Премини към съдържанието

njimko

Потребител
  • Публикации

    7
  • Регистрация

  • Последно онлайн

Харесвания

4 Неутрална репутация

Всичко за njimko

  • Титла
    Новобранец
  1. Почистването беше успешно.Днес отново сканирах с Malwarebytes цялостно и не бяха намерени вируси и в Network traffic съще не виждам нищо необичайно. Още веднъж Ви благодаря за отзивчивостта и помощта.
  2. Благодаря за бързата реакция и помощта.
  3. SystemLook 30.07.11 by jpshortstuff Log created at 21:54 on 06/06/2013 by Niki Administrator - Elevation successful ========== filefind ========== Searching for "xeisfjy" No files found. Searching for "tjender" No files found. Searching for "upd7bc" No files found. -= EOF =- Ако съдя по това,дори и да е имало нещо сега го няма ?
  4. Да,с KIS 2013 и не бяха намери вируси. Това, което ме притеснява, са загредените със синьо неща.
  5. Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-06-2013 01 Ran by Niki at 2013-06-06 21:05:11 Run: Running from C:UsersNikiDownloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= µTorrent (Version: 3.3.0.29625) ABBYY FineReader 11 Corporate Edition (Version: 11.11.141) ACDSee Pro 6 (Version: 6.0.169) Adobe Flash Player 11 Plugin (Version: 11.7.700.169) Adobe Reader XI (11.0.03) (Version: 11.0.03) Advanced SystemCare 6 (Version: 6.1) AMD Accelerated Video Transcoding (Version: 12.5.100.21219) AMD APP SDK Runtime (Version: 10.0.1084.4) AMD Catalyst Install Manager (Version: 8.0.903.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Fuel (Version: 2012.1219.1521.27485) AMD Media Foundation Decoders (Version: 1.0.71219.1540) AMD VISION Engine Control Center (Version: 2012.1219.1521.27485) CameraHelperMsi (Version: 13.31.1038.0) Camtasia Studio 8 (Version: 8.0.4.1060) Canon IJ Network Tool Canon MP Navigator EX 4.0 Canon MP495 series MP Drivers Canon MP495 series User Registration Canon My Printer Canon Solution Menu EX Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485) Catalyst Control Center InstallProxy (Version: 2012.1219.1521.27485) Catalyst Control Center Localization All (Version: 2012.1219.1521.27485) CCC Help Chinese Standard (Version: 2012.1219.1520.27485) CCC Help Chinese Traditional (Version: 2012.1219.1520.27485) CCC Help Czech (Version: 2012.1219.1520.27485) CCC Help Danish (Version: 2012.1219.1520.27485) CCC Help Dutch (Version: 2012.1219.1520.27485) CCC Help English (Version: 2012.1219.1520.27485) CCC Help Finnish (Version: 2012.1219.1520.27485) CCC Help French (Version: 2012.1219.1520.27485) CCC Help German (Version: 2012.1219.1520.27485) CCC Help Greek (Version: 2012.1219.1520.27485) CCC Help Hungarian (Version: 2012.1219.1520.27485) CCC Help Italian (Version: 2012.1219.1520.27485) CCC Help Japanese (Version: 2012.1219.1520.27485) CCC Help Korean (Version: 2012.1219.1520.27485) CCC Help Norwegian (Version: 2012.1219.1520.27485) CCC Help Polish (Version: 2012.1219.1520.27485) CCC Help Portuguese (Version: 2012.1219.1520.27485) CCC Help Russian (Version: 2012.1219.1520.27485) CCC Help Spanish (Version: 2012.1219.1520.27485) CCC Help Swedish (Version: 2012.1219.1520.27485) CCC Help Thai (Version: 2012.1219.1520.27485) CCC Help Turkish (Version: 2012.1219.1520.27485) ccc-utility (Version: 2012.1219.1521.27485) Counter-Strike 1.6: New Era DAEMON Tools Lite (Version: 4.47.1.0333) erLT (Version: 1.20.138.34) Google Chrome (Version: 27.0.1453.94) Google Update Helper (Version: 1.3.21.145) Kaspersky Internet Security 2013 (Version: 13.0.1.4190) Logitech Vid HD (Version: 7.2 (7248)) Logitech Webcam Software (Version: 2.0) Longman Dictionary of Contemporary English 5th Edition LWS Facebook (Version: 13.31.1038.0) LWS Gallery (Version: 13.31.1038.0) LWS Help_main (Version: 13.31.1044.0) LWS Launcher (Version: 13.31.1038.0) LWS Motion Detection (Version: 13.30.1395.0) LWS Pictures And Video (Version: 13.31.1038.0) LWS Twitter (Version: 13.30.1346.0) LWS Video Mask Maker (Version: 13.30.1379.0) LWS VideoEffects (Version: 13.30.1379.0) LWS Webcam Software (Version: 13.31.1038.0) LWS WLM Plugin (Version: 1.30.1201.0) LWS YouTube Plugin (Version: 13.31.1038.0) Malwarebytes Anti-Malware, версия 1.75.0.1300 (Version: 1.75.0.1300) Microinvest Invoice Pro (Version: 1.02.020) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Office Access MUI (Bulgarian) 2007 (Version: 12.0.4518.1042) Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014) Microsoft Office Excel MUI (Bulgarian) 2007 (Version: 12.0.4518.1042) Microsoft Office Groove MUI (Bulgarian) 2007 (Version: 12.0.4518.1042) Microsoft Office InfoPath MUI (Bulgarian) 2007 (Version: 12.0.4518.1042) Microsoft Office OneNote MUI (Bulgarian) 2007 (Version: 12.0.4518.1042) Microsoft Office Outlook MUI (Bulgarian) 2007 (Version: 12.0.4518.1042) Microsoft Office PowerPoint MUI (Bulgarian) 2007 (Version: 12.0.4518.1042) Microsoft Office Proof (Bulgarian) 2007 (Version: 12.0.4518.1042) Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proof (Russian) 2007 (Version: 12.0.4518.1024) Microsoft Office Proofing (Bulgarian) 2007 (Version: 12.0.4518.1042) Microsoft Office Publisher MUI (Bulgarian) 2007 (Version: 12.0.4518.1042) Microsoft Office Shared MUI (Bulgarian) 2007 (Version: 12.0.4518.1042) Microsoft Office Word MUI (Bulgarian) 2007 (Version: 12.0.4518.1042) Microsoft SQL Server 2008 R2 Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0) Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0) Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.51.2500.0) Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0) Microsoft SQL Server Browser (Version: 10.51.2500.0) Microsoft SQL Server Native Client (Version: 9.00.1399.06) Microsoft SQL Server VSS Writer (Version: 10.51.2500.0) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1) Mozilla Firefox 21.0 (x86 bg) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MSVC80_x86_v2 (Version: 1.0.3.0) MSVC90_x86 (Version: 1.0.1.2) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Nero 7 Premium (Version: 7.03.1357) neroxml (Version: 1.0.0) Nokia Connectivity Cable Driver (Version: 7.1.172.0) Nokia Suite (Version: 3.8.30.0) novaPDF Professional Desktop 7.7 printer PC Connectivity Solution (Version: 12.0.109.0) QUICKfind server v1.1 Realtek HDMI Audio Driver for ATI (Version: 6.0.1.6650) Realtek PCI Fast Ethernet Controller Driver For Vista and Win7 (Version: 1.00.0005) SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (Version: 13.0.1.220) Service Pack 1 for SQL Server 2008 R2 (KB2528583) (Version: 10.51.2500.0) Skype™ 6.3 (Version: 6.3.105) SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0) SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0) SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0) Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1) StoreHouse LITE 2.6.12.22 Subtitle Workshop 2.51 The KMPlayer (remove only) (Version: 3.6.0.87) Trojan Killer (Version: 2.1.5.4) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0) WinRAR 4.20 (32-битова версия) (Version: 4.20.0) ==================== Restore Points ========================= 29-05-2013 06:05:13 Windows Update 01-06-2013 06:41:39 Windows Update 05-06-2013 05:47:35 Windows Update ==================== Faulty Device Manager Devices ============= Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: ATE_PROCMON Description: ATE_PROCMON Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ATE_PROCMON Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (06/06/2013 08:29:11 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/06/2013 00:59:40 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY) Description: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (06/06/2013 00:59:40 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY) Description: Unable to read the performance counter strings defined for the 002 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (06/06/2013 00:14:35 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/06/2013 00:09:08 PM) (Source: Application Error) (User: ) Description: Име на приложение с грешки: TJEnder.exe, версия: 1.1.8.530, времево клеймо: 0x00000000 Име на модул с грешки: MSVCRTD.dll, версия: 6.0.8168.0, времево клеймо: 0x3587eddb Код на изключение: 0x80000003 Отместване на грешка: 0x00012378 ИД на процес на грешка: 0x1008 Начален час на приложението с грешки: 0xTJEnder.exe0 Път на приложението с грешки: TJEnder.exe1 Път на модула с грешки: TJEnder.exe2 ИД на доклад: TJEnder.exe3 Error: (06/06/2013 10:47:55 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/06/2013 09:06:25 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/06/2013 08:50:11 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/05/2013 11:14:54 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/05/2013 10:00:57 AM) (Source: Microsoft-Windows-Defrag) (User: ) Description: Томът Локален диск (D:) не е дефрагментиран, тъй като възникна грешка: Програмата за дефрагментиране на диска не може да продължи, тъй като главната таблица на файловете на файловата система е прекалено фрагментирана. (0x89000023) System errors: ============= Error: (06/06/2013 08:27:21 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY) Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. Error: (06/06/2013 08:27:28 PM) (Source: EventLog) (User: ) Description: The previous system shutdown at 20:26:43 ч. on ?6.?6.?2013 ?г. was unexpected. Error: (06/06/2013 08:20:57 PM) (Source: Service Control Manager) (User: ) Description: Услуга PEVSystemStart е маркирана като интерактивна услуга. Обаче системата е конфигурирана да не допуска интерактивни услуги. Тази услуга може да не функционира правилно. Error: (06/06/2013 08:18:52 PM) (Source: Service Control Manager) (User: ) Description: Услуга PEVSystemStart е маркирана като интерактивна услуга. Обаче системата е конфигурирана да не допуска интерактивни услуги. Тази услуга може да не функционира правилно. Error: (06/06/2013 00:57:14 PM) (Source: Disk) (User: ) Description: The driver detected a controller error on DeviceHarddisk1DR1. Error: (06/06/2013 00:57:14 PM) (Source: Disk) (User: ) Description: The driver detected a controller error on DeviceHarddisk1DR1. Error: (06/06/2013 00:57:13 PM) (Source: Disk) (User: ) Description: The driver detected a controller error on DeviceHarddisk1DR1. Error: (06/06/2013 00:57:13 PM) (Source: Disk) (User: ) Description: The driver detected a controller error on DeviceHarddisk1DR1. Error: (06/06/2013 00:12:43 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY) Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. Error: (06/06/2013 09:10:16 AM) (Source: Service Control Manager) (User: ) Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Windows Error Reporting Service да се свърже. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-06-06 18:40:41.717 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-06 18:40:41.717 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-06 18:40:41.717 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-06 18:40:41.702 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-06 18:40:41.702 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-06 18:40:41.702 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-06 18:40:41.702 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-06 18:40:41.702 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-06 18:40:41.686 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-06 18:40:41.608 Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1Program FilesKaspersky LabKaspersky Internet Security 2013KLELAMX86klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 43% Total physical RAM: 2047.3 MB Available physical RAM: 1166.35 MB Total Pagefile: 4094.61 MB Available Pagefile: 2782.79 MB Total Virtual: 2047.88 MB Available Virtual: 1890.41 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:234.9 GB) (Free:78.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Локален диск) (Fixed) (Total:137.71 GB) (Free:43.49 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 373 GB) (Disk ID: F9A3F9A3) Partition 1: (Active) - (Size=235 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=138 GB) - (Type=OF Extended) ==================== End Of Log ============================ ____________________________________________________________________________ Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2013 01 Ran by Niki (administrator) on 06-06-2013 21:04:25 Running from C:UsersNikiDownloads Windows 7 Ultimate Service Pack 1 (X86) OS Language: Bulgarian Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (IObit) C:Program FilesIObitAdvanced SystemCare 6ASCService.exe (AMD) C:Windowssystem32atiesrxx.exe (Logitech Inc.) C:Program FilesCommon FileslogishrdLVMVFMUMVPFSrv.exe (AMD) C:Windowssystem32atieclxx.exe (ABBYY) C:Program FilesCommon FilesABBYYFineReader11.00LicensingCENetworkLicenseServer.exe (Advanced Micro Devices, Inc.) C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe (Kaspersky Lab ZAO) C:Program FilesKaspersky LabKaspersky Internet Security 2013avp.exe (Malwarebytes Corporation) C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe (Malwarebytes Corporation) C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe (Microsoft Corporation) c:Program FilesMicrosoft SQL ServerMSSQL10_50.MSSQLSERVERMSSQLBinnsqlservr.exe (Prolific Technology Inc.) C:Windowssystem32IoctlSvc.exe (Microsoft Corporation) c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe (Kaspersky Lab ZAO) C:Program FilesKaspersky LabKaspersky Internet Security 2013avp.exe (Skype Technologies S.A.) C:Program FilesSkypePhoneSkype.exe ==================== Registry (Whitelisted) ================== HKLM...Run: [AVP] "C:Program FilesKaspersky LabKaspersky Internet Security 2013avp.exe" [356376 2013-03-06] (Kaspersky Lab ZAO) HKCU...Run: [skype] "C:Program FilesSkypePhoneSkype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.) ==================== Internet (Whitelisted) ==================== HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:Program FilesKaspersky LabKaspersky Internet Security 2013IEExtContentBlockerie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:Program FilesKaspersky LabKaspersky Internet Security 2013IEExtVirtualKeyboardie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:Program FilesKaspersky LabKaspersky Internet Security 2013IEExtOnlineBankingonline_banking_bho.dll (Kaspersky Lab ZAO) BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:PROGRA~1IObitADVANC~1BROWER~1ASCPLU~1.DLL (IObit) BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:PROGRA~1IDMQUICKF~1PlugInsIEHelp.dll (IDM) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:Program FilesKaspersky LabKaspersky Internet Security 2013IEExtUrlAdvisorklwtbbho.dll (Kaspersky Lab ZAO) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL (Skype Technologies) TcpipParameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:UsersNikiAppDataRoamingMozillaFirefoxProfilesdbx418fs.default FF Homepage: www.google.bg FF Plugin: @adobe.com/FlashPlayer - C:Windowssystem32MacromedFlashNPSWF32_11_7_700_169.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @nokia.com/EnablerPlugin - C:Program FilesNokiaNokia SuitenpNokiaSuiteEnabler.dll ( ) FF Plugin: @tools.google.com/Google Update;version=3 - C:Program FilesGoogleUpdate1.3.21.145npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:Program FilesGoogleUpdate1.3.21.145npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:Program FilesAdobeReader 11.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) FF Extension: Advanced SystemCare Surfing Protection - C:UsersNikiAppDataRoamingMozillaFirefoxProfilesdbx418fs.defaultExtensionsascsurfingprotection@iobit.com FF Extension: abvnotifier - C:UsersNikiAppDataRoamingMozillaFirefoxProfilesdbx418fs.defaultExtensionsabvnotifier@netinfo.bg.xpi FF Extension: No Name - C:UsersNikiAppDataRoamingMozillaFirefoxProfilesdbx418fs.defaultExtensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:Program FilesGoogleChromeApplication27.0.1453.94PepperFlashpepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:Program FilesGoogleChromeApplication27.0.1453.94ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:Program FilesGoogleChromeApplication27.0.1453.94pdf.dll () CHR Plugin: (Google Update) - C:Program FilesGoogleUpdate1.3.21.145npGoogleUpdate3.dll (Google Inc.) CHR Extension: (Google Docs) - C:UsersNikiAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake0.5_0 CHR Extension: (Google Drive) - C:UsersNikiAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf6.3_0 CHR Extension: (YouTube) - C:UsersNikiAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.6_0 CHR Extension: (Google Search) - C:UsersNikiAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.20_0 CHR Extension: (Kaspersky URL Advisor) - C:UsersNikiAppDataLocalGoogleChromeUser DataDefaultExtensionsdchlnpcodkpfdpacogkljefecpegganj13.0.1.4190_0 CHR Extension: (AdBlock) - C:UsersNikiAppDataLocalGoogleChromeUser DataDefaultExtensionsgighmmpiobklfepjocnamgkkbiglidom2.5.63_0 CHR Extension: (Safe Money) - C:UsersNikiAppDataLocalGoogleChromeUser DataDefaultExtensionshakdifolhalapjijoafobooafbilfakh13.0.1.4190_0 CHR Extension: (Content Blocker) - C:UsersNikiAppDataLocalGoogleChromeUser DataDefaultExtensionshghkgaeecgjhjkannahfamoehjmkjail13.0.1.4190_0 CHR Extension: (Virtual Keyboard) - C:UsersNikiAppDataLocalGoogleChromeUser DataDefaultExtensionsjagncdcchgajhfhijbbhecadmaiegcmh13.0.1.4292_0 CHR Extension: (Man of Steel) - C:UsersNikiAppDataLocalGoogleChromeUser DataDefaultExtensionsknfmphhfikndpfbllhdojajhgpmlnlef1_0 CHR Extension: (Advanced SystemCare Surfing Protection) - C:UsersNikiAppDataLocalGoogleChromeUser DataDefaultExtensionsnfengeggddojhakldhlpjdlddgkkjkdd1.0.0_0 CHR Extension: (Gmail) - C:UsersNikiAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0 CHR Extension: (Anti-Banner) - C:UsersNikiAppDataLocalGoogleChromeUser DataDefaultExtensionspjldcfjmnllhmgjclecdnfampinooman13.0.1.4190_0 ========================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Corporate.11.0; C:Program FilesCommon FilesABBYYFineReader11.00LicensingCENetworkLicenseServer.exe [821840 2012-07-19] (ABBYY) R2 AdvancedSystemCareService6; C:Program FilesIObitAdvanced SystemCare 6ASCService.exe [465216 2013-01-15] (IObit) R2 AMD FUEL Service; C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe [291840 2012-12-19] (Advanced Micro Devices, Inc.) R2 AVP; C:Program FilesKaspersky LabKaspersky Internet Security 2013avp.exe [356376 2013-03-06] (Kaspersky Lab ZAO) R2 MBAMScheduler; C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MSSQLSERVER; c:Program FilesMicrosoft SQL ServerMSSQL10_50.MSSQLSERVERMSSQLBinnsqlservr.exe [43040096 2011-06-17] (Microsoft Corporation) S4 MSSQLServerADHelper100; c:Program FilesMicrosoft SQL Server100SharedSQLADHLP.EXE [44896 2010-04-03] (Microsoft Corporation) S4 SQLSERVERAGENT; c:Program FilesMicrosoft SQL ServerMSSQL10_50.MSSQLSERVERMSSQLBinnSQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation) R2 UMVPFSrv; C:Program FilesCommon FileslogishrdLVMVFMUMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) ==================== Drivers (Whitelisted) ==================== R2 AODDriver4.2; C:Program FilesATI TechnologiesATI.ACEFueli386AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices) R1 dtsoftbus01; C:WindowsSystem32DRIVERSdtsoftbus01.sys [242240 2013-05-05] (DT Soft Ltd) R3 irsir; C:WindowsSystem32DRIVERSirsir.sys [20992 2006-11-02] (Microsoft Corporation) R0 kl1; C:WindowsSystem32DRIVERSkl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO) R1 KLIF; C:WindowsSystem32DRIVERSklif.sys [594528 2013-05-05] (Kaspersky Lab ZAO) R1 KLIM6; C:WindowsSystem32DRIVERSklim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:WindowsSystem32DRIVERSklkbdflt.sys [25944 2013-03-06] (Kaspersky Lab) R3 klmouflt; C:WindowsSystem32DRIVERSklmouflt.sys [25944 2013-03-06] (Kaspersky Lab) R1 kltdi; C:WindowsSystem32DRIVERSkltdi.sys [44432 2013-05-05] (Kaspersky Lab ZAO) R1 kneps; C:WindowsSystem32DRIVERSkneps.sys [145040 2013-05-05] (Kaspersky Lab ZAO) R3 MBAMProtector; C:Windowssystem32driversmbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S4 RsFx0151; C:WindowsSystem32DRIVERSRsFx0151.sys [240736 2011-06-17] (Microsoft Corporation) R3 RTHDMIAzAudService; C:WindowsSystem32driversRtHDMIV.sys [204432 2012-06-05] (Realtek Semiconductor Corp.) S3 TrojanKillerDriver; C:WindowsSystem32DRIVERSgtkdrv.sys [16128 2012-01-04] (Windows ® Win 7 DDK provider) S2 ATE_PROCMON; ??C:Program FilesAnti Trojan EliteATEPMon.sys [x] S3 catchme; ??C:UsersNikiAppDataLocalTempcatchme.sys [x] S3 VGPU; System32driversrdvgkmd.sys [x] ========================== Drivers