Премини към съдържанието

Теодор Митков Димитров

Потребител
  • Публикации

    12
  • Регистрация

  • Последно онлайн

Харесвания

2 Неутрална репутация

Всичко за Теодор Митков Димитров

  • Титла
    Потребител
  1. Бавно работещ браузър и постоянно изкачащи реклами

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2015 02 Ran by PCuser at 2015-05-14 23:44:19 Run:2 Running from C:\Users\PCuser\Downloads\iztegleni Loaded Profiles: PCuser (Available profiles: PCuser) Boot Mode: Normal ============================================== Content of fixlist: ***************** start C:\Users\PCuser\AppData\Roaming\thinstall C:\Program Files (x86)\Photoshop\Check.exe C:\Program Files (x86)\Photoshop\x64\Check.exe Deletekey: HKEY_USERS\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\CONDUIT end ***************** C:\Users\PCuser\AppData\Roaming\thinstall => Moved successfully. "C:\Program Files (x86)\Photoshop\Check.exe" => File/Directory not found. "C:\Program Files (x86)\Photoshop\x64\Check.exe" => File/Directory not found. HKEY_USERS\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\CONDUIT => Failed to delete key at first attempt (Error: C0000121), see next line. HKEY_USERS\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\CONDUIT => Key Deleted Successfully. ==== End of Fixlog 23:44:20 ====
  2. Инсталация на CorelDraw

    Здравейте, скоро си бях инсталирал CorelDraw x4 на лаптопа, но явно не съм го инсталирал правилно и след определен период му изтече trial версията. Опитвах какво ли не, показва ми, че единственият вариант да го използвам е да си го закупя. Има ли начин, да си го инсталирам наново и да си въведа по някакъв начин serial номерата? Благодаря предварително!
  3. Бавно работещ браузър и постоянно изкачащи реклами

    Искам изключително много да благодаря за помощта, компютъра ми работи като нов!
  4. Тярся човек който работи с Corel

    Аз също работя с Coreldraw, ако мога да помогна пиши на лс
  5. Бавно работещ браузър и постоянно изкачащи реклами

    Emsisoft Emergency Kit - Version 9.0 Last update: 7.5.2015 г. 00:15:30 User account: PCuser-PC\PCuser Scan settings: Scan type: Full Scan Objects: Rootkits, Memory, Traces, C:\, D:\ Detect PUPs: On Scan archives: On ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 7.5.2015 г. 00:17:26 C:\Users\PCuser\AppData\Roaming\thinstall detected: Application.AppInstall (A) Value: HKEY_USERS\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Key: HKEY_USERS\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\CONDUIT detected: Application.InstallAd (A) C:\FRST\Quarantine\C\Program Files (x86)\CinemaP-1.8cV18.01\37b2459c-00b4-410e-8598-7ea788db10b8-6.exe detected: Gen:Application.Heur.xz1@mmYZCZpi (B) C:\FRST\Quarantine\C\Program Files (x86)\quiz games\quiz_games_notification_service.exe detected: Gen:Variant.Adware.Mikey.10000 (B) C:\FRST\Quarantine\C\Program Files (x86)\quiz games\quiz_games_updating_service.exe detected: Application.Toolbar (A) C:\FRST\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll detected: Application.Generic.1247189 (B) C:\FRST\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe detected: Adware.SearchProtect.W (B) C:\FRST\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe detected: Gen:Variant.Adware.Graftor.172099 (B) C:\FRST\Quarantine\C\Users\PCuser\AppData\Roaming\2dggzgqhG.xBAD -> content/overlay.js detected: Adware.Agent.PMG (B) C:\FRST\Quarantine\C\Users\PCuser\AppData\Roaming\CC30ZgRZBATZdKt5NRUh0XuSkm.xBAD -> content/overlay.js detected: Adware.Agent.PMG (B) C:\FRST\Quarantine\C\Users\PCuser\AppData\Roaming\FMEUD.xBAD -> background.js detected: Trojan.Script.Agent.FA (B) C:\FRST\Quarantine\C\Windows\system32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys.xBAD detected: Adware.SwiftBrowse.CH (B) C:\Program Files (x86)\Photoshop\Check.exe detected: Gen:Variant.Graftor.7067 (B) C:\Program Files (x86)\Photoshop\x64\Check.exe detected: Gen:Variant.Graftor.7067 (B) C:\Users\PCuser\AppData\Roaming\Thinstall\Settings\11300002h\splwow64.exe detected: Gen:Trojan.Heur.GZ.ciW@buEI9pl (B) D:\Програми\COREL.CORELDRAW.GRAPHICS.SUITE.X5.WITH.SP3.V15.2.0.686.INCL.KEYGEN.ENGLISH-CORE\corel_app_keygen.exe detected: Trojan.Generic.9986047 (B) Scanned 224818 Found 18 Scan end: 7.5.2015 г. 01:09:40 Scan time: 0:52:14
  6. Бавно работещ браузър и постоянно изкачащи реклами

