Jump to content

Trojan


Recommended Posts

  • Root Admin

Hello @Botan and :welcome:

Please post the scan log from Malwarebytes so that we can see what it found.

Also, let me get the following logs.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

 

Thank you

Ron

 

Link to post
Share on other sites

Ok the logs from FRST: 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-04-2017 01
Ran by Danut (administrator) on DANUT-PC (25-04-2017 12:38:09)
Running from C:\Users\Danut\Desktop
Loaded Profiles: Danut &  (Available Profiles: Danut)
Platform: Microsoft Windows 7 Ultimate  (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Settings\CmdServer\EasyLauncher.exe
() C:\Program Files\Samsung\Easy Settings\CmdServer\EasySettingsCmdServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Samsung Electronics Co., Ltd.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Settings\sSettings.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(© 2015 Microsoft Corporation) C:\Users\Danut\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
() C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\athbttray.exe [696448 2012-10-15] (Atheros Commnucations)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\btvstack.exe [877184 2012-10-15] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2243952 2012-10-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11733648 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
Startup: C:\Users\Danut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hl.vbs [2017-03-17] ()
GroupPolicy: Restriction - Windows Defender <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{41EB7C22-58FC-40A9-BC42-ECCD5A053079}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{AB263847-A1A3-42D6-A470-0D3A707E4DA5}: [DhcpNameServer] 193.231.100.130 193.231.100.134
ManualProxies: 

