Премини към съдържанието

kook

Потребител
  • Публикации

    241
  • Регистрация

  • Последно онлайн

Всичко публикувано от kook

  1. Излизат заблуждаващи сайтове, които те подканят да си платиш, за да гледаш (както всъщност и трябва да бъде, защото хората се трудят за да правят филми, песни и прочие). Ние търсим безплатна алтернатива, чрез която можем да гледаме "Уют". Но такава не намираме...
  2. И аз много го търсих в нета. Няма го. Явно Камен държи много на това филмът му да не се разпространява нелегално. И си е прав човекът. Гледах "Уют" на кино и доста се смях. Ако имаше и откъде да го сваля или гледам онлайн, щеше да е супер.
  3. Преди имах 9-та версия на програмата, но не ми вършеше работа. Търсих в нета 4-та версия. Дръпнах я. Дропна двата файла, Аваст изпищя, но не можа да се справи и да ги премахне. Премахнах ги ръчно. След това изтеглих 5-та версия на ДВДФаб, която изглежда чиста и ми върши работа. ФРСТ открива така като гледам и стари и нови ключове в регистрите свързани с 3-те различни версии, които теглих. В момента имам инсталирана 5-та версия и съм доволен и не ми прави проблеми. SearchReg.txt Sality Killer не можах да го стартирам през CMD. Стартирах го чрез иконата на десктопа и не се създаде лог файл. Изписа, че има 0 зарази. Може би поводът ми за притеснение е неудачен и системата е чиста. От 2 седмици съм с Уиндоус 7 на този лаптоп и процесорът му май идва слабичък, та затова се товари до 80-90 процента при браузване...
  4. DVDFab Platinum. Стара версия търсех, че ми трябва. Мога и линк да ви пратя на лично да тествате. Дропва две екзета в Темп папката. Самата програма си и няма нищо. Но това, което изтеглих беше някаква кракната версия с изненада вътре мисля.
  5. Дневникът ФРСТ.ехе го прикачих, защото при копи пейст на текста нещо форумът се бъгва. Ще е възможно ли да хвърлите едно око. Деинсталирах Аваст. Такава издънка не мога да пренебрегна. Сигнализира ми за заплаха но нищо не можа да направи. Вече съм с ФортиКлиент.
  6. Addition.txt FRST.txt Процесорът се товари почти на макс при отворен 1 таб в Мозила. Свалих една кракната програма и оттам почнаха проблемите. Аваст отрки заплахи key.exe и keygen-pr.exe, но не можа да се справи с тях. Намираха се в Local\Temp папката. Влезнах в сейфмод и ръчно ги изтрих. Проблемът все още е налице очевидно обаче. Четох специално за keygen-pr.exe в нета. На едно място го обявяват за CPU Miner, на друго - за Sality (дано не се окаже това...). Сканирах с Хитманпро, Земана и Малуербайтс. Нищичко не откриват.
  7. Здравейте. Търся читава програма, която да възстановява изтрити снимки от Телефон с Андроид. Изпробвах десетки програми от GooglePlay Store, но не намирам снимките, които по погрешка бяха изтрити, а ми трябват. Снимките ми бяха пратени по Вайбър, като бяха съхранени автоматично в папка Viber Images в паметта на телефона. Пробвах и редица програми за Уиндоус. Свързвах телефона с USB кабела, някои от програмите сканираха и не намираха това, което ми трябва, а други пък - искаха руут на телефона. Руут нямам, не мисля и да правя. Предложения и идеи за програми, които могат да свършат работа, се приемат . Благодаря предварително!
  8. Имайки налице ЕСЕТ и AdGuard не съм смятал никога, че някога от някъде мога да лепна адуер. Още по-малко като считам, че поддържам добра хигиена на браузване и махам всички отметки при инсталиране на програми, които идват с разни бонуси, тулбари и прочие. Още веднъж се потвърждава твърдението, че 100% защита обаче няма и никой не е застрахован. Благодаря за изчерпателния отговор, поясненията и още веднъж за помощта !
  9. Понеже мислех, че имаме още работа и указания за премахване на комбофикс и другите програми, затова не бързах да изказажа благодарности за помощта. И понеже ми е интересно и се чудя как и от къде го бях прихванал този адуер, бих желал, ако е възможно разбира се, да ми обясниш и защо толкова трудно го премахнахме. Малуърбайтс (изключителна програма, на която се доверявам от години) откриваше адуера, но не успяваше трайно да го премахне.. Благодаря най-искрено за оказаната помощ !
