Премини към съдържанието

Ritte

Потребител
  • Публикации

    79
  • Регистрация

  • Последно онлайн

Харесвания

22 Добра репутация

Всичко за Ritte

  • Титла
    Редовен потребител
  • Рожден ден 2.06.1995

Информация

  • Пол
    Мъж
  • Град
    Толбухин
  • Интереси
    Доста
  1. # DelFix v1.011 - Logfile created 05/09/2015 at 12:06:49 # Updated 18/08/2015 by Xplode # Username : PC - PC-PC # Operating System : Windows 7 Enterprise Service Pack 1 (64 bits) ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\PC\Desktop\Addition.txt Deleted : C:\Users\PC\Desktop\adwcleaner_5.005.exe Deleted : C:\Users\PC\Desktop\FRST.txt Deleted : C:\Users\PC\Desktop\FRST64.exe Deleted : C:\Users\PC\Desktop\JRT.exe Deleted : C:\Users\PC\Desktop\JRT.txt Deleted : C:\Users\PC\Desktop\TFC.exe Deleted : C:\Users\PC\Desktop\ZHPCleaner.exe Deleted : C:\Users\PC\Desktop\ZHPCleaner.lnk Deleted : C:\Users\PC\Desktop\ZHPCleaner.txt Deleted : HKLM\SOFTWARE\AdwCleaner ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #217 [JRT Pre-Junkware Removal | 09/04/2015 19:16:57] New restore point created ! ########## - EOF - ########## Благодаря ви за помощта! Приятен ден и на вас.
  2. Не, в момента всичко е нормално. То и преди беше така, просто бях подозрителен.
  3. ~ ZHPCleaner v2015.9.4.342 by Nicolas Coolman (2015/09/04) ~ Run by PC (Administrator) (05/09/2015 10:54:35) ~ Site : http://www.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Users\PC\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\PC\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Enterprise, 64-bit Service Pack 1 (Build 7601) ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (1) MOVED folder: C:\Users\PC\Documents\MediaGet =>PUP.Optional.MediaGet ---\\ Registry ( Key, Value, Data) (2) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Favorite-Games_is1 [Favorite-Games 5.22] =>Adware.Favorit DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [iTool] =>Toolbar.Ask ---\\ Result of repair ~ Repair carried out successfully ---\\ Statistics ~ Items scanned : 1159 ~ Items found : 0 ~ Items cancelled : 0 ~ Items repaired : 3 ~ End of clean in 0 minutes =================== ZHPCleaner-[R]-05092015-10_54_56.txt ZHPCleaner--04092015-22_07_30.txt ZHPCleaner--05092015-10_54_02.txt # AdwCleaner v5.005 - Logfile created 05/09/2015 at 10:55:34 # Updated 31/08/2015 by Xplode # Database : 2015-08-31.2 [server] # Operating system : Windows 7 Enterprise Service Pack 1 (x64) # Username : PC - PC-PC # Running from : C:\Users\PC\Desktop\adwcleaner_5.005.exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Program Files (x86)\Tbccint [-] Folder Deleted : C:\ProgramData\Tbccint [-] Folder Deleted : C:\Users\PC\AppData\Local\allsearch [-] Folder Deleted : C:\Users\PC\AppData\Local\Tbccint [-] Folder Deleted : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [-] Folder Deleted : C:\Users\PC\AppData\LocalLow\Tbccint [-] Folder Deleted : C:\Users\PC\Documents\Browser ***** [ Files ] ***** [-] File Deleted : C:\END ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : update-sys [-] Task Deleted : update-S-1-5-21-1372586815-2290778262-161615380-1000 [-] Task Deleted : update-sys [-] Task Deleted : update-S-1-5-21-1372586815-2290778262-161615380-1000 [-] Task Deleted : update-sys ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3329621 [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417} [-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} [-] Key Deleted : HKCU\Software\Conduit [-] Key Deleted : HKCU\Software\OCS [-] Key Deleted : HKCU\Software\Tbccint [-] Key Deleted : HKCU\Software\Tbccint_HKLM [-] Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint [-] Key Deleted : HKLM\SOFTWARE\Conduit [!] Key Not Deleted : [x64] HKCU\Software\Conduit [!] Key Not Deleted : [x64] HKCU\Software\OCS [!] Key Not Deleted : [x64] HKCU\Software\Tbccint [!] Key Not Deleted : [x64] HKCU\Software\Tbccint_HKLM [!] Key Not Deleted : HKU\S-1-5-21-1372586815-2290778262-161615380-1000\Software\AppDataLow\Software\Tbccint ***** [ Web browsers ] ***** [-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com [-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : babylon.com [-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bkomkajifikmkfnjgphkjcfeepbnojok [-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dajedkncpodkggklbegccjpmnglmnflm [-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : eooncjejnppfjjklapaamhcdmjbilmde [-] [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : nfengeggddojhakldhlpjdlddgkkjkdd ************************* :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3132 bytes] ##########
  4. ~ ZHPCleaner v2015.9.4.342 by Nicolas Coolman (2015/09/04) ~ Run by PC (Administrator) (04/09/2015 22:03:04) ~ Site : http://www.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Scan ~ Report : C:\Users\PC\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\PC\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Enterprise, 64-bit Service Pack 1 (Build 7601) ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (23) FOUND file: C:\END =>PUP.Optional.Conduit FOUND file: C:\ProgramData\Tbccint\Multi\CT3329621\UninstallerUI.exe [ClientConnect Ltd. - 1.6.1.11] =>PUP.Optional.ClientConnect FOUND file: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage =>PUP.Optional.AddLyrics FOUND file: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal =>PUP.Optional.AddLyrics FOUND folder: C:\Program Files (x86)\Tbccint =>PUP.Optional.Conduit FOUND folder: C:\ProgramData\Tbccint\IE =>PUP.Optional.Conduit FOUND folder: C:\ProgramData\Tbccint\Multi =>PUP.Optional.Conduit FOUND folder: C:\ProgramData\Tbccint =>PUP.Optional.Conduit FOUND file: C:\Users\PC\Documents\Browser\Cookies =>PUP.Optional.SpeedBrowser FOUND file: C:\Users\PC\Documents\Browser\iepass.txt =>PUP.Optional.SpeedBrowser FOUND file: C:\Users\PC\Documents\Browser\log.txt =>PUP.Optional.SpeedBrowser FOUND file: C:\Users\PC\Documents\Browser\login.txt =>PUP.Optional.SpeedBrowser FOUND folder: C:\Users\PC\Documents\MediaGet\User =>PUP.Optional.MediaGet FOUND folder: C:\Users\PC\Documents\Browser =>PUP.Optional.SpeedBrowser FOUND folder: C:\Users\PC\Documents\MediaGet =>PUP.Optional.MediaGet FOUND folder: C:\Users\PC\AppData\LocalLow\Tbccint\Community Alerts =>PUP.Optional.Conduit FOUND folder: C:\Users\PC\AppData\LocalLow\Tbccint =>PUP.Optional.Conduit FOUND folder: C:\Users\PC\AppData\Local\AllSearch\AllSearch.vshost.exe_Url_n5obkntniarz5fm0lgrxbscbqmxv2o0y =>PUP.Optional.SocialSkinz FOUND folder: C:\Users\PC\AppData\Local\CrashRpt\UnsentCrashReports =>.Superfluous.CrashReports FOUND folder: C:\Users\PC\AppData\Local\Tbccint\Community Alerts =>PUP.Optional.Conduit FOUND folder: C:\Users\PC\AppData\Local\AllSearch =>PUP.Optional.SocialSkinz FOUND folder: C:\Users\PC\AppData\Local\CrashRpt =>.Superfluous.CrashReports FOUND folder: C:\Users\PC\AppData\Local\Tbccint =>PUP.Optional.Conduit ---\\ Registry ( Key, Value, Data) (5) FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Favorite-Games_is1 [Favorite-Games 5.22] =>Adware.Favorit FOUND key: [X64] HKLM\SOFTWARE\Classes\protector_dll.protectorbho [Google Toolbar Notifier BHO] =>PUP.Optional.BProtector FOUND key: [X64] HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 [Google Toolbar Notifier BHO] =>PUP.Optional.BProtector FOUND key: [X64] HKLM\SOFTWARE\Classes\Toolbar.CT3329621 [] =>PUP.Optional.Conduit FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [iTool] =>Toolbar.Ask ---\\ Result of repair ~ Any repair made ---\\ Statistics ~ Items scanned : 77138 ~ Items found : 32 ~ Items cancelled : 0 ~ Items repaired : 0 ~ End of search in 4 minutes =================== ZHPCleaner--04092015-22_07_30.txt # AdwCleaner v5.005 - Logfile created 04/09/2015 at 22:10:09 # Updated 31/08/2015 by Xplode # Database : 2015-08-31.2 [server] # Operating system : Windows 7 Enterprise Service Pack 1 (x64) # Username : PC - PC-PC # Running from : C:\Users\PC\Desktop\adwcleaner_5.005.exe # Option : Scan # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** Folder Found : C:\Program Files (x86)\Tbccint Folder Found : C:\ProgramData\Tbccint Folder Found : C:\Users\PC\AppData\Local\allsearch Folder Found : C:\Users\PC\AppData\Local\Tbccint Folder Found : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm Folder Found : C:\Users\PC\AppData\LocalLow\Tbccint Folder Found : C:\Users\PC\Documents\Browser ***** [ Files ] ***** File Found : C:\END ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** Task Found : update-sys Task Found : update-S-1-5-21-1372586815-2290778262-161615380-1000 Task Found : update-sys Task Found : update-S-1-5-21-1372586815-2290778262-161615380-1000 Task Found : update-sys ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3329621 Key Found : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\OCS Key Found : HKCU\Software\Tbccint Key Found : HKCU\Software\Tbccint_HKLM Key Found : HKCU\Software\AppDataLow\Software\Tbccint Key Found : HKLM\SOFTWARE\Conduit Key Found : [x64] HKCU\Software\Conduit Key Found : [x64] HKCU\Software\OCS Key Found : [x64] HKCU\Software\Tbccint Key Found : [x64] HKCU\Software\Tbccint_HKLM Key Found : HKU\S-1-5-21-1372586815-2290778262-161615380-1000\Software\AppDataLow\Software\Tbccint ***** [ Web browsers ] ***** [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : ask.com [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : babylon.com [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bkomkajifikmkfnjgphkjcfeepbnojok [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : dajedkncpodkggklbegccjpmnglmnflm [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : eooncjejnppfjjklapaamhcdmjbilmde [C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : nfengeggddojhakldhlpjdlddgkkjkdd ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2832 bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.6.0 (08.31.2015:1) OS: Windows 7 Enterprise x64 Ran by PC on ЇҐв 04.09.2015 Ј. at 22:16:53,89 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Users\PC\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage Successfully deleted: [File] C:\Users\PC\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal Successfully deleted: [File] C:\Users\PC\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage Successfully deleted: [File] C:\Users\PC\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal ~~~ Folders Successfully deleted: [Folder] C:\Users\PC\Appdata\Local\crashrpt Successfully deleted: [Folder] C:\Users\PC\AppData\Roaming\reviversoft Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin ~~~ FireFox Emptied folder: C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\5s621qao.default-1441295505000\minidumps [1 files] ~~~ Chrome [C:\Users\PC\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\PC\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: dajedkncpodkggklbegccjpmnglmnflm [C:\Users\PC\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\PC\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on ЇҐв 04.09.2015 Ј. at 22:36:12,18 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4.9.2015 г. Scan Time: 22:59 ч. Logfile: Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.09.04.07 Rootkit Database: v2015.08.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: PC Scan Type: Threat Scan Result: Completed Objects Scanned: 388332 Time Elapsed: 16 min, 46 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  5. Добър ден Днес забелязах, че имам някакви странни start up програми като Microsoft Operating System или като Domino, което се намира в Windows папката? Компютърът ми не се бави, но може и да е инфектиран. Поствам лог файловете Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015 Ran by PC (administrator) on PC-PC (02-09-2015 13:17:47) Running from C:\Users\PC\Desktop Loaded Profiles: PC (Available Profiles: PC) Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: Bulgarian (Bulgaria) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (COMODO) E:\COMODO\COMODO Internet Security\cmdagent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (COMODO) E:\COMODO\COMODO Internet Security\cistray.exe (Vimicro) C:\Windows\vmsnap3.exe (Skype Technologies S.A.) D:\Skype\Phone\Skype.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (COMODO) E:\COMODO\COMODO Internet Security\cavwp.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (COMODO) E:\COMODO\COMODO Internet Security\cis.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [COMODO Internet Security] => E:\COMODO\COMODO Internet Security\cistray.exe [1426136 2015-04-20] (COMODO) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-12-12] () HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-09-02] (Oracle Corporation) HKU\S-1-5-21-1372586815-2290778262-161615380-1000\...\Run: [LightShot] => C:\Users\PC\AppData\Local\Skillbrains\lightshot\Lightshot.exe HKU\S-1-5-21-1372586815-2290778262-161615380-1000\...\Run: [skype] => D:\Skype\Phone\Skype.exe [53736048 2015-08-07] (Skype Technologies S.A.) Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe - Shortcut.lnk [2015-06-21] ShortcutTarget: ctfmon.exe - Shortcut.lnk -> C:\Windows\System32\ctfmon.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [s-1-5-21-1372586815-2290778262-161615380-1000] => 107.6.143.81:8080 Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{3AB5CAD0-65B5-4640-85EA-D28F04097744}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{3AB5CAD0-65B5-4640-85EA-D28F04097744}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-1372586815-2290778262-161615380-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.bg/ HKU\S-1-5-21-1372586815-2290778262-161615380-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-1372586815-2290778262-161615380-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-18] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-02] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-18] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-02] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-18] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-18] (Google Inc.) Toolbar: HKU\S-1-5-21-1372586815-2290778262-161615380-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-18] (Google Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab FireFox: ======== FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\sjqg2c0o.default-1435491856987 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-21] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-21] () FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-02] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-02] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-12-19] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-12-19] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1372586815-2290778262-161615380-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-02] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1372586815-2290778262-161615380-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-27] () FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml [2014-11-14] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2014-11-14] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml [2014-11-14] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2014-11-14] FF Extension: RivalGaming - C:\Users\PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2014-01-23] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.bg/" CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Duolingo on the Web) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-05-08] CHR Extension: (Lamborghini Newport) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoophnighhnlkbbfhbmjgkogegjhijfg [2014-01-23] CHR Extension: (Search by Image (by Google)) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-08-16] CHR Extension: (Digital Clock) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2014-01-23] CHR Extension: (AdBlock) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-04] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Clock) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg [2015-02-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-23] CHR Extension: (My Chrome Theme) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-01-23] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 cmdAgent; E:\COMODO\COMODO Internet Security\cmdagent.exe [5540424 2015-04-20] (COMODO) S3 cmdvirth; E:\COMODO\COMODO Internet Security\cmdvirth.exe [2265816 2015-04-20] (COMODO) R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink) R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink) R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation) S3 Origin Client Service; D:\Origin\OriginClientService.exe [1900400 2014-11-05] (Electronic Arts) S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies) S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-25] (TeamViewer GmbH) S3 VsEtwService120; D:\Visual Studio\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-03-18] () [File not signed] R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20696 2015-04-01] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [797280 2015-04-01] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2015-04-01] (COMODO) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-26] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-04-01] (COMODO) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-03-18] () [File not signed] R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation) S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation ) R3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [308096 2015-09-02] (Vimicro Corporation) R3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1494656 2015-09-02] (Vimicro Corporation) R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-02 13:17 - 2015-09-02 13:18 - 00016101 _____ C:\Users\PC\Desktop\FRST.txt 2015-09-02 13:17 - 2015-09-02 13:17 - 02188800 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe 2015-09-02 13:17 - 2015-09-02 13:17 - 00000000 ____D C:\FRST 2015-09-02 02:37 - 2015-09-02 02:37 - 00000000 ____D C:\Users\PC\AppData\Roaming\Unity 2015-09-02 02:20 - 2015-09-02 02:20 - 01494656 _____ (Vimicro Corporation) C:\Windows\system32\Drivers\usbVM303.sys 2015-09-02 02:20 - 2015-09-02 02:20 - 00360448 _____ (Vimicro) C:\Windows\SysWOW64\VM303Prp.Ax 2015-09-02 02:20 - 2015-09-02 02:20 - 00308096 _____ (Vimicro Corporation) C:\Windows\system32\Drivers\vvftav303.sys 2015-09-02 02:20 - 2015-09-02 02:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\amcap.exe 2015-09-02 02:20 - 2015-09-02 02:20 - 00122880 _____ C:\Windows\rm303b.exe 2015-09-02 02:20 - 2015-09-02 02:20 - 00122880 _____ (www.zsmc.com.cn) C:\Windows\VM303Cap.exe 2015-09-02 02:20 - 2015-09-02 02:20 - 00102400 _____ (Vimicro) C:\Windows\SysWOW64\vvftprpav303.ax 2015-09-02 02:20 - 2015-09-02 02:20 - 00081920 _____ (VM) C:\Windows\system32\VM303STI.dll 2015-09-02 02:20 - 2015-09-02 02:20 - 00049152 _____ (Vimicro) C:\Windows\vmsnap3.exe 2015-09-02 02:20 - 2015-09-02 02:20 - 00049152 _____ () C:\Windows\Domino.exe 2015-09-02 02:20 - 2015-09-02 02:20 - 00046592 _____ (Vimicro Cooperation) C:\Windows\SysWOW64\VvFtCtrl.dll 2015-09-02 02:20 - 2015-09-02 02:20 - 00000000 ____D C:\Windows\EffectResources 2015-09-02 02:20 - 2015-09-02 02:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A4 TECH PC Camera H 2015-09-02 02:20 - 2015-09-02 02:20 - 00000000 ____D C:\Program Files (x86)\A4 tech 2015-09-02 00:59 - 2015-09-02 00:59 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-09-02 00:59 - 2015-09-02 00:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-08-31 18:47 - 2015-08-31 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-08-31 18:47 - 2015-08-31 18:47 - 00000000 ____D C:\Program Files (x86)\Skype 2015-08-28 10:25 - 2015-08-28 10:25 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e162bad01cd4.job 2015-08-21 23:46 - 2015-08-21 23:46 - 00000000 ____D C:\Users\PC\AppData\Roaming\Sun 2015-08-21 23:46 - 2015-08-21 23:46 - 00000000 ____D C:\Users\PC\.oracle_jre_usage 2015-08-19 22:48 - 2015-08-27 20:22 - 00000203 _____ C:\Users\PC\Desktop\To-Do List.txt 2015-08-06 00:15 - 2015-08-06 00:15 - 00000000 ____D C:\Users\PC\AppData\Roaming\java 2015-08-06 00:14 - 2015-08-06 00:14 - 00002106 _____ C:\Users\PC\Desktop\Minecraft.lnk 2015-08-06 00:14 - 2015-08-06 00:14 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-02 13:16 - 2014-01-23 18:14 - 00000000 ____D C:\Users\PC\AppData\Roaming\Skype 2015-09-02 13:10 - 2009-07-14 07:45 - 00021984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-02 13:10 - 2009-07-14 07:45 - 00021984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-02 11:29 - 2014-01-23 17:42 - 02063147 _____ C:\Windows\WindowsUpdate.log 2015-09-02 11:26 - 2014-01-23 18:00 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-02 11:26 - 2009-07-14 07:51 - 00235351 _____ C:\Windows\setupact.log 2015-09-02 02:20 - 2014-01-23 18:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-09-02 02:20 - 2009-07-14 05:34 - 00000776 _____ C:\Windows\win.ini 2015-09-02 00:59 - 2014-08-07 22:14 - 00000000 ____D C:\Program Files (x86)\Java 2015-09-01 20:43 - 2014-01-23 18:20 - 00000000 ____D C:\Users\PC\AppData\Local\Google 2015-08-31 18:47 - 2014-01-23 18:13 - 00000000 ____D C:\ProgramData\Skype 2015-08-29 16:25 - 2014-01-23 18:08 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent 2015-08-28 21:14 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF 2015-08-28 10:25 - 2015-07-15 22:07 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf3180585b63.job 2015-08-21 23:46 - 2014-01-23 17:46 - 00000000 ____D C:\Users\PC 2015-08-21 10:02 - 2014-01-23 18:17 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-08-21 10:02 - 2014-01-23 18:17 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-21 10:02 - 2014-01-23 18:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-07 00:05 - 2014-02-09 18:13 - 00000000 ____D C:\Users\PC\AppData\Roaming\.minecraft ==================== Files in the root of some directories ======= 2014-01-23 17:15 - 2013-12-15 20:05 - 0010240 _____ () C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-01-23 17:15 - 2012-08-14 15:08 - 0000090 _____ () C:\Users\PC\AppData\Local\fusioncache.dat 2014-01-23 17:15 - 2013-02-09 18:23 - 0000036 _____ () C:\Users\PC\AppData\Local\housecall.guid.cache 2014-01-23 17:15 - 2014-09-15 15:07 - 0007601 _____ () C:\Users\PC\AppData\Local\Resmon.ResmonCfg 2014-01-23 17:15 - 2013-12-09 21:21 - 0000003 _____ () C:\Users\PC\AppData\Local\updater.log 2014-01-23 17:15 - 2015-04-23 18:20 - 0000424 _____ () C:\Users\PC\AppData\Local\UserProducts.xml 2014-01-23 17:51 - 2014-01-23 17:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-25 10:07 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015 Ran by PC (2015-09-02 13:18:23) Running from C:\Users\PC\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1372586815-2290778262-161615380-500 - Administrator - Disabled) Guest (S-1-5-21-1372586815-2290778262-161615380-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1372586815-2290778262-161615380-1002 - Limited - Enabled) PC (S-1-5-21-1372586815-2290778262-161615380-1000 - Administrator - Enabled) => C:\Users\PC ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC} FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1372586815-2290778262-161615380-1000\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.) A4 TECH PC Camera H (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}) (Version: - ) A4 TECH PC Camera H (HKLM-x32\...\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}) (Version: 2007.11.12 - A4 TECH) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Age of Mythology: Extended Edition (HKLM-x32\...\QWdlb2ZNeXRob2xvZ3lFeHRlbmRlZEVkaXRpb24=_is1) (Version: 1 - ) Auto Clicker v1.9 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 1.9 - MurGee.com) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.67.1076 - AB Team, d.o.o.) Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden BulgarianPhonetic XP by G. Atanasov (HKLM\...\Bulgarian(Phonetic)) (Version: - ) Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version: - ) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version: - ) COMODO Firewall (HKLM\...\{901D1D88-408D-48E5-80DD-CC3145BD8456}) (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.) Copa Petrobras de Marcas (HKLM-x32\...\Steam App 359800) (Version: - Reiza Studios) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) CyberLink PowerDVD 13 (HKLM-x32\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.2720.57 - CyberLink Corp.) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd) Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation) Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software) Euro Truck Simulator 2 Multiplayer 0.1.1 r3 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.1 r3 Alpha - ETS2MP Team) Europa Universalis III (HKLM-x32\...\Steam App 25800) (Version: - Paradox Development Studio) Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio) Favorite-Games 5.22 (HKLM-x32\...\Favorite-Games_is1) (Version: - Favorite-Games 2001-2013 ©) Gaberoff Koral German Dictionary 1.01 (HKLM-x32\...\Gaberoff Koral German Dictionary 1.01) (Version: 1.01 - Gaberoff KoralSoft ) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games) Grand Theft Auto: Episodes From Liberty City (HKLM-x32\...\{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}) (Version: 1.1.0.0 - Rockstar Games) Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0002.135 - Rockstar Games Inc.) Hidden GRID 2 (HKLM-x32\...\Steam App 44350) (Version: - Codemasters Racing) Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) K-Lite Codec Pack 7.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.9.0 - ) KoralSoft - EuroDictXP (HKLM-x32\...\EuroDictXP) (Version: 3.1 - KoralSoft) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio Express 2013 for Windows Desktop - ENU (HKLM-x32\...\{bec3d87e-1d6d-4b15-8383-29068c86b888}) (Version: 12.0.21005.13 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version: - ) Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version: - ) Mozilla Firefox 33.1.1 (x86 bg) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 bg)) (Version: 33.1.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios) MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels) Need for Speed: Hot Pursuit (HKLM-x32\...\Steam App 47870) (Version: - Criterion Games) Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation) NVIDIA 3D Vision Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation) NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.) PokerStars.bg (HKLM-x32\...\PokerStars.bg) (Version: - PokerStars.bg) Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) Python 2.7 (64-bit) (HKLM\...\{20C31435-2A0A-4580-BE8B-AC06FC243CA5}) (Version: 2.7.150 - Python Software Foundation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games) S.T.A.L.K.E.R. - Shadow of Chernobyl (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0000 - THQ) SA Dictionary 2008 Beta 4 (HKLM-x32\...\{055A5AF0-9FEB-440D-B00A-18935C7C171C}) (Version: 6.6.12 - Stefan Angelov) Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation) SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.) Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.) Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform) Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) System Requirements Lab CYRI (HKLM-x32\...\{1110A014-1471-4B66-BFDC-E8EED120CC59}) (Version: 6.0.20.0 - Husdawg, LLC) Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer) The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - ) The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.) TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version: - Nadeo) TreeSize Free V3.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.1 - JAM Software) Tropico 4 (HKLM-x32\...\Steam App 57690) (Version: - Haemimont Games) Tunatic (HKLM-x32\...\Tunatic) (Version: - ) Unity Web Player (HKU\S-1-5-21-1372586815-2290778262-161615380-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) Victoria II (HKLM-x32\...\Steam App 42960) (Version: - Paradox Development Studio) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation) VLC media player 1.1.4 (HKLM-x32\...\VLC media player) (Version: 1.1.4 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.621 - Nullsoft, Inc) Winamp Detector Plug-in (HKU\S-1-5-21-1372586815-2290778262-161615380-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - ) Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 02-09-2015 02:19:57 Инсталиран A4 TECH PC Camera H ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 05:34 - 2014-09-15 19:53 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07042B20-FD32-4CFC-ABC2-50F01231217D} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-08-20] (Nero AG) Task: {4C141D5F-4EF0-4617-9077-C111740B4B3B} - System32\Tasks\{FFFCEC4A-2068-4A3F-A47E-310E8E61CA36} => pcalua.exe -a C:\Users\PC\AppData\Roaming\.minecraft\minecraft.exe -c launcher\Uninstall.exe Task: {70CD43E2-1F98-4D85-AC6B-63C4A1682910} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => E:\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-20] (COMODO) Task: {7914994B-ADF3-4320-A8B2-5411BF95D980} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => E:\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-20] (COMODO) Task: {83540555-A2EF-40E8-A47C-78B3445446EC} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] () Task: {8649C545-9D2E-411E-B0C9-286B5214796B} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => E:\COMODO\COMODO Internet Security\cistray.exe [2015-04-20] (COMODO) Task: {91432982-12DF-4E0C-82DA-41BF8C929003} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {969D6791-439A-4BD8-B97C-FB2F1F3F02E8} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] () Task: {BF3B8E63-5C08-48D9-A766-18AAD8644DCB} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] () Task: {D39B3D95-8FB4-4B7A-9A11-C1601FCDC39F} - System32\Tasks\update-S-1-5-21-1372586815-2290778262-161615380-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] () Task: {E6CE4C90-D98C-4322-B122-78940ADC9203} - System32\Tasks\{DA10CDE3-0A81-4727-84CC-3B6FBDE2A267} => pcalua.exe -a "E:\Revo Uninstaller\Revouninstaller.exe" -d "E:\Revo Uninstaller" Task: {E8CDCB0F-6F65-4C2C-936F-AC0255D656B2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-21] (Adobe Systems Incorporated) Task: {EF791479-0421-4307-A25A-34873E7D3BD7} - System32\Tasks\{CA82246C-FECB-4D0F-B66B-ED1AB6E7E820} => pcalua.exe -a G:\OriginInstaller.exe -d G:\ Task: {F75C29B2-02E9-4D8F-B3E3-EE9721CA145C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {FFAA08E1-B894-45A7-8207-80F0D990B9DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-26] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf3180585b63.