    Malwarebytes Anti-Malware www.malwarebytes.org Дата на сканиране: 6.5.2015 г. Час на сканиране: 03:52:19 ч. Дневник: Администратор: Да Версия: 2.01.6.1022 База от данни за злонамерен софтуер: v2015.05.05.05 База от данни за рууткити: v2015.04.21.01 Лиценз: Пробен период Защита от злонамерен софтуер: Разрешено Защита от злонамерени страници: Разрешено Самозащита: Забранено ОС: Windows 7 Процесор: x64 Файлова система: NTFS Потребител: PCuser Тип сканиране: Сканиране за заплахи Резултат: Завършено Сканиране обекти: 344789 Изминало време: 14 мин. 31 сек. Памет: Разрешено Начално стартиране: Разрешено Файлова система: Разрешено Архиви: Разрешено Рууткити: Разрешено Евристика: Разрешено ПНП: Разрешено ПНИ: Разрешено Процеси: 0 (Не бяха открити злонамерени обекти) Модули: 0 (Не бяха открити злонамерени обекти) Ключове в системния регистър: 8 PUP.Optional.Cinema.A, HKLM\SOFTWARE\CinemaP-1.8cV18.01-nv, Поставен под карантина, [3bce662a8bff96a0c2db45ab53b09d63], PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.8cV18.01, Поставен под карантина, [c742b7d9acde7eb8f7a65a96d03330d0], PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.8cV18.01-nv, Поставен под карантина, [7d8c9df3afdbc670c1dc08e8e51e7d83], PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Поставен под карантина, [44c53f5165259e98be51eae39172de22], PUP.Optional.Cinema.A, HKU\S-1-5-18\SOFTWARE\CinemaP-1.8cV18.01-nv, Поставен под карантина, [fc0db6daaedc63d377274aa6000350b0], PUP.Optional.Cinema.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\CinemaP-1.8cV18.01, Поставен под карантина, [48c1f799a5e50630940b5a96c24127d9], PUP.Optional.Cinema.A, HKU\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\CinemaP-1.8cV18.01-nv, Поставен под карантина, [42c7840ced9dc86ec9d52ec238cb06fa], PUP.Optional.Cinema.A, HKU\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\APPDATALOW\SOFTWARE\CinemaP-1.8cV18.01, Поставен под карантина, [90796c24eb9f66d0980705eb857ec040], Стойности в системния регистър: 0 (Не бяха открити злонамерени обекти) Данни в системния регистър: 0 (Не бяха открити злонамерени обекти) Папки: 0 (Не бяха открити злонамерени обекти) Файлове: 4 PUP.Optional.Nova.A, C:\Program Files (x86)\27fbb95c-2d6b-4c2f-9684-a1c0a7ccb558\29d74871-a79a-4278-802e-2abd6c78891f.dll, Поставен под карантина, [da2f00907d0da6904c672ee2fa08aa56], PUP.Optional.InstallCore.C, C:\Program Files (x86)\27fbb95c-2d6b-4c2f-9684-a1c0a7ccb558\8ede2a3a-46b3-49d8-a089-3c72480a29dc.dll, Поставен под карантина, [64a5aee2c4c61b1b4d81a1ad8c7a669a], PUP.Optional.Nova.A, C:\Program Files (x86)\AGEIA Technologies\11de5d12-f845-413f-9bad-dd7d0e2954c4.dll, Поставен под карантина, [ca3fc2cec1c9b581189b3ed2b25042be], PUP.Optional.InstallCore.C, C:\Program Files (x86)\AGEIA Technologies\27fbb95c-2d6b-4c2f-9684-a1c0a7ccb558.dll, Поставен под карантина, [8188306082089d9921ada4aa09fd51af], Физически сектори: 0 (Не бяха открити злонамерени обекти) (end) Програмата Hitman Pro след като започне сканиране, windows ми я затваря и ми изписва, че търси решение онлайн. Не мога да открия от къде идва проблема... ? Поздрави!
  7. Бавно работещ браузър и постоянно изкачащи реклами

