. Може и заради това да не се е справил. Сега освободих малко място и го пуснах пак да видим какво ще стане.

[jelio_jelev]

От втория път стана с изключение на няколко .xml файла всичко е наред.

[B-boy/StyLe/]

Супер....на друга система с този проблем инструмента намери паролата за декриптиране, но не е успял да ги дектриптира....(поне тези по мрежата). Затова предложих на потребителя да си провери свободното място и да стартира инструмента директно от засегнатата система, а не по мрежата. Все пак ще говоря и с авторите на инструмента от Касперски дали не могат да добавят повече ключове за този нов вариант...ще им пратя и вашия лог, където действието е било успешно и неговия, където не е било и да видим какво ще стане. Ще им правя и неговия вариант на криптирания файл. Иначе днес от Касперски са пуснали декриптор с над 14 000 ключа за CoinVault и BitCrypt вариантите...

[jelio_jelev]

И аз имам един криптиран файл. Това е един .pdf, който бях преименувал като махнах тяхното окончание с надеждата, че ще се отвори ама уви. И вероятно след като съм го преименувал инструмента го е подминал, защото сега пак не се отваря, но мога да му върна старото окончание и да ти го пратя, ако ще е от полза.

[peter69pl]

Искам да ползвам темата поради някои съмнения.

-Професионална защита даже от експлойт.

-Вирусът,предполагам е от Гугъл и не е смешно.

Защо смятам,че въпреки тоталната защита нещо е влязло.

--ъпдейта на Супера стана бавен.

--Смотаните програми направо ми блокираха системата и трябваше възстановяване.

Трябва да Ви кажа,че съм бос по темата...това е първи пробив

за 4 години

--Сега ще възстановя системата...нещо,което експерт-боклуци не препоръчват

Нещо много важно...то връща вирус,но и чисти.

...МОЯТ ПРОБЛЕМ РЕШЕН...

( Avast VIP  e проблема)