Премини към съдържанието

gowent

Потребител
  • Публикации

    12
  • Регистрация

  • Последно онлайн

Харесвания

1 Неутрална репутация

Всичко за gowent

  • Титла
    Потребител
  1. Деинсталирах двете програми. Вече имах версия на Malwarebytes, ето го и лога от сканирането: Malwarebytes Anti-Malware www.malwarebytes.org Дата на сканиране: 22.8.2016 г. Час на сканиране: 22:57 Дневник: Администратор: Да Версия: 2.2.1.1043 База от данни за злонамерен софтуер: v2016.08.22.08 База от данни за рууткити: v2016.08.15.01 Лиценз: Безплатен Защита от злонамерен софтуер: Забранено Защита от злонамерени страници: Забранено Самозащита: Забранено ОС: Windows 8.1 Процесор: x64 Файлова система: NTFS Потребител: Home Тип сканиране: Сканиране за заплахи Резултат: Завършено Сканиране обекти: 295880 Изминало време: 12 мин. 20 сек. Памет: Разрешено Начално стартиране: Разрешено Файлова система: Разрешено Архиви: Разрешено Рууткити: Разрешено Евристика: Разрешено ПНП: Разрешено ПНИ: Разрешено Процеси: 0 (Не бяха открити злонамерени обекти) Модули: 0 (Не бяха открити злонамерени обекти) Ключове в системния регистър: 0 (Не бяха открити злонамерени обекти) Стойности в системния регистър: 0 (Не бяха открити злонамерени обекти) Данни в системния регистър: 0 (Не бяха открити злонамерени обекти) Папки: 0 (Не бяха открити злонамерени обекти) Файлове: 0 (Не бяха открити злонамерени обекти) Физически сектори: 0 (Не бяха открити злонамерени обекти) (end) След като натиснах на View Report, прилагам следния лог : Emsisoft Emergency Kit - Version 11.9 Last update: 22.8.2016 г. 23:18:04 User account: USER\Home Computer name: USER OS version: Windows 8.1x64 Scan settings: Scan type: Custom Scan Objects: Rootkits, Memory, Traces, C:\ Detect PUPs: On Scan archives: On ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 22.8.2016 г. 23:19:13 C:\Windows\SECOH-QAD.dll detected: Riskware.NetTool (A) Scanned 258484 Found 1 Scan end: 22.8.2016 г. 23:50:11 Scan time: 0:30:58 И лог от FRST.txt : Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01 Ran by Home (administrator) on USER (22-08-2016 23:57:49) Running from C:\Users\Home\Desktop Loaded Profiles: Home (Available Profiles: Home) Platform: Windows 8.1 Pro (Update) (X64) Language: Български (България) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (LolBoT.) C:\Users\Home\Desktop\Spam BoT v1.6.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Emsisoft Ltd) C:\EEK\bin64\a2emergencykit.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Farbar) C:\Users\Home\Desktop\FRST64 (1).exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1156656 2016-08-18] (CyberGhost S.R.L.) HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 217.18.241.110 62.221.132.218 Tcpip\..\Interfaces\{F0633EB8-7F25-4AC3-B3AF-52B66A40127F}: [DhcpNameServer] 217.18.241.110 62.221.132.218 Internet Explorer: ================== HKU\S-1-5-21-340910651-1706132204-2474600806-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.bg/ SearchScopes: HKU\S-1-5-21-340910651-1706132204-2474600806-1001 -> DefaultScope {E6A0ADEC-9673-4D7B-AAF9-A6CD68FBC2DD} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-340910651-1706132204-2474600806-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-340910651-1706132204-2474600806-1001 -> {E6A0ADEC-9673-4D7B-AAF9-A6CD68FBC2DD} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\9c9lz5ps.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-11-29] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-11-29] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.) FF Extension: AdBlocker Ultimate - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\9c9lz5ps.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-07-02] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.bg/ CHR StartupUrls: Default -> "hxxps://www.google.bg/" CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Презентации) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-11] CHR Extension: (Google Документи) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-11] CHR Extension: (Google Диск) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-11] CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-08] CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-11] CHR Extension: (Google Търсене) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-11] CHR Extension: (Електронни таблици от Google) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-11] CHR Extension: (Google Документи офлайн) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-28] CHR Extension: (goo.gl URL Shortener) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2016-01-11] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-11] CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18] Opera: ======= StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [71728 2016-08-18] (CyberGhost S.R.L) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2541192 2016-06-23] (ESET) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164736 2012-11-29] (Intel Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4192344 2016-03-09] (INCA Internet Co., Ltd.) S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2015-05-29] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263336 2016-06-23] (ESET) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET) S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15488 2016-06-23] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [197288 2016-06-23] (ESET) R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [181416 2016-06-23] (ESET) R1 epp; C:\EEK\bin64\epp.sys [116944 2016-06-30] (Emsisoft Ltd) S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [119712 2016-06-16] (Oracle Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) U4 ekbdflt; \SystemRoot\system32\DRIVERS\ekbdflt.sys [X] U4 epfw; \SystemRoot\system32\DRIVERS\epfw.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-22 23:15 - 2016-08-22 23:51 - 00000000 ____D C:\EEK 2016-08-22 22:53 - 2016-08-22 22:53 - 00000085 _____ C:\Windows\wininit.ini 2016-08-22 16:23 - 2016-08-22 23:57 - 00013927 _____ C:\Users\Home\Desktop\FRST.txt 2016-08-22 16:23 - 2016-08-22 16:25 - 00034268 _____ C:\Users\Home\Desktop\Addition.txt 2016-08-22 16:22 - 2016-08-22 16:22 - 02396672 _____ (Farbar) C:\Users\Home\Desktop\FRST64 (1).exe 2016-08-19 23:42 - 2016-08-19 23:43 - 00000000 ____D C:\Users\Home\AppData\Local\CyberGhost 2016-08-19 23:40 - 2016-08-20 05:57 - 00001744 _____ C:\Users\Home\Desktop\CyberGhost 6.lnk 2016-08-19 23:40 - 2016-08-19 23:42 - 00000000 ____D C:\Program Files\TAP-Windows 2016-08-19 23:40 - 2016-08-19 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6 2016-08-19 21:41 - 2013-08-22 16:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160819-214126.backup 2016-08-19 21:35 - 2016-08-19 21:35 - 00000000 ____D C:\Program Files\Common Files\AV 2016-08-19 21:33 - 2016-08-22 22:54 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-08-19 21:33 - 2016-08-22 22:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-08-19 21:33 - 2016-08-19 21:33 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2016-08-12 23:13 - 2016-08-12 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2016-08-12 23:13 - 2016-08-12 23:13 - 00000000 ____D C:\ProgramData\ESET 2016-08-12 22:53 - 2016-08-12 22:53 - 00000000 ____D C:\Users\Home\AppData\Local\ESET 2016-08-12 19:11 - 2016-08-22 23:57 - 00000000 ____D C:\FRST 2016-08-12 18:52 - 2016-08-12 19:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2016-08-12 18:48 - 2016-08-12 18:48 - 00000000 ____D C:\Users\Home\AppData\Local\PackageAware 2016-08-12 18:48 - 2016-08-12 18:48 - 00000000 ____D C:\ProgramData\Webroot 2016-08-10 23:04 - 2016-08-10 23:35 - 00135698 _____ C:\Windows\ntbtlog.txt 2016-08-10 22:54 - 2016-08-10 23:04 - 00000000 ____D C:\Users\Home\AppData\Local\FSDART 2016-08-10 22:54 - 2016-08-10 22:56 - 00000000 ____D C:\ProgramData\F-Secure 2016-08-10 22:54 - 2016-08-10 22:54 - 00000000 ____D C:\Users\Home\AppData\Local\F-Secure 2016-08-10 22:39 - 2016-08-22 14:39 - 00000518 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e948b6d5-3326-404d-a121-aaf5de858a09.job 2016-08-10 22:39 - 2016-08-10 22:39 - 00003480 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e948b6d5-3326-404d-a121-aaf5de858a09 2016-08-10 22:39 - 2016-08-10 22:39 - 00000000 ____D C:\Users\Home\AppData\Roaming\SUPERAntiSpyware.com 2016-08-10 22:38 - 2016-08-10 22:38 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2016-08-10 13:50 - 2016-08-02 09:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-08-10 13:50 - 2016-08-02 09:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-08-10 13:50 - 2016-08-02 09:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-08-10 13:50 - 2016-08-02 09:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-08-10 13:50 - 2016-08-02 09:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-08-10 13:50 - 2016-08-02 09:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-08-10 13:50 - 2016-08-02 08:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-08-10 13:50 - 2016-08-02 08:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-08-10 13:50 - 2016-08-02 08:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-08-10 13:50 - 2016-08-02 08:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-08-10 13:50 - 2016-08-02 08:46 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-08-10 13:50 - 2016-08-02 08:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-08-10 13:50 - 2016-08-02 08:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-08-10 13:50 - 2016-08-02 08:39 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-08-10 13:50 - 2016-08-02 08:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-08-10 13:50 - 2016-08-02 08:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-08-10 13:50 - 2016-08-02 08:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-08-10 13:50 - 2016-08-02 08:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-08-10 13:50 - 2016-08-02 08:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-08-10 13:50 - 2016-08-02 08:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-08-10 13:50 - 2016-08-02 08:20 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-08-10 13:50 - 2016-08-02 08:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-08-10 13:50 - 2016-08-02 08:15 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-08-10 13:50 - 2016-08-02 08:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-08-10 13:50 - 2016-08-02 08:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-08-10 13:50 - 2016-08-02 08:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-08-10 13:50 - 2016-08-02 07:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-08-10 13:50 - 2016-08-02 07:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-08-10 13:50 - 2016-08-02 07:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-08-10 13:50 - 2016-08-02 07:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-08-10 13:50 - 2016-07-08 17:18 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-08-10 13:48 - 2016-07-12 17:08 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll 2016-08-10 13:48 - 2016-07-09 03:09 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-08-10 13:48 - 2016-07-09 03:08 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-08-10 13:48 - 2016-07-08 17:32 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2016-08-10 13:48 - 2016-07-08 17:25 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2016-08-10 13:48 - 2016-07-08 17:22 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-08-10 13:48 - 2016-07-08 17:19 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll 2016-08-10 13:48 - 2016-07-08 17:17 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll 2016-08-10 13:48 - 2016-07-08 01:33 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-08-10 13:48 - 2016-07-08 00:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-08-10 13:48 - 2016-07-07 23:06 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-08-10 13:48 - 2016-07-06 17:26 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2016-08-10 13:48 - 2016-07-06 17:26 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll 2016-08-10 13:48 - 2016-07-06 17:23 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll 2016-08-10 13:48 - 2016-07-06 17:21 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2016-07-31 12:03 - 2016-08-04 00:14 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-07-31 12:03 - 2016-08-04 00:14 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-07-31 12:02 - 2016-08-22 23:12 - 00001016 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-31 12:02 - 2016-08-22 22:54 - 00001012 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-31 12:02 - 2016-07-31 12:07 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-28 04:44 - 2016-03-09 13:51 - 04192344 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des 2016-07-28 04:43 - 2016-07-28 04:43 - 00000000 ____D C:\Program Files\Common Files\INCA Shared 2016-07-28 04:43 - 2004-12-30 15:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys 2016-07-28 04:43 - 2003-07-16 00:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd 2016-07-28 04:36 - 2016-07-28 04:36 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webzen 2016-07-28 04:21 - 2016-07-28 04:27 - 00000000 ____D C:\ProgramData\WEBZEN ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-22 23:52 - 2016-01-11 20:52 - 00000000 ____D C:\Users\Home\Desktop\Архив - ДС 2016-08-22 23:25 - 2016-01-11 17:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-08-22 23:09 - 2016-01-11 17:43 - 00000000 ____D C:\Users\Home\AppData\Local\ClassicShell 2016-08-22 22:59 - 2016-01-11 17:24 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-340910651-1706132204-2474600806-1001 2016-08-22 22:57 - 2016-04-10 01:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-08-22 22:54 - 2016-01-11 17:44 - 00000000 __SHD C:\Users\Home\IntelGraphicsProfiles 2016-08-22 22:54 - 2016-01-11 17:40 - 00000284 _____ C:\Windows\Tasks\AutoKMS.job 2016-08-22 22:54 - 2016-01-11 17:18 - 00000000 ____D C:\Users\Home 2016-08-22 22:54 - 2013-08-22 17:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-08-22 22:50 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\NDF 2016-08-22 19:46 - 2016-01-11 17:28 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{00D94D0E-AC24-41C8-A8A1-1ECCB56AC88E} 2016-08-22 17:35 - 2016-01-11 20:55 - 09635840 ___SH C:\Users\Home\Desktop\Thumbs.db 2016-08-21 05:47 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Inf 2016-08-21 03:53 - 2016-01-14 22:43 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-08-21 02:05 - 2016-01-12 19:12 - 00047512 _____ C:\Windows\system32\perfh002.dat 2016-08-21 02:05 - 2016-01-12 19:12 - 00011800 _____ C:\Windows\system32\perfc002.dat 2016-08-21 02:05 - 2014-03-18 18:45 - 00907186 _____ C:\Windows\system32\PerfStringBackup.INI 2016-08-19 