    # AdwCleaner v4.203 - Logfile created 02/05/2015 at 11:28:46 # Updated 30/04/2015 by Xplode # Database : 2015-04-30.2 [server] # Operating system : Windows 7 Professional (x64) # Username : PCuser - PCUSER-PC # Running from : C:\Users\PCuser\Downloads\adwcleaner_4.203.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\ProgramData\apn [!] Folder Deleted : C:\ProgramData\IHProtectUpDate [!] Folder Deleted : C:\Users\PCuser\AppData\Local\globalUpdate [!] Folder Deleted : C:\Users\PCuser\AppData\Roaming\OpenCandy [!] Folder Deleted : C:\Users\PCuser\AppData\Roaming\webssearches [!] Folder Deleted : C:\Users\PCuser\AppData\Roaming\IHlpr File Deleted : C:\Users\PCuser\AppData\Roaming\Mozilla\Firefox\Profiles\897w92pg.default\user.js ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Key Deleted : HKLM\SOFTWARE\29d74871-a79a-4278-802e-2abd6c78891f Key Deleted : HKLM\SOFTWARE\9d3efcb5-425d-44d9-92db-f46c7505a507 Key Deleted : HKLM\SOFTWARE\b26a8cdc-bf61-4a18-b0b0-8ae10ce4e7dd Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902263} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905563} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906663} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644904463} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D39539BB-F65E-4088-A9D1-6E5F01A42A3E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D39539BB-F65E-4088-A9D1-6E5F01A42A3E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902263} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905563} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906663} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\GlobalUpdate Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\GlobalUpdate Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions Key Deleted : HKLM\SOFTWARE\SupDp Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect Key Deleted : HKLM\SOFTWARE\webssearchesSoftware Key Deleted : HKLM\SOFTWARE\IHProtect Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E} Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\EFEE0228DC83E77358593193D847A0EC Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\EFEE0228DC83E77358593193D847A0EC Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EFEE0228DC83E77358593193D847A0EC Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Web browsers ] ***** -\\ Internet Explorer v8.0.7600.16385 -\\ Mozilla Firefox v37.0.2 (x86 bg) -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [8478 bytes] - [02/05/2015 11:24:54] AdwCleaner[s0].txt - [8406 bytes] - [02/05/2015 11:28:46] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8465 bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.6.7 (04.30.2015:1) OS: Windows 7 Professional x64 Ran by PCuser on бкЎ 02.05.2015 Ј. at 11:33:08,00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110611901163} ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\PCuser\AppData\Roaming\mozilla\firefox\profiles\897w92pg.default\minidumps [11 files] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on бкЎ 02.05.2015 Ј. at 11:39:41,17 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  8. Бавно работещ браузър и постоянно изкачащи реклами

