CloseProcesses:
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.)
Edge Extension: (Please enter your password) -> EdgeExtension_28944StefanvdTurnOfftheLightsextension_pe3vc7q6mjj3e => C:\Program Files\WindowsApps\28944Stefanvd.TurnOfftheLightsextension_3.4.34.0_neutral__pe3vc7q6mjj3e [2017-11-13]
CHR HomePage: Profile 1 -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwYO55w-ZXGxCsKvUNFFjKh47-ylI-LOMzQJoQicREwhKaFUuqEKZpQJ3mUec8Neuz6vQn5WBJMMpiY-1JVlzYE60vvVEqkcDF1zJu9U6t4XzVXC_Hwkrys-5AaEHw16sWJRjZYIQuIxfoRbo
CHR Extension: (Quick Searcher v16.2) - C:\Users\damia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-02-19]
CHR Profile: C:\Users\damia\AppData\Local\Google\Chrome\User Data\System Profile [2018-02-19]
CHR Extension: (Adblocker for Youtube™) - C:\Users\damia\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\dlpillepmpinmldcgomlekppgegbkkoc [2018-02-19]
CHR Extension: (Quick Searcher) - C:\Users\damia\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-02-19]
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
C:\Users\damia\Desktop\Osoba 1 - Chrome.lnk
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Media"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Media"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => "SafeBootDrivers"="1"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKU\S-1-5-21-54286028-2577319502-3764889771-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DBED392A397AC4B404911B0CADF8769C"
HKU\S-1-5-21-54286028-2577319502-3764889771-1001\...\StartupApproved\Run: => "go"
InternetURL: C:\Users\damia\Favorites\Links\Интернет.url -> URL: hxxp://aplamen.ru/?utm_source=favorites03&utm_content=cceaa380264f5e77e2b0bf429cd3c835&utm_term=EB331A7327CA16A3E41C03619641DFA7&utm_d=20170228
EmptyTemp: