Jump to content

Моля за помощ, за вирус


Препоръчан пост

Поставям копираните неща както пише в закачената тема.

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Дата на сканиране: 22.9.2016 г.
Час на сканиране: 21:30 ч.
Дневник: 22.09.2016.txt
Администратор: Да
 
Версия: 2.2.1.1043
База от данни за злонамерен софтуер: v2016.09.22.14
База от данни за рууткити: v2016.08.15.01
Лиценз: Безплатен
Защита от злонамерен софтуер: Забранено
Защита от злонамерени страници: Забранено
Самозащита: Забранено
 
ОС: Windows 7 Service Pack 1
Процесор: x86
Файлова система: NTFS
Потребител: tuzaro
 
Тип сканиране: Сканиране за заплахи
Резултат: Завършено
Сканиране обекти: 270947
Изминало време: 40 мин. 18 сек.
 
Памет: Разрешено
Начално стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
Рууткити: Разрешено
Евристика: Разрешено
ПНП: Разрешено
ПНИ: Разрешено
 
Процеси: 1
PUP.Optional.Linkury, C:\ProgramData\Quoteex\Quoteex.exe, 2648, Изтриване при рестартиране, [f3431263f3a765d14e39c91fa16360a0]
 
Модули: 3
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Silverlam.dll, Изтриване при рестартиране, [61d5fc790199d85ef9ca607947bdaf51], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Silverlam.dll, Изтриване при рестартиране, [61d5fc790199d85ef9ca607947bdaf51], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Silverlam.dll, Изтриване при рестартиране, [61d5fc790199d85ef9ca607947bdaf51], 
 
Ключове в системния регистър: 24
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QUOTEEX.EXE, Поставен под карантина, [f3431263f3a765d14e39c91fa16360a0], 
Adware.HPDefender, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HPRewriter2, Поставен под карантина, [dd591b5a950578bea66c8a6859abcb35], 
PUP.Optional.NeoBar.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Youtube AdBlock, Поставен под карантина, [8fa794e1d1c9d1656edeb21748bcc739], 
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CloudPrinter, Поставен под карантина, [1323f08549516ec81ac2c62ef70c0cf4], 
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Quoteex, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.YouTubeAdBlock, HKLM\SOFTWARE\CLASSES\TYPELIB\{45965C76-4C88-4512-9358-368483E1C3B1}, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8CB24E3-DDA3-4B7F-8BA3-871DB7D3D986}, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6DF4318-A699-4E88-BE1D-84F4A009B08A}, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\mtQuoteex, Поставен под карантина, [a1956c09dcbe62d4250e31c823e0db25], 
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, Поставен под карантина, [5bdb4b2ad8c2d066ae6e3eb6de2504fc], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\TRACING\CloudPrinter_RASAPI32, Поставен под карантина, [b87e5d1819815ed89f04bf365ba8a65a], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\TRACING\CloudPrinter_RASMANCS, Поставен под карантина, [c67015602d6dbf77cad920d5a2615fa1], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\TRACING\Quoteex_RASAPI32, Поставен под карантина, [7abc5a1bbfdb67cfa78a2dccb64d0ff1], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\TRACING\Quoteex_RASMANCS, Поставен под карантина, [d462e5908c0e68ce1e1304f542c1f30d], 
PUP.Optional.YeaPlayer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{075332F3-3893-44CA-AF78-3217AFFC2109}, Изтриване при рестартиране, [4ee890e53862fa3c4037b94173904cb4], 
PUP.Optional.YeaPlayer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\svchost, Изтриване при рестартиране, [6bcb86eff5a5191d2256e911c43f857b], 
PUP.Optional.NeoBar, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Update Service for Youtube AdBlock, Изтриване при рестартиране, [2610373e9703300670ea962b23e1c53b], 
PUP.Optional.NeoBar, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Update Service for Youtube AdBlock2, Изтриване при рестартиране, [d165d4a12e6ce74f45152899887cc739], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe, Поставен под карантина, [c76f294cccce5ed854deb4457390cd33], 
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5A54D94C-26D6-4750-9BDF-E7F4566DF2AB}, Поставен под карантина, [3501a9cc42586dc90387ccdc9073827e], 
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, Поставен под карантина, [23135421b9e1cb6bbec4c1356c97c13f], 
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\SOFTWARE\mtQuoteex, Поставен под карантина, [86b06510108a60d6de51ca2fee1522de], 
PUP.Optional.Linkury, HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, Поставен под карантина, [a88e482d9efcca6cd34820d41ee5eb15], 
PUP.Optional.ContentPush, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ContentPush, Поставен под карантина, [d264acc99901ed49a0617d4513f1857b], 
 
Стойности в системния регистър: 14
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, Поставен под карантина, [5bdb4b2ad8c2d066ae6e3eb6de2504fc]
PUP.Optional.YeaPlayer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{075332F3-3893-44CA-AF78-3217AFFC2109}|Path, \svchost, Изтриване при рестартиране, [4ee890e53862fa3c4037b94173904cb4]
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5A54D94C-26D6-4750-9BDF-E7F4566DF2AB}|Publisher, Linkury, Поставен под карантина, [3501a9cc42586dc90387ccdc9073827e]
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CLOUDPRINTER|ImagePath, C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a, Поставен под карантина, [fd39363f7228ef475c1aee08e023ed13]
PUP.Optional.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://non-block.net/wpad.dat?d77a3875dd10bbb12915b93e9d514b6a16631112, Поставен под карантина, [73c3c6af5941fa3c87258b5ffb0935cb]
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\QUOTEEX|ImagePath, C:\ProgramData\\Quoteex\\Quoteex.exe shuz -f "C:\ProgramData\\Quoteex\\Quoteex.dat" -l -a, Поставен под карантина, [3600f77e52481a1c33018970e71c8e72]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\ENVIRONMENT|SNP, http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D?publisher=APSFWakeNet&co=BG&userid=d2c47080-3455-4251-d415-158b114925cf&searchtype=sc&installDate=17.09.2016&barcodeid=51198003&channelid=3&av=windows, Поставен под карантина, [9a9cdf96c0daba7cebfdc82cb74c43bd]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\ENVIRONMENT|SNF, C:\ProgramData\Quoteexs\snp.sc, Поставен под карантина, [e0568fe6c4d6af878d5ab93be51e31cf]
PUP.Optional.Linkury, HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, Поставен под карантина, [a88e482d9efcca6cd34820d41ee5eb15]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88Pm-GR6HFBR8mFcar4ShAtDXDCaaGGEPH62XfNWyezm6-hzrLW3mPy1_zJklB80MFa2SQlBzJkLuRUzLQGSP3mEckSd1VKRb3o7h_AhG9BqvfJo3YL-KkNpVpY30twZRQi1F8QisVFgtUHkBs3N8MBW6dNb_A,,&q={searchTerms}, Поставен под карантина, [5cda5e176d2d22145c61dd199172c23e]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88Pm-GR6HFBR8mFcar4ShAtDXDCaaGGEPH62XfNWyezm6-hzrLW3mPy1_zJklB80MFa2SQlBzJkLuRUzLQGSP3mEckSd1VKRb3o7h_AhG9BqvfJo3YL-KkNpVpY30twZRQi1F8QisVFgtUHkBs3N8MBW6dNb_A,,&q={searchTerms}, Поставен под карантина, [05310e6752480333bfff8f67db288c74]
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://non-block.net/wpad.dat?d77a3875dd10bbb12915b93e9d514b6a16631112, Поставен под карантина, [9a9cc4b1a6f4e84e3476698125df15eb]
 