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2015 01 Ran by PCuser at 2015-04-30 02:55:28 Run:1 Running from C:\Users\PCuser\Downloads Loaded Profiles: PCuser & UpdatusUser (Available profiles: PCuser & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-1378838648-2550132987-283054567-1001\...\MountPoints2: {312d021b-8b82-11e4-acb2-9cad9754caa8} - G:\SETUP.EXE GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.websse...q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...41E34TW369TW369 FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-04-24] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-04-24] <==== ATTENTION R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-19] (SysTool PasSame LIMITED) [File not signed] R1 {921265c3-88e5-40e1-8d74-df5314572900}Gw64; C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys [48784 2015-01-18] (StdLib) C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys 2015-04-06 21:31 - 2015-04-28 01:31 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-04-06 20:32 - 2015-04-28 09:17 - 00000678 _____ () C:\Windows\Tasks\quiz_games_updating_service.job 2015-04-06 20:32 - 2015-04-06 20:32 - 00003706 _____ () C:\Windows\System32\Tasks\quiz_games_updating_service 2015-04-06 20:31 - 2015-04-28 09:17 - 00001316 _____ () C:\Windows\Tasks\quiz_games_notification_service.job 2015-04-06 20:31 - 2015-04-06 20:32 - 00004342 _____ () C:\Windows\System32\Tasks\quiz_games_notification_service 2015-04-06 20:31 - 2015-04-06 20:31 - 00000000 ____D () C:\Program Files (x86)\quiz games 2015-04-04 22:18 - 2015-04-04 22:18 - 00000000 ____D () C:\Users\PCuser\AppData\Roaming\RecLib 2015-04-04 22:18 - 2015-04-04 22:18 - 00000000 ____D () C:\Users\PCuser\AppData\Roaming\{F194FD51-245F-4727-AF45-721B46A46794} 2015-03-31 11:14 - 2015-03-31 11:14 - 00004387 _____ () C:\Users\PCuser\AppData\Roaming\CC30ZgRZBATZdKt5NRUh0XuSkm 2015-03-31 11:14 - 2015-03-31 11:14 - 00004387 _____ () C:\Users\PCuser\AppData\Roaming\2dggzgqhG 2015-04-28 09:24 - 2015-01-19 03:24 - 00005514 _____ () C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-6.job 2015-04-28 09:17 - 2015-01-19 03:24 - 00005178 _____ () C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-7.job 2015-04-28 09:17 - 2015-01-19 03:24 - 00003120 _____ () C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-1.job 2015-04-28 00:17 - 2015-01-19 03:23 - 00000000 ____D () C:\Program Files (x86)\CinemaP-1.8cV18.01 2014-09-01 11:18 - 2014-09-01 11:18 - 0001248 _____ () C:\Users\PCuser\AppData\Roaming\FMEUD C:\ProgramData\WindowsMangerProtect C:\Program Files (x86)\XTab Task: {0C838C89-15C4-48C5-B7A0-105C2B8CA05F} - System32\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-6 => C:\Program Files (x86)\CinemaP-1.8cV18.01\37b2459c-00b4-410e-8598-7ea788db10b8-6.exe [2015-01-19] (Cinema PlusV18.01) <==== ATTENTION Task: {101F66FE-79A6-49EC-999E-1B05866FC54E} - System32\Tasks\quiz_games_notification_service => C:\Program Files (x86)\quiz games\quiz_games_notification_service.exe [2015-04-06] (FileProperties_CompanyName) <==== ATTENTION Task: {13C5A451-4D1F-405B-A7F3-A121BBCBDFBD} - System32\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-7 => C:\Program Files (x86)\CinemaP-1.8cV18.01\37b2459c-00b4-410e-8598-7ea788db10b8-7.exe <==== ATTENTION Task: {66E97112-E04D-4B9E-98A3-E8752779E632} - System32\Tasks\quiz_games_updating_service => C:\Program Files (x86)\quiz games\quiz_games_updating_service.exe [2015-04-06] () <==== ATTENTION Task: {BDC8E1A5-81B4-41CF-AABE-537F2FA1FA2A} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: {D75C191B-A179-4082-B75E-033D48576427} - System32\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-1 => C:\Program Files (x86)\CinemaP-1.8cV18.01\CinemaP-1.8cV18.01-codedownloader.exe <==== ATTENTION Task: {F6872351-81E4-470E-817F-47B9BDBC89E8} - System32\Tasks\{A55AC364-0CC7-45C6-9BDA-EB19F4DFEACA} => pcalua.exe -a C:\Users\PCuser\Downloads\SoftonicDownloader_for_daemon-tools-lite.exe -d C:\Users\PCuser\Downloads <==== ATTENTION Task: {F756CB35-01FB-405D-88EF-0BEC1C6F0B0B} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-1.job => C:\Program Files (x86)\CinemaP-1.8cV18.01\CinemaP-1.8cV18.01-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-6.job => C:\Program Files (x86)\CinemaP-1.8cV18.01\37b2459c-00b4-410e-8598-7ea788db10b8-6.exe <==== ATTENTION Task: C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-7.job => C:\Program Files (x86)\CinemaP-1.8cV18.01\37b2459c-00b4-410e-8598-7ea788db10b8-7.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\quiz_games_notification_service.job => C:\Program Files (x86)\quiz games\quiz_games_notification_service.exeж/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='quiz games' /appid='73143' /srcid='2913' /bic='dc3303d9dac691cbd71d71446ef16667' /verifier='bb7db6ab65b7efcd0ddfa7d09c9db7e6' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif <==== ATTENTION Task: C:\Windows\Tasks\quiz_games_updating_service.job => C:\Program Files (x86)\quiz games\quiz_games_updating_service.exe« /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=quiz_games_updating_service /funurl=http:/stats.buildomserv.com <==== ATTENTION cmd: bitsadmin /reset /allusers cmd: netsh winsock reset catalog cmd: ipconfig /flushdns EmptyTemp: end ***************** Restore point was successfully created. Processes closed successfully. "HKU\S-1-5-21-1378838648-2550132987-283054567-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{312d021b-8b82-11e4-acb2-9cad9754caa8}" => Key deleted successfully. HKCR\CLSID\{312d021b-8b82-11e4-acb2-9cad9754caa8} => Key not found. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKU\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-1378838648-2550132987-283054567-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901163}" => Key deleted successfully. HKCR\CLSID\{11111111-1111-1111-1111-110611901163} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901163}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611901163} => Key not found. HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => Key deleted successfully. C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js => Moved successfully. C:\Program Files (x86)\mozilla firefox\my.cfg => Moved successfully. IHProtect Service => Service deleted successfully. WindowsMangerProtect => Service deleted successfully. {921265c3-88e5-40e1-8d74-df5314572900}Gw64 => Service stopped successfully. {921265c3-88e5-40e1-8d74-df5314572900}Gw64 => Service deleted successfully. C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys => Moved successfully. C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully. C:\Windows\Tasks\quiz_games_updating_service.job => Moved successfully. C:\Windows\System32\Tasks\quiz_games_updating_service => Moved successfully. C:\Windows\Tasks\quiz_games_notification_service.job => Moved successfully. C:\Windows\System32\Tasks\quiz_games_notification_service => Moved successfully. C:\Program Files (x86)\quiz games => Moved successfully. C:\Users\PCuser\AppData\Roaming\RecLib => Moved successfully. C:\Users\PCuser\AppData\Roaming\{F194FD51-245F-4727-AF45-721B46A46794} => Moved successfully. C:\Users\PCuser\AppData\Roaming\CC30ZgRZBATZdKt5NRUh0XuSkm => Moved successfully. C:\Users\PCuser\AppData\Roaming\2dggzgqhG => Moved successfully. C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-6.job => Moved successfully. C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-7.job => Moved successfully. C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-1.job => Moved successfully. C:\Program Files (x86)\CinemaP-1.8cV18.01 => Moved successfully. C:\Users\PCuser\AppData\Roaming\FMEUD => Moved successfully. C:\ProgramData\WindowsMangerProtect => Moved successfully. C:\Program Files (x86)\XTab => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C838C89-15C4-48C5-B7A0-105C2B8CA05F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C838C89-15C4-48C5-B7A0-105C2B8CA05F}" => Key deleted successfully. C:\Windows\System32\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-6 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\37b2459c-00b4-410e-8598-7ea788db10b8-6" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{101F66FE-79A6-49EC-999E-1B05866FC54E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{101F66FE-79A6-49EC-999E-1B05866FC54E}" => Key deleted successfully. C:\Windows\System32\Tasks\quiz_games_notification_service not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\quiz_games_notification_service" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13C5A451-4D1F-405B-A7F3-A121BBCBDFBD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13C5A451-4D1F-405B-A7F3-A121BBCBDFBD}" => Key deleted successfully. C:\Windows\System32\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-7 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\37b2459c-00b4-410e-8598-7ea788db10b8-7" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66E97112-E04D-4B9E-98A3-E8752779E632}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66E97112-E04D-4B9E-98A3-E8752779E632}" => Key deleted successfully. C:\Windows\System32\Tasks\quiz_games_updating_service not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\quiz_games_updating_service" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BDC8E1A5-81B4-41CF-AABE-537F2FA1FA2A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDC8E1A5-81B4-41CF-AABE-537F2FA1FA2A}" => Key deleted successfully. C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D75C191B-A179-4082-B75E-033D48576427}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D75C191B-A179-4082-B75E-033D48576427}" => Key deleted successfully. C:\Windows\System32\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-1 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\37b2459c-00b4-410e-8598-7ea788db10b8-1" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6872351-81E4-470E-817F-47B9BDBC89E8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6872351-81E4-470E-817F-47B9BDBC89E8}" => Key deleted successfully. C:\Windows\System32\Tasks\{A55AC364-0CC7-45C6-9BDA-EB19F4DFEACA} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A55AC364-0CC7-45C6-9BDA-EB19F4DFEACA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F756CB35-01FB-405D-88EF-0BEC1C6F0B0B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F756CB35-01FB-405D-88EF-0BEC1C6F0B0B}" => Key deleted successfully. C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully. C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-1.job not found. C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-6.job not found. C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-7.job not found. C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully. C:\Windows\Tasks\quiz_games_notification_service.job not found. C:\Windows\Tasks\quiz_games_updating_service.job not found. ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7600 ] BITS administration utility. © Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {0453014B-2B00-480B-8189-0F66B8DA9167}. {B9E5DE42-B250-4510-81B1-2EE43A8ED0EC} canceled. {BA872D94-C0CC-4A1B-81BD-74CD12CC9E57} canceled. 2 out of 3 jobs canceled. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => Removed 62.4 MB temporary data. The system needed a reboot. ==== End of Fixlog 02:56:55 ====
  9. Бавно работещ браузър и постоянно изкачащи реклами

    Благодаря изключително много!!!
  10. Бавно работещ браузър и постоянно изкачащи реклами

    Съжалявам, заповядайте. Addition.txt
  11. Бавно работещ браузър и постоянно изкачащи реклами

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01 Ran by PCuser (administrator) on PCUSER-PC on 28-04-2015 09:26:14 Running from C:\Users\PCuser\Downloads Loaded Profiles: PCuser & UpdatusUser (Available profiles: PCuser & UpdatusUser) Platform: Windows 7 Professional (X64) OS Language: Български (България) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (XTab system) C:\Program Files (x86)\XTab\ProtectService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe (XTab system) C:\Program Files (x86)\XTab\HPNotify.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Cinema PlusV18.01) C:\Program Files (x86)\CinemaP-1.8cV18.01\37b2459c-00b4-410e-8598-7ea788db10b8-6.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Users\PCuser\AppData\Local\Viber\Viber.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (FileProperties_CompanyName) C:\Program Files (x86)\quiz games\quiz_games_notification_service.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778352 2014-12-24] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-20] (Realtek Semiconductor) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-04-03] (AVAST Software) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-12-24] (Intel Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®) HKU\S-1-5-21-1378838648-2550132987-283054567-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd) HKU\S-1-5-21-1378838648-2550132987-283054567-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1378838648-2550132987-283054567-1000\...\Run: [Viber] => C:\Users\PCuser\AppData\Local\Viber\Viber.exe [776400 2015-02-25] () HKU\S-1-5-21-1378838648-2550132987-283054567-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-1378838648-2550132987-283054567-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd) HKU\S-1-5-21-1378838648-2550132987-283054567-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) HKU\S-1-5-21-1378838648-2550132987-283054567-1001\...\MountPoints2: {312d021b-8b82-11e4-acb2-9cad9754caa8} - G:\SETUP.EXE AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2014-01-07] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2014-01-07] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-12-24] (AVAST Software) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.?type=hppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.?type=hppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1421627221&from=obw&uid=WDCXWD10JPVX-22JC3T0_WD-WX41E34TW369TW369&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.web/?type=dspp&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.?type=hppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.?type=hppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1421627221&from=obw&uid=WDCXWD10JPVX-22JC3T0_WD-WX41E34TW369TW369&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.web/?type=dspp&q={searchTerms} HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.web/?type=dspp&q={searchTerms} HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.?type=hppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.?type=hppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp HKU\S-1-5-21-1378838648-2550132987-283054567-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.web/?type=dspp&q={searchTerms} HKU\S-1-5-21-1378838648-2550132987-283054567-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157 HKU\S-1-5-21-1378838648-2550132987-283054567-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.web/?type=dspp&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.web/?type=dspp&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1378838648-2550132987-283054567-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.web/?type=dspp&q={searchTerms} SearchScopes: HKU\S-1-5-21-1378838648-2550132987-283054567-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.web/?type=dspp&q={searchTerms} SearchScopes: HKU\S-1-5-21-1378838648-2550132987-283054567-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150404__yaie&p={searchTerms} SearchScopes: HKU\S-1-5-21-1378838648-2550132987-283054567-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: No Name -> {11111111-1111-1111-1111-110611901163} -> No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-24] (AVAST Software) BHO-x32: No Name -> {11111111-1111-1111-1111-110611901163} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-24] (AVAST Software) Toolbar: HKU\S-1-5-21-1378838648-2550132987-283054567-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: WSISAllmytubechrome - No CLSID Value Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 217.9.232.206 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1421627221&from=obw&uid=WDCXWD10JPVX-22JC3T0_WD-WX41E34TW369TW369 FireFox: ======== FF ProfilePath: C:\Users\PCuser\AppData\Roaming\Mozilla\Firefox\Profiles\897w92pg.default FF DefaultSearchEngine: Google (avast) FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006 FF SearchEngineOrder.1: Google (avast) FF SelectedSearchEngine: FF Homepage: www.google.bg FF Keyword.URL: https://www.google.com/search/?trackid=sp-006 FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-12-24] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-12-24] (Intel Corporation) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF SearchPlugin: C:\Users\PCuser\AppData\Roaming\Mozilla\Firefox\Profiles\897w92pg.default\searchplugins\google-avast.xml [2015-04-28] FF SearchPlugin: C:\Users\PCuser\AppData\Roaming\Mozilla\Firefox\Profiles\897w92pg.default\searchplugins\google-default.xml [2015-04-06] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\.xml [2015-04-28] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml [2015-04-03] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2015-04-03] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml [2015-04-03] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2015-04-03] FF