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e162bad01cd4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\update-S-1-5-21-1372586815-2290778262-161615380-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\User_Feed_Synchronization-{922373A3-ACF6-4016-AEF9-45FCFD5F8897}.job => C:\Windows\system32\msfeedssync.exe ==================== Loaded Modules (Whitelisted) ============== 2014-01-23 17:59 - 2013-12-19 21:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-24 22:38 - 2010-03-24 22:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-01-23 18:06 - 2005-06-07 13:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll 2014-05-12 12:49 - 2014-05-12 12:49 - 00222720 _____ () E:\Notepad++\NppShell_06.dll 2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-24 22:17 - 2010-03-24 22:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\amcap.exe:$CmdTcID AlternateDataStreams: C:\Windows\Domino.exe:$CmdTcID AlternateDataStreams: C:\Windows\rm303b.exe:$CmdTcID AlternateDataStreams: C:\Windows\VM303Cap.exe:$CmdTcID AlternateDataStreams: C:\Windows\vmsnap3.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\CNC550C.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\CNC550I.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\CNC550L.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\CNC550O.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\CNHMCA6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\CNMIU9Z.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\CNMLM9Z.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\fsquirt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\MyDefragScreenSaver_v4.3.1.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\MyDefragScreenSaver_v4.3.1.scr:$CmdTcID AlternateDataStreams: C:\Windows\system32\VM303STI.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\CNC550L.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\CNC550U.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\CNHMCA.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrB.ex0:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\PnkBstrB.xtr:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\VM303Prp.Ax:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\vp6vfw.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\VvFtCtrl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\vvftprpav303.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\bthenum.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\bthpan.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\bthport.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\BTHUSB.SYS:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rfcomm.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\USBAUDIO.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbVM303.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\vvftav303.sys:$CmdTcID AlternateDataStreams: C:\Users\PC\Desktop\FRST64.exe:$CmdTcID AlternateDataStreams: C:\Users\PC\Desktop\FRST64.exe:$CmdZnID ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1372586815-2290778262-161615380-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: eventlog => 2 MSCONFIG\Services: Wecsvc => 3 MSCONFIG\startupfolder: C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: Domino => C:\Windows\Domino.exe MSCONFIG\startupreg: LogMeIn Hamachi Ui => "E:\Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: MurGee.com Auto Clicker => D:\Auto Clicker\AutoClicker.exe :silent MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" MSCONFIG\startupreg: PowerDVD13Agent => "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe" MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart MSCONFIG\startupreg: Skype => "D:\Skype\Phone\Skype.exe" /nosplash /minimized MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: uTorrent => "C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: VMSnap3 => C:\Windows\VMSnap3.exe MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{C8B7E276-0EE3-4C56-B333-7BE4BBFB1E55}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{B37E21E6-5FAA-48FE-8FA4-822794D51E5C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{7BFD07CD-8E99-491C-B541-E5113F64B417}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{406C4B17-2019-46EE-AA2C-82DDCDC54392}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{FE9695F0-57E4-485A-99CF-CC9BCB519331}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{8140B637-F277-4AB8-A55E-860088FF4687}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{2CB92587-8C39-4C8D-9E02-0C9AD815C2C7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13.exe FirewallRules: [{D0B3BC3D-860B-422A-8E15-2F7EFE5D2B9B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMR\PowerDVD13DMREngine.exe FirewallRules: [{880B3D97-C17B-435A-9D34-1EDABD61E6FB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe FirewallRules: [{97DD0BD5-9FFA-4160-B481-0A3F09C17F3D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe FirewallRules: [{D1B9945F-3AAF-4F40-BEA0-AE6479FACFFF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13ML.exe FirewallRules: [{0960DC2F-C566-4B65-8E81-09E51DBF27A3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\Movie\PowerDVD.exe FirewallRules: [{1C336AEB-717B-4B0C-BEE9-DC8A0C66323B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD13\Movie\PowerDVD Cinema\PowerDVDCinema13.exe FirewallRules: [{40B36178-F75B-435B-93C3-A2AB9EB1B2EE}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe FirewallRules: [{AB839946-E022-4317-8362-79315DCD77D1}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe FirewallRules: [{041BE717-0CA2-4D8A-BF80-98BC00F3F1C7}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe FirewallRules: [{6D32B088-02DE-4109-97E8-F0029F558B04}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe FirewallRules: [{05BD0760-294C-4CE0-A3E8-4C415B0112E5}] => (Allow) E:\Steam\Steam.exe FirewallRules: [{8A05BAE4-E566-4485-A7F0-E08C482D3582}] => (Allow) E:\Steam\Steam.exe FirewallRules: [{4836D28D-AD3B-4A3C-8C95-7192103AE45C}] => (Allow) C:\Users\PC\uTorrent\uTorrent.exe FirewallRules: [{D2111862-CA5F-406D-8B09-607AD66EBD7E}] => (Allow) C:\Users\PC\uTorrent\uTorrent.exe FirewallRules: [{C3E995D5-E7B4-4C14-BA9D-FA8C4E72E6AC}] => (Allow) D:\TBoGT\EFLC\LaunchEFLC.exe FirewallRules: [{314425D3-5866-4189-AE95-ECC049FD7FCC}] => (Allow) D:\TBoGT\EFLC\LaunchEFLC.exe FirewallRules: [{59549E8A-33A0-454B-B3A8-9617921BF152}] => (Allow) D:\Visual Studio\Common7\IDE\WDExpress.exe FirewallRules: [{3E6560E6-C28E-4AB6-B12F-8FDCE0500AF1}] => (Allow) E:\Steam\SteamApps\common\rust\rustlauncher.exe FirewallRules: [{3E8F7480-7A91-495E-815E-F6C5339D4EB8}] => (Allow) E:\Steam\SteamApps\common\rust\rustlauncher.exe FirewallRules: [{73892C9F-AA1F-4B6F-8B35-C4F3E7DAC3EF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{547AC21C-5277-4AB3-8743-0C77032B3DB7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{5CFDE8CB-D04E-4C4B-813C-7F4C05474E5F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{E3EE8D42-16D9-4E4F-9B7F-865E015721B2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{B8636AFD-A375-4025-9DEC-5252D2C8F6E1}] => (Allow) D:\SteamLibrary\SteamApps\common\Europa Universalis IV\eu4.exe FirewallRules: [{F8B4F00C-5126-49AE-AE90-839AE93FC6E3}] => (Allow) D:\SteamLibrary\SteamApps\common\Europa Universalis IV\eu4.exe FirewallRules: [{7598C56F-76B0-43C5-9F06-BAF0E2C1D936}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{91488942-86AE-4573-B690-5A83C295C7F9}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4504A1C8-337F-4B1F-ADA8-FA1CE05966E2}] => (Allow) D:\Skype\Phone\Skype.exe FirewallRules: [{33FAD8D8-6211-4C75-8555-E485CABF6EBF}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe FirewallRules: [{753344BD-0663-496A-ABD8-C1667255D7CC}] => (Allow) E:\Steam\bin\steamwebhelper.exe FirewallRules: [{0D77B0A2-B9EA-4AD2-96A1-24E97A47C2FA}] => (Allow) E:\Steam\bin\steamwebhelper.exe FirewallRules: [{92E34AB0-EA37-4143-A424-ABB2703412A9}] => (Allow) D:\New folder\TeamViewer.exe FirewallRules: [{2F3073F9-B393-4415-9A8E-F0EB0C3DFCC7}] => (Allow) D:\New folder\TeamViewer.exe FirewallRules: [{64DE7991-B0F2-4820-BD51-418727DE22EA}] => (Allow) D:\New folder\TeamViewer_Service.exe FirewallRules: [{FC6D7414-C3E4-4ABB-A298-48F5B2102711}] => (Allow) D:\New folder\TeamViewer_Service.exe FirewallRules: [{F49D3652-9F8B-4A42-98F3-8F168CD3A7E1}] => (Allow) E:\Steam\SteamApps\common\rust\legacy\rust.exe FirewallRules: [{7FDBF735-0B6A-44C9-9A19-F57F8B861A68}] => (Allow) E:\Steam\SteamApps\common\rust\legacy\rust.exe FirewallRules: [{CAB705D8-D96B-4097-8216-5E0C1E02318C}] => (Allow) E:\Steam\SteamApps\common\rust\experimental\Rust.exe FirewallRules: [{9084A275-3EBA-41A6-AE8A-248252BAFD8A}] => (Allow) E:\Steam\SteamApps\common\rust\experimental\Rust.exe FirewallRules: [{9D1C98AA-7AA2-4D06-AB10-93CB0ECAA11D}] => (Allow) %ProgramFiles%\Zune\Zune.exe FirewallRules: [{102562F1-CA0F-482E-BBE7-4FB37F055046}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe FirewallRules: [{6C819994-0B0C-44E8-9433-157C8BE6E7B2}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe FirewallRules: [{886D2D36-3B0A-424B-B3BC-7CDB9E8565B5}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe FirewallRules: [{A92F6B7E-3CE8-44D2-93CC-844FD6B0E847}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe FirewallRules: [{31D85505-21AF-419F-AB86-E14B4D277342}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe FirewallRules: [{BE0ED44F-C064-4BBA-9FE0-BD267AE21E7F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe FirewallRules: [{47B72E46-778F-411F-A8C4-DE2B7F86577A}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe FirewallRules: [{02DAA7CF-225F-4415-A2B8-B40AC7174B51}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe FirewallRules: [{7E4BA311-9A17-4A69-9047-DB58D8B4E5CB}] => (Allow) E:\Steam\SteamApps\common\Victoria 2\victoria2.exe FirewallRules: [{A68FE55C-90C8-4A82-87B7-6743CB0EC702}] => (Allow) E:\Steam\SteamApps\common\Victoria 2\victoria2.exe FirewallRules: [{0B09B28F-041B-4D4B-ADCB-19DFC4805D3F}] => (Allow) E:\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [{C87AD9B8-6498-4A52-9B9C-0A7D69BBA893}] => (Allow) E:\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [{82E7F948-85CF-4C54-8D24-358E63489B99}] => (Allow) E:\Steam\SteamApps\common\Europa Universalis III - Complete\eu3game.exe FirewallRules: [{6340A8C6-4E03-4E95-A610-7F4C54C44044}] => (Allow) E:\Steam\SteamApps\common\Europa Universalis III - Complete\eu3game.exe FirewallRules: [{6968C2AF-B9A6-4234-AC63-83AF7FCCBD94}] => (Allow) D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe FirewallRules: [{85FC1DAC-05DF-49AD-A024-7FD612F1F57C}] => (Allow) D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe FirewallRules: [{BF0A9B5C-1A62-4ABE-BE02-600A889E0208}] => (Allow) D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe FirewallRules: [{3EFD79A8-07C3-40BA-8F8E-5EAF8A0F8B30}] => (Allow) D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe FirewallRules: [{439A91E2-D37A-4C53-A5BF-C838C4C5DB0E}] => (Allow) E:\Steam\SteamApps\common\TrackMania Nations Forever\TmForever.exe FirewallRules: [{35F819D6-17BE-4481-9873-85D74D0E5953}] => (Allow) E:\Steam\SteamApps\common\TrackMania Nations Forever\TmForever.exe FirewallRules: [{A5959C18-2A38-43B8-B428-1F98FFB8FA8B}] => (Allow) E:\Steam\SteamApps\common\TrackMania Nations Forever\TmForeverLauncher.exe FirewallRules: [{D3D7C8A0-C6B0-415F-A8AE-CE9B3891C31E}] => (Allow) E:\Steam\SteamApps\common\TrackMania Nations Forever\TmForeverLauncher.exe FirewallRules: [{BD8E108D-D08C-4F60-A33A-A542B0E25910}] => (Allow) E:\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{6FEC8933-B259-4327-B083-6A881993334F}] => (Allow) E:\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{44EE4019-4CD7-4F30-82A4-4BACC86EB3BD}] => (Allow) E:\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe FirewallRules: [{E01E2C04-4BDA-409E-B35B-10F196E3DCD8}] => (Allow) E:\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe FirewallRules: [{4F851702-A405-4C62-8884-03D23C024CBE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{AB0AB9A4-0554-45D9-AC7A-F8CB0C9EF67E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{DB363DFF-BD13-46EB-811E-702AB206D8D0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{08B2150C-CA0A-4CC1-9C5B-FA720BD36707}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{AB929A15-5681-4CE6-BF86-D34364822E39}] => (Allow) E:\Steam\SteamApps\common\grid 2\grid2.exe FirewallRules: [{D587E02B-B39D-4213-86C9-E9F0B12445BB}] => (Allow) E:\Steam\SteamApps\common\grid 2\grid2.exe FirewallRules: [{42C34893-D301-4CB1-8F78-7E0BC3F6280D}] => (Allow) E:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe FirewallRules: [{C210CAE8-5C66-43B2-8D0B-4832EB86976E}] => (Allow) E:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe FirewallRules: [{2962F3A6-B209-487A-9F2A-B05EB7F9465B}] => (Allow) E:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{78773129-1557-406B-A453-936CF235D7C1}] => (Allow) E:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{8EF11285-27A0-4A37-AD52-52B2B7D1FF3A}] => (Allow) E:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{6F64225B-B33C-441B-984B-1644FE04A12C}] => (Allow) E:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{BBAB28CE-4F4C-4AA5-AC59-02ABED98CB1E}] => (Allow) E:\Steam\SteamApps\common\Need for Speed Hot Pursuit\NFS11.exe FirewallRules: [{CA303219-6FB3-4F99-B42C-08BBD80ED61F}] => (Allow) E:\Steam\SteamApps\common\Need for Speed Hot Pursuit\NFS11.exe FirewallRules: [{BF0E711B-E933-4E5A-A310-B8413F550B76}] => (Allow) E:\Steam\SteamApps\common\Merchants of Brooklyn\Bin32\Launcher.exe FirewallRules: [{2FBD6E6E-6D76-44BB-A102-481EEF77F632}] => (Allow) E:\Steam\SteamApps\common\Merchants of Brooklyn\Bin32\Launcher.exe FirewallRules: [{5FECE63F-341E-4E1D-BA37-D126E288D458}] => (Allow) E:\Steam\SteamApps\common\Tropico 4\Tropico4.exe FirewallRules: [{2367D4EB-4866-47D9-A3DB-87C15FB6208F}] => (Allow) E:\Steam\SteamApps\common\Tropico 4\Tropico4.exe FirewallRules: [{5C4508EC-3D76-4C7F-AB4A-761562D42500}] => (Allow) E:\Steam\SteamApps\common\GarrysMod\hl2.exe FirewallRules: [{A69B35AD-5C93-431A-BC9A-A9D402A6C33E}] => (Allow) E:\Steam\SteamApps\common\GarrysMod\hl2.exe FirewallRules: [{33300E4A-DA8A-4951-959F-9B86B29CC65A}] => (Allow) E:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{170035D0-3DF0-4782-A0F4-21781B562DDD}] => (Allow) E:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{BBA09E23-5AD3-409E-B615-03BB8A7F9479}] => (Allow) E:\Steam\SteamApps\common\Copa Petrobras de Marcas\Marcas.exe FirewallRules: [{113A8581-E547-43FF-A9A2-7D905A00200A}] => (Allow) E:\Steam\SteamApps\common\Copa Petrobras de Marcas\Marcas.exe FirewallRules: [{71C6147B-5685-43BF-ABE5-AD85489AD1C0}] => (Allow) E:\Steam\SteamApps\common\Copa Petrobras de Marcas\Config.exe FirewallRules: [{9395938D-E7F3-4486-87D0-11395A5BEE65}] => (Allow) E:\Steam\SteamApps\common\Copa Petrobras de Marcas\Config.exe FirewallRules: [{84918C45-F5EB-4EAA-A561-87929655869B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{07876DF1-BA27-4291-8201-3F8EB8ABF4C0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{13B2BF1A-9DD8-4A39-95B6-3E47D00F196A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{A0E4C179-EB1E-4D42-A142-AA950888EDF0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{C1C65901-FF82-4A99-823B-274CDA84214B}] => (Allow) D:\EFLC\LaunchEFLC.exe FirewallRules: [{451B16F8-2506-4FFF-BC48-7C94E7B713C3}] => (Allow) D:\EFLC\LaunchEFLC.exe FirewallRules: [{FBD35FAE-0B5A-434E-85EA-211BF1C672FA}] => (Allow) E:\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe FirewallRules: [{A1D7BB96-C9C9-44B5-8F47-154ADD3C5F88}] => (Allow) E:\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe FirewallRules: [{A7E477DC-39BB-479E-9626-1BCFA2CFFE19}] => (Allow) D:\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{5E9DFCCF-54D3-42F8-AD88-7FC9D7302F17}] => (Allow) D:\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{76C09925-FC4F-40DD-8338-282FF19C4CD2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{89251630-716C-42D7-84CA-38650BAC1B1D}] => (Allow) E:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{C2F5B448-A40F-41C7-AC12-CE3D240C793B}] => (Allow) E:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{F6231063-7434-436D-9C28-54402E1ACEAD}] => (Allow) E:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe FirewallRules: [{FD8919BA-9B12-4DE2-B7E2-D1057611785C}] => (Allow) E:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/25/2015 12:56:46 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (05/25/2015 09:43:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2015 09:42:46 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (05/25/2015 09:42:46 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (05/24/2015 11:14:43 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (05/24/2015 06:28:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/24/2015 06:27:53 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (05/24/2015 06:27:53 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (05/24/2015 11:37:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/24/2015 11:36:36 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] System errors: ============= Error: (05/26/2015 02:10:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The lirsgt service failed to start due to the following error: %%577 Error: (05/26/2015 02:10:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The atksgt service failed to start due to the following error: %%577 Error: (05/26/2015 02:09:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Планировчик на задачите service depends on the Windows Event Log service which failed to start because of the following error: %%1058 Error: (05/25/2015 07:36:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The lirsgt service failed to start due to the following error: %%577 Error: (05/25/2015 07:36:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The atksgt service failed to start due to the following error: %%577 Error: (05/25/2015 07:35:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Планировчик на задачите service depends on the Windows Event Log service which failed to start because of the following error: %%1058 Error: (05/25/2015 01:41:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The lirsgt service failed to start due to the following error: %%577 Error: (05/25/2015 01:41:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The atksgt service failed to start due to the following error: %%577 Error: (05/25/2015 01:41:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Планировчик на задачите service depends on the Windows Event Log service which failed to start because of the following error: %%1058 Error: (05/25/2015 09:42:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The lirsgt service failed to start due to the following error: %%577 Microsoft Office: ========================= Error: (05/25/2015 12:56:46 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (05/25/2015 09:43:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2015 09:42:46 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (05/25/2015 09:42:46 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (05/24/2015 11:14:43 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (05/24/2015 06:28:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/24/2015 06:27:53 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (05/24/2015 06:27:53 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (05/24/2015 11:37:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/24/2015 11:36:36 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] CodeIntegrity: =================================== Date: 2015-05-26 14:10:07.650 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-26 14:10:07.616 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-26 14:10:05.889 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-26 14:10:05.873 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-25 19:36:05.544 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-25 19:36:05.512 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-25 19:36:04.624 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-25 19:36:04.592 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-25 13:41:50.218 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-25 13:41:50.187 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz Percentage of memory in use: 35% Total physical RAM: 6142.49 MB Available physical RAM: 3977.3 MB Total Virtual: 6140.67 MB Available Virtual: 3796.26 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:58.5 GB) (Free:22.99 GB) NTFS Drive d: () (Fixed) (Total:203.57 GB) (Free:44.74 GB) NTFS Drive e: () (Fixed) (Total:203.58 GB) (Free:131.62 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5E10308D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=58.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=407.2 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================