23:43 - 2016-07-11 13:25 - 00000000 ____D C:\Program Files\CyberGhost 6 2016-08-19 17:51 - 2016-01-11 17:27 - 00000000 ____D C:\Users\Home\AppData\Local\Google 2016-08-18 02:17 - 2016-06-23 20:20 - 00007620 _____ C:\Users\Home\AppData\Local\Resmon.ResmonCfg 2016-08-18 01:00 - 2016-01-12 18:23 - 00000000 ____D C:\Users\Home\AppData\Local\ElevatedDiagnostics 2016-08-17 15:33 - 2013-08-22 18:20 - 00000000 ____D C:\Windows\CbsTemp 2016-08-12 23:58 - 2016-01-12 01:22 - 00000000 ____D C:\Users\Home\AppData\Roaming\vlc 2016-08-12 23:13 - 2016-01-11 17:41 - 00000000 ____D C:\Program Files\ESET 2016-08-12 23:07 - 2016-01-11 17:17 - 00000000 ____D C:\Program Files\KMSpico 2016-08-12 20:25 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\AppReadiness 2016-08-12 19:45 - 2016-01-11 20:27 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-08-12 19:27 - 2016-04-16 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-08-11 16:48 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\rescache 2016-08-10 15:55 - 2013-08-22 17:44 - 00483920 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-10 15:54 - 2013-08-22 16:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-08-10 15:52 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\LiveKernelReports 2016-08-10 15:50 - 2013-08-22 18:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-08-10 15:44 - 2016-01-11 20:27 - 00000000 ____D C:\Windows\system32\MRT 2016-08-10 15:37 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\SecureBootUpdates 2016-08-10 13:46 - 2016-06-24 21:45 - 00563024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-08-10 13:46 - 2016-06-24 21:45 - 00397232 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2016-08-10 13:46 - 2016-06-24 21:45 - 00340880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2016-08-10 13:46 - 2016-06-24 21:45 - 00178016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-08-07 21:24 - 2016-05-12 16:40 - 00000000 ____D C:\Program Files\CyberGhost 5 2016-08-07 18:08 - 2016-01-11 17:18 - 00000000 ____D C:\Users\Home\AppData\Local\Packages 2016-08-05 14:24 - 2013-08-22 18:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2016-07-31 12:07 - 2016-01-11 17:26 - 00003988 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-31 12:02 - 2016-01-11 17:26 - 00000000 ____D C:\Program Files (x86)\Google 2016-07-31 02:18 - 2014-03-18 18:17 - 00000000 ____D C:\Windows\ShellNew 2016-07-28 08:07 - 2016-01-11 17:38 - 00000000 ____D C:\Users\Home\AppData\Roaming\uTorrent 2016-07-28 04:41 - 2016-01-11 17:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-07-27 22:25 - 2016-01-11 19:56 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-07-23 07:07 - 2016-01-11 17:45 - 00000000 ____D C:\Users\Home\AppData\Roaming\Skype 2016-07-23 07:01 - 2016-01-11 17:32 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-07-23 07:01 - 2016-01-11 17:32 - 00000000 ____D C:\ProgramData\Skype ==================== Files in the root of some directories ======= 2016-06-23 20:20 - 2016-08-18 02:17 - 0007620 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg 2016-06-27 20:07 - 2016-06-27 20:07 - 0000259 _____ () C:\ProgramData\fontcacheev1.dat Files to move or delete: ==================== C:\ProgramData\fontcacheev1.dat ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-19 12:12 ==================== End of FRST.txt ============================
  2. Не, аз нищо не съм добавял. А ето и линковете от сканиранията: https://www.virustotal.com/bg/file/b3b9c364aedb3a31d9842ba126263d58d17596b89b9d188a8308f1c3f5149f6e/analysis/1471891389/ https://www.virustotal.com/bg/file/25284cae27071fa4391765862a81f9bdfc5398abf4ccf4e2df5b0972cfe66e72/analysis/1471891446/
  3. Здравейте! От известно време забелязвам нещо странно, което се случва средно 2-3 пъти на ден. Докато пиша нещо на компютъра (било то в сайт или в документ), в един момент все едно съм натиснал някъде и трябва пак да кликна с мишката, за да продължа да пиша. Съмнявам се за троянски кон или нещо подобно, а на компютъра ми има ценни файлове и не искам да се случи нещо с тях. Addition.txt е прикачен. Ето какво ми излезе от FRST.txt : Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:Addition.txt 21-08-2016 01 Ran by Home (administrator) on USER (22-08-2016 16:23:03) Running from C:\Users\Home\Desktop Loaded Profiles: Home (Available Profiles: Home) Platform: Windows 8.1 Pro (Update) (X64) Language: Български (България) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (LolBoT.) C:\Users\Home\Desktop\Spam BoT v1.6.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe (CyberGhost S.R.L.) C:\Program Files\CyberGhost 6\CyberGhost.exe (The OpenVPN Project) C:\Program Files\CyberGhost 6\Data\OpenVPN\openvpn.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Home\Desktop\FRST64 (1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1156656 2016-08-18] (CyberGhost S.R.L.) HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-07-19] (SUPERAntiSpyware) HKU\S-1-5-21-340910651-1706132204-2474600806-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 217.18.241.110 62.221.132.218 Tcpip\..\Interfaces\{A5B8694A-AE79-46DB-880E-D71D678D76AD}: [DhcpNameServer] 194.187.251.67 185.93.180.131 38.132.106.139 Tcpip\..\Interfaces\{F0633EB8-7F25-4AC3-B3AF-52B66A40127F}: [NameServer] 194.187.251.67,185.93.180.131 Tcpip\..\Interfaces\{F0633EB8-7F25-4AC3-B3AF-52B66A40127F}: [DhcpNameServer] 217.18.241.110 62.221.132.218 Internet Explorer: ================== HKU\S-1-5-21-340910651-1706132204-2474600806-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.bg/ SearchScopes: HKU\S-1-5-21-340910651-1706132204-2474600806-1001 -> DefaultScope {E6A0ADEC-9673-4D7B-AAF9-A6CD68FBC2DD} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-340910651-1706132204-2474600806-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-340910651-1706132204-2474600806-1001 -> {E6A0ADEC-9673-4D7B-AAF9-A6CD68FBC2DD} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\9c9lz5ps.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-11-29] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-11-29] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.) FF Extension: AdBlocker Ultimate - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\9c9lz5ps.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-07-02] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.bg/ CHR StartupUrls: Default -> "hxxps://www.google.bg/" CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Презентации) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-11] CHR Extension: (Google Документи) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-11] CHR Extension: (Google Диск) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-11] CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-08] CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-11] CHR Extension: (Google Търсене) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-11] CHR Extension: (Електронни таблици от Google) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-11] CHR Extension: (Google Документи офлайн) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-28] CHR Extension: (goo.gl URL Shortener) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2016-01-11] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-11] CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18] Opera: ======= StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com) R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [71728 2016-08-18] (CyberGhost S.R.L) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2541192 2016-06-23] (ESET) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164736 2012-11-29] (Intel Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4192344 2016-03-09] (INCA Internet Co., Ltd.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2015-05-29] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263336 2016-06-23] (ESET) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET) S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15488 2016-06-23] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [197288 2016-06-23] (ESET) R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [181416 2016-06-23] (ESET) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [119712 2016-06-16] (Oracle Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) U4 ekbdflt; \SystemRoot\system32\DRIVERS\ekbdflt.sys [X] U4 epfw; \SystemRoot\system32\DRIVERS\epfw.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-22 16:23 - 2016-08-22 16:23 - 00015571 _____ C:\Users\Home\Desktop\FRST.txt 2016-08-22 16:22 - 2016-08-22 16:22 - 02396672 _____ (Farbar) C:\Users\Home\Desktop\FRST64 (1).exe 2016-08-19 23:42 - 2016-08-19 23:43 - 00000000 ____D C:\Users\Home\AppData\Local\CyberGhost 2016-08-19 23:40 - 2016-08-20 05:57 - 00001744 _____ C:\Users\Home\Desktop\CyberGhost 6.lnk 2016-08-19 23:40 - 2016-08-19 23:42 - 00000000 ____D C:\Program Files\TAP-Windows 2016-08-19 23:40 - 2016-08-19 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6 2016-08-19 21:41 - 2013-08-22 16:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160819-214126.backup 2016-08-19 21:35 - 2016-08-19 21:35 - 00000000 ____D C:\Program Files\Common Files\AV 2016-08-19 21:35 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe 2016-08-19 21:33 - 2016-08-19 22:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-08-19 21:33 - 2016-08-19 22:05 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-08-19 21:33 - 2016-08-19 21:33 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2016-08-19 21:33 - 2016-08-19 21:33 - 00001391 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2016-08-19 21:33 - 2016-08-19 21:33 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2016-08-19 21:33 - 2016-08-19 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2016-08-19 21:33 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2016-08-12 23:13 - 2016-08-12 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2016-08-12 23:13 - 2016-08-12 23:13 - 00000000 ____D C:\ProgramData\ESET 2016-08-12 22:53 - 2016-08-12 22:53 - 00000000 ____D C:\Users\Home\AppData\Local\ESET 2016-08-12 19:11 - 2016-08-22 16:23 - 00000000 ____D C:\FRST 2016-08-12 18:52 - 2016-08-12 19:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2016-08-12 18:48 - 2016-08-12 18:48 - 00000000 ____D C:\Users\Home\AppData\Local\PackageAware 2016-08-12 18:48 - 2016-08-12 18:48 - 00000000 ____D C:\ProgramData\Webroot 2016-08-10 23:04 - 2016-08-10 23:35 - 00135698 _____ C:\Windows\ntbtlog.txt 2016-08-10 22:54 - 2016-08-10 23:04 - 00000000 ____D C:\Users\Home\AppData\Local\FSDART 2016-08-10 22:54 - 2016-08-10 22:56 - 00000000 ____D C:\ProgramData\F-Secure 2016-08-10 22:54 - 2016-08-10 22:54 - 00000000 ____D C:\Users\Home\AppData\Local\F-Secure 2016-08-10 22:39 - 2016-08-22 14:39 - 00000518 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e948b6d5-3326-404d-a121-aaf5de858a09.job 2016-08-10 22:39 - 2016-08-10 22:39 - 00003480 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e948b6d5-3326-404d-a121-aaf5de858a09 2016-08-10 22:39 - 2016-08-10 22:39 - 00000000 ____D C:\Users\Home\AppData\Roaming\SUPERAntiSpyware.com 2016-08-10 22:38 - 2016-08-10 22:39 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2016-08-10 22:38 - 2016-08-10 22:38 - 00001780 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2016-08-10 22:38 - 2016-08-10 22:38 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2016-08-10 22:38 - 2016-08-10 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2016-08-10 13:50 - 2016-08-02 09:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-08-10 13:50 - 2016-08-02 09:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-08-10 13:50 - 2016-08-02 09:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-08-10 13:50 - 2016-08-02 09:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-08-10 13:50 - 2016-08-02 09:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-08-10 13:50 - 2016-08-02 09:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-08-10 13:50 - 2016-08-02 08:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-08-10 13:50 - 2016-08-02 08:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-08-10 13:50 - 2016-08-02 08:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-08-10 13:50 - 2016-08-02 08:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-08-10 13:50 - 2016-08-02 08:46 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-08-10 13:50 - 2016-08-02 08:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-08-10 13:50 - 2016-08-02 08:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-08-10 13:50 - 2016-08-02 08:39 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-08-10 13:50 - 2016-08-02 08:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-08-10 13:50 - 2016-08-02 08:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-08-10 13:50 - 2016-08-02 08:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-08-10 13:50 - 2016-08-02 08:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-08-10 13:50 - 2016-08-02 08:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-08-10 13:50 - 2016-08-02 08:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-08-10 13:50 - 2016-08-02 08:20 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-08-10 13:50 - 2016-08-02 08:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-08-10 13:50 - 2016-08-02 08:15 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-08-10 13:50 - 2016-08-02 08:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-08-10 13:50 - 2016-08-02 08:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-08-10 13:50 - 2016-08-02 08:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-08-10 13:50 - 2016-08-02 07:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-08-10 13:50 - 2016-08-02 07:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-08-10 13:50 - 2016-08-02 07:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-08-10 13:50 - 2016-08-02 07:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-08-10 13:50 - 2016-07-08 17:18 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-08-10 13:48 - 2016-07-12 17:08 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll 2016-08-10 13:48 - 2016-07-09 03:09 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-08-10 13:48 - 2016-07-09 03:08 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-08-10 13:48 - 2016-07-08 17:32 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2016-08-10 13:48 - 2016-07-08 17:25 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2016-08-10 13:48 - 2016-07-08 17:22 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-08-10 13:48 - 2016-07-08 17:19 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll 2016-08-10 13:48 - 2016-07-08 17:17 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll 2016-08-10 13:48 - 2016-07-08 01:33 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-08-10 13:48 - 2016-07-08 00:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-08-10 13:48 - 2016-07-07 23:06 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-08-10 13:48 - 2016-07-06 17:26 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2016-08-10 13:48 - 2016-07-06 17:26 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll 2016-08-10 13:48 - 2016-07-06 17:23 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll 2016-08-10 13:48 - 2016-07-06 17:21 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2016-07-31 12:03 - 2016-08-04 00:14 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-07-31 12:03 - 2016-08-04 00:14 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-07-31 12:02 - 2016-08-22 16:12 - 00001016 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-31 12:02 - 2016-08-22 12:12 - 00001012 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-31 12:02 - 2016-07-31 12:07 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-28 04:44 - 2016-03-09 13:51 - 04192344 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des 2016-07-28 04:43 - 2016-07-28 04:43 - 00000000 ____D C:\Program Files\Common Files\INCA Shared 2016-07-28 04:43 - 2004-12-30 15:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys 2016-07-28 04:43 - 2003-07-16 00:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd 2016-07-28 04:36 - 2016-07-28 04:36 - 00000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webzen 2016-07-28 04:21 - 2016-07-28 04:27 - 00000000 ____D C:\ProgramData\WEBZEN ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-22 15:44 - 2016-01-11 17:43 - 00000000 ____D C:\Users\Home\AppData\Local\ClassicShell 2016-08-22 15:25 - 2016-01-11 17:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-08-22 13:19 - 2016-01-11 17:28 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{00D94D0E-AC24-41C8-A8A1-1ECCB56AC88E} 2016-08-22 01:13 - 2016-01-11 17:40 - 00000284 _____ C:\Windows\Tasks\AutoKMS.job 2016-08-21 23:08 - 2016-01-11 17:24 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-340910651-1706132204-2474600806-1001 2016-08-21 05:47 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Inf 2016-08-21 03:53 - 2016-01-14 22:43 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-08-21 02:21 - 2016-01-11 20:55 - 09648128 ___SH C:\Users\Home\Desktop\Thumbs.db 2016-08-21 02:07 - 2016-04-10 01:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-08-21 02:05 - 2016-01-12 19:12 - 00047512 _____ C:\Windows\system32\perfh002.dat 2016-08-21 02:05 - 2016-01-12 19:12 - 00011800 _____ C:\Windows\system32\perfc002.dat 2016-08-21 02:05 - 2014-03-18 18:45 - 00907186 _____ C:\Windows\system32\PerfStringBackup.INI 2016-08-19 23:43 - 2016-07-11 13:25 - 00000000 ____D C:\Program Files\CyberGhost 6 2016-08-19 17:51 - 2016-01-11 17:27 - 00000000 ____D C:\Users\Home\AppData\Local\Google 2016-08-18 03:55 - 2016-01-11 17:44 - 00000000 __SHD C:\Users\Home\IntelGraphicsProfiles 2016-08-18 03:55 - 2013-08-22 17:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-08-18 02:17 - 2016-06-23 20:20 - 00007620 _____ C:\Users\Home\AppData\Local\Resmon.ResmonCfg 2016-08-18 01:00 - 2016-01-12 18:23 - 00000000 ____D C:\Users\Home\AppData\Local\ElevatedDiagnostics 2016-08-17 15:33 - 2013-08-22 18:20 - 00000000 ____D C:\Windows\CbsTemp 2016-08-12 23:58 - 2016-01-12 01:22 - 00000000 ____D C:\Users\Home\AppData\Roaming\vlc 2016-08-12 23:13 - 2016-01-11 17:41 - 00000000 ____D C:\Program Files\ESET 2016-08-12 23:07 - 2016-01-11 17:17 - 00000000 ____D C:\Program Files\KMSpico 2016-08-12 20:25 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\AppReadiness 2016-08-12 19:45 - 2016-01-11 20:27 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-08-12 19:27 - 2016-04-16 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-08-11 16:48 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\rescache 2016-08-10 15:55 - 2013-08-22 17:44 - 00483920 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-10 15:54 - 2013-08-22 16:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-08-10 15:52 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\LiveKernelReports 2016-08-10 15:50 - 2013-08-22 18:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-08-10 15:44 - 2016-01-11 20:27 - 00000000 ____D C:\Windows\system32\MRT 2016-08-10 15:37 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\SecureBootUpdates 2016-08-10 13:46 - 2016-06-24 21:45 - 00563024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-08-10 13:46 - 2016-06-24 21:45 - 00397232 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2016-08-10 13:46 - 2016-06-24 21:45 - 00340880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2016-08-10 13:46 - 2016-06-24 21:45 - 00178016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-08-07 21:24 - 2016-05-12 16:40 - 00000000 ____D C:\Program Files\CyberGhost 5 2016-08-07 18:08 - 2016-01-11 17:18 - 00000000 ____D C:\Users\Home\AppData\Local\Packages 2016-08-05 14:24 - 2013-08-22 18:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2016-07-31 12:07 - 2016-01-11 17:26 - 00003988 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-31 12:02 - 2016-01-11 17:26 - 00000000 ____D C:\Program Files (x86)\Google 2016-07-31 02:18 - 2014-03-18 18:17 - 00000000 ____D C:\Windows\ShellNew 2016-07-28 08:07 - 2016-01-11 17:38 - 00000000 ____D C:\Users\Home\AppData\Roaming\uTorrent 2016-07-28 04:41 - 2016-01-11 17:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-07-27 22:25 - 2016-01-11 19:56 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-07-23 07:07 - 2016-01-11 17:45 - 00000000 ____D C:\Users\Home\AppData\Roaming\Skype 2016-07-23 07:01 - 2016-01-11 17:32 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-07-23 07:01 - 2016-01-11 17:32 - 00000000 ____D C:\ProgramData\Skype ==================== Files in the root of some directories ======= 2016-06-23 20:20 - 2016-08-18 02:17 - 0007620 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg 2016-06-27 20:07 - 2016-06-27 20:07 - 0000259 _____ () C:\ProgramData\fontcacheev1.dat Files to move or delete: ==================== C:\ProgramData\fontcacheev1.dat ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-19 12:12 ==================== End of FRST.txt ============================
  4. Здравейте! Изтеглих си тази програмата VirtualBox, създадох една ОС Windows 7 и сега трябва да поставя CD, за да инсталирам Windows 7 на нея. Доколкото схванах, трябва да си намеря ОС Windows 7. Потърсих в Замунда и намерих ето това - Доколко е вероятно да има вируси в него, виждам, че много хора са доволни от торента? Ако го изтегля, после трябва да го съхраня на CD или USB, а след това да задам на виртуалната машина да си инсталира файла от CD/USB носителя, на който съм го инсталирал. Правилно ли съм разбрал и няма ли да ми иска ключ, за да се инсталира Windows 7?
  5. Проблем с Microsoft .NET Framework 3.5

    Разреших проблема вече, моля, темата ми да бъде заключена.
  6. Здравейте! Когато опитам да инсталирам тази програма, ми изписва: "Хранилището на компоненти е повредено". Прочетох другата тема "Проблем с Microsoft Netframework 3.5" и изпълних стъпките, указани там. От Command Prompt обаче процесът е завършен на 65% и пак ми изписва, че хранилището на компоненти е повредено. Имате ли някаква идея как да разреша проблема?
  7. Използвах DelFix, но за съжаление не успях да копирам лог файла. Прочетох препоръките и инсталирах приставките за Chrome. Много благодаря за помощта, желая ви лек ден и всичко най - добро.
  8. Изпълних стъпките и прикачих логовете от AdwCleaner и Junkware Removal Tool . Копирам лога от Malwarebytes Anti -Malware, която вече ми беше инсталирана : Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 29.8.2015 г. Scan Time: 10:00 Logfile: Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.08.29.01 Rootkit Database: v2015.08.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: User Scan Type: Threat Scan Result: Completed Objects Scanned: 387527 Time Elapsed: 11 min, 18 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) AdwCleanerC2.txt JRT.txt
  9. В момента не се случва нищо особено, просто преди половин час започнаха да се отварят произволни програми и това продължи известно време. В момента системата работи нормално, може би е бил временен бъг или нещо такова, щом няма заразени файлове.
  10. Това е съдържанието на лог файла: ~ ZHPCleaner v2015.8.28.334 by Nicolas Coolman (2015/08/28) ~ Run by User (Administrator) (29/08/2015 09:26:43) ~ Site : http://www.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Scan ~ Report : C:\Users\User\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 8.1 Pro with Media Center, 64-bit (Build 9600) ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (1) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (0) ~ No malicious or unnecessary items found. ---\\ Registry ( Key, Value, Data) (0) ~ No malicious or unnecessary items found. ---\\ Result of repair ~ Any repair made ---\\ Statistics ~ Items scanned : 75026 ~ Items found : 0 ~ Items cancelled : 0 ~ Items repaired : 0 ~ End of search in 2 minutes =================== ZHPCleaner--29082015-09_29_13.txt
  11. Здравейте! Ще мина направо на проблема. Работех на компютъра, когато изведнъж започнаха да се отварят много програми, снимки и файлове на компютъра, като нямах контрол върху това. Впоследствие, след като ми се отвориха куп приложения и програми, започнах да ги затварям, но мисля, че има някакъв вирус. Сканирах с ESET NOD32, но не откри нищо. Ето го съдържанието на FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-08-2015 Ran by User (administrator) on LENOVO (29-08-2015 08:12:37) Running from C:\Users\User\Downloads Loaded Profiles: User (Available Profiles: User & Guest) Platform: Windows 8.1 Pro with Media Center (X64) Language: Английски (Съединени щати) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe () C:\Windows\KMS\KMS.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe () C:\Windows\SysWOW64\UMonit64.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\User\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET) HKLM\...\Run: [uMonit] => C:\Windows\SysWOW64\UMonit64.exe [53832 2015-07-09] () Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-1611342053-2374661022-27415533-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-16] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1611342053-2374661022-27415533-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-27] (Skype Technologies) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 217.18.241.110 62.221.132.218 Tcpip\..\Interfaces\{A879F9C3-F467-4C8F-8494-4D8E50A7B7F9}: [DhcpNameServer] 217.18.241.110 62.221.132.218 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n9e7xznq.default FF Homepage: hxxps://www.google.bg FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-03-12] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-11-29] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-11-29] (Intel Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) FF Extension: Download YouTube Videos as MP4 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n9e7xznq.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-12-25] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-05-12] Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-13] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-13] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-13] CHR Extension: (Download Chrome Extension, software and apps.) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaiecaipbfijlkohjkceigckpmdmgob [2015-01-11] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-13] CHR Extension: (Bookmarks Menu) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi [2015-01-11] CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-12] CHR Extension: (goo.gl URL Shortener) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2015-08-29] CHR Extension: (Bookmarks) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljcgggmjhkegncpcaffddonfhpnfocdk [2015-01-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-13] CHR Extension: (Neater Bookmarks) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2015-01-11] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-13] Opera: ======= StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET) R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [244392 2015-04-10] (Foxit Software Inc.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [164736 2012-11-29] (Intel Corporation) R2 KMS; C:\Windows\KMS\KMS.exe [32256 2014-01-04] () [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-12] (Disc Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET) R3 GeneStor; C:\Windows\system32\DRIVERS\GeneStor.sys [115704 2015-07-09] (GenesysLogic) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 WinDivert1.1; C:\Windows\KMS\WinDivert.sys [35376 2013-12-03] (Basil Projects) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-29 08:12 - 2015-08-29 08:13 - 00012268 _____ C:\Users\User\Downloads\FRST.txt 2015-08-29 08:11 - 2015-08-29 08:11 - 02186752 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2015-08-29 08:11 - 2015-08-29 08:11 - 02186752 _____ (Farbar) C:\Users\User\Downloads\FRST64 (1).exe 2015-08-29 04:35 - 2015-08-29 07:40 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e1fba5e5706.job 2015-08-29 04:35 - 2015-08-29 04:35 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0e1fba5e5706 2015-08-21 23:53 - 2015-08-22 01:24 - 00000000 __SHD C:\Recovery 2015-08-21 23:43 - 2015-08-21 23:43 - 00008192 _____ C:\Windows\system32\config\userdiff 2015-08-21 14:35 - 2015-07-22 17:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-08-21 14:35 - 2015-07-22 16:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-08-21 14:35 - 2015-07-17 17:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-08-21 14:35 - 2015-07-17 17:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-08-21 14:35 - 2015-07-14 06:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe 2015-08-21 14:35 - 2015-07-13 22:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml 2015-08-21 14:35 - 2015-07-09 19:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-08-21 14:35 - 2015-07-04 00:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-08-21 14:35 - 2015-07-03 17:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-08-21 14:35 - 2015-06-27 14:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-08-21 14:35 - 2015-06-19 20:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2015-08-21 14:14 - 2015-08-21 14:14 - 00000000 ____D C:\$SysReset 2015-08-21 12:33 - 2015-08-21 13:14 - 00013338 _____ C:\Windows\diagwrn.xml 2015-08-21 12:33 - 2015-08-21 13:14 - 00013338 _____ C:\Windows\diagerr.xml 2015-08-21 12:33 - 2015-08-21 13:11 - 00006558 _____ C:\Windows\comsetup.log 2015-08-20 02:43 - 2015-08-11 04:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-20 02:43 - 2015-08-11 03:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-08-14 05:14 - 2015-07-30 17:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-14 05:14 - 2015-07-30 16:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 06:19 - 2015-07-16 22:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-12 06:18 - 2015-07-16 23:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-12 06:18 - 2015-07-16 23:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-12 06:18 - 2015-07-16 23:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-12 06:18 - 2015-07-16 23:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-12 06:18 - 2015-07-16 23:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-12 06:18 - 2015-07-16 23:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-12 06:18 - 2015-07-16 22:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-08-12 06:18 - 2015-07-16 22:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-08-12 06:18 - 2015-07-16 22:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-08-12 06:18 - 2015-07-16 22:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-08-12 06:18 - 2015-07-16 22:45 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-08-12 06:18 - 2015-07-16 22:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-08-12 06:18 - 2015-07-16 22:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-08-12 06:18 - 2015-07-16 22:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-08-12 06:18 - 2015-07-16 22:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-12 06:18 - 2015-07-16 22:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-12 06:18 - 2015-07-16 22:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-08-12 06:18 - 2015-07-16 22:13 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-08-12 06:18 - 2015-07-16 22:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-08-12 06:18 - 2015-07-16 22:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-12 06:18 - 2015-07-16 22:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-08-12 06:18 - 2015-07-16 22:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-08-12 06:18 - 2015-07-16 22:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-12 06:18 - 2015-07-16 21:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-08-12 06:18 - 2015-07-16 21:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-08-12 06:18 - 2015-07-16 21:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-08-12 06:18 - 2015-07-16 21:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-08-12 06:18 - 2015-07-16 21:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-08-12 06:17 - 2015-07-29 17:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-12 06:17 - 2015-07-29 17:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-12 06:17 - 2015-07-29 17:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-08-12 06:17 - 2015-07-24 21:57 - 04177408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-12 06:17 - 2015-07-24 21:57 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-12 06:17 - 2015-07-24 21:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-12 06:17 - 2015-07-24 20:27 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-08-12 06:17 - 2015-07-24 20:23 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-08-12 06:17 - 2015-07-16 03:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-12 06:17 - 2015-07-16 03:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-12 06:17 - 2015-07-16 03:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-12 06:17 - 2015-07-16 03:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-08-12 06:17 - 2015-07-14 06:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-12 06:17 - 2015-07-14 06:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-08-12 06:17 - 2015-07-13 22:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-12 06:17 - 2015-07-13 22:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-12 06:17 - 2015-07-10 21:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-08-12 06:17 - 2015-07-10 20:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-08-12 06:17 - 2015-07-10 20:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-12 06:17 - 2015-07-10 20:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-08-12 06:17 - 2015-07-10 20:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-12 06:17 - 2015-07-10 19:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-08-12 06:17 - 2015-07-10 19:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-08-12 06:17 - 2015-07-09 20:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-12 06:17 - 2015-07-09 20:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-12 06:17 - 2015-07-09 19:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe 2015-08-12 06:17 - 2015-07-07 12:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2015-08-12 06:17 - 2015-07-07 12:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2015-08-12 06:17 - 2015-07-07 12:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2015-08-12 06:17 - 2015-07-02 01:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-12 06:17 - 2015-07-02 01:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-08-12 06:17 - 2015-07-02 00:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-08-12 06:17 - 2015-07-02 00:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2015-08-12 06:17 - 2015-02-03 02:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2015-08-12 06:17 - 2015-02-03 02:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2015-08-12 06:17 - 2014-10-29 05:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-08-12 06:17 - 2014-10-29 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-08-12 00:42 - 2015-08-12 00:42 - 09284296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-08-11 06:43 - 2015-08-11 06:43 - 01047295 _____ C:\Users\User\Downloads\technologichen_predpriemachestvo_biznes (1).zip 2015-08-11 06:41 - 2015-08-11 06:41 - 01047295 _____ C:\Users\User\Downloads\technologichen_predpriemachestvo_biznes.zip 2015-08-07 02:47 - 2015-08-16 07:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-05 18:44 - 2015-08-22 01:20 - 00000000 ____D C:\Windows\SysWOW64\sda 2015-08-05 18:44 - 2015-08-05 18:44 - 00000000 ____D C:\Program Files (x86)\Genesyslogic 2015-08-05 18:44 - 2015-07-09 08:47 - 05632512 _____ (Genesys) C:\Windows\system32\GeneIcon.dll 2015-08-05 18:44 - 2015-07-09 08:47 - 00238080 _____ () C:\Windows\SysWOW64\ustor.dll 2015-08-05 18:44 - 2015-07-09 08:47 - 00053832 _____ () C:\Windows\SysWOW64\UMonit64.exe 2015-08-05 18:41 - 2015-07-29 02:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-08-05 18:41 - 2015-07-28 17:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-08-05 18:41 - 2015-07-28 17:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-08-05 18:41 - 2015-07-28 17:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-08-05 18:41 - 2015-07-28 17:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-08-05 18:41 - 2015-07-28 17:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-08-05 18:41 - 2015-07-28 17:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-08-05 18:41 - 2015-07-19 04:58 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-08-05 18:41 - 2015-07-18 21:51 - 03704320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-08-05 18:41 - 2015-07-18 21:31 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-08-05 18:41 - 2015-07-18 21:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-08-05 18:41 - 2015-07-18 21:31 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-08-05 18:41 - 2015-07-18 21:29 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-08-05 18:41 - 2015-07-18 21:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-08-05 18:41 - 2015-07-18 21:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-08-05 18:41 - 2015-07-18 21:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-08-05 18:41 - 2015-07-18 21:12 - 02228736 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-08-05 18:41 - 2015-07-18 21:10 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-08-05 18:41 - 2015-07-18 21:09 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-08-05 18:41 - 2015-06-12 20:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2015-08-05 18:41 - 2015-06-12 19:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2015-08-05 18:40 - 2015-07-15 00:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-08-05 18:40 - 2015-07-15 00:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll 2015-08-05 18:40 - 2015-07-15 00:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll 2015-08-05 18:40 - 2015-06-11 23:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2015-08-05 18:40 - 2015-06-11 23:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2015-08-04 20:57 - 2015-08-22 01:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2015-08-04 20:56 - 2015-08-04 20:56 - 00000000 ____D C:\Program Files\McAfee Security Scan 2015-08-04 04:49 - 2015-08-04 04:50 - 00000000 ____D C:\Program Files (x86)\XeroBank 2015-08-04 04:48 - 2015-08-04 04:48 - 10730117 _____ (XeroBank) C:\Users\User\Downloads\XeroBank Browser 3.9.8.29 (kaldata.com).exe 2015-08-02 19:28 - 2015-08-02 19:28 - 00026375 _____ C:\Users\User\Downloads\Математика I%2C 29 март 2015.xlsx 2015-07-30 08:59 - 2015-07-30 08:59 - 02591236 _____ C:\Users\User\Desktop\ПАЛОМА - ШАРК.dib ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-29 08:12 - 2015-01-19 16:16 - 00000000 ____D C:\FRST 2015-08-29 08:00 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\sru 2015-08-29 07:56 - 2014-05-12 18:15 - 00000000 ____D C:\Users\User\AppData\Roaming\ClassicShell 2015-08-29 07:44 - 2015-02-04 00:34 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d03ff922a7a34c.job 2015-08-29 07:42 - 2014-05-12 18:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-29 07:39 - 2014-05-12 18:08 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-29 06:03 - 2014-08-30 14:36 - 04766208 ___SH C:\Users\User\Desktop\Thumbs.db 2015-08-29 05:58 - 2015-02-15 19:22 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-29 05:38 - 2014-05-12 18:05 - 00003770 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{175BAB15-2D37-4298-82FA-3106785859DE} 2015-08-29 05:27 - 2015-04-16 16:48 - 00000000 ____D C:\Users\User\Desktop\MS Word 2015-08-29 04:35 - 2015-07-16 10:39 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0bf9a8cb20a0e 2015-08-29 04:35 - 2015-07-16 10:39 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf9a8cb20a0e.job 2015-08-29 04:35 - 2014-05-12 18:08 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-29 04:35 - 2014-05-12 18:08 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-29 00:50 - 2014-05-13 09:02 - 01517937 _____ C:\Windows\WindowsUpdate.log 2015-08-28 17:19 - 2014-05-13 14:56 - 00000000 __RDO C:\Users\User\SkyDrive 2015-08-28 17:19 - 2013-08-22 17:46 - 00030025 _____ C:\Windows\setupact.log 2015-08-28 17:19 - 2013-08-22 17:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-28 07:05 - 2013-08-22 16:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-08-27 09:20 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\AppReadiness 2015-08-22 01:20 - 2015-02-15 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-08-22 01:20 - 2015-01-18 14:18 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-22 01:20 - 2015-01-18 14:18 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-08-22 01:20 - 2015-01-18 14:18 - 00000000 ____D C:\Users\Guest 2015-08-22 01:20 - 2014-09-27 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2015-08-22 01:20 - 2014-05-12 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2015-08-22 01:20 - 2014-05-12 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-08-22 01:20 - 2014-05-12 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-08-22 01:20 - 2014-05-12 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2015-08-22 01:20 - 2014-05-12 18:14 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer 2015-08-22 01:20 - 2014-05-12 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-08-22 01:20 - 2014-05-12 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-08-22 01:20 - 2014-05-12 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2015-08-22 01:20 - 2014-05-12 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 2015-08-22 01:20 - 2014-05-12 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2015-08-22 01:20 - 2014-05-12 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn 2015-08-22 01:20 - 2014-05-12 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player 2015-08-22 01:20 - 2014-05-12 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3 2015-08-22 01:20 - 2014-05-12 18:09 - 00000000 ____D C:\Program Files\Classic Shell 2015-08-22 01:20 - 2014-05-12 18:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-08-22 01:20 - 2014-05-12 18:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-08-22 01:20 - 2014-05-12 18:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-08-22 01:20 - 2014-05-12 18:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-08-22 01:20 - 2014-05-12 18:07 - 00000000 ____D C:\Program Files\Intel 2015-08-22 01:20 - 2013-08-22 22:11 - 00000000 ____D C:\Windows\ShellNew 2015-08-22 01:20 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\spool 2015-08-22 01:20 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\Recovery 2015-08-22 01:20 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\NDF 2015-08-22 01:20 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\MediaViewer 2015-08-22 01:20 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\IME 2015-08-22 01:20 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\Help 2015-08-22 01:20 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-08-22 01:20 - 2013-08-22 17:45 - 00000000 ____D C:\Windows\Setup 2015-08-22 01:20 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\oobe 2015-08-21 20:07 - 2014-05-12 18:09 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1611342053-2374661022-27415533-1001 2015-08-21 14:36 - 2013-08-22 18:20 - 00000000 ____D C:\Windows\CbsTemp 2015-08-21 14:35 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\SysWOW64\bg-BG 2015-08-21 14:35 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\bg-BG 2015-08-21 14:27 - 2015-07-10 16:39 - 00000000 ___HD C:\$Windows.~BT 2015-08-21 13:17 - 2014-06-11 14:29 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2015-08-21 13:11 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\Registration 2015-08-21 13:06 - 2015-03-08 04:28 - 00003416 _____ C:\Windows\System32\Tasks\{7AC04609-D889-4DE3-ABAD-F45D9E39A2F5} 2015-08-21 13:06 - 2015-02-04 00:34 - 00004002 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d03ff922a7a34c 2015-08-21 13:06 - 2015-01-19 20:18 - 00002930 _____ C:\Windows\System32\Tasks\McAfee Cleanup 2015-08-21 13:06 - 2014-05-12 18:23 - 00002880 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-08-21 13:06 - 2014-05-12 18:13 - 00003828 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-08-21 13:06 - 2014-05-12 18:08 - 00004002 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-21 12:35 - 2013-08-22 18:37 - 00002432 _____ C:\Windows\DtcInstall.log 2015-08-21 12:35 - 2013-08-22 16:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-08-21 12:33 - 2014-05-13 10:00 - 00000000 ____D C:\Windows\Panther 2015-08-21 02:54 - 2014-05-12 18:08 - 00002273 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-08-18 15:28 - 2015-04-16 16:54 - 00000000 ____D C:\Users\User\Desktop\Camera 2015-08-18 13:19 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\rescache 2015-08-18 12:09 - 2014-05-12 18:10 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-16 07:26 - 2013-08-22 17:44 - 00483952 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-16 07:25 - 2014-05-13 09:00 - 00030004 _____ C:\Windows\PFRO.log 2015-08-16 07:25 - 2014-05-12 18:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-16 07:24 - 2013-08-22 18:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-16 07:24 - 2013-08-22 18:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-16 07:24 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files\Windows Defender 2015-08-16 07:24 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-08-14 05:14 - 2014-05-14 14:33 - 00000000 ____D C:\Windows\system32\MRT 2015-08-14 05:09 - 2014-05-14 14:33 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-14 05:08 - 2013-08-22 18:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-08-14 05:08 - 2013-08-22 18:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-08-12 23:26 - 2014-10-15 19:07 - 00000000 ____D C:\Users\User\AppData\Local\Adobe 2015-08-08 16:55 - 2013-08-22 18:38 - 00794088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-08-08 16:55 - 2013-08-22 18:38 - 00179688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-06 14:48 - 2014-05-12 18:03 - 00000000 ____D C:\Users\User\AppData\Local\Packages 2015-08-05 18:42 - 2014-12-11 18:13 - 00000000 ____D C:\Windows\system32\appraiser 2015-08-05 18:42 - 2014-07-09 13:18 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-08-04 20:57 - 2014-06-16 20:56 - 00001950 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2015-08-04 20:56 - 2014-06-16 20:56 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2015-07-30 04:38 - 2015-02-15 19:22 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-07-30 04:38 - 2015-02-15 19:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware ==================== Files in the root of some directories ======= 2015-04-27 00:22 - 2015-06-09 02:26 - 0006144 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some files in TEMP: ==================== C:\Users\User\AppData\Local\Temp\ExPromo.exe C:\Users\User\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\User\AppData\Local\Temp\InstHelper.exe C:\Users\User\AppData\Local\Temp\NSISPromotionEx.dll C:\Users\User\AppData\Local\Temp\Quarantine.exe C:\Users\User\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-21 20:07 ==================== End of FRST.txt ============================ Addition.txt
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.