Extension: YouTube mp3 - C:\Users\PCuser\AppData\Roaming\Mozilla\Firefox\Profiles\897w92pg.default\Extensions\info@youtube-mp3.org.xpi [2015-01-20] FF Extension: Google™ Translator Lite - C:\Users\PCuser\AppData\Roaming\Mozilla\Firefox\Profiles\897w92pg.default\Extensions\jid1-f3mYMbCpz2AZYl@jetpack.xpi [2015-04-22] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-24] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-04-24] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-04-24] <==== ATTENTION Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-24] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-24] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [319104 2014-02-25] (Windows ® Win 7 DDK provider) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-24] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-24] (Avast Software) R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-02-08] (Macrovision Europe Ltd.) [File not signed] R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-12-24] (Intel Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-19] (SysTool PasSame LIMITED) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Ak27x64; C:\Windows\System32\DRIVERS\Ak27x64.sys [4057808 2013-09-04] (Qualcomm Atheros, Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-24] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-24] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-24] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-24] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-24] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-24] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-24] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-24] () S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-12-24] (Disc Soft Ltd) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-12-24] (Intel Corporation) R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [466136 2014-12-24] (Realsil Semiconductor Corporation) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-24] (Avast Software) R1 {921265c3-88e5-40e1-8d74-df5314572900}Gw64; C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys [48784 2015-01-18] (StdLib) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-28 09:26 - 2015-04-28 09:26 - 00018740 _____ () C:\Users\PCuser\Downloads\FRST.txt 2015-04-28 09:25 - 2015-04-28 09:26 - 00000000 ____D () C:\FRST 2015-04-28 09:24 - 2015-04-28 09:24 - 02100736 _____ (Farbar) C:\Users\PCuser\Downloads\FRST64.exe 2015-04-28 01:09 - 2015-04-28 01:09 - 00000197 _____ () C:\Windows\system32\2015-04-27-22-09-36.032-AvastVBoxSVC.exe-2436.log 2015-04-28 01:06 - 2015-04-28 01:06 - 00000930 _____ () C:\Windows\PFRO.log 2015-04-28 01:06 - 2015-04-28 01:06 - 00000056 _____ () C:\Windows\setupact.log 2015-04-28 01:06 - 2015-04-28 01:06 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-28 00:14 - 2015-04-28 00:15 - 00000000 ____D () C:\Program Files\CCleaner 2015-04-28 00:14 - 2015-04-28 00:14 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-04-28 00:14 - 2015-04-28 00:14 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-04-28 00:14 - 2015-04-28 00:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-04-27 17:09 - 2015-04-27 17:09 - 00000197 _____ () C:\Windows\system32\2015-04-27-14-09-10.085-AvastVBoxSVC.exe-3136.log 2015-04-24 03:27 - 2015-04-28 00:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-21 16:53 - 2015-04-21 16:53 - 00000197 _____ () C:\Windows\system32\2015-04-21-13-53-19.036-AvastVBoxSVC.exe-3332.log 2015-04-18 22:41 - 2015-04-18 22:41 - 01128448 _____ () C:\Users\PCuser\Desktop\АТОМ-1.ppt 2015-04-18 22:09 - 2015-04-18 22:09 - 01111552 _____ () C:\Users\PCuser\Desktop\Атом3.ppt 2015-04-18 21:24 - 2015-04-18 21:29 - 02666800 _____ () C:\Users\PCuser\Desktop\Ключът-към-Космоса2.pptx 2015-04-16 00:09 - 2015-04-16 00:09 - 00000197 _____ () C:\Windows\system32\2015-04-15-21-09-04.010-AvastVBoxSVC.exe-2964.log 2015-04-15 23:54 - 2015-04-28 01:16 - 00001135 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-04-15 23:54 - 2015-04-28 01:16 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-04-15 23:53 - 2015-04-27 17:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-12 23:45 - 2015-04-12 23:45 - 00000197 _____ () C:\Windows\system32\2015-04-12-20-45-30.018-AvastVBoxSVC.exe-5312.log 2015-04-12 05:07 - 2015-04-12 05:08 - 00000000 ____D () C:\ProgramData\iSkysoft iTube Studio 2015-04-12 05:07 - 2015-04-12 05:07 - 00000000 ____D () C:\Users\PCuser\AppData\Local\iSkysoft 2015-04-12 05:07 - 2015-04-12 05:07 - 00000000 ____D () C:\ProgramData\iSkysoft Application Common Data 2015-04-12 05:07 - 2015-04-12 05:07 - 00000000 ____D () C:\Program Files\Common Files\iSkysoft 2015-04-12 02:01 - 2015-04-12 02:01 - 00000197 _____ () C:\Windows\system32\2015-04-11-23-01-46.093-AvastVBoxSVC.exe-5380.log 2015-04-09 20:13 - 2015-04-09 20:13 - 00000197 _____ () C:\Windows\system32\2015-04-09-17-13-50.048-AvastVBoxSVC.exe-5740.log 2015-04-09 15:47 - 2015-04-09 15:47 - 00000197 _____ () C:\Windows\system32\2015-04-09-12-47-53.088-AvastVBoxSVC.exe-4704.log 2015-04-09 14:52 - 2015-04-22 16:16 - 00000000 ____D () C:\AmericasCardroom 2015-04-09 14:52 - 2015-04-09 14:52 - 00001562 _____ () C:\Users\Public\Desktop\AmericasCardroom.lnk 2015-04-09 14:52 - 2015-04-09 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmericasCardroom 2015-04-09 14:50 - 2015-04-09 14:52 - 15600336 _____ () C:\Users\PCuser\Downloads\americascardroom_com.exe 2015-04-09 13:37 - 2015-04-09 13:37 - 00880208 _____ (Google Inc.) C:\Users\PCuser\Downloads\ChromeSetup.exe 2015-04-09 01:18 - 2015-04-16 00:01 - 00000000 ____D () C:\Users\PCuser\AppData\Roaming\TeamViewer 2015-04-09 01:18 - 2015-04-09 01:19 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-04-09 01:18 - 2015-04-09 01:18 - 00001043 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-04-09 01:18 - 2015-04-09 01:18 - 00001031 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-04-09 01:09 - 2015-04-09 01:09 - 07971440 _____ (TeamViewer GmbH) C:\Users\PCuser\Downloads\TeamViewer_Setup_bg.exe 2015-04-06 21:31 - 2015-04-28 01:31 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-04-06 20:32 - 2015-04-28 09:17 - 00000678 _____ () C:\Windows\Tasks\quiz_games_updating_service.job 2015-04-06 20:32 - 2015-04-06 20:32 - 00003706 _____ () C:\Windows\System32\Tasks\quiz_games_updating_service 2015-04-06 20:31 - 2015-04-28 09:17 - 00001316 _____ () C:\Windows\Tasks\quiz_games_notification_service.job 2015-04-06 20:31 - 2015-04-06 20:32 - 00004342 _____ () C:\Windows\System32\Tasks\quiz_games_notification_service 2015-04-06 20:31 - 2015-04-06 20:31 - 00000000 ____D () C:\Program Files (x86)\quiz games 2015-04-06 15:39 - 2015-04-06 15:39 - 00000197 _____ () C:\Windows\system32\2015-04-06-12-39-10.011-AvastVBoxSVC.exe-3196.log 2015-04-04 22:21 - 2015-03-12 11:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2015-04-04 22:21 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2015-04-04 22:18 - 2015-04-04 22:18 - 00000000 ____D () C:\Users\PCuser\AppData\Roaming\RecLib 2015-04-04 22:18 - 2015-04-04 22:18 - 00000000 ____D () C:\Users\PCuser\AppData\Roaming\{F194FD51-245F-4727-AF45-721B46A46794} 2015-04-04 01:09 - 2015-04-04 11:18 - 257648234 _____ () C:\Users\PCuser\Downloads\Untitled-1.psd 2015-04-03 23:18 - 2015-04-03 23:18 - 00000197 _____ () C:\Windows\system32\2015-04-03-20-18-28.050-AvastVBoxSVC.exe-2612.log 2015-04-03 23:17 - 2015-04-16 00:01 - 00000000 ____D () C:\Windows\Minidump 2015-04-03 14:09 - 2015-04-28 01:08 - 00000000 ____D () C:\Users\PCuser\AppData\Roaming\ViberPC 2015-04-03 14:09 - 2015-04-03 14:09 - 00000998 _____ () C:\Users\PCuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk 2015-04-03 14:09 - 2015-04-03 14:09 - 00000990 _____ () C:\Users\PCuser\Desktop\Viber.lnk 2015-04-03 14:08 - 2015-04-28 01:08 - 00000000 ____D () C:\Users\PCuser\AppData\Local\Viber 2015-04-03 13:55 - 2015-04-03 13:55 - 00000197 _____ () C:\Windows\system32\2015-04-03-10-55-08.051-AvastVBoxSVC.exe-2972.log 2015-04-01 15:10 - 2015-04-01 15:10 - 00000197 _____ () C:\Windows\system32\2015-04-01-12-10-22.064-AvastVBoxSVC.exe-2312.log 2015-03-31 11:14 - 2015-03-31 11:14 - 00004387 _____ () C:\Users\PCuser\AppData\Roaming\CC30ZgRZBATZdKt5NRUh0XuSkm 2015-03-31 11:14 - 2015-03-31 11:14 - 00004387 _____ () C:\Users\PCuser\AppData\Roaming\2dggzgqhG ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-28 09:24 - 2015-01-19 03:24 - 00005514 _____ () C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-6.job 2015-04-28 09:17 - 2015-01-19 03:24 - 00005178 _____ () C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-7.job 2015-04-28 09:17 - 2015-01-19 03:24 - 00003120 _____ () C:\Windows\Tasks\37b2459c-00b4-410e-8598-7ea788db10b8-1.job 2015-04-28 09:17 - 2015-01-19 03:24 - 00000976 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-04-28 09:17 - 2014-12-24 17:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-04-28 09:17 - 2014-12-24 17:13 - 00782728 _____ () C:\Windows\WindowsUpdate.log 2015-04-28 03:09 - 2009-07-14 07:45 - 00009792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-28 03:09 - 2009-07-14 07:45 - 00009792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-28 02:29 - 2015-01-19 03:24 - 00000972 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-04-28 01:07 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-28 00:17 - 2015-01-19 03:23 - 00000000 ____D () C:\Program Files (x86)\CinemaP-1.8cV18.01 2015-04-28 00:17 - 2014-12-25 00:07 - 00000000 ____D () C:\Users\PCuser\AppData\Local\CrashDumps 2015-04-28 00:15 - 2014-12-24 18:41 - 00000000 ____D () C:\Users\PCuser\AppData\Roaming\uTorrent 2015-04-28 00:04 - 2014-12-24 21:32 - 00000000 ____D () C:\Users\PCuser\AppData\Local\PokerStars.BG 2015-04-25 10:43 - 2014-12-24 21:31 - 00000000 ____D () C:\Program Files (x86)\PokerStars.BG 2015-04-22 10:18 - 2015-01-20 17:29 - 00000000 ____D () C:\ProgramData\Nero 2015-04-16 00:00 - 2014-12-24 17:37 - 00000000 ____D () C:\Program Files (x86)\Google 2015-04-09 16:21 - 2015-01-04 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Games 2015-04-09 15:49 - 2009-07-14 08:13 - 00717892 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-09 15:44 - 2009-07-14 07:45 - 05311904 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-09 15:37 - 2014-12-24 18:41 - 00000000 ____D () C:\Users\PCuser\AppData\Roaming\Skype 2015-04-09 11:07 - 2014-12-24 17:36 - 00118960 _____ () C:\Users\PCuser\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-04 22:22 - 2014-12-24 22:42 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-04-04 22:19 - 2014-12-24 18:18 - 00000000 ____D () C:\Users\PCuser\AppData\Local\Adobe 2015-04-04 02:42 - 2014-12-24 17:59 - 00000000 ____D () C:\Users\PCuser\Documents\Bluetooth Folder 2015-04-02 10:26 - 2009-07-14 05:34 - 00000862 _____ () C:\Windows\win.ini 2015-04-02 10:25 - 2015-01-19 05:40 - 00000496 __RSH () C:\ProgramData\ntuser.pol ==================== Files in the root of some directories ======= 2015-03-31 11:14 - 2015-03-31 11:14 - 0004387 _____ () C:\Users\PCuser\AppData\Roaming\2dggzgqhG 2015-03-31 11:14 - 2015-03-31 11:14 - 0004387 _____ () C:\Users\PCuser\AppData\Roaming\CC30ZgRZBATZdKt5NRUh0XuSkm 2014-09-01 11:18 - 2014-09-01 11:18 - 0001248 _____ () C:\Users\PCuser\AppData\Roaming\FMEUD 2015-02-13 09:48 - 2015-02-16 16:03 - 0000088 __RSH () C:\ProgramData\C45795A5EA.sys 2014-12-24 18:55 - 2014-12-24 18:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-02-13 09:48 - 2015-02-16 16:09 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-24 14:29 ==================== End Of Log ============================
  12. Здравейте, последно време се опитвам да се преборя с постоянно изкачащите рекламки в браузъра. Компютъра работи изключително бавно. Опитах с някои адблок програмки, но никаква полза. С всеки изминал ден имам чувството, че се влошават нещата. Бих бил изключително благодарен ако някой може да ми помогне. Благодаря предварително. Поздрави!
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.