Данни в системния регистър: 8
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Quoteex\Silverlam.dll, Добър: (), Лош: (C:\ProgramData\Quoteex\Silverlam.dll),Заменен,[61d5fc790199d85ef9ca607947bdaf51]
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Добър: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Лош: ({ielnksrch}),Заменен,[2412fe77bddd2115ee69d1a820e49967]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88Pm-GR6HFBR8mFcar4ShAtDXDCaaGGEPH62XfNWyezm6-hzrLW3mPy1_zJklB80MFa2SQlBzJkLuRUzLQGSP3mEckSd1VKRb3o7h_AhG9BqvfJo3YL-KkNpVpY30twZRQi1F8QisVFgtUHkBs3N8MBW6dNb_A,,&q={searchTerms}, Добър: (www.google.com), Лош: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88Pm-GR6HFBR8mFcar4ShAtDXDCaaGGEPH62XfNWyezm6-hzrLW3mPy1_zJklB80MFa2SQlBzJkLuRUzLQGSP3mEckSd1VKRb3o7h_AhG9BqvfJo3YL-KkNpVpY30twZRQi1F8QisVFgtUHkBs3N8MBW6dNb_A,,&q={searchTerms}),Заменен,[53e37bfaaaf0ac8a055aec8d82825fa1]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88Pm-GR6HFBR8mFcar4ShAtDXDCaaGGEPH62XfNWyezm6-hzrLW3mPy1_zJklB80MFa2SQlBzJkLuRUzLQGSP3mEckSd1VKRb3o7h_AhG9BqvfJo3YL-KkNpVpY30twZRQi1F8QisVFgtUHkBs3N8MBW6dNb_A,,&q={searchTerms}, Добър: (www.google.com), Лош: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88Pm-GR6HFBR8mFcar4ShAtDXDCaaGGEPH62XfNWyezm6-hzrLW3mPy1_zJklB80MFa2SQlBzJkLuRUzLQGSP3mEckSd1VKRb3o7h_AhG9BqvfJo3YL-KkNpVpY30twZRQi1F8QisVFgtUHkBs3N8MBW6dNb_A,,&q={searchTerms}),Заменен,[89ade293bedccd695906ccad7f856b95]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88Pm-GR6HFBR8mFcar4ShAtDXDCaaGGEPH62XfNWyezm6-hzrLW3mPy1_zJklB80MFa2SQlBzJkLuRUzLQGSP3mEckSd1VKRb3o7h_AhG9BqvfJo3YL-KkNpVpY30twZRQi1F8QisVFgtUHkBs3N8MBW6dNb_A,,&q={searchTerms}, Добър: (www.google.com), Лош: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88Pm-GR6HFBR8mFcar4ShAtDXDCaaGGEPH62XfNWyezm6-hzrLW3mPy1_zJklB80MFa2SQlBzJkLuRUzLQGSP3mEckSd1VKRb3o7h_AhG9BqvfJo3YL-KkNpVpY30twZRQi1F8QisVFgtUHkBs3N8MBW6dNb_A,,&q={searchTerms}),Заменен,[4fe7d1a43466e3537be476035fa5758b]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88Pm-GR6HFBR8mFcar4ShAtDXDCaaGGEPH62XfNWyezm6-hzrLW3mPy1_zJklB80MFa2SQlBzJkLuRUzLQGSP3mEckSd1VKRb3o7h_AhG9BqvfJo3YL-KkNpVpY30twZRQi1F8QisVFgtUHkBs3N8MBW6dNb_A,,&q={searchTerms}, Добър: (www.google.com), Лош: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88Pm-GR6HFBR8mFcar4ShAtDXDCaaGGEPH62XfNWyezm6-hzrLW3mPy1_zJklB80MFa2SQlBzJkLuRUzLQGSP3mEckSd1VKRb3o7h_AhG9BqvfJo3YL-KkNpVpY30twZRQi1F8QisVFgtUHkBs3N8MBW6dNb_A,,&q={searchTerms}),Заменен,[3bfb89ec2278082e57093e3b9a6a2cd4]
PUP.Optional.Linkury, HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Добър: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Лош: ({ielnksrch}),Заменен,[1323660f6c2e51e59abce9901aea43bd]
 
Папки: 75
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler, Поставен под карантина, [a88e2d48504aea4ccae91baf06fc649c], 
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X64, Поставен под карантина, [a88e2d48504aea4ccae91baf06fc649c], 
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X86, Поставен под карантина, [a88e2d48504aea4ccae91baf06fc649c], 
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar, Поставен под карантина, [9c9aafc63466d75f57c350a40ff4b749], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter, Поставен под карантина, [1323f08549516ec81ac2c62ef70c0cf4], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex, Изтриване при рестартиране, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\ondemand, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\temp, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\files, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\hi, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\am, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ar, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\be, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\bg, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\bn, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ca, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\cs, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\da, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\de, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\el, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\en, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\en_GB, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\en_US, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\es, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\es_419, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\et, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\fa, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\fi, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\fil, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\fr, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\gu, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\he, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\hr, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\hu, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\id, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\it, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ja, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\kn, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ko, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\lt, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\lv, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\mk, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ml, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\mr, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ms, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\nl, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\no, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\pl, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\pt, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\pt_BR, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\pt_PT, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ro, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ru, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\sk, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\sl, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\sq, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\sr, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\sv, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\sw, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ta, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\te, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\th, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\tr, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\uk, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\vi, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\zh_CN, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\zh_TW, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.ContentPush, C:\Program Files\ContentPush, Поставен под карантина, [d264acc99901ed49a0617d4513f1857b], 
PUP.Optional.ContentPush, C:\Program Files\ContentPush\Temp, Поставен под карантина, [d264acc99901ed49a0617d4513f1857b], 
PUP.Optional.Linkury.ACMB1, C:\Program Files\Common Files\Unaqvohold, Поставен под карантина, [be78a1d4d9c1ef47c9fbebb1f11341bf], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteexs, Поставен под карантина, [f73f78fdeab0a88eb24087152bd9e21e], 
 