  10. Прикачвам логовете. FRST.txt Addition.txt След като стартирах 1.reg проблемът като че ли вече се оправи. Антивирусната не ме известява, а също и проверих в regedit.. ключът който правеше проблема вече перманентно го няма (преди се възобновяваше).
  11. Този път май проработи, да. Проблемът за жалост още си е налице. export.reg
  12. Същата работа и с този бат файл.
  13. Христос Воскресе! Изтеглих бат файла, но при стартирането му се отваря за много кратко (за части от секундата) конзолата и се затваря светкавично. Нищо не се случва и нито иска рестарт, нито нищо. Създаден файл също няма. Може би нещо не е сработило.. Иначе проблемът още продължава.
  14. Може би отскоро е станала мрежата им зоологическа градина, защото преди проблеми нямаше. Ето лога от Комбофикс: (Проблемът продължава и след интервенцията на Комбофикс...) ComboFix 16-04-29.01 - hristo 04.2016 г. 22:47:51.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1033.18.8073.6681 [GMT 3:00] Running from: c:\users\hristo\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289} SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\InViewer c:\program files (x86)\InViewer\AxInterop.WMPLib.dll c:\program files (x86)\InViewer\changelog.txt c:\program files (x86)\InViewer\gpl.txt c:\program files (x86)\InViewer\Interop.WMPLib.dll c:\program files (x86)\InViewer\invhelper.exe c:\program files (x86)\InViewer\inviewer.exe c:\program files (x86)\InViewer\readme.txt c:\program files (x86)\InViewer\unins000.dat c:\program files (x86)\InViewer\unins000.exe c:\programdata\ntuser.pol c:\windows\system\bdt52exf.dll c:\windows\system\bivbx31.32n c:\windows\winhelp.ini . . ((((((((((((((((((((((((( Files Created from 2016-03-28 to 2016-04-30 ))))))))))))))))))))))))))))))) . . 2016-04-30 19:52 . 2016-04-30 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-04-30 19:19 . 2016-04-30 19:19 -------- d-----w- C:\zoek 2016-04-30 19:06 . 2016-04-30 19:52 -------- d-----w- c:\users\hristo\AppData\Local\Temp 2016-04-30 17:21 . 2016-04-30 17:21 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2016-04-30 17:21 . 2016-04-30 17:21 -------- d-----w- c:\program files\Mozilla Firefox 2016-04-29 18:25 . 2016-04-29 18:29 -------- d-----w- c:\users\hristo\AppData\Roaming\ZHP 2016-04-29 17:17 . 2016-04-30 17:25 -------- d-----w- C:\FRST 2016-04-29 15:19 . 2016-04-29 15:19 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys 2016-04-29 14:52 . 2016-04-29 14:52 290304 ----a-w- c:\windows\SysWow64\subinacl.exe 2016-04-29 14:52 . 2016-04-29 14:52 -------- d-----w- c:\program files (x86)\Adware Removal Tool by TSA 2016-04-29 14:38 . 2016-04-29 18:20 -------- d-----w- C:\AdwCleaner 2016-04-29 14:24 . 2016-04-29 14:24 202656 ----a-w- c:\windows\system32\drivers\zam64.sys 2016-04-29 14:24 . 2016-04-29 14:24 202656 ----a-w- c:\windows\system32\drivers\zamguard64.sys 2016-04-29 14:24 . 2016-04-29 14:24 -------- d-----w- c:\program files (x86)\Zemana AntiMalware 2016-04-29 14:24 . 2016-04-29 14:24 -------- d-----w- c:\users\hristo\AppData\Local\Zemana 2016-04-27 11:05 . 2016-04-27 11:24 -------- d-----w- c:\users\proba 2016-04-27 10:33 . 2013-11-06 21:07 8157184 ----a-w- c:\windows\system32\IDTNHP.dll 2016-04-27 10:33 . 2013-11-06 21:07 8131584 ----a-w- c:\windows\system32\IDTNGUI.exe 2016-04-27 10:33 . 2013-11-06 21:07 6154240 ----a-w- c:\windows\system32\stlang64.dll 2016-04-27 10:33 . 2013-11-06 21:07 253952 ----a-w- c:\windows\system32\IDTNJ.exe 2016-04-27 10:33 . 2013-11-06 21:07 2233344 ----a-w- c:\windows\system32\IDTNX.dll 2016-04-27 10:33 . 2013-11-06 21:07 1897984 ----a-w- c:\windows\system32\IDTNC64.cpl 2016-04-27 10:33 . 2013-11-06 21:07 1703424 ----a-w- c:\windows\sttray64.exe 2016-04-27 10:33 . 2011-05-17 14:25 464384 ----a-w- c:\windows\system32\slapoi64.dll 2016-04-25 17:26 . 2016-04-25 17:26 -------- d-----w- c:\users\hristo\AppData\Local\iSkysoft 2016-04-25 17:26 . 2016-04-25 17:26 -------- d-----w- c:\program files (x86)\Common Files\iSkysoft 2016-04-25 17:26 . 2015-02-27 11:38 721263 ----a-w- c:\windows\SysWow64\ISCM64.dll 2016-04-25 17:26 . 2015-02-27 11:38 214528 ----a-w- c:\windows\SysWow64\ISCM32.dll 2016-04-25 17:26 . 2015-02-27 11:54 31080 ----a-w- c:\windows\system32\drivers\VirtualAudio.sys 2016-04-25 17:26 . 2016-04-29 13:34 -------- d-----w- c:\programdata\iSkysoft Video Converter 2016-04-25 17:26 . 2016-04-25 17:27 -------- d-----w- c:\programdata\iSkysoft 2016-04-25 17:26 . 