MD5 ======================= C:Windowssystem32drivers1394ohci.sys ==> MD5 is legit C:WindowsSystem32driversACPI.sys ==> MD5 is legit C:Windowssystem32driversacpipmi.sys ==> MD5 is legit C:Windowssystem32driversadp94xx.sys ==> MD5 is legit C:Windowssystem32driversadpahci.sys ==> MD5 is legit C:Windowssystem32driversadpu320.sys ==> MD5 is legit C:Windowssystem32driversafd.sys 9EBBBA55060F786F0FCAA3893BFA2806 C:Windowssystem32driversagp440.sys ==> MD5 is legit C:Windowssystem32driversdjsvs.sys ==> MD5 is legit C:Windowssystem32driversaliide.sys ==> MD5 is legit C:Windowssystem32driversamdagp.sys ==> MD5 is legit C:Windowssystem32driversamdide.sys ==> MD5 is legit C:Windowssystem32driversamdk8.sys ==> MD5 is legit C:WindowsSystem32DRIVERSatikmdag.sys 8852D7B22CC76CBFE38FE1B539D40285 C:WindowsSystem32DRIVERSatikmpag.sys E84DAD432A49480D3FBB7AFBD854AC1C C:WindowsSystem32DRIVERSamdppm.sys ==> MD5 is legit C:Windowssystem32driversamdsata.sys D320BF87125326F996D4904FE24300FC C:Windowssystem32driversamdsbs.sys ==> MD5 is legit C:WindowsSystem32driversamdxata.sys 46387FB17B086D16DEA267D5BE23A2F2 C:Program FilesATI TechnologiesATI.ACEFueli386AODDriver2.sys 66F4DE5876DC1A47BA1ACE909FA9AEEF C:Windowssystem32driversappid.sys ==> MD5 is legit C:Windowssystem32driversarc.sys ==> MD5 is legit C:Windowssystem32driversarcsas.sys ==> MD5 is legit C:WindowsSystem32DRIVERSasyncmac.sys ==> MD5 is legit C:WindowsSystem32driversatapi.sys ==> MD5 is legit C:WindowsSystem32driversAtihdW73.sys C7C4A32657EA691895DC5A270EB1DE77 C:Windowssystem32driversbxvbdx.sys ==> MD5 is legit C:WindowsSystem32DRIVERSb57nd60x.sys ==> MD5 is legit C:WindowsSystem32DriversBeep.sys ==> MD5 is legit C:WindowsSystem32DRIVERSblbdrive.sys ==> MD5 is legit C:WindowsSystem32DRIVERSbowser.sys ==> MD5 is legit C:Windowssystem32driversBrFiltLo.sys ==> MD5 is legit C:Windowssystem32driversBrFiltUp.sys ==> MD5 is legit C:WindowsSystem32DRIVERSbridge.sys 77361D72A04F18809D0EFB6CCEB74D4B C:WindowsSystem32DriversBrserid.sys ==> MD5 is legit C:WindowsSystem32DriversBrSerWdm.sys ==> MD5 is legit C:WindowsSystem32DriversBrUsbMdm.sys ==> MD5 is legit C:WindowsSystem32DriversBrUsbSer.sys ==> MD5 is legit C:Windowssystem32driversbthmodem.sys ==> MD5 is legit C:WindowsSystem32DRIVERScdfs.sys ==> MD5 is legit C:WindowsSystem32DRIVERScdrom.sys ==> MD5 is legit C:Windowssystem32driverscirclass.sys ==> MD5 is legit C:WindowsSystem32CLFS.sys ==> MD5 is legit C:Windowssystem32driversCmBatt.sys ==> MD5 is legit C:Windowssystem32driverscmdide.sys ==> MD5 is legit C:WindowsSystem32Driverscng.sys 42F158036BD4C2FF3122BF142E60E6FD C:Windowssystem32driverscompbatt.sys ==> MD5 is legit C:WindowsSystem32DRIVERSCompositeBus.sys ==> MD5 is legit C:Windowssystem32driverscrcdisk.sys ==> MD5 is legit C:WindowsSystem32driverscsc.sys ==> MD5 is legit C:WindowsSystem32Driversdfsc.sys ==> MD5 is legit C:WindowsSystem32driversdiscache.sys ==> MD5 is legit C:WindowsSystem32driversdisk.sys ==> MD5 is legit C:Windowssystem32driversdmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E C:WindowsSystem32driversdrmkaud.sys ==> MD5 is legit C:WindowsSystem32DRIVERSdtsoftbus01.sys 687AF6BB383885FF6A64071B189A7F3E C:WindowsSystem32driversdxgkrnl.sys 16498EBC04AE9DD07049A8884B205C05 C:Windowssystem32driversevbdx.sys ==> MD5 is legit C:Windowssystem32driverselxstor.sys ==> MD5 is legit C:Windowssystem32driverserrdev.sys ==> MD5 is legit C:WindowsSystem32Driversexfat.sys ==> MD5 is legit C:WindowsSystem32Driversfastfat.sys ==> MD5 is legit C:WindowsSystem32DRIVERSfdc.sys ==> MD5 is legit C:WindowsSystem32driversfileinfo.sys ==> MD5 is legit C:WindowsSystem32driversfiletrace.sys ==> MD5 is legit C:WindowsSystem32DRIVERSflpydisk.sys ==> MD5 is legitB C:WindowsSystem32driversfltmgr.sys ==> MD5 is legit C:WindowsSystem32driversFsDepends.sys ==> MD5 is legit C:WindowsSystem32DriversFs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05 C:WindowsSystem32DRIVERSfvevol.sys E306A24D9694C724FA2491278BF50FDB C:Windowssystem32driversgagp30kx.sys ==> MD5 is legit C:Windowssystem32drivershcw85cir.sys ==> MD5 is legit C:WindowsSystem32driversHdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972 C:WindowsSystem32DRIVERSHDAudBus.sys ==> MD5 is legit C:Windowssystem32driversHidBatt.sys ==> MD5 is legit C:Windowssystem32drivershidbth.sys ==> MD5 is legit C:Windowssystem32drivershidir.sys ==> MD5 is legit C:WindowsSystem32DRIVERShidusb.sys ==> MD5 is legit C:Windowssystem32driversHpSAMD.sys ==> MD5 is legit C:WindowsSystem32driversHTTP.sys ==> MD5 is legit C:WindowsSystem32drivershwpolicy.sys ==> MD5 is legit C:WindowsSystem32DRIVERSi8042prt.sys ==> MD5 is legit C:Windowssystem32driversiaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E C:Windowssystem32driversiirsp.sys ==> MD5 is legit C:Windowssystem32driversintelide.sys ==> MD5 is legit C:Windowssystem32driversintelppm.sys ==> MD5 is legit C:WindowsSystem32DRIVERSipfltdrv.sys ==> MD5 is legit C:Windowssystem32driversIPMIDrv.sys ==> MD5 is legit C:WindowsSystem32driversipnat.sys ==> MD5 is legit C:WindowsSystem32DRIVERSirda.sys 9F7E491FB0BA0F9E370163834FC1FE31 C:WindowsSystem32driversirenum.sys ==> MD5 is legit C:WindowsSystem32DRIVERSirsir.sys D04DA73127FFED720DFC4EB673A23E04 C:Windowssystem32driversisapnp.sys ==> MD5 is legit C:Windowssystem32driversmsiscsi.sys ==> MD5 is legit C:Windowssystem32driverskbdclass.sys ==> MD5 is legit C:Windowssystem32driverskbdhid.sys ==> MD5 is legit C:WindowsSystem32DRIVERSkl1.sys EA26CB00F83686856F2C79673C00C686 C:WindowsSystem32DRIVERSklif.sys BE21AC70BB25B9BA0D79AA510D6BBFCB C:WindowsSystem32DRIVERSklim6.sys AF127FE7DD5ED2BBC9049FD8A00DEFC2 C:WindowsSystem32DRIVERSklkbdflt.sys 24AEBAD59D1DE8A7CC36E8F09F999362 C:WindowsSystem32DRIVERSklmouflt.sys A58507C2827C3AE1D4CCB2746AAB349F C:WindowsSystem32DRIVERSkltdi.sys E7EFE379B05BB01F13885C5DBE5A4E64 C:WindowsSystem32DRIVERSkneps.sys 8F932DF10408BCABA2FCF6163C843F8E C:WindowsSystem32Driversksecdd.sys B7895B4182C0D16F6EFADEB8081E8D36 C:WindowsSystem32Driversksecpkg.sys 5FE1ABF1AF591A3458C9CF24ED9A4D35 C:WindowsSystem32DRIVERSlltdio.sys ==> MD5 is legit C:Windowssystem32driverslsi_fc.sys ==> MD5 is legit C:Windowssystem32driverslsi_sas.sys ==> MD5 is legit C:Windowssystem32driverslsi_sas2.sys ==> MD5 is legit C:Windowssystem32driverslsi_scsi.sys ==> MD5 is legit C:Windowssystem32driversluafv.sys ==> MD5 is legit C:WindowsSystem32DRIVERSlvrs.sys ED643E777BA3F7151EF3F0FB6BE4F7F0 C:WindowsSystem32DRIVERSlvuvc.sys 5BC80451109A8DD7F2DDD35BCE2929A3 C:Windowssystem32driversmbam.sys 4470E3C1E0C3378E4CAB137893C12C3A C:Windowssystem32driversmegasas.sys ==> MD5 is legit C:Windowssystem32driversMegaSR.sys ==> MD5 is legit C:WindowsSystem32driversmodem.sys ==> MD5 is legit C:WindowsSystem32DRIVERSmonitor.sys ==> MD5 is legit C:Windowssystem32driversmouclass.sys ==> MD5 is legit C:WindowsSystem32DRIVERSmouhid.sys ==> MD5 is legit C:WindowsSystem32driversmountmgr.sys ==> MD5 is legit C:Windowssystem32driversmpio.sys ==> MD5 is legit C:WindowsSystem32driversmpsdrv.sys ==> MD5 is legit C:Windowssystem32driversmrxdav.sys ==> MD5 is legit C:WindowsSystem32DRIVERSmrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25 C:WindowsSystem32DRIVERSmrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC C:WindowsSystem32DRIVERSmrxsmb20.sys B81F204D146000BE76651A50670A5E9E C:Windowssystem32driversmsahci.sys ==> MD5 is legit C:Windowssystem32driversmsdsm.sys ==> MD5 is legit C:WindowsSystem32DriversMsfs.sys ==> MD5 is legit C:WindowsSystem32driversmshidkmdf.sys ==> MD5 is legit C:WindowsSystem32driversmsisadrv.sys ==> MD5 is legit C:WindowsSystem32driversMSKSSRV.sys ==> MD5 is legit C:WindowsSystem32driversMSPCLOCK.sys ==> MD5 is legit C:WindowsSystem32driversMSPQM.sys ==> MD5 is legit C:WindowsSystem32DriversMsRPC.sys ==> MD5 is legit C:WindowsSystem32DRIVERSmssmbios.sys ==> MD5 is legit C:WindowsSystem32driversMSTEE.sys ==> MD5 is legit C:Windowssystem32driversMTConfig.sys ==> MD5 is legit C:WindowsSystem32Driversmup.sys ==> MD5 is legit C:WindowsSystem32DRIVERSnwifi.sys ==> MD5 is legit C:WindowsSystem32driversndis.sys 8C9C922D71F1CD4DEF73F186416B7896 C:WindowsSystem32DRIVERSndiscap.sys ==> MD5 is legit C:WindowsSystem32DRIVERSndistapi.sys ==> MD5 is legit C:WindowsSystem32DRIVERSndisuio.sys ==> MD5 is legit C:WindowsSystem32DRIVERSndiswan.sys ==> MD5 is legit C:WindowsSystem32DriversNDProxy.sys ==> MD5 is legit C:WindowsSystem32DRIVERSnetbios.sys ==> MD5 is legit C:WindowsSystem32DRIVERSnetbt.sys ==> MD5 is legit C:Windowssystem32driversnfrd960.sys ==> MD5 is legit C:WindowsSystem32driversccdcmb.sys A00877C05933FBA8AFB3390DD72D4679 C:WindowsSystem32driversccdcmbo.sys 9FF15F18E4E8758AC57BDB910D0238B3 C:WindowsSystem32DriversNpfs.sys ==> MD5 is legit C:WindowsSystem32driversnsiproxy.sys ==> MD5 is legit C:WindowsSystem32DriversNtfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE C:WindowsSystem32DriversNull.sys ==> MD5 is legit C:Windowssystem32driversnvraid.sys B3E25EE28883877076E0E1FF877D02E0 C:Windowssystem32driversnvstor.sys 4380E59A170D88C4F1022EFF6719A8A4 C:Windowssystem32driversnv_agp.sys ==> MD5 is legit C:Windowssystem32driversohci1394.sys ==> MD5 is legit C:WindowsSystem32DRIVERSparport.sys ==> MD5 is legit C:WindowsSystem32driverspartmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B C:WindowsSystem32DRIVERSparvdm.sys ==> MD5 is legit C:WindowsSystem32DRIVERSpccsmcfd.sys F451DCACBAA67F3307305EBD4A39EA07 C:WindowsSystem32driverspci.sys ==> MD5 is legit C:WindowsSystem32driverspciide.sys ==> MD5 is legit C:Windowssystem32driverspcmcia.sys ==> MD5 is legit C:WindowsSystem32driverspcw.sys ==> MD5 is legit C:WindowsSystem32driverspeauth.sys ==> MD5 is legit C:WindowsSystem32DRIVERSraspptp.sys ==> MD5 is legit C:Windowssystem32driversprocessr.sys ==> MD5 is legit C:WindowsSystem32DRIVERSpacer.sys ==> MD5 is legit C:Windowssystem32driversql2300.sys ==> MD5 is legit C:Windowssystem32driversql40xx.sys ==> MD5 is legit C:Windowssystem32driversqwavedrv.sys ==> MD5 is legit C:WindowsSystem32DRIVERSrasacd.sys ==> MD5 is legit C:WindowsSystem32DRIVERSAgileVpn.sys ==> MD5 is legit C:WindowsSystem32DRIVERSrasl2tp.sys ==> MD5 is legit C:WindowsSystem32DRIVERSraspppoe.sys ==> MD5 is legit C:WindowsSystem32DRIVERSrassstp.sys ==> MD5 is legit C:WindowsSystem32DRIVERSrdbss.sys ==> MD5 is legit C:WindowsSystem32DRIVERSrdpbus.sys ==> MD5 