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131253163127028054&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?ilc=8
HKU\S-1-5-21-3767664393-884807361-1005592115-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131253163127088058&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-3767664393-884807361-1005592115-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131253163127088058&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3767664393-884807361-1005592115-1000 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3767664393-884807361-1005592115-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-23] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2012-10-15] (Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-23] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Danut\AppData\Roaming\Mozilla\Firefox\Profiles\rkljdgg5.default [2017-04-24]
FF user.js: detected! => C:\Users\Danut\AppData\Roaming\Mozilla\Firefox\Profiles\rkljdgg5.default\user.js [2016-05-27]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\rkljdgg5.default -> Yahoo
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\rkljdgg5.default -> hxxp://search.yahoo.com/search?fr=mkg030&p=
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\rkljdgg5.default -> Yahoo
FF Homepage: Mozilla\Firefox\Profiles\rkljdgg5.default -> hxxp://www.yahoo.com/?ilc=8
FF Keyword.URL: Mozilla\Firefox\Profiles\rkljdgg5.default -> hxxp://search.yahoo.com/search?fr=mkg030&p=
FF Extension: (Avira Browser Safety) - C:\Users\Danut\AppData\Roaming\Mozilla\Firefox\Profiles\rkljdgg5.default\Extensions\abs@avira.com [2016-12-24]
FF Extension: (Bing Search) - C:\Users\Danut\AppData\Roaming\Mozilla\Firefox\Profiles\rkljdgg5.default\Extensions\bingsearch.full@microsoft.com [2015-09-26] [not signed]
FF Extension: (Bing Search) - C:\Users\Danut\AppData\Roaming\Mozilla\Firefox\Profiles\rkljdgg5.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-12-21]
FF Extension: (Yahoo! Toolbar) - C:\Users\Danut\AppData\Roaming\Mozilla\Firefox\Profiles\rkljdgg5.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2016-06-24] [not signed]
FF SearchPlugin: C:\Users\Danut\AppData\Roaming\Mozilla\Firefox\Profiles\rkljdgg5.default\searchplugins\bing-.xml [2015-12-21]
FF Extension: (Skype) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-06] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-06] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-23] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3767664393-884807361-1005592115-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Danut\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Danut\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Profile 1 -> hxxp://dts.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> ask.com
CHR DefaultSuggestURL: Profile 1 -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default [2017-04-24]
CHR Extension: (Google Docs) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-04]
CHR Extension: (YouTube) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-04]
CHR Extension: (Google Search) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-24]
CHR Extension: (Bing) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-12-04]
CHR Extension: (Avira Browser Safety) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-04-28]
CHR Extension: (Google Docs Offline) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-24]
CHR Extension: (Gmail) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-24]
CHR Profile: C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-04-24]
CHR Profile: C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-25]
CHR Extension: (Ask Search) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaacdkeilkigfopmfogeeoamifkgnoo [2015-10-11]
CHR Extension: (Google Docs) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-11]
CHR Extension: (Google Drive) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (ILividLive - Watch Movies Online) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\appmeigfolfmgidjfciapbbgonilangd [2015-10-18]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2017-04-18]
CHR Extension: (YouTube) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Slither.io Skins, Mods, Hack & Guide) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dggomkijbihggjgcgdbnleolpleddaid [2016-07-20]
CHR Extension: (Polarr Photo Editor) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2017-01-22]
CHR Extension: (Adobe Acrobat) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Block site) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2016-06-12]
CHR Extension: (Slither.io Mods, Zoom, Unlock Skins, Bots) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eogeabecipmckmihpmkgjbghbffcebcf [2017-02-21]
CHR Extension: (Avira Browser Safety) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-20]
CHR Extension: (Google Docs Offline) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2017-04-05]
CHR Extension: (Until AM for Chrome) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mjafmkicbmhcbapadecadciafbkecofl [2016-06-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (EliteUnzip) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\onaeegcnkhafbgjigcejgenmgadfppbc [2016-09-29]
CHR Extension: (Hover Zoom+) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2017-04-23]
CHR Extension: (Gmail) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-11]
CHR Extension: (Chrome Media Router) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-04]
CHR Profile: C:\Users\Danut\AppData\Local\Google\Chrome\User Data\System Profile [2017-04-24]
CHR Extension: (Google Slides) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-18]
CHR Extension: (Google Docs) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-18]
CHR Extension: (Google Drive) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-18]
CHR Extension: (YouTube) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-18]
CHR Extension: (Google Search) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-18]
CHR Extension: (Google Sheets) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-18]
CHR Extension: (Gmail) - C:\Users\Danut\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3767664393-884807361-1005592115-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1212048 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [185472 2012-10-15] (Atheros Commnucations) [File not signed]
S4 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277048 2012-11-08] (Intel Corporation)
R2 Easy Launcher; C:\Program Files\Samsung\Easy Settings\CmdServer\EasyLauncher.exe [1593664 2015-05-27] (Samsung Electronics CO., LTD.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-07-06] ()
S3 iumsvc; C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-07-06] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3297632 2017-03-20] (Samsung Electronics Co., Ltd.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-10-15] (Atheros) [File not signed]
S2 Avira.ServiceHost; "C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 HPProtector Service; C:\Program Files\HPProtector\HPProtectorSrv.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [35968 2012-10-15] (Atheros)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2239488 2012-04-19] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-07-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-07-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-08] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-04] (Avira Operations GmbH & Co. KG)
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [299648 2012-10-15] (Atheros)
R3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [98432 2012-10-15] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [25728 2012-10-15] (Atheros)
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [148096 2012-10-15] (Atheros)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [60544 2012-10-15] (Atheros)
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [264704 2012-10-15] (Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [469632 2012-10-15] (Atheros)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [281968 2012-10-09] (ELAN Microelectronics Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2017-04-25] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2012-07-06] (Intel Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-23] (Avira Operations GmbH & Co. KG)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-25 12:38 - 2017-04-25 12:39 - 00024302 _____ C:\Users\Danut\Desktop\FRST.txt
2017-04-25 12:37 - 2017-04-25 12:38 - 00000000 ____D C:\FRST
2017-04-25 12:35 - 2017-04-25 12:35 - 01767936 _____ (Farbar) C:\Users\Danut\Desktop\FRST.exe
2017-04-24 19:26 - 2017-04-24 19:27 - 00688992 _____ (Swearware) C:\Users\Danut\Downloads\dds.scr
2017-04-24 17:45 - 2017-04-24 17:45 - 00000000 ___RD C:\Users\Danut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-04-24 16:57 - 2017-04-24 16:57 - 00150136 _____ C:\Windows\Minidump\042417-14196-01.dmp
2017-04-24 15:39 - 2017-04-24 16:57 - 330868124 _____ C:\Windows\MEMORY.DMP
2017-04-24 15:39 - 2017-04-24 15:39 - 00150136 _____ C:\Windows\Minidump\042417-16567-01.dmp
2017-04-23 10:38 - 2017-04-25 10:38 - 00000000 _____ C:\Windows\directx.sys
2017-04-23 10:27 - 2017-04-23 10:27 - 00000000 ____D C:\Program Files\Common Files\Java
2017-04-21 21:17 - 2017-04-23 21:28 - 00000000 ____D C:\Users\Danut\AppData\LocalLow\uTorrent
2017-04-21 17:05 - 2017-04-21 17:05 - 00000000 ____D C:\Users\Danut\AppData\Roaming\Apple Computer
2017-04-21 17:05 - 2017-04-21 17:05 - 00000000 ____D C:\Users\Danut\AppData\Local\Apple Computer
2017-04-21 17:04 - 2017-04-21 17:04 - 00000000 ____D C:\Users\Danut\AppData\Local\Apple
2017-04-21 17:04 - 2017-04-21 17:04 - 00000000 ____D C:\ProgramData\Apple Computer
2017-04-21 17:04 - 2017-04-21 17:04 - 00000000 ____D C:\ProgramData\Apple
2017-04-17 15:34 - 2017-04-17 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-03-30 18:33 - 2017-04-25 10:15 - 00000000 ____D C:\Users\Danut\AppData\Roaming\.minecraft
2017-03-30 18:33 - 2017-03-30 18:33 - 00000000 ____D C:\Users\Danut\AppData\Roaming\java
2017-03-30 18:32 - 2017-04-23 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-30 18:32 - 2017-04-23 10:27 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-03-30 18:30 - 2017-04-22 20:49 - 00780352 _____ C:\Users\Danut\Downloads\chromeinstall-8u121.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-25 12:33 - 2015-09-24 08:59 - 00000376 _____ C:\Windows\Tasks\update-S-1-5-21-3767664393-884807361-1005592115-1000.job
2017-04-25 10:15 - 2015-09-24 08:59 - 00000376 _____ C:\Windows\Tasks\update-sys.job
2017-04-25 10:05 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\NDF
2017-04-25 08:50 - 2016-06-27 12:39 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-24 17:52 - 2013-10-19 21:55 - 00006230 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-24 17:50 - 2009-07-14 07:34 - 00020544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-24 17:50 - 2009-07-14 07:34 - 00020544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-24 17:48 - 2015-09-26 19:58 - 00000000 ____D C:\Users\Danut\AppData\Roaming\Skype
2017-04-24 17:46 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\inf
2017-04-24 17:45 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-24 16:57 - 2014-01-22 20:52 - 00000000 ____D C:\Windows\Minidump
2017-04-24 16:33 - 2013-10-30 03:40 - 00000000 ____D C:\Users\Danut\Documents\Bluetooth Folder
2017-04-24 12:16 - 2016-03-27 16:48 - 00000000 ___RD C:\Users\Danut\Desktop\Muzica
2017-04-24 12:16 - 2016-03-20 14:44 - 00000000 ___RD C:\Users\Danut\Desktop\Programe
2017-04-24 12:11 - 2013-10-30 02:57 - 00000000 ____D C:\ProgramData\Samsung
2017-04-24 12:08 - 2013-10-30 02:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-04-24 10:17 - 2016-04-06 17:32 - 00000000 ____D C:\Users\Danut\Desktop\New Folder
2017-04-24 10:15 - 2015-09-28 18:18 - 00000000 ____D C:\Games
2017-04-24 10:11 - 2015-02-04 18:19 - 00000000 ____D C:\Users\Danut\AppData\Roaming\uTorrent
2017-04-24 10:11 - 2013-11-01 09:15 - 00000000 ____D C:\Users\Danut\AppData\Roaming\Winamp
2017-04-24 10:10 - 2013-11-03 18:32 - 00000000 ____D C:\Users\Danut\AppData\Local\CrashDumps
2017-04-23 21:51 - 2016-05-04 19:57 - 00000000 ____D C:\Program Files\Java
2017-04-23 10:31 - 2016-05-04 19:58 - 00000000 ____D C:\ProgramData\Oracle
2017-04-22 20:49 - 2016-07-19 19:09 - 01132480 _____ C:\Users\Danut\Downloads\UnityWebPlayer.exe
2017-04-22 20:49 - 2016-07-11 13:17 - 00283592 _____ C:\Users\Danut\Downloads\Firefox Setup Stub 47.0.1.exe
2017-04-22 20:49 - 2016-07-01 17:53 - 05956936 _____ C:\Users\Danut\Downloads\winscp577setup.exe
2017-04-22 20:49 - 2016-06-21 10:44 - 00283608 _____ C:\Users\Danut\Downloads\Firefox Setup Stub 47.0.exe
2017-04-22 20:49 - 2016-06-12 16:00 - 04672312 _____ C:\Users\Danut\Downloads\avira_en_av_575bf5c1761e5__ws.exe
2017-04-22 20:49 - 2016-05-27 13:14 - 00465544 _____ C:\Users\Danut\Downloads\msgr11us.exe
2017-04-22 20:49 - 2016-05-04 22:54 - 02368448 _____ C:\Users\Danut\Downloads\setup.exe
2017-04-22 20:49 - 2016-05-04 19:53 - 01850000 _____ C:\Users\Danut\Downloads\wrar531.exe
2017-04-22 20:49 - 2016-03-20 14:36 - 01811152 _____ C:\Users\Danut\Downloads\wrar501.exe
2017-04-22 20:49 - 2015-10-11 16:35 - 00971344 _____ C:\Users\Danut\Downloads\ChromeSetup.exe
2017-04-22 20:49 - 2015-09-24 08:59 - 02552832 _____ C:\Users\Danut\Downloads\setup-lightshot.exe
2017-04-22 20:49 - 2015-02-04 18:18 - 01782352 _____ C:\Users\Danut\Downloads\uTorrent.exe
2017-04-22 20:49 - 2013-11-01 09:25 - 04420520 _____ C:\Users\Danut\Downloads\ccsetup407.exe
2017-04-21 17:03 - 2016-12-04 12:57 - 00000000 ____D C:\Users\Danut\AppData\LocalLow\Mozilla
2017-04-17 15:34 - 2015-09-24 08:59 - 00000412 _____ C:\Users\Danut\AppData\Local\UserProducts.xml
2017-04-14 21:48 - 2014-01-19 10:14 - 00000000 ____D C:\Users\Danut\AppData\LocalLow\Adobe
2017-04-14 21:42 - 2014-06-05 02:02 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-12 17:39 - 2016-05-06 19:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-12 09:24 - 2014-06-05 02:02 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-04-12 09:24 - 2014-06-05 02:02 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-04-08 20:35 - 2016-12-24 19:54 - 00000000 ____D C:\Program Files\Red Crucible
2017-04-08 20:21 - 2014-06-05 02:59 - 00000000 ____D C:\Users\Danut\AppData\Local\Adobe
2017-04-07 07:45 - 2015-09-26 19:57 - 00000000 ____D C:\ProgramData\Skype
2017-04-07 07:44 - 2014-11-18 19:15 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-04 18:16 - 2015-10-17 10:14 - 00002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-26 08:48 - 2009-07-14 07:33 - 00269624 _____ C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2016-07-01 17:55 - 2017-03-05 09:48 - 0000600 _____ () C:\Users\Danut\AppData\Roaming\winscp.rnd
2016-03-27 17:09 - 2016-03-27 17:09 - 0002491 _____ () C:\Users\Danut\AppData\Local\recently-used.xbel
2016-05-12 09:25 - 2016-05-12 09:25 - 0007600 _____ () C:\Users\Danut\AppData\Local\Resmon.ResmonCfg
2015-09-24 08:59 - 2015-09-24 08:59 - 0000003 _____ () C:\Users\Danut\AppData\Local\updater.log
2015-09-24 08:59 - 2017-04-17 15:34 - 0000412 _____ () C:\Users\Danut\AppData\Local\UserProducts.xml
2016-04-17 20:11 - 2016-04-17 20:11 - 0000000 _____ () C:\Users\Danut\AppData\Local\{063F6EB3-816D-431F-8638-5FA986826CF7}