2016-04-25 17:26 -------- d-----w- c:\program files (x86)\iSkysoft 2016-04-25 17:24 . 2016-04-25 17:25 46597368 ----a-w- c:\program files (x86)\video-converter-win_full165.exe 2016-04-21 12:17 . 2016-04-21 12:17 -------- d-----w- c:\program files (x86)\Common Files\Java 2016-04-08 13:33 . 2016-04-08 13:33 5934784 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2016-04-30 09:16 . 2015-04-01 15:49 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2016-04-21 12:17 . 2014-06-01 15:42 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2016-04-08 13:33 . 2015-01-13 14:11 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2016-04-08 13:33 . 2015-01-13 14:11 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2016-03-10 11:09 . 2015-04-01 15:49 64896 ----a-w- c:\windows\system32\drivers\mwac.sys 2016-03-10 11:08 . 2015-04-01 15:49 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2016-03-10 11:08 . 2015-04-01 15:49 27008 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-01-06 11:29 . 2015-01-06 11:28 33551464 ----a-w- c:\program files (x86)\ashampoo_burning_studio_free_1.14.5_sm.exe 2015-01-02 20:35 . 2014-06-01 10:37 73898496 ----a-w- c:\program files\eav_nt64_ENU.msi 2014-09-12 19:37 . 2014-09-12 19:37 6308192 ----a-w- c:\program files (x86)\TeamViewer_Setup_bg.exe 2014-08-22 09:29 . 2014-08-22 09:28 35594856 ----a-w- c:\program files (x86)\SkypeSetupFull.exe 2014-08-20 17:09 . 2014-08-20 17:09 18080656 ----a-w- c:\program files\PDFXVwer.exe 2014-06-13 14:40 . 2014-06-13 14:40 2782320 ----a-w- c:\program files\Fraps 3.5.99 Build 15618.exe 2014-06-01 09:24 . 2014-06-01 09:24 22180353 ----a-w- c:\program files (x86)\audacity-win-2.0.5.exe 2014-05-31 17:59 . 2014-05-31 17:58 4770672 ----a-w- c:\program files (x86)\BitTorrent-7.2.1.exe 2014-05-19 15:47 . 2014-06-02 16:30 32935208 ----a-w- c:\program files (x86)\MSIAfterburnerSetup300.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2014-04-17 1967616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-12-20 292848] "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-09-16 134616] "BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2014-02-17 389368] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-03-31 596504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\system32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x] R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\system32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x] R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x] R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio.sys [x] S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x] S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;c:\program files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe;c:\program files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [x] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x] S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\system32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x] S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 m76usb;M76USB Bluetooth Device Driver;c:\windows\system32\DRIVERS\m76usb.sys;c:\windows\SYSNATIVE\DRIVERS\m76usb.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2016-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13 13:33] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartupDelayer"="c:\program files\Startup Delayer\Startup Launcher.exe" [2014-07-20 1257544] "Persistence"="c:\windows\system32\igfxpers.exe" [2013-10-16 444400] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-10-16 407536] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-07-08 5595848] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-11-06 1703424] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm TCP: Interfaces\{114E42A2-F4B3-4376-AEC5-69FA8E0C66E4}: NameServer = 87.120.67.1 FF - ProfilePath - c:\users\hristo\AppData\Roaming\Mozilla\Firefox\Profiles\m1va6xgc.