Премини към съдържанието

stefarata

Потребител
  • Публикации

    92
  • Регистрация

  • Последно онлайн

Харесвания

5 Неутрална репутация

Всичко за stefarata

  • Титла
    Редовен потребител
  • Рожден ден 5.03.1987

Информация

  • Пол
    Мъж
  1. stefarata

    Матрица за лаптоп

    Остават: 6 дни и 2 часа

    • КУПУВАМ
    • БЕЗ ЗНАЧЕНИЕ
    Купувам матрица за лаптоп B156XW02 V2 от lenovo z575

    без цена

  2. stefarata

    Redmi note 3 pro- проблем с обхвата Telenor

    Написъл съм , че не се влияе от режимите.
  3. stefarata

    Redmi note 3 pro- проблем с обхвата Telenor

    Без значение от мястото. Сега ме посъветваха да пробвам с друга теленорска карта как ще е . Довечера ще правя тестове
  4. Телефонът като че ли не се харесва с Теленор. С други оператори всичко е наред. В момента в който му сложа картата на теленор почват мзерии- губи обхват, едвам се провеждат разговори , а понякога е и невъзможно. Това е на 3g, 4g, 2g. Сменихме сим картата - същата работа. Със стоков глобален ром е , не е отключван или пипан софтуера. Някакви идеи от какво може да е? От оператора казват, че не е от тях
  5. stefarata

    криптирани файлове .odin

    # AdwCleaner 7.0.2.1 - Logfile created on Mon Sep 11 11:29:58 2017 # Updated on 2017/29/08 by Malwarebytes # Running on Windows 7 Ultimate (X86) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Program Files\DriverToolkit Deleted: C:\Users\11\AppData\Local\DriverToolkit ***** [ Files ] ***** Deleted: C:\Users\11\Desktop\Goodgame Empire.lnk Deleted: C:\END ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: DRIVERTOOLKIT AUTORUN ***** [ Registry ] ***** Deleted: [Key] - HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\Software\DriverToolkit Deleted: [Key] - HKCU\Software\DriverToolkit Deleted: [Key] - HKLM\SOFTWARE\Reimage ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [1300 B] - [2017/9/11 11:29:27] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
  6. stefarata