Some files in TEMP:
====================
2017-04-23 10:26 - 2017-04-23 10:39 - 0781376 _____ () C:\Users\Danut\AppData\Local\Temp\jre-8u131-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-13 19:57

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-04-2017 01
Ran by Danut (25-04-2017 12:40:03)
Running from C:\Users\Danut\Desktop
Microsoft Windows 7 Ultimate  (X86) (2013-10-19 18:57:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3767664393-884807361-1005592115-500 - Administrator - Disabled)
Danut (S-1-5-21-3767664393-884807361-1005592115-1000 - Administrator - Enabled) => C:\Users\Danut
Guest (S-1-5-21-3767664393-884807361-1005592115-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3767664393-884807361-1005592115-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3767664393-884807361-1005592115-1000\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Atheros Bluetooth Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.4.0.165 - Atheros)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.12.408 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{761cd2c4-5249-4346-8318-a499d06d2681}) (Version: 1.1.63.21885 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{d6a7cfcc-1f1c-4638-8f9e-0f184696fcdb}) (Version: 1.1.48.9049 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.63.21885 - Avira Operations GmbH & Co. KG) Hidden
Bandicam (HKLM\...\Bandicam) (Version: 3.1.1.1073 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version:  - Bandisoft.com)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Discord (HKU\S-1-5-21-3767664393-884807361-1005592115-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dropbox (HKU\S-1-5-21-3767664393-884807361-1005592115-1000\...\Dropbox) (Version: 2.4.5 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 2.4.5 - Dropbox, Inc.)
Easy Settings (HKLM\...\{C73757DE-33F1-45D1-864A-C8BFEBC37366}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
ETDWare X86 11.7.5.5_WHQL (HKLM\...\Elantech) (Version: 11.7.5.5 - ELAN Microelectronic Corp.)
Google Chrome (HKLM\...\{61D1D65D-76AF-37E3-A2AC-006AACB51587}) (Version: 57.0.2987.133 - Google, Inc.)
Google Update Helper (Version: 1.3.33.3 - Google Inc.) Hidden
HPProtector (HKLM\...\HPProtector) (Version:  - ) <==== ATTENTION
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.12.1498 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.2.1003 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Lightshot-5.4.0.5 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.5 - Skillbrains)
Malwarebytes Anti-Malware versiunea 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 ro) (HKLM\...\Mozilla Firefox 50.1.0 (x86 ro)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
nVidia E9 SE Counter-Strike (HKLM\...\{433619F8-E7CD-4D2B-BD3C-BCE3155265F6}) (Version: 1.0.0 - nVidia E9 SE Counter-Strike)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.58 - Samsung Electronics Co., Ltd.) Hidden
Samsung Update (HKLM\...\{0463F7A5-8953-4F41-B9A8-936CF68C00F5}) (Version: 2.2.47 - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.29 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-3767664393-884807361-1005592115-1000\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\ChromeHTML: -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Danut\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Danut\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
HKU\S-1-5-21-3767664393-884807361-1005592115-1000\...\ChromeHTML: -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3767664393-884807361-1005592115-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Danut\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3767664393-884807361-1005592115-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Danut\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {188DECE7-ED39-4012-9D2A-4BB5D894F76B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {2891CD5C-A1DA-4FF2-AD20-95D87B7440E7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {2F659B6C-9AD8-4BA1-A0F9-F0752BFB4CDB} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2017-04-24] ()
Task: {3434B189-C126-4DDC-AAF5-01A0FAC38BF0} - System32\Tasks\{9500A436-F959-4B44-ADE0-2AB88E43139E} => C:\Users\Danut\Desktop\New folder\hl.exe 
Task: {3BD8B3F2-66FF-4B4A-8E93-0ECC50F41C93} - System32\Tasks\EasySettings => C:\Program Files\Samsung\Easy Settings\sSettings.exe [2015-05-27] (Samsung Electronics CO., LTD.)
Task: {3D9EC443-9D76-444C-881C-E5133CF2A171} - System32\Tasks\WLANStartup => C:\Program Files\Samsung\Easy Settings\WLANStartup.exe [2015-05-27] (Samsung Electronics)
Task: {44EE5CB3-AAFE-403A-AED6-9D59BFEA4CE2} - System32\Tasks\{94356DB6-A3B4-4A58-8318-1D7B84B024F9} => Chrome.exe hxxps://ui.skype.com/ui/0/7.32.0.104/ro/abandoninstall?page=tsMain
Task: {5133CF5D-6C00-4C42-86AE-F9EC9EEF457A} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {53A8C134-9B17-44D3-AFAC-2B6B1840FA99} - System32\Tasks\{348F24B9-8102-400C-8809-413432E27594} => Chrome.exe hxxps://ui.skype.com/ui/0/7.32.0.104/ro/abandoninstall?page=tsProgressBar
Task: {7A757C78-A19D-45B0-A421-0F0C42A9324F} - System32\Tasks\{8948C88C-BC79-4F6F-82D2-A9CDAB0E6649} => Chrome.exe hxxps://ui.skype.com/ui/0/7.32.0.104/ro/abandoninstall?page=tsBing
Task: {7B0F0891-42EA-4F1C-ACE8-6827B47A4943} - System32\Tasks\{CC8BC0A4-B131-4737-87D5-2A0AC8F6A267} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.109/ro/abandoninstall?page=tsProgressBar
Task: {88D1C1BF-65A4-402C-89D3-626F93585602} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2016-02-24] (Samsung Electronics Co., Ltd.)
Task: {8B2F27C4-7FAD-4DBD-B019-99497174AA85} - System32\Tasks\update-S-1-5-21-3767664393-884807361-1005592115-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {97B2A34C-9CBA-443B-BD96-D3C643586A2D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {9B877E3F-54DE-4FA9-AC14-9D4C7CE40527} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {9F584B90-8962-4C23-B24A-8F3ABA90A6BB} - System32\Tasks\{CEB6F824-110E-4E89-9697-A94D35E6A908} => pcalua.exe -a "C:\Users\Danut\Desktop\New Folder\Minecraft.exe" -d "C:\Users\Danut\Desktop\New Folder"
Task: {A8EF962D-001E-4EB5-82BB-5302638CB78E} - System32\Tasks\EasySettings_config => C:\Program Files\Samsung\Easy Settings\sSettings.exe [2015-05-27] (Samsung Electronics CO., LTD.)
Task: {B52C5316-D582-4614-A013-3CE708C8D350} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-04] (Google Inc.)
Task: {BC597540-8A3F-4031-8202-E72F243C4614} - System32\Tasks\SCCSpeedBoot => C:\Program Files\Samsung\Easy Settings\CmdServer\SCCSpeedBoot.exe [2015-05-27] (Samsung Electronics Co., Ltd.)
Task: {CDEE8F2C-2456-4741-A0A4-4C1BCBF6E6F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-12] (Adobe Systems Incorporated)
Task: {F8E9DC88-9839-4103-8155-3138FE71395A} - System32\Tasks\{A42447FC-C410-4AEA-B84C-D391F4514BE5} => pcalua.exe -a C:\Users\Danut\Desktop\CS-16-Professional.exe -d C:\Users\Danut\Desktop
Task: {FB07076E-D433-4C3D-93DD-C3F56362F826} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-04] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-3767664393-884807361-1005592115-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Danut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files\HPProtector\WebLauncher.exe (No File) <===== Cyrillic
Shortcut: C:\Users\Danut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files\HPProtector\WebLauncher.exe (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic

ShortcutWithArgument: C:\Users\Danut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
ShortcutWithArgument: C:\Users\Danut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Until AM for Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=mjafmkicbmhcbapadecadciafbkecofl
ShortcutWithArgument: C:\Users\Danut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fa4d13c4deebf84b\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
ShortcutWithArgument: C:\Users\Danut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Danut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5a7c76e6b75d1491\Danut - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2015-05-27 11:06 - 2015-05-27 11:06 - 00211064 _____ () C:\Program Files\Samsung\Easy Settings\CmdServer\WinCRT.dll
2015-05-27 11:06 - 2015-05-27 11:06 - 00084800 _____ () C:\Program Files\Samsung\Easy Settings\CmdServer\EasySettingsCmdServer.exe
2015-05-27 11:06 - 2015-05-27 11:06 - 00027968 _____ () C:\Program Files\Samsung\Easy Settings\CmdServer\EasySettingsCmdWrapper.dll
2015-05-27 11:06 - 2015-05-27 11:06 - 01270080 _____ () C:\Program Files\Samsung\Easy Settings\CmdServer\EasySettingsCmd.dll
2015-05-27 11:06 - 2015-05-27 11:06 - 00111936 _____ () C:\Program Files\Samsung\Easy Settings\CmdServer\EasySettingsBase.dll
2015-05-27 11:06 - 2015-05-27 11:06 - 00056440 _____ () C:\Program Files\Samsung\Easy Settings\CmdServer\HookDllPS2.dll
2015-05-27 11:05 - 2015-05-27 11:05 - 00025920 _____ () C:\Program Files\Samsung\Easy Settings\CmdServer\EasySettingsAPI.dll
2015-05-27 11:05 - 2015-05-27 11:05 - 00025920 _____ () C:\Program Files\Samsung\Easy Settings\EasySettingsAPI.dll
2015-05-27 11:06 - 2015-05-27 11:06 - 00111936 _____ () C:\Program Files\Samsung\Easy Settings\EasySettingsBase.dll
2015-05-27 11:06 - 2015-05-27 11:06 - 00059712 _____ () C:\Program Files\Samsung\Easy Settings\EasyMovieEnhancer.dll
2015-05-27 11:06 - 2015-05-27 11:06 - 00102720 _____ () C:\Program Files\Samsung\Easy Settings\EasySettingsCmdClient.dll
2012-11-07 01:04 - 2012-11-07 01:04 - 00094208 _____ () C:\Windows\system32\IccLibDll.dll
2013-10-30 03:18 - 2012-07-06 18:23 - 00128280 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2013-10-30 03:18 - 2012-07-06 18:24 - 01198872 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2017-04-04 18:16 - 2017-03-29 05:04 - 02187096 _____ () C:\Program Files\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-04 18:16 - 2017-03-29 05:04 - 00086360 _____ () C:\Program Files\Google\Chrome\Application\57.0.2987.133\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Danut:Heroes & Generals [38]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\exefile\shell\open\command: C:\Windows\svchost.com "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:04 - 2009-06-11 00:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3767664393-884807361-1005592115-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Danut\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3767664393-884807361-1005592115-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Danut\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupfolder: C:^Users^Danut^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{84259F40-DDD8-4182-851B-E4A041F33F2F}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{604615ED-2F83-41A2-A6F6-F269F8F45ECF}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{2D56B9B3-1608-46FB-955B-D2DEBCAE1DA7}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{651EAA2D-B54F-4381-B16B-6FD38C7B5FE4}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{51C1BD7E-7FF0-4544-8E2B-D900D36ABB5A}] => (Allow) C:\Users\Danut\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{EAFA309F-C0A6-4C8E-9170-19F402FF4478}] => (Allow) C:\Users\Danut\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{5148DD4E-D191-479D-B921-7B7FEE6DC75E}C:\users\danut\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\danut\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{A8981010-8046-44A4-805E-F8BD79530674}C:\users\danut\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\danut\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{ECBA87B7-27EE-4ACE-AC66-666C495634F5}C:\users\danut\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\danut\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{334158BB-253E-4E81-A4F0-D0E5CFBAAD52}C:\users\danut\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\danut\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{9B04C311-6E18-4B9E-BD23-3C034500C56A}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{4E756395-03BA-4618-81A1-E54AEFDCC91F}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{25C036BC-12AA-4832-B615-C4F19751F28B}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [UDP Query User{B87E9DD4-80E1-4E8C-9745-F256826D3825}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [TCP Query User{A08A48E7-3CC5-4CE9-8C6B-7BE698A4E28A}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe
FirewallRules: [UDP Query User{2686F3DF-E0A4-4CEE-A0DE-C88AA03C4D6E}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe
FirewallRules: [{32058A62-7CA0-49E5-85A6-CBE7AE125569}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{E71A11E2-A66D-4B2C-9CA8-9C4786ADC14F}] => (Allow) C:\Games\World_of_Warships\WorldofWarships.exe
FirewallRules: [TCP Query User{21CFAE7D-23B4-4F2B-B63C-9E64A97E0F53}C:\users\danut\desktop\new folder\hl.exe] => (Allow) C:\users\danut\desktop\new folder\hl.exe
FirewallRules: [UDP Query User{4D2B3B5E-0046-4396-AF6A-9BC659E2F16E}C:\users\danut\desktop\new folder\hl.exe] => (Allow) C:\users\danut\desktop\new folder\hl.exe
FirewallRules: [TCP Query User{80EAD932-FDB6-4255-B31D-29B1706685B2}C:\users\danut\desktop\programe\new folder\hl.exe] => (Allow) C:\users\danut\desktop\programe\new folder\hl.exe
FirewallRules: [UDP Query User{F124ECEB-C822-4630-BE2B-6F114B3A15DE}C:\users\danut\desktop\programe\new folder\hl.exe] => (Allow) C:\users\danut\desktop\programe\new folder\hl.exe
FirewallRules: [TCP Query User{B642C5B3-A7A0-4342-8B74-FC547EF830ED}C:\program files\counter strike pro\hl.exe] => (Allow) C:\program files\counter strike pro\hl.exe
FirewallRules: [UDP Query User{38EB6771-83F5-459D-A3C2-6CFBDF1E3955}C:\program files\counter strike pro\hl.exe] => (Allow) C:\program files\counter strike pro\hl.exe
FirewallRules: [TCP Query User{86A68ED0-B687-48DE-B37C-0862F7EC1FF2}C:\program files\counter-strike 1.6 omonas\hl.exe] => (Block) C:\program files\counter-strike 1.6 omonas\hl.exe
FirewallRules: [UDP Query User{1B62B4A8-DA23-47D5-8280-44355CC68AB0}C:\program files\counter-strike 1.6 omonas\hl.exe] => (Block) C:\program files\counter-strike 1.6 omonas\hl.exe
FirewallRules: [TCP Query User{FBB0D215-2C34-4773-A43B-EC44CDB6ECD3}C:\program files\counter strike pro\hl.exe] => (Block) C:\program files\counter strike pro\hl.exe
FirewallRules: [UDP Query User{05188FEE-A859-4351-BC56-705F95735510}C:\program files\counter strike pro\hl.exe] => (Block) C:\program files\counter strike pro\hl.exe