is legit C:WindowsSystem32DRIVERSRDPCDD.sys ==> MD5 is legit C:WindowsSystem32driversrdpdr.sys ==> MD5 is legit C:WindowsSystem32driversrdpencdd.sys ==> MD5 is legit C:WindowsSystem32driversrdprefmp.sys ==> MD5 is legit C:WindowsSystem32driversrdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6 C:WindowsSystem32DriversRDPWD.sys F031683E6D1FEA157ABB2FF260B51E61 C:WindowsSystem32driversrdyboost.sys ==> MD5 is legit C:WindowsSystem32DRIVERSRsFx0151.sys 66A54BF20084400A7DD5E3B69E008799 C:WindowsSystem32DRIVERSrspndr.sys ==> MD5 is legit C:WindowsSystem32driversRtHDMIV.sys 79C8488DFA2AA377441645123CB73845 C:WindowsSystem32DRIVERSRtnicxp.sys 4A9F49D1B7E67F7AB9595B61126E81FD C:WindowsSystem32DRIVERSRt86win7.sys 9AA3A8EBB12201D24211AB003612BA04 C:Windowssystem32driversvms3cap.sys ==> MD5 is legit C:Windowssystem32driverssbp2port.sys ==> MD5 is legit C:WindowsSystem32DRIVERSscfilter.sys ==> MD5 is legit C:WindowsSystem32Driverssecdrv.sys ==> MD5 is legit C:WindowsSystem32DRIVERSserenum.sys ==> MD5 is legit C:WindowsSystem32DRIVERSserial.sys ==> MD5 is legit C:Windowssystem32driverssermouse.sys ==> MD5 is legit C:Windowssystem32driverssffdisk.sys ==> MD5 is legit C:Windowssystem32driverssffp_mmc.sys ==> MD5 is legit C:Windowssystem32driverssffp_sd.sys ==> MD5 is legit C:Windowssystem32driverssfloppy.sys ==> MD5 is legit C:Windowssystem32driverssisagp.sys ==> MD5 is legit C:Windowssystem32driversSiSRaid2.sys ==> MD5 is legit C:Windowssystem32driverssisraid4.sys ==> MD5 is legit C:WindowsSystem32DRIVERSsmb.sys ==> MD5 is legit C:WindowsSystem32Driversspldr.sys ==> MD5 is legit C:WindowsSystem32DRIVERSsrv.sys E4C2764065D66EA1D2D3EBC28FE99C46 C:WindowsSystem32DRIVERSsrv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB C:WindowsSystem32DRIVERSsrvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC C:Windowssystem32driversstexstor.sys ==> MD5 is legit C:WindowsSystem32driversvmstorfl.sys ==> MD5 is legit C:Windowssystem32driversstorvsc.sys ==> MD5 is legit C:WindowsSystem32DRIVERSswenum.sys ==> MD5 is legit C:WindowsSystem32driverssynth3dvsc.sys F2AD8960812FD111E20E84659EF19D43 C:WindowsSystem32driverstcpip.sys 7C0507D2391AF5933600CBCED799F277 C:WindowsSystem32DRIVERStcpip.sys 7C0507D2391AF5933600CBCED799F277 C:WindowsSystem32driverstcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B C:WindowsSystem32driverstdpipe.sys ==> MD5 is legit C:WindowsSystem32driverstdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8 C:WindowsSystem32DRIVERStdx.sys ==> MD5 is legit C:WindowsSystem32DRIVERStermdd.sys ==> MD5 is legit C:Windowssystem32driversterminpt.sys E951866BAC5A23403F62A349EDBB6EEB C:WindowsSystem32DRIVERSgtkdrv.sys 113384367C3999E084FE156B18C7625E C:WindowsSystem32DRIVERStssecsrv.sys ==> MD5 is legit C:WindowsSystem32driverstsusbflt.sys 9CE253214ACAA5A7D323327D2055EFAA C:Windowssystem32driversTsUsbGD.sys 57C527AF84748B5C2F5178C499C0B81F C:WindowsSystem32driverstsusbhub.sys 045ACB987C650D8186C6B4A692223860 C:WindowsSystem32DRIVERStunnel.sys ==> MD5 is legit C:Windowssystem32driversuagp35.sys ==> MD5 is legit C:WindowsSystem32DRIVERSudfs.sys ==> MD5 is legit C:Windowssystem32driversuliagpkx.sys ==> MD5 is legit C:WindowsSystem32DRIVERSumbus.sys ==> MD5 is legit C:Windowssystem32driversumpass.sys ==> MD5 is legit C:WindowsSystem32DRIVERSusbser_lowerflt.sys 8721F55D8BC9F89E3A63CEBDF5EF4FA3 C:WindowsSystem32driversusbaudio.sys 1D9F2BD026E8E2D45033A4DF3F16B78C C:WindowsSystem32DRIVERSusbccgp.sys BD9C55D7023C5DE374507ACC7A14E2AC C:Windowssystem32driversusbcir.sys ==> MD5 is legit C:WindowsSystem32DRIVERSusbehci.sys F92DE757E4B7CE9C07C5E65423F3AE3B C:WindowsSystem32DRIVERSusbhub.sys 8DC94AEC6A7E644A06135AE7506DC2E9 C:WindowsSystem32DRIVERSusbohci.sys E185D44FAC515A18D9DEDDC23C2CDF44 C:WindowsSystem32DRIVERSusbprint.sys ==> MD5 is legit C:WindowsSystem32DRIVERSusbser.sys 31181DE6190B39FC8007DFFD1A48FFD6 C:WindowsSystem32DRIVERSusbser_lowerfltj.sys 4E66C71D8D010BFB0DF1042D25E9CB0F C:WindowsSystem32DRIVERSUSBSTOR.SYS F991AB9CC6B908DB552166768176896A C:Windowssystem32driversusbuhci.sys 68DF884CF41CDADA664BEB01DAF67E3D C:WindowsSystem32Driversusbvideo.sys 45F4E7BF43DB40A6C6B4D92C76CBC3F2 C:WindowsSystem32driversvdrvroot.sys ==> MD5 is legit C:WindowsSystem32DRIVERSvgapnp.sys ==> MD5 is legit C:WindowsSystem32driversvga.sys ==> MD5 is legit C:Windowssystem32driversvhdmp.sys ==> MD5 is legit C:Windowssystem32driversviaagp.sys ==> MD5 is legit C:Windowssystem32driversviac7.sys ==> MD5 is legit C:Windowssystem32driversviaide.sys ==> MD5 is legit C:Windowssystem32driversvmbus.sys ==> MD5 is legit C:Windowssystem32driversVMBusHID.sys ==> MD5 is legit C:WindowsSystem32driversvolmgr.sys ==> MD5 is legit C:WindowsSystem32driversvolmgrx.sys ==> MD5 is legit C:WindowsSystem32driversvolsnap.sys ==> MD5 is legit C:Windowssystem32driversvsmraid.sys ==> MD5 is legit C:WindowsSystem32driversvwifibus.sys ==> MD5 is legit C:Windowssystem32driverswacompen.sys ==> MD5 is legit C:WindowsSystem32DRIVERSwanarp.sys ==> MD5 is legit C:WindowsSystem32DRIVERSwanarp.sys ==> MD5 is legit C:Windowssystem32driverswd.sys ==> MD5 is legit C:WindowsSystem32driversWdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A C:WindowsSystem32DRIVERSwfplwf.sys ==> MD5 is legit C:WindowsSystem32driverswimmount.sys ==> MD5 is legit C:WindowsSystem32DRIVERSWinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708 C:Windowssystem32driverswmiacpi.sys ==> MD5 is legit C:Windowssystem32driversws2ifsl.sys ==> MD5 is legit C:WindowsSystem32driversWudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:WindowsSystem32DRIVERSWUDFRd.sys 867C301E8B790040AE9CF6486E8041DF ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-06 21:04 - 2013-06-06 21:04 - 00000000 ____D C:FRST 2013-06-06 21:03 - 2013-06-06 21:03 - 01357013 ____A (Farbar) C:UsersNikiDownloadsFRST.exe 2013-06-06 20:38 - 2013-06-06 20:38 - 00022533 ____A C:ComboFix.txt 2013-06-06 20:27 - 2013-06-06 20:27 - 00000546 ____A C:WindowsPFRO.log 2013-06-06 20:27 - 2013-06-06 20:27 - 00000056 ____A C:Windowssetupact.log 2013-06-06 20:27 - 2013-06-06 20:27 - 00000000 ____A C:Windowssetuperr.log 2013-06-06 20:18 - 2013-06-06 20:39 - 00000000 ____D C:ComboFix 2013-06-06 20:18 - 2011-06-26 09:45 - 00256000 ____A C:WindowsPEV.exe 2013-06-06 20:18 - 2010-11-07 20:20 - 00208896 ____A C:WindowsMBR.exe 2013-06-06 20:18 - 2009-04-20 07:56 - 00060416 ____A (NirSoft) C:WindowsNIRCMD.exe 2013-06-06 20:18 - 2000-08-31 03:00 - 00518144 ____A (SteelWerX) C:WindowsSWREG.exe 2013-06-06 20:18 - 2000-08-31 03:00 - 00406528 ____A (SteelWerX) C:WindowsSWSC.exe 2013-06-06 20:18 - 2000-08-31 03:00 - 00098816 ____A C:Windowssed.exe 2013-06-06 20:18 - 2000-08-31 03:00 - 00080412 ____A C:Windowsgrep.exe 2013-06-06 20:18 - 2000-08-31 03:00 - 00068096 ____A C:Windowszip.exe 2013-06-06 20:17 - 2013-06-06 20:38 - 00000000 ____D C:Qoobox 2013-06-06 20:17 - 2013-06-06 20:34 - 00000000 ____D C:Windowserdnt 2013-06-06 20:16 - 2013-06-06 20:16 - 05078904 ____R (Swearware) C:UsersNikiDownloadsComboFix.exe 2013-06-06 19:44 - 2013-06-06 19:44 - 00020220 ____A C:UsersNikiDesktopdds.txt 2013-06-06 19:44 - 2013-06-06 19:44 - 00011418 ____A C:UsersNikiDesktopattach.txt 2013-06-06 19:42 - 2013-06-06 19:42 - 00492146 ____R (Swearware) C:UsersNikiDownloadsdds.exe 2013-06-06 12:29 - 2013-06-06 12:29 - 36539960 ____A (GridinSoft LLC) C:UsersNikiDownloadsgtk2161-setup.exe 2013-06-06 12:28 - 2013-06-06 12:46 - 00000000 ____D C:Program FilesGridinSoft Trojan Killer 2013-06-06 12:28 - 2013-06-06 12:28 - 00001097 ____A C:UsersPublicDesktopTrojan Killer.lnk 2013-06-03 22:01 - 2013-06-03 22:01 - 00000000 ___AH C:WindowsSystem32DriversMsft_User_PCCSWpdDriver_01_09_00.Wdf 2013-06-03 22:00 - 2013-06-03 22:00 - 00000000 ___AH C:WindowsSystem32DriversMsft_Kernel_ccdcmb_01009.Wdf 2013-06-03 22:00 - 2013-06-03 22:00 - 00000000 ____D C:UsersNikiAppDataLocalNokiaAccount 2013-05-28 10:33 - 2013-05-28 10:33 - 00000000 ____D C:Program FilesMozilla Firefox 2013-05-26 14:40 - 2013-06-05 10:51 - 53981184 ____A C:WindowsSystem32configSOFTWARE.iobit 2013-05-26 14:40 - 2013-06-05 10:51 - 00270336 ____A C:WindowsSystem32configDEFAULT.iobit 2013-05-26 14:40 - 2013-06-05 10:51 - 00032768 ____A C:WindowsSystem32configSAM.iobit 2013-05-26 14:40 - 2013-06-05 10:51 - 00024576 ____A C:WindowsSystem32configSECURITY.iobit 2013-05-21 10:25 - 2013-05-21 10:25 - 05228950 ____A C:UsersNikiDownloadsMATTEL_Price_List_GIRLS_Mar2013.xlsx 2013-05-21 10:24 - 2013-05-21 10:24 - 08999758 ____A C:UsersNikiDownloadsMATTEL_Price_List_FP_Mar2013.xlsx 2013-05-21 10:23 - 2013-05-21 10:25 - 00000000 ____D C:UsersNikiDesktopНова папка 2013-05-21 10:23 - 2013-05-21 10:23 - 06310949 ____A C:UsersNikiDownloadsMATTEL_Price_List_BOYS_Mar2013.xlsx 2013-05-18 12:19 - 2013-05-18 12:19 - 00000000 ____D C:UsersNikiDocumentsABBYY 2013-05-15 13:54 - 2013-04-05 08:28 - 01767424 ____A (Microsoft Corporation) C:WindowsSystem32wininet.dll 2013-05-15 13:54 - 2013-04-05 08:28 - 01130496 ____A (Microsoft Corporation) C:WindowsSystem32urlmon.dll 2013-05-15 13:54 - 2013-04-05 08:28 - 00042496 ____A (Microsoft Corporation) C:WindowsSystem32ie4uinit.exe 2013-05-15 13:54 - 2013-04-05 08:26 - 14323712 ____A (Microsoft Corporation) C:WindowsSystem32mshtml.dll 2013-05-15 13:54 - 2013-04-05 08:26 - 13760512 ____A (Microsoft Corporation) C:WindowsSystem32ieframe.dll 2013-05-15 13:54 - 2013-04-05 08:26 - 02877440 ____A (Microsoft Corporation) C:WindowsSystem32jscript9.dll 2013-05-15 13:54 - 2013-04-05 08:26 - 02046976 ____A (Microsoft Corporation) C:WindowsSystem32iertutil.dll 2013-05-15 13:54 - 2013-04-05 08:26 - 00690688 ____A (Microsoft Corporation) C:WindowsSystem32jscript.dll 2013-05-15 13:54 - 2013-04-05 08:26 - 00493056 ____A (Microsoft Corporation) C:WindowsSystem32msfeeds.dll 2013-05-15 13:54 - 2013-04-05 08:26 - 00391168 ____A (Microsoft Corporation) C:WindowsSystem32ieui.dll 2013-05-15 13:54 - 2013-04-05 08:26 - 00109056 ____A (Microsoft Corporation) C:WindowsSystem32iesysprep.dll 2013-05-15 13:54 - 2013-04-05 08:26 - 00061440 ____A (Microsoft Corporation) C:WindowsSystem32iesetup.dll 2013-05-15 13:54 - 2013-04-05 08:26 - 00039424 ____A (Microsoft Corporation) C:WindowsSystem32jsproxy.dll 2013-05-15 13:54 - 2013-04-05 08:26 - 00033280 ____A (Microsoft Corporation) C:WindowsSystem32iernonce.dll 2013-05-15 13:54 - 2013-04-05 07:29 - 02706432 ____A (Microsoft Corporation) C:WindowsSystem32mshtml.tlb 2013-05-15 13:54 - 2013-04-05 06:38 - 00071680 ____A (Microsoft Corporation) C:WindowsSystem32RegisterIEPKEYs.exe 2013-05-15 12:48 - 2013-04-10 08:18 - 00728424 ____A (Microsoft Corporation) C:WindowsSystem32Driversdxgkrnl.sys 2013-05-15 12:48 - 2013-04-10 08:18 - 00218984 ____A (Microsoft Corporation) C:WindowsSystem32Driversdxgmms1.sys 2013-05-15 12:48 - 2013-04-10 06:14 - 02347520 ____A (Microsoft Corporation) C:WindowsSystem32win32k.sys 2013-05-15 12:48 - 2013-03-19 07:53 - 00186368 ____A (Microsoft Corporation) C:WindowsSystem32wwansvc.dll 2013-05-15 12:48 - 2013-03-19 06:33 - 00040960 ____A (Microsoft Corporation) C:WindowsSystem32wwanprotdim.dll 2013-05-15 12:48 - 2013-02-27 08:05 - 00101720 ____A (Microsoft Corporation) C:WindowsSystem32consent.exe 2013-05-15 12:48 - 2013-02-27 07:55 - 12872704 ____A (Microsoft Corporation) C:WindowsSystem32shell32.dll 2013-05-15 12:48 - 2013-02-27 07:55 - 00180224 ____A (Microsoft Corporation) C:WindowsSystem32shdocvw.dll 2013-05-15 12:48 - 2013-02-27 07:49 - 01796096 ____A (Microsoft Corporation) C:WindowsSystem32authui.dll 2013-05-15 12:48 - 2013-02-27 07:49 - 00047104 ____A (Microsoft Corporation) C:WindowsSystem32appinfo.dll 2013-05-10 22:28 - 2013-05-12 01:44 - 76724280 ____H C:UsersNikiDesktop~WRL0003.tmp 2013-05-10 21:59 - 2013-05-10 21:59 - 00000000 ____D C:UsersNikiAppDataRoamingSoftland 2013-05-10 21:59 - 2013-05-10 21:59 - 00000000 ____D C:Program FilesnovaPDF Professional Desktop 7 2013-05-10 21:59 - 2013-05-09 10:51 - 00024896 ____A (Softland) C:WindowsSystem32novamnp7.dll 2013-05-10 21:59 - 2013-05-09 10:51 - 00022336 ____A (Softland) C:WindowsSystem32novamip7.dll 2013-05-10 21:59 - 2011-11-22 17:02 - 00007549 ____A C:WindowsSystem32novap7.ctm 2013-05-10 21:59 - 2010-02-05 15:00 - 01700352 ____A (Microsoft Corporation) C:WindowsSystem32GdiPlus.dll 2013-05-10 21:22 - 2013-05-13 19:31 - 00000000 ____D C:UsersNikiAppDataRoamingAhead 2013-05-10 12:57 - 2013-05-11 14:12 - 00498688 ____A C:UsersNikiDownloadssummer.shops.offer.xls 2013-05-10 00:02 - 2013-05-10 00:02 - 00000000 ____D C:UsersNikiAppDataRoamingACD Systems 2013-05-09 22:15 - 2013-05-09 22:15 - 00296740 __RSH C:BWLED 2013-05-09 18:01 - 2013-05-09 18:06 - 00000000 ____D C:UsersNikiAppDataRoamingCanon 2013-05-09 18:01 - 2013-05-09 18:01 - 00000000 ___HD C:ProgramDataCanonIJScan 2013-05-09 18:00 - 2013-05-09 18:00 - 00000000 ____D C:UsersNikiAppDataRoamingABBYY 2013-05-09 16:23 - 2013-05-09 16:23 - 00000000 ___AH C:WindowsSystem32DriversMsft_User_WpdMtpDr_01_09_00.Wdf ==================== One Month Modified Files and Folders ======== 2013-06-06 21:04 - 2013-06-06 21:04 - 00000000 ____D C:FRST 2013-06-06 21:03 - 2013-06-06 21:03 - 01357013 ____A (Farbar) C:UsersNikiDownloadsFRST.exe 2013-06-06 20:50 - 2013-05-06 00:05 - 00000000 ____D C:UsersNikiDocumentsINTEX 2013 2013-06-06 20:39 - 2013-06-06 20:18 - 00000000 ____D C:ComboFix 2013-06-06 20:38 - 2013-06-06 20:38 - 00022533 ____A C:ComboFix.txt 2013-06-06 20:38 - 2013-06-06 20:17 - 00000000 ____D C:Qoobox 2013-06-06 20:38 - 2009-07-14 05:37 - 00000000 __RHD C:usersDefault 2013-06-06 20:38 - 2009-07-14 05:37 - 00000000 ___RD C:usersPublic 2013-06-06 20:35 - 2013-05-05 20:35 - 00000000 ____D C:UsersNikiAppDataRoamingSkype 2013-06-06 20:35 - 2009-07-14 07:34 - 00026576 ___AH C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-06 20:35 - 2009-07-14 07:34 - 00026576 ___AH C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-06 20:34 - 2013-06-06 20:17 - 00000000 ____D C:Windowserdnt 2013-06-06 20:30 - 2013-05-05 18:42 - 01556912 ____A C:WindowsWindowsUpdate.log 2013-06-06 20:28 - 2013-05-05 20:59 - 00000000 ____D C:ProgramDataKaspersky Lab 2013-06-06 20:28 - 2009-07-14 05:04 - 00000215 ____A C:Windowssystem.ini 2013-06-06 20:27 - 2013-06-06 20:27 - 00000546 ____A C:WindowsPFRO.log 2013-06-06 20:27 - 2013-06-06 20:27 - 00000056 ____A C:Windowssetupact.log 2013-06-06 20:27 - 2013-06-06 20:27 - 00000000 ____A C:Windowssetuperr.log 2013-06-06 20:27 - 2013-05-05 19:09 - 00000978 ____A C:WindowsTasksGoogleUpdateTaskMachineCore.job 2013-06-06 20:27 - 2009-07-14 07:53 - 00000006 ___AH C:WindowsTasksSA.DAT 2013-06-06 20:16 - 2013-06-06 20:16 - 05078904 ____R (Swearware) C:UsersNikiDownloadsComboFix.exe 2013-06-06 20:14 - 2013-05-05 19:09 - 00000982 ____A C:WindowsTasksGoogleUpdateTaskMachineUA.job 2013-06-06 19:44 - 2013-06-06 19:44 - 00020220 ____A C:UsersNikiDesktopdds.txt 2013-06-06 19:44 - 2013-06-06 19:44 - 00011418 ____A C:UsersNikiDesktopattach.txt 2013-06-06 19:42 - 2013-06-06 19:42 - 00492146 ____R (Swearware) C:UsersNikiDownloadsdds.exe 2013-06-06 18:59 - 2013-05-05 18:55 - 00000000 ____D C:UsersNikiAppDataRoaminguTorrent 2013-06-06 12:59 - 2010-11-21 00:01 - 00870058 ____A C:WindowsSystem32PerfStringBackup.INI 2013-06-06 12:46 - 2013-06-06 12:28 - 00000000 ____D C:Program FilesGridinSoft Trojan Killer 2013-06-06 12:29 - 2013-06-06 12:29 - 36539960 ____A (GridinSoft LLC) C:UsersNikiDownloadsgtk2161-setup.exe 2013-06-06 12:28 - 2013-06-06 12:28 - 00001097 ____A C:UsersPublicDesktopTrojan Killer.lnk 2013-06-06 12:09 - 2013-05-06 12:42 - 00000000 ____D C:UsersNikiAppDataLocalCrashDumps 2013-06-05 23:13 - 2013-05-05 21:08 - 00000000 ____D C:UsersNikiAppDataRoamingPC Suite 2013-06-05 23:13 - 2009-07-14 05:37 - 00000000 ____D C:WindowsVss 2013-06-05 10:51 - 2013-05-26 14:40 - 53981184 ____A C:WindowsSystem32configSOFTWARE.iobit 2013-06-05 10:51 - 2013-05-26 14:40 - 00270336 ____A C:WindowsSystem32configDEFAULT.iobit 2013-06-05 10:51 - 2013-05-26 14:40 - 00032768 ____A C:WindowsSystem32configSAM.iobit 2013-06-05 10:51 - 2013-05-26 14:40 - 00024576 ____A C:WindowsSystem32configSECURITY.iobit 2013-06-05 10:51 - 2013-05-05 18:47 - 00000000 ____D C:usersNiki 2013-06-03 22:01 - 2013-06-03 22:01 - 00000000 ___AH C:WindowsSystem32DriversMsft_User_PCCSWpdDriver_01_09_00.Wdf 2013-06-03 22:01 - 2013-05-05 21:08 - 00000000 ____D C:ProgramDataPC Suite 2013-06-03 22:00 - 2013-06-03 22:00 - 00000000 ___AH C:WindowsSystem32DriversMsft_Kernel_ccdcmb_01009.Wdf 2013-06-03 22:00 - 2013-06-03 22:00 - 00000000 ____D C:UsersNikiAppDataLocalNokiaAccount 2013-06-03 21:59 - 2013-05-05 21:08 - 00000000 ____D C:UsersNikiAppDataLocalNokia 2013-05-29 09:00 - 2013-05-05 19:01 - 00000000 ____D C:Program FilesMozilla Maintenance Service 2013-05-28 10:33 - 2013-05-28 10:33 - 00000000 ____D C:Program FilesMozilla Firefox 2013-05-21 10:25 - 2013-05-21 10:25 - 05228950 ____A C:UsersNikiDownloadsMATTEL_Price_List_GIRLS_Mar2013.xlsx 2013-05-21 10:25 - 2013-05-21 10:23 - 00000000 ____D C:UsersNikiDesktopНова папка 2013-05-21 10:24 - 2013-05-21 10:24 - 08999758 ____A C:UsersNikiDownloadsMATTEL_Price_List_FP_Mar2013.xlsx 2013-05-21 10:23 - 2013-05-21 10:23 - 06310949 ____A C:UsersNikiDownloadsMATTEL_Price_List_BOYS_Mar2013.xlsx 2013-05-19 13:17 - 2013-05-05 21:31 - 00000000 ____D C:UsersNikiAppDataLocalACD Systems 2013-05-19 12:15 - 2013-05-05 20:12 - 00000000 ____D C:UsersNikiAppDataRoamingIObit 2013-05-18 12:19 - 2013-05-18 12:19 - 00000000 ____D C:UsersNikiDocumentsABBYY 2013-05-15 19:54 - 2009-07-14 05:37 - 00000000 ____D C:Windowsrescache 2013-05-15 16:10 - 2009-07-14 05:37 - 00000000 ____D C:WindowsMicrosoft.NET 2013-05-15 15:44 - 2009-07-14 07:33 - 00343888 ____A C:WindowsSystem32FNTCACHE.DAT 2013-05-15 15:42 - 2009-07-14 05:37 - 00000000 ____D C:WindowsSystem32bg-BG 2013-05-15 13:47 - 2013-05-05 18:54 - 72607752 ____A (Microsoft Corporation) C:WindowsSystem32MRT.exe 2013-05-13 19:31 - 2013-05-10 21:22 - 00000000 ____D C:UsersNikiAppDataRoamingAhead 2013-05-12 01:44 - 2013-05-10 22:28 - 76724280 ____H C:UsersNikiDesktop~WRL0003.tmp 2013-05-11 14:12 - 2013-05-10 12:57 - 00498688 ____A C:UsersNikiDownloadssummer.shops.offer.xls 2013-05-10 21:59 - 2013-05-10 21:59 - 00000000 ____D C:UsersNikiAppDataRoamingSoftland 2013-05-10 21:59 - 2013-05-10 21:59 - 00000000 ____D C:Program FilesnovaPDF Professional Desktop 7 2013-05-10 21:22 - 2013-05-06 11:32 - 00000000 ____D C:UsersNikiAppDataLocalAhead 2013-05-10 01:14 - 2013-05-05 20:55 - 00000000 ____D C:ProgramDataAdobe 2013-05-10 00:02 - 2013-05-10 00:02 - 00000000 ____D C:UsersNikiAppDataRoamingACD Systems 2013-05-09 22:15 - 2013-05-09 22:15 - 00296740 __RSH C:BWLED 2013-05-09 18:06 - 2013-05-09 18:01 - 00000000 ____D C:UsersNikiAppDataRoamingCanon 2013-05-09 18:01 - 2013-05-09 18:01 - 00000000 ___HD C:ProgramDataCanonIJScan 2013-05-09 18:00 - 2013-05-09 18:00 - 00000000 ____D C:UsersNikiAppDataRoamingABBYY 2013-05-09 18:00 - 2013-05-06 09:06 - 00000000 ____D C:UsersNikiAppDataLocalAdobe 2013-05-09 18:00 - 2013-05-05 20:27 - 00000000 ____D C:UsersNikiAppDataLocalABBYY 2013-05-09 16:23 - 2013-05-09 16:23 - 00000000 ___AH C:WindowsSystem32DriversMsft_User_WpdMtpDr_01_09_00.Wdf 2013-05-09 10:51 - 2013-05-10 21:59 - 00024896 ____A (Softland) C:WindowsSystem32novamnp7.dll 2013-05-09 10:51 - 2013-05-10 21:59 - 00022336 ____A (Softland) C:WindowsSystem32novamip7.dll ==================== Bamital & volsnap Check ================= C:Windowsexplorer.exe => MD5 is legit C:WindowsSystem32winlogon.exe => MD5 is legit C:WindowsSystem32wininit.exe => MD5 is legit C:WindowsSystem32svchost.exe => MD5 is legit C:WindowsSystem32services.exe => MD5 is legit C:WindowsSystem32User32.dll => MD5 is legit C:WindowsSystem32userinit.exe => MD5 is legit C:WindowsSystem32Driversvolsnap.sys => MD5 is legit ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=C: description Windows Boot Manager locale bg-BG inherit {globalsettings} default {current} resumeobject {01607b7e-b5f6-11e2-92ce-93039de02e89} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {current} device partition=C: path Windowssystem32winload.exe description Windows 7 locale bg-BG inherit {bootloadersettings} recoverysequence {01607b80-b5f6-11e2-92ce-93039de02e89} recoveryenabled Yes osdevice partition=C: systemroot Windows resumeobject {01607b7e-b5f6-11e2-92ce-93039de02e89} nx OptIn Windows Boot Loader ------------------- identifier {01607b80-b5f6-11e2-92ce-93039de02e89} device ramdisk=[C:]Recovery01607b80-b5f6-11e2-92ce-93039de02e89Winre.wim,{01607b81-b5f6-11e2-92ce-93039de02e89} path windowssystem32winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]Recovery01607b80-b5f6-11e2-92ce-93039de02e89Winre.wim,{01607b81-b5f6-11e2-92ce-93039de02e89} systemroot windows nx OptIn winpe Yes Resume from Hibernate --------------------- identifier {01607b7e-b5f6-11e2-92ce-93039de02e89} device partition=C: path Windowssystem32winresume.exe description Windows Resume Application locale bg-BG inherit {resumeloadersettings} filedevice partition=C: filepath hiberfil.sys pae Yes debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=C: path bootmemtest.exe description Windows Memory Diagnostic locale bg-BG inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {01607b81-b5f6-11e2-92ce-93039de02e89} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath Recovery01607b80-b5f6-11e2-92ce-93039de02e89boot.sdi Last Boot: 2013-06-03 12:22 ==================== End Of Log ============================
  6. ComboFix 13-06-06.03 - Niki 06.2013 г. 20:18:59.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1026.18.2047.1083 [GMT 3:00] Running from: c:usersNikiDownloadsComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-05-06 to 2013-06-06 ))))))))))))))))))))))))))))))) . . 2013-06-06 09:38 . 2013-06-06 09:38 60872 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{66BF24AC-399F-49F3-87EA-425B7EF2F70D}offreg.dll 2013-06-06 09:28 . 2013-06-06 09:46 -------- d-----w- c:program filesGridinSoft Trojan Killer 2013-06-05 05:47 . 2013-05-13 06:19 7016152 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{66BF24AC-399F-49F3-87EA-425B7EF2F70D}mpengine.dll 2013-06-03 19:00 . 2013-06-03 19:00 -------- d-----w- c:usersNikiAppDataLocalNokiaAccount 2013-05-15 09:48 . 2013-03-19 04:53 186368 ----a-w- c:windowssystem32wwansvc.dll 2013-05-15 09:48 . 2013-03-19 03:33 40960 ----a-w- c:windowssystem32wwanprotdim.dll 2013-05-15 09:48 . 2013-04-10 03:14 2347520 ----a-w- c:windowssystem32win32k.sys 2013-05-15 09:48 . 2013-04-10 05:18 728424 ----a-w- c:windowssystem32driversdxgkrnl.sys 2013-05-15 09:48 . 2013-04-10 05:18 218984 ----a-w- c:windowssystem32driversdxgmms1.sys 2013-05-15 09:48 . 2013-02-27 05:05 101720 ----a-w- c:windowssystem32consent.exe 2013-05-15 09:48 . 2013-02-27 04:49 1796096 ----a-w- c:windowssystem32authui.dll 2013-05-15 09:48 . 2013-02-27 04:49 47104 ----a-w- c:windowssystem32appinfo.dll 2013-05-10 18:59 . 2013-05-10 18:59 -------- d-----w- c:usersNikiAppDataRoamingSoftland 2013-05-10 18:59 . 2013-05-09 07:51 24896 ----a-w- c:windowssystem32novamnp7.dll 2013-05-10 18:59 . 2013-05-09 07:51 22336 ----a-w- c:windowssystem32novamip7.dll 2013-05-10 18:59 . 2010-02-05 12:00 1700352 ----a-w- c:windowssystem32GdiPlus.dll 2013-05-10 18:59 . 2013-05-10 18:59 -------- d-----w- c:program filesnovaPDF Professional Desktop 7 2013-05-10 18:22 . 2013-05-13 16:31 -------- d-----w- c:usersNikiAppDataRoamingAhead 2013-05-09 21:02 . 2013-05-09 21:02 -------- d-----w- c:usersNikiAppDataRoamingACD Systems 2013-05-09 15:01 . 2013-05-09 15:06 -------- d-----w- c:usersNikiAppDataRoamingCanon 2013-05-09 15:01 . 2013-05-09 15:01 -------- d--h--w- c:programdataCanonIJScan 2013-05-09 15:00 . 2013-05-09 15:00 -------- d-----w- c:usersNikiAppDataRoamingABBYY . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-05 22:09 . 2013-05-05 22:09 56320 ----a-w- c:windowssystem32TSWbPrxy.exe 2013-05-05 22:09 . 2013-05-05 22:09 49664 ----a-w- c:windowssystem32driversTsUsbFlt.sys 2013-05-05 22:09 . 2013-05-05 22:09 4916224 ----a-w- c:windowssystem32mstscax.dll 2013-05-05 22:09 . 2013-05-05 22:09 46592 ----a-w- c:windowssystem32MsRdpWebAccess.dll 2013-05-05 22:09 . 2013-05-05 22:09 37376 ----a-w- c:windowssystem32tsgqec.dll 2013-05-05 22:09 . 2013-05-05 22:09 32768 ----a-w- c:windowssystem32TsUsbGDCoInstaller.dll 2013-05-05 22:09 . 2013-05-05 22:09 317440 ----a-w- c:windowssystem32wksprt.exe 2013-05-05 22:09 . 2013-05-05 22:09 3072 ----a-w- c:windowssystem32driversen-UStsusbflt.sys.mui 2013-05-05 22:09 . 2013-05-05 22:09 2739712 ----a-w- c:windowssystem32rdpcorets.dll 2013-05-05 22:09 . 2013-05-05 22:09 27136 ----a-w- c:windowssystem32driversTsUsbGD.sys 2013-05-05 22:09 . 2013-05-05 22:09 269312 ----a-w- c:windowssystem32aaclient.dll 2013-05-05 22:09 . 2013-05-05 22:09 24064 ----a-w- c:windowssystem32driversterminpt.sys 2013-05-05 22:09 . 2013-05-05 22:09 221184 ----a-w- c:windowssystem32rdpudd.dll 2013-05-05 22:09 . 2013-05-05 22:09 192000 ----a-w- c:windowssystem32rdpendp_winip.dll 2013-05-05 22:09 . 2013-05-05 22:09 16896 ----a-w- c:windowssystem32wksprtPS.dll 2013-05-05 22:09 . 2013-05-05 22:09 14848 ----a-w- c:windowssystem32driversrdpvideominiport.sys 2013-05-05 22:09 . 2013-05-05 22:09 13312 ----a-w- c:windowssystem32TsUsbRedirectionGroupPolicyExtension.dll 2013-05-05 22:09 . 2013-05-05 22:09 12800 ----a-w- c:windowssystem32RdpGroupPolicyExtension.dll 2013-05-05 22:09 . 2013-05-05 22:09 12288 ----a-w- c:windowssystem32TsUsbRedirectionGroupPolicyControl.exe 2013-05-05 22:09 . 2013-05-05 22:09 1048064 ----a-w- c:windowssystem32mstsc.exe 2013-05-05 22:08 . 2013-05-05 22:08 369856 ----a-w- c:windowssystem32driverscng.sys 2013-05-05 22:08 . 2013-05-05 22:08 247808 ----a-w- c:windowssystem32schannel.dll 2013-05-05 22:08 . 2013-05-05 22:08 136560 ----a-w- c:windowssystem32driversksecpkg.sys 2013-05-05 22:08 . 2013-05-05 22:08 1039360 ----a-w- c:windowssystem32lsasrv.dll 2013-05-05 22:07 . 2013-05-05 22:07 514560 ----a-w- c:windowssystem32qdvd.dll 2013-05-05 19:22 . 2013-05-05 19:22 53248 ----a-r- c:usersNikiAppDataRoamingMicrosoftInstaller{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}ARPPRODUCTICON.exe 2013-05-05 18:22 . 2013-03-06 10:24 44432 ----a-w- c:windowssystem32driverskltdi.sys 2013-05-05 18:22 . 2012-08-13 13:49 145040 ----a-w- c:windowssystem32driverskneps.sys 2013-05-05 18:22 . 2013-05-05 17:59 74848 ----a-w- c:windowssystem32driversklflt.sys 2013-05-05 17:02 . 2013-05-05 17:02 242240 ----a-w- c:windowssystem32driversdtsoftbus01.sys 2013-05-05 16:48 . 2013-05-05 16:48 71048 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2013-05-05 16:48 . 2013-05-05 16:48 691592 ----a-w- c:windowssystem32FlashPlayerApp.exe 2013-05-01 23:06 . 2013-05-05 15:56 238872 ------w- c:windowssystem32MpSigStub.exe 2013-04-23 00:27 . 2013-04-23 00:27 80256 ----a-w- c:windowssystem32driversamdsata.sys 2013-04-23 00:27 . 2013-04-23 00:27 74240 ----a-w- c:windowssystem32fsutil.exe 2013-04-23 00:27 . 2013-04-23 00:27 332160 ----a-w- c:windowssystem32driversiaStorV.sys 2013-04-23 00:27 . 2013-04-23 00:27 22400 ----a-w- c:windowssystem32driversamdxata.sys 2013-04-23 00:27 . 2013-04-23 00:27 1699328 ----a-w- c:windowssystem32esent.dll 2013-04-23 00:27 . 2013-04-23 00:27 148864 ----a-w- c:windowssystem32driversstorport.sys 2013-04-23 00:27 . 2013-04-23 00:27 143744 ----a-w- c:windowssystem32driversnvstor.sys 2013-04-23 00:27 . 2013-04-23 00:27 117120 ----a-w- c:windowssystem32driversnvraid.sys 2013-04-23 00:27 . 2013-04-23 00:27 69632 ----a-w- c:windowssystem32smss.exe 2013-04-23 00:27 . 2013-04-23 00:27 3968856 ----a-w- c:windowssystem32ntkrnlpa.exe 2013-04-23 00:27 . 2013-04-23 00:27 3913560 ----a-w- c:windowssystem32ntoskrnl.exe 2013-04-23 00:27 . 2013-04-23 00:27 38912 ----a-w- c:windowssystem32csrsrv.dll 2013-04-23 00:27 . 2013-04-23 00:27 15872 ----a-w- c:windowssystem32driversusb8023.sys 2013-04-23 00:26 . 2013-04-23 00:26 196328 ----a-w- c:windowssystem32driversfvevol.sys 2013-04-23 00:26 . 2013-04-23 00:26 561664 ----a-w- c:windowsapppatchAcLayers.dll 2013-04-23 00:26 . 2013-04-23 00:26 187752 ----a-w- c:windowssystem32driversFWPKCLNT.SYS 2013-04-23 00:26 . 2013-04-23 00:26 1293672 ----a-w- c:windowssystem32driverstcpip.sys 2013-04-23 00:26 . 2013-04-23 00:26 169984 ----a-w- c:windowssystem32winsrv.dll 2013-04-23 00:26 . 2013-04-23 00:26 626688 ----a-w- c:windowssystem32usp10.dll 2013-04-23 00:25 . 2013-04-23 00:25 220160 ----a-w- c:windowssystem32ncrypt.dll 2013-04-23 00:25 . 2013-04-23 00:25 2048 ----a-w- c:windowssystem32tzres.dll 2013-04-23 00:25 . 2013-04-23 00:25 55296 ----a-w- c:windowssystem32cero.rs 2013-04-23 00:25 . 2013-04-23 00:25 51712 ----a-w- c:windowssystem32esrb.rs 2013-04-23 00:25 . 2013-04-23 00:25 46592 ----a-w- c:windowssystem32fpb.rs 2013-04-23 00:25 . 2013-04-23 00:25 45568 ----a-w- c:windowssystem32oflc-nz.rs 2013-04-23 00:25 . 2013-04-23 00:25 44544 ----a-w- c:windowssystem32pegibbfc.rs 2013-04-23 00:25 . 2013-04-23 00:25 43520 ----a-w- c:windowssystem32csrr.rs 2013-04-23 00:25 . 2013-04-23 00:25 40960 ----a-w- c:windowssystem32cob-au.rs 2013-04-23 00:25 . 2013-04-23 00:25 308736 ----a-w- c:windowssystem32Wpc.dll 2013-04-23 00:25 . 2013-04-23 00:25 30720 ----a-w- c:windowssystem32usk.rs 2013-04-23 00:25 . 2013-04-23 00:25 2576384 ----a-w- c:windowssystem32gameux.dll 2013-04-23 00:25 . 2013-04-23 00:25 23552 ----a-w- c:windowssystem32oflc.rs 2013-04-23 00:25 . 2013-04-23 00:25 21504 ----a-w- c:windowssystem32grb.rs 2013-04-23 00:25 . 2013-04-23 00:25 20480 ----a-w- c:windowssystem32pegi.rs 2013-04-23 00:25 . 2013-04-23 00:25 20480 ----a-w- c:windowssystem32pegi-pt.rs 2013-04-23 00:25 . 2013-04-23 00:25 20480 ----a-w- c:windowssystem32pegi-fi.rs 2013-04-23 00:25 . 2013-04-23 00:25 15360 ----a-w- c:windowssystem32djctq.rs 2013-04-23 00:25 . 2013-04-23 00:25 376832 ----a-w- c:windowssystem32dpnet.dll 2013-04-23 00:24 . 2013-04-23 00:24 492032 ----a-w- c:windowssystem32win32spl.dll 2013-04-23 00:24 . 2013-04-23 00:24 44032 ----a-w- c:windowssystem32dhcpcsvc6.dll 2013-04-23 00:24 . 2013-04-23 00:24 193536 ----a-w- c:windowssystem32dhcpcore6.dll 2013-04-23 00:24 . 2013-04-23 00:24 1389568 ----a-w- c:windowssystem32msxml6.dll 2013-04-23 00:24 . 2013-04-23 00:24 70656 ----a-w- c:windowssystem32fontsub.dll 2013-04-23 00:24 . 2013-04-23 00:24 34304 ----a-w- c:windowssystem32atmlib.dll 2013-04-23 00:24 . 2013-04-23 00:24 295424 ----a-w- c:windowssystem32atmfd.dll 2013-04-23 00:23 . 2013-04-23 00:23 52224 ----a-w- c:windowssystem32nlaapi.dll 2013-04-23 00:23 . 2013-04-23 00:23 499712 ----a-w- c:windowssystem32iphlpsvc.dll 2013-04-23 00:23 . 2013-04-23 00:23 35328 ----a-w- c:windowssystem32driverstcpipreg.sys 2013-04-23 00:23 . 2013-04-23 00:23 242176 ----a-w- c:windowssystem32nlasvc.dll 2013-04-23 00:23 . 2013-04-23 00:23 240496 ----a-w- c:windowssystem32driversnetio.sys 2013-04-23 00:23 . 2013-04-23 00:23 18944 ----a-w- c:windowssystem32netevent.dll 2013-04-23 00:23 . 2013-04-23 00:23 175104 ----a-w- c:windowssystem32netcorehc.dll 2013-04-23 00:23 . 2013-04-23 00:23 156672 ----a-w- c:windowssystem32ncsi.dll 2013-04-23 00:23 . 2013-04-23 00:23 172544 ----a-w- c:windowssystem32wintrust.dll 2013-04-23 00:23 . 2013-04-23 00:23 542208 ----a-w- c:windowssystem32kerberos.dll 2013-04-23 00:23 . 2013-04-23 00:23 400896 ----a-w- c:windowssystem32srcore.dll 2013-04-23 00:22 . 2013-04-23 00:22 245760 ----a-w- c:windowssystem32OxpsConverter.exe 2013-04-23 00:22 . 2013-04-23 00:22 78336 ----a-w- c:windowssystem32synceng.dll 2013-04-23 00:22 . 2013-04-23 00:22 2048 ----a-w- c:windowssystem32msxml3r.dll 2013-04-23 00:22 . 2013-04-23 00:22 1236992 ----a-w- c:windowssystem32msxml3.dll 2013-04-23 00:22 . 2013-04-23 00:22 712048 ----a-w- c:windowssystem32driversndis.sys 2013-04-23 00:22 . 2013-04-23 00:22 33280 ----a-w- c:windowssystem32driversRNDISMP.sys 2013-04-23 00:21 . 2013-04-23 00:21 769024 ----a-w- c:windowssystem32localspl.dll 2013-04-23 00:21 . 2013-04-23 00:21 164352 ----a-w- c:windowssystem32profsvc.dll 2013-04-23 00:21 . 2013-04-23 00:21 41984 ----a-w- c:windowssystem32browcli.dll 2013-04-23 00:21 . 2013-04-23 00:21 102912 ----a-w- c:windowssystem32browser.dll 2013-04-23 00:21 . 2013-04-23 00:21 2342400 ----a-w- c:windowssystem32msi.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Skype"="c:program filesSkypePhoneSkype.exe" [2013-02-28 18642024] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "AVP"="c:program filesKaspersky LabKaspersky Internet Security 2013avp.exe" [2013-03-06 356376] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregACPW06EN] 2012-08-31 12:22 1133176 ----a-w- c:program filesACD SystemsACDSee Pro6.0ACDSeePro6InTouch2.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM] 2013-04-04 21:06 958576 ----a-w- c:program filesCommon FilesAdobeARM1.0AdobeARM.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2008-01-22 07:13 152872 ----a-w- c:program filesCommon FilesAheadLibNMBgMonitor.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBonus.SSR.FR11] 2012-09-19 22:12 1348176 ----a-w- c:program filesABBYY FineReader 11Bonus.ScreenshotReader.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCanonMyPrinter] 2010-03-25 02:50 2516296 ----a-w- c:program filesCanonMyPrinterBJMYPRT.EXE . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCanonSolutionMenuEx] 2010-04-02 07:18 1185112 ----a-w- c:program filesCanonSolution Menu EXCNSEMAIN.EXE . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite] 2013-03-14 08:23 3672640 ----a-w- c:program filesDAEMON Tools LiteDTLite.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLogitech Vid] 2011-01-13 02:01 6129496 ----a-w- c:program filesLogitechVid HDVid.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLWS] 2011-11-11 11:08 205336 ----a-w- c:program filesLogitechLWSWebcam SoftwareLWS.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck] 2008-05-28 04:27 570664 ----a-w- c:program filesCommon FilesAheadLibNeroCheck.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC] 2012-12-19 13:49 642808 ----a-w- c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 ATE_PROCMON;ATE_PROCMON;c:program filesAnti Trojan EliteATEPMon.sys [x] R2 SkypeUpdate;Skype Updater;c:program filesSkypeUpdaterUpdater.exe [2013-02-28 161384] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW73.sys [2012-11-06 84992] R3 dmvsc;dmvsc;c:windowssystem32driversdmvsc.sys [2010-11-20 62464] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2013-05-05 14848] R3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt86win7.sys [2012-12-27 614624] R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [2010-11-20 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:windowssystem32driversterminpt.sys [2013-05-05 24064] R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:windowssystem32DRIVERSgtkdrv.sys [2012-01-04 16128] R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2013-05-05 49664] R3 TsUsbGD;Remote Desktop Generic USB Device;c:windowssystem32driversTsUsbGD.sys [2013-05-05 27136] R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [2010-11-20 112640] R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x] R3 WatAdminSvc;Услуга на технологиите за активиране на Windows;c:windowssystem32WatWatAdminSvc.exe [2013-05-05 1343400] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:program filesMicrosoft SQL Server100SharedSQLADHLP.EXE [2010-04-03 44896] R4 RsFx0151;RsFx0151 Driver;c:windowssystem32DRIVERSRsFx0151.sys [2011-06-17 240736] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys [2013-05-05 242240] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowssystem32DRIVERSklim6.sys [2012-08-02 24408] S1 kltdi;kltdi;c:windowssystem32DRIVERSkltdi.sys [2013-05-05 44432] S1 kneps;kneps;c:windowssystem32DRIVERSkneps.sys [2013-05-05 145040] S2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service;c:program filesCommon FilesABBYYFineReader11.00LicensingCENetworkLicenseServer.exe [2012-07-19 821840] S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:program filesIObitAdvanced SystemCare 6ASCService.exe [2013-01-15 465216] S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2012-12-19 219136] S2 AMD FUEL Service;AMD FUEL Service;c:program filesATI TechnologiesATI.ACEFuelFuel.Service.exe [2012-12-19 291840] S2 AODDriver4.2;AODDriver4.2;c:program filesATI TechnologiesATI.ACEFueli386AODDriver2.sys [2012-04-09 48256] S2 MBAMScheduler;MBAMScheduler;c:program filesMalwarebytes' Anti-Malwarembamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [2013-04-04 701512] S2 UMVPFSrv;UMVPFSrv;c:program filesCommon FileslogishrdLVMVFMUMVPFSrv.exe [2012-01-18 450848] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:windowssystem32DRIVERSklkbdflt.sys [2013-03-06 25944] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:windowssystem32DRIVERSklmouflt.sys [2013-03-06 25944] S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2013-04-04 22856] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-05-24 19:30 1165776 ----a-w- c:program filesGoogleChromeApplication27.0.1453.94Installerchrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-06 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2013-05-05 16:09] . 2013-06-06 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2013-05-05 16:09] . . ------- Supplementary Scan ------- . IE: &Експортиране към Microsoft Excel - c:progra~1MICROS~3Office12EXCEL.EXE/3000 IE: Add to Anti-Banner - c:program filesKaspersky LabKaspersky Internet Security 2013ie_banner_deny.htm TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:usersNikiAppDataRoamingMozillaFirefoxProfilesdbx418fs.default FF - prefs.js: browser.startup.homepage - www.google.bg FF - ExtSQL: 2013-05-05 21:23; anti_banner@kaspersky.com; c:program filesKaspersky LabKaspersky Internet Security 2013FFExtanti_banner@kaspersky.com FF - ExtSQL: 2013-05-05 21:23; content_blocker@kaspersky.com; c:program filesKaspersky LabKaspersky Internet Security 2013FFExtcontent_blocker@kaspersky.com FF - ExtSQL: 2013-05-05 21:23; online_banking@kaspersky.com; c:program filesKaspersky LabKaspersky Internet Security 2013FFExtonline_banking@kaspersky.com FF - ExtSQL: 2013-05-05 21:23; url_advisor@kaspersky.com; c:program filesKaspersky LabKaspersky Internet Security 2013FFExturl_advisor@kaspersky.com FF - ExtSQL: 2013-05-05 21:23; virtual_keyboard@kaspersky.com; c:program filesKaspersky LabKaspersky Internet Security 2013FFExtvirtual_keyboard@kaspersky.com FF - ExtSQL: 2013-05-05 23:13; ascsurfingprotection@iobit.com; c:usersNikiAppDataRoamingMozillaFirefoxProfilesdbx418fs.defaultextensionsascsurfingprotection@iobit.com FF - ExtSQL: 2013-05-06 00:39; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:usersNikiAppDataRoamingMozillaFirefoxProfilesdbx418fs.defaultextensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-05-19 12:09; abvnotifier@netinfo.bg; c:usersNikiAppDataRoamingMozillaFirefoxProfilesdbx418fs.defaultextensionsabvnotifier@netinfo.bg.xpi FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.chrome.favicons - false FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: content.notify.ontimer - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.switch.threshold - 750000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Anti Trojan Elite - c:program filesAnti Trojan EliteTJEnder.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:windowssystem32atieclxx.exe c:windowssystem32taskhost.exe c:program filesCommon FilesAdobeARM1.0armsvc.exe c:program filesMalwarebytes' Anti-Malwarembamgui.exe c:program filesMicrosoft SQL ServerMSSQL10_50.MSSQLSERVERMSSQLBinnsqlservr.exe c:windowssystem32IoctlSvc.exe c:program filesMicrosoft SQL Server90Sharedsqlwriter.exe c:windowssystem32conhost.exe c:program filesWindows Media Playerwmpnetwk.exe c:program fileswindows defenderMpCmdRun.exe . ************************************************************************** . Completion time: 2013-06-06 20:38:16 - machine was rebooted ComboFix-quarantined-files.txt 2013-06-06 17:38 . Pre-Run: 84 013 293 568 bytes free Post-Run: 83 976 286 208 bytes free . - - End Of File - - D565725513B8C7E0F1CE747F2BC973C9 A36C5E4F47E84449FF07ED3517B43A31 Това са резултатите от Combofix
  7. Преди няколко дена в таск мениджъра видях процес proof.exe и при сканиране със Malwarebytes засече троянец и keylogger.Изтрих ги и пуснах с Касперски интернет секюрити 2013 пълно сканиране, при което не бяха открити зловредни обекти, но като погледнах в application activity и network monitor(kaspersky) видях .exe-та, които са напълно непознати : "tjsretivwnu.exe";"tjender.exe";"conms.exe"; "nwwyclip.exe";"raprnrbbmjb.exe";"upd7bc.tmp" и още десет подобни.Сканирах и с Malwarebytes отново целия компютър,но пак не намери нищо, в network activity виждам, че някои от .exe-та имат network traffic. DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 9.10.9200.16576 Run by Niki at 19:43:39 on 2013-06-06 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1026.18.2047.903 [GMT 3:00] . AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} . ============== Running Processes ================ . C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Program FilesIObitAdvanced SystemCare 6ASCService.exe C:Windowssystem32atiesrxx.exe C:Program FilesCommon FileslogishrdLVMVFMUMVPFSrv.exe C:Windowssystem32atieclxx.exe C:WindowsSystem32spoolsv.exe C:Program FilesCommon FilesABBYYFineReader11.00LicensingCENetworkLicenseServer.exe C:Windowssystem32taskhost.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program FilesCommon FilesAdobeARM1.0armsvc.exe C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe C:Program FilesKaspersky LabKaspersky Internet Security 2013avp.exe C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe c:Program FilesMicrosoft SQL ServerMSSQL10_50.MSSQLSERVERMSSQLBinnsqlservr.exe C:Program FilesKaspersky LabKaspersky Internet Security 2013avp.exe C:Program FilesSkypePhoneSkype.exe C:Windowssystem32IoctlSvc.exe c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe C:Windowssystem32SearchIndexer.exe C:Program FilesWindows Media Playerwmpnetwk.exe C:Windowssystem32taskhost.exe C:Program FilesMozilla Firefoxfirefox.exe C:Windowssystem32SearchProtocolHost.exe C:Windowssystem32SearchFilterHost.exe C:Program FilesKaspersky LabKaspersky Internet Security 2013wmi32.exe C:Windowssystem32conhost.exe C:Windowssystem32wbemwmiprvse.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32svchost.exe -k RPCSS C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k GPSvcGroup C:Windowssystem32svchost.exe -k NetworkService C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:Windowssystem32svchost.exe -k imgsvc C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalServicePeerNet C:WindowsSystem32svchost.exe -k secsvcs . ============== Pseudo HJT Report =============== . BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:program fileskaspersky labkaspersky internet security 2013ieextcontentblockerie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:program fileskaspersky labkaspersky internet security 2013ieextvirtualkeyboardie_virtual_keyboard_plugin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:program fileskaspersky labkaspersky internet security 2013ieextonlinebankingonline_banking_bho.dll BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:program filesiobitadvanced systemcare 6browerprotectASCPlugin_Protection.dll BHO: QUICKfind BHO Object: {C08DF07A-3E49-4E25-9AB0-D3882835F153} - c:program filesidmquickfindpluginsIEHelp.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:program fileskaspersky labkaspersky internet security 2013ieexturladvisorklwtbbho.dll uRun: [skype] "c:program filesskypephoneSkype.exe" /minimized /regrun uRun: [Anti Trojan Elite] c:program filesanti trojan eliteTJEnder.exe :NO mRun: [AVP] "c:program fileskaspersky labkaspersky internet security 2013avp.exe" mPolicies-Explorer: NoDriveTypeAutoRun = dword:12 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: &Експортиране към Microsoft Excel - c:progra~1micros~3office12EXCEL.EXE/3000 IE: Add to Anti-Banner - c:program fileskaspersky labkaspersky internet security 2013ie_banner_deny.htm IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:program fileskaspersky labkaspersky internet security 2013ieextvirtualkeyboardie_virtual_keyboard_plugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:program fileskaspersky labkaspersky internet security 2013ieexturladvisorklwtbbho.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.0.1 TCP: Interfaces{7B852E35-2AE6-4364-AC93-A3704879EC6F} : DHCPNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:program filesgooglechromeapplication27.0.1453.94installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:usersnikiappdataroamingmozillafirefoxprofilesdbx418fs.default FF - prefs.js: browser.startup.homepage - www.google.bg FF - plugin: c:program filesadobereader 11.0readerairnppdf32.dll FF - plugin: c:program filesgoogleupdate1.3.21.145npGoogleUpdate3.dll _______________________________________________________________________________________________________________________________ . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows 7 Ultimate Boot Device: DeviceHarddiskVolume1 Install Date: 5.5.2013 г. 18:47:32 System Uptime: 6.6.2013 г. 17:02:59 (2 hours ago) . Motherboard: ASRock | | ALiveXFire-eSATA2.. Processor: AMD Athlon II X2 250 Processor | CPUSocket | 2991/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 235 GiB total, 78,352 GiB free. D: is FIXED (NTFS) - 138 GiB total, 43,489 GiB free. E: is CDROM () I: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Realtek PCIe GBE Family Controller Device ID: PCIVEN_10EC&DEV_8168&SUBSYS_81681849&REV_014&37C6C9FF&0&0028 Manufacturer: Realtek Name: Realtek PCIe GBE Family Controller PNP Device ID: PCIVEN_10EC&DEV_8168&SUBSYS_81681849&REV_014&37C6C9FF&0&0028 Service: RTL8167 . Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: Microsoft PS/2 Mouse Device ID: ACPIPNP0F034&4DFA2DE&0 Manufacturer: Microsoft Name: Microsoft PS/2 Mouse PNP Device ID: ACPIPNP0F034&4DFA2DE&0 Service: i8042prt . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: ATE_PROCMON Device ID: ROOTLEGACY_ATE_PROCMON0000 Manufacturer: Name: ATE_PROCMON PNP Device ID: ROOTLEGACY_ATE_PROCMON0000 Service: ATE_PROCMON . ==== System Restore Points =================== . RP29: 29.5.2013 г. 09:05:13 - Windows Update RP30: 1.6.2013 г. 09:41:39 - Windows Update RP31: 5.6.2013 г. 08:47:35 - Windows Update . ==== Installed Programs ====================== . µTorrent ABBYY FineReader 11 Corporate Edition ACDSee Pro 6 Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) Advanced SystemCare 6 AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center CameraHelperMsi Camtasia Studio 8 Canon IJ Network Tool Canon MP Navigator EX 4.0 Canon MP495 series MP Drivers Canon MP495 series User Registration Canon My Printer Canon Solution Menu EX Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Counter-Strike 1.6: New Era DAEMON Tools Lite erLT Google Chrome Google Update Helper Kaspersky Internet Security 2013 Logitech Vid HD Logitech Webcam Software Longman Dictionary of Contemporary English 5th Edition LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware, версия 1.75.0.1300 Microinvest Invoice Pro Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office Access MUI (Bulgarian) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Bulgarian) 2007 Microsoft Office Groove MUI (Bulgarian) 2007 Microsoft Office InfoPath MUI (Bulgarian) 2007 Microsoft Office OneNote MUI (Bulgarian) 2007 Microsoft Office Outlook MUI (Bulgarian) 2007 Microsoft Office PowerPoint MUI (Bulgarian) 2007 Microsoft Office Proof (Bulgarian) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Russian) 2007 Microsoft Office Proofing (Bulgarian) 2007 Microsoft Office Publisher MUI (Bulgarian) 2007 Microsoft Office Shared MUI (Bulgarian) 2007 Microsoft Office Word MUI (Bulgarian) 2007 Microsoft SQL Server 2008 R2 Microsoft SQL Server 2008 R2 Native Client Microsoft SQL Server 2008 R2 RsFx Driver Microsoft SQL Server 2008 R2 Setup (English) Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Browser Microsoft SQL Server Native Client Microsoft SQL Server VSS Writer Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft_VC100_CRT_SP1_x86 Mozilla Firefox 21.0 (x86 bg) Mozilla Maintenance Service MSVC80_x86_v2 MSVC90_x86 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 7 Premium neroxml Nokia Connectivity Cable Driver Nokia Suite novaPDF Professional Desktop 7.7 printer PC Connectivity Solution QUICKfind server v1.1 Realtek HDMI Audio Driver for ATI Realtek PCI Fast Ethernet Controller Driver For Vista and Win7 SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Service Pack 1 for SQL Server 2008 R2 (KB2528583) Skype™ 6.3 SQL Server 2008 R2 SP1 Common Files SQL Server 2008 R2 SP1 Database Engine Services SQL Server 2008 R2 SP1 Database Engine Shared Sql Server Customer Experience Improvement Program StoreHouse LITE 2.6.12.22 Subtitle Workshop 2.51 The KMPlayer (remove only) Trojan Killer Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) WinRAR 4.20 (32-битова версия) . ==== Event Viewer Messages From Past Week ======== . 6.6.2013 г. 12:57:14, Error: Disk [11] - The driver detected a controller error on DeviceHarddisk1DR1. 6.6.2013 г. 12:57:14, Error: Disk [11] - The driver detected a controller error on DeviceHarddisk1DR1. 6.6.2013 г. 12:57:13, Error: Disk [11] - The driver detected a controller error on DeviceHarddisk1DR1. 6.6.2013 г. 12:57:13, Error: Disk [11] - The driver detected a controller error on DeviceHarddisk1DR1. 6.6.2013 г. 12:12:43, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 6.6.2013 г. 09:10:16, Error: Service Control Manager [7009] - Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Windows Error Reporting Service да се свърже. 6.6.2013 г. 09:04:34, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 6.6.2013 г. 08:48:19, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 5.6.2013 г. 23:13:05, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 5.6.2013 г. 08:43:26, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 4.6.2013 г. 08:16:14, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 31.5.2013 г. 08:14:57, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 30.5.2013 г. 22:16:26, Error: Disk [11] - The driver detected a controller error on DeviceHarddisk1DR3. 30.5.2013 г. 22:16:25, Error: Disk [11] - The driver detected a controller error on DeviceHarddisk1DR3. 30.5.2013 г. 22:16:25, Error: Disk [11] - The driver detected a controller error on DeviceHarddisk1DR3. 30.5.2013 г. 22:16:24, Error: Disk [11] - The driver detected a controller error on DeviceHarddisk1DR3. 30.5.2013 г. 22:11:09, Error: Disk [11] - The driver detected a controller error on DeviceHarddisk2DR2. 30.5.2013 г. 22:11:09, Error: Disk [11] - The driver detected a controller error on DeviceHarddisk2DR2. 30.5.2013 г. 22:11:08, Error: Disk [11] - The driver detected a controller error on DeviceHarddisk2DR2. 30.5.2013 г. 22:11:08, Error: Disk [11] - The driver detected a controller error on DeviceHarddisk2DR2. 30.5.2013 г. 08:27:32, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 3.6.2013 г. 10:40:36, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 2.6.2013 г. 15:57:52, Error: Service Control Manager [7011] - Изтекъл период на изчакване (30000 милисекунди) при изчакване на отговор за транзакция от услуга ShellHWDetection. 2.6.2013 г. 10:23:29, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 1.6.2013 г. 17:20:43, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 1.6.2013 г. 09:37:14, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. . ==== End Of File =========================== Ще бъда благодарен ако някой успее да помогне.
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.