    криптирани файлове .odin

    Malwarebytes Anti-Malware www.malwarebytes.org Дата на сканиране: 22.8.2017 г. Час на сканиране: 12:16 ч. Дневник: Администратор: Да Версия: 2.2.1.1043 База от данни за злонамерен софтуер: v2017.08.22.03 База от данни за рууткити: v2017.08.02.01 Лиценз: Безплатен Защита от злонамерен софтуер: Забранено Защита от злонамерени страници: Забранено Самозащита: Забранено ОС: Windows 7 Service Pack 1 Процесор: x86 Файлова система: NTFS Потребител: 11 Тип сканиране: Сканиране за заплахи Резултат: Завършено Сканиране обекти: 211283 Изминало време: 6 мин. 47 сек. Памет: Разрешено Начално стартиране: Разрешено Файлова система: Разрешено Архиви: Разрешено Рууткити: Разрешено Евристика: Разрешено ПНП: Разрешено ПНИ: Разрешено Процеси: 0 (Не бяха открити злонамерени обекти) Модули: 0 (Не бяха открити злонамерени обекти) Ключове в системния регистър: 15 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Поставен под карантина, [c19a40508d1c92a462e637047e82d52b], PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Поставен под карантина, [d388355b3178fc3aedb20925d9278779], PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Поставен под карантина, [d388355b3178fc3aedb20925d9278779], PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Поставен под карантина, [d388355b3178fc3aedb20925d9278779], PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Поставен под карантина, [d388355b3178fc3aedb20925d9278779], PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, Поставен под карантина, [d388355b3178fc3aedb20925d9278779], PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, Поставен под карантина, [d388355b3178fc3aedb20925d9278779], PUP.Optional.Reimage, HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Поставен под карантина, [d388355b3178fc3aedb20925d9278779], PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, Поставен под карантина, [5cff00901297b284cdb761ca41bfc13f], PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, Поставен под карантина, [91caff919c0d5adce0d758d230d04db3], PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0, Поставен под карантина, [7cdf4f414b5ed95ddca1d06cb947ff01], PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, Поставен под карантина, [e47769277e2bcc6ae04dfd46ce328a76], PUP.Optional.Reimage, HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\SOFTWARE\Reimage, Поставен под карантина, [a3b867292f7a261004e936270af68f71], PUP.Optional.Reimage, HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Поставен под карантина, [5704d7b93376989e15344fe81ce4f40c], PUP.Optional.Reimage, HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\SOFTWARE\REIMAGE\PC REPAIR, Поставен под карантина, [92c9aae65356eb4bf0622d019070738d], Стойности в системния регистър: 2 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0, REI_AxControl 1.0 Type Library, Поставен под карантина, [7cdf4f414b5ed95ddca1d06cb947ff01] PUP.Optional.Reimage, HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\SOFTWARE\REIMAGE\PC REPAIR|QuitMessage, , Поставен под карантина, [92c9aae65356eb4bf0622d019070738d] Данни в системния регистър: 0 (Не бяха открити злонамерени обекти) Папки: 0 (Не бяха открити злонамерени обекти) Файлове: 5 PUP.Optional.Reimage, C:\Users\11\AppData\Local\Temp\ReimagePackage.exe, Поставен под карантина, [2338543c3b6e2610f037939929d79868], PUP.Optional.Reimage, C:\Users\11\Downloads\ReimageRepair.exe, Поставен под карантина, [8ad17e126e3b93a34fd859d3f20e50b0], PUP.Optional.Reimage, C:\Users\11\AppData\Local\Temp\Reimage.log, Поставен под карантина, [5605ff91951476c074db1629a8580ff1], PUP.Optional.Reimage, C:\Windows\Temp\reimage.log, Поставен под карантина, [f7641977862386b0282799a658a8c838], PUP.Optional.Reimage, C:\Windows\Reimage.ini, Поставен под карантина, [db80731df3b6f83e1c63404cab56f60a], Физически сектори: 0 (Не бяха открити злонамерени обекти) (end) HitmanPro 3.7.20.286 www.hitmanpro.com Computer name . . . . : 11-PC Windows . . . . . . . : 6.1.1.7601.X86/2 User name . . . . . . : 11-PC\11 UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2017-08-22 12:33:24 Scan mode . . . . . . : Normal Scan duration . . . . : 2m 3s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 3 Traces . . . . . . . : 170 Objects scanned . . . : 574 969 Files scanned . . . . : 17 064 Remnants scanned . . : 112 313 files / 445 592 keys Malware _____________________________________________________________________ C:\Users\11\AppData\Roaming\uTorrent\updates\3.5.0_43916.exe Size . . . . . . . : 2 150 336 bytes Age . . . . . . . : 19.9 days (2017-08-02 14:52:47) Entropy . . . . . : 8.0 SHA-256 . . . . . : 5B35C658221EAD9E675241FA10B10FFC0A650BF64E78DE6C0A69FCDE1EE89401 Product . . . . . : µTorrent Publisher . . . . : BitTorrent Inc. Description . . . : µTorrent Version . . . . . : 3.5.0.43916 Copyright . . . . : ©2016 BitTorrent, Inc. All Rights Reserved. RSA Key Size . . . : 2048 LanguageID . . . . : 1033 Authenticode . . . : Valid > HitmanPro . . . . : Malware Fuzzy . . . . . . : 102.0 Forensic Cluster -5.7s C:\Users\11\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1762113390-2743852867-4213644173-1000\1f91d2d17ea675d4c2c3192e241743f9_28003e65-26c7-4c2d-b07d-dce19e5b60f3 -1.5s C:\Users\11\AppData\Roaming\uTorrent\ -1.5s C:\Users\11\AppData\Roaming\uTorrent\utorrent.lng -1.4s C:\Users\11\AppData\Roaming\uTorrent\settings.dat.old -1.4s C:\Users\11\AppData\Roaming\uTorrent\apps\ -1.4s C:\Users\11\AppData\Roaming\uTorrent\uTorrent.exe -1.4s C:\Users\11\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -1.4s C:\Users\11\Desktop\µTorrent.lnk -1.4s C:\Users\11\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -1.4s C:\Users\11\AppData\Roaming\uTorrent\maindoc.ico -1.0s C:\Users\11\AppData\Roaming\uTorrent\apps\plus.btapp -1.0s C:\Users\11\AppData\Roaming\uTorrent\apps\player.btapp -1.0s C:\Users\11\AppData\Roaming\uTorrent\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\ -1.0s C:\Users\11\AppData\Roaming\uTorrent\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\btapp -1.0s C:\Users\11\AppData\Roaming\uTorrent\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\main.css -1.0s C:\Users\11\AppData\Roaming\uTorrent\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\icon.bmp -1.0s C:\Users\11\AppData\Roaming\uTorrent\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\index.html -1.0s C:\Users\11\AppData\Roaming\uTorrent\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\index.js -0.8s C:\Users\11\AppData\Roaming\uTorrent\apps\welcome-upsell.btapp -0.8s C:\Users\11\AppData\Roaming\uTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\ -0.8s C:\Users\11\AppData\Roaming\uTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\btapp -0.8s C:\Users\11\AppData\Roaming\uTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\empty_movie.gif -0.8s C:\Users\11\AppData\Roaming\uTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\index.html -0.8s C:\Users\11\AppData\Roaming\uTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\info_icon.png -0.8s C:\Users\11\AppData\Roaming\uTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\main.css -0.8s C:\Users\11\AppData\Roaming\uTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\vid_thumb.jpg -0.8s C:\Users\11\AppData\Roaming\uTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\x.png -0.7s C:\Users\11\AppData\Roaming\uTorrent\apps\featuredContent.btapp -0.0s C:\Users\11\AppData\Roaming\uTorrent\share\ -0.0s C:\Users\11\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1762113390-2743852867-4213644173-1000\5a028b3ab4059d1387a874c7ce4285d7_28003e65-26c7-4c2d-b07d-dce19e5b60f3 0.0s C:\Users\11\AppData\Roaming\uTorrent\updates\ 0.0s C:\Users\11\AppData\Roaming\uTorrent\updates\3.5.0_43916.exe 0.0s C:\Users\11\AppData\Roaming\uTorrent\updates.dat 0.2s C:\Users\11\AppData\Roaming\uTorrent\dlimagecache\ 0.2s C:\Users\11\AppData\Roaming\uTorrent\updates\3.5.0_43916\ 0.2s C:\Users\11\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe 2.2s C:\Users\11\AppData\Roaming\Microsoft\Windows\Cookies\Low\11@bitmedianetwork[1].txt 5.6s C:\Users\11\AppData\Roaming\Microsoft\Windows\Cookies\Low\11@quantserve[2].txt 11.2s C:\Users\11\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1762113390-2743852867-4213644173-1000\3f2c3b609b68513f1897e6a1467feab1_28003e65-26c7-4c2d-b07d-dce19e5b60f3 14.7s C:\Users\11\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1762113390-2743852867-4213644173-1000\b5f3c5e06cb7c5f56a48ecbe7b73d002_28003e65-26c7-4c2d-b07d-dce19e5b60f3 22.1s C:\Users\11\AppData\Roaming\uTorrent\dlimagecache\165F6EF40A81DD175FFAEA69E77ABFD30B27E71C 23.2s C:\Users\11\AppData\Roaming\uTorrent\dht_feed.dat.old 23.2s C:\Users\11\AppData\Roaming\uTorrent\rss.dat.old 23.2s C:\Users\11\AppData\Roaming\uTorrent\dht.dat.old 23.3s C:\Users\11\AppData\Roaming\uTorrent\resume.dat.old 24.4s C:\Users\11\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1762113390-2743852867-4213644173-1000\5dedb91a784c2876f36643589e6b28f5_28003e65-26c7-4c2d-b07d-dce19e5b60f3 C:\Users\11\AppData\Roaming\uTorrent\uTorrent.exe Size . . . . . . . : 2 150 336 bytes Age . . . . . . . : 19.9 days (2017-08-02 14:52:45) Entropy . . . . . : 8.0 SHA-256 . . . . . : 5B35C658221EAD9E675241FA10B10FFC0A650BF64E78DE6C0A69FCDE1EE89401 Product . . . . . : µTorrent Publisher . . . . : BitTorrent Inc. Description . . . : µTorrent Version . . . . . : 3.5.0.43916 Copyright . . . . : ©2016 BitTorrent, Inc. All Rights Reserved. RSA Key Size . . . : 2048 Desktop . . . . . : Default Parent Name . . . : C:\Windows\Explorer.EXE LanguageID . . . . : 1033 Authenticode . . . : Valid Running processes : 2664 > HitmanPro . . . . : Malware Fuzzy . . . . . . : 109.0 Startup HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uTorrent References C:\Users\11\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk C:\Users\11\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk C:\Users\11\Desktop\µTorrent.lnk Network Ports 0.0.0.0:60865 127.0.0.1:10000 192.168.1.5:60865 89.215.245.126:55724 Forensic Cluster -4.3s C:\Users\11\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1762113390-2743852867-4213644173-1000\1f91d2d17ea675d4c2c3192e241743f9_28003e65-26c7-4c2d-b07d-dce19e5b60f3 -0.0s C:\Users\11\AppData\Roaming\uTorrent\ -0.0s C:\Users\11\AppData\Roaming\uTorrent\utorrent.lng -0.0s C:\Users\11\AppData\Roaming\uTorrent\settings.dat.old -0.0s C:\Users\11\AppData\Roaming\uTorrent\apps\ 0.0s C:\Users\11\AppData\Roaming\uTorrent\uTorrent.exe 0.0s C:\Users\11\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 0.0s C:\Users\11\Desktop\µTorrent.lnk 0.0s C:\Users\11\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk 0.0s C:\Users\11\AppData\Roaming\uTorrent\maindoc.ico 0.4s C:\Users\11\AppData\Roaming\uTorrent\apps\plus.btapp 0.5s C:\Users\11\AppData\Roaming\uTorrent\apps\player.btapp 0.5s C:\Users\11\AppData\Roaming\uTorrent\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\ 0.5s C:\Users\11\AppData\Roaming\uTorrent\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\btapp 0.5s C:\Users\11\AppData\Roaming\uTorrent\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\main.css 0.5s C:\Users\11\AppData\Roaming\uTorrent\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\icon.bmp 0.5s C:\Users\11\AppData\Roaming\uTorrent\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\index.html 0.5s C:\Users\11\AppData\Roaming\uTorrent\apps\72F0D3E2141065DACF6134D07A06A2DF20590748\index.js 0.6s C:\Users\11\AppData\Roaming\uTorrent\apps\welcome-upsell.btapp 0.6s C:\Users\11\AppData\Roaming\uTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\ 0.6s C:\Users\11\AppData\Roaming\uTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\btapp 0.6s C:\Users\11\AppData\Roaming\uTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\empty_movie.gif 0.6s C:\Users\11\AppData\Roaming\uTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\index.html 0.6s C:\Users\11\AppData\Roaming\uTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\info_icon.png 0.6s C:\Users\11\AppData\Roaming\uTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\main.css 0.6s C:\Users\11\AppData\Roaming\uTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\vid_thumb.jpg 0.6s C:\Users\11\AppData\Roaming\uTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\x.png 0.7s C:\Users\11\AppData\Roaming\uTorrent\apps\featuredContent.btapp 1.4s C:\Users\11\AppData\Roaming\uTorrent\share\ 1.4s C:\Users\11\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1762113390-2743852867-4213644173-1000\5a028b3ab4059d1387a874c7ce4285d7_28003e65-26c7-4c2d-b07d-dce19e5b60f3 1.4s C:\Users\11\AppData\Roaming\uTorrent\updates\ 1.4s C:\Users\11\AppData\Roaming\uTorrent\updates\3.5.0_43916.exe 1.4s C:\Users\11\AppData\Roaming\uTorrent\updates.dat 1.6s C:\Users\11\AppData\Roaming\uTorrent\dlimagecache\ 1.6s C:\Users\11\AppData\Roaming\uTorrent\updates\3.5.0_43916\ 1.6s C:\Users\11\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe 3.6s C:\Users\11\AppData\Roaming\Microsoft\Windows\Cookies\Low\11@bitmedianetwork[1].txt 7.0s C:\Users\11\AppData\Roaming\Microsoft\Windows\Cookies\Low\11@quantserve[2].txt 12.6s C:\Users\11\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1762113390-2743852867-4213644173-1000\3f2c3b609b68513f1897e6a1467feab1_28003e65-26c7-4c2d-b07d-dce19e5b60f3 16.1s C:\Users\11\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1762113390-2743852867-4213644173-1000\b5f3c5e06cb7c5f56a48ecbe7b73d002_28003e65-26c7-4c2d-b07d-dce19e5b60f3 23.5s C:\Users\11\AppData\Roaming\uTorrent\dlimagecache\165F6EF40A81DD175FFAEA69E77ABFD30B27E71C 24.6s C:\Users\11\AppData\Roaming\uTorrent\dht_feed.dat.old 24.6s C:\Users\11\AppData\Roaming\uTorrent\rss.dat.old 24.6s C:\Users\11\AppData\Roaming\uTorrent\dht.dat.old 24.7s C:\Users\11\AppData\Roaming\uTorrent\resume.dat.old 25.9s C:\Users\11\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1762113390-2743852867-4213644173-1000\5dedb91a784c2876f36643589e6b28f5_28003e65-26c7-4c2d-b07d-dce19e5b60f3 C:\Users\11\Desktop\FRST.exe Size . . . . . . . : 1 792 512 bytes Age . . . . . . . : 4.1 days (2017-08-18 10:46:43) Entropy . . . . . : 7.6 SHA-256 . . . . . : B79569168938B404599AB383EC2DABCE08DE93781F44F8CB70E29950A12189A7 Needs elevation . : Yes > HitmanPro . . . . : Malware Fuzzy . . . . . . : 124.0 Forensic Cluster -7.0s C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000ac -5.9s C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000ad -3.2s C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000ae 0.0s C:\Users\11\Desktop\FRST.exe 6.2s C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000af 9.6s C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000b0 13.9s C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000b1 13.9s C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_0000b2 24.1s C:\Users\11\AppData\Local\Temp\ProtectorPackage.log 35.7s C:\Users\11\AppData\Local\Temp\ack2.txt 36.2s C:\Users\11\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3SI11M84\events[1].php 66.2s C:\FRST\ 66.2s C:\FRST\Hives\ 66.2s C:\FRST\Logs\ 66.2s C:\FRST\Quarantine\ 66.3s C:\FRST\Hives\ERDNT.INF 66.3s C:\FRST\Hives\ERDNT.CON 66.3s C:\FRST\Hives\BCD 66.3s C:\FRST\Hives\SYSTEM 66.5s C:\FRST\Hives\SOFTWARE 68.1s C:\FRST\Hives\DEFAULT 68.1s C:\FRST\Hives\SECURITY 68.2s C:\FRST\Hives\SAM 68.2s C:\FRST\Hives\Users\ 68.2s C:\FRST\Hives\Users\00000001\ 68.2s C:\FRST\Hives\Users\00000001\NTUSER.DAT 68.3s C:\FRST\Hives\Users\00000002\ 68.3s C:\FRST\Hives\Users\00000002\UsrClass.dat 68.3s C:\FRST\Hives\ERDNT.EXE 68.3s C:\FRST\Hives\ERDNTWIN.LOC 68.3s C:\FRST\Hives\ERDNTDOS.LOC 68.8s C:\Users\11\AppData\Roaming\Microsoft\Windows\Cookies\11@bleepingcomputer[1].txt 68.8s C:\Users\11\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y4Z0SL6K\up32[1] 68.9s C:\Users\11\Desktop\FRST.txt 82.6s C:\Users\11\Desktop\Addition.txt 90.7s C:\FRST\Logs\Addition_18-08-2017 10.48.14.txt 90.7s C:\FRST\Logs\FRST_18-08-2017 10.48.14.txt Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Microsoft\Tracing\ProtectorUpdater_RASAPI32\ (ReimageRepair) HKLM\SOFTWARE\Microsoft\Tracing\ProtectorUpdater_RASMANCS\ (ReimageRepair) HKLM\SOFTWARE\Microsoft\Tracing\Reimage_RASAPI32\ (ReimageRepair) HKLM\SOFTWARE\Microsoft\Tracing\Reimage_RASMANCS\ (ReimageRepair) HKLM\SOFTWARE\Microsoft\Tracing\ReimagePackage_RASAPI32\ (ReimageRepair) HKLM\SOFTWARE\Microsoft\Tracing\ReimagePackage_RASMANCS\ (ReimageRepair) HKLM\SOFTWARE\Microsoft\Tracing\ReimageRepair_RASAPI32\ (ReimageRepair) HKLM\SOFTWARE\Microsoft\Tracing\ReimageRepair_RASMANCS\ (ReimageRepair) HKLM\SOFTWARE\Microsoft\Tracing\UniProtectorPackage_RASAPI32\ (ReimageRepair) HKLM\SOFTWARE\Microsoft\Tracing\UniProtectorPackage_RASMANCS\ (ReimageRepair) HKLM\SOFTWARE\Reimage\ (ReimageRepair) Cookies _____________________________________________________________________ C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:254a.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:acuityplatform.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.moreto.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrn.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:adformdsp.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:adgrx.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:adingo.jp C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:admized.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.avocet.io C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.betweendigital.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.kaldata.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.kiosked.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.linkedin.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.servebom.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trafficjunky.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.vwclub.bg C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yieldmo.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.bta.bg C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserving.ancoraplatform.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechjp.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertere.*** C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:amgdgt.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:angsrvr.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:atemda.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:basebanner.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.appier.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ctnsnet.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:cw.addthis.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:dh.serving-sys.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:diff3.smartadserver.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:erne.co C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ero-advertising.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyereturn.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.sonobi.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:gssprt.jp C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibillboard.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ih.adscale.de C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipredictive.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:legolas-media.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.adsby.bidtheatre.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:metrigo.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:mmstat.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:mxptint.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:optimatic.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:outbrain.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixxxels.org C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool.admedo.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:porn-xnick.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornleech.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornolab.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:postrelease.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:sandbox.bidswitch.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:schoolgirlfuck.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.adformdsp.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:sonypanasia.112.2o7.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:switchadhub.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:sxp.smartclip.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:sync.go.sonobi.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:syndication.exoclick.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap-secure.rubiconproject.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap-t.rubiconproject.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap.rubiconproject.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap2-cdn.rubiconproject.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:tremorhub.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:u3s.mathtag.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:virool.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww1097.smartadserver.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:www3.smartadserver.com C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldlab.net C:\Users\11\AppData\Roaming\Microsoft\Windows\Cookies\Low\11@adnxs[1].txt C:\Users\11\AppData\Roaming\Microsoft\Windows\Cookies\Low\11@advertising[1].txt C:\Users\11\AppData\Roaming\Microsoft\Windows\Cookies\Low\11@at.atwola[1].txt C:\Users\11\AppData\Roaming\Microsoft\Windows\Cookies\Low\11@atwola[1].txt C:\Users\11\AppData\Roaming\Microsoft\Windows\Cookies\Low\11@doubleclick[2].txt C:\Users\11\AppData\Roaming\Microsoft\Windows\Cookies\Low\11@scorecardresearch[2].txt C:\Users\11\AppData\Roaming\Microsoft\Windows\Cookies\Low\11@track.adform[1].txt
  7. Цяла папка в компютъра е засегната, вътре имам някои важни файлове. Всичките са с разширение .odin. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-08-2017 Ran by 11 (administrator) on 11-PC (18-08-2017 10:47:52) Running from C:\Users\11\Desktop Loaded Profiles: 11 (Available Profiles: 11) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Български (България) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe (CANON INC.) C:\Windows\System32\CNAB3RPK.EXE (Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe (Viber Media S.Ã r.l.) C:\Users\11\AppData\Local\Viber\Viber.exe (Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\...\Run: [uTorrent] => C:\Users\11\AppData\Roaming\uTorrent\uTorrent.exe [2150336 2017-08-02] (BitTorrent Inc.) HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3880640 2017-07-03] (Disc Soft Ltd) HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\...\Run: [Viber] => C:\Users\11\AppData\Local\Viber\Viber.exe [30867536 2017-08-03] (Viber Media S.Ã r.l.) HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1421224 2017-08-04] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\...\MountPoints2: H - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\...\MountPoints2: {888878a9-7777-11e7-b2b3-6470021bcfea} - G:\HiSuiteDownLoader.exe HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\...\MountPoints2: {d48670a0-7cd5-11e7-aebf-6470021bcfea} - F:\setup.exe HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\...\MountPoints2: {ee9fdf7e-7b67-11e7-ad89-6470021bcfea} - F:\HiSuiteDownLoader.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP3000 Status Window.lnk [2017-08-15] ShortcutTarget: Canon LBP3000 Status Window.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\CNAB3LAK.EXE (CANON INC.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SPDriverInstall.lnk [2017-08-16] ShortcutTarget: SPDriverInstall.lnk -> C:\Program Files\MediaTek\SP Driver\SPDriverInstall (No File) GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 212.39.90.42 8.8.8.8 Tcpip\..\Interfaces\{71902526-8799-4AA6-847E-117D3D8A13E1}: [DhcpNameServer] 212.39.90.42 8.8.8.8 Internet Explorer: ================== HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp FireFox: ======== FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-02] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-02] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\11\AppData\Local\Google\Chrome\User Data\Default [2017-08-18] CHR Extension: (Google Презентации) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-02] CHR Extension: (Google Документи) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-02] CHR Extension: (Google Диск) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-02] CHR Extension: (YouTube) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-02] CHR Extension: (Adobe Acrobat) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-07] CHR Extension: (Електронни таблици от Google) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-02] CHR Extension: (Google Документи офлайн) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-02] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-02] CHR Extension: (Gmail) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-02] CHR Extension: (Chrome Media Router) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-02] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-08-07] (Intel Corporation) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2324672 2017-07-03] (Disc Soft Ltd) R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1102352 2017-08-04] (Garmin Ltd. or its subsidiaries) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AR9271; C:\Windows\System32\DRIVERS\athuw.sys [1763584 2013-06-29] (Atheros Communications, Inc.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2017-08-09] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2017-08-09] (Disc Soft Ltd) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-18 10:47 - 2017-08-18 10:47 - 000008299 _____ C:\Users\11\Desktop\FRST.txt 2017-08-18 10:47 - 2017-08-18 10:47 - 000000000 ____D C:\FRST 2017-08-18 10:46 - 2017-08-18 10:46 - 001792512 _____ (Farbar) C:\Users\11\Desktop\FRST.exe 2017-08-18 10:36 - 2017-08-18 10:47 - 000000000 ____D C:\Program Files\Reimage 2017-08-18 10:36 - 2017-08-18 10:46 - 000000140 _____ C:\Windows\Reimage.ini 2017-08-18 10:36 - 2017-08-18 10:36 - 000604928 _____ (Reimage) C:\Users\11\Downloads\ReimageRepair.exe 2017-08-17 17:00 - 2017-08-17 17:00 - 000014731 _____ C:\Users\11\Downloads\HealthStatus.html 2017-08-17 16:50 - 2017-08-17 16:50 - 000062464 _____ C:\Users\11\Downloads\deklaracia_7_zdravnoosig_vnoski (1).xls 2017-08-17 16:44 - 2017-08-17 16:44 - 000062464 _____ C:\Users\11\Downloads\deklaracia_7_zdravnoosig_vnoski.xls 2017-08-17 16:37 - 2017-08-17 16:37 - 000092160 _____ C:\Users\11\Downloads\Deklaracia_1_20177 (1).xls 2017-08-17 16:37 - 2017-08-17 16:37 - 000033134 _____ C:\Users\11\Downloads\Deklaracia_7_2017.xlsx 2017-08-17 16:36 - 2017-08-17 16:36 - 000092160 _____ C:\Users\11\Downloads\Deklaracia_1_20177.xls 2017-08-16 14:37 - 2017-08-16 14:37 - 003732163 _____ C:\Users\11\Desktop\robot.rar 2017-08-16 14:05 - 2017-08-16 14:33 - 000000000 ____D C:\Users\11\Desktop\robot 2017-08-16 14:01 - 2017-08-16 14:06 - 057118257 _____ C:\Users\11\Downloads\MTK Usb Driver v1.0.8.zip 2017-08-16 13:50 - 2017-08-16 14:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SP Driver 2017-08-16 13:50 - 2017-08-16 13:50 - 000000000 ____D C:\Users\11\.android 2017-08-16 13:50 - 2017-08-16 13:50 - 000000000 ____D C:\Program Files\MediaTek 2017-08-16 13:49 - 2017-08-16 13:49 - 000000000 ____D C:\Users\11\Desktop\MTK_USB_All_1.0.1 2017-08-16 13:48 - 2017-08-16 13:49 - 057116528 _____ C:\Users\11\Downloads\MTK_USB_All_v1.0.1.zip 2017-08-16 13:20 - 2017-08-16 13:20 - 000012359 _____ C:\Users\11\Downloads\Mature nl Sabrina Jade - Hardcore (04.08.2017) rq.mp4.torrent 2017-08-16 13:07 - 2017-08-16 13:07 - 000016211 _____ C:\Users\11\Downloads\[pornolab.net].t1887011.torrent 2017-08-16 12:39 - 2017-08-16 12:39 - 000013351 _____ C:\Users\11\Downloads\[pornolab.net].t1887010.torrent 2017-08-15 16:32 - 2017-08-15 16:32 - 000223558 _____ C:\Users\11\Desktop\machine8.bmp 2017-08-15 16:27 - 2017-08-15 16:27 - 000000000 ____D C:\ProgramData\GRETECH 2017-08-15 16:26 - 2017-08-15 16:26 - 000002033 _____ C:\Users\11\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk 2017-08-15 16:26 - 2017-08-15 16:26 - 000001133 _____ C:\Users\Public\Desktop\GOM Player.lnk 2017-08-15 16:26 - 2017-08-15 16:26 - 000000000 ____D C:\Users\11\AppData\Roaming\GRETECH 2017-08-15 16:26 - 2017-08-15 16:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM 2017-08-15 16:26 - 2017-08-15 16:26 - 000000000 ____D C:\Program Files\GRETECH 2017-08-15 16:26 - 2017-08-15 16:26 - 000000000 _____ C:\end 2017-08-15 16:25 - 2017-08-15 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Printer Uninstaller 2017-08-15 16:25 - 2017-08-15 16:25 - 000000000 ____D C:\Program Files\Canon 2017-08-15 16:25 - 2012-12-28 06:01 - 000075136 _____ C:\Users\11\Downloads\Windows 8_Notice.pdf 2017-08-15 16:25 - 2012-10-27 18:00 - 000192512 _____ (CANON INC.) C:\Windows\system32\CNAB3EMU.DLL 2017-08-15 16:25 - 2012-10-27 18:00 - 000163840 _____ (CANON INC.) C:\Windows\system32\CNAB3SMK.DLL 2017-08-15 16:25 - 2012-10-27 18:00 - 000113856 _____ (CANON INC.) C:\Windows\system32\CNAB3RPK.EXE 2017-08-15 16:25 - 2012-10-27 18:00 - 000106496 _____ (CANON INC.) C:\Windows\system32\CNAB3LMK.DLL 2017-08-15 16:25 - 2012-10-27 18:00 - 000057344 _____ (CANON INC.) C:\Windows\system32\CNAB3PTU.DLL 2017-08-15 16:24 - 2017-08-15 16:24 - 027679768 _____ (GOM & Company) C:\Users\11\Downloads\GOMPLAYERGLOBALSETUP_CHROME.EXE 2017-08-15 16:24 - 2017-08-15 16:24 - 000000000 ____D C:\Users\11\Downloads\LBP3000_R150_V330_W32_uk_EN_1 2017-08-15 16:23 - 2017-08-15 16:24 - 009616960 _____ C:\Users\11\Downloads\LBP3000_R150_V330_W32_uk_EN_1.exe 2017-08-14 15:51 - 2017-08-14 15:51 - 000048690 _____ C:\Users\11\Downloads\Primo_BG_Speedcam.zip 2017-08-14 14:48 - 2017-08-14 14:54 - 000000000 ____D C:\Users\11\Desktop\igo8 -4 2017-08-14 14:26 - 2011-12-06 10:55 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll 2017-08-14 12:37 - 2017-08-14 13:20 - 251892247 _____ C:\Users\11\Downloads\Intel_Chipset_XPVistaWin7_V9301019.zip 2017-08-14 12:37 - 2017-08-14 12:37 - 003119651 _____ C:\Users\11\Downloads\P8H61-M-ASUS-4801.zip 2017-08-14 12:35 - 2017-08-14 12:35 - 000000941 _____ C:\Users\Public\Desktop\AIDA64 Engineer Edition.lnk 2017-08-14 12:35 - 2017-08-14 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIDA64 Engineer Edition 2017-08-14 12:34 - 2017-08-14 12:35 - 000000000 ____D C:\Program Files\AIDA64 2017-08-14 11:49 - 2017-08-14 11:49 - 000000000 ____D C:\Users\11\Documents\Garmin 2017-08-14 11:36 - 2017-08-14 11:37 - 069999448 _____ (Microsoft Corporation) C:\Users\11\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe 2017-08-14 11:36 - 2017-04-28 01:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2017-08-14 11:30 - 2017-08-14 14:05 - 000000000 ____D C:\ProgramData\Garmin 2017-08-14 11:30 - 2017-08-14 11:43 - 000000000 ____D C:\Users\11\AppData\Local\Garmin_Ltd._or_its_subsid 2017-08-14 11:30 - 2017-08-14 11:30 - 000001860 _____ C:\Users\Public\Desktop\Garmin Express.lnk 2017-08-14 11:30 - 2017-08-14 11:30 - 000000000 ____D C:\Users\11\AppData\Roaming\Garmin 2017-08-14 11:30 - 2017-08-14 11:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2017-08-14 11:30 - 2017-08-14 11:30 - 000000000 ____D C:\Program Files\Garmin 2017-08-14 11:30 - 2017-08-14 11:30 - 000000000 ____D C:\Program Files\DIFX 2017-08-14 11:29 - 2017-08-14 11:29 - 000000000 ____D C:\ProgramData\Package Cache 2017-08-10 14:18 - 2017-08-10 14:18 - 000000981 _____ C:\Users\Public\Desktop\Fotosizer.lnk 2017-08-10 14:18 - 2017-08-10 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotosizer 2017-08-10 14:18 - 2017-08-10 14:18 - 000000000 ____D C:\Program Files\Fotosizer 2017-08-10 14:11 - 2017-08-10 14:17 - 000000000 ____D C:\Users\11\Desktop\Карина 2017-08-10 14:07 - 2017-08-10 14:07 - 000001067 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk 2017-08-10 14:07 - 2017-08-10 14:07 - 000000000 ____D C:\Users\11\AppData\Roaming\FastStone 2017-08-10 14:07 - 2017-08-10 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer 2017-08-10 14:07 - 2017-08-10 14:07 - 000000000 ____D C:\Program Files\FastStone Image Viewer 2017-08-10 14:02 - 2017-08-18 08:48 - 000000000 ____D C:\Users\11\AppData\Roaming\ViberPC 2017-08-10 14:02 - 2017-08-11 12:17 - 000000000 ____D C:\Users\11\Documents\ViberDownloads 2017-08-10 14:02 - 2017-08-10 14:02 - 000000903 _____ C:\Users\11\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk 2017-08-10 14:02 - 2017-08-10 14:02 - 000000901 _____ C:\Users\11\Desktop\Viber.lnk 2017-08-10 14:02 - 2017-08-10 14:02 - 000000000 ____D C:\Users\11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber 2017-08-10 14:02 - 2017-08-10 14:02 - 000000000 ____D C:\Users\11\AppData\Local\Viber Media S.à r.l 2017-08-10 14:01 - 2017-08-10 14:02 - 000000000 ____D C:\Users\11\AppData\Local\Viber 2017-08-10 14:01 - 2017-08-10 14:01 - 000000000 ____D C:\Users\11\AppData\Local\Package Cache 2017-08-09 13:48 - 2017-08-09 13:48 - 000002217 _____ C:\Users\11\Desktop\Counter-Strike 1.6 CSS Edition.lnk 2017-08-09 13:47 - 2017-08-09 13:47 - 000000000 ____D C:\Program Files\Valve 2017-08-09 12:13 - 2017-08-09 13:38 - 000000472 __RSH C:\ProgramData\ntuser.pol 2017-08-09 12:13 - 2017-08-09 12:13 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images 2017-08-09 12:13 - 2017-08-09 12:13 - 000000000 ____D C:\Users\11\AppData\Local\Disc_Soft_Ltd 2017-08-09 11:56 - 2017-08-09 11:56 - 000040504 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys 2017-08-09 11:55 - 2017-08-09 12:13 - 000000000 ____D C:\Users\11\AppData\Roaming\DAEMON Tools Lite 2017-08-09 11:55 - 2017-08-09 12:13 - 000000000 ____D C:\Program Files\DAEMON Tools Lite 2017-08-09 11:55 - 2017-08-09 11:55 - 000026168 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2017-08-09 11:55 - 2017-08-09 11:55 - 000001930 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2017-08-09 11:55 - 2017-08-09 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2017-08-09 11:55 - 2017-08-09 11:55 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite 2017-08-07 14:55 - 2017-08-07 14:55 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2017-08-07 14:55 - 2017-08-07 14:55 - 000000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2017-08-07 14:40 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2017-08-07 14:40 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2017-08-07 13:38 - 2017-08-07 13:38 - 000000000 ____D C:\tts 2017-08-07 09:20 - 2017-08-07 09:20 - 000000000 ____D C:\Users\11\AppData\Roaming\Adobe 2017-08-07 09:20 - 2017-08-07 09:20 - 000000000 ____D C:\Users\11\AppData\LocalLow\Adobe 2017-08-07 09:20 - 2017-08-07 09:20 - 000000000 ____D C:\Users\11\AppData\Local\CEF 2017-08-07 09:16 - 2017-08-14 11:37 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-08-07 09:16 - 2017-08-07 09:16 - 000002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2017-08-07 09:16 - 2017-08-07 09:16 - 000000000 ____D C:\Program Files\Common Files\Adobe 2017-08-07 09:16 - 2017-08-07 09:16 - 000000000 ____D C:\Program Files\Adobe 2017-08-07 09:15 - 2017-08-07 15:12 - 000000000 ____D C:\ProgramData\Adobe 2017-08-07 09:14 - 2017-08-07 09:20 - 000000000 ____D C:\Users\11\AppData\Local\Adobe 2017-08-07 09:01 - 2017-08-07 09:01 - 000000000 ____D C:\Windows\PCHEALTH 2017-08-07 09:01 - 2017-08-07 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2017-08-07 09:01 - 2017-08-07 09:01 - 000000000 ____D C:\Program Files\Microsoft Works 2017-08-07 09:01 - 2017-08-07 09:01 - 000000000 ____D C:\Program Files\Microsoft Visual Studio 2017-08-07 09:01 - 2017-08-07 09:01 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2017-08-07 08:59 - 2017-08-07 09:01 - 000000000 ____D C:\Program Files\Microsoft Office 2017-08-07 08:59 - 2017-08-07 08:59 - 000000000 __RHD C:\MSOCache 2017-08-07 08:59 - 2017-08-07 08:59 - 000000000 ____D C:\Users\11\AppData\Local\Microsoft Help 2017-08-02 16:46 - 2017-08-02 16:46 - 000000000 ____D C:\Users\11\AppData\Roaming\WinRAR 2017-08-02 16:46 - 2017-08-02 16:46 - 000000000 ____D C:\Users\11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-08-02 16:46 - 2017-08-02 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-08-02 16:46 - 2017-08-02 16:46 - 000000000 ____D C:\Program Files\WinRAR 2017-08-02 16:33 - 2017-08-18 08:47 - 000000340 _____ C:\Windows\Tasks\DriverToolkit Autorun.job 2017-08-02 15:57 - 2017-08-02 15:57 - 000000000 ____D C:\Users\11\Documents\Virtual Machines 2017-08-02 15:47 - 2017-08-07 08:53 - 000000000 ____D C:\Users\11\AppData\Roaming\VMware 2017-08-02 15:47 - 2017-08-02 16:41 - 000000000 ____D C:\Users\11\AppData\Local\VMware 2017-08-02 15:45 - 2017-08-02 15:45 - 000001024 _____ C:\Windows\system32\%TMP% 2017-08-02 15:44 - 2017-08-07 08:54 - 000000000 ____D C:\ProgramData\VMware 2017-08-02 15:31 - 2017-08-02 15:31 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2017-08-02 15:19 - 2017-08-02 15:19 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk 2017-08-02 15:18 - 2017-08-02 15:19 - 000000000 ____D C:\Windows\WindowsMobile 2017-08-02 15:05 - 2017-08-02 14:10 - 000000000 ____D C:\Windows\Panther 2017-08-02 14:57 - 2017-08-02 14:58 - 000000000 ____D C:\ProgramData\DriverGenius 2017-08-02 14:57 - 2017-08-02 14:57 - 000000000 ___SD C:\Users\11\AppData\LocalLow\Temp 2017-08-02 14:56 - 2017-08-02 14:57 - 000000000 ____D C:\DriverGenius-Downloads 2017-08-02 14:52 - 2017-08-18 09:05 - 000000000 ____D C:\Users\11\AppData\Roaming\uTorrent 2017-08-02 14:52 - 2017-08-02 14:52 - 000000810 _____ C:\Users\11\Desktop\µTorrent.lnk 2017-08-02 14:52 - 2017-08-02 14:52 - 000000790 _____ C:\Users\11\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2017-08-02 14:48 - 2017-08-02 16:48 - 000000000 ____D C:\Program Files\DriverToolkit 2017-08-02 14:48 - 2017-08-02 14:48 - 000000000 ____D C:\Users\11\AppData\Local\DriverToolkit 2017-08-02 14:46 - 2017-08-18 08:51 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-02 14:46 - 2017-08-18 08:51 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-08-02 14:45 - 2017-08-07 14:38 - 000084896 _____ C:\Users\11\AppData\Local\GDIPFONTCACHEV1.DAT 2017-08-02 14:45 - 2017-08-02 14:56 - 000000000 ____D C:\Users\11\AppData\Local\Google 2017-08-02 14:45 - 2017-08-02 14:45 - 000000000 ____D C:\Users\11\AppData\Local\Deployment 2017-08-02 14:45 - 2017-08-02 14:45 - 000000000 ____D C:\Users\11\AppData\Local\Apps\2.0 2017-08-02 14:45 - 2017-08-02 14:45 - 000000000 ____D C:\Program Files\Google 2017-08-02 14:42 - 2017-08-02 14:42 - 000015384 _____ C:\Windows\system32\results.xml 2017-08-02 14:30 - 2017-08-14 14:26 - 000000000 ____D C:\Program Files\Intel 2017-08-02 14:30 - 2017-08-02 14:30 - 000000000 ____D C:\ProgramData\Intel 2017-08-02 14:30 - 2017-08-02 14:30 - 000000000 ____D C:\Program Files\Common Files\Intel 2017-08-02 14:30 - 2012-08-03 09:34 - 000056320 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL 2017-08-02 14:29 - 2017-08-02 14:29 - 000001769 _____ C:\Windows\Language_trs.ini 2017-08-02 14:29 - 2017-08-02 14:29 - 000000000 ____D C:\Intel 2017-08-02 14:21 - 2017-08-02 14:21 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2017-08-02 14:11 - 2017-08-02 14:11 - 000001401 _____ C:\Users\11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-08-02 14:10 - 2017-08-16 13:50 - 000000000 ____D C:\Users\11 2017-08-02 14:10 - 2017-08-09 13:49 - 000000000 ____D C:\Users\11\AppData\Local\VirtualStore 2017-08-02 14:10 - 2017-08-02 14:10 - 000000020 ___SH C:\Users\11\ntuser.ini 2017-08-02 14:10 - 2011-04-12 04:36 - 000000000 ____D C:\Users\11\AppData\Roaming\Media Center Programs 2017-08-02 14:08 - 2017-08-02 14:08 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2017-08-02 14:08 - 2017-08-02 14:08 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-18 09:50 - 2009-07-14 07:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-08-18 09:50 - 2009-07-14 07:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-08-18 08:52 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI 2017-08-18 08:52 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf 2017-08-18 08:47 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-08-09 12:13 - 2009-07-14 05:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2017-08-07 15:00 - 2009-07-14 07:33 - 000343200 _____ C:\Windows\system32\FNTCACHE.DAT 2017-08-07 09:01 - 2009-07-14 05:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2017-08-07 09:00 - 2011-04-12 04:37 - 000000000 ____D C:\Windows\ShellNew 2017-08-02 15:04 - 2009-07-14 07:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2017-08-02 14:10 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache 2017-08-02 14:08 - 2009-07-14 07:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2017-08-02 14:07 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\sysprep 2017-08-02 14:06 - 2011-04-12 04:37 - 000000000 ____D C:\Windows\CSC Some files in TEMP: ==================== 2017-06-20 04:59 - 2017-06-20 04:59 - 000164424 _____ (Microsoft Corporation) C:\Users\11\AppData\Local\Temp\atl110.dll 2017-08-09 11:53 - 2017-08-09 11:54 - 026624872 _____ (Disc Soft Ltd) C:\Users\11\AppData\Local\Temp\DTLite1060-0275_split.exe 2017-08-09 11:56 - 2017-08-09 11:56 - 001005568 _____ (Microsoft Corporation) C:\Users\11\AppData\Local\Temp\dt_D25F.tmp.exe 2017-06-20 04:59 - 2017-06-20 04:59 - 000069632 _____ () C:\Users\11\AppData\Local\Temp\HwInfo.dll 2017-06-20 04:59 - 2017-06-20 04:59 - 000900096 _____ () C:\Users\11\AppData\Local\Temp\NSISPromotionEx.dll 2017-08-18 10:36 - 2017-08-18 10:36 - 012171856 _____ (Reimage) C:\Users\11\AppData\Local\Temp\ReimagePackage.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-08-11 09:35 ==================== End of FRST.txt ============================ Addition.txt
  8. На мой познат лаптопът наскоро пострада сериозно и сега му търсим всички пластмаси- дъното, тази а която се хваща клавиатурата и тази около дисплея с пантите. Не намирам точно неговия модел, който е SVE151G13M, но намерих един SVE151C11M. Дали ще пасне всичко или имат различия?
  9. stefarata

    Инфектиран лаптоп

    Върнахме компютъра с точка на възстановяване и се оправиха иконите. Благодаря за помощта
  10. stefarata

    Инфектиран лаптоп

    исках да кажа, че почти всички икони на програми на работния плот са асоциирани с мозила и отварянето им води до отваряне на прозорец в мозила, където пък се появява питане за изпълнение на .exe файл
  11. stefarata

    Инфектиран лаптоп

    Същото е положението. Повечето икони на десктопа водят до изпълняване на .exe файлове
  12. stefarata

    Инфектиран лаптоп

    ComboFix 17-03-28.01 - VIMAX 03.2017 г. 10:01:22.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1033.18.3499.1547 [GMT 3:00] Running from: D:\ComboFix.exe Command switches used :: D:\CFScript.txt.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\users\VIMAX\AppData\Local\Temp\jatmlano.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_JATMLANO -------\Service_jatmlano . . ((((((((((((((((((((((((( Files Created from 2017-02-28 to 2017-03-31 ))))))))))))))))))))))))))))))) . . 2017-03-31 07:10 . 2017-03-31 07:10 -------- d-----w- c:\users\Guest\AppData\Local\temp 2017-03-31 07:10 . 2017-03-31 07:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-03-31 06:10 . 2017-03-31 06:10 -------- d-----w- c:\users\Default\AppData\Local\Google 2017-03-30 12:15 . 2017-03-30 12:15 -------- d-----w- c:\users\VIMAX\AppData\Local\ESET 2017-03-30 12:09 . 2017-03-30 13:32 -------- d-----w- C:\FRST 2017-03-30 11:52 . 2017-03-30 13:26 -------- d-----w- C:\AdwCleaner 2017-03-30 10:53 . 2017-03-31 07:13 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2017-03-30 10:53 . 2017-03-30 10:53 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2017-03-30 10:53 . 2017-03-30 10:53 -------- d-----w- c:\programdata\Malwarebytes 2017-03-30 10:53 . 2015-10-05 06:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2017-03-30 10:53 . 2015-10-05 06:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2017-03-30 10:53 . 2015-10-05 06:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2017-03-29 12:39 . 2017-03-29 12:39 -------- d-----w- c:\program files\Common Files\Skype 2017-03-29 12:39 . 2017-03-29 12:39 -------- d-----r- c:\program files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-03-15 15:54 . 2014-04-22 07:05 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2017-03-15 15:54 . 2014-04-22 07:05 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2017-03-21 05:15 576408 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2017-03-21 05:15 576408 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2017-03-21 05:15 576408 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2016-03-07 35910688] "BingSvc"="c:\users\VIMAX\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2015-11-04 144008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-21 143640] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-21 177432] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-21 176408] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1210640] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2016-07-20 5565960] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2016-12-19 20:38 1160408 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2012-04-04 03:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager] 2012-03-09 13:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2012-01-05 15:42 75624 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 11:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2014-03-04 09:19 3696912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ELBERT_XRX_S2P] 2010-01-15 01:06 253952 ----a-w- c:\program files\Xerox\Xerox Phaser 3300MFP\PSU\Scan2pc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTrackingLEDM] 2009-10-15 15:43 30264 ----a-w- c:\program files\HP\HP UT LEDM\bin\hppusg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui] 2016-07-20 09:09 5565960 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe] 2016-03-07 21:34 35910688 ----a-w- c:\program files\ooVoo\ooVoo.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2017-03-14 05:24 27545048 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2015-04-30 10:45 334896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 10:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2016-08-17 03:40 1972224 ----a-w- c:\users\VIMAX\AppData\Roaming\uTorrent\uTorrent.exe . R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624] R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2009-10-15 136192] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2017-02-27 317400] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-04-26 108032] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 227600] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-03-01 36600] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-04-21 1343400] R3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\Drivers\XMLDIUSB.sys [2010-01-29 33152] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-04-21 243128] S2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2012-07-25 247712] S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2012-11-08 100232] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784] S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-03-10 5120] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 269824] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-05 23256] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2017-03-31 170200] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-05 51928] S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-01-04 7435264] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2017-02-08 07:00 1368920 ----a-w- c:\program files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2017-01-17 23:07 323152 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll . Contents of the 'Scheduled Tasks' folder . 2017-03-31 c:\windows\Tasks\AutoKMS.job - c:\windows\AutoKMS\AutoKMS.exe [2014-04-21 17:43] . . ------- Supplementary Scan ------- . IE: &Експортиране към Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 Trusted Zone: alipay.com Trusted Zone: alisoft.com Trusted Zone: taobao.com FF - ProfilePath - c:\users\VIMAX\AppData\Roaming\Mozilla\Firefox\Profiles\rkpuka9c.default\ FF - prefs.js: browser.search.selectedEngine - Amazon.com FF - prefs.js: browser.startup.homepage - about:home . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WUDFHost.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files\TeamViewer\TeamViewer_Service.exe c:\windows\system32\taskhost.exe c:\program files\Malwarebytes Anti-Malware\mbam.exe c:\program files\Garena Plus\ggdllhost.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\sppsvc.exe c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE c:\windows\system32\WUDFHost.exe c:\program files\TeamViewer\TeamViewer.exe c:\program files\TeamViewer\tv_w32.exe c:\windows\system32\conhost.exe c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe c:\windows\system32\wbem\unsecapp.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2017-03-31 10:16:55 - machine was rebooted ComboFix-quarantined-files.txt 2017-03-31 07:16 ComboFix2.txt 2017-03-30 08:11 . Pre-Run: 9 094 336 512 bytes free Post-Run: 8 755 707 904 bytes free . - - End Of File - - 0510454A98AD05198A1318AB1810C781 A36C5E4F47E84449FF07ED3517B43A31
  13. stefarata

    Инфектиран лаптоп

    Addition.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017 Ran by VIMAX (administrator) on VIMAX1-PC (30-03-2017 16:28:29) Running from C:\Users\VIMAX\Downloads Loaded Profiles: VIMAX (Available Profiles: VIMAX & Guest) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe () C:\Program Files\Garena Plus\ggdllhost.exe (HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe (HP) C:\Windows\System32\HPSIsvc.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (ooVoo LLC) C:\Program Files\ooVoo\ooVoo.exe (© 2015 Microsoft Corporation) C:\Users\VIMAX\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Nero AG) C:\Program Files\Nero\Update\NASvc.exe (ESET spol. s r.o.) C:\Users\VIMAX\Downloads\esetonlinescanner_enu.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies) C:\Program Files\Skype\Browser\SkypeBrowserHost.exe (Skype Technologies) C:\Program Files\Skype\Browser\SkypeBrowserHost.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2011-01-05] (Intel(R) Corporation) HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.) HKU\S-1-5-21-4269030602-1347502330-2067200166-1000\...\Run: [ooVoo.exe] => C:\Program Files\ooVoo\oovoo.exe [35910688 2016-03-08] (ooVoo LLC) HKU\S-1-5-21-4269030602-1347502330-2067200166-1000\...\Run: [BingSvc] => C:\Users\VIMAX\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{3E7D207B-9C46-41E3-B86D-5775BC74FBA0}: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{B42DD882-E926-4D9B-8E7B-0DB9DBD4FB58}: [DhcpNameServer] 89.190.192.247 89.190.192.248 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-4269030602-1347502330-2067200166-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4269030602-1347502330-2067200166-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-25] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-25] (Oracle Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\VIMAX\AppData\Roaming\Mozilla\Firefox\Profiles\rkpuka9c.default [2017-03-30] FF SelectedSearchEngine: Mozilla\Firefox\Profiles\rkpuka9c.default -> Amazon.com FF Homepage: Mozilla\Firefox\Profiles\rkpuka9c.default -> about:home FF Extension: (Bing Search) - C:\Users\VIMAX\AppData\Roaming\Mozilla\Firefox\Profiles\rkpuka9c.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-03-29] FF Extension: (Firebug) - C:\Users\VIMAX\AppData\Roaming\Mozilla\Firefox\Profiles\rkpuka9c.default\Extensions\firebug@software.joehewitt.com.xpi [2017-03-01] FF Extension: (Site Deployment Checker) - C:\Users\VIMAX\AppData\Roaming\Mozilla\Firefox\Profiles\rkpuka9c.default\features\{361cb3a0-81da-4dbe-b674-13ac052d6095}\deployment-checker@mozilla.org.xpi [2017-03-28] FF Extension: (Site Deployment Checker) - C:\Program Files\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-29] [not signed] FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2016-05-31] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] () FF Plugin: @alibaba.com/nptrademanager;version=1.0 -> C:\Program Files\TradeManager\nptrademanager.dll [No File] FF Plugin: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files\TradeManager\npwangwang.dll [No File] FF Plugin: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files\webrec\WEB30\DVR32\3.1.0.4\npmedia.dll [2014-04-15] () FF Plugin: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files\webrec\WEB30\DVR32\3.1.0.4\npTimeGrid.dll [2014-04-15] (Unauthorized copy) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-25] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-10-01] ( Garena) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4269030602-1347502330-2067200166-1000: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files\TradeManager\npAliSSOLogin.dll [No File] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-01-18] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nptrademanager.dll [2014-04-29] ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll [2014-04-29] ( ) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.bg/?gws_rd=ssl" CHR Profile: C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default [2017-03-30] CHR Extension: (Google Документи) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] CHR Extension: (Google Диск) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (YouTube) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28] CHR Extension: (Adblock Plus) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-27] CHR Extension: (Google Търсене) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16] CHR Extension: (Page Analytics (by Google)) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2016-06-18] CHR Extension: (Google Документи офлайн) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] CHR Extension: (Gmail) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03] CHR Extension: (Chrome Media Router) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed] R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (HP) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [227600 2011-01-05] () R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [641832 2011-09-23] (Nero AG) R2 PSI_SVC_2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc) R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed] S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7757040 2017-02-02] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2008-03-12] (Samsung Electronics Co., Ltd.) [File not signed] R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-04-21] (Disc Soft Ltd) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2015-07-14] (LogMeIn, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2017-03-30] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.) R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7435264 2011-01-04] (Intel Corporation) S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2015-03-23] (Duplex Secure Ltd.) R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2008-03-11] (Samsung Electronics) [File not signed] R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation) R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation) R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation) R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation) S3 XMLDIUSB; C:\Windows\System32\Drivers\XMLDIUSB.sys [33152 2010-01-29] (OEM) U3 a67s8v2d; C:\Windows\system32\Drivers\a67s8v2d.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) U3 abt3tvem; C:\Windows\system32\Drivers\abt3tvem.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) S3 catchme; \??\C:\Users\VIMAX\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X] S3 jatmlano; \??\C:\Users\VIMAX\AppData\Local\Temp\jatmlano.sys [X] <==== ATTENTION S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-30 15:15 - 2017-03-30 15:15 - 00000000 ____D C:\Users\VIMAX\AppData\Local\ESET 2017-03-30 15:14 - 2017-03-30 15:15 - 06752896 _____ (ESET spol. s r.o.) C:\Users\VIMAX\Downloads\esetonlinescanner_enu.exe 2017-03-30 15:11 - 2017-03-30 15:12 - 00039244 _____ C:\Users\VIMAX\Downloads\Addition.txt 2017-03-30 15:09 - 2017-03-30 16:30 - 00016085 _____ C:\Users\VIMAX\Downloads\FRST.txt 2017-03-30 15:09 - 2017-03-30 16:28 - 00000000 ____D C:\FRST 2017-03-30 15:08 - 2017-03-30 15:08 - 01766912 _____ (Farbar) C:\Users\VIMAX\Downloads\FRST.exe 2017-03-30 14:52 - 2017-03-30 16:26 - 00000000 ____D C:\AdwCleaner 2017-03-30 14:12 - 2017-03-30 14:12 - 04089296 _____ C:\Users\VIMAX\Downloads\adwcleaner_6.045.exe 2017-03-30 13:53 - 2017-03-30 16:01 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-03-30 13:53 - 2017-03-30 13:53 - 00001024 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2017-03-30 13:53 - 2017-03-30 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2017-03-30 13:53 - 2017-03-30 13:53 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-03-30 13:53 - 2017-03-30 13:53 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2017-03-30 13:53 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2017-03-30 13:53 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2017-03-30 13:53 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-03-30 13:52 - 2017-03-30 13:52 - 22908888 _____ (Malwarebytes ) C:\Users\VIMAX\Downloads\mbam-setup-2.2.0.1024.exe 2017-03-30 11:39 - 2017-03-30 11:38 - 00672342 _____ C:\Users\VIMAX\Desktop\29.03.2017.jpeg 2017-03-30 11:24 - 2017-03-30 11:24 - 00001372 _____ C:\Users\VIMAX\Desktop\TeamViewer - Shortcut.lnk 2017-03-30 11:21 - 2017-03-30 11:21 - 00014265 _____ C:\Users\VIMAX\Desktop\opala.txt 2017-03-30 11:11 - 2017-03-30 11:11 - 00014265 _____ C:\ComboFix.txt 2017-03-30 10:53 - 2017-03-30 11:11 - 00000000 ____D C:\Qoobox 2017-03-30 10:53 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe 2017-03-30 10:53 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe 2017-03-30 10:53 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2017-03-30 10:53 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2017-03-30 10:53 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2017-03-30 10:53 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe 2017-03-30 10:53 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe 2017-03-30 10:53 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe 2017-03-30 10:52 - 2017-03-30 11:10 - 00000000 ____D C:\Windows\erdnt 2017-03-30 10:52 - 2017-03-30 10:52 - 05660310 ____R (Swearware) C:\Users\VIMAX\Downloads\ComboFix.exe 2017-03-29 15:43 - 2017-03-29 15:43 - 00196096 _____ C:\Users\VIMAX\Desktop\Профилактики 2014г -01.06.2014г-31.12.2014г.xlsx 2017-03-29 15:39 - 2017-03-29 15:39 - 00000000 ___RD C:\Program Files\Skype 2017-03-29 15:39 - 2017-03-29 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2017-03-29 15:39 - 2017-03-29 15:39 - 00000000 ____D C:\Program Files\Common Files\Skype 2017-03-29 15:38 - 2015-07-18 16:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2017-03-29 15:36 - 2017-03-29 15:36 - 01631704 _____ (Skype Technologies S.A.) C:\Users\VIMAX\Downloads\SkypeSetup.exe 2017-03-29 14:14 - 2017-03-29 14:14 - 00945496 _____ (Google Inc.) C:\Users\VIMAX\Downloads\chrome.exe 2017-03-29 13:13 - 2017-03-29 13:48 - 00229376 _____ C:\Users\VIMAX\Desktop\Профилактики 2014г -01.01.2014г-31.05.2014г.xls 2017-03-29 09:07 - 2017-03-29 15:33 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-03-28 19:00 - 2017-03-28 18:59 - 00657522 _____ C:\Users\VIMAX\Desktop\28.03.2017.jpeg 2017-03-28 16:38 - 2017-03-28 16:38 - 01152155 _____ C:\Users\VIMAX\Desktop\Протоколи Баумакс 2.pdf 2017-03-23 19:56 - 2017-03-23 19:55 - 00668944 _____ C:\Users\VIMAX\Desktop\23.03.2017.jpeg 2017-03-21 19:58 - 2017-03-21 19:58 - 00684210 _____ C:\Users\VIMAX\Desktop\20.03 - 21.03.2017.jpeg 2017-03-16 19:55 - 2017-03-16 19:54 - 00666082 _____ C:\Users\VIMAX\Desktop\16.03.2017.jpeg 2017-03-16 11:20 - 2017-03-29 14:20 - 00303104 _____ C:\Users\VIMAX\Desktop\Копие на Копие на Профилактики 2014г -01.01.2014г-31.05.2014г-1.xls 2017-03-09 13:07 - 2017-03-09 13:05 - 00656663 _____ C:\Users\VIMAX\Desktop\DIPLOMAT.jpeg 2017-03-09 11:51 - 2017-03-09 11:51 - 00158720 _____ C:\Users\VIMAX\Desktop\Приход-разход(1).xls ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-30 16:26 - 2016-12-03 16:06 - 00000000 ____D C:\Users\VIMAX\AppData\LocalLow\Mozilla 2017-03-30 16:04 - 2009-07-14 07:34 - 00025936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-03-30 16:04 - 2009-07-14 07:34 - 00025936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-03-30 16:00 - 2014-04-22 09:12 - 00000000 ____D C:\Users\VIMAX\AppData\Roaming\Skype 2017-03-30 15:10 - 2010-11-21 00:01 - 00783728 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-30 15:10 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\inf 2017-03-30 15:07 - 2015-07-17 18:25 - 00000000 ____D C:\Users\VIMAX\AppData\Local\LogMeIn Hamachi 2017-03-30 15:04 - 2014-04-21 20:43 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job 2017-03-30 15:03 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-30 15:01 - 2014-04-24 09:16 - 00000000 ____D C:\Users\VIMAX\AppData\Roaming\TeamViewer 2017-03-30 14:47 - 2010-11-21 03:46 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents 2017-03-30 11:38 - 2014-05-20 13:19 - 00000000 ___RD C:\Users\VIMAX\Documents\Scanned Documents 2017-03-30 11:26 - 2014-04-22 10:02 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2017-03-30 11:25 - 2016-10-01 14:02 - 00000877 ____R C:\Users\Public\Desktop\TeamViewer 11.lnk 2017-03-30 11:22 - 2014-04-21 20:17 - 00001115 _____ C:\Users\VIMAX\Desktop\Foxit PDF Editor.lnk 2017-03-30 11:09 - 2009-07-14 05:04 - 00000215 _____ C:\Windows\system.ini 2017-03-30 11:05 - 2014-04-24 09:15 - 00000000 ____D C:\Program Files\TeamViewer 2017-03-29 15:39 - 2015-03-30 09:29 - 00002685 _____ C:\Users\Public\Desktop\Skype.lnk 2017-03-29 15:39 - 2014-04-22 09:12 - 00000000 ____D C:\ProgramData\Skype 2017-03-29 15:37 - 2015-01-09 16:39 - 00000000 ____D C:\ProgramData\Package Cache 2017-03-27 09:06 - 2014-05-27 11:31 - 00000000 ____D C:\Users\VIMAX\Documents\Файлове на Outlook 2017-03-17 14:39 - 2016-08-06 11:45 - 00000000 ____D C:\Users\VIMAX\Desktop\ADAX-AIRELEC 2017-03-16 11:07 - 2016-11-21 15:02 - 00000000 ____D C:\Users\VIMAX\Desktop\fakturi 2017-03-15 18:54 - 2014-04-22 10:05 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-03-15 18:54 - 2014-04-22 10:05 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-03-15 18:54 - 2014-04-21 20:12 - 00000000 ____D C:\Windows\system32\Macromed 2017-03-09 13:50 - 2016-08-01 15:43 - 00000000 ____D C:\Users\VIMAX\Desktop\04296-0003-0031 2017-03-06 17:36 - 2016-10-01 14:02 - 00000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk ==================== Files in the root of some directories ======= 2014-08-20 13:37 - 2015-08-26 12:22 - 0000132 _____ () C:\Users\VIMAX\AppData\Roaming\Adobe PNG Format CS6 Prefs 2014-09-24 10:02 - 2014-09-24 10:05 - 0000691 _____ () C:\Users\VIMAX\AppData\Roaming\buttrc 2015-10-31 19:15 - 2015-10-31 19:15 - 0045270 _____ () C:\Users\VIMAX\AppData\Roaming\room_v3.dat 2014-04-23 16:59 - 2014-04-23 16:59 - 0007642 _____ () C:\Users\VIMAX\AppData\Roaming\XeroxFaxOptions.xml 2014-04-22 09:25 - 2016-07-22 17:29 - 0001456 _____ () C:\Users\VIMAX\AppData\Local\Adobe Save for Web 13.0 Prefs 2016-07-11 09:07 - 2016-07-11 09:09 - 0000000 _____ () C:\Users\VIMAX\AppData\Local\{1A0FFCC2-E311-46EC-A25D-7795F122F815} ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-27 15:04 ==================== End of FRST.txt ============================ от combofix нямам файл combofix.txt, имам файл opala.txt Копирам съдържанието му: ComboFix 17-03-28.01 - VIMAX 03.2017 г. 10:56:29.