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-SopCast - c:\program files (x86)\SopCast\uninst.exe AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\setup.exe AddRemove-{6e8f74e0-43bd-4dce-8477-6ff6828acc07} - c:\programdata\Package Cache\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}\vcredist_x64.exe AddRemove-{7E575733-1DF5-4064-AE38-289BA932398A}_is1 - c:\program files (x86)\InViewer\unins000.exe AddRemove-{8e70e4e1-06d7-470b-9f74-a51bef21088e} - c:\programdata\Package Cache\{8e70e4e1-06d7-470b-9f74-a51bef21088e}\vcredist_x86.exe AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-878371416-534066379-273716249-1000_Classes\Wow6432Node\CLSID\{22fea51b-d6d8-4c3d-9dc6-122a63db5967}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000160 "Therad"=dword:00000025 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,37,98,fc,d1,02,1b,64,e6,e3,7d,c9,98,63,5f,7c,e7,2c,63,1a,65,1a,de,\ . [HKEY_USERS\S-1-5-21-878371416-534066379-273716249-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):ac,97,d5,0d,bf,67,dc,7a,06,0b,74,2c,5b,4c,b1,3b,86,de,14,7b,af, 4b,b9,7e,ec,1d,43,2d,98,53,f7,f8,05,8e,ab,f6,e6,ed,2b,22,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-878371416-534066379-273716249-1000_Classes\Wow6432Node\CLSID\{6d36db83-0dde-4af5-b333-3abf8c8a728e}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000005a "Therad"=dword:00000001 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_USERS\S-1-5-21-878371416-534066379-273716249-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):b2,f4,d4,68,89,cf,59,5f,0a,14,85,8c,1d,03,cb,64,56,37,a5,f9,58, e2,0d,95,8c,65,7f,5b,e5,a5,a0,57,da,6d,ea,bb,24,55,38,a6,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2016-04-30 22:55:39 ComboFix-quarantined-files.txt 2016-04-30 19:55 . Pre-Run: 114 021 396 480 bytes free Post-Run: 113 841 238 016 bytes free . - - End Of File - - 345AC29A6FE3D55C60EFA8262CE1F75F A36C5E4F47E84449FF07ED3517B43A31
  15. Така само цифрите нищо не ми говорят. Но сега проверих в Гуугъл. Явява се, че това е едно от АйПи-тата на доставчика, който ползвам от вчера. Те идваха и правиха настройки по лаптопа, но беше преди почти 2 години. А ползвам така временно интернет от тях от доста време, проблем не съм имал. Иначе да, ЕСЕТ продължава да блокира многократно ън-стоп.ком
  16. Не, не използвам интернет от флашка. Проблемът се появи като че ли от вчера, когато ръгнах ЛАН кабела за интернета... В момента не съм си вкъщи и ми се налага за няколко дни да ползвам интернет от друг доставчик през ЛАН. Само че и друг път съм го ползвал и съм нямал никакви проблеми... Не знам откъде дойде този адуер.
  17. Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by hristo on бкЎ 30.04.2016 Ј. at 21:53:43,63. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\hristo\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 30.4.2016 г. 21:54:38 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~3\IDM deleted successfully C:\PROGRA~3\Ubisoft deleted successfully C:\Users\hristo\AppData\Roaming\25735 deleted successfully C:\Users\hristo\AppData\Roaming\DMCache deleted successfully C:\Users\hristo\AppData\Roaming\iSkysoft Video Converter deleted successfully C:\Users\hristo\AppData\Local\Adobe deleted successfully C:\Users\hristo\AppData\Local\Opera Software deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\hristo\AppData\Roaming\Mozilla\Firefox\Profiles\m1va6xgc.default\prefs.js: Added to C:\Users\hristo\AppData\Roaming\Mozilla\Firefox\Profiles\m1va6xgc.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Deleting Files \ Folders ====================== C:\Users\hristo\.android deleted C:\PROGRA~2\SopCast deleted C:\PROGRA~2\COMMON~1\Wondershare deleted C:\PROGRA~3\BSD deleted C:\PROGRA~3\Package Cache deleted C:\Users\hristo\AppData\Local\Wondershare deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\hristo\AppData\Roaming\Mozilla\Firefox\Profiles\m1va6xgc.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\hristo\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions hegneaniplmfjcmohoclabblbahcbjoe - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions hegneaniplmfjcmohoclabblbahcbjoe - No path found[] mjbepbhonbojpoaenhckjocchgfiaofo - No path found[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\hristo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\hristo\AppData\Local\Mozilla\Firefox\Profiles\m1va6xgc.default\cache2 will be emptied at reboot ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=167 folders=61 41196913 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\hristo\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\hristo\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on бкЎ 30.04.2016 Ј. at 22:07:07,38 ======================
  18. Sync не използвам. Хмм, не знам честно казано откъде се появи тоя проблем. ЕСЕТ обаче продължава да сигнализира, блокирайки un-stop.com ...
  19. Преинсталирах Мозила, пуснах скрипта отново, но проблемът все още е налице.
  20. Положението е същото. Явно трябва да пробваме и с деинстал на браузъра. Пак казвам обаче. Със Интернет експлорера също го има проблемът. Fixlog.txt
  21. Refresh направих на Мозилата. Не съм я преинсталирал.
  22. Сканирах отново с Малуърбайтс. Намери отново същия ключ от регистъра и го прати в карантината. Дотук добре, но както и преди, ключът се възобнови и при влизане в Мозила (в ИЕ също), ЕСЕТ блокира многократно тази страница un-stop.com ... Направих буутлоговете от ПроцесМонитор-а (станаха 3 на брой, не знам защо, но съм прикачил и трите). Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 30.4.2016 г. Scan Time: 12:17 ч. Logfile: MBAM LOG.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.04.30.02 Rootkit Database: v2016.04.17.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: hristo Scan Type: Threat Scan Result: Completed Objects Scanned: 369888 Time Elapsed: 21 min, 3 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Warn Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 1 Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-878371416-534066379-273716249-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, http://un-stop.com/wpad.dat?b086b8b5f759e0af1174f8cf3b134c136742116, Quarantined, [6f8b07add1c88caa1fd2c4eb0afa47b9] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Буутлог Буутлог-1 Буутлог-2
  23. Лог файла от ФРСТ го направих след сканирането с МБАМ. Вирустотал за страницата, която бива блокирана: Вирустотал Иначе ето логовете от сканиранията с другите 3 програмки.. # AdwCleaner v5.114 - Logfile created 29/04/2016 at 21:20:01 # Updated 27/04/2016 by Xplode # Database : 2016-04-27.1 [Server] # Operating system : Windows 7 Ultimate Service Pack 1 (X64) # Username : hristo - HRISTO-LAPTOP # Running from : C:\Users\hristo\Downloads\adwcleaner_5.114(1).exe # Option : Scan # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [2773 bytes] - [29/04/2016 20:10:26] C:\AdwCleaner\AdwCleaner[S1].txt - [3417 bytes] - [29/04/2016 17:38:58] C:\AdwCleaner\AdwCleaner[S2].txt - [3207 bytes] - [29/04/2016 20:05:19] C:\AdwCleaner\AdwCleaner[S3].txt - [871 bytes] - [29/04/2016 21:20:01] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [943 bytes] ########## Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.6 (04.25.2016) Operating System: Windows 7 Ultimate x64 Ran by hristo (Administrator) on ЇҐв 29.04.2016 Ј. at 21:22:56,70 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 14 Successfully deleted: C:\ProgramData\drivergenius (Folder) Successfully deleted: C:\Windows\wininit.ini (File) Successfully deleted: C:\Users\hristo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\hristo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\hristo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\hristo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\hristo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LM90TPXT (Temporary Internet Files Folder) Successfully deleted: C:\Users\hristo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXIJY418 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LM90TPXT (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXIJY418 (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on ЇҐв 29.04.2016 Ј. at 21:24:23,43 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ ZHPCleaner v2016.4.28.59 by Nicolas Coolman (2016/04/28) ~ Run by hristo (Administrator) (29/04/2016 21:26:21) ~ Site : http://www.nicolascoolman.com ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Scan ~ Report : C:\Users\hristo\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\hristo\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (0) ~ No malicious or unnecessary items found. ---\\ Registry ( Key, Value, Data) (0) ~ No malicious or unnecessary items found. ---\\ Result of repair ~ Any repair made ~ Browser not found (Google Chrome) ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 67141 ~ Items found : 0 ~ Items cancelled : 0 ~ Items repaired : 0 ~ End of search in 00h03mn31s ~==================== ZHPCleaner--29042016-21_29_52.txt
  24. Привет, HJT Днес цял ден антивирусната ми подскача и блокира някаква страница un-stop.com/wpad.dat. Попрочетох в нета какво представлява. Оказа се някакъв вид кофти адуер. Сканирах с МБАМ (прикачил съм скан лога), която откри зловреден ключ от регистъра и уж го изтри, но той отново се появява. Реснах и браузъра (Мозила)... без ефект. Ако може да погледнете и да установим проблема. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016 Ran by hristo (administrator) on HRISTO-LAPTOP (29-04-2016 20:17:45) Running from C:\Users\hristo\Downloads Loaded Profiles: hristo (Available Profiles: hristo) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [StartupDelayer] => C:\Program Files\Startup Delayer\Startup Launcher.exe [1257544 2014-07-21] (r2 Studios) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-25] (Synaptics Incorporated) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-07] (IDT, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation) HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [389368 2014-02-17] (IVT Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-878371416-534066379-273716249-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD) HKU\S-1-5-21-878371416-534066379-273716249-1000\...\MountPoints2: G - G:\OriginInstaller.exe HKU\S-1-5-21-878371416-534066379-273716249-1000\...\MountPoints2: {68d495ce-56b1-11e4-907f-a01d48a8ae2a} - G:\LaunchU3.exe -a HKU\S-1-5-21-878371416-534066379-273716249-1000\...\MountPoints2: {a6881a01-aa5c-11e4-a10a-a01d48a8ae2a} - G:\LG_PC_Programs.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [S-1-5-21-878371416-534066379-273716249-1000] => hxxp://un-stop.com/wpad.dat?b086b8b5f759e0af1174f8cf3b134c136742116 Tcpip\..\Interfaces\{114E42A2-F4B3-4376-AEC5-69FA8E0C66E4}: [NameServer] 87.120.67.1 Internet Explorer: ================== BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: iSkysoft Video Converter Ultimate 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-28] (Wondershare) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll [2013-12-16] (Skype Technologies) Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File FireFox: ======== FF ProfilePath: C:\Users\hristo\AppData\Roaming\Mozilla\Firefox\Profiles\ahve1d5k.default-1461948878163 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @spoon.net/Spoon Plugin 3.33 -> C:\Program Files (x86)\Spoon\3.33.637.0\npMozillaSpoonPlugin.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN) FF Plugin HKU\S-1-5-21-878371416-534066379-273716249-1000: @acestream.net/acestreamplugin,version=3.0.9 -> C:\Users\hristo\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File] FF Plugin HKU\S-1-5-21-878371416-534066379-273716249-1000: @acestream.net/acestreamplugin,version=3.1.2 -> C:\Users\hristo\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File] FF Plugin HKU\S-1-5-21-878371416-534066379-273716249-1000: jpl.nasa.gov/NASAEyes -> C:\Users\hristo\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [No File] FF Plugin HKU\S-1-5-21-878371416-534066379-273716249-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]_xpi FF Extension: iSkysoft iMedia Converter Deluxe - C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]_xpi [2016-04-25] FF HKU\S-1-5-21-878371416-534066379-273716249-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\hristo\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found Chrome: ======= CHR Profile: C:\Users\hristo\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\hristo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-13] CHR Extension: (No Name) - C:\Users\hristo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-13] CHR Extension: (No Name) - C:\Users\hristo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-13] CHR Extension: (No Name) - C:\Users\hristo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found> CHR HKU\S-1-5-21-878371416-534066379-273716249-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-878371416-534066379-273716249-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1579880 2014-02-17] (IVT Corporation) R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-12-16] (IVT Corporation) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-17] (Nitro PDF Software) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2013-11-07] (IDT, Inc.) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13317960 2016-04-27] (Zemana Ltd.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.) U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation) R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation) S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation) S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [51936 2014-01-20] (Ralink Corporation) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [168208 2015-07-13] (ESET) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-29] () R3 m76usb; C:\Windows\System32\DRIVERS\m76usb.sys [539336 2014-04-29] (Ralink Technology Corp.