SPYWARE-RU.COM

Созданные ответы форума

Просмотр 3 сообщений - с 1 по 3 (из 3 всего)

Автор

Сообщения
7 марта, 2016 в 4:41 дп в ответ на: Chrome bat #32770
flander
Participant
- Темы:1
- Сообщений:4
Check Browsers’ LNK by Alex Dragokas & regist ver. 2.0.0.12 ( Beta )

OS: x64 Windows 7 Ultimate, 6.1.7601, Service Pack: 1
Time: 07.03.2016 — 07:41
Language: OS: Russian (0x419). Display: Russian (0x419). Non-Unicode: Russian (0x419)
Elevated: Yes
User: NegativeStar (group: Administrator)

* Подозрительные объекты будут отмечены префиксом >>>

=========================================================================
(((((( БРАУЗЕРНЫЕ ярлыки ))))))
=========================================================================

_________________________ Цель не существует __________________________

>>> «C:UsersNegativeStarAppDataRoamingMicrosoftInternet ExplorerQuick LaunchGoogle Chrome.lnk» -> [«C:ProgramDatanBrWtBBdXrfNRUdE0.bat»]
>>> «C:UsersNegativeStarAppDataRoamingMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk» -> [«C:ProgramDataRYmvLjMsNEAnFPvtV5.bat»]
>>> «C:UsersNegativeStarAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarMail.Ru.lnk» -> [«C:ProgramDataRYmvLjMsNEAnFPvtV5.bat»]
>>> «C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsAccessoriesSystem ToolsInternet Explorer (No Add-ons).lnk» -> [«C:ProgramDataRYmvLjMsNEAnFPvtV5.bat» =>> -extoff]
>>> «C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle ChromeПанель запуска приложений Chrome.lnk» -> [«C:ProgramDatanBrWtBBdXrfNRUdE0.bat»]
>>> «C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk» -> [«C:ProgramDatanBrWtBBdXrfNRUdE0.bat»]
>>> «C:ProgramDataMicrosoftWindowsStart MenuProgramsMozilla Firefox.lnk» -> [«C:ProgramDataujbGYLzFOnKzsW4.bat»]

=========================================================================
(((((( Прочие ярлыки ))))))
=========================================================================

___________________ Подозрительные ( низкий риск ) ____________________

-[HTTP] «C:UsersNegativeStarAppDataLocalMicrosoftWindowsGameExplorer{0D0C195C-2661-4908-8C7F-35A8FEECFD42}SupportTasksИгры от Майкрософт.lnk» -> [«(Internet Explorer)» =>> hxxp://vvv.gopostal.com/postal2/index.php/]
-[HTTP] «C:UsersNegativeStarAppDataLocalMicrosoftWindowsGameExplorer{0D0C195C-2661-4908-8C7F-35A8FEECFD42}SupportTasks1Поддержка.lnk» -> [«(Internet Explorer)» =>> hxxp://vvv.runningwithscissors.com/]
-[HTTP] «C:UsersNegativeStarAppDataLocalMicrosoftWindowsGameExplorer{5EF1386E-0F0C-475E-9787-0CB5A3BB7C9F}SupportTasksИгры от Майкрософт.lnk» -> [«(Internet Explorer)» =>> hxxp://vvv.rage.co.uk/]
-[HTTP] «C:UsersNegativeStarAppDataLocalMicrosoftWindowsGameExplorer{5EF1386E-0F0C-475E-9787-0CB5A3BB7C9F}SupportTasks1Поддержка.lnk» -> [«(Internet Explorer)» =>> hxxp://vvv.rage.co.uk/support/support.asp/]
-[HTTP] «C:UsersNegativeStarAppDataLocalMicrosoftWindowsGameExplorer{88B3F5A3-A892-434D-B3D4-F382B807D123}SupportTasksИгры от Майкрософт.lnk» -> [«(Internet Explorer)» =>> hxxp://echelon.bethsoft.com/]
-[HTTP] «C:UsersNegativeStarAppDataLocalMicrosoftWindowsGameExplorer{88B3F5A3-A892-434D-B3D4-F382B807D123}SupportTasks1Поддержка.lnk» -> [«(Internet Explorer)» =>> hxxp://vvv.bethsoft.com/]
-[HTTP] «C:UsersNegativeStarAppDataLocalMicrosoftWindowsGameExplorer{C070D0AE-2290-4DF0-9488-032EA424510A}SupportTasksИгры от Майкрософт.lnk» -> [«(Internet Explorer)» =>> hxxp://vvv.valkyriestudios.com/scgame.htm/]
-[HTTP] «C:UsersNegativeStarAppDataLocalMicrosoftWindowsGameExplorer{D62EAAD6-8B69-42B3-B52E-75F87C63396B}SupportTasksИгры от Майкрософт.lnk» -> [«(Internet Explorer)» =>> hxxp://vvv.enclavegame.com/]
-[HTTP] «C:UsersNegativeStarAppDataLocalMicrosoftWindowsGameExplorer{D62EAAD6-8B69-42B3-B52E-75F87C63396B}SupportTasks1Поддержка.lnk» -> [«(Internet Explorer)» =>> hxxp://support.vugames.com/]

_________________________ Цель не существует __________________________

>>> «C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsПриложения ChromeDingit Infinite HD App.lnk» -> [«C:ProgramDatanBrWtBBdXrfNRUdE0.bat»]
>>> «C:ProgramDataMicrosoftWindowsStart MenuProgramsQuake Live.lnk» -> [«C:ProgramDatadfwyrMuUTrIjqkHEWmNa3.bat»]
— «C:UsersNegativeStarAppDataLocalMicrosoftWindowsGameExplorer{0D0C195C-2661-4908-8C7F-35A8FEECFD42}PlayTasksИграть.lnk» -> [«D:SteamsteamappscommonPOSTAL2CompleteSystemPostal2.exe»]
— «C:UsersNegativeStarAppDataLocalMicrosoftWindowsGameExplorer{5EF1386E-0F0C-475E-9787-0CB5A3BB7C9F}PlayTasksИграть.lnk» -> [«D:SteamsteamappscommonIncoming + Incoming ForcesIncoming Forcesforces.exe»]
— «C:UsersNegativeStarAppDataLocalMicrosoftWindowsGameExplorer{88B3F5A3-A892-434D-B3D4-F382B807D123}PlayTasksИграть.lnk» -> [«D:SteamsteamappscommonEchelonGame.exe»]
— «C:UsersNegativeStarAppDataLocalMicrosoftWindowsGameExplorer{C070D0AE-2290-4DF0-9488-032EA424510A}PlayTasksИграть.lnk» -> [«D:SteamsteamappscommonSepterra Coresepterra.exe»]
— «C:UsersNegativeStarAppDataLocalMicrosoftWindowsGameExplorer{D62EAAD6-8B69-42B3-B52E-75F87C63396B}PlayTasksИграть.lnk» -> [«D:SteamsteamappscommonEnclaveEnclave.exe»]
— «C:UsersNegativeStarStart MenuProgramsSpyHunterSpyHunter.lnk» -> [«C:Program FilesEnigma Software GroupSpyHunterSpyHunter4.exe»]
— «C:ProgramDataMicrosoftWindowsStart MenuProgramsAuslogicsBoostSpeedAuslogics BoostSpeed 8.lnk» -> [«C:Program Files (x86)AuslogicsBoostSpeedBoostSpeed.exe»]
— «C:ProgramDataMicrosoftWindowsStart MenuProgramsAuslogicsBoostSpeedAuslogics Rescue Center.lnk» -> [«C:Program Files (x86)AuslogicsBoostSpeedRescueCenter.exe»]
— «C:ProgramDataMicrosoftWindowsStart MenuProgramsGMT-MAX.ORGWWE 2K15WWE 2K15.lnk» -> [«C:WWE 2K15WWE2K15Launcher.exe»]
— «C:ProgramDataMicrosoftWindowsStart MenuProgramsGMT-MAX.ORGWWE 2K15Удалить игру.lnk» -> [«C:WWE 2K15Uninstallunins000.exe»]

=========================================================================
(((((( Интернет-ярлыки ))))))
=========================================================================