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1033.18.3499.1380 [GMT 3:00] Running from: c:\users\VIMAX\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Uniblue\SpeedUpMyPC c:\program files\Uniblue\SpeedUpMyPC\assist_crew.ico c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-Bold.ttf c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-BoldItalic.ttf c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-ExtraBold.ttf c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-Italic.ttf c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-Light.ttf c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-LightItalic.ttf c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-Regular.ttf c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-Semibold.ttf c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-SemiboldItalic.ttf c:\program files\Uniblue\SpeedUpMyPC\icudt.dll c:\program files\Uniblue\SpeedUpMyPC\InstallerExtensions.dll c:\program files\Uniblue\SpeedUpMyPC\libcef.dll c:\program files\Uniblue\SpeedUpMyPC\library.dat c:\program files\Uniblue\SpeedUpMyPC\locale\da\LC_MESSAGES\messages.mo c:\program files\Uniblue\SpeedUpMyPC\locale\de\LC_MESSAGES\messages.mo c:\program files\Uniblue\SpeedUpMyPC\locale\en\LC_MESSAGES\messages.mo c:\program files\Uniblue\SpeedUpMyPC\locale\es\LC_MESSAGES\messages.mo c:\program files\Uniblue\SpeedUpMyPC\locale\fi\LC_MESSAGES\messages.mo c:\program files\Uniblue\SpeedUpMyPC\locale\fr\LC_MESSAGES\messages.mo c:\program files\Uniblue\SpeedUpMyPC\locale\it\LC_MESSAGES\messages.mo c:\program files\Uniblue\SpeedUpMyPC\locale\ja\LC_MESSAGES\messages.mo c:\program files\Uniblue\SpeedUpMyPC\locale\nl\LC_MESSAGES\messages.mo c:\program files\Uniblue\SpeedUpMyPC\locale\no\LC_MESSAGES\messages.mo c:\program files\Uniblue\SpeedUpMyPC\locale\pt_BR\LC_MESSAGES\messages.mo c:\program files\Uniblue\SpeedUpMyPC\locale\ru\LC_MESSAGES\messages.mo c:\program files\Uniblue\SpeedUpMyPC\locale\sv\LC_MESSAGES\messages.mo c:\program files\Uniblue\SpeedUpMyPC\locales\en-US.pak c:\program files\Uniblue\SpeedUpMyPC\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest c:\program files\Uniblue\SpeedUpMyPC\Microsoft.VC90.CRT\msvcp90.dll c:\program files\Uniblue\SpeedUpMyPC\Microsoft.VC90.CRT\msvcr90.dll c:\program files\Uniblue\SpeedUpMyPC\resources.dat c:\program files\Uniblue\SpeedUpMyPC\speedupmypc.exe c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\cefpython.txt c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\cython.txt c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\jquery.txt c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\knockoutjs.txt c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\knockoutmappingjs.txt c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\opensans-font.txt c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\protobuf.txt c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\py2exe.txt c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\python-changes.txt c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\python.txt c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\pywin32.txt c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\qtip2.txt c:\program files\Uniblue\SpeedUpMyPC\thirdpartyinstaller.exe c:\program files\Uniblue\SpeedUpMyPC\unins000.dat c:\program files\Uniblue\SpeedUpMyPC\unins000.exe c:\program files\Uniblue\SpeedUpMyPC\unins000.msg c:\program files\webplugin.exe c:\program files\webplugin.exe\unins000.dat c:\program files\webplugin.exe\unins000.exe . . ((((((((((((((((((((((((( Files Created from 2017-02-28 to 2017-03-30 ))))))))))))))))))))))))))))))) . . 2017-03-30 08:05 . 2017-03-30 08:05 -------- d-----w- c:\users\Guest\AppData\Local\temp 2017-03-30 08:05 . 2017-03-30 08:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-03-29 12:39 . 2017-03-29 12:39 -------- d-----w- c:\program files\Common Files\Skype 2017-03-29 12:39 . 2017-03-29 12:39 -------- d-----r- c:\program files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-03-15 15:54 . 2014-04-22 07:05 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2017-03-15 15:54 . 2014-04-22 07:05 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2014-04-21 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2016-11-30 14:59 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2016-11-30 14:59 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2016-11-30 14:59 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2016-03-07 35910688] "BingSvc"="c:\users\VIMAX\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2015-11-04 144008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-21 143640] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-21 177432] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-21 176408] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1210640] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2016-07-20 5565960] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2016-12-19 20:38 1160408 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2012-04-04 03:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager] 2012-03-09 13:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2012-01-05 15:42 75624 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 11:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2014-03-04 09:19 3696912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ELBERT_XRX_S2P] 2010-01-15 01:06 253952 ----a-w- c:\program files\Xerox\Xerox Phaser 3300MFP\PSU\Scan2pc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTrackingLEDM] 2009-10-15 15:43 30264 ----a-w- c:\program files\HP\HP UT LEDM\bin\hppusg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui] 2016-07-20 09:09 5565960 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe] 2016-03-07 21:34 35910688 ----a-w- c:\program files\ooVoo\ooVoo.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2017-03-14 05:24 27545048 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2015-04-30 10:45 334896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 10:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2016-08-17 03:40 1972224 ----a-w- c:\users\VIMAX\AppData\Roaming\uTorrent\uTorrent.exe . R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624] R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2009-10-15 136192] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2017-02-27 317400] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-04-26 108032] R3 jatmlano;jatmlano;c:\users\VIMAX\AppData\Local\Temp\jatmlano.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 227600] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-03-01 36600] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-04-21 1343400] R3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\Drivers\XMLDIUSB.sys [2010-01-29 33152] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-04-21 243128] S2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2012-07-25 247712] S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2012-11-08 100232] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-03-10 5120] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 269824] S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-01-04 7435264] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2017-02-08 07:00 1368920 ----a-w- c:\program files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2017-01-17 23:07 323152 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll . Contents of the 'Scheduled Tasks' folder . 2017-03-29 c:\windows\Tasks\AutoKMS.job - c:\windows\AutoKMS\AutoKMS.exe [2014-04-21 17:43] . . ------- Supplementary Scan ------- . IE: &Експортиране към Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 Trusted Zone: alipay.com Trusted Zone: alisoft.com Trusted Zone: taobao.com FF - ProfilePath - c:\users\VIMAX\AppData\Roaming\Mozilla\Firefox\Profiles\rkpuka9c.default\ FF - prefs.js: browser.search.selectedEngine - Amazon.com FF - prefs.js: browser.startup.homepage - about:home . - - - - ORPHANS REMOVED - - - - . HKCU-Run-AdobeBridge - (no file) MSConfigStartUp-Viber - c:\users\VIMAX\AppData\Local\Viber\Viber.exe AddRemove-{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 - c:\program files\Uniblue\SpeedUpMyPC\unins000.exe AddRemove-{ED02ABD7-1049-4984-A35A-26ABEC69E2E0}_is1 - c:\program files\webplugin.exe\unins000.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2017-03-30 11:11:51 ComboFix-quarantined-files.txt 2017-03-30 08:11 . Pre-Run: 8 533 352 448 bytes free Post-Run: 9 542 025 216 bytes free . - - End Of File - - 01CF99C17175C58AA31BDA51E93C5908 A36C5E4F47E84449FF07ED3517B43A31
  14. Заразен е вероятно от файл, получен в пощата. Направил е мазало с целия десктоп- предимно преки пътища, водещи до мозила. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017 Ran by VIMAX (administrator) on VIMAX1-PC (30-03-2017 16:28:29) Running from C:\Users\VIMAX\Downloads Loaded Profiles: VIMAX (Available Profiles: VIMAX & Guest) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe () C:\Program Files\Garena Plus\ggdllhost.exe (HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe (HP) C:\Windows\System32\HPSIsvc.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (ooVoo LLC) C:\Program Files\ooVoo\ooVoo.exe (© 2015 Microsoft Corporation) C:\Users\VIMAX\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Nero AG) C:\Program Files\Nero\Update\NASvc.exe (ESET spol. s r.o.) C:\Users\VIMAX\Downloads\esetonlinescanner_enu.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies) C:\Program Files\Skype\Browser\SkypeBrowserHost.exe (Skype Technologies) C:\Program Files\Skype\Browser\SkypeBrowserHost.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2011-01-05] (Intel(R) Corporation) HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.) HKU\S-1-5-21-4269030602-1347502330-2067200166-1000\...\Run: [ooVoo.exe] => C:\Program Files\ooVoo\oovoo.exe [35910688 2016-03-08] (ooVoo LLC) HKU\S-1-5-21-4269030602-1347502330-2067200166-1000\...\Run: [BingSvc] => C:\Users\VIMAX\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{3E7D207B-9C46-41E3-B86D-5775BC74FBA0}: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{B42DD882-E926-4D9B-8E7B-0DB9DBD4FB58}: [DhcpNameServer] 89.190.192.247 89.190.192.248 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-4269030602-1347502330-2067200166-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4269030602-1347502330-2067200166-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-25] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-25] (Oracle Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\VIMAX\AppData\Roaming\Mozilla\Firefox\Profiles\rkpuka9c.default [2017-03-30] FF SelectedSearchEngine: Mozilla\Firefox\Profiles\rkpuka9c.default -> Amazon.com FF Homepage: Mozilla\Firefox\Profiles\rkpuka9c.default -> about:home FF Extension: (Bing Search) - C:\Users\VIMAX\AppData\Roaming\Mozilla\Firefox\Profiles\rkpuka9c.