FirewallRules: [TCP Query User{82373B55-A77F-409A-A085-846F32096044}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{F6498685-8E61-4A31-934F-6CE879CCDF38}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{D6B6BDC8-1BB0-4C0B-97B3-1CE237FD7B2B}C:\program files\ea games\need for speed most wanted\speed.exe] => (Allow) C:\program files\ea games\need for speed most wanted\speed.exe
FirewallRules: [UDP Query User{18C6CCB1-DD38-4DEC-ABCB-9063B546DF10}C:\program files\ea games\need for speed most wanted\speed.exe] => (Allow) C:\program files\ea games\need for speed most wanted\speed.exe
FirewallRules: [{17ECFF97-F2CE-4038-9C54-CDE1E24F790B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{904A8DA1-10CD-4282-AA79-D4E59AC18621}C:\program files\counter-strike\hlds.exe] => (Allow) C:\program files\counter-strike\hlds.exe
FirewallRules: [UDP Query User{C20BD35B-AC55-4FF3-A6DB-29FFE09E745C}C:\program files\counter-strike\hlds.exe] => (Allow) C:\program files\counter-strike\hlds.exe
FirewallRules: [TCP Query User{B1118242-7F2E-4BAB-876B-F4B5DEE35AE0}C:\program files\counter-strike\hl.exe] => (Block) C:\program files\counter-strike\hl.exe
FirewallRules: [UDP Query User{9FF6D9AE-6159-490C-83D4-DDE48E5ACFD7}C:\program files\counter-strike\hl.exe] => (Block) C:\program files\counter-strike\hl.exe
FirewallRules: [TCP Query User{D514345F-B690-4268-8EBB-ECE9186409C9}C:\games\counter-strike\hltv.exe] => (Block) C:\games\counter-strike\hltv.exe
FirewallRules: [UDP Query User{9EAABD1E-8681-4848-A6BD-BA9FAAD4A0B7}C:\games\counter-strike\hltv.exe] => (Block) C:\games\counter-strike\hltv.exe
FirewallRules: [TCP Query User{49D4D935-ABC8-4A30-BCC6-4AA8C605C095}C:\games\counter-strike\hlds.exe] => (Block) C:\games\counter-strike\hlds.exe
FirewallRules: [UDP Query User{443ED8B4-5626-4396-AC5C-94E38625B02D}C:\games\counter-strike\hlds.exe] => (Block) C:\games\counter-strike\hlds.exe
FirewallRules: [TCP Query User{AA30BC37-9834-4E11-A999-73B30ABE8232}C:\program files\counter-strike 1.6 - csmania\hl.exe] => (Allow) C:\program files\counter-strike 1.6 - csmania\hl.exe
FirewallRules: [UDP Query User{297A9806-1E46-44DA-B7B6-150106B816CC}C:\program files\counter-strike 1.6 - csmania\hl.exe] => (Allow) C:\program files\counter-strike 1.6 - csmania\hl.exe
FirewallRules: [{6F415114-FCCB-47DC-A192-DA88B3158B74}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{511BE4E6-BA3A-4208-9F80-994D912BB420}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [TCP Query User{4E656994-8C63-418C-B495-D1619B784FF7}C:\program files\counter-strike\hl.exe] => (Allow) C:\program files\counter-strike\hl.exe
FirewallRules: [UDP Query User{118C4095-A277-4FD8-98E2-547F397B2DFB}C:\program files\counter-strike\hl.exe] => (Allow) C:\program files\counter-strike\hl.exe
FirewallRules: [TCP Query User{DAF0E6ED-69B2-4C66-8F4F-DBA534D22B89}C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hl.exe] => (Allow) C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hl.exe
FirewallRules: [UDP Query User{594980C3-F5B2-493E-973F-BA8E33BB0FAA}C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hl.exe] => (Allow) C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hl.exe
FirewallRules: [TCP Query User{EBC5274F-1A7A-410F-97A7-B16B989B2A83}C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hl.exe] => (Block) C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hl.exe
FirewallRules: [UDP Query User{8A07E3A7-5063-4780-83E5-CE3D97574433}C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hl.exe] => (Block) C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hl.exe
FirewallRules: [TCP Query User{71093E86-970E-4617-B731-2C3EA36AEC4E}C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hltv.exe] => (Block) C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hltv.exe
FirewallRules: [UDP Query User{8C8AAEE5-4EAC-4AC6-8A62-2DA6FFFBEC00}C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hltv.exe] => (Block) C:\program files\nvidia e7 counte-strike\nvidia e7 counter-strike\hltv.exe
FirewallRules: [TCP Query User{298BE31C-96CC-48E7-837A-1C0B4BBC6930}C:\users\danut\desktop\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe] => (Allow) C:\users\danut\desktop\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe
FirewallRules: [UDP Query User{474223DA-1817-4D95-B443-55DFBE95597E}C:\users\danut\desktop\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe] => (Allow) C:\users\danut\desktop\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe
FirewallRules: [TCP Query User{AAE25887-7D47-4F19-871A-6BCB6CA70413}C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe] => (Allow) C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe
FirewallRules: [UDP Query User{60863C70-B91D-4C65-A9C1-B52E1AEBA39D}C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe] => (Allow) C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe
FirewallRules: [TCP Query User{86F069BF-4481-4884-A756-C28AB8AD7758}C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x32.exe] => (Block) C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x32.exe
FirewallRules: [UDP Query User{E58B95DC-F5D4-4603-8C46-9CD936904063}C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x32.exe] => (Block) C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x32.exe
FirewallRules: [TCP Query User{B5311C64-0042-4AF7-857A-555A938585D8}C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe] => (Allow) C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe
FirewallRules: [UDP Query User{BB17411B-F7F0-42C6-877C-D5CEC9461642}C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe] => (Allow) C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x64.exe
FirewallRules: [TCP Query User{ED691252-8C33-4C12-9CE4-E9CCBD04652D}C:\users\danut\documents\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe
FirewallRules: [UDP Query User{4EA99BC2-085E-4958-B12A-81D740E52210}C:\users\danut\documents\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe
FirewallRules: [TCP Query User{C41328B5-8868-4429-94A5-25EADB87ED7B}C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x32.exe] => (Allow) C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x32.exe
FirewallRules: [UDP Query User{83176DCF-51FF-41D7-B1BC-44DCED48F730}C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x32.exe] => (Allow) C:\users\danut\desktop\new folder\imperialmt2 client v5!\imperialmt2 v5.0 x32.exe
FirewallRules: [TCP Query User{72E0510D-50B3-4047-B6BA-A5ADC851BC15}C:\program files\nvidia e8 pro counter-strike\hl.exe] => (Allow) C:\program files\nvidia e8 pro counter-strike\hl.exe
FirewallRules: [UDP Query User{221A8F6B-56AA-4565-9E11-F093DBB1E83B}C:\program files\nvidia e8 pro counter-strike\hl.exe] => (Allow) C:\program files\nvidia e8 pro counter-strike\hl.exe
FirewallRules: [TCP Query User{5788AEDB-FB4C-402A-87A7-E65CB28DDB37}C:\users\danut\documents\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe
FirewallRules: [UDP Query User{6CA8F5C6-7965-485E-8083-2C5437E0E98C}C:\users\danut\documents\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe
FirewallRules: [TCP Query User{F0199760-3EBE-48BD-AA08-BD39B90FF763}C:\program files\truehost\counter-strike warzone\hl.exe] => (Allow) C:\program files\truehost\counter-strike warzone\hl.exe
FirewallRules: [UDP Query User{5FEAD40E-7EF4-421C-9A23-AB4D06459A42}C:\program files\truehost\counter-strike warzone\hl.exe] => (Allow) C:\program files\truehost\counter-strike warzone\hl.exe
FirewallRules: [TCP Query User{80D52B49-19F2-4E4C-BCE7-FB0ECC938631}C:\program files\truehost\counter-strike warzone\hl.exe] => (Allow) C:\program files\truehost\counter-strike warzone\hl.exe
FirewallRules: [UDP Query User{6D422B83-0725-4351-8A34-A73705C89EDE}C:\program files\truehost\counter-strike warzone\hl.exe] => (Allow) C:\program files\truehost\counter-strike warzone\hl.exe
FirewallRules: [TCP Query User{754EAF59-9431-4149-AEFE-79F81A1858B4}C:\users\danut\documents\nvidia steam counter-strike 2016 update\nsteam counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia steam counter-strike 2016 update\nsteam counter-strike\hl.exe
FirewallRules: [UDP Query User{7E3E09C7-C72C-4AFF-8816-994E59E72F4A}C:\users\danut\documents\nvidia steam counter-strike 2016 update\nsteam counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia steam counter-strike 2016 update\nsteam counter-strike\hl.exe
FirewallRules: [TCP Query User{5021815C-C46F-4B71-B43C-4D091145955C}C:\users\danut\desktop\counterstrike16\hl.exe] => (Allow) C:\users\danut\desktop\counterstrike16\hl.exe
FirewallRules: [UDP Query User{508C8AC8-DC91-4080-87CC-326AC3526A02}C:\users\danut\desktop\counterstrike16\hl.exe] => (Allow) C:\users\danut\desktop\counterstrike16\hl.exe
FirewallRules: [TCP Query User{791CACB7-5030-450A-A964-A51C84171A34}C:\users\danut\desktop\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe
FirewallRules: [UDP Query User{A7FBA604-F5CF-46A8-A30D-A308E36E05A3}C:\users\danut\desktop\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\nvidia e8 counter-strike\nvidia e8 counter-strike\hl.exe
FirewallRules: [{88747C23-6097-4100-81D6-F16968077FC8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{5ED9FBE0-EAC5-42E5-B647-F9C8AF231E43}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{1C421256-F741-4906-8497-DD7AA17FA1A0}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{4FD63DB7-EC91-4A13-B64A-E9D37CE7C446}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{E9ADDA3C-C9FA-45B7-8CDB-34C1725BDDF2}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [{134CA584-3A75-411F-AE8B-AA9ADA62EFDE}] => (Allow) C:\Users\Danut\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3ABA3819-F262-476E-9F8C-BED15BD7E62D}] => (Allow) C:\Users\Danut\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9ACC2511-AE5F-40A3-AE0E-3AE57ACF4CE3}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{532E3323-CD47-4FCB-9597-0930DF7B0733}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{EFA94DD9-12F5-4146-A079-100D7E4A7F56}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{46094C24-D8B1-4B6B-BB25-0F73BAF91198}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{5FD0CD1C-E88B-4ADE-A8E0-325600CCCABE}C:\users\public\desktop\wargods anti cheat\database\checker.exe] => (Allow) C:\users\public\desktop\wargods anti cheat\database\checker.exe
FirewallRules: [UDP Query User{727D8BD0-BC53-49F3-9A79-A455C0F4314A}C:\users\public\desktop\wargods anti cheat\database\checker.exe] => (Allow) C:\users\public\desktop\wargods anti cheat\database\checker.exe
FirewallRules: [{B839A7BD-4D9A-4A6C-8ABC-9C6472DAF4FF}] => (Allow) LPort=29100
FirewallRules: [TCP Query User{4095440B-8AF1-4380-8C99-687106E3E1D9}C:\program files\counter-strike fake steam\hl.exe] => (Allow) C:\program files\counter-strike fake steam\hl.exe
FirewallRules: [UDP Query User{A576EBB2-FD3F-441F-8C17-CF9FBBAA8051}C:\program files\counter-strike fake steam\hl.exe] => (Allow) C:\program files\counter-strike fake steam\hl.exe
FirewallRules: [TCP Query User{81CCFE54-F002-4DBC-9A63-20467276D170}C:\users\danut\desktop\counter strike 1.6 fake steam 2016\hl.exe] => (Allow) C:\users\danut\desktop\counter strike 1.6 fake steam 2016\hl.exe
FirewallRules: [UDP Query User{D997BF9A-6D16-4AFF-B1B7-428E41A6C6F4}C:\users\danut\desktop\counter strike 1.6 fake steam 2016\hl.exe] => (Allow) C:\users\danut\desktop\counter strike 1.6 fake steam 2016\hl.exe
FirewallRules: [{0E7E171E-C7C7-48D6-A7E3-E30451FE66BF}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{C7A02492-10D9-41F8-B0D8-E7718E17E7AE}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{C6CA7FA1-96A7-4B1A-9A27-2D91710F2196}] => (Allow) C:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{067679B6-38A1-40B8-A684-4E3C73C208DE}] => (Allow) C:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{A1498A7C-16EF-46C6-94D3-39C7413AA6E3}C:\users\danut\desktop\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\nvidia e8 counter-strike\hl.exe
FirewallRules: [UDP Query User{B51EBCDA-015B-4E1C-BCE1-4947D4D59FC7}C:\users\danut\desktop\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\nvidia e8 counter-strike\hl.exe
FirewallRules: [TCP Query User{13B3C465-80F8-4199-8AA3-14CE8A63D3E0}C:\users\danut\desktop\programe\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\programe\nvidia e8 counter-strike\hl.exe
FirewallRules: [UDP Query User{81849F0F-BF97-4B9B-B6AA-EC7F7A0E9A53}C:\users\danut\desktop\programe\nvidia e8 counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\programe\nvidia e8 counter-strike\hl.exe
FirewallRules: [TCP Query User{C3EF2738-9BC0-444F-80A1-C3298A4E543B}E:\nvidia e8 counter-strike\hl.exe] => (Allow) E:\nvidia e8 counter-strike\hl.exe
FirewallRules: [UDP Query User{E75DBD79-1D25-494C-B308-0275EBB040AA}E:\nvidia e8 counter-strike\hl.exe] => (Allow) E:\nvidia e8 counter-strike\hl.exe
FirewallRules: [TCP Query User{0AC7171F-247C-4118-B822-1481D416EC65}C:\program files\winscp\winscp.exe] => (Allow) C:\program files\winscp\winscp.exe
FirewallRules: [UDP Query User{32663907-273C-426D-B625-DAE2E073EF93}C:\program files\winscp\winscp.exe] => (Allow) C:\program files\winscp\winscp.exe
FirewallRules: [TCP Query User{717DFA79-24F3-4860-B8EF-0E50C8455402}C:\program files\winscp\winscp.exe] => (Allow) C:\program files\winscp\winscp.exe
FirewallRules: [UDP Query User{FFA3BA1A-A838-4BCF-A2D8-A8981D89103E}C:\program files\winscp\winscp.exe] => (Allow) C:\program files\winscp\winscp.exe
FirewallRules: [TCP Query User{F2B1C479-F8FA-4129-A2EC-A1CF83CA80E4}C:\users\danut\documents\nvidia e9 se counter-strike\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e9 se counter-strike\nvidia e9 se counter-strike\hl.exe
FirewallRules: [UDP Query User{2F572245-044D-4E88-AD47-7C0C1740BD73}C:\users\danut\documents\nvidia e9 se counter-strike\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e9 se counter-strike\nvidia e9 se counter-strike\hl.exe
FirewallRules: [TCP Query User{4C3EBFE4-0E74-4A20-A395-4439F21AD4C4}C:\users\danut\documents\nvidia e9 se counter-strike\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e9 se counter-strike\nvidia e9 se counter-strike\hl.exe
FirewallRules: [UDP Query User{C8CC86F4-E031-4B16-B9EB-CEB2F0619716}C:\users\danut\documents\nvidia e9 se counter-strike\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e9 se counter-strike\nvidia e9 se counter-strike\hl.exe
FirewallRules: [TCP Query User{E69DF161-62A5-49F1-A5EE-12B67459A185}C:\users\danut\documents\nvidia e9 se counter strike\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e9 se counter strike\nvidia e9 se counter-strike\hl.exe
FirewallRules: [UDP Query User{94DD3498-3728-4F6D-9FFE-8164361C3B71}C:\users\danut\documents\nvidia e9 se counter strike\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e9 se counter strike\nvidia e9 se counter-strike\hl.exe
FirewallRules: [TCP Query User{418D5AEA-E5E7-4261-AC2C-45B9E389D9FB}C:\users\danut\documents\nvidia e9 se counter strike\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e9 se counter strike\nvidia e9 se counter-strike\hl.exe
FirewallRules: [UDP Query User{F32DD3FE-EEBE-4DFA-8320-777A671F4363}C:\users\danut\documents\nvidia e9 se counter strike\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\documents\nvidia e9 se counter strike\nvidia e9 se counter-strike\hl.exe
FirewallRules: [TCP Query User{F5FE5589-ECD2-4E80-8735-962C55D69BB8}C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hl.exe
FirewallRules: [UDP Query User{05D6A88D-AE15-4707-AC00-065462F2429E}C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hl.exe
FirewallRules: [TCP Query User{09F7A37B-A77F-4DD0-8D30-77089F771799}C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hl.exe
FirewallRules: [UDP Query User{9982D6B8-15AE-475D-8E76-A7D6D6885451}C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hl.exe] => (Allow) C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hl.exe
FirewallRules: [TCP Query User{0EAB7B01-A21D-4D14-8E1D-0ACC304B33B6}C:\users\danut\desktop\new folder\metin2hipera\metin2hipera.exe] => (Allow) C:\users\danut\desktop\new folder\metin2hipera\metin2hipera.exe
FirewallRules: [UDP Query User{76D1C604-811F-4FC3-8C7B-D5FE7B6259EE}C:\users\danut\desktop\new folder\metin2hipera\metin2hipera.exe] => (Allow) C:\users\danut\desktop\new folder\metin2hipera\metin2hipera.exe
FirewallRules: [{454A126F-7A5D-4706-9F09-BB562962B97A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D1013246-765A-449D-AD43-D5CA1DB995BE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FDD60B92-BCC3-47A4-B699-EABCD4160CA5}C:\users\danut\desktop\programe\romaniametin2\romaniametin2.exe] => (Allow) C:\users\danut\desktop\programe\romaniametin2\romaniametin2.exe
FirewallRules: [UDP Query User{6BDE4FBF-471F-433F-8137-06AF583EEB86}C:\users\danut\desktop\programe\romaniametin2\romaniametin2.exe] => (Allow) C:\users\danut\desktop\programe\romaniametin2\romaniametin2.exe
FirewallRules: [TCP Query User{7BF23FC2-D6F2-4701-8CD6-3044559B6F7F}C:\users\danut\desktop\programe\romaniametin2\romaniametin2.exe] => (Allow) C:\users\danut\desktop\programe\romaniametin2\romaniametin2.exe
FirewallRules: [UDP Query User{C764B74F-D214-43AE-8E04-6E197DF74D15}C:\users\danut\desktop\programe\romaniametin2\romaniametin2.exe] => (Allow) C:\users\danut\desktop\programe\romaniametin2\romaniametin2.exe
FirewallRules: [TCP Query User{F3B2C60B-EB67-496D-A8A2-8090A9A09CF7}C:\games\counter-strike 1.6 xtcs final\hl.exe] => (Allow) C:\games\counter-strike 1.6 xtcs final\hl.exe
FirewallRules: [UDP Query User{D9A3A33F-3E8A-41B3-ABEB-88AAA2E13275}C:\games\counter-strike 1.6 xtcs final\hl.exe] => (Allow) C:\games\counter-strike 1.6 xtcs final\hl.exe
FirewallRules: [TCP Query User{67D52878-1794-4349-A444-52932BEC177E}C:\games\counter-strike 1.6 xtcs final\hl.exe] => (Allow) C:\games\counter-strike 1.6 xtcs final\hl.exe
FirewallRules: [UDP Query User{6316E00B-85DB-4847-A217-BCE6D2DA7B92}C:\games\counter-strike 1.6 xtcs final\hl.exe] => (Allow) C:\games\counter-strike 1.6 xtcs final\hl.exe
FirewallRules: [TCP Query User{3E7C045F-8767-4A90-AA1C-7D1313D6D2A8}C:\users\danut\desktop\cs16-2017\hl.exe] => (Allow) C:\users\danut\desktop\cs16-2017\hl.exe
FirewallRules: [UDP Query User{700DA8DD-9916-4CCF-843C-1C4FC2AD0BFD}C:\users\danut\desktop\cs16-2017\hl.exe] => (Allow) C:\users\danut\desktop\cs16-2017\hl.exe
FirewallRules: [TCP Query User{950A1870-DFE9-4502-8CE2-48DEFB1F9C53}C:\users\danut\desktop\new folder\cs16-2017\hl.exe] => (Allow) C:\users\danut\desktop\new folder\cs16-2017\hl.exe
FirewallRules: [UDP Query User{BCD7A441-304A-4D19-923D-6A161D44F633}C:\users\danut\desktop\new folder\cs16-2017\hl.exe] => (Allow) C:\users\danut\desktop\new folder\cs16-2017\hl.exe
FirewallRules: [TCP Query User{740BBACD-9A36-411C-9A9D-01E819FABFF6}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{7029EF1D-0D15-4044-8A5E-4C812B0DDB07}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{E5DCE01A-9314-41A4-8ACC-9015CA23DDD9}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{65EB9366-26D2-486C-A602-DCEFB4B2DCB3}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{443576BB-798D-413F-9AFF-06AF21D1D407}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{EFBCF5ED-D815-49AF-9B3A-6EB9A5871652}C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hltv.exe] => (Block) C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hltv.exe
FirewallRules: [UDP Query User{F70177E5-5FDE-45B0-860B-27BAB061B01B}C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hltv.exe] => (Block) C:\users\danut\desktop\new folder\nvidia e9 se counter-strike\hltv.exe
FirewallRules: [TCP Query User{E7194D5B-5E1B-4FAB-A850-9E56DA67FA60}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{65AD22BB-5143-45E3-ACC1-A618FF9E94EC}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot load the device driver for this hardware because a previous instance of the device driver is still in memory. (Code 38)
Resolution: The driver could not be loaded because a previous instance is still loaded.
Restart the computer.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2017 05:52:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/24/2017 05:52:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/24/2017 05:03:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/24/2017 05:03:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/24/2017 03:45:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/24/2017 03:45:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/24/2017 09:44:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hl.exe, version: 1.1.1.1, time stamp: 0x3fd11900
Faulting module name: hl.exe, version: 1.1.1.1, time stamp: 0x3fd11900
Exception code: 0xc0000005
Fault offset: 0x00002783
Faulting process id: 0x1328
Faulting application start time: 0x01d2bcc642f6b5ae
Faulting application path: C:\Users\Danut\AppData\Local\Temp\3582-490\hl.exe
Faulting module path: C:\Users\Danut\AppData\Local\Temp\3582-490\hl.exe
Report Id: 81a4be6c-28b9-11e7-b9da-1867b06c3e76