Файлове: 158
PUP.Optional.Linkury, C:\ProgramData\Quoteex\Quoteex.exe, Изтриване при рестартиране, [f3431263f3a765d14e39c91fa16360a0], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Silverlam.dll, Изтриване при рестартиране, [61d5fc790199d85ef9ca607947bdaf51], 
PUP.Optional.Linkury, C:\ProgramData\CloudPrinter\CloudPrinter.exe, Поставен под карантина, [95a198dd306ab58156312bbded1701ff], 
Trojan.Downloader, C:\ProgramData\Quoteex\KanEco.exe, Поставен под карантина, [60d63f36e2b8ed497f57f6e3ae568779], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\MedZap.dll, Поставен под карантина, [63d3294c3f5bb383a82f756419eb43bd], 
PUP.Optional.LogicHandler, C:\Users\tuzaro\AppData\Roaming\Doublehold.bin, Поставен под карантина, [3bfb0f667c1e043209e3fb636e9243bd], 
PUP.Optional.Linkury, C:\Users\tuzaro\AppData\Roaming\Treefind.exe, Поставен под карантина, [2e08caabaeec280eafd87870cf35aa56], 
PUP.Optional.Linkury, C:\Users\tuzaro\AppData\Roaming\Zenhold.bin, Поставен под карантина, [65d1e98c7624a5915d7574e32bd925db], 
PUP.Optional.Linkury, C:\Users\tuzaro\AppData\Roaming\Ziming.exe, Поставен под карантина, [063062137d1d979ff19608e082824bb5], 
Adware.HPDefender, C:\Users\tuzaro\AppData\Roaming\HPRewriter2\uninstaller.exe, Поставен под карантина, [dd591b5a950578bea66c8a6859abcb35], 
PUP.Optional.TorrentSearch, C:\Program Files\Youtube AdBlock\MYnnnIQ.exe, Поставен под карантина, [3204adc8c9d12313e37dcbf154ad4cb4], 
PUP.Optional.NeoBar.Generic, C:\Program Files\Youtube AdBlock\uninstall.exe, Поставен под карантина, [8fa794e1d1c9d1656edeb21748bcc739], 
Adware.FileTour, C:\Users\tuzaro\AppData\Local\Temp\ucbrabs.exe, Поставен под карантина, [78bef382cdcd71c5801b9950a3618878], 
PUP.Optional.NeoBar.Generic, C:\Users\tuzaro\AppData\Local\Temp\359D22AD-E1A0-45DC-80AE-109F5F140E6F\yt.exe, Поставен под карантина, [0c2a5124ecae0f274507b118887cb34d], 
PUP.Optional.NeoBar.Generic, C:\Windows\Temp\ttMhlAJQWwjSBiNO.exe, Поставен под карантина, [0036cda80b8f11254efeab1e94705aa6], 
PUP.Optional.InstallMonster, C:\Users\tuzaro\Downloads\Wondershare MobileTrans 7.6.rar, Поставен под карантина, [53e35c19c0da0036cfd03cb4768e4db3], 
PUP.Optional.IStartSurf, C:\Users\tuzaro\Downloads\Wondershare MobileTrans 757469 Crack Serial Number Download.gz, Поставен под карантина, [43f394e1debcae8873063fb1659f1de3], 
Adware.FileFinder, C:\Users\tuzaro\Downloads\Wondershare_Mobiletrans_Registration_Code_Incl_Crack_downloader.exe, Поставен под карантина, [0c2a2b4a287272c466eefee355af8e72], 
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\set.exe.config, Поставен под карантина, [a88e2d48504aea4ccae91baf06fc649c], 
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\Config.json, Поставен под карантина, [a88e2d48504aea4ccae91baf06fc649c], 
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\System.Data.SQLite.dll, Поставен под карантина, [a88e2d48504aea4ccae91baf06fc649c], 
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\System.Data.SQLite.Linq.dll, Поставен под карантина, [a88e2d48504aea4ccae91baf06fc649c], 
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\System.Data.SQLite.xml, Поставен под карантина, [a88e2d48504aea4ccae91baf06fc649c], 
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X64\SQLite.Interop.dll, Поставен под карантина, [a88e2d48504aea4ccae91baf06fc649c], 
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X86\SQLite.Interop.dll, Поставен под карантина, [a88e2d48504aea4ccae91baf06fc649c], 
PUP.Optional.Trovi, C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.otrovi.com_0.localstorage, Поставен под карантина, [de58205585157eb8d45f42775fa43dc3], 
PUP.Optional.Trovi, C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.otrovi.com_0.localstorage-journal, Поставен под карантина, [45f1ed880f8be353a88b9821996aad53], 
Trojan.Agent.Trace, C:\Users\Public\Desktop\Download Wondershare Mo...lnk, Поставен под карантина, [3006175e9406cd691a5f86400bf85aa6], 
PUP.Optional.BestPriceNinja, C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, Поставен под карантина, [5ed8bcb95c3e0036ea017c659370a858], 
PUP.Optional.BestPriceNinja, C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, Поставен под карантина, [6accdf965941a59141aa22bf9073748c], 
PUP.Optional.CrossRider, C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, Поставен под карантина, [d066264f7e1c5adc75326c7ddf24cd33], 
PUP.Optional.CrossRider, C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, Поставен под карантина, [a096b2c3356521151493a94047bc2ed2], 
PUP.Optional.Linkury, C:\Users\tuzaro\AppData\Roaming\ApplicationHosting.dat, Поставен под карантина, [e35355207a20b58189d141ae877cde22], 
PUP.Optional.Linkury, C:\Users\tuzaro\AppData\Roaming\md.xml, Поставен под карантина, [52e43f36a5f551e5a6b511de9370669a], 
PUP.Optional.Linkury, C:\Users\tuzaro\AppData\Roaming\noah.dat, Поставен под карантина, [fc3abfb6aaf090a6cb91df10d92aca36], 
PUP.Optional.Linkury, C:\Users\tuzaro\AppData\Roaming\uninstall_temp.ico, Поставен под карантина, [0f27b2c308921620e479f4fb17ec09f7], 
PUP.Optional.Linkury, C:\Users\tuzaro\AppData\Roaming\lobby.dat, Поставен под карантина, [46f0da9b14867cba93536e818f7405fb], 
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Finhome.ico, Поставен под карантина, [9c9aafc63466d75f57c350a40ff4b749], 
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Goodnix.ico, Поставен под карантина, [9c9aafc63466d75f57c350a40ff4b749], 
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Latlux.ico, Поставен под карантина, [9c9aafc63466d75f57c350a40ff4b749], 
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Topdax.ico, Поставен под карантина, [9c9aafc63466d75f57c350a40ff4b749], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter\CloudPrinter.dat, Поставен под карантина, [1323f08549516ec81ac2c62ef70c0cf4], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter\Config.xml, Поставен под карантина, [1323f08549516ec81ac2c62ef70c0cf4], 
PUP.Optional.Linkury.ACMB1, C:\Windows\System32\findit.xml, Поставен под карантина, [9c9ae0959a007fb7aa38599bfa095ca4], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\conf.config, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Quoteex.dat, Изтриване при рестартиране, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Config.xml, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Flexfax.bin, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Inlex.bin, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\KanEco.exe, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\KanEco.exe.config, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Kantax.bin, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Lamla.bin, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\md.xml, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Newcom.bin, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Ontobam.exe, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Ontobam.exe.config, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Quoteex.d.dat, Изтриване при рестартиране, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Stanovejob.dat, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Tipphase.bin, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\TrisPlus.dat, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\uninstall.dat, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\VillaDomdox.dat, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Zam-Tech.bin, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Zoomnix.exe, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteex\Zoomnix.exe.config, Поставен под карантина, [73c386ef4852ec4a5bd3fefbdf243dc3], 
PUP.Optional.YeaPlayer, C:\Windows\System32\Tasks\svchost, Поставен под карантина, [a09611643169ec4a96dec436af54b24e], 
PUP.Optional.Linkury.Gen, C:\Users\tuzaro\AppData\Roaming\Treefind.tst, Поставен под карантина, [ae885f16fb9f7fb76ca234c9f70cf60a], 
PUP.Optional.Linkury.Gen, C:\Users\tuzaro\AppData\Roaming\Ziming.tst, Поставен под карантина, [51e580f58b0fbf77818d77867f842cd4], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\EAq80w.dll, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\icon16.ico, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\YNMdI1B75P.exe, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\background.html, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\Kernel.js, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\files\background.js, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\files\foreground.js, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\files\main.css, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\files\proxy.js, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\hi\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\am\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ar\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\be\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\bg\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\bn\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ca\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\cs\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\da\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\de\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\el\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\en\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\en_GB\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\en_US\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\es\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\es_419\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\et\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\fa\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\fi\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\fil\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\fr\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\gu\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\he\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\hr\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\hu\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\id\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\it\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ja\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\kn\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ko\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\lt\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\lv\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\mk\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ml\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\mr\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ms\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\nl\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\no\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\pl\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\pt\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\pt_BR\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\pt_PT\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ro\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ru\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\sk\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\sl\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\sq\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\sr\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\sv\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\sw\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\ta\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\te\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\th\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\tr\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\uk\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\vi\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\zh_CN\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.YouTubeAdBlock, C:\Program Files\Youtube AdBlock\IEEF\files\_locales\zh_TW\messages.json, Поставен под карантина, [f83e77fe17838babefcc8d33739107f9], 
PUP.Optional.NeoBar, C:\Windows\Tasks\Update Service for Youtube AdBlock.job, Поставен под карантина, [eb4b4a2bfc9ebb7b0157447d7f85fc04], 
PUP.Optional.NeoBar, C:\Windows\Tasks\Update Service for Youtube AdBlock2.job, Поставен под карантина, [a393aec727733ef832264f725aaaff01], 
PUP.Optional.NeoBar, C:\Windows\System32\Tasks\Update Service for Youtube AdBlock, Поставен под карантина, [1125393c8515e254dc7dd7ea45bfcd33], 
PUP.Optional.NeoBar, C:\Windows\System32\Tasks\Update Service for Youtube AdBlock2, Поставен под карантина, [0432383d306a8caa2f2aa21f45bf966a], 
PUP.Optional.SafeFinder.ShrtCln, C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage, Поставен под карантина, [122455203862191d06039937ae56ac54], 
PUP.Optional.SafeFinder.ShrtCln, C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage-journal, Поставен под карантина, [a492c6afa5f5330393768a46d034dd23], 
PUP.Optional.WizeSearch, C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_feeilhmlfcpfchpbgoknoeefdkbgionj_0.localstorage, Поставен под карантина, [181e22539109bd791e5d33c1ec1845bb], 
PUP.Optional.ContentPush, C:\Program Files\ContentPush\uninstall.exe, Поставен под карантина, [d264acc99901ed49a0617d4513f1857b], 
PUP.Optional.ContentPush, C:\Program Files\ContentPush\version, Поставен под карантина, [d264acc99901ed49a0617d4513f1857b], 
PUP.Optional.ContentPush, C:\Program Files\ContentPush\Temp\_1.zip, Поставен под карантина, [d264acc99901ed49a0617d4513f1857b], 
PUP.Optional.Linkury.ACMB1, C:\Program Files\Common Files\Unaqvohold\InstallationConfiguration.xml, Поставен под карантина, [be78a1d4d9c1ef47c9fbebb1f11341bf], 
PUP.Optional.Linkury.ACMB1, C:\Program Files\Common Files\Unaqvohold\uninstall.dat, Поставен под карантина, [be78a1d4d9c1ef47c9fbebb1f11341bf], 
PUP.Optional.Linkury.ACMB1, C:\Program Files\Common Files\Unaqvohold\uninstall.exe, Поставен под карантина, [be78a1d4d9c1ef47c9fbebb1f11341bf], 
PUP.Optional.Linkury.ACMB1, C:\Program Files\Common Files\Unaqvohold\uninstall.ico, Поставен под карантина, [be78a1d4d9c1ef47c9fbebb1f11341bf], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteexs\ff.HP, Поставен под карантина, [f73f78fdeab0a88eb24087152bd9e21e], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteexs\ff.NT, Поставен под карантина, [f73f78fdeab0a88eb24087152bd9e21e], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteexs\snp.sc, Поставен под карантина, [f73f78fdeab0a88eb24087152bd9e21e], 
PUP.Optional.Linkury.ACMB1, C:\Users\tuzaro\AppData\Roaming\Config.xml, Поставен под карантина, [8babf48118820e28dfe0227a07fd6b95], 
PUP.Optional.Linkury.ACMB1, C:\Users\tuzaro\AppData\Roaming\InstallationConfiguration.xml, Поставен под карантина, [4aec304548523402b60ae6b6877d8a76], 
PUP.Optional.GoSearch, C:\Users\tuzaro\AppData\Roaming\Mozilla\Firefox\Profiles\eo84hsfm.default\prefs.js, Добър: (), Лош: (user_pref("browser.search.defaultenginename", "GoSearch");), Заменен,[f640581d7a2076c03eb0dcbca2629868]
PUP.Optional.Linkury.ACMB1, C:\Users\tuzaro\AppData\Roaming\Mozilla\Firefox\Profiles\eo84hsfm.default\prefs.js, Добър: (), Лош: (user_pref("browser.newtab.url", "C:\ProgramData\Quoteexs\ff.NT");), Заменен,[171f2b4a049644f243645d40d133cc34]
PUP.Optional.Linkury.ACMB1, C:\Users\tuzaro\AppData\Roaming\Mozilla\Firefox\Profiles\eo84hsfm.default\prefs.js, Добър: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/),Лош: (user_pref("browser.startup.homepage", "C:\ProgramData\Quoteexs\ff.HP), Заменен,[290d3a3b1d7d51e5ddc8f7a859aba858]
 
Физически сектори: 0
(Не бяха открити злонамерени обекти)
 
 
(end)
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2016
Ran by tuzaro (administrator) on TUZARO-PC (22-09-2016 22:35:52)
Running from C:\Users\tuzaro\Downloads
Loaded Profiles: tuzaro (Available Profiles: tuzaro)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Български (България)
Internet Explorer Version 11 (Default browser: "C:\Program Files\UCBrowser\Application\UCBrowser.exe" --wow-as-default=2 -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Program Files\AdBlocker\Service.WinServiceHost.exe
() C:\Program Files\UCBrowser\Application\UCService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Hotger) C:\Users\tuzaro\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\UCBrowser\Application\5.7.15319.5\UCAgent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-05-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2011-06-30] (Nullsoft, Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [161328 2007-05-04] (Nero AG)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [149040 2007-05-04] (Nero AG)
HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\...\Run: [bitComet] => C:\Program Files\BitComet\BitComet.exe [12805888 2013-02-19] (www.BitComet.com)
HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6667992 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\...\Run: [Flvto YouTube Downloader] => C:\Users\tuzaro\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe [525312 2016-03-28] (Hotger)
HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\...\Run: [installer] => C:\Users\tuzaro\AppData\Local\Temp\is-KVKBR.tmp\51495.exe /autorun <===== ATTENTION
HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\...\RunOnce: [Application Restart #2] => C:\Program Files\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-09-22]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9CC9E079-7FEC-4058-AE9C-F6BA5D3C7338}: [NameServer] 138.201.199.90,8.8.8.8
Tcpip\..\Interfaces\{9CC9E079-7FEC-4058-AE9C-F6BA5D3C7338}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D69D8048-ABE3-4BB8-9DF0-C888C77A0F67}: [NameServer] 138.201.137.84,8.8.8.8
Tcpip\..\Interfaces\{D69D8048-ABE3-4BB8-9DF0-C888C77A0F67}: [DhcpNameServer] 192.168.0.1
ManualProxies: 
 
Internet Explorer:
==================
HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?pc=UE07&ocid=UE07DHP
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
 