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-03-29] FF Extension: (Firebug) - C:\Users\VIMAX\AppData\Roaming\Mozilla\Firefox\Profiles\rkpuka9c.default\Extensions\firebug@software.joehewitt.com.xpi [2017-03-01] FF Extension: (Site Deployment Checker) - C:\Users\VIMAX\AppData\Roaming\Mozilla\Firefox\Profiles\rkpuka9c.default\features\{361cb3a0-81da-4dbe-b674-13ac052d6095}\deployment-checker@mozilla.org.xpi [2017-03-28] FF Extension: (Site Deployment Checker) - C:\Program Files\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-29] [not signed] FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2016-05-31] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] () FF Plugin: @alibaba.com/nptrademanager;version=1.0 -> C:\Program Files\TradeManager\nptrademanager.dll [No File] FF Plugin: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files\TradeManager\npwangwang.dll [No File] FF Plugin: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files\webrec\WEB30\DVR32\3.1.0.4\npmedia.dll [2014-04-15] () FF Plugin: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files\webrec\WEB30\DVR32\3.1.0.4\npTimeGrid.dll [2014-04-15] (Unauthorized copy) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-25] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-10-01] ( Garena) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4269030602-1347502330-2067200166-1000: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files\TradeManager\npAliSSOLogin.dll [No File] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2017-01-18] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nptrademanager.dll [2014-04-29] ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwangwang.dll [2014-04-29] ( ) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.bg/?gws_rd=ssl" CHR Profile: C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default [2017-03-30] CHR Extension: (Google Документи) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] CHR Extension: (Google Диск) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (YouTube) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28] CHR Extension: (Adblock Plus) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-27] CHR Extension: (Google Търсене) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16] CHR Extension: (Page Analytics (by Google)) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2016-06-18] CHR Extension: (Google Документи офлайн) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] CHR Extension: (Gmail) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03] CHR Extension: (Chrome Media Router) - C:\Users\VIMAX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed] R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (HP) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [227600 2011-01-05] () R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [641832 2011-09-23] (Nero AG) R2 PSI_SVC_2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc) R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed] S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7757040 2017-02-02] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2008-03-12] (Samsung Electronics Co., Ltd.) [File not signed] R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-04-21] (Disc Soft Ltd) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2015-07-14] (LogMeIn, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2017-03-30] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.) R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7435264 2011-01-04] (Intel Corporation) S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2015-03-23] (Duplex Secure Ltd.) R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2008-03-11] (Samsung Electronics) [File not signed] R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation) R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation) R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation) R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation) S3 XMLDIUSB; C:\Windows\System32\Drivers\XMLDIUSB.sys [33152 2010-01-29] (OEM) U3 a67s8v2d; C:\Windows\system32\Drivers\a67s8v2d.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) U3 abt3tvem; C:\Windows\system32\Drivers\abt3tvem.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) S3 catchme; \??\C:\Users\VIMAX\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X] S3 jatmlano; \??\C:\Users\VIMAX\AppData\Local\Temp\jatmlano.sys [X] <==== ATTENTION S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-30 15:15 - 2017-03-30 15:15 - 00000000 ____D C:\Users\VIMAX\AppData\Local\ESET 2017-03-30 15:14 - 2017-03-30 15:15 - 06752896 _____ (ESET spol. s r.o.) C:\Users\VIMAX\Downloads\esetonlinescanner_enu.exe 2017-03-30 15:11 - 2017-03-30 15:12 - 00039244 _____ C:\Users\VIMAX\Downloads\Addition.txt 2017-03-30 15:09 - 2017-03-30 16:30 - 00016085 _____ C:\Users\VIMAX\Downloads\FRST.txt 2017-03-30 15:09 - 2017-03-30 16:28 - 00000000 ____D C:\FRST 2017-03-30 15:08 - 2017-03-30 15:08 - 01766912 _____ (Farbar) C:\Users\VIMAX\Downloads\FRST.exe 2017-03-30 14:52 - 2017-03-30 16:26 - 00000000 ____D C:\AdwCleaner 2017-03-30 14:12 - 2017-03-30 14:12 - 04089296 _____ C:\Users\VIMAX\Downloads\adwcleaner_6.045.exe 2017-03-30 13:53 - 2017-03-30 16:01 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-03-30 13:53 - 2017-03-30 13:53 - 00001024 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2017-03-30 13:53 - 2017-03-30 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2017-03-30 13:53 - 2017-03-30 13:53 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-03-30 13:53 - 2017-03-30 13:53 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2017-03-30 13:53 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2017-03-30 13:53 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2017-03-30 13:53 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-03-30 13:52 - 2017-03-30 13:52 - 22908888 _____ (Malwarebytes ) C:\Users\VIMAX\Downloads\mbam-setup-2.2.0.1024.exe 2017-03-30 11:39 - 2017-03-30 11:38 - 00672342 _____ C:\Users\VIMAX\Desktop\29.03.2017.jpeg 2017-03-30 11:24 - 2017-03-30 11:24 - 00001372 _____ C:\Users\VIMAX\Desktop\TeamViewer - Shortcut.lnk 2017-03-30 11:21 - 2017-03-30 11:21 - 00014265 _____ C:\Users\VIMAX\Desktop\opala.txt 2017-03-30 11:11 - 2017-03-30 11:11 - 00014265 _____ C:\ComboFix.txt 2017-03-30 10:53 - 2017-03-30 11:11 - 00000000 ____D C:\Qoobox 2017-03-30 10:53 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe 2017-03-30 10:53 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe 2017-03-30 10:53 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2017-03-30 10:53 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2017-03-30 10:53 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2017-03-30 10:53 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe 2017-03-30 10:53 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe 2017-03-30 10:53 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe 2017-03-30 10:52 - 2017-03-30 11:10 - 00000000 ____D C:\Windows\erdnt 2017-03-30 10:52 - 2017-03-30 10:52 - 05660310 ____R (Swearware) C:\Users\VIMAX\Downloads\ComboFix.exe 2017-03-29 15:43 - 2017-03-29 15:43 - 00196096 _____ C:\Users\VIMAX\Desktop\Профилактики 2014г -01.06.2014г-31.12.2014г.xlsx 2017-03-29 15:39 - 2017-03-29 15:39 - 00000000 ___RD C:\Program Files\Skype 2017-03-29 15:39 - 2017-03-29 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2017-03-29 15:39 - 2017-03-29 15:39 - 00000000 ____D C:\Program Files\Common Files\Skype 2017-03-29 15:38 - 2015-07-18 16:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2017-03-29 15:38 - 2015-07-18 16:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2017-03-29 15:36 - 2017-03-29 15:36 - 01631704 _____ (Skype Technologies S.A.) C:\Users\VIMAX\Downloads\SkypeSetup.exe 2017-03-29 14:14 - 2017-03-29 14:14 - 00945496 _____ (Google Inc.) C:\Users\VIMAX\Downloads\chrome.exe 2017-03-29 13:13 - 2017-03-29 13:48 - 00229376 _____ C:\Users\VIMAX\Desktop\Профилактики 2014г -01.01.2014г-31.05.2014г.xls 2017-03-29 09:07 - 2017-03-29 15:33 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-03-28 19:00 - 2017-03-28 18:59 - 00657522 _____ C:\Users\VIMAX\Desktop\28.03.2017.jpeg 2017-03-28 16:38 - 2017-03-28 16:38 - 01152155 _____ C:\Users\VIMAX\Desktop\Протоколи Баумакс 2.pdf 2017-03-23 19:56 - 2017-03-23 19:55 - 00668944 _____ C:\Users\VIMAX\Desktop\23.03.2017.jpeg 2017-03-21 19:58 - 2017-03-21 19:58 - 00684210 _____ C:\Users\VIMAX\Desktop\20.03 - 21.03.2017.jpeg 2017-03-16 19:55 - 2017-03-16 19:54 - 00666082 _____ C:\Users\VIMAX\Desktop\16.03.2017.jpeg 2017-03-16 11:20 - 2017-03-29 14:20 - 00303104 _____ C:\Users\VIMAX\Desktop\Копие на Копие на Профилактики 2014г -01.01.2014г-31.05.2014г-1.xls 2017-03-09 13:07 - 2017-03-09 13:05 - 00656663 _____ C:\Users\VIMAX\Desktop\DIPLOMAT.jpeg 2017-03-09 11:51 - 2017-03-09 11:51 - 00158720 _____ C:\Users\VIMAX\Desktop\Приход-разход(1).xls ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-30 16:26 - 2016-12-03 16:06 - 00000000 ____D C:\Users\VIMAX\AppData\LocalLow\Mozilla 2017-03-30 16:04 - 2009-07-14 07:34 - 00025936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-03-30 16:04 - 2009-07-14 07:34 - 00025936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-03-30 16:00 - 2014-04-22 09:12 - 00000000 ____D C:\Users\VIMAX\AppData\Roaming\Skype 2017-03-30 15:10 - 2010-11-21 00:01 - 00783728 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-30 15:10 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\inf 2017-03-30 15:07 - 2015-07-17 18:25 - 00000000 ____D C:\Users\VIMAX\AppData\Local\LogMeIn Hamachi 2017-03-30 15:04 - 2014-04-21 20:43 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job 2017-03-30 15:03 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-30 15:01 - 2014-04-24 09:16 - 00000000 ____D C:\Users\VIMAX\AppData\Roaming\TeamViewer 2017-03-30 14:47 - 2010-11-21 03:46 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents 2017-03-30 11:38 - 2014-05-20 13:19 - 00000000 ___RD C:\Users\VIMAX\Documents\Scanned Documents 2017-03-30 11:26 - 2014-04-22 10:02 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2017-03-30 11:25 - 2016-10-01 14:02 - 00000877 ____R C:\Users\Public\Desktop\TeamViewer 11.lnk 2017-03-30 11:22 - 2014-04-21 20:17 - 00001115 _____ C:\Users\VIMAX\Desktop\Foxit PDF Editor.lnk 2017-03-30 11:09 - 2009-07-14 05:04 - 00000215 _____ C:\Windows\system.ini 2017-03-30 11:05 - 2014-04-24 09:15 - 00000000 ____D C:\Program Files\TeamViewer 2017-03-29 15:39 - 2015-03-30 09:29 - 00002685 _____ C:\Users\Public\Desktop\Skype.lnk 2017-03-29 15:39 - 2014-04-22 09:12 - 00000000 ____D C:\ProgramData\Skype 2017-03-29 15:37 - 2015-01-09 16:39 - 00000000 ____D C:\ProgramData\Package Cache 2017-03-27 09:06 - 2014-05-27 11:31 - 00000000 ____D C:\Users\VIMAX\Documents\Файлове на Outlook 2017-03-17 14:39 - 2016-08-06 11:45 - 00000000 ____D C:\Users\VIMAX\Desktop\ADAX-AIRELEC 2017-03-16 11:07 - 2016-11-21 15:02 - 00000000 ____D C:\Users\VIMAX\Desktop\fakturi 2017-03-15 18:54 - 2014-04-22 10:05 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-03-15 18:54 - 2014-04-22 10:05 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-03-15 18:54 - 2014-04-21 20:12 - 00000000 ____D C:\Windows\system32\Macromed 2017-03-09 13:50 - 2016-08-01 15:43 - 00000000 ____D C:\Users\VIMAX\Desktop\04296-0003-0031 2017-03-06 17:36 - 2016-10-01 14:02 - 00000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk ==================== Files in the root of some directories ======= 2014-08-20 13:37 - 2015-08-26 12:22 - 0000132 _____ () C:\Users\VIMAX\AppData\Roaming\Adobe PNG Format CS6 Prefs 2014-09-24 10:02 - 2014-09-24 10:05 - 0000691 _____ () C:\Users\VIMAX\AppData\Roaming\buttrc 2015-10-31 19:15 - 2015-10-31 19:15 - 0045270 _____ () C:\Users\VIMAX\AppData\Roaming\room_v3.dat 2014-04-23 16:59 - 2014-04-23 16:59 - 0007642 _____ () C:\Users\VIMAX\AppData\Roaming\XeroxFaxOptions.xml 2014-04-22 09:25 - 2016-07-22 17:29 - 0001456 _____ () C:\Users\VIMAX\AppData\Local\Adobe Save for Web 13.0 Prefs 2016-07-11 09:07 - 2016-07-11 09:09 - 0000000 _____ () C:\Users\VIMAX\AppData\Local\{1A0FFCC2-E311-46EC-A25D-7795F122F815} ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-27 15:04 ==================== End of FRST.txt ============================
  15. Отказах се, за да руутна телефона трябва да отключа буутлоудъра, а така гаранцията падда, а телефона няма година. По принцип всички снимки ми се качват във flickr но вчера ми изгоря рутера. Лош късмет
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.