Error: (04/24/2017 09:37:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1201583

Error: (04/24/2017 09:37:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1201583

Error: (04/24/2017 09:37:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/25/2017 12:33:06 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.2 with the system
having network hardware address 00-08-22-78-E5-BA. Network operations on this system may
be disrupted as a result.

Error: (04/25/2017 07:35:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (04/24/2017 05:45:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HPProtector Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (04/24/2017 05:34:58 PM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY)
Description: The Program Compatibility Assistant service failed to perform the phase two initialization.

Error: (04/24/2017 04:57:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HPProtector Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (04/24/2017 04:57:52 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000019 (0x00000020, 0x87586800, 0x87586818, 0x08030004). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042417-14196-01.

Error: (04/24/2017 04:57:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:56:29 PM on ‎4/‎24/‎2017 was unexpected.

Error: (04/24/2017 03:39:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HPProtector Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (04/24/2017 03:39:33 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000019 (0x00000020, 0x89e06810, 0x89e06828, 0x0803000d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042417-16567-01.

Error: (04/24/2017 03:39:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:38:47 PM on ‎4/‎24/‎2017 was unexpected.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 64%
Total physical RAM: 3295.54 MB
Available physical RAM: 1186.07 MB
Total Virtual: 9437.81 MB
Available Virtual: 6513.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:87.89 GB) (Free:50.65 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: () (Fixed) (Total:377.87 GB) (Free:377.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A33B6C03)
Partition 1: (Active) - (Size=87.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=377.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

One more thing i don't know where i find the scan logo from Malwarebytes. Can you tell me?

 

Edited by Botan
Link to post
Share on other sites

MBAM log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 26.04.2017
Scan Time: 07:41
Logfile: Mal.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.04.25.10
Rootkit Database: v2017.04.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: Danut

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 235243
Time Elapsed: 18 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 2
Hijack.ExeFile, HKLM\SOFTWARE\CLASSES\EXEFILE\SHELL\OPEN\COMMAND, C:\Windows\svchost.com "Good: ("Bad: (C:\Windows\svchost.com "%1" %*),Replaced,[7bce3db8bbedcd69074ae92759aa27d9]" %*)" %*, %4, %5
Broken.OpenCommand, HKCR\exefile\shell\open\command, C:\Windows\svchost.com "Good: ("Bad: (C:\Windows\svchost.com "%1" %*),Replaced,[ffffffffffffffffffffffffffffffff]" %*)" %*, %4, %5

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Root Admin

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

 

Link to post
Share on other sites

  • Root Admin

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

  • Root Admin

It looks like Sophos was not able to complete that removal. Please try the following tool. Make sure your antivirus is disabled while using the tool.

 

Please download Malwarebytes Anti-Rootkit from HERE
If needed there is a self help tutorial here: MBAR tutorial

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.