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216 2016-04-29] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [429272 2013-08-21] (Realsil Semiconductor Corporation) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1513208 2013-11-20] (Sunplus) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-11] () S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare) R1 ZAM; C:\Windows\System32\drivers\zam64.sys [202656 2016-04-29] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [202656 2016-04-29] (Zemana Ltd.) S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X] U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-29 20:17 - 2016-04-29 20:18 - 00014935 _____ C:\Users\hristo\Downloads\FRST.txt 2016-04-29 20:17 - 2016-04-29 20:17 - 00000000 ____D C:\FRST 2016-04-29 20:14 - 2016-04-29 20:14 - 02376704 _____ (Farbar) C:\Users\hristo\Downloads\FRST64.exe 2016-04-29 20:05 - 2016-04-29 20:05 - 03581504 _____ C:\Users\hristo\Downloads\adwcleaner_5.114.exe 2016-04-29 19:53 - 2016-04-29 19:53 - 00092276 _____ C:\Users\hristo\Desktop\bookmarks.html 2016-04-29 18:20 - 2016-04-29 18:20 - 00000000 _____ C:\autoexec.bat 2016-04-29 18:19 - 2016-04-29 18:19 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2016-04-29 17:52 - 2016-04-29 17:52 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe 2016-04-29 17:52 - 2016-04-29 17:52 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA 2016-04-29 17:38 - 2016-04-29 20:10 - 00000000 ____D C:\AdwCleaner 2016-04-29 17:24 - 2016-04-29 20:13 - 00029742 _____ C:\Windows\ZAM.krnl.trace 2016-04-29 17:24 - 2016-04-29 20:11 - 00000119 _____ C:\Windows\ZAM_Guard.krnl.trace 2016-04-29 17:24 - 2016-04-29 17:24 - 00202656 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2016-04-29 17:24 - 2016-04-29 17:24 - 00202656 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2016-04-29 17:24 - 2016-04-29 17:24 - 00001144 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2016-04-29 17:24 - 2016-04-29 17:24 - 00000000 ____D C:\Users\hristo\AppData\Local\Zemana 2016-04-29 17:24 - 2016-04-29 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2016-04-29 17:24 - 2016-04-29 17:24 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2016-04-27 14:05 - 2016-04-27 14:24 - 00000000 ____D C:\Users\proba 2016-04-27 13:33 - 2016-04-27 13:33 - 00001646 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Sound+.lnk 2016-04-27 13:33 - 2013-11-07 00:07 - 08157184 _____ (IDT, Inc.) C:\Windows\system32\IDTNHP.dll 2016-04-27 13:33 - 2013-11-07 00:07 - 08131584 _____ (IDT, Inc.) C:\Windows\system32\IDTNGUI.exe 2016-04-27 13:33 - 2013-11-07 00:07 - 06154240 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll 2016-04-27 13:33 - 2013-11-07 00:07 - 02233344 _____ (IDT, Inc.) C:\Windows\system32\IDTNX.dll 2016-04-27 13:33 - 2013-11-07 00:07 - 01897984 _____ (IDT, Inc.) C:\Windows\system32\IDTNC64.cpl 2016-04-27 13:33 - 2013-11-07 00:07 - 01703424 _____ (IDT, Inc.) C:\Windows\sttray64.exe 2016-04-27 13:33 - 2013-11-07 00:07 - 00253952 _____ (IDT, Inc.) C:\Windows\system32\IDTNJ.exe 2016-04-27 13:33 - 2013-03-12 11:19 - 00031804 _____ C:\Windows\system32\SS15DTS.XML 2016-04-27 13:33 - 2011-05-17 17:25 - 00464384 _____ (SRS Labs, Inc.) C:\Windows\system32\slapoi64.dll 2016-04-25 21:05 - 2016-04-25 21:07 - 1913046522 _____ C:\Users\hristo\Desktop\JJoe Satriani Front and Center.avi 2016-04-25 20:27 - 2016-04-25 20:30 - 00000000 ____D C:\Users\hristo\Documents\iSkysoft Video Converter 2016-04-25 20:27 - 2016-04-25 20:27 - 00000000 ____D C:\Users\hristo\AppData\Roaming\iSkysoft Video Converter 2016-04-25 20:26 - 2016-04-29 16:34 - 00000000 ____D C:\ProgramData\iSkysoft Video Converter 2016-04-25 20:26 - 2016-04-25 20:27 - 00000000 ____D C:\ProgramData\iSkysoft 2016-04-25 20:26 - 2016-04-25 20:26 - 00001327 _____ C:\Users\Public\Desktop\iSkysoft Video Converter.lnk 2016-04-25 20:26 - 2016-04-25 20:26 - 00000000 ____D C:\Users\hristo\AppData\Local\iSkysoft 2016-04-25 20:26 - 2016-04-25 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft 2016-04-25 20:26 - 2016-04-25 20:26 - 00000000 ____D C:\Program Files (x86)\iSkysoft 2016-04-25 20:26 - 2015-02-27 14:54 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio.sys 2016-04-25 20:26 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\ISCM64.dll 2016-04-25 20:26 - 2015-02-27 14:38 - 00214528 _____ () C:\Windows\SysWOW64\ISCM32.dll 2016-04-25 20:24 - 2016-04-25 20:25 - 46597368 _____ (iSkysoft Software ) C:\Program Files (x86)\video-converter-win_full165.exe 2016-04-13 13:09 - 2016-04-13 13:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-04-08 16:33 - 2016-04-08 16:33 - 05934784 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-29 20:16 - 2014-05-31 20:59 - 00000000 ____D C:\Users\hristo\AppData\Roaming\BitTorrent 2016-04-29 20:15 - 2009-07-14 08:13 - 00785366 _____ C:\Windows\system32\PerfStringBackup.INI 2016-04-29 20:15 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf 2016-04-29 20:11 - 2014-04-28 17:04 - 00000983 _____ C:\Windows\SysWOW64\bscs.ini 2016-04-29 20:11 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-04-29 19:51 - 2009-07-14 07:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-04-29 19:51 - 2009-07-14 07:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-04-29 19:21 - 2015-01-13 17:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-04-29 17:34 - 2015-04-01 18:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-04-29 17:26 - 2014-05-31 16:02 - 00000000 ____D C:\Users\hristo 2016-04-28 20:16 - 2014-08-25 21:32 - 00000000 ____D C:\Users\hristo\AppData\Local\ElevatedDiagnostics 2016-04-28 20:16 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF 2016-04-28 13:42 - 2015-09-24 19:35 - 00000000 ____D C:\Users\hristo\AppData\Roaming\Nitro PDF 2016-04-27 13:33 - 2014-05-31 21:47 - 00000000 ____D C:\Program Files\IDT 2016-04-25 20:43 - 2014-06-01 15:56 - 00000000 ____D C:\Users\hristo\Desktop\Tools 2016-04-21 15:47 - 2014-06-01 18:43 - 00000000 ____D C:\ProgramData\Oracle 2016-04-21 15:18 - 2014-06-01 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-04-21 15:18 - 2014-06-01 18:42 - 00000000 ____D C:\Program Files (x86)\Java 2016-04-21 15:17 - 2016-02-26 21:03 - 00000000 ____D C:\Users\hristo\.oracle_jre_usage 2016-04-21 15:17 - 2014-06-01 18:42 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-04-17 23:50 - 2015-01-13 17:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-04-13 16:39 - 2014-10-20 19:24 - 00000000 ____D C:\Users\hristo\Desktop\UCTM 2016-04-08 16:33 - 2015-01-13 17:11 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-04-08 16:33 - 2015-01-13 17:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-04-08 16:33 - 2015-01-13 17:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-04-01 01:36 - 2014-06-07 14:22 - 00000000 ____D C:\Users\hristo\AppData\Roaming\DMCache 2016-03-31 18:52 - 2016-03-23 21:17 - 00000000 ____D C:\Users\hristo\Desktop\Daddys.Home.2015.BDRip.x264.DTS-HUD 2016-03-31 18:51 - 2016-03-23 21:29 - 00000000 ____D C:\Users\hristo\Desktop\Star.Wars.Episode.VII.The.Force.Awakens.2015.BRRip.XviD.AC3-iFT ==================== Files in the root of some directories ======= 2014-06-01 13:37 - 2015-01-02 23:35 - 73898496 _____ () C:\Program Files\eav_nt64_ENU.msi 2014-06-13 17:40 - 2014-06-13 17:40 - 2782320 _____ (Beepa Pty Ltd) C:\Program Files\Fraps 3.5.99 Build 15618.exe 2014-08-20 20:09 - 2014-08-20 20:09 - 18080656 _____ (Tracker Software Products Ltd ) C:\Program Files\PDFXVwer.exe 2015-01-06 14:28 - 2015-01-06 14:29 - 33551464 _____ (Ashampoo GmbH & Co. KG ) C:\Program Files (x86)\ashampoo_burning_studio_free_1.14.5_sm.exe 2014-06-01 12:24 - 2014-06-01 12:24 - 22180353 _____ (Audacity Team ) C:\Program Files (x86)\audacity-win-2.0.5.exe 2014-05-31 20:58 - 2014-05-31 20:59 - 4770672 _____ (BitTorrent, Inc.) C:\Program Files (x86)\BitTorrent-7.2.1.exe 2014-06-02 19:30 - 2014-05-19 18:47 - 32935208 _____ () C:\Program Files (x86)\MSIAfterburnerSetup300.exe 2014-08-22 12:28 - 2014-08-22 12:29 - 35594856 _____ (Skype Technologies S.A.) C:\Program Files (x86)\SkypeSetupFull.exe 2014-09-12 22:37 - 2014-09-12 22:37 - 6308192 _____ (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer_Setup_bg.exe 2016-04-25 20:24 - 2016-04-25 20:25 - 46597368 _____ (iSkysoft Software ) C:\Program Files (x86)\video-converter-win_full165.exe 2014-08-20 22:44 - 2015-07-16 02:11 - 0022016 ___SH () C:\Users\hristo\AppData\Roaming\Thumbs.db 2014-06-01 20:56 - 2015-01-25 17:39 - 0007597 _____ () C:\Users\hristo\AppData\Local\resmon.resmoncfg 2014-08-20 22:39 - 2014-08-20 22:45 - 0864256 _____ () C:\Users\hristo\AppData\Local\SageThumbs.db3 Some files in TEMP: ==================== C:\Users\hristo\AppData\Local\Temp\libeay32.dll C:\Users\hristo\AppData\Local\Temp\msvcr120.dll C:\Users\hristo\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-04-28 18:08 ==================== End of FRST.txt ============================ Addition.txt / MBAM scan log.txt /
  25. И аз лично не виждам нищо лошо в това...
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×
×
  • Добави ново...