— «C:UsersNegativeStarAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarЯндекс.Музыка.website» -> hxxp://music.yandex.ru/?win=217&clid=2255776&from=dist_pin
— «C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsSteamBioShock Infinite.url» -> steam://rungameid/8870
— «C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsSteamBreakout Invaders.url» -> steam://rungameid/366700
— «C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsSteamIn Between.url» -> steam://rungameid/388420
— «C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsSteamOn A Roll 3D.url» -> steam://rungameid/341090
— «C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsSteamOutlast.url» -> steam://rungameid/238320
— «C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsSteamPortal 2.url» -> steam://rungameid/620
— «C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsSteamResident Evil 5 Biohazard 5.url» -> steam://rungameid/21690
— «C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsSteamResident Evil Revelations 2 Biohazard Revelations 2.url» -> steam://rungameid/287290
— «C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsSteamRing Runner Flight of the Sages.url» -> steam://rungameid/258010
— «C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsSteamSaints Row IV.url» -> steam://rungameid/206420
— «C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsSteamTomb Raider.url» -> steam://rungameid/203160
— «C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsSteamViolett.url» -> steam://rungameid/257830
— «C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsSteamZombie Driver HD.url» -> steam://rungameid/220820
— «C:UsersNegativeStarDesktopBioShock Infinite.url» -> steam://rungameid/8870
— «C:UsersNegativeStarDesktopBreakout Invaders.url» -> steam://rungameid/366700
— «C:UsersNegativeStarDesktopCounter-Strike Global Offensive.url» -> steam://rungameid/730
— «C:UsersNegativeStarDesktopIn Between.url» -> steam://rungameid/388420
— «C:UsersNegativeStarDesktopOn A Roll 3D.url» -> steam://rungameid/341090
— «C:UsersNegativeStarDesktopOutlast.url» -> steam://rungameid/238320
— «C:UsersNegativeStarDesktopPortal 2.url» -> steam://rungameid/620
— «C:UsersNegativeStarDesktopResident Evil 5 Biohazard 5.url» -> steam://rungameid/21690
— «C:UsersNegativeStarDesktopResident Evil Revelations 2 Biohazard Revelations 2.url» -> steam://rungameid/287290
— «C:UsersNegativeStarDesktopRing Runner Flight of the Sages.url» -> steam://rungameid/258010
— «C:UsersNegativeStarDesktopSaints Row IV.url» -> steam://rungameid/206420
— «C:UsersNegativeStarDesktopTeam Fortress 2.url» -> steam://rungameid/440
— «C:UsersNegativeStarDesktopTomb Raider.url» -> steam://rungameid/203160
— «C:UsersNegativeStarDesktopViolett.url» -> steam://rungameid/257830
— «C:UsersNegativeStarDesktopZombie Driver HD.url» -> steam://rungameid/220820
— «C:UsersNegativeStarDownloadsrsload.net.BoostSpeed.8.0.1.Rusrsload.net.BoostSpeed.8.0.1.RusRSLOAD.NET.url» -> hxxp://rsload.net/
— «C:UsersNegativeStarDownloadsrsload.net.BoostSpeed.8.0.2rsload.net.BoostSpeed.8.0.2RSLOAD.NET.url» -> hxxp://rsload.net/
— «C:UsersNegativeStarFavoritesMail.Ru Агент — используй для общения!.url» -> hxxp://agent.mail.ru/ru/download/agent_windows/download.html?sputnik=1
— «C:UsersNegativeStarFavoritesMail.Ru.url» -> hxxp://vvv.mail.ru/cnt/7861
— «C:UsersNegativeStarFavoritesLinksПочта.url» -> hxxp://mail.yandex.ru/?win=217&clid=2255777
— «C:UsersNegativeStarFavoritesLinksЯндекс.url» -> hxxp://vvv.yandex.ru/?win=217&clid=2255777
— «C:ProgramDataMicrosoftWindowsStart MenuProgramsBurnAware FreeСайт BurnAware Free в Интернете.url» -> hxxp://vvv.burnaware.com/

________________ Браузер по-умолчанию _______________

— [OK] http = «C:Program Files (x86)GoogleChromeApplicationchrome.exe» — «%1» (Google Chrome)
— [OK] https = «C:Program Files (x86)GoogleChromeApplicationchrome.exe» — «%1» (Google Chrome)
— [OK] ftp = «C:Program Files (x86)GoogleChromeApplicationchrome.exe» — «%1» (Google Chrome)
— [OK] .htm = «C:Program Files (x86)GoogleChromeApplicationchrome.exe» — «%1» (Google Chrome)
— [OK] .html = «C:Program Files (x86)GoogleChromeApplicationchrome.exe» — «%1» (Google Chrome)
— [OK] .url = «C:WindowsSystem32rundll32.exe» «C:WindowsSystem32ieframe.dll»,OpenURL %l (Интернет-обозреватель)

_____________________ Статистика ____________________

Найдено угроз: 9
Снято атрибутов RO: 0 из 0
Режим запуска: Normal
Затрачено времени: 4 сек. (поиск: 3 сек.)
Пройдено папок: 3389
Пройдено файлов: 29254 (ярлыков: 319)

Проверены:
C:UsersNegativeStar
C:UsersDefault
C:UsersPublic
C:ProgramData
______________________________ Конец лога _______________________________

______________________ Максимум файловых объектов _______________________
680 ( 684 ) — C:UsersNegativeStarAppDataLocalEchobitEvolveBrowser
12 ( 698 ) — C:UsersNegativeStarAppDataLocalEchobitEvolve
488 ( 488 ) — C:UsersNegativeStarAppDataLocalEpicGamesLauncherSavedCloudEMS
214 ( 427 ) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultPepper DataShockwave FlashWritableRoot#SharedObjectsAKFXWSJTmacromedia.comsupportflashplayersys
226 ( 517 ) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultPepper DataShockwave FlashWritableRoot#SharedObjectsAKFXWSJT
438 ( 438 ) — C:UsersNegativeStarAppDataLocalMicrosoftMedia PlayerКэш файлов графикиLocalMLS
798 ( 842 ) — C:UsersNegativeStarAppDataLocalSteamold_htmlcache_000
1 ( 799 ) — C:UsersNegativeStarAppDataLocalSteam
951 ( 980 ) — C:UsersNegativeStarAppDataRoaminguTorrent
58 ( 1128 ) — C:UsersNegativeStarAppDataRoaming
500 ( 500 ) — C:ProgramDataAdobeCameraRawCameraProfilesAdobe Standard
166 ( 1108 ) — C:ProgramDataAdobeCameraRawCameraProfilesCamera
3 ( 669 ) — C:ProgramDataAdobeCameraRawCameraProfiles
23 ( 568 ) — C:ProgramDataAdobeCameraRawLensProfiles1.0
297 ( 297 ) — C:ProgramDataMalwarebytesMalwarebytes Anti-MalwareQuarantine

_________________________________________________________________________27550 bytes, CRC32: FFFFFFFF. Sign: 臄
5 марта, 2016 в 4:34 дп в ответ на: Chrome bat #32768
flander
Participant
- Темы:1
- Сообщений:4
Fix result of Farbar Recovery Scan Tool (x64) Version:04-03-2016
Ran by NegativeStar (2016-03-05 07:13:04) Run:1
Running from C:UsersNegativeStarDownloads
Loaded Profiles: NegativeStar (Available Profiles: NegativeStar)
Boot Mode: Normal
==============================================

fixlist content:
*****************
FF Extension: No Name — C:UsersNegativeStarAppDataRoamingMozillaFirefoxProfilesyoxfn58e.defaultextensions{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [not found]
FF Extension: No Name — C:UsersNegativeStarAppDataRoamingMozillaFirefoxProfilesyoxfn58e.defaultextensionssovetnik@metabar.ru.xpi [not found]
FF Extension: No Name — C:UsersNegativeStarAppDataRoamingMozillaFirefoxProfilesyoxfn58e.defaultextensions{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [not found]
FF ExtraCheck: C:Program Files (x86)mozilla firefox67D68ABB4BC28E74701B56E8590A8A0367D6 [2016-01-20] <==== ATTENTION
S0 F19F6C817; system32driversF19F6C817.sys [X]
S2 tsnethlpx64; ??C:Program Files (x86)TencentQQPCMgr11.3.17201.218TsNetHlpX64.sys [X]
S3 VGPU; System32driversrdvgkmd.sys [X]
S3 X6va029; ??C:WindowsSysWOW64DriversX6va029 [X]
Task: {F7FCDA68-6058-4ACF-AA8E-DAE6566A0847} — SystemMonitor2016 -> No File <==== ATTENTION
Shortcut: C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsПриложения ChromeDingit Infinite HD App.lnk -> C:ProgramDatanBrWtBBdXrfNRUdE0.bat (No File)
Shortcut: C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle ChromeПанель запуска приложений Chrome.lnk -> C:ProgramDatanBrWtBBdXrfNRUdE0.bat (No File)
Shortcut: C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsAccessoriesSystem ToolsInternet Explorer (No Add-ons).lnk -> C:ProgramDataRYmvLjMsNEAnFPvtV5.bat (No File)
Shortcut: C:UsersNegativeStarAppDataRoamingMicrosoftInternet ExplorerQuick LaunchGoogle Chrome.lnk -> C:ProgramDatanBrWtBBdXrfNRUdE0.bat (No File)
Shortcut: C:UsersNegativeStarAppDataRoamingMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk -> C:ProgramDataRYmvLjMsNEAnFPvtV5.bat (No File)
Shortcut: C:UsersNegativeStarAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarMail.Ru.lnk -> C:ProgramDataRYmvLjMsNEAnFPvtV5.bat (No File)
Shortcut: C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk -> C:ProgramDatanBrWtBBdXrfNRUdE0.bat (No File)
Shortcut: C:ProgramDataMicrosoftWindowsStart MenuProgramsMozilla Firefox.lnk -> C:ProgramDataujbGYLzFOnKzsW4.bat (No File)
Shortcut: C:ProgramDataMicrosoftWindowsStart MenuProgramsQuake Live.lnk -> C:ProgramDatadfwyrMuUTrIjqkHEWmNa3.bat (No File)
EmptyTemp:
*****************

C:UsersNegativeStarAppDataRoamingMozillaFirefoxProfilesyoxfn58e.defaultextensions{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} => path removed successfully
C:UsersNegativeStarAppDataRoamingMozillaFirefoxProfilesyoxfn58e.defaultextensionssovetnik@metabar.ru.xpi => path removed successfully
C:UsersNegativeStarAppDataRoamingMozillaFirefoxProfilesyoxfn58e.defaultextensions{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} => path removed successfully
C:Program Files (x86)mozilla firefox67D68ABB4BC28E74701B56E8590A8A0367D6 => moved successfully
F19F6C817 => service removed successfully
tsnethlpx64 => service removed successfully
VGPU => service removed successfully
X6va029 => service removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{F7FCDA68-6058-4ACF-AA8E-DAE6566A0847}» => key removed successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{F7FCDA68-6058-4ACF-AA8E-DAE6566A0847}» => key removed successfully
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeSystemMonitor2016 => key not found.
Shortcut: C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsПриложения ChromeDingit Infinite HD App.lnk -> C:ProgramDatanBrWtBBdXrfNRUdE0.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle ChromeПанель запуска приложений Chrome.lnk -> C:ProgramDatanBrWtBBdXrfNRUdE0.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsAccessoriesSystem ToolsInternet Explorer (No Add-ons).lnk -> C:ProgramDataRYmvLjMsNEAnFPvtV5.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:UsersNegativeStarAppDataRoamingMicrosoftInternet ExplorerQuick LaunchGoogle Chrome.lnk -> C:ProgramDatanBrWtBBdXrfNRUdE0.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:UsersNegativeStarAppDataRoamingMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk -> C:ProgramDataRYmvLjMsNEAnFPvtV5.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:UsersNegativeStarAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarMail.Ru.lnk -> C:ProgramDataRYmvLjMsNEAnFPvtV5.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk -> C:ProgramDatanBrWtBBdXrfNRUdE0.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:ProgramDataMicrosoftWindowsStart MenuProgramsMozilla Firefox.lnk -> C:ProgramDataujbGYLzFOnKzsW4.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:ProgramDataMicrosoftWindowsStart MenuProgramsQuake Live.lnk -> C:ProgramDatadfwyrMuUTrIjqkHEWmNa3.bat (No File) => Error: No automatic fix found for this entry.
EmptyTemp: => 1.8 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 07:13:15 ====
4 марта, 2016 в 1:26 пп в ответ на: Chrome bat #32765
flander
Participant
- Темы:1
- Сообщений:4
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-03-2016
Ran by NegativeStar (administrator) on NEGATIVESTAR-PC (04-03-2016 16:23:29)
Running from C:UsersNegativeStarDownloads
Loaded Profiles: NegativeStar (Available Profiles: NegativeStar)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Русский (Россия)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forums/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:Program FilesEnigma Software GroupSpyHunterSH4Service.exe
(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(Intel Corporation) C:WindowsSystem32igfxCUIService.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe
(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationGeForce Experience ServiceGfExperienceService.exe
(Malwarebytes) C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
(Malwarebytes) C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
(NVIDIA Corporation) C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamService.exe
(Malwarebytes) C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe
() C:WindowsSysWOW64PnkBstrA.exe
(TeamViewer GmbH) C:Program Files (x86)TeamViewerTeamViewer_Service.exe
() C:Program Files (x86)AcronisDiskDirectorOSSreinstall_svc.exe
(Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVCpl64.exe
(NVIDIA Corporation) C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe
(Piriform Ltd) C:Program FilesCCleanerCCleaner64.exe
(BitTorrent Inc.) C:UsersNegativeStarAppDataRoaminguTorrentuTorrent.exe
(Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvtray.exe
(Oracle Corporation) C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
(Skillbrains) C:Program Files (x86)Skillbrainslightshot5.2.1.1Lightshot.exe
(Intel Corporation) C:WindowsSystem32igfxEM.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamNetworkService.exe
(BitTorrent Inc.) C:UsersNegativeStarAppDataRoaminguTorrentupdates3.4.5_41865utorrentie.exe
(BitTorrent Inc.) C:UsersNegativeStarAppDataRoaminguTorrentupdates3.4.5_41865utorrentie.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamUserAgent.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplication48.0.2564.116nacl64.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplication48.0.2564.116nacl64.exe
(Google Inc.) C:Program Files (x86)GoogleChromeApplicationchrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Run: [ShadowPlay] => «C:Windowssystem32rundll32.exe» C:Windowssystem32nvspcap64.dll,ShadowPlayOnSystemStart
HKLM…Run: [RTHDVCPL] => C:Program FilesRealtekAudioHDARAVCpl64.exe [13774552 2014-11-19] (Realtek Semiconductor)
HKLM…Run: [NvBackend] => C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM…Run: [AdobeAAMUpdater-1.0] => C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32…Run: [Lightshot] => C:Program Files (x86)SkillbrainslightshotLightshot.exe [226560 2014-11-18] ()
HKLM-x32…Run: [SunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32…Run: [CloneCDTray] => C:Program Files (x86)SlySoftCloneCDCloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM-x32…Run: [QuickTime Task] => C:Program Files (x86)QuickTimeQTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32…Run: [ QQPCTray] => «C:Program Files (x86)TencentQQPCMgr11.3.17201.218QQPCTray.exe» /regrun
HKUS-1-5-21-2496934129-3829805999-962672244-1000…Run: [CCleaner Monitoring] => C:Program FilesCCleanerCCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKUS-1-5-21-2496934129-3829805999-962672244-1000…Run: [uTorrent] => C:UsersNegativeStarAppDataRoaminguTorrentuTorrent.exe [2094080 2016-03-04] (BitTorrent Inc.)
HKUS-1-5-21-2496934129-3829805999-962672244-1000…Run: [GoogleChromeAutoLaunch_3F780851B433003FC93C97AF371C77D0] => C:Program Files (x86)GoogleChromeApplicationchrome.exe [746648 2016-02-18] (Google Inc.)
HKUS-1-5-21-2496934129-3829805999-962672244-1000…Run: [mailruhomesearch] => «C:UsersNegativeStarAppDataLocalMail.RuSputnikptlsmailruhomesearch.exe» —pr_deferred
HKUS-1-5-21-2496934129-3829805999-962672244-1000Control PanelDesktop\SCRNSAVE.EXE -> C:Windowssystem32scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
TcpipParameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip..Interfaces{11AAD7A5-23E5-4B91-8BD1-68AFDCF0E5CE}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip..Interfaces{73351CC9-2B55-4FEA-B69E-EA58CD944669}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Start Page = hxxp://www.google.com
SearchScopes: HKU.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKUS-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKUS-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program Files (x86)Javajre1.8.0_60binssv.dll [2015-09-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program Files (x86)Javajre1.8.0_60binjp2ssv.dll [2015-09-01] (Oracle Corporation)
Filter: deflate — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:Windowssystem32urlmon.dll [2014-05-23] (Microsoft Corporation)
Filter-x32: deflate — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:WindowsSysWOW64urlmon.dll [2014-05-23] (Microsoft Corporation)
Filter: gzip — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:Windowssystem32urlmon.dll [2014-05-23] (Microsoft Corporation)
Filter-x32: gzip — {8f6b0360-b80d-11d0-a9b3-006097942311} — C:WindowsSysWOW64urlmon.dll [2014-05-23] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:UsersNegativeStarAppDataRoamingMozillaFirefoxProfilesyoxfn58e.default
FF DefaultSearchEngine: Поиск@Mail.Ru
FF SelectedSearchEngine: Поиск@Mail.Ru
FF Homepage: hxxps://mail.ru/cnt/11956636?fr=ffhp
FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id=%7BFBB90D2F-4917-47DD-9A33-45AAA88E91BE%7D&gp=811006
FF Plugin: @adobe.com/FlashPlayer -> C:Windowssystem32MacromedFlashNPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:Program Files (x86)Battlelog Web Plugins2.7.1npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:WindowsSysWOW64MacromedFlashNPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:Program Files (x86)Battlelog Web Plugins2.7.1npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:Program Files (x86)Javajre1.8.0_60bindtpluginnpDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:Program Files (x86)Javajre1.8.0_60binplugin2npjp2.dll [2015-09-01] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:Program Files (x86)GoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:Program Files (x86)GoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:Program Files (x86)VideoLANVLCnpvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:Program Files (x86)VideoLANVLCnpvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKUS-1-5-21-2496934129-3829805999-962672244-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:UsersNegativeStarAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF Extension: No Name — C:UsersNegativeStarAppDataRoamingMozillaFirefoxProfilesyoxfn58e.defaultextensions{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [not found]
FF Extension: No Name — C:UsersNegativeStarAppDataRoamingMozillaFirefoxProfilesyoxfn58e.defaultextensionssovetnik@metabar.ru.xpi [not found]
FF Extension: No Name — C:UsersNegativeStarAppDataRoamingMozillaFirefoxProfilesyoxfn58e.defaultextensions{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [not found]
FF ExtraCheck: C:Program Files (x86)mozilla firefox67D68ABB4BC28E74701B56E8590A8A0367D6 [2016-01-20] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> yandex.ru/?__PARAM__from=chromehp
CHR DefaultSearchKeyword: Default -> google.ru_
CHR Profile: C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefault
CHR Extension: (AutoJoin for SteamGifts) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsbchhlccjhoedhhegglilngpbnldfcidc [2015-12-13]
CHR Extension: (Facebook Secret Emoticons) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsbpgpffljkgjmijjdmjbdppndoojdgboe [2016-02-19]
CHR Extension: (Adblock Plus) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionscfhdojbkjhnklbpkdaibdccddilifddb [2016-02-04]
CHR Extension: (Steam inventory helper) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionscmeakgjggjdlcpncigglobpjbkabhmjl [2016-02-21]
CHR Extension: (Tampermonkey) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsdhdgffkkebhmkfjojejmpbldmpobfkfo [2016-01-20]
CHR Extension: (Дополнительные настройки ВКонтакте +) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionselkoljmllnfjhlolfidelaieihcbpbff [2015-06-03]
CHR Extension: (Lounge Assistant) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsenjonnlehciedbcidabdglnnihcncbml [2015-05-27]
CHR Extension: (Alarm) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsfdjkdjnaajdmnminlhhhcicfnokdhjfg [2015-07-31]
CHR Extension: (Stylish) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsfjnbnpbmkenffdnngjfgmeleoegfcffe [2016-01-29]
CHR Extension: (Unlimited Free VPN — Hola) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsgkojfkhlekighikafcpjkiklfbnlmeio [2016-02-18]
CHR Extension: (Steam Winter Sale 2015 Next In Queue Clicker) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsglklhfbneoafcidllhfboofmllchoclf [2015-12-29]
CHR Extension: (Бесплатные стикеры Вконтакте) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionshfmkikgdalneahcmhpbpfnehplngkimo [2016-02-18]
CHR Extension: (Steam Ninja!) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsiafjcapblconlangblamhojmlpbdebhn [2016-01-28]
CHR Extension: (CS:GO Lounge Bump Bot) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsjhfkidfnhjcjjamcbdepeohblphlamgk [2015-05-27]
CHR Extension: (Ultimate Fonts) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsjhjopghocfabjiiipcclaaiiahnbiken [2015-11-30]
CHR Extension: (OkTools) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsjicldjademmddamblmdllfneeaeeclik [2016-02-23]
CHR Extension: (Google RU) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionskbjopffcocgcnkigpnnmpcoimhjbjmba [2015-05-27]
CHR Extension: (Steam Database) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionskdbmhfkmnlmbkgbabkdealhhbfhlmmon [2016-01-21]
CHR Extension: (VK Saver) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionskobfhepnaikcnmffkeommlgddpecandn [2016-01-15]
CHR Extension: (DotVPN — better than VPN.) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionskpiecbcckbofpmkkkdibbllpinceiihk [2016-01-29]
CHR Extension: (Dingit Infinite HD App) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsllnhnfikffkjbdnfallfpgikamegbbag [2016-01-29]
CHR Extension: (Стикеры. Пак 99шт для Вконтакте AddStickers) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsmaobhpbepmgdodfmhhinanejefpnpeja [2015-09-02]
CHR Extension: (Tampermonkey) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsmchbmglgiiijnmpdhcbepaefgljhigdi [2016-01-15]
CHR Extension: (Сибирский хаски) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsmdpjbjmjkgilpifkjfmjdkiilkjmobmd [2015-07-31]
CHR Extension: (Google Mail Checker) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsmihcahmgecmbnbcchbopgniflfhgnkff [2015-05-27]
CHR Extension: (Платежная система Интернет-магазина Chrome) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (AdBlock Pro) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsocifcklkibdehekfnmflempfgjhbedch [2016-01-15]
CHR Extension: (EmojiPlus) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionsohdmafokcgelhmifjiapjbnkfcggkgnb [2016-01-14]
CHR Extension: (Steam Community Market Quick Buy) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionspbfjlhfadijipchkejgenbnnoebonckm [2015-05-27]
CHR Extension: (Lounge Companion (Dota 2 & CS:GO)) — C:UsersNegativeStarAppDataLocalGoogleChromeUser DataDefaultExtensionspokidbfaabncipciiigfhncfmgmdjdaj [2015-05-27]
CHR Extension: (Style Beach) — C:UsersNegativeStarAppDataLocalStyle BeachComponent [2016-01-20]
CHR HKUS-1-5-21-2496934129-3829805999-962672244-1000SOFTWAREGoogleChromeExtensions…ChromeExtension: [aeembeejekghkopiabadonpmfpigojok] — hxxps://clients2.google.com/service/update2/crx
CHR HKUS-1-5-21-2496934129-3829805999-962672244-1000SOFTWAREGoogleChromeExtensions…ChromeExtension: [bgcifljfapbhgiehkjlckfjmgeojijcb] — hxxps://clients2.google.com/service/update2/crx
CHR HKUS-1-5-21-2496934129-3829805999-962672244-1000SOFTWAREGoogleChromeExtensions…ChromeExtension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] — hxxp://clients2.google.com/service/update2/crx
CHR HKUS-1-5-21-2496934129-3829805999-962672244-1000SOFTWAREGoogleChromeExtensions…ChromeExtension: [lbjjfiihgfegniolckphpnfaokdkbmdm] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32…ChromeExtension: [eioddfaepdoeifbhjphfefgipcjcdieo] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32…ChromeExtension: [fdjdjkkjoiomafnihnobkinnfjnnlhdg] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32…ChromeExtension: [geidjeefddhgefeplhdlegoldlgiodon] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32…ChromeExtension: [iflppbjnpneiigcbdfjpnkebidmkjmoi] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32…ChromeExtension: [necfmkplpminfjagblfabggomdpaakan] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32…ChromeExtension: [ppoilmfkbpckodoifdlkmkepcajfjmhl] — hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: «hxxp://www.yandex.ru/?win=217&clid=2255771»

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 defragsvc; C:WindowsSystem32defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
R2 GfExperienceService; C:Program FilesNVIDIA CorporationGeForce Experience ServiceGfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:Windowssystem32igfxCUIService.exe [328296 2014-11-22] (Intel Corporation)
R2 MBAMScheduler; C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
S3 Origin Client Service; D:OriginOriginClientService.exe [2104840 2016-02-05] (Electronic Arts)
R2 OS Selector; C:Program Files (x86)AcronisDiskDirectorOSSreinstall_svc.exe [2153336 2011-12-12] ()
R2 PnkBstrA; C:WindowsSysWOW64PnkBstrA.exe [76152 2015-06-27] ()
R2 SpyHunter 4 Service; C:Program FilesEnigma Software GroupSpyHunterSH4Service.exe [771968 2015-06-23] (Enigma Software Group USA, LLC.)
R2 TeamViewer; C:Program Files (x86)TeamViewerTeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 Themes; C:Windowssystem32themeservice.dll [44544 2016-01-20] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:Program FilesWindows Defendermpsvc.dll [1011712 2014-05-23] (Microsoft Corporation)
S3 WPCSvc; C:WindowsSystem32wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
S3 WPCSvc; C:WindowsSysWOW64wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:Windowssystem32driversevbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ElbyCDFL; C:WindowsSystem32DriversElbyCDFL.sys [40872 2014-02-10] (SlySoft, Inc.)
R3 ElbyCDFL; C:WindowsSysWOW64DriversElbyCDFL.sys [40872 2014-02-10] (SlySoft, Inc.)
S3 esgiguard; C:Program FilesEnigma Software GroupSpyHunteresgiguard.sys [15920 2016-01-20] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:WindowsSystem32DRIVERSEsgScanner.sys [22704 2016-01-20] ()
R0 iaStorF; C:WindowsSystem32DRIVERSiaStorF.sys [30360 2014-10-09] (Intel Corporation)
R1 ISODrive; C:Program Files (x86)UltraISOdriversISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 MBAMProtector; C:Windowssystem32driversmbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:Windowssystem32driversMBAMSwissArmy.sys [192216 2016-03-04] (Malwarebytes)
R3 MBAMWebAccessControl; C:Windowssystem32driversmwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 mountmgr; C:WindowsSystem32driversmountmgr.sys [94592 2010-11-21] (Корпорация Майкрософт)
R3 NvStreamKms; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:WindowsSystem32driversnvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 SAlphamHid; C:WindowsSystem32DRIVERSSAlpham64.sys [39168 2014-10-08] (SteelSeries Corporation)
R3 Serenum; C:WindowsSystem32DRIVERSnuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:WindowsSystem32DRIVERSnuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
R3 SmbDrvI; C:WindowsSystem32DRIVERSSmb_driver_Intel.sys [31472 2014-01-09] (Synaptics Incorporated)
R3 tpg64win7; C:WindowsSystem32DRIVERStpg64win7.sys [648808 2012-02-22] (TP-LINK TECHNOLOGIES CO., LTD)
S1 vdm5mtc0; C:WindowsSysWOW64Driversvdm5mtc0.sys [13312 2015-06-04] () [File not signed]
R0 volmgrx; C:WindowsSystem32driversvolmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт)
S0 F19F6C817; system32driversF19F6C817.sys [X]
S2 tsnethlpx64; ??C:Program Files (x86)TencentQQPCMgr11.3.17201.218TsNetHlpX64.sys [X]
S3 VGPU; System32driversrdvgkmd.sys [X]
S3 X6va029; ??C:WindowsSysWOW64DriversX6va029 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-04 16:23 — 2016-03-04 16:23 — 00022928 _____ C:UsersNegativeStarDownloadsFRST.txt
2016-03-04 08:18 — 2016-03-04 08:18 — 02371584 _____ (Farbar) C:UsersNegativeStarDownloadsFRST64.exe
2016-03-04 08:18 — 2016-03-04 08:18 — 00173438 _____ C:UsersNegativeStarDownloadsWWE.Smackdown.2016.03.03.720p.HDTV.x264-WCWHD.mp4.torrent
2016-03-04 08:18 — 2016-03-04 08:18 — 00001444 _____ C:UsersNegativeStarDesktopFRST64 — Ярлык.lnk
2016-03-04 06:53 — 2016-03-04 16:17 — 00000000 ____D C:UsersNegativeStarAppDataLocalLowuTorrent
2016-03-04 06:53 — 2016-03-04 06:53 — 00020403 _____ C:UsersNegativeStarDownloadsCastle.S08E13.rus.LostFilm.TV.avi.torrent
2016-03-03 21:05 — 2016-03-04 07:09 — 00002240 _____ C:UsersNegativeStarDesktopНовый текстовый документ.txt
2016-03-03 20:53 — 2016-03-03 20:53 — 00014393 _____ C:UsersNegativeStarDownloadsBetter.Call.Saul.S02E03.rus.LostFilm.TV.avi.torrent
2016-03-03 20:08 — 2016-03-04 16:18 — 00001794 _____ C:UsersNegativeStarDesktopchrome — Ярлык.lnk
2016-03-03 19:55 — 2016-03-03 19:55 — 00000000 ____D C:rsit
2016-03-03 19:55 — 2016-03-03 19:55 — 00000000 ____D C:Program Files (x86)trend micro
2016-03-03 19:24 — 2016-03-04 16:17 — 00192216 _____ (Malwarebytes) C:Windowssystem32DriversMBAMSwissArmy.sys
2016-03-03 19:24 — 2016-03-03 19:24 — 00001102 _____ C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk
2016-03-03 19:24 — 2016-03-03 19:24 — 00000000 ____D C:UsersВсе пользователиMalwarebytes
2016-03-03 19:24 — 2016-03-03 19:24 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Malware
2016-03-03 19:24 — 2016-03-03 19:24 — 00000000 ____D C:ProgramDataMalwarebytes
2016-03-03 19:24 — 2016-03-03 19:24 — 00000000 ____D C:Program Files (x86)Malwarebytes Anti-Malware
2016-03-03 19:24 — 2015-10-05 09:50 — 00109272 _____ (Malwarebytes) C:Windowssystem32Driversmbamchameleon.sys
2016-03-03 19:24 — 2015-10-05 09:50 — 00063704 _____ (Malwarebytes Corporation) C:Windowssystem32Driversmwac.sys
2016-03-03 19:24 — 2015-10-05 09:50 — 00025816 _____ (Malwarebytes) C:Windowssystem32Driversmbam.sys
2016-03-03 19:23 — 2016-03-03 19:26 — 184399320 _____ C:UsersNegativeStarDownloadsf9a709oz (1).exe
2016-03-03 19:23 — 2016-03-03 19:23 — 22908888 _____ (Malwarebytes ) C:UsersNegativeStarDownloadsmbam-setup-2.2.0.1024.exe
2016-03-03 18:44 — 2016-03-03 18:45 — 184399320 _____ C:UsersNegativeStarDownloadsf9a709oz.exe
2016-03-03 18:44 — 2016-03-03 18:44 — 00901088 _____ (Carifred) C:UsersNegativeStarDownloadsUltraAdwareKiller64.exe
2016-03-03 18:30 — 2016-03-03 18:30 — 01518592 _____ C:UsersNegativeStarDownloadsAdwCleaner.exe
2016-03-03 18:27 — 2016-03-03 18:27 — 00005120 _____ C:UsersNegativeStarAppDataRoamingGiftBag.db
2016-03-03 18:24 — 2016-03-03 18:24 — 00242360 _____ C:UsersNegativeStarDownloadsFirefox Setup Stub 44.0.2 (1).exe
2016-03-03 18:23 — 2016-03-03 19:09 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsContentProtector
2016-03-03 18:22 — 2016-03-03 18:23 — 00000000 ____D C:Program FilesContentProtector
2016-03-03 18:21 — 2016-03-03 18:21 — 01636897 _____ C:UsersNegativeStarDownloadsgetsoftware_direct.php_id_1015
2016-03-03 18:14 — 2016-03-03 18:14 — 00000000 ____D C:UsersNegativeStarDocumentsiMacros
2016-03-03 18:12 — 2016-03-03 18:23 — 00001830 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMozilla Firefox.lnk
2016-03-03 18:12 — 2016-03-03 18:12 — 00242360 _____ C:UsersNegativeStarDownloadsFirefox Setup Stub 44.0.2.exe
2016-03-03 18:12 — 2016-03-03 18:12 — 00000000 ____D C:Program Files (x86)Mozilla Maintenance Service
2016-03-03 18:10 — 2016-03-03 18:10 — 01095540 _____ C:UsersNegativeStarDownloadsFMacros_v5.25b.zip
2016-03-03 17:41 — 2016-03-03 17:41 — 00000000 ____D C:Windowspss
2016-03-03 16:24 — 2016-03-03 16:24 — 00000202 _____ C:UsersNegativeStarDesktopIn Between.url
2016-03-03 16:13 — 2016-03-03 16:13 — 00003472 ____N C:bootsqm.dat
2016-03-03 07:28 — 2016-03-03 07:28 — 00018983 _____ C:UsersNegativeStarDownloadsGotham.S02E12.rus.LostFilm.TV.avi.torrent
2016-03-02 21:15 — 2016-03-02 21:17 — 184340984 _____ C:UsersNegativeStarDownloadsailzyj2f.exe
2016-03-02 16:48 — 2016-03-02 16:49 — 44262616 _____ C:UsersNegativeStarDownloadstorbrowser-install-5.5.2_ru.exe
2016-03-02 16:42 — 2016-03-03 20:14 — 00000000 ____D C:Program Files (x86)HideMe.ru VPN
2016-03-02 16:42 — 2016-03-02 16:42 — 07248888 _____ (inCloak Network Ltd. ) C:UsersNegativeStarDownloadshideme.ru_vpn_1.10.exe
2016-03-01 20:03 — 2016-03-01 20:03 — 00000741 _____ C:UsersNegativeStarDownloadsmod.styles
2016-03-01 07:27 — 2016-03-01 07:27 — 00012248 _____ C:UsersNegativeStarDownloadsThe.Originals.S03E14.rus.LostFilm.TV.avi.torrent
2016-03-01 07:20 — 2016-03-01 07:20 — 00015538 _____ C:UsersNegativeStarDownloadsWWE.Raw.02.29.2016.HDTV.x264-FMN.mp4.torrent
2016-02-29 21:11 — 2016-02-29 21:11 — 01380712 _____ C:UsersNegativeStarDownloadsSteamSetup (2).exe
2016-02-29 07:32 — 2016-02-29 07:32 — 00000202 _____ C:UsersNegativeStarDesktopOutlast.url
2016-02-28 21:06 — 2016-02-28 21:06 — 00016105 _____ C:UsersNegativeStarDownloadsElementary.S04E14.rus.LostFilm.TV.avi.torrent
2016-02-28 12:55 — 2016-02-28 12:55 — 00001845 _____ C:UsersPublicDesktopQuickTime Player.lnk
2016-02-28 12:55 — 2016-02-28 12:55 — 00000000 ____D C:UsersВсе пользователиApple Computer
2016-02-28 12:55 — 2016-02-28 12:55 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsQuickTime
2016-02-28 12:55 — 2016-02-28 12:55 — 00000000 ____D C:ProgramDataApple Computer
2016-02-28 12:55 — 2016-02-28 12:55 — 00000000 ____D C:Program Files (x86)QuickTime
2016-02-28 12:54 — 2016-02-28 12:54 — 00000000 ____D C:UsersNegativeStarAppDataLocalLowApple Computer
2016-02-28 09:18 — 2016-02-28 09:18 — 00015869 _____ C:UsersNegativeStarDownloadsSupernatural.S11E15.rus.LostFilm.TV.avi.torrent
2016-02-28 09:12 — 2016-02-28 09:12 — 00000000 ____D C:UsersNegativeStarDocumentsTrapThemRC1
2016-02-27 18:55 — 2016-02-27 18:55 — 00015141 _____ C:UsersNegativeStarDownloadsFargo 2 — LostFilm.TV.torrent
2016-02-27 09:52 — 2016-02-27 09:52 — 00027730 _____ C:UsersNegativeStarDownloadsFargo 1 — LostFilm.TV.torrent
2016-02-27 08:37 — 2016-02-27 08:37 — 00020472 _____ C:UsersNegativeStarDownloads[maga-music.ru]entspannte_traume_in_kalifornien.torrent
2016-02-27 08:36 — 2016-02-27 08:36 — 00029698 _____ C:UsersNegativeStarDownloads[maga-music.ru]flight_of_the_soul_vol.47.torrent
2016-02-27 08:36 — 2016-02-27 08:36 — 00026392 _____ C:UsersNegativeStarDownloads[maga-music.ru]chillout_evolution,_vol._2.torrent
2016-02-27 08:36 — 2016-02-27 08:36 — 00022000 _____ C:UsersNegativeStarDownloads[maga-music.ru]chillout_fashion_playlist_02-_worldwide_edition.torrent
2016-02-27 08:36 — 2016-02-27 08:36 — 00018862 _____ C:UsersNegativeStarDownloads[maga-music.ru]chillout_and_lounge_ibiza_style.torrent
2016-02-27 08:36 — 2016-02-27 08:36 — 00018679 _____ C:UsersNegativeStarDownloads[maga-music.ru]flight_of_the_soul_vol.46.torrent
2016-02-27 08:36 — 2016-02-27 08:36 — 00018245 _____ C:UsersNegativeStarDownloads[maga-music.ru]chillout_evolution,_vol._1.torrent
2016-02-27 08:36 — 2016-02-27 08:36 — 00006502 _____ C:UsersNegativeStarDownloads[maga-music.ru]tom_strobe_-_featuring_artist_-_tom_strobe.torrent
2016-02-27 08:35 — 2016-02-27 08:35 — 00024937 _____ C:UsersNegativeStarDownloads[maga-music.ru]winter_fragment-_relax_party.torrent
2016-02-27 08:35 — 2016-02-27 08:35 — 00018293 _____ C:UsersNegativeStarDownloads[maga-music.ru]frozen_time_-_50_cool_winter_chill_sounds.torrent
2016-02-27 08:35 — 2016-02-27 08:35 — 00017344 _____ C:UsersNegativeStarDownloads[maga-music.ru]avantgarde_chillout_vol_1.torrent
2016-02-27 04:21 — 2016-02-27 04:21 — 00020543 _____ C:UsersNegativeStarDownloadsCastle.S08E12.rus.LostFilm.TV.avi.torrent
2016-02-27 04:21 — 2016-02-27 04:21 — 00019862 _____ C:UsersNegativeStarDownloadsArrow.S04E15.rus.LostFilm.TV.avi.torrent
2016-02-26 07:39 — 2016-02-26 07:39 — 00000000 ____D C:UsersNegativeStarAppDataLocalLowglow
2016-02-26 07:38 — 2015-07-18 16:08 — 00984448 _____ (Microsoft Corporation) C:Windowssystem32ucrtbase.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00901264 _____ (Microsoft Corporation) C:WindowsSysWOW64ucrtbase.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00066400 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-crt-private-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00063840 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-crt-private-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00022368 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-crt-math-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00020832 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-crt-math-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00019808 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00019808 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00017760 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-crt-string-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00017760 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-crt-stdio-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00017760 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-crt-string-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00017760 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-crt-stdio-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00016224 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-crt-runtime-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00016224 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-crt-runtime-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00015712 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-crt-convert-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00015712 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-crt-convert-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00014176 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-crt-time-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00014176 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-core-localization-l1-2-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00014176 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-crt-time-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00014176 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-core-localization-l1-2-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00013664 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00013664 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00012640 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-crt-process-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00012640 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-crt-heap-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00012640 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-crt-conio-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00012640 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-crt-process-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00012640 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-crt-heap-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00012640 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-crt-conio-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00012128 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-crt-utility-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00012128 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-crt-locale-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00012128 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-crt-environment-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00012128 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-core-synch-l1-2-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00012128 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-core-processthreads-l1-1-1.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00012128 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-crt-utility-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00012128 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-crt-locale-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00012128 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-crt-environment-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00012128 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-core-synch-l1-2-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00012128 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-core-processthreads-l1-1-1.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00011616 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-eventing-provider-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00011616 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-core-xstate-l2-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00011616 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-core-timezone-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00011616 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-core-file-l2-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00011616 _____ (Microsoft Corporation) C:WindowsSysWOW64api-ms-win-core-file-l1-2-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00011616 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-eventing-provider-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00011616 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-core-xstate-l2-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00011616 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-core-timezone-l1-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00011616 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-core-file-l2-1-0.dll
2016-02-26 07:38 — 2015-07-18 16:08 — 00011616 _____ (Microsoft Corporation) C:Windowssystem32api-ms-win-core-file-l1-2-0.dll
2016-02-26 07:31 — 2016-02-26 07:31 — 00014993 _____ C:UsersNegativeStarDownloadsBetter.Call.Saul.S02E02.rus.LostFilm.TV.avi.torrent
2016-02-25 12:36 — 2016-02-25 12:36 — 00000000 ____D C:UsersВсе пользователиGRETECH
2016-02-25 12:36 — 2016-02-25 12:36 — 00000000 ____D C:ProgramDataGRETECH
2016-02-25 12:04 — 2016-02-25 12:04 — 00001209 _____ C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuGOM Player.lnk
2016-02-25 12:04 — 2016-02-25 12:04 — 00001185 _____ C:UsersPublicDesktopGOM Player.lnk
2016-02-25 12:04 — 2016-02-25 12:04 — 00000000 ____D C:UsersNegativeStarAppDataRoamingYandex
2016-02-25 12:04 — 2016-02-25 12:04 — 00000000 ____D C:UsersNegativeStarAppDataRoamingGRETECH
2016-02-25 12:04 — 2016-02-25 12:04 — 00000000 ____D C:UsersNegativeStarAppDataLocalChromium
2016-02-25 12:04 — 2016-02-25 12:04 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsGOM Player
2016-02-25 12:04 — 2016-02-25 12:04 — 00000000 ____D C:Program Files (x86)GRETECH
2016-02-25 12:03 — 2016-02-25 12:03 — 21662776 _____ (Gretech Corporation) C:UsersNegativeStarDownloadsGOMPLAYERRUSETUP.EXE
2016-02-25 07:47 — 2016-02-25 07:47 — 00018691 _____ C:UsersNegativeStarDownloadsWWE.Smackdown.2016.02.25_Lakith414928.avi.torrent
2016-02-23 08:06 — 2016-02-23 08:06 — 00025732 _____ C:UsersNegativeStarDownloads[libtor.net]The_Annual_Chillout_Sessions.torrent
2016-02-23 07:53 — 2016-02-23 07:53 — 00014738 _____ C:UsersNegativeStarDownloadsWWE.Raw.02.22.2016.HDTV.x264-FMN.mp4.torrent
2016-02-23 00:00 — 2016-02-23 00:00 — 00016270 _____ C:UsersNegativeStarDownloadsThe.Originals.S03E13.rus.LostFilm.TV.avi.torrent
2016-02-22 22:19 — 2016-02-22 22:19 — 00016022 _____ C:UsersNegativeStarDownloadsGrimm.S05E10.rus.LostFilm.TV.avi.torrent
2016-02-22 14:52 — 2016-02-22 14:52 — 00000000 ____D C:UsersNegativeStarAppDataLocalsquishy
2016-02-22 07:23 — 2016-02-22 07:23 — 00011282 _____ C:UsersNegativeStarDownloadsWWE.Fastlane.2016.PPV.WEBRip.h264-WD.mp4.torrent
2016-02-22 07:13 — 2016-02-22 07:13 — 00000000 ____D C:UsersNegativeStarAppDataLocalLowSDPGames
2016-02-22 07:12 — 2016-02-22 07:12 — 00013345 _____ C:UsersNegativeStarDownloadsElementary.S04E13.rus.LostFilm.TV.avi.torrent
2016-02-21 07:19 — 2016-02-21 07:19 — 00015289 _____ C:UsersNegativeStarDownloadsSupernatural.S11E14.rus.LostFilm.TV.avi.torrent
2016-02-20 07:42 — 2016-02-20 07:42 — 00017603 _____ C:UsersNegativeStarDownloadsCastle.S08E11.rus.LostFilm.TV.avi.torrent
2016-02-20 07:42 — 2016-02-20 07:42 — 00011643 _____ C:UsersNegativeStarDownloadsArrow.S04E14.rus.LostFilm.TV.avi.torrent
2016-02-19 07:13 — 2016-02-19 07:13 — 00018263 _____ C:UsersNegativeStarDownloadsCastle.S08E10.rus.LostFilm.TV.avi.torrent
2016-02-19 07:12 — 2016-02-19 07:12 — 00011294 _____ C:UsersNegativeStarDownloadsBetter.Call.Saul.S02E01.rus.LostFilm.TV.avi.torrent
2016-02-17 02:56 — 2016-02-17 02:56 — 00002075 _____ C:UsersNegativeStarDesktopБудильник.lnk
2016-02-17 02:56 — 2016-02-17 02:56 — 00000000 ____D C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsБудильник
2016-02-17 02:55 — 2016-02-17 02:56 — 05892678 _____ (highspheres.com ) C:UsersNegativeStarDownloadswakemeup.exe
2016-02-17 02:55 — 2016-02-17 02:56 — 05100912 _____ ( ) C:UsersNegativeStarDownloadsLimAClockSetup (2).exe
2016-02-16 07:40 — 2016-02-16 07:40 — 00015665 _____ C:UsersNegativeStarDownloadsWWE.RAW.2016.02.15.HDTV.x264-jkkk.mp4.torrent
2016-02-16 07:39 — 2016-02-16 07:39 — 00013470 _____ C:UsersNegativeStarDownloadsThe.Originals.S03E12.rus.LostFilm.TV.avi.torrent
2016-02-15 21:48 — 2016-02-15 21:48 — 00019580 _____ C:UsersNegativeStarDownloadsGrimm.S05E09.rus.LostFilm.TV.avi.torrent
2016-02-15 21:44 — 2016-02-15 21:44 — 00000000 ____D C:UsersNegativeStarAppDataLocalLowMizar Games
2016-02-15 07:29 — 2016-02-15 07:29 — 00018187 _____ C:UsersNegativeStarDownloadsElementary.S04E12.rus.LostFilm.TV.avi.torrent
2016-02-15 07:29 — 2016-02-15 07:29 — 00018187 _____ C:UsersNegativeStarDownloadsElementary.S04E12.rus.LostFilm.TV.avi (1).torrent
2016-02-14 08:45 — 2016-02-14 08:45 — 00014307 _____ C:UsersNegativeStarDownloadsSupernatural.S11E13.rus.LostFilm.TV.avi.torrent
2016-02-13 06:14 — 2016-02-13 06:14 — 00018142 _____ C:UsersNegativeStarDownloadsArrow.S04E13.rus.LostFilm.TV.avi.torrent
2016-02-12 11:42 — 2016-02-12 11:42 — 00011451 _____ C:UsersNegativeStarDownloadsSuits.s05e13.WEBDLRip.NewStudio.TV.avi.torrent
2016-02-12 06:37 — 2016-02-12 06:37 — 00216926 _____ C:UsersNegativeStarDownloadsOA7p0_croper_ru.jpeg
2016-02-12 06:18 — 2016-02-12 06:18 — 00018803 _____ C:UsersNegativeStarDownloadsCastle.S08E09.rus.LostFilm.TV.avi.torrent
2016-02-10 16:12 — 2016-02-10 16:12 — 00239862 _____ C:UsersNegativeStarDownloadsTNA_Impact_Wrestling_HDTV_2016-02-09_720p_H264_AVCHD-SC-SDH.torrent
2016-02-10 14:27 — 2016-02-10 14:27 — 00000000 ____D C:UsersNegativeStarDocumentsCriterion Games
2016-02-10 12:34 — 2016-02-14 09:19 — 00000041 ___SH C:UsersВсе пользователи.zreglib
2016-02-10 12:34 — 2016-02-14 09:19 — 00000041 ___SH C:ProgramData.zreglib
2016-02-10 12:32 — 2016-02-10 12:32 — 02836520 _____ C:UsersNegativeStarDownloadsSetupCloneCD5320.exe
2016-02-10 12:32 — 2016-02-10 12:32 — 00001113 _____ C:UsersPublicDesktopCloneCD.lnk
2016-02-10 12:32 — 2016-02-10 12:32 — 00000000 ____D C:UsersВсе пользователиSlySoft
2016-02-10 12:32 — 2016-02-10 12:32 — 00000000 ____D C:ProgramDataSlySoft
2016-02-10 12:32 — 2016-02-10 12:32 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSlySoft
2016-02-10 12:32 — 2016-02-10 12:32 — 00000000 ____D C:Program Files (x86)SlySoft
2016-02-10 11:53 — 2016-02-10 11:53 — 00042238 _____ C:UsersNegativeStarDownloads[xboxster.ru] WWE_2K16_LT-3.0.torrent
2016-02-10 11:02 — 2016-02-10 11:03 — 80918884 _____ C:UsersNegativeStarDownloadsOxxxymiron_-_GORGOROD.7z
2016-02-10 10:42 — 2016-02-10 10:42 — 00000000 ____D C:UsersNegativeStarAppDataLocalLowForeverEntertainment
2016-02-10 09:49 — 2016-02-10 09:49 — 00656735 _____ C:UsersNegativeStarDownloadswwe2k16xbox360complex_1445936627 (1).torrent
2016-02-09 08:48 — 2016-02-09 08:48 — 00014370 _____ C:UsersNegativeStarDownloadsThe.Originals.S03E11.rus.LostFilm.TV.avi.torrent
2016-02-09 08:48 — 2016-02-09 08:48 — 00012543 _____ C:UsersNegativeStarDownloadsGrimm.S05E08.rus.LostFilm.TV.avi.torrent
2016-02-09 08:43 — 2016-02-09 08:43 — 00017065 _____ C:UsersNegativeStarDownloadsWWE.RAW.2016.02.08.HDTV.x264-jkkk.mp4.torrent
2016-02-09 08:07 — 2016-02-09 08:07 — 00000000 ____D C:UsersNegativeStarAppDataLocalProjectFap
2016-02-08 10:54 — 2016-02-08 10:55 — 40198491 _____ C:UsersNegativeStarDownloadsLee DeWyze Blackbird Song Live NYC 6_6_14 From The Walking Dead.mp4
2016-02-08 10:40 — 2016-02-08 10:44 — 77830219 _____ C:UsersNegativeStarDownloadsNirvana — Rape Me, Pennyroyal Tea, Drain You (Live on Nulle Part Ailleurs Paris,.mp4
2016-02-08 10:35 — 2016-02-08 10:35 — 00000000 ____D C:UsersNegativeStar.biodronebattle
2016-02-07 20:16 — 2016-02-07 20:16 — 00016327 _____ C:UsersNegativeStarDownloadsElementary.S04E11.rus.LostFilm.TV.avi.torrent
2016-02-07 00:13 — 2016-02-07 00:13 — 00017929 _____ C:UsersNegativeStarDownloadsSupernatural.S11E12.rus.LostFilm.TV.avi.torrent
2016-02-06 21:55 — 2016-02-06 22:18 — 00000000 ____D C:UsersNegativeStarDocumentsProfileCache
2016-02-06 21:55 — 2016-02-06 22:13 — 00000000 ____D C:UsersNegativeStarDocumentsThe Crew
2016-02-06 21:54 — 2016-02-06 21:54 — 00000000 ____D C:UsersNegativeStarAppDataLocalUbisoft
2016-02-06 21:33 — 2016-02-06 21:33 — 00392024 _____ C:UsersNegativeStarDownloadsKhoroshie_akkaunty_s_logom.txt
2016-02-06 21:33 — 2016-02-06 21:33 — 00392024 _____ C:UsersNegativeStarDownloadsKhoroshie_akkaunty_s_logom (1).txt
2016-02-06 07:49 — 2016-02-06 07:49 — 00392024 _____ C:UsersNegativeStarDownloadsХорошие аккаунты с логом.txt
2016-02-05 19:43 — 2016-02-05 19:43 — 00011383 _____ C:UsersNegativeStarDownloadsArrow.S04E12.rus.LostFilm.TV.avi.torrent
2016-02-05 17:28 — 2016-02-05 17:28 — 00000524 _____ C:UsersPublicDesktopOrigin.lnk
2016-02-05 17:26 — 2016-02-05 17:26 — 31334856 _____ (Electronic Arts, Inc.) C:UsersNegativeStarDownloadsOriginThinSetup.exe
2016-02-05 17:22 — 2016-02-05 17:22 — 00031404 _____ C:UsersNegativeStarDownloadsWWE_Thursday_Night_Smackdown_HDTV_2016-02-04_720p_AVCHD-SC-SDH.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-04 16:23 — 2015-06-05 13:57 — 00000000 ____D C:FRST
2016-03-04 16:23 — 2015-02-19 22:46 — 00000000 ____D C:UsersNegativeStarAppDataRoaminguTorrent
2016-03-04 16:17 — 2015-02-19 18:04 — 00000966 _____ C:WindowsTasksGoogleUpdateTaskMachineCore.job
2016-03-04 16:17 — 2015-02-19 17:57 — 00000000 ____D C:UsersNegativeStar
2016-03-04 16:17 — 2009-07-14 08:08 — 00000006 ____H C:WindowsTasksSA.DAT
2016-03-04 08:16 — 2015-06-24 09:25 — 00000896 _____ C:WindowsTasksAdobe Flash Player Updater.job
2016-03-04 07:45 — 2015-02-19 18:04 — 00000970 _____ C:WindowsTasksGoogleUpdateTaskMachineUA.job
2016-03-04 07:44 — 2015-05-20 18:18 — 00000000 ____D C:UsersNegativeStarAppDataRoamingSkype
2016-03-03 23:05 — 2009-07-14 07:45 — 00026352 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-03 23:05 — 2009-07-14 07:45 — 00026352 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-03 22:59 — 2015-04-15 10:54 — 00000000 ____D C:UsersNegativeStarAppDataLocalNVIDIA Corporation
2016-03-03 22:59 — 2015-04-15 10:54 — 00000000 ____D C:UsersNegativeStarAppDataLocalNVIDIA
2016-03-03 22:59 — 2009-07-14 06:20 — 00000000 ____D C:Windowsinf
2016-03-03 20:25 — 2016-01-15 00:05 — 00000000 ____D C:UsersNegativeStarAppDataLocalHostinstaller
2016-03-03 20:22 — 2015-03-05 15:46 — 00000000 ____D C:UsersNegativeStarDesktop#Trash
2016-03-03 20:20 — 2015-03-22 18:24 — 00000000 ____D C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsSteam
2016-03-03 20:19 — 2009-07-14 08:32 — 00000000 ___RD C:ProgramDataMicrosoftWindowsStart MenuProgramsGames
2016-03-03 19:41 — 2015-04-26 09:11 — 00000258 __RSH C:UsersNegativeStarntuser.pol
2016-03-03 19:27 — 2015-03-25 12:59 — 00000000 ____D C:UsersNegativeStarDoctor Web
2016-03-03 18:55 — 2015-05-27 01:00 — 00000000 ____D C:AdwCleaner
2016-03-03 18:40 — 2015-02-19 18:03 — 00058408 _____ C:UsersNegativeStarAppDataLocalGDIPFONTCACHEV1.DAT
2016-03-03 18:39 — 2009-07-14 07:45 — 00279552 _____ C:Windowssystem32FNTCACHE.DAT
2016-03-03 18:38 — 2016-01-08 17:03 — 00000000 ____D C:UsersNegativeStarAppDataLocalUnity
2016-03-03 18:37 — 2015-03-05 15:02 — 00000771 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsQuake Live.lnk
2016-03-03 18:29 — 2015-02-19 17:57 — 00000000 ____D C:UsersNegativeStarAppDataLocalVirtualStore
2016-03-03 18:26 — 2015-12-28 10:47 — 00000000 ____D C:UsersNegativeStarAppDataLocalCrashDumps
2016-03-03 18:26 — 2015-04-12 22:16 — 00000000 ____D C:WindowsMinidump
2016-03-03 18:23 — 2015-02-19 18:04 — 00001879 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2016-03-03 18:12 — 2016-01-08 17:09 — 00000000 ____D C:Program Files (x86)Mozilla Firefox
2016-03-03 17:01 — 2015-03-02 21:00 — 00000000 ____D C:UsersNegativeStarAppDataRoamingMultiBit
2016-03-02 23:28 — 2015-02-23 12:05 — 00000000 ____D C:UsersNegativeStarAppDataRoamingvlc
2016-03-02 16:46 — 2015-03-09 13:51 — 00000000 ____D C:Windowssystem32appmgmt
2016-02-28 15:51 — 2015-06-03 00:15 — 00000000 ____D C:UsersNegativeStarAppDataRoamingMicrosoftWindowsStart MenuProgramsGames
2016-02-27 11:25 — 2015-11-27 22:21 — 00000467 _____ C:UsersNegativeStarAppDataRoamingburnaware.ini
2016-02-26 07:39 — 2015-02-19 17:54 — 00000000 ____D C:UsersВсе пользователиPackage Cache
2016-02-26 07:39 — 2015-02-19 17:54 — 00000000 ____D C:ProgramDataPackage Cache
2016-02-23 22:15 — 2015-05-20 18:18 — 00000000 ____D C:UsersВсе пользователиSkype
2016-02-23 22:15 — 2015-05-20 18:18 — 00000000 ____D C:ProgramDataSkype
2016-02-17 09:40 — 2015-12-24 16:04 — 00112216 _____ C:Windowssystem32NvRtmpStreamer64.dll
2016-02-17 09:40 — 2015-04-15 10:54 — 01903344 _____ (NVIDIA Corporation) C:Windowssystem32nvspcap64.dll
2016-02-17 09:40 — 2015-04-15 10:54 — 01756424 _____ (NVIDIA Corporation) C:Windowssystem32nvspbridge64.dll
2016-02-17 09:40 — 2015-04-15 10:54 — 01571624 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvspcap.dll
2016-02-17 09:40 — 2015-04-15 10:54 — 01316184 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvspbridge.dll
2016-02-17 02:58 — 2015-12-10 22:27 — 00000032 _____ C:WindowsMLConfig.ini
2016-02-11 13:10 — 2015-06-24 17:17 — 00000000 ____D C:UsersВсе пользователиOrigin
2016-02-11 13:10 — 2015-06-24 17:17 — 00000000 ____D C:ProgramDataOrigin
2016-02-10 00:16 — 2015-06-24 09:25 — 00003834 _____ C:WindowsSystem32TasksAdobe Flash Player Updater
2016-02-10 00:16 — 2015-02-19 17:44 — 00796864 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerApp.exe
2016-02-10 00:16 — 2015-02-19 17:44 — 00142528 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerCPLApp.cpl
2016-02-06 16:26 — 2016-01-28 22:02 — 00000000 ____D C:UsersNegativeStarAppDataLocalUbisoft Game Launcher
2016-02-05 17:28 — 2015-06-27 17:12 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsOrigin
2016-02-05 07:18 — 2011-04-12 16:26 — 00723936 _____ C:Windowssystem32perfh019.dat
2016-02-05 07:18 — 2011-04-12 16:26 — 00150252 _____ C:Windowssystem32perfc019.dat
2016-02-05 07:18 — 2009-07-14 08:13 — 01647438 _____ C:Windowssystem32PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-11-27 22:21 — 2016-02-27 11:25 — 0000467 _____ () C:UsersNegativeStarAppDataRoamingburnaware.ini
2016-03-03 18:27 — 2016-03-03 18:27 — 0005120 _____ () C:UsersNegativeStarAppDataRoamingGiftBag.db
2015-11-29 22:54 — 2015-11-29 23:41 — 0001456 _____ () C:UsersNegativeStarAppDataLocalAdobe Сохранить для Web 13.0 Prefs
2015-04-20 12:05 — 2015-04-20 12:05 — 0000003 _____ () C:UsersNegativeStarAppDataLocalupdater.log
2015-04-20 12:05 — 2015-04-23 12:24 — 0000424 _____ () C:UsersNegativeStarAppDataLocalUserProducts.xml
2016-02-10 12:34 — 2016-02-14 09:19 — 0000041 ___SH () C:ProgramData.zreglib
2015-02-19 18:04 — 2015-02-19 18:04 — 0000000 ____H () C:ProgramDataDP45977C.lfl

Some files in TEMP:
====================
C:UsersNegativeStarAppDataLocalTempcondefclean.exe
C:UsersNegativeStarAppDataLocalTempekWz9b.exe
C:UsersNegativeStarAppDataLocalTempMailRuUpdater.exe
C:UsersNegativeStarAppDataLocalTempQuarantine.exe
C:UsersNegativeStarAppDataLocalTempSkypeSetup.exe
C:UsersNegativeStarAppDataLocalTempsqlite3.dll
C:UsersNegativeStarAppDataLocalTempYandexWorking.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:Windowssystem32winlogon.exe => File is digitally signed
C:Windowssystem32wininit.exe => File is digitally signed
C:WindowsSysWOW64wininit.exe => File is digitally signed
C:Windowsexplorer.exe
[2016-01-20 21:13] — [2014-05-23 09:44] — 2388992 ____A (Microsoft Corporation) 53309A6952CCD1676915FD318EB9BCEC

C:WindowsSysWOW64explorer.exe => File is digitally signed
C:Windowssystem32svchost.exe => File is digitally signed
C:WindowsSysWOW64svchost.exe => File is digitally signed
C:Windowssystem32services.exe => File is digitally signed
C:Windowssystem32User32.dll => File is digitally signed
C:WindowsSysWOW64User32.dll => File is digitally signed
C:Windowssystem32userinit.exe => File is digitally signed
C:WindowsSysWOW64userinit.exe => File is digitally signed
C:Windowssystem32rpcss.dll => File is digitally signed
C:Windowssystem32dnsapi.dll => File is digitally signed
C:WindowsSysWOW64dnsapi.dll => File is digitally signed
C:Windowssystem32Driversvolsnap.sys => File is digitally signed

LastRegBack: 2016-02-19 22:13

==================== End of FRST.txt ============================
Автор

Сообщения