FireFox:
========
FF ProfilePath: C:\Users\tuzaro\AppData\Roaming\Mozilla\Firefox\Profiles\eo84hsfm.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-17] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4058490045-3294789279-1302001635-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\tuzaro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-04-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-04-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-04-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-04-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-04-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-04-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-04-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-06-30] (Nullsoft, Inc.)
FF Extension: (YouTube mp3) - C:\Users\tuzaro\AppData\Roaming\Mozilla\Firefox\Profiles\eo84hsfm.default\Extensions\info@youtube-mp3.org.xpi [2016-08-02]
FF Extension: (Simple YouTube to MP3/MP4 Converter and Downloader) - C:\Users\tuzaro\AppData\Roaming\Mozilla\Firefox\Profiles\eo84hsfm.default\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOjw@jetpack.xpi [2016-08-02]
FF Extension: (Fire Media Player) - C:\Users\tuzaro\AppData\Roaming\Mozilla\Firefox\Profiles\eo84hsfm.default\Extensions\musicplayer@firemediaplayer.com.xpi [2016-04-08]
FF Extension: (Kaspersky URL Advisor) - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2016-08-02] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88Pm-GR6HFBR8mFcar4ShAtDXDCaaGGEPH62XfNWyezm6-hzrLW3mPy1_zJklB80MFa2Xqk-2GynjKTCOoiXgbImkDQeUXp8DWNILW73gtEKGE3LJ-Lo8F1Scn1ooHSSB3wPqY2rx3_n0JKBhMFtBrVx3QKfiQ,,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Profile: C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default [2016-09-22]
CHR Extension: (Google Презентации) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-17]
CHR Extension: (Google Документи) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-17]
CHR Extension: (Google Диск) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-17]
CHR Extension: (YouTube) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-17]
CHR Extension: (Adblocker for Youtube™) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cebkcnlhbjapdpofhcokcdhfgpehhajk [2016-09-22]
CHR Extension: (АБВ Уведомител) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje [2016-06-03]
CHR Extension: (WGT Golf Challenge) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2016-06-03]
CHR Extension: (High Contrast) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2016-06-10]
CHR Extension: (Stylish) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-06-03]
CHR Extension: (Full Screen Weather) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2016-06-03]
CHR Extension: (Google Документи офлайн) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-17]
CHR Extension: (Snow ReportBG) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mccfmfnkmofdpfppkefodgbmhjplikik [2016-06-03]
CHR Extension: (Безплатни онлайн PDF Unlocker) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdknbehfogkgogcennnagfokmnimpab [2016-06-03]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-03]
CHR Extension: (Gmail) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-17]
CHR Extension: (Chrome Media Router) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-02]
CHR Profile: C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-09-17] <==== ATTENTION
CHR Extension: (No Name) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\cebkcnlhbjapdpofhcokcdhfgpehhajk [2016-09-22]
CHR Profile: C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-09-22]
CHR Extension: (Google Презентации) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-22]
CHR Extension: (Google Документи) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-22]
CHR Extension: (Google Диск) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-22]
CHR Extension: (YouTube) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-22]
CHR Extension: (Wize) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj [2016-09-22]
CHR Extension: (Електронни таблици от Google) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-22]
CHR Extension: (Google Документи офлайн) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-22]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-22]
CHR Extension: (Gmail) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-22]
CHR Extension: (Chrome Media Router) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR Profile: C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\System Profile [2016-09-22] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lbjjfiihgfegniolckphpnfaokdkbmdm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdBlockerService; C:\Program Files\AdBlocker\Service.WinServiceHost.exe [7168 2016-04-09] () [File not signed]
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R2 UCBrowserSvc; C:\Program Files\UCBrowser\Application\UCService.exe [931504 2016-08-23] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files\Wondershare\MobileTrans\DriverInstall.exe [41872 2014-03-26] (Wondershare)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2012-09-21] (DT Soft Ltd)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-09-22] (Malwarebytes)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2016-02-02] (Secunia)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-14] (Realtek Semiconductor Corporation                           )
R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [72064 2016-08-23] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== ATTENTION
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-22 22:35 - 2016-09-22 22:36 - 00017235 _____ C:\Users\tuzaro\Downloads\FRST.txt
2016-09-22 22:34 - 2016-09-22 22:34 - 00049108 _____ C:\Users\tuzaro\Desktop\22.09.2016.txt
2016-09-22 22:26 - 2016-09-22 22:26 - 00131072 ____N C:\Windows\Minidump\092216-32869-01.dmp
2016-09-22 21:27 - 2016-09-22 22:35 - 00000000 ____D C:\FRST
2016-09-22 21:26 - 2016-09-22 21:26 - 01753088 _____ (Farbar) C:\Users\tuzaro\Downloads\FRST.exe
2016-09-22 20:28 - 2016-09-22 22:28 - 00000282 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
2016-09-22 19:33 - 2016-09-22 21:03 - 00000000 ____D C:\Users\tuzaro\Doctor Web
2016-09-22 19:31 - 2016-09-22 22:34 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-22 19:31 - 2016-09-22 19:32 - 142981808 _____ C:\Users\tuzaro\Downloads\wm58zik7.exe
2016-09-22 19:30 - 2016-09-22 22:16 - 00001058 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-22 19:30 - 2016-09-22 19:30 - 22851472 _____ (Malwarebytes ) C:\Users\tuzaro\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-09-22 19:30 - 2016-09-22 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-22 19:30 - 2016-09-22 19:30 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-09-22 19:30 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-22 19:30 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-22 19:30 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-17 20:12 - 2016-09-17 20:12 - 00000290 __RSH C:\Users\tuzaro\ntuser.pol
2016-09-17 14:07 - 2016-09-22 19:11 - 00002090 __RSH C:\ProgramData\ntuser.pol
2016-09-17 14:02 - 2016-09-22 22:16 - 00001199 _____ C:\Users\Public\Desktop\Wondershare MobileTrans.lnk
2016-09-17 14:02 - 2016-09-17 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-09-17 14:02 - 2016-09-17 14:02 - 00000000 ____D C:\Program Files\Wondershare
2016-09-17 13:55 - 2016-09-17 13:55 - 00000000 ____D C:\Program Files\WeatherChickn
2016-09-17 13:54 - 2016-09-17 13:54 - 07090176 _____ C:\Users\tuzaro\AppData\Roaming\agent.dat
2016-09-17 13:54 - 2016-09-17 13:54 - 00018432 _____ C:\Users\tuzaro\AppData\Roaming\Main.dat
2016-09-17 13:53 - 2016-09-17 13:53 - 00140288 _____ C:\Users\tuzaro\AppData\Roaming\Installer.dat
2016-09-17 13:48 - 2016-09-17 13:48 - 00019394 _____ C:\Users\tuzaro\Downloads\[ArenaBG.com]-Wondershare_MobileTrans_4.2.0.Keygen.tPORt.torrent
2016-09-17 13:43 - 2016-09-22 21:05 - 00000000 ____D C:\Users\tuzaro\AppData\Local\Host Service
2016-09-17 13:40 - 2016-09-17 13:40 - 00000000 ____D C:\ProgramData\Webitar Production Inc
2016-09-17 13:39 - 2016-09-22 22:28 - 00000446 _____ C:\Windows\Tasks\UCBrowserUpdater.job
2016-09-17 13:39 - 2016-09-17 13:39 - 00000000 ____D C:\Users\tuzaro\AppData\Local\UCBrowser
2016-09-17 13:39 - 2016-09-17 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-09-17 13:39 - 2016-08-23 14:06 - 00072064 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\Windows\system32\Drivers\ucguard.sys
2016-09-17 13:38 - 2016-09-22 19:52 - 00000000 ____D C:\Program Files\UCBrowser
2016-09-17 13:38 - 2016-09-17 13:38 - 00001472 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
2016-09-17 13:38 - 2016-09-17 13:38 - 00001460 _____ C:\Users\Public\Desktop\UC浏览器.lnk
2016-09-17 13:37 - 2016-09-17 14:02 - 00000000 ____D C:\Program Files\AdBlocker
2016-09-17 13:37 - 2016-09-17 13:37 - 00000000 ____D C:\ProgramData\Thunder Network
2016-09-17 13:37 - 2016-09-17 13:37 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-17 13:37 - 2016-09-17 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdBlocker
2016-09-17 13:36 - 2016-09-22 22:16 - 00002111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-09-17 13:36 - 2016-09-22 22:16 - 00002109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-09-17 13:36 - 2016-09-22 22:16 - 00002093 _____ C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2016-09-17 13:36 - 2016-09-22 22:15 - 00002037 _____ C:\Users\tuzaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2016-09-17 13:36 - 2016-09-22 22:14 - 00001084 _____ C:\Users\tuzaro\Desktop\Play Travian.lnk
2016-09-17 13:36 - 2016-09-22 22:12 - 00000000 ____D C:\Users\tuzaro\AppData\Roaming\HPRewriter2
2016-09-17 13:35 - 2016-09-17 13:35 - 02546473 _____ C:\Users\tuzaro\Downloads\Wondershare_MobileTrans_Crack_incl_Serial_Key_V7.zip
2016-09-17 13:18 - 2016-09-17 13:18 - 00000000 ____D C:\Users\tuzaro\Documents\Wondershare
2016-09-17 13:03 - 2016-09-17 13:03 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2016-09-17 12:52 - 2016-09-17 12:52 - 00000000 ____D C:\Program Files\PC Connectivity Solution
2016-09-17 12:52 - 2012-10-17 14:53 - 00019072 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfd.sys
2016-09-17 12:48 - 2016-09-17 12:48 - 00851176 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2016-09-17 12:45 - 2016-09-17 12:45 - 00000000 ____D C:\Users\tuzaro\AppData\Roaming\HMYGSetting
2016-09-17 12:45 - 2016-09-17 12:45 - 00000000 ____D C:\ProgramData\Wondershare
2016-09-17 12:44 - 2016-09-17 14:02 - 00000000 ____D C:\Users\tuzaro\AppData\Roaming\Wondershare
2016-09-17 12:44 - 2016-09-17 14:02 - 00000000 ____D C:\Users\tuzaro\.android
2016-09-17 12:43 - 2016-09-17 12:43 - 00811152 _____ C:\Users\tuzaro\Downloads\mobiletrans_setup_full1352.exe
2016-09-17 12:43 - 2016-09-17 12:43 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-09-04 11:25 - 2016-09-04 11:25 - 00032281 _____ C:\Users\tuzaro\Downloads\fast.and.furious.7.2015.dvdrip.xvid-evo(subsunacs.net) (1).rar
2016-09-04 11:16 - 2016-09-04 11:16 - 00092147 _____ C:\Users\tuzaro\Downloads\[ArenaBG.com]-Fast.and.Furious.7.2015.DVDRip.XviD-EVO.torrent
2016-09-04 11:16 - 2016-09-04 11:16 - 00032281 _____ C:\Users\tuzaro\Downloads\fast.and.furious.7.2015.dvdrip.xvid-evo(subsunacs.net).rar
2016-09-04 11:11 - 2016-09-04 11:11 - 00086632 _____ C:\Users\tuzaro\Downloads\The.Fast.and.Furious.Collection.2001-2015.576p.BRRIP.x264.AAC-GOD.torrent
2016-09-04 10:47 - 2016-09-04 10:47 - 00030231 _____ C:\Users\tuzaro\Downloads\FF6.(subs.sab.bz).rar
2016-09-04 10:45 - 2016-09-04 10:45 - 00018514 _____ C:\Users\tuzaro\Downloads\Fast.And.Furious.6.2013.EXTENDED.480p.BDRip.XviD.AC3-KiNGS.torrent
2016-09-03 12:09 - 2016-09-03 12:09 - 00026675 _____ C:\Users\tuzaro\Downloads\okolofutbola.2013.o.tvrip.1400mb.txt(subsunacs.net) (1).7z
2016-09-03 11:56 - 2016-09-03 11:56 - 00026675 _____ C:\Users\tuzaro\Downloads\okolofutbola.2013.o.tvrip.1400mb.txt(subsunacs.net).7z
2016-09-03 11:55 - 2016-09-03 11:56 - 00014400 _____ C:\Users\tuzaro\Downloads\Okolofutbola.2013.O.TVRip.1400MB.INTERCINEMA.avi.torrent