  6. Здравейте, появи се един проблем с Google Toolbar. Първо, когато бях с IE 10 самият браузър започна да бави и да не иска да връща страниците назад. Затова инсталирах IE 11 и му сложих новия toolbar. Но сега когато въведа нещо вътре и му задам да търси, нищо не се отваря. Само името на таба горе се променя на това, което съм въвел в toolbar-а. Също така, когато натисна бутона за опциите получавам син екран. Ще кача 3те сини екрана, които получих. 2 от тях са от IE10, а другият е от IE11. http://dox.bg/files/dw?a=bafa349bf9
  7. Честит празник и на вас. Оправих и Explorer-а чрез Properties и смятам, че това беше всичко. Няма повече налични проблеми!
  8. Съжалявам за забавянето. Mozillaта я поправих, обаче IE все още се пуска минимализиран (minimized) след изтеглянето на файла и ресетването на настройките. Ето лог файла: Zoek.exe v5.0.0.0 Updated 01-March-2015 Tool run by HP on Ї®­ 02.03.2015 Ј. at 15:09:15,17. Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\HP\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 2.3.2015 г. 15:11:16 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\GUM9175.tmp deleted successfully C:\PROGRA~3\Ubisoft deleted successfully C:\Users\HP\AppData\Roaming\DRPSu deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3264134852-35303984-3640855504-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFCB3198-32F3-4E8B-9539-4324694ED664} deleted successfully HKEY_USERS\S-1-5-21-3264134852-35303984-3640855504-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FFCB3198-32F3-4E8B-9539-4324694ED664} deleted successfully HKEY_USERS\S-1-5-21-3264134852-35303984-3640855504-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully HKEY_USERS\S-1-5-21-3264134852-35303984-3640855504-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully HKEY_CLASSES_ROOT\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\cardisabled\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\cardisabled\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\wrc@avast.com deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ydeuxp94.default user.js not found ---- Lines {FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} removed from prefs.js ---- user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_dailyPing", "true|||1378234602078"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_debugMode", "not set"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_dialogVersion", "not set"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_geoRequest", "BG|||8641362910886112"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_gtQueryParam", "UA-25323614-27"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_inactive_by_user", "not set"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_installedPing", "true|||8641362910885666"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_kswitch", "not set"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_lastUpdate", "1378148200942|||8641378148200943"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_redirectQueryParam1", "MB206"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_redirectQueryParam2", "MB207"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_showDialog", "not set"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_showtoaster", "not set"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_ssl", "|||8641378148202067"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_status", "active|||8641378148202063"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer", "not set"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_toasterID", "not set"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_toolbar_query", "not set"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_upn2", "6R8Re9zp17"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_installer_name", "sg_6R8Re9zp17_active_MB206_MB207_UA-25323614-27_2013-01-13-20-31-19"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_product_name", "IB Updater"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_product_version", "2.0.0.578"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_temp_installer_name", "sg_6R8Re9zp17_active_MB206_MB207_UA-25323614-27_2013-01-13-20-31-1 user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_toolbarID", "34d5a661ea9745648229a3ffecbe9055"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.extensionFirstRun", false); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.lastExtensionVersion", "2.0.0.578"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.setdefaultsearch_2.0.0.578", false); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.setdnscatch_2.0.0.413", false); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.setdnscatch_2.0.0.578", false); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.sethomepage_2.0.0.578", false); ---- Lines omniboxes removed from prefs.js ---- user_pref("browser.search.searchengine.alias", "omniboxes"); user_pref("browser.search.searchengine.iconURL", "http://www.omniboxes.com/favicon.ico"); user_pref("browser.search.searchengine.name", "omniboxes"); user_pref("browser.search.searchengine.url", "http://www.omniboxes.com/web/?type=ds&ts=1425229031&from=obw&uid=HitachiXHTS547575A9E384_J2140059CX3MDAC ---- Lines wrc@avast.com removed from prefs.js ---- user_pref("extensions.wrc@avast.com.install-event-fired", true); user_pref("extensions.xpiState", "{\"app-profile\":{\"marcoagpinto@mail.telepac.pt\":{\"d\":\"C:\\\\Users\\\\HP\\\\AppData\\\\Roaming\\\\Mozilla\\\\Fi ---- FireFox user.js and prefs.js backups ---- prefs_02.03.2015Ј._1525_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\GUM9175.tmp not found C:\PROGRA~2\install.tmp deleted C:\user.js deleted C:\KK.exe deleted C:\PROGRA~3\Package Cache deleted C:\windows\SysNative\Tasks\avast! Emergency Update deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ydeuxp94.default user_pref("browser.search.selectedEngine", "Google"); user_pref("keyword.URL", "http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=030813&q="); ==== Firefox Extensions ====================== ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ydeuxp94.default - British English Dictionary Forked by Marco Pinto - %ProfilePath%\extensions\marcoagpinto@mail.telepac.pt - NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ydeuxp94.default C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chromium Look ====================== Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - D:\Avast\WebRep\Chrome\aswWebRepChrome.crx[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[14.05.2013 Ј. 12:27] Lamborghini Newport - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoophnighhnlkbbfhbmjgkogegjhijfg AdBlock - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Ghostery - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij ==== Chromium Startpages ====================== C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Preferences "urls_to_restore_on_startup": [ "http://www.omniboxes.com/?type=hp&ts=1425229031&from=obw&uid=HitachiXHTS547575A9E384_J2140059CX3MDACX3MDAX" ] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.bg/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.bg/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_bgBG518" {920F8CB9-C9FA-46E6-81A0-71E1AF5C7BAA} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_bgBG518" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCShield Monitor deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xfire deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBTTF3X6 will be deleted at reboot C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TY1U15J4 will be deleted at reboot C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5JO37K0 will be deleted at reboot C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\HP\AppData\Local\Mozilla\Firefox\Profiles\ydeuxp94.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=19 folders=17 14308944 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\HP\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\HP\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBTTF3X6" not found "C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TY1U15J4" not found "C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5JO37K0" not found ==== EOF on Ї®­ 02.03.2015 Ј. at 15:32:55,00 ======================
  9. Проблемът бе в Internet Explorer. И мисля, че проблемът с adware се оправи. Сега зарежда Google като начална страница, обаче странното е, че като пусна IE , той се пуска минимализиран и трябва да натисна на иконата втори път, за да се покаже. Също така Mozilla-та не иска даже да се пусне. ~ ZHPCleaner v2015.3.1.102 by Nicolas Coolman (01/03/2015) ~ Run by HP (Administrator) (02/03/2015 14:07:55) ~ Forum : http://forum.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Users\HP\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\HP\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) ~ Windows 7, 64-bit Service Pack 1 (Build 7601) ---\\ Services (0) ~ No malicious items found. ---\\ Browser internet (8) REPLACED Desktop: C:\Users\HP\Desktop\Google Chrome.lnk [bad : http://www.omniboxes.com/?type=sc&ts=1425229031&from=obw&uid=HitachiXHTS547575A9E384_J2140059CX3MDACX3MDAX] (Hijacker.Browser) REPLACED Quicklaunch: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [bad : http://www.omniboxes.com/?type=sc&ts=1425229031&from=obw&uid=HitachiXHTS547575A9E384_J2140059CX3MDACX3MDAX] (Hijacker.Browser) REPLACED TaskBar: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk [bad : http://www.omniboxes.com/?type=sc&ts=1425229031&from=obw&uid=HitachiXHTS547575A9E384_J2140059CX3MDACX3MDAX] (Hijacker.Browser) REPLACED TaskBar: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk [bad : http://www.omniboxes.com/?type=sc&ts=1425229031&from=obw&uid=HitachiXHTS547575A9E384_J2140059CX3MDACX3MDAX] (Hijacker.Browser) REPLACED Desktop: C:\Users\Public\Desktop\Google Chrome.lnk [bad : http://www.omniboxes.com/?type=sc&ts=1425229031&from=obw&uid=HitachiXHTS547575A9E384_J2140059CX3MDACX3MDAX] (Hijacker.Browser) REPLACED Desktop: C:\Users\Public\Desktop\Mozilla Firefox.lnk [bad : http://www.omniboxes.com/?type=sc&ts=1425229031&from=obw&uid=HitachiXHTS547575A9E384_J2140059CX3MDACX3MDAX] (Hijacker.Browser) REPLACED SystemTools: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk [bad : http://www.omniboxes.com/?type=sc&ts=1425229031&from=obw&uid=HitachiXHTS547575A9E384_J2140059CX3MDACX3MDAX] (Hijacker.Browser) REPLACED Programs: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [bad : http://www.omniboxes.com/?type=sc&ts=1425229031&from=obw&uid=HitachiXHTS547575A9E384_J2140059CX3MDACX3MDAX] (Hijacker.Browser) ---\\ Hosts file (1) ~ The hosts file is legitimate (1) ---\\ Scheduled automatic tasks. (0) ~ No malicious items found. ---\\ Explorer ( File, Folder) (0) ~ No malicious items found. ---\\ Registry ( Key, Value, Data) (7) DELETED data: HKCR\FirefoxHTML\Shell\Open\Command\\Default [bad : "C:\Program Files (x86)\firefox.exe" -osint -url "%1"] (Broken.OpenCommand) DELETED key*: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Favorite-Games_is1 [Favorite-Games 5.22] (Adware.Favorit) DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\incredibar.com [67] (Adware.Incredibar) DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cytiweb.net [163830] (PUP.CytiWeb) DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\omniboxes.com [72] (PUP.Omniboxes) DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\similarsites.com [44] (Adware.SimilarSites) DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfisher.ru [62] (PUP.SpecialSavings) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 83676 ~ Items found : 0 ~ Items repaired : 10 End of clean at 14:34:15 =================== ZHPCleaner-[R]-02032015-14_34_15.txt
  10. Сканирах, още не мога да сменя Homepage-a. # AdwCleaner v4.111 - Logfile created 02/03/2015 at 13:14:37 # Updated 18/02/2015 by Xplode # Database : 2015-03-02.1 [server] # Operating system : Windows 7 Enterprise Service Pack 1 (x64) # Username : HP - HP-PC # Running from : C:\Users\HP\Desktop\adwcleaner_4.111.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v9.0.8112.16476 -\\ Mozilla Firefox v35.0.1 (x86 bg) -\\ Google Chrome v40.0.2214.115 ************************* AdwCleaner[R0].txt - [780 bytes] - [02/03/2015 13:11:24] AdwCleaner[s0].txt - [708 bytes] - [02/03/2015 13:14:37] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [766 bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.3 (03.01.2015:1) OS: Windows 7 Enterprise x64 Ran by HP on Ї®­ 02.03.2015 Ј. at 13:17:11,81 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Ї®­ 02.03.2015 Ј. at 13:23:49,83 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  11. Здравейте, пуснах FRST, но проблемът още съществува. По едно време IE даже крашна, защото показа, че някакъв add-on е блокирал kaldata и подозирам, че там също има някакъв проблем. avast не знам какво прави на D, инсталирана беше още преди година, но ако се наложи, мога да преинсталирам в C. Лаптопът няма SSD Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015 Ran by HP at 2015-03-02 11:27:38 Run:1 Running from C:\Users\HP\Desktop Loaded Profiles: HP (Available profiles: HP) Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3264134852-35303984-3640855504-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION FF Homepage: hxxp://www.omniboxes.com/?type=hp&ts=1425229031&from=obw&uid=HitachiXHTS547575A9E384_J2140059CX3MDACX3MDAX S3 catchme; \??\C:\ComboFix\catchme.sys [X] 2015-03-01 18:58 - 2015-03-01 18:59 - 00000000 ____D () C:\Program Files (x86)\MiniGet 2015-03-01 18:58 - 2015-03-01 18:58 - 00000000 ____D () C:\Users\HP\AppData\Roaming\MiniGet 2015-03-01 18:57 - 2015-03-01 19:29 - 00000000 ____D () C:\Users\HP\AppData\Roaming\omniboxes 2015-03-01 18:55 - 2015-03-01 19:35 - 00000000 ____D () C:\Program Files (x86)\Cyti Web emptytemp: end ***************** "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-3264134852-35303984-3640855504-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. Firefox homepage deleted successfully. catchme => Service deleted successfully. C:\Program Files (x86)\MiniGet => Moved successfully. C:\Users\HP\AppData\Roaming\MiniGet => Moved successfully. C:\Users\HP\AppData\Roaming\omniboxes => Moved successfully. C:\Program Files (x86)\Cyti Web => Moved successfully. EmptyTemp: => Removed 1.8 GB temporary data. The system needed a reboot. ==== End of Fixlog 11:30:45 ====
  12. Добър ден Случайно баща ми инсталира някаква програма и лаптопът се навъди с adware. Опитах се да почистя някои с MBAM, но явно не свърши работата редно и в момента не мога да сменя Homepage-а на IE, също така не мога да пусна FF, но не съм сигурен дали този проблем е свързан и с него. Ето и логовете: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015 Ran by HP (administrator) on HP-PC on 01-03-2015 21:31:51 Running from C:\Users\HP\Desktop Loaded Profiles: HP (Available profiles: HP) Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Bulgarian (Bulgaria) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) D:\Avast!\AvastSvc.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (AVAST Software) D:\Avast!\avastui.exe (Avast Software) D:\Avast!\ng\vbox\AvastVBoxSVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (AVAST Software) D:\Avast!\ng\ngservice.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => D:\Avast!\AvastUI.exe [5227112 2015-01-27] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3264134852-35303984-3640855504-1000\...\Run: [DAEMON Tools Lite] => D:\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd) HKU\S-1-5-21-3264134852-35303984-3640855504-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Avast!\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3264134852-35303984-3640855504-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3264134852-35303984-3640855504-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3264134852-35303984-3640855504-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.bg/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3264134852-35303984-3640855504-1000 -> DefaultScope 2483CB2A9961442A97C51E3A7F243C4B URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3264134852-35303984-3640855504-1000 -> 2483CB2A9961442A97C51E3A7F243C4B URL = https://www.google.com/search?q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Avast!\aswWebRepIE64.dll (AVAST Software) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Avast!\aswWebRepIE.dll (AVAST Software) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-3264134852-35303984-3640855504-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{9C79513B-80C7-4AD1-BD96-55B2394EBD42}: [NameServer] 8.8.8.8,8.8.4.4 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ydeuxp94.default FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Google FF Homepage: hxxp://www.omniboxes.com/?type=hp&ts=1425229031&from=obw&uid=HitachiXHTS547575A9E384_J2140059CX3MDACX3MDAX FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=030813&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: British English Dictionary (Forked by Marco Pinto) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ydeuxp94.default\Extensions\marcoagpinto@mail.telepac.pt [2015-02-01] FF Extension: NoScript - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ydeuxp94.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-02] FF Extension: Adblock Plus - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ydeuxp94.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-02] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Avast!\WebRep\FF FF Extension: Avast Online Security - D:\Avast!\WebRep\FF [2013-05-09] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Lamborghini Newport) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoophnighhnlkbbfhbmjgkogegjhijfg [2013-01-06] CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-05] CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-05] CHR Extension: (Google Search) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-05] CHR Extension: (Digital Clock) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo [2013-01-31] CHR Extension: (AdBlock) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-03-20] CHR Extension: (Clock) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg [2013-02-14] CHR Extension: (Ghostery) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-09-01] CHR Extension: (Chrome In-App Payments service) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30] CHR Extension: (My Chrome Theme) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2013-01-06] CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-05] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Avast!