2016-09-02 21:08 - 2016-09-02 21:08 - 00014859 _____ C:\Users\tuzaro\Downloads\I Love My Mom's Big Tits 3.torrent
2016-09-02 21:08 - 2016-09-02 21:08 - 00012148 _____ C:\Users\tuzaro\Downloads\Storm Of Kings XXX Parody NEW Aug 2016 XXX.torrent
2016-09-02 21:06 - 2016-09-02 21:06 - 00013820 _____ C:\Users\tuzaro\Downloads\[bigTitsInSports] Nicole Aniston Abigail Mac Gym And Juice NEW Aug 2016 XXX.torrent
2016-08-26 21:25 - 2016-08-02 17:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-26 21:25 - 2016-08-02 09:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-26 21:25 - 2016-08-02 09:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-26 21:25 - 2016-08-02 08:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-26 21:25 - 2016-08-02 08:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-26 21:25 - 2016-08-02 08:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-26 21:25 - 2016-08-02 08:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-26 21:25 - 2016-08-02 08:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-26 21:25 - 2016-08-02 08:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-26 21:25 - 2016-08-02 08:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-26 21:25 - 2016-08-02 08:41 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-26 21:25 - 2016-08-02 08:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-26 21:25 - 2016-08-02 08:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-26 21:25 - 2016-08-02 08:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-26 21:25 - 2016-08-02 08:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-26 21:25 - 2016-08-02 08:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-26 21:25 - 2016-08-02 08:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-26 21:25 - 2016-08-02 08:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-26 21:25 - 2016-08-02 08:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-26 21:25 - 2016-08-02 08:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-26 21:25 - 2016-08-02 08:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-26 21:25 - 2016-08-02 08:14 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-26 21:25 - 2016-08-02 08:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-26 21:25 - 2016-08-02 07:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-26 21:25 - 2016-08-02 07:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-26 21:25 - 2016-08-02 07:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-26 21:25 - 2016-07-08 18:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-26 21:25 - 2016-07-08 18:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-26 21:25 - 2016-07-08 18:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-26 21:25 - 2016-07-08 18:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-26 21:25 - 2016-07-08 18:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-26 21:25 - 2016-07-08 18:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-26 21:25 - 2016-07-08 18:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-26 21:25 - 2016-07-08 18:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-26 21:25 - 2016-07-08 18:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-26 21:25 - 2016-07-08 18:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-26 21:25 - 2016-07-08 18:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-26 21:25 - 2016-07-08 18:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-26 21:25 - 2016-07-08 18:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-26 21:25 - 2016-07-08 18:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-26 21:25 - 2016-07-08 18:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-26 21:25 - 2016-07-08 18:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-26 21:25 - 2016-07-08 18:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-26 21:25 - 2016-07-08 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-26 21:25 - 2016-07-08 17:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-26 21:25 - 2016-07-08 17:53 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-26 21:25 - 2016-07-08 17:51 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-26 21:25 - 2016-07-08 17:51 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-26 21:25 - 2016-07-08 17:51 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-26 21:25 - 2016-07-08 17:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-26 21:25 - 2016-07-08 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-26 21:25 - 2016-07-08 17:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-26 21:24 - 2016-08-02 08:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-26 21:24 - 2016-08-02 08:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-26 21:24 - 2016-08-02 08:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-26 21:24 - 2016-08-02 08:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-26 21:24 - 2016-08-02 08:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-26 21:24 - 2016-08-02 08:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-26 21:24 - 2016-08-02 08:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-26 21:24 - 2016-08-02 08:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-26 21:24 - 2016-08-02 08:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-26 18:11 - 2016-08-26 18:11 - 00013461 _____ C:\Users\tuzaro\Downloads\[ArenaBG.com]-DoctorAdventures - Julia Ann, Kylie Page (She Wants It Both Ways) XXX NEW 23.August.2016.torrent
2016-08-26 18:07 - 2016-08-26 18:07 - 00014639 _____ C:\Users\tuzaro\Downloads\[ArenaBG.com]-Tushy - Scarlet Red (Blonde Gets Anal From Sisters Husband) XXX NEW 24.August.2016.torrent
2016-08-26 18:03 - 2016-08-26 18:03 - 00026714 _____ C:\Users\tuzaro\Downloads\[ArenaBG.com]-[RealWifeStories - Brazzers] Lexi Luna (You Snore, She Whores - 25.08.16).torrent
2016-08-26 17:53 - 2016-08-26 17:53 - 00020752 _____ C:\Users\tuzaro\Downloads\RealWifeStories - Peta Jensen (A Guilty Conscience).torrent
2016-08-26 17:53 - 2016-08-26 17:53 - 00015469 _____ C:\Users\tuzaro\Downloads\MyDadsHotGirlfriend - Janice Griffith.torrent
2016-08-26 17:48 - 2016-08-26 17:48 - 00012031 _____ C:\Users\tuzaro\Downloads\BigTitsAtWork - Nicole Aniston (The Perfect Maid 2).torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-22 22:36 - 2009-07-14 07:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-22 22:36 - 2009-07-14 07:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-22 22:31 - 2013-04-22 19:48 - 00000000 ____D C:\Users\tuzaro\AppData\Roaming\BitComet
2016-09-22 22:27 - 2015-07-26 20:11 - 00000982 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-22 22:27 - 2012-10-01 06:25 - 00000000 ____D C:\Windows\Minidump
2016-09-22 22:27 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-22 22:19 - 2009-07-14 07:52 - 00000000 ____D C:\Windows\Offline Web Pages
2016-09-22 22:16 - 2016-07-29 16:16 - 00000975 _____ C:\Users\Public\Desktop\ArenaPLAY.lnk
2016-09-22 22:16 - 2016-06-03 21:03 - 00001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2016-09-22 22:16 - 2016-04-08 15:52 - 00000963 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-09-22 22:16 - 2013-12-22 15:09 - 00000946 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-09-22 22:16 - 2013-08-03 14:38 - 00002164 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-09-22 22:16 - 2013-04-22 19:48 - 00000963 _____ C:\Users\Public\Desktop\BitComet.lnk
2016-09-22 22:16 - 2013-03-08 20:20 - 00000080 _____ C:\Users\Public\Desktop\Google Земя.lnk
2016-09-22 22:16 - 2013-02-01 11:56 - 00002686 _____ C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
2016-09-22 22:16 - 2013-02-01 11:56 - 00002586 _____ C:\Users\Public\Desktop\Nero Home Essentials SE.lnk
2016-09-22 22:16 - 2013-02-01 11:56 - 00002204 _____ C:\Users\Public\Desktop\Nero Online Upgrade.lnk
2016-09-22 22:16 - 2012-11-28 13:05 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-09-22 22:16 - 2012-11-28 13:05 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-09-22 22:16 - 2012-10-16 22:46 - 00000935 _____ C:\Users\Public\Desktop\Winamp.lnk
2016-09-22 22:16 - 2012-09-21 21:59 - 00001894 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-09-22 22:16 - 2012-09-15 20:31 - 00001153 _____ C:\Users\Public\Desktop\GOM Player.lnk
2016-09-22 22:16 - 2012-09-15 18:45 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-09-22 22:16 - 2012-09-15 18:45 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-09-22 22:16 - 2009-07-14 07:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-22 22:16 - 2009-07-14 07:42 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-09-22 22:16 - 2009-07-14 07:42 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-09-22 22:16 - 2009-07-14 07:42 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-09-22 22:15 - 2015-09-07 21:04 - 00002190 _____ C:\Users\tuzaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto YouTube Downloader.lnk
2016-09-22 22:15 - 2015-09-07 21:04 - 00001325 _____ C:\Users\tuzaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Flvto YouTube Downloader.lnk
2016-09-22 22:15 - 2012-09-15 20:31 - 00001183 _____ C:\Users\tuzaro\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-09-22 22:15 - 2009-07-14 07:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-09-22 22:15 - 2009-07-14 07:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-09-22 22:14 - 2016-04-08 21:18 - 00001246 _____ C:\Users\tuzaro\Desktop\MediaHuman YouTube to MP3 Converter.lnk
2016-09-22 22:14 - 2016-04-08 21:08 - 00002182 _____ C:\Users\tuzaro\Desktop\Flvto YouTube Downloader.lnk
2016-09-22 22:14 - 2013-07-21 18:05 - 00001426 _____ C:\Users\tuzaro\Desktop\FlashGet downloads.lnk
2016-09-22 22:14 - 2013-01-30 13:54 - 00001183 _____ C:\Users\tuzaro\Desktop\Any Audio Converter.lnk
2016-09-22 22:14 - 2012-09-17 18:33 - 00000767 _____ C:\Users\tuzaro\Desktop\Counter-Strike 1.6.lnk
2016-09-22 22:13 - 2012-09-27 18:54 - 00000000 ____D C:\Users\tuzaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-09-22 22:05 - 2013-03-08 20:18 - 00000986 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-22 21:55 - 2012-09-17 19:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-22 21:12 - 2016-08-02 18:57 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-22 21:12 - 2012-09-16 22:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-09-22 21:12 - 2012-09-15 18:49 - 00000000 ____D C:\Users\tuzaro
2016-09-17 14:07 - 2009-07-14 05:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-09-17 13:03 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\inf
2016-09-17 12:55 - 2012-09-17 19:29 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-09-17 12:55 - 2012-09-17 19:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-09-17 12:55 - 2012-09-17 19:29 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-17 12:54 - 2013-07-17 18:43 - 00000000 ____D C:\Users\tuzaro\AppData\Roaming\PC Suite
2016-09-17 12:51 - 2013-07-17 18:40 - 00000000 ____D C:\Program Files\Nokia
2016-09-17 12:38 - 2009-07-14 07:33 - 00408000 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-04 13:49 - 2013-12-22 15:10 - 00000000 ____D C:\Users\tuzaro\AppData\Roaming\vlc
2016-08-27 15:50 - 2013-07-19 20:03 - 00000000 ____D C:\Windows\system32\MRT
2016-08-27 15:35 - 2012-09-15 19:27 - 144884648 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2016-09-17 13:54 - 2016-09-17 13:54 - 7090176 _____ () C:\Users\tuzaro\AppData\Roaming\agent.dat
2016-09-17 13:53 - 2016-09-17 13:53 - 0140288 _____ () C:\Users\tuzaro\AppData\Roaming\Installer.dat
2016-09-17 13:54 - 2016-09-17 13:54 - 0018432 _____ () C:\Users\tuzaro\AppData\Roaming\Main.dat
2012-12-27 00:22 - 2013-01-21 10:28 - 0000693 _____ () C:\Users\tuzaro\AppData\Roaming\Rim.Desktop.Exception.log
2012-12-27 00:12 - 2016-04-08 14:51 - 0002009 _____ () C:\Users\tuzaro\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-12-27 00:22 - 2013-01-21 10:28 - 0000693 _____ () C:\Users\tuzaro\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-11-23 13:15 - 2012-11-23 13:15 - 0017408 _____ () C:\Users\tuzaro\AppData\Local\WebpageIcons.db
2012-10-08 09:02 - 2012-10-08 09:02 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
 
Some files in TEMP:
====================
C:\Users\tuzaro\AppData\Local\Temp\adblocker4.exe
C:\Users\tuzaro\AppData\Local\Temp\AutoTime51495.exe
C:\Users\tuzaro\AppData\Local\Temp\Browser_V5.7.14377.702_r_4333_(Build1608231143).exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-03 14:19
 
==================== End of FRST.txt ============================
 
 

Addition.txt

Link to comment
Сподели другаде

Иди в контролния панел и деинсталирай следните програми (ако ги намираш):

AdBlocker

Flvto YouTube Downloader

Host Service

UC浏览器

 

След това...

- изтегли прикрепения файл Fixlist.txt и го запази в същата папка, където се намира FRST/FRST64 (това трябва да е работният плот, ако си следвал точно инструкциите в предишния коментар), и замени стария файл с такова име, ако има такъв;

- стартирай FRST/FRST64;

- кликни бутон Fix и изчакай инструмента да извърши поправките;

- ако случайно има нужда от рестарт, се съгласи и остави системата да се рестартира нормално, след което остави инструментът да си довърши работата;

- когато всичко приключи, в същата папка ще се създаде Fixlog.txt, копирай съдържанието му към следващия си коментар или го прикрепи към него.

 

Link to comment
Сподели другаде

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-09-2016

Ran by tuzaro (23-09-2016 06:22:47) Run:1

Running from C:\Users\tuzaro\Downloads

Loaded Profiles: tuzaro (Available Profiles: tuzaro)

Boot Mode: Normal

 

==============================================

 

fixlist content:

*****************

start

HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\...\Run: [Flvto YouTube Downloader] => C:\Users\tuzaro\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe [525312 2016-03-28] (Hotger)

HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\...\Run: [installer] => C:\Users\tuzaro\AppData\Local\Temp\is-KVKBR.tmp\51495.exe /autorun <===== ATTENTION

GroupPolicy: Restriction - Chrome <======= ATTENTION

R2 AdBlockerService; C:\Program Files\AdBlocker\Service.WinServiceHost.exe [7168 2016-04-09] () [File not signed]

CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__

CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHukF2bfbYiq88Pm-GR6HFBR8mFcar4ShAtDXDCaaGGEPH62XfNWyezm6-hzrLW3mPy1_zJklB80MFa2Xqk-2GynjKTCOoiXgbImkDQeUXp8DWNILW73gtEKGE3LJ-Lo8F1Scn1ooHSSB3wPqY2rx3_n0JKBhMFtBrVx3QKfiQ,,&q={searchTerms}

CHR DefaultSearchKeyword: Default -> feed.sonic-search.com

CHR Extension: (Adblocker for Youtube™) - C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cebkcnlhbjapdpofhcokcdhfgpehhajk [2016-09-22]

CHR Profile: C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-09-17] <==== ATTENTION

R2 UCBrowserSvc; C:\Program Files\UCBrowser\Application\UCService.exe [931504 2016-08-23] ()

R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [72064 2016-08-23] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== ATTENTION

2016-09-22 19:31 - 2016-09-22 19:32 - 142981808 _____ C:\Users\tuzaro\Downloads\wm58zik7.exe

2016-09-17 13:39 - 2016-09-22 22:28 - 00000446 _____ C:\Windows\Tasks\UCBrowserUpdater.job

2016-09-17 13:39 - 2016-09-17 13:39 - 00000000 ____D C:\Users\tuzaro\AppData\Local\UCBrowser

2016-09-17 13:39 - 2016-09-17 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器

2016-09-17 13:39 - 2016-08-23 14:06 - 00072064 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\Windows\system32\Drivers\ucguard.sys

2016-09-17 13:38 - 2016-09-22 19:52 - 00000000 ____D C:\Program Files\UCBrowser

2016-09-17 13:38 - 2016-09-17 13:38 - 00001472 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk

2016-09-17 13:38 - 2016-09-17 13:38 - 00001460 _____ C:\Users\Public\Desktop\UC浏览器.lnk

Task: {075332F3-3893-44CA-AF78-3217AFFC2109} - \svchost -> No File <==== ATTENTION

Task: {1D0A9A2D-DB26-4B93-A0B3-B565466210D3} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files\UCBrowser\Application\update_task.exe [2016-08-23] (UCWeb Inc) <==== ATTENTION

Task: {F9F3D93A-6901-4D6A-8E7A-99D72F69BCB3} - System32\Tasks\UCBrowserUpdater => C:\Program Files\UCBrowser\Application\update_task.exe [2016-08-23] (UCWeb Inc) <==== ATTENTION

Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files\UCBrowser\Application\update_task.exe <==== ATTENTION

Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files\UCBrowser\Application\update_task.exe <==== ATTENTION

2016-04-09 11:45 - 2016-04-09 11:45 - 00007168 _____ () C:\Program Files\AdBlocker\Service.WinServiceHost.exe

2016-09-22 19:51 - 2016-08-23 13:30 - 02143528 _____ () C:\Program Files\UCBrowser\Application\5.7.15319.5\UCAgent.exe

2016-09-17 13:38 - 2016-08-23 13:23 - 00931504 _____ () C:\Program Files\UCBrowser\Application\UCService.exe

FirewallRules: [{57E85390-4013-4781-B15D-AA5602598DB5}] => (Allow) C:\Program Files\UCBrowser\Application\UCBrowser.exe

FirewallRules: [{0A64026F-1EE6-482B-BE13-64F71A8DFAA3}] => (Allow) C:\Program Files\UCBrowser\Application\UCBrowser.exe

emptytemp:

end

*****************

 

HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Flvto YouTube Downloader => value removed successfully.

HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Installer => value removed successfully.

C:\Windows\system32\GroupPolicy\Machine => moved successfully

C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully

AdBlockerService => Service stopped successfully.

AdBlockerService => service removed successfully.

Chrome HomePage => removed successfully.

Chrome DefaultSearchURL => removed successfully.

Chrome DefaultSearchKeyword => removed successfully.

C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cebkcnlhbjapdpofhcokcdhfgpehhajk => moved successfully

C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Guest Profile => moved successfully

UCBrowserSvc => service not found.

UCGuard => service not found.

C:\Users\tuzaro\Downloads\wm58zik7.exe => moved successfully

"C:\Windows\Tasks\UCBrowserUpdater.job" => not found.

"C:\Users\tuzaro\AppData\Local\UCBrowser" => not found.

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器" => not found.

"C:\Windows\system32\Drivers\ucguard.sys" => not found.

"C:\Program Files\UCBrowser" => not found.

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk" => not found.

"C:\Users\Public\Desktop\UC浏览器.lnk" => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{075332F3-3893-44CA-AF78-3217AFFC2109}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{075332F3-3893-44CA-AF78-3217AFFC2109}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\svchost" => key removed successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D0A9A2D-DB26-4B93-A0B3-B565466210D3} => key not found. 

C:\Windows\System32\Tasks\UCBrowserUpdaterCore => not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdaterCore => key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9F3D93A-6901-4D6A-8E7A-99D72F69BCB3} => key not found. 

C:\Windows\System32\Tasks\UCBrowserUpdater => not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdater => key not found. 

C:\Windows\Tasks\UCBrowserUpdater.job => not found.

C:\Windows\Tasks\UCBrowserUpdaterCore.job => not found.

C:\Program Files\AdBlocker\Service.WinServiceHost.exe => moved successfully

"C:\Program Files\UCBrowser\Application\5.7.15319.5\UCAgent.exe" => not found.

"C:\Program Files\UCBrowser\Application\UCService.exe" => not found.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57E85390-4013-4781-B15D-AA5602598DB5} => value not found.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A64026F-1EE6-482B-BE13-64F71A8DFAA3} => value not found.

 

=========== EmptyTemp: ==========

 

BITS transfer queue => 8388608 B

DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25926558 B

Java, Flash, Steam htmlcache => 492 B

Windows/system/drivers => 10108692 B

Edge => 0 B

Chrome => 539277478 B

Firefox => 29089052 B

Opera => 0 B

 

Temp, IE cache, history, cookies, recent:

Default => 0 B

Public => 0 B

ProgramData => 0 B

systemprofile => 0 B

LocalService => 0 B

NetworkService => 33822 B

tuzaro => 111512029 B

 

RecycleBin => 0 B

EmptyTemp: => 690.8 MB temporary data Removed.

 

================================

 

 

The system needed a reboot.

 

==== End of Fixlog 06:23:33 ====

Link to comment
Сподели другаде

Изтегли AdwCleaner и го запази на работния плот. Стартирай го, кликни бутон I аgree, изчакай да зареди и после бутон Scan. Изчакай да се сканира, след което кликни бутон Clean. Потвърди с OK на всички прозорци, което ще доведе до рестартиране на системата. След рестартирането ще се отвори текстов файл. Моля, копирай съдържанието му тук.
 

Кажи има ли още проблеми и ако да, опиши по-точно какви.

Link to comment
Сподели другаде

Мисля, че вече всичко е нормално. Благодаря.

 

 

# AdwCleaner v6.020 - Дневникът е създаден 23/09/2016 в 16:39:19
# Обновен на 14/09/2016 от ToolsLib
# База данни : 2016-09-22.1 [Сървърна]
# Операционна Система : Windows 7 Ultimate Service Pack 1 (X86)
# Потребителско име : tuzaro - TUZARO-PC
# Изпълнява се от : C:\Users\tuzaro\Downloads\adwcleaner_6.020.exe
# Режим: Почистване
# Поддръжка : https://toolslib.net/forum
 
 
 
***** [ Услуги ] *****
 
 
 
***** [ Папки ] *****
 
[-] Папката е изтрита: C:\Users\tuzaro\AppData\Roaming\KW
[-] Папката е изтрита: C:\Users\tuzaro\AppData\Roaming\HPRewriter2
[-] Папката е изтрита: C:\ProgramData\Trymedia
[-] Папката е изтрита: C:\ProgramData\Thunder Network
[#] Папката е изтрита по време на рестартиране: C:\ProgramData\Application Data\Trymedia
[#] Папката е изтрита по време на рестартиране: C:\ProgramData\Application Data\Thunder Network
[-] Папката е изтрита: C:\Program Files\adblocker
[-] Папката е изтрита: C:\Program Files\WeatherChickn
[-] Папката е изтрита: C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj
 
 
***** [ Файлове ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Преки пътища ] *****
 
 
 
***** [ Планирани Задачи ] *****
 
 
 
***** [ Регистър ] *****
 
[-] Ключът беше изтрит: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Ключът беше изтрит: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Ключът беше изтрит: HKLM\SOFTWARE\Classes\SearchBar.SearchBarMain
[-] Ключът беше изтрит: HKLM\SOFTWARE\Classes\SearchBar.SearchBarMain.1
[-] Ключът беше изтрит: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Ключът беше изтрит: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Ключът беше изтрит: HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Ключът беше изтрит: HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Ключът беше изтрит: HKLM\SOFTWARE\Classes\CLSID\{2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC}
[-] Ключът беше изтрит: HKLM\SOFTWARE\Classes\CLSID\{598AEFC6-DD3C-4A63-9AC3-53FCF6155931}
[-] Ключът беше изтрит: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Ключът беше изтрит: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Ключът беше изтрит: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Ключът беше изтрит: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
[-] Ключът беше изтрит: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC}
[-] Ключът беше изтрит: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{598AEFC6-DD3C-4A63-9AC3-53FCF6155931}
[-] Ключът беше изтрит: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
[-] Ключът беше изтрит: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Ключът беше изтрит: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC}
[-] Ключът беше изтрит: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{598AEFC6-DD3C-4A63-9AC3-53FCF6155931}
[-] Ключът беше изтрит: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
[-] Ключът беше изтрит: HKU\.DEFAULT\Software\Mail.Ru
[-] Ключът беше изтрит: HKU\.DEFAULT\Software\UCBrowser
[-] Ключът беше изтрит: HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\Software\APN PIP
[-] Ключът беше изтрит: HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\Software\Installer
[-] Ключът беше изтрит: HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\Software\Reimage
[-] Ключът беше изтрит: HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Ключът беше изтрит: HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\Software\Mail.Ru
[-] Ключът беше изтрит: HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\Software\UCBrowserPID
[-] Ключът беше изтрит: HKU\S-1-5-21-4058490045-3294789279-1302001635-1000\Software\AppDataLow\Software\Mail.Ru
[#] Ключът беше изтрит по време на рестартиране: HKU\S-1-5-18\Software\Mail.Ru
[#] Ключът беше изтрит по време на рестартиране: HKU\S-1-5-18\Software\UCBrowser
[#] Ключът беше изтрит по време на рестартиране: HKCU\Software\APN PIP
[#] Ключът беше изтрит по време на рестартиране: HKCU\Software\Installer
[#] Ключът беше изтрит по време на рестартиране: HKCU\Software\Reimage
[#] Ключът беше изтрит по време на рестартиране: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] Ключът беше изтрит по време на рестартиране: HKCU\Software\Mail.Ru
[#] Ключът беше изтрит по време на рестартиране: HKCU\Software\UCBrowserPID
[#] Ключът беше изтрит по време на рестартиране: HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Ключът беше изтрит: HKLM\SOFTWARE\PIP
[-] Ключът беше изтрит: HKLM\SOFTWARE\Reimage
[-] Ключът беше изтрит: HKLM\SOFTWARE\Trymedia Systems
[-] Ключът беше изтрит: HKLM\SOFTWARE\Mail.Ru
[-] Ключът беше изтрит: HKLM\SOFTWARE\UCBrowserPID
[-] Ключът беше изтрит: HKLM\SOFTWARE\StarkIndustry
[-] Ключът беше изтрит: HKLM\SOFTWARE\mtQuoteex
[-] Ключът беше изтрит: HKLM\SOFTWARE\HPRewriter
[-] Ключът беше изтрит: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherChickn
[-] Ключът беше изтрит: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Ключът беше изтрит: HKLM\SOFTWARE\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
[-] Ключът беше изтрит: HKLM\SOFTWARE\Google\Chrome\Extensions\bgcifljfapbhgiehkjlckfjmgeojijcb
[-] Ключът беше изтрит: HKLM\SOFTWARE\Google\Chrome\Extensions\lbjjfiihgfegniolckphpnfaokdkbmdm
 
 
***** [ Интернет Браузъри ] *****
 
[-] [C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default] [extension] Изтрит: bgcifljfapbhgiehkjlckfjmgeojijcb
[-] [C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default] [extension] Изтрит: feeilhmlfcpfchpbgoknoeefdkbgionj
[-] [C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default] [extension] Изтрит: lbjjfiihgfegniolckphpnfaokdkbmdm
[-] [C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Default] [extension] Изтрит: oelpkepjlgmehajehfeicfbjdiobdkfj
[-] [C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [search Provider] Изтрит: ask.com
[-] [C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [search Provider] Изтрит: feed.sonic-search.com
[-] [C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] Изтрит: bgcifljfapbhgiehkjlckfjmgeojijcb
[-] [C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] Изтрит: feeilhmlfcpfchpbgoknoeefdkbgionj
[-] [C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] Изтрит: lbjjfiihgfegniolckphpnfaokdkbmdm
[-] [C:\Users\tuzaro\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] Изтрит: oelpkepjlgmehajehfeicfbjdiobdkfj
 
 
*************************
 
:: "Tracing" ключовете бяха изтрити
:: Winsock настройките бяха изчистени
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [8756 Байта] - [23/09/2016 16:39:19]
C:\AdwCleaner\AdwCleaner[s0].txt - [8439 Байта] - [23/09/2016 16:37:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8912 Байта] ##########
Link to comment
Сподели другаде

В такъв случай направи следното: стартирай отново AdwCleaner и от меню File избери Uninstall. Това ще премахне инструмента и папката с поставените под карантина обекти.

Също така можеш да премахнеш FRST, създатените дневници и изпратения от мен Fixlist.

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...
×
×
  • Създай ново...