\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14] StartMenuInternet: Google Chrome - Chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-06] (Atheros Commnucations) [File not signed] R2 avast! Antivirus; D:\Avast!\AvastSvc.exe [50344 2014-11-22] (AVAST Software) R3 AvastVBoxSvc; D:\Avast!\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-22] (Avast Software) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [1698360 2011-07-06] (Hewlett-Packard Company) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-08] (Disc Soft Ltd) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-01] (Malwarebytes Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] () U4 VBoxAswDrv; D:\Avast!\ng\vbox\VBoxAswDrv.sys [271752 2014-11-22] (Avast Software) R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-03-13] (CyberLink Corp.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 XFDriver64; \??\E:\Xfire2\XFDriver64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-01 21:31 - 2015-03-01 21:32 - 00015737 _____ () C:\Users\HP\Desktop\FRST.txt 2015-03-01 21:31 - 2015-03-01 21:31 - 00000000 ____D () C:\FRST 2015-03-01 21:30 - 2015-03-01 21:31 - 02092544 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe 2015-03-01 19:30 - 2015-03-01 19:30 - 02126848 _____ () C:\Users\HP\Downloads\AdwCleaner.exe 2015-03-01 18:58 - 2015-03-01 18:59 - 00000000 ____D () C:\Program Files (x86)\MiniGet 2015-03-01 18:58 - 2015-03-01 18:58 - 00000000 ____D () C:\Users\HP\AppData\Roaming\MiniGet 2015-03-01 18:57 - 2015-03-01 19:29 - 00000000 ____D () C:\Users\HP\AppData\Roaming\omniboxes 2015-03-01 18:55 - 2015-03-01 19:35 - 00000000 ____D () C:\Program Files (x86)\Cyti Web 2015-02-22 10:22 - 2015-02-22 10:22 - 00000278 _____ () C:\Users\HP\Desktop\Empl2015_124041864.txt 2015-02-03 09:51 - 2015-02-24 09:23 - 00257536 _____ () C:\Users\HP\Desktop\ved.01.2015.xls 2015-02-03 09:48 - 2015-02-03 09:48 - 00273920 _____ () C:\Users\HP\Downloads\ved_10.2011.xls ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-01 21:33 - 2012-10-10 16:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-01 21:28 - 2012-10-10 16:55 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype 2015-03-01 21:26 - 2012-10-10 12:47 - 01068863 _____ () C:\Windows\WindowsUpdate.log 2015-03-01 20:40 - 2013-01-05 18:12 - 00000998 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-01 19:46 - 2009-07-14 06:45 - 00022416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-01 19:46 - 2009-07-14 06:45 - 00022416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-01 19:38 - 2013-01-05 18:12 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-01 19:37 - 2010-11-21 05:47 - 00139130 _____ () C:\Windows\PFRO.log 2015-03-01 19:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-01 19:37 - 2009-07-14 06:51 - 00043667 _____ () C:\Windows\setupact.log 2015-03-01 19:29 - 2009-07-14 04:34 - 00000604 _____ () C:\Windows\win.ini 2015-03-01 19:00 - 2014-09-05 23:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-01 18:57 - 2014-04-06 14:57 - 00001635 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-03-01 18:57 - 2013-09-02 21:29 - 00001141 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-01 18:57 - 2013-09-02 21:28 - 00001153 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-01 18:57 - 2013-06-22 13:29 - 00002355 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-01 18:57 - 2013-01-05 18:13 - 00002469 _____ () C:\Users\HP\Desktop\Google Chrome.lnk 2015-03-01 12:13 - 2013-01-22 08:57 - 00000000 ____D () C:\Users\HP\AppData\Local\CrashDumps 2015-02-21 13:41 - 2013-02-21 21:27 - 00002655 _____ () C:\Users\Public\Desktop\Декларации Обр.1 и 6.lnk 2015-02-21 08:20 - 2013-05-09 16:18 - 00004126 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-02-19 07:48 - 2009-07-14 07:13 - 00782154 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-16 18:42 - 2012-10-10 16:07 - 00000000 ____D () C:\Users\HP\AppData\Local\Microsoft Help 2015-02-06 13:35 - 2013-01-05 18:12 - 00003994 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-06 13:35 - 2013-01-05 18:12 - 00003742 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-05 19:33 - 2012-10-10 16:58 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 19:33 - 2012-10-10 16:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-05 19:33 - 2012-10-10 16:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-31 08:25 - 2013-09-02 21:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service ==================== Files in the root of some directories ======= 2014-06-21 11:27 - 2015-01-28 00:08 - 0020080 _____ (Mozilla Foundation) C:\Program Files (x86)\AccessibleMarshal.dll 2014-06-21 11:27 - 2015-01-28 00:08 - 0000667 _____ () C:\Program Files (x86)\application.ini 2014-06-21 11:27 - 2015-01-28 00:08 - 0074864 _____ (Mozilla Foundation) C:\Program Files (x86)\breakpadinjector.dll 2013-09-02 21:26 - 2015-01-28 00:08 - 0260208 _____ (Mozilla Foundation) C:\Program Files (x86)\crashreporter.exe 2013-09-02 21:26 - 2014-06-21 11:27 - 0005734 _____ () C:\Program Files (x86)\crashreporter.ini 2014-06-21 11:27 - 2014-06-21 11:27 - 2106216 _____ (Microsoft Corporation) C:\Program Files (x86)\D3DCompiler_43.dll 2014-09-16 21:33 - 2014-10-31 22:32 - 3231832 _____ (Microsoft Corporation) C:\Program Files (x86)\d3dcompiler_46.dll 2013-09-02 21:26 - 2014-12-11 22:04 - 0000118 _____ () C:\Program Files (x86)\dependentlibs.list 2013-09-02 21:26 - 2015-01-28 00:08 - 0338032 _____ (Mozilla Corporation) C:\Program Files (x86)\firefox.exe 2013-09-02 21:26 - 2015-01-28 00:08 - 0000899 _____ () C:\Program Files (x86)\freebl3.chk 2013-09-02 21:26 - 2015-01-28 00:08 - 0331376 _____ (Mozilla Foundation) C:\Program Files (x86)\freebl3.dll 2013-09-02 21:26 - 2015-01-28 00:08 - 5246064 _____ (Mozilla Foundation) C:\Program Files (x86)\gkmedias.dll 2014-06-21 11:27 - 2015-01-28 00:08 - 10397296 _____ (The ICU Project) C:\Program Files (x86)\icudt52.dll 2014-06-21 11:27 - 2015-01-28 00:08 - 1023600 _____ (The ICU Project) C:\Program Files (x86)\icuin52.dll 2014-06-21 11:27 - 2015-01-28 00:08 - 0800368 _____ (The ICU Project) C:\Program Files (x86)\icuuc52.dll 2013-09-02 21:26 - 2013-09-02 21:29 - 0028252 _____ () C:\Program Files (x86)\install.log 2013-09-02 21:26 - 2013-09-02 21:26 - 0016542 _____ () C:\Program Files (x86)\install.tmp 2013-09-02 21:26 - 2015-01-28 00:08 - 0045168 _____ (Mozilla Foundation) C:\Program Files (x86)\libEGL.dll 2013-09-02 21:26 - 2015-01-28 00:08 - 0875632 _____ (Mozilla Foundation) C:\Program Files (x86)\libGLESv2.dll 2013-09-02 21:26 - 2015-01-28 00:08 - 0114800 _____ (Mozilla Foundation) C:\Program Files (x86)\maintenanceservice.exe 2013-09-02 21:26 - 2015-01-28 00:08 - 0185432 _____ (Mozilla Corporation) C:\Program Files (x86)\maintenanceservice_installer.exe 2013-09-02 21:26 - 2015-01-28 00:08 - 0019568 _____ (Mozilla Foundation) C:\Program Files (x86)\mozalloc.dll 2013-09-02 21:26 - 2015-01-28 00:08 - 0140912 _____ (Mozilla Foundation) C:\Program Files (x86)\mozglue.dll 2013-09-02 21:26 - 2015-01-28 00:08 - 3925104 _____ () C:\Program Files (x86)\mozjs.dll 2013-09-02 21:26 - 2014-06-21 11:27 - 0421200 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcp100.dll 2013-09-02 21:26 - 2014-06-21 11:27 - 0770384 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcr100.dll 2013-09-02 21:26 - 2015-01-28 00:08 - 1576048 _____ (Mozilla Foundation) C:\Program Files (x86)\nss3.dll 2013-09-02 21:26 - 2015-01-28 00:08 - 0413296 _____ (Mozilla Foundation) C:\Program Files (x86)\nssckbi.dll 2013-09-02 21:26 - 2015-01-28 00:08 - 0000899 _____ () C:\Program Files (x86)\nssdbm3.chk 2013-09-02 21:26 - 2015-01-28 00:08 - 0092784 _____ (Mozilla Foundation) C:\Program Files (x86)\nssdbm3.dll 2013-09-02 21:26 - 2015-01-28 00:08 - 11305435 _____ () C:\Program Files (x86)\omni.ja 2013-09-02 21:26 - 2015-01-28 00:08 - 0000143 _____ () C:\Program Files (x86)\platform.ini 2013-09-02 21:26 - 2015-01-28 00:08 - 0243312 _____ (Mozilla Corporation) C:\Program Files (x86)\plugin-container.exe 2013-09-02 21:26 - 2015-01-28 00:08 - 0127600 _____ (Mozilla Corporation) C:\Program Files (x86)\plugin-hang-ui.exe 2013-09-02 21:26 - 2015-01-28 00:08 - 0002176 _____ () C:\Program Files (x86)\precomplete 2013-09-02 21:26 - 2015-01-28 00:08 - 0000662 _____ () C:\Program Files (x86)\removed-files 2014-10-31 22:32 - 2015-01-28 00:08 - 0220784 _____ (Mozilla Foundation) C:\Program Files (x86)\sandboxbroker.dll 2013-09-02 21:26 - 2015-01-28 00:08 - 0000899 _____ () C:\Program Files (x86)\softokn3.chk 2013-09-02 21:26 - 2015-01-28 00:08 - 0150128 _____ (Mozilla Foundation) C:\Program Files (x86)\softokn3.dll 2013-09-02 21:26 - 2014-06-21 11:27 - 0000132 _____ () C:\Program Files (x86)\update-settings.ini 2013-09-02 21:26 - 2015-01-28 00:08 - 0273008 _____ (Mozilla Foundation) C:\Program Files (x86)\updater.exe 2013-09-02 21:26 - 2014-06-21 11:27 - 0001520 _____ () C:\Program Files (x86)\updater.ini 2013-09-02 21:26 - 2015-01-28 00:08 - 0091032 _____ (Mozilla Corporation) C:\Program Files (x86)\webapp-uninstaller.exe 2013-09-02 21:26 - 2015-01-28 00:08 - 0094320 _____ (Mozilla Foundation) C:\Program Files (x86)\webapprt-stub.exe 2015-01-23 23:01 - 2015-01-28 00:08 - 0073840 _____ (Mozilla Foundation) C:\Program Files (x86)\wow_helper.exe 2013-09-02 21:26 - 2015-01-28 00:08 - 27133040 _____ (Mozilla Foundation) C:\Program Files (x86)\xul.dll Some content of TEMP: ==================== C:\Users\HP\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-14 10:18 ==================== End Of Log ============================ Addition.txt
  13. Ritte

    Смяна на процесор

    Честно казано ми идва малко в повече тая цена.. Допуснах грешка при определянето на бюджета - бих казал между 350-450
  14. Ritte

    Смяна на процесор

    Благодаря, ще поразмисля още малко и искам да поразгледам някои други варианти, но пък може и с тази комбинация да се получи.
  15. Ritte

    Смяна на процесор

    Ще обмисля, защото за момента не планирам цялостно да обновявам всичко, главно дъното и процесора. Мисля, че ще мога около 400 или 500 да дам
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване