Премини към съдържанието

Филтри за търсене

Показани резултати за тагове 'РЕШЕН'.

  • Търсене по таг

    Въведете тагове разделени със запетая
  • Търсене по автор

Търсене в


Форуми

  • Софтуер
    • Нови Програми
    • Търсене на Програми
    • Програми - Проблеми и Дискусии
    • Драйвери - Търсене, Проблеми, Линкове
    • Операционни системи
    • Сигурност и антивирусна защита
    • Игри
  • Хардуер
    • Общи хардуерни въпроси
    • Преносими компютри
    • Дънни платки
    • Запаметяващи устройства и памети
    • Монитори, Аудио и Видеокарти
    • Периферия
    • Овърклок и PC модинг
    • Нови конфигурации и части, въпроси, препоръки и мнения
  • Мобилни телефони, GSM, Мобилни приложения, Комуникации
    • Мобилни телефони - Въпроси, Проблеми, Софтуер
    • Съвети при избор на телефон
    • Мобилни Приложения (Apps)
    • Мобилни оператори, Мрежи, Промоции, Абонаменти, Услуги
    • Други теми относно мобилни телефони
  • Уеб дизайн, Графичен дизайн, Програмиране
    • Програмиране
    • Графичен Дизайн и Визуални изкуства
    • CMS, Форумни и Торент системи
    • Хостинг, Домейни, Уеб сървъри
    • SEO, Уеб оптимизация и стандарти
  • Битова Техника
    • Аудиотехника
    • Телевизори, Видео и Фото техника, Видео наблюдение
    • Климатици - проблеми, съвети, въпроси
    • Бойлери, Печки, Отопление
    • Друга битова техника
  • Интернет, Локални Мрежи и GPS Навигации
    • Интернет, WiFi, xDSL и Локална Мрежа
    • Биткойн и Криптовалути
    • Онлайн бизнес, AdSense, Affilate програми
    • Рутери, Модеми, Суичове
    • Facebook - проблеми, въпроси, вируси
    • Skype, VoIP - Интернет телефония
    • GPS, Навигационни системи - Въпроси, Карти, Проблеми
  • Изкуство
    • Музика
    • Кино и Телевизия
    • Поезия и Лично творчество
    • Изкуство - Изящно, Приложно и Сценично
    • Фотография и Фотографска техника
    • Литература, Книги (e-books, video trainings, tutorials & etc.)
  • Други
    • Статии и ревюта
    • Образование и обща култура
    • Религия, Мистика, Езотерика
    • История
    • Философия
    • Психология и Психотерапия
    • Новини от България и Света
    • Българите по света
    • Политика
    • Право и Юридически консултации
    • Здраве и Mедицина
    • Банки, Застраховане, Финанси, Кредити
    • Тийн Зона (Teen Zone)
    • Купувам / Продавам
    • Всичко останало
  • Хоби, Развлечение и Свободно време
    • Спорт
    • Автомобили
    • Дом и семейство
    • Домашни любимци
    • Пътешествия и туризъм
    • Кулинар
    • Изповеди
    • Празни приказки и забава
  • За kaldata.com
    • Новини относно сайта
    • Предложения, Въпроси и Проблеми свързани със сайта
  • групите за са стадото аз съм вълк единак Теми
  • Photoshop майнаци Теми
  • Аудио-видео и компютърна техника За приемане на членове
  • Аудио-видео и компютърна техника Теми
  • python3 data types
  • какви са ви любимите игри?? Темиигри за вас
  • супрески игри и рекорди Темиигри за вас

Блогове

Няма резултати

Няма резултати

Категории

  • Компютри
    • Компютърни конфигурации
    • Компютърни компоненти
    • Периферни устройства
    • Дънни платки
    • Мултимедия
    • Компютърни игри и софтуер
    • Администриране и интернет услуги
    • Компютърни аксесоари
    • Лаптопи и таблети
    • Видеокарти
    • Монитори
    • Процесори
    • Хард дискове и Памети
    • Други
  • Електроника
    • Телефони, GSM апарати
    • Аудио
    • Битова електроника
    • GPS и навигационни системи
    • Фотоапарати и обективи
    • TV и Видео
    • Други
  • Имоти
    • Гарсониери
    • Къщи и вили
    • Търговски площи
    • Гаражи
    • Апартаменти
    • Терени
    • Офиси
    • Други имоти в продажба
  • Авто-мото
    • Автомобили
    • Велосипеди
    • Лодки
    • Резервни части
    • Авто аксесоари
    • Мотоциклети
    • Скутери и ATV
    • Камиони и Автобуси
    • Авто сервизи и Rent-a-Car
    • Други
  • Работа
    • Работа в страната
    • Работа в чужбина
    • Стажове
    • Работа от вкъщи
    • Непълно работно време
  • Услуги
  • Строителство
  • Туризъм
  • Курсове и обучение
  • Домашни любимци
  • Други
  • супрески игри и рекорди Обяви
  • супрески игри и рекорди Обяви

Категории

  • Домашни любимци и Животни
  • Игри
  • Инциденти и Екстремни
  • Коли и превозни средства
  • Музика
    • Българска музика
    • Джаз
    • Електронна
    • Метъл и Рок
    • Народна и Фолклор
    • Поп и Диско
    • Поп-фолк
    • Рап и хип-хоп
    • Ритъм енд блус и соул
    • Друга
  • Новини и политика
  • Реклами
  • Смях и Развлечение
  • Спорт
  • Технологии, Компютри, Хардуер
  • ТВ Предавания и Шоу Програми
  • Хора и блогове
  • Филми и анимация
  • Други
  • Old School Hip-Hop and Electroo 80" Видео клипчета

Календари

  • Събития
  • Изложения
  • Семинари
  • Парти
  • Празници в България

Групи продукти

  • Банер Реклами

Търсене в...

Търси резултати които съдържат...


Дата

  • Начало

    Край


Последно обновяване

  • Начало

    Край


Филтриране по брой...

Регистрация

  • Начало

    Край


Група


Skype


Facebook


Google+


Twitter


ICQ


Yahoo


Интернет сайт


Град


Интереси

Открити 191 резултата

  1. Работи бавно както в интернет така и когато търса нещо в компютъра.Има доста процеси в таск менажера но не знам кои да махна.Компютъра е служебен и ми казаха че има мониторинг но не знаят точно какъв и да внимавам да не го изтрия. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015 Ran by Administrator (administrator) on GLBG1543PC02 on 10-06-2015 09:01:43 Running from D:\Users\Administrator\Desktop Loaded Profiles: Administrator & (Available Profiles: Librarian & Visitor & Administrator) Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (OCS Inventory NG) C:\Program Files\OCS Inventory Agent\OcsService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [startCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-13] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-05-31] (Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-21] (Avast Software s.r.o.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation) Winlogon\Notify\avldr: avldr.dll [X] Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.) HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-31] (Google Inc.) HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Librarian\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-24] (Facebook Inc.) HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Yahoo! Search] => C:\Users\Librarian\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe [533352 2014-10-31] (Pay By Ads LTD) HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Visitor\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-08] (Google Inc.) HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Yahoo! Search] => C:\Users\Visitor\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.25.0\dsrlte.exe [644352 2015-04-06] (Pay By Ads LTD) HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e1cfbb30-26f5-11e1-8429-806e6f6e6963} - F:\setup.exe HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\MountPoints2: {4f5b41b8-3f6a-11e2-a03f-3cd92b637c04} - G:\Autoplay.exe -auto HKU\S-1-5-21-299244719-1399796724-3294634451-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4f5b41b8-3f6a-11e2-a03f-3cd92b637c04} - G:\Autoplay.exe -auto HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.) IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-06-09] () Startup: C:\Users\Librarian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012-04-17] ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Administrator\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-21] (Avast Software s.r.o.) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-299244719-1399796724-3294634451-1006\User: Group Policy Restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-299244719-1399796724-3294634451-1005\User: Group Policy Restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141 HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://rts.dsrlte.com?affID=na HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://rts.dsrlte.com?affID=na HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-299244719-1399796724-3294634451-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://rts.dsrlte.com?affID=na HKU\S-1-5-21-299244719-1399796724-3294634451-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://rts.dsrlte.com?affID=na HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://rts.dsrlte.com?affID=na HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://rts.dsrlte.com?affID=na URLSearchHook: HKLM - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871} URLSearchHook: HKLM - (No Name) - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - No File SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=129&systemid=473&v=n13452-488&apn_uid=3353606502134112&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKLM -> {7182CC3C-E589-4389-7306-16715D3A4C42} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=944&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=0222813120954441&q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutA0C0DzytB0ByCtAyB0CtDyE0D0BtC0CtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1760736312 SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> bProtectorDefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> bProtectorDefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DDFDC732-AAD1-47A8-8776-3550658B2875} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=738 SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=9C433CD92B637C04&affID=121565&tsp=5008 SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=129&systemid=473&v=n13452-488&apn_uid=3353606502134112&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> {7182CC3C-E589-4389-7306-16715D3A4C42} URL = http://search.babylon.com/?q={searchTerms}&AF=110393&babsrc=SP_ss&mntrId=9c43db1c0000000000003cd92b637c04 SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=944&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=0222813120954441&q={searchTerms} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> {BA967819-B32C-4ED8-B04E-05D2A406477C} URL = http://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> {BBE9CA6B-DF88-4665-BCF3-DB5D8B6DF0D6} URL = http://search.conduit.com/Results.aspx?ctid=CT3310393&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP6CFCCE7A-1268-4F59-949C-754A9EE916F8&q={searchTerms} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> {ECDD8EEE-1125-4213-A34F-F1E0BD72846F} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=980 SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=9C433CD92B637C04&affID=121565&tsp=5008 SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=129&systemid=473&v=n13452-488&apn_uid=3353606502134112&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {7182CC3C-E589-4389-7306-16715D3A4C42} URL = http://search.babylon.com/?q={searchTerms}&AF=110393&babsrc=SP_ss&mntrId=9c43db1c0000000000003cd92b637c04 SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=944&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=0222813120954441&q={searchTerms} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {BA967819-B32C-4ED8-B04E-05D2A406477C} URL = http://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {BBE9CA6B-DF88-4665-BCF3-DB5D8B6DF0D6} URL = http://search.conduit.com/Results.aspx?ctid=CT3310393&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP6CFCCE7A-1268-4F59-949C-754A9EE916F8&q={searchTerms} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ECDD8EEE-1125-4213-A34F-F1E0BD72846F} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=980 BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-21] (Avast Software s.r.o.) BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKLM - No Name - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - No File Toolbar: HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: AutorunsDisabled\skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default FF NewTab: FF DefaultSearchEngine: Bing FF SearchEngineOrder.1: Ask.com FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Keyword.URL: FF Homepage: hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-us|hxxp://rts.dsrlte.com?affID=na FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-21] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL No File FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL No File FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-09-12] (globalUpdate) FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-09-12] (globalUpdate) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Librarian\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-31] (Google Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Librarian\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-31] (Google Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: facebook.com/fbDesktopPlugin -> C:\Users\Librarian\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Visitor\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-06] (Google Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Visitor\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-06] (Google Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.) FF user.js: detected! => C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\user.js [2013-09-17] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\searchplugins\Ask.xml [2014-10-02] FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\searchplugins\bingp.xml [2015-04-03] FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\searchplugins\browsemngr.xml [2012-11-13] FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\searchplugins\conduit-search.xml [2013-09-26] FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\searchplugins\dsrlte.xml [2015-01-22] FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\searchplugins\Funmoods.xml [2012-11-16] FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\searchplugins\mixidj.xml [2013-09-17] FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\searchplugins\Search_Results.xml [2012-11-12] FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Ask.xml [2014-10-02] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml [2014-10-02] FF Extension: Default Tab - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\addon@defaulttab.com [2013-09-17] FF Extension: Funmoods.com - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\ffxtlbr@funmoods.com [2012-11-16] FF Extension: new game - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\Sq3TM@gmail.com [2015-04-02] FF Extension: Casual Games - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\ZAGeTQ8H@gmail.com [2015-05-28] FF Extension: Ask New Tabs - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\{9A7DF664-82DC-020F-C190-9A665AF83389} [2014-04-09] FF Extension: SimilarSites - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\{E71B541F-5E72-5555-A47C-E47863195841} [2013-04-11] FF Extension: Flash Video Downloader - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\artur.dubovoy@gmail.com.xpi [2012-09-25] FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi [2014-02-26] FF Extension: Feedback - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-12-04] FF Extension: Download YouTube Videos as MP4 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2012-09-25] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-10] FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\extensions\addon@defaulttab.com.xpi [not found] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\services-sync.js [2010-01-01] FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox-branding.js [2010-01-01] FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox-l10n.js [2010-01-01] FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox.js [2013-08-12] FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2007-04-03] <==== ATTENTION Chrome: ======= CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-08] CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-08] CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-25] CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-25] CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-25] CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-06-08] CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-08] CHR Extension: (Bookmark Manager) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24] CHR Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-08] CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-25] CHR HKLM\...\Chrome\Extension: [eiimolhnbbbdagljikeckdkldgemmmlj] - C:\Program Files\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx [Not Found] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-21] CHR HKLM\...\Chrome\Extension: [hidjnkeodmholilgafgdlgmgggbhnigl] - C:\Users\Administrator\AppData\Roaming\SimilarSites\similarsites.crx [Not Found] CHR HKLM\...\Chrome\Extension: [mpfapcdfbbledbojijcbcclmlieaoogk] - C:\Users\Administrator\AppData\Local\I Want This\Chrome\I Want This.crx [Not Found] CHR HKU\S-1-5-21-299244719-1399796724-3294634451-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (No Name) - C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\lnpddjhhjmmcnjbjdbopmniafbpfppkb [2015-05-28] OPR Extension: (lucky leap) - C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\olkpfcgompgkeceodpodleppkhdjoeom [2015-04-20] OPR Extension: (No Name) - C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\onbakjbemhciecaakohbeichgilnhhne [2015-04-21] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AgentService; C:\Program Files\LibraryClient\globalLibx32\service.exe [46592 2012-02-20] () [File not signed] R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-21] (Avast Software s.r.o.) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-21] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-21] (Avast Software) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation) R2 OCS Inventory Service; C:\Program Files\OCS Inventory Agent\OcsService.exe [38912 2013-04-08] (OCS Inventory NG) [File not signed] S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S2 bProtector; C:\ProgramData\bProtector\bProtect.exe [X] S4 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION S4 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION S2 Util lucky leap; "C:\Program Files\lucky leap\bin\utilluckyleap.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.01; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [39424 2011-06-24] (Advanced Micro Devices) [File not signed] R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-21] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-05-21] (Avast Software s.r.o.) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-21] (Avast Software s.r.o.) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [271248 2015-05-21] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-21] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-21] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-21] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-21] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-21] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-21] () S3 cxbu0wdm; C:\Windows\System32\DRIVERS\cxbu0wdm.sys [131064 2014-05-14] (HID Global Corporation) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2008-10-28] (Samsung Electronics Co., Ltd.) [File not signed] S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-14] (Broadcom Corporation) [File not signed] R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) R1 MpKsl436a8c4f; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{81093FBA-0347-46D4-A016-D06A4B3C8376}\MpKsl436a8c4f.sys [39464 2015-06-09] (Microsoft Corporation) R1 MpKsl9f5dc433; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{81093FBA-0347-46D4-A016-D06A4B3C8376}\MpKsl9f5dc433.sys [39464 2015-06-10] (Microsoft Corporation) R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2008-10-27] (Samsung Electronics) [File not signed] R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-21] (Avast Software) R1 {3b232d24-d5de-4194-b4d7-d53b41a09748}w; C:\Windows\System32\drivers\{3b232d24-d5de-4194-b4d7-d53b41a09748}w.sys [52416 2014-09-10] (StdLib) R1 {6ed88207-da38-4867-b856-ed5820836aa5}w; C:\Windows\System32\drivers\{6ed88207-da38-4867-b856-ed5820836aa5}w.sys [43152 2014-11-27] (StdLib) R1 {d7e589a9-c9af-419b-8b29-f43cc9595584}w; C:\Windows\System32\drivers\{d7e589a9-c9af-419b-8b29-f43cc9595584}w.sys [43152 2014-11-30] (StdLib) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S1 yoqododh; \??\C:\Windows\system32\drivers\yoqododh.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-10 09:04 - 2015-06-10 09:04 - 00000000 ____D C:\Program Files\Microsoft Office 2015-06-10 08:56 - 2015-06-10 09:02 - 00000000 ____D C:\FRST 2015-06-09 09:04 - 2015-05-24 12:40 - 00593048 ____N (Sysinternals - www.sysinternals.com) C:\autorunsc.exe 2015-06-09 09:04 - 2015-05-24 12:39 - 00680600 ____N (Sysinternals - www.sysinternals.com) C:\Autoruns.exe 2015-06-09 09:04 - 2014-06-28 16:47 - 00002028 ____N C:\Eula.txt 2015-06-09 08:34 - 2015-06-09 08:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\{9B08D2F6-41FE-40B1-8E2D-67A5F54D5468} 2015-06-08 11:46 - 2015-06-08 11:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\VSRevoGroup 2015-06-08 11:43 - 2015-06-08 11:43 - 00000000 ____D C:\Program Files\VS Revo Group 2015-06-08 10:09 - 2015-06-10 08:35 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-08 10:09 - 2015-06-08 10:09 - 00001026 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-08 10:09 - 2015-06-08 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-08 10:08 - 2015-06-08 10:09 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-06-08 10:08 - 2015-06-08 10:08 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-08 10:08 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-08 10:08 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-08 10:08 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-08 08:46 - 2015-06-08 08:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\{55898BB4-84DB-4972-A6D3-1C422794C945} 2015-06-05 13:14 - 2015-05-22 21:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-05 13:14 - 2015-05-22 21:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-05 13:14 - 2015-05-22 21:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-05 13:14 - 2015-05-22 21:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-05 13:14 - 2015-05-22 21:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-05 13:14 - 2015-05-22 21:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-05 13:14 - 2015-05-22 20:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-05 13:14 - 2015-05-21 16:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-05 13:01 - 2015-06-05 13:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\{B049210D-E73B-4D44-970C-05480D1A0D2B} 2015-06-02 10:06 - 2015-06-04 10:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\{2E0E6D98-968E-4C86-8268-82718DF5A82A} 2015-05-29 09:12 - 2015-05-29 09:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\{6CA558CC-73B4-4398-95F9-E50444B2C26F} 2015-05-28 13:26 - 2015-06-09 13:58 - 00000448 _____ C:\Windows\Tasks\casual_games_helper_service.job 2015-05-28 13:26 - 2015-05-28 13:26 - 00000000 ____D C:\Program Files\Casual Games 2015-05-28 10:46 - 2015-05-28 10:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\{BD0DDE8F-FFF3-4EC5-83CF-F95D466E12EF} 2015-05-27 12:16 - 2015-05-27 12:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\{C3E4B2B2-DF21-425B-A86D-13700E573D2E} 2015-05-26 12:50 - 2015-05-26 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\{A5570127-7FF7-45DB-88E2-DD178A14086B} 2015-05-25 12:51 - 2015-06-09 13:58 - 00001040 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-500UA.job 2015-05-25 12:51 - 2015-06-09 13:58 - 00000988 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-500Core.job 2015-05-25 11:49 - 2015-05-25 11:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\{8B24C122-E5A7-4B6C-8C5E-8B75D03CF937} 2015-05-22 09:27 - 2015-05-22 09:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\{E68D8378-FC2E-4AE7-8193-639A705BDA72} 2015-05-21 13:02 - 2015-05-21 13:03 - 00000000 ____D C:\Windows\system32\vbox 2015-05-21 12:53 - 2015-05-21 12:52 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-05-21 12:53 - 2015-05-21 12:52 - 00026096 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys 2015-05-21 12:52 - 2015-05-21 12:52 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-05-21 12:51 - 2015-05-21 12:51 - 00271248 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys 2015-05-21 11:18 - 2015-05-21 11:20 - 00000000 ____D C:\Users\Administrator\AppData\Local\{A159BB46-20C8-4923-BFD7-1B9B3B92EB9E} 2015-05-20 13:15 - 2015-05-20 13:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\{D1FB0108-07FA-437F-9A97-A09534B49E55} 2015-05-19 09:43 - 2015-05-19 09:43 - 00000000 ____D C:\Users\Administrator\AppData\Local\{0F2D45D9-FF5C-46B5-B01F-4ABD68CD81C6} 2015-05-18 10:17 - 2015-05-18 10:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\{6B81EFE9-D98C-4433-9719-07394B3803EE} 2015-05-15 10:45 - 2015-05-15 10:45 - 00000000 ____D C:\Users\Administrator\AppData\Local\{5E21014A-BBCB-4F87-A403-C2A4E99D190D} 2015-05-13 12:25 - 2015-05-01 16:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 10:29 - 2015-02-18 10:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 10:29 - 2015-01-29 06:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 10:28 - 2015-05-05 04:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 10:28 - 2015-04-27 22:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-05-13 10:28 - 2015-04-27 22:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-13 10:28 - 2015-04-27 22:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-13 10:28 - 2015-04-27 22:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-13 10:28 - 2015-04-27 22:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-13 10:28 - 2015-04-27 22:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-13 10:28 - 2015-04-27 22:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-13 10:28 - 2015-04-27 22:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-13 10:28 - 2015-04-27 22:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-13 10:28 - 2015-04-27 22:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-13 10:28 - 2015-04-27 22:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-13 10:28 - 2015-04-27 22:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-13 10:28 - 2015-04-27 22:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-13 10:28 - 2015-04-27 22:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-13 10:28 - 2015-04-27 22:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-13 10:28 - 2015-04-27 22:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-13 10:28 - 2015-04-27 22:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-13 10:28 - 2015-04-27 22:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-13 10:28 - 2015-04-27 22:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-13 10:28 - 2015-04-27 22:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-13 10:28 - 2015-04-27 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-13 10:28 - 2015-04-27 21:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-13 10:28 - 2015-04-27 21:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-13 10:28 - 2015-04-27 21:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-13 10:28 - 2015-04-20 05:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 10:28 - 2015-04-20 05:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 10:28 - 2015-04-20 05:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 10:28 - 2015-04-18 05:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 10:27 - 2015-04-22 04:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-13 10:27 - 2015-04-21 19:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 10:27 - 2015-04-21 19:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-13 10:27 - 2015-04-21 19:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 10:27 - 2015-04-21 19:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 10:27 - 2015-04-21 19:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-13 10:27 - 2015-04-21 19:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-13 10:27 - 2015-04-21 19:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 10:27 - 2015-04-21 19:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-13 10:27 - 2015-04-21 19:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 10:27 - 2015-04-21 19:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 10:27 - 2015-04-21 19:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-13 10:27 - 2015-04-21 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 10:27 - 2015-04-21 18:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 10:27 - 2015-04-21 18:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 10:27 - 2015-04-21 18:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-13 10:27 - 2015-04-21 18:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-13 10:27 - 2015-04-21 18:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-13 10:27 - 2015-04-21 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 10:27 - 2015-04-21 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-13 10:27 - 2015-04-21 18:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-13 10:27 - 2015-04-21 18:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 10:27 - 2015-04-21 18:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 10:27 - 2015-04-21 18:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 10:27 - 2015-04-21 18:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 10:27 - 2015-04-21 18:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-13 10:27 - 2015-04-21 18:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 10:27 - 2015-04-21 18:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-13 10:27 - 2015-04-21 18:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 10:27 - 2015-04-21 18:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 10:27 - 2015-04-21 17:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 10:27 - 2015-04-21 17:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-13 10:27 - 2015-04-13 06:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 10:24 - 2015-04-08 06:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 10:24 - 2015-04-08 06:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 10:24 - 2015-03-04 07:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 10:24 - 2015-03-04 07:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 10:24 - 2015-03-04 07:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 10:24 - 2015-03-04 07:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 09:39 - 2015-05-13 09:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\{D8D53B24-10D1-46A4-A214-E7C7BD2096B8} 2015-05-11 08:49 - 2015-05-11 08:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\{FD17A642-E643-4744-9064-EC6601204F7A} ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-10 09:05 - 2010-10-24 22:53 - 01257428 _____ C:\Windows\WindowsUpdate.log 2015-06-10 09:05 - 2010-10-24 20:05 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-06-10 08:48 - 2009-07-14 07:34 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-10 08:48 - 2009-07-14 07:34 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-10 08:34 - 2012-06-25 14:19 - 06455142 _____ C:\XrxUsd.log 2015-06-10 08:34 - 2010-10-25 14:50 - 00000000 ____D C:\Users\Administrator 2015-06-10 08:33 - 2014-09-12 13:21 - 00003464 _____ C:\Windows\Tasks\f8aac747-34de-4f0b-948e-395f20e6f50d-7.job 2015-06-10 08:33 - 2014-09-12 13:21 - 00003464 _____ C:\Windows\Tasks\f8aac747-34de-4f0b-948e-395f20e6f50d-6.job 2015-06-10 08:33 - 2014-09-12 13:20 - 00004490 _____ C:\Windows\Tasks\f8aac747-34de-4f0b-948e-395f20e6f50d-11.job 2015-06-10 08:33 - 2013-07-02 08:32 - 00027062 _____ C:\Windows\setupact.log 2015-06-10 08:33 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-09 16:43 - 2010-10-31 18:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype 2015-06-09 13:58 - 2015-04-02 13:48 - 00001304 _____ C:\Windows\Tasks\new_game_notification_service.job 2015-06-09 13:58 - 2015-04-02 13:48 - 00000666 _____ C:\Windows\Tasks\new_game_updating_service.job 2015-06-09 13:58 - 2014-09-12 13:21 - 00000900 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-06-09 13:58 - 2014-09-12 13:21 - 00000896 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-06-09 13:58 - 2013-03-04 10:31 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-09 13:58 - 2013-03-04 10:31 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-09 13:58 - 2012-04-17 12:11 - 00001098 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA.job 2015-06-09 13:58 - 2012-04-17 12:11 - 00001076 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core.job 2015-06-09 13:58 - 2011-04-04 16:21 - 00001024 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA.job 2015-06-09 13:58 - 2011-04-04 16:21 - 00000972 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core.job 2015-06-09 13:58 - 2010-10-31 14:28 - 00001016 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1006UA.job 2015-06-09 13:58 - 2010-10-31 14:28 - 00000964 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1006Core.job 2015-06-08 16:52 - 2012-07-04 12:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\I Want This 2015-06-08 16:48 - 2015-04-02 13:48 - 00000000 ____D C:\Program Files\new game 2015-06-08 16:10 - 2015-04-03 08:28 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 2015-06-08 16:10 - 2011-03-25 20:30 - 00109280 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-08 16:09 - 2013-03-04 10:31 - 00000000 ____D C:\Program Files\Google 2015-06-08 16:09 - 2010-10-24 19:25 - 00331874 _____ C:\Windows\PFRO.log 2015-06-08 16:08 - 2010-10-31 14:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google 2015-06-08 16:05 - 2013-09-05 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2015-06-08 16:05 - 2013-09-05 11:49 - 00000000 ____D C:\Program Files\Canon 2015-06-08 16:03 - 2013-01-03 11:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\calibre 2015-06-08 16:03 - 2013-01-03 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2015-06-08 15:57 - 2009-07-14 07:33 - 03763560 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-08 15:54 - 2012-09-11 14:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\BitComet 2015-06-08 15:54 - 2012-09-11 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit) 2015-06-08 15:35 - 2012-06-13 13:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Opera 2015-06-08 15:35 - 2012-06-13 13:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\Opera 2015-06-08 15:34 - 2014-12-11 15:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PhotoScape 2015-06-08 15:32 - 2013-09-17 15:03 - 00000000 ____D C:\ProgramData\SimilarSites 2015-06-08 15:32 - 2012-11-16 17:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\SimilarSites 2015-06-08 15:30 - 2013-06-21 10:16 - 00000000 ____D C:\Program Files\TeamViewer 2015-06-08 15:30 - 2012-11-22 12:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TeamViewer 2015-06-08 15:29 - 2012-11-12 15:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\BearShare 2015-06-08 15:27 - 2010-10-30 13:58 - 00000000 ____D C:\Program Files\Windows Live 2015-06-08 15:22 - 2013-09-13 09:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\WebPlayer 2015-06-08 15:21 - 2012-04-26 10:02 - 140266064 _____ C:\xxbgtask.log 2015-06-08 15:12 - 2015-02-02 17:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\Unity 2015-06-08 08:46 - 2009-07-14 05:04 - 00000710 _____ C:\Windows\win.ini 2015-06-08 08:42 - 2014-12-11 13:38 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-08 08:42 - 2014-05-10 08:49 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-05-29 13:42 - 2010-10-24 19:26 - 00980294 _____ C:\Windows\system32\perfh01F.dat 2015-05-29 13:42 - 2010-10-24 19:26 - 00455792 _____ C:\Windows\system32\perfc01F.dat 2015-05-29 13:42 - 2010-10-24 18:25 - 00006444 _____ C:\Windows\system32\PerfStringBackup.INI 2015-05-29 09:16 - 2010-10-24 18:32 - 00000000 ____D C:\ProgramData\Skype 2015-05-26 12:52 - 2013-09-25 13:32 - 00000000 ___RD C:\Program Files\Skype 2015-05-21 12:52 - 2014-09-24 13:10 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-05-21 12:52 - 2014-09-24 13:10 - 00024144 _____ C:\Windows\system32\Drivers\aswHwid.sys 2015-05-21 12:52 - 2013-03-04 09:35 - 00209048 _____ C:\Windows\system32\Drivers\aswVmm.sys 2015-05-21 12:52 - 2013-03-04 09:35 - 00049904 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2015-05-21 12:52 - 2013-01-10 13:55 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-05-21 12:52 - 2013-01-10 13:55 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-05-21 12:52 - 2013-01-10 13:55 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-05-21 12:52 - 2013-01-10 13:55 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-05-15 16:55 - 2009-07-14 10:20 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-15 12:10 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\rescache 2015-05-15 11:18 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\Microsoft.NET 2015-05-15 10:36 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\tr-TR 2015-05-15 10:36 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-05-15 10:34 - 2010-10-24 18:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-13 12:24 - 2010-10-24 20:22 - 00000039 _____ C:\Windows\vbaddin.ini 2015-05-13 12:23 - 2015-03-04 10:02 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Center Endpoint Protection.lnk 2015-05-13 12:23 - 2011-03-25 23:13 - 00001945 _____ C:\Windows\epplauncher.mif 2015-05-13 12:22 - 2013-09-25 13:32 - 00000000 ____D C:\Program Files\Microsoft Security Client 2015-05-13 12:04 - 2013-08-14 18:06 - 00000000 ____D C:\Windows\system32\MRT 2015-05-13 12:04 - 2010-10-24 18:39 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-13 11:58 - 2010-10-24 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight ==================== Files in the root of some directories ======= 2014-09-12 13:18 - 2014-09-12 13:18 - 6010880 _____ () C:\Program Files\GUT7668.tmp 2013-01-19 10:44 - 2013-01-19 10:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll 2015-03-31 11:14 - 2015-03-31 11:14 - 0005655 _____ () C:\Users\Administrator\AppData\Roaming\0W9ojlSERHVQh9fP4uW0uqGX 2015-03-31 11:14 - 2015-03-31 11:14 - 0005655 _____ () C:\Users\Administrator\AppData\Roaming\0W9ojlSERHVQh9fP4uW0uqGX3 2015-03-31 11:14 - 2015-03-31 11:14 - 0004387 _____ () C:\Users\Administrator\AppData\Roaming\KfOwsG9x 2013-09-23 12:52 - 2015-02-17 13:54 - 0000135 _____ () C:\Users\Administrator\AppData\Roaming\WB.CFG 2010-10-29 19:41 - 2014-09-12 13:09 - 0008082 _____ () C:\Users\Administrator\AppData\Roaming\XeroxFaxOptions.xml 2015-03-31 11:14 - 2015-03-31 11:14 - 0004387 _____ () C:\Users\Administrator\AppData\Roaming\xwMEhk3tTuYDvHMsB1V2T 2012-11-16 17:43 - 2012-11-16 17:42 - 0290500 _____ () C:\Users\Administrator\AppData\Local\funmoods-speeddial_sf.crx 2012-11-16 17:43 - 2012-11-16 17:42 - 0031465 _____ () C:\Users\Administrator\AppData\Local\funmoods.crx 2010-10-26 17:33 - 2010-10-26 17:33 - 0000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg 2014-04-15 11:35 - 2014-04-15 11:35 - 0005113 _____ () C:\ProgramData\mtbjfghn.xbe Some files in TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\DeltaTB.exe C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuuimyg.dll C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe C:\Users\Administrator\AppData\Local\Temp\WSSetup.exe C:\Users\Visitor\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe C:\Users\Visitor\AppData\Local\Temp\SkypeSetup.exe C:\Users\Visitor\AppData\Local\Temp\tmpCB3A.exe C:\Users\Visitor\AppData\Local\Temp\_D6.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-09 12:15 ==================== End of log ============================ Addition.txt
  2. Пълен скан с MBAM под safe mode не намери нищо. *edit - оказа се че проблемът е бил в Windows Update клиента, инсталирането на ъпдейт KB3050265 от сайта на Майкрософт го оправи. Моля, заключете/изтрийте темата.
  3. Здравейте забелязах че не мога да изтрия Istartsurf , и потърсих решения в мрежата. попаднах на вашия раздел и прикачвам указаните файлове. Addition.txt FRST.txt
  4. Здравейте. Лаптопът работи много бавно, при опит да премахна елементите открити от MSE системата забива и не ми позволява да правя нищо повече. Нямам представа от къде се е заразила системата, лаптопът се ползва от родителите ми. Не разполагам с диск за Windows. Елементите под карантина в MSE са доста, изброявам ги, като някои се повтарят: -BrowserModifier:Win32/CouponRuc; Trojan:Win32/Raydefun.A; Trojan:Win32/Peaac.gen!A!plock; VirTool:Win32/Obfuscator.ANX; BrowserModifier:Win32/Diplugem; Trojan:Win32/Damingvat.A; Trojan:Win32/Colisi.C Ето и лог файла: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-09-2015 Ran by RRR (administrator) on RRR-PC (15-09-2015 12:00:16) Running from C:\Users\RRR\Desktop Loaded Profiles: RRR (Available Profiles: RRR) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Opera\Opera.exe" "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe () C:\Users\RRR\AppData\Roaming\ACEStream\engine\ace_engine.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Hewlett-Packard ) C:\ProgramData\HP Mouse Suite Config\hpwjd.exe (Hewlett-Packard ) C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe () C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated) HKLM\...\Run: [New Value #1] => “ctfmon”=”CTFMON.EXE” HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2012-10-24] (Intel Corporation) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-29] (Intel Corporation) HKLM-x32\...\Run: [NWEReboot] => [X] HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4527424 2011-08-17] (DT Soft Ltd) HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [94208 2005-09-08] (Nero AG) HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [AceStream] => C:\Users\RRR\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-25] () HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [Facebook Update] => C:\Users\RRR\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-27] (Facebook Inc.) HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-02] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HPMonitor.exe.lnk [2013-06-01] ShortcutTarget: HPMonitor.exe.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe (Hewlett-Packard) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpwjd.exe.lnk [2013-06-01] ShortcutTarget: hpwjd.exe.lnk -> C:\ProgramData\HP Mouse Suite Config\hpwjd.exe (Hewlett-Packard ) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpwmsd.exe.lnk [2013-06-01] ShortcutTarget: hpwmsd.exe.lnk -> C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe (Hewlett-Packard ) GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{178F6E31-C398-402E-AC71-7DBF82FAF851}: [NameServer] 199.203.131.145,82.163.143.167 Tcpip\..\Interfaces\{BA4CAD20-CBAD-471F-9F84-E16DB495FA06}: [NameServer] 82.163.143.169,82.163.142.171 Tcpip\..\Interfaces\{BA4CAD20-CBAD-471F-9F84-E16DB495FA06}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\RRR\AppData\Roaming\Mozilla\Firefox\Profiles\w3qckbrn.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-01] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-01] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2010-01-21] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-23] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-23] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3352682033-4164677752-1323257766-1000: @acestream.net/acestreamplugin,version=2.1.5.3 -> C:\Users\RRR\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-06-13] (Innovative Digital Technologies) FF Plugin HKU\S-1-5-21-3352682033-4164677752-1323257766-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\RRR\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml [2014-09-24] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2014-09-24] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml [2014-09-24] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2014-09-24] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> hxxp://www.google.com/ CHR Profile: C:\Users\RRR\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\RRR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-09-14] CHR Extension: (Google Wallet) - C:\Users\RRR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18] Opera: ======= OPR Extension: (No Name) - C:\Users\RRR\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-02-27] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation) R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-06-02] (Macrovision Europe Ltd.) [File not signed] R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-18] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2011-11-15] () R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation) R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation) R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2013-06-02] (DT Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.) R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [402024 2012-02-22] (Realtek Semiconductor Corporation ) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [2621128 2015-07-16] (Sonix Tech. Co., Ltd.) U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X] S4 InCDFs; system32\drivers\InCDFs.sys [X] S1 InCDPass; system32\drivers\InCDPass.sys [X] S1 InCDRm; system32\drivers\InCDRm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-15 12:00 - 2015-09-15 12:00 - 00016956 _____ C:\Users\RRR\Desktop\FRST.txt 2015-09-15 12:00 - 2015-09-15 12:00 - 00000000 ____D C:\FRST 2015-09-15 11:59 - 2015-09-15 11:53 - 02190848 _____ (Farbar) C:\Users\RRR\Desktop\FRST64.exe 2015-09-14 15:54 - 2015-09-14 15:54 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-14 15:53 - 2015-09-14 15:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2A1F53E5.sys 2015-09-14 15:53 - 2015-09-14 15:48 - 00000358 _____ C:\Users\RRR\Desktop\hg.txt 2015-09-14 13:30 - 2015-09-15 11:57 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-14 13:30 - 2015-09-14 13:30 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-09-14 13:30 - 2015-09-14 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-09-14 13:30 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-09-14 13:30 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-09-14 13:30 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-09-14 13:18 - 2015-09-14 13:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-09-14 13:18 - 2015-09-14 13:18 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-09-14 12:38 - 2015-09-14 15:55 - 00000000 ____D C:\ProgramData\HitmanPro 2015-09-14 11:51 - 2015-09-14 12:01 - 00000000 ____D C:\AdwCleaner 2015-09-11 12:18 - 2015-08-05 20:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-11 12:18 - 2015-08-05 20:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-09-11 12:18 - 2015-08-05 20:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-09-11 12:17 - 2015-08-05 20:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-11 12:17 - 2015-07-23 03:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-09-11 12:17 - 2015-07-23 03:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-09-11 12:17 - 2015-07-23 03:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-09-11 12:17 - 2015-07-23 03:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-09-11 12:17 - 2015-07-23 03:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-09-11 12:17 - 2015-07-22 19:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-09-11 12:17 - 2015-07-15 06:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-09-11 12:17 - 2015-07-15 05:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-09-11 12:17 - 2015-07-09 20:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-09-11 12:17 - 2015-07-09 20:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll 2015-09-11 12:17 - 2015-07-09 20:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-09-11 12:17 - 2015-07-09 20:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll 2015-09-11 12:16 - 2015-07-23 03:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-09-11 12:16 - 2015-07-23 03:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-09-11 12:16 - 2015-07-23 03:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-09-11 12:16 - 2015-07-23 03:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-09-11 12:16 - 2015-07-23 03:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-09-11 12:16 - 2015-07-23 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-09-11 12:16 - 2015-07-23 03:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-09-11 12:16 - 2015-07-23 03:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-09-11 12:16 - 2015-07-23 03:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-09-11 12:16 - 2015-07-23 03:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-09-11 12:16 - 2015-07-23 03:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-09-11 12:16 - 2015-07-23 02:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-09-11 12:16 - 2015-07-23 02:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-09-11 12:16 - 2015-07-22 20:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-09-11 12:16 - 2015-07-22 20:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-09-11 12:16 - 2015-07-22 20:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-09-11 12:16 - 2015-07-22 20:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-09-11 12:16 - 2015-07-22 20:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-09-11 12:16 - 2015-07-22 20:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-09-11 12:16 - 2015-07-22 20:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-09-11 12:16 - 2015-07-22 20:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-09-11 12:16 - 2015-07-22 20:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-09-11 12:16 - 2015-07-22 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-09-11 12:16 - 2015-07-22 20:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-09-11 12:16 - 2015-07-22 20:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 19:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-09-11 12:16 - 2015-07-22 19:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-09-11 12:16 - 2015-07-22 19:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-09-11 12:16 - 2015-07-22 19:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-09-11 12:16 - 2015-07-22 19:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-09-11 12:16 - 2015-07-22 19:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 19:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 19:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-09-11 12:16 - 2015-06-25 13:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-09-11 12:16 - 2015-06-25 13:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-09-11 12:16 - 2015-06-25 13:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-09-11 12:16 - 2015-06-25 12:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-09-11 12:15 - 2015-09-02 06:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-09-11 12:15 - 2015-09-02 06:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-11 12:15 - 2015-09-02 06:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-09-11 12:15 - 2015-09-02 06:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-09-11 12:15 - 2015-09-02 05:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-09-11 12:15 - 2015-09-02 05:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-11 12:15 - 2015-09-02 05:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-09-11 12:15 - 2015-09-02 05:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-09-11 12:15 - 2015-09-02 04:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-11 12:15 - 2015-09-02 04:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-11 12:15 - 2015-09-02 04:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-11 12:15 - 2015-08-27 21:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-11 12:15 - 2015-08-27 21:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-11 12:15 - 2015-08-27 21:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-09-11 12:15 - 2015-08-27 21:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-09-11 12:15 - 2015-08-27 20:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-09-11 12:15 - 2015-08-27 20:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-09-11 12:15 - 2015-08-27 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-09-11 12:15 - 2015-08-27 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-09-11 12:15 - 2015-08-26 21:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-11 12:15 - 2015-08-26 21:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-11 12:15 - 2015-08-26 21:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-11 12:15 - 2015-08-26 21:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-11 12:15 - 2015-08-26 21:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-11 12:15 - 2015-08-26 21:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-09-11 12:15 - 2015-08-26 21:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-09-11 12:15 - 2015-08-26 21:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-11 12:15 - 2015-08-26 21:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-09-11 12:15 - 2015-08-26 21:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-11 12:15 - 2015-08-26 21:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-09-11 12:15 - 2015-08-26 20:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-09-11 12:15 - 2015-08-26 20:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-09-11 12:15 - 2015-08-26 20:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-09-11 12:15 - 2015-08-26 20:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-09-11 12:15 - 2015-08-26 20:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-09-11 12:15 - 2015-08-04 21:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-09-11 12:15 - 2015-08-04 21:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-09-11 12:15 - 2015-08-04 20:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-09-11 12:15 - 2015-08-04 20:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-11 12:15 - 2015-08-04 20:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-11 12:15 - 2015-08-04 20:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-09-11 12:15 - 2015-08-04 20:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-09-11 12:15 - 2015-08-04 20:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-09-11 12:15 - 2015-08-04 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-08-19 14:47 - 2015-08-11 04:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-19 14:47 - 2015-08-11 04:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-19 14:47 - 2015-08-11 03:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-08-19 14:47 - 2015-08-11 03:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-15 12:00 - 2013-06-01 10:31 - 01702946 _____ C:\Windows\WindowsUpdate.log 2015-09-15 11:59 - 2012-09-26 10:53 - 00000950 _____ C:\Windows\SysWOW64\bscs.ini 2015-09-15 11:58 - 2013-06-01 18:07 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-09-15 11:57 - 2013-12-12 14:39 - 00003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI 2015-09-15 11:56 - 2013-12-12 14:39 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI 2015-09-15 11:55 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-15 11:55 - 2009-07-14 07:51 - 00149816 _____ C:\Windows\setupact.log 2015-09-15 11:32 - 2009-07-14 07:45 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-15 11:32 - 2009-07-14 07:45 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-14 16:19 - 2015-08-14 22:19 - 00000336 _____ C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job 2015-09-14 15:40 - 2013-12-12 14:39 - 00000822 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI 2015-09-14 15:19 - 2014-07-27 14:48 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3352682033-4164677752-1323257766-1000UA.job 2015-09-14 15:19 - 2014-07-27 14:48 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3352682033-4164677752-1323257766-1000Core.job 2015-09-14 15:19 - 2013-06-02 22:32 - 00123918 _____ C:\Windows\PFRO.log 2015-09-14 13:37 - 2015-06-27 11:47 - 00000000 ____D C:\Program Files (x86)\Do Not Disturb 2015-09-14 13:36 - 2015-06-08 17:01 - 00000000 ____D C:\Program Files (x86)\rikaikun 2015-09-14 13:12 - 2014-08-31 13:15 - 00000000 ____D C:\Users\RRR\AppData\Local\Adobe 2015-09-13 02:55 - 2013-08-03 03:00 - 00000000 ____D C:\Windows\system32\MRT 2015-09-13 00:40 - 2009-07-14 07:45 - 02338960 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-13 00:37 - 2009-07-14 10:45 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-13 00:20 - 2013-06-02 22:43 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-28 14:05 - 2015-06-01 08:44 - 00000000 ____D C:\Program Files (x86)\Omnifinder 2015-08-28 14:05 - 2015-05-21 11:01 - 00000000 ____D C:\Program Files (x86)\Cookie Killer for Facebook 2015-08-26 18:37 - 2013-06-05 20:27 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-23 18:55 - 2013-07-07 10:37 - 00000000 ____D C:\Users\RRR\Desktop\recepti 2015-08-19 14:04 - 2015-02-26 19:04 - 00003826 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1424966667 2015-08-19 14:04 - 2013-06-02 18:27 - 00000000 ____D C:\Program Files (x86)\Opera ==================== Files in the root of some directories ======= 2015-06-23 08:55 - 2015-08-01 13:57 - 0000020 _____ () C:\Users\RRR\AppData\Roaming\appdataFr2.bin 2015-06-15 14:29 - 2015-07-03 12:47 - 0000024 _____ () C:\Users\RRR\AppData\Roaming\appdataFr25.bin 2015-03-02 21:46 - 2015-04-23 11:35 - 0000020 _____ () C:\Users\RRR\AppData\Roaming\appdataFr3.bin Files to move or delete: ==================== C:\Users\RRR\install_flashplayer15x32au_chra_dy_aaa_aih.exe Some files in TEMP: ==================== C:\Users\RRR\AppData\Local\Temp\07b31aB7338C7.exe C:\Users\RRR\AppData\Local\Temp\130e04c69E226.exe C:\Users\RRR\AppData\Local\Temp\56ACC069e3.exe C:\Users\RRR\AppData\Local\Temp\9569E98A43F0.exe C:\Users\RRR\AppData\Local\Temp\AtpTimerInfo.dll C:\Users\RRR\AppData\Local\Temp\B6D283.exe C:\Users\RRR\AppData\Local\Temp\BitLord_1.01.exe C:\Users\RRR\AppData\Local\Temp\HitmanPro.exe C:\Users\RRR\AppData\Local\Temp\HPSWF.EXE C:\Users\RRR\AppData\Local\Temp\install_reader11_en_chrd_aaa_aih.exe C:\Users\RRR\AppData\Local\Temp\SkypeSetup.exe C:\Users\RRR\AppData\Local\Temp\sqlite3.dll C:\Users\RRR\AppData\Local\Temp\supoptsetup.exe C:\Users\RRR\AppData\Local\Temp\SWHelperQueryW.dll C:\Users\RRR\AppData\Local\Temp\SWHelperWrapper.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-23 20:30 ==================== End of FRST.txt ============================ Addition.txt
  5. Здравейте , Проблема ми е следния , като вляза в онлайн игра без значение каква е започва да лагва пинга ми стой (примерно) 50 - 50 - 50 200 - 200 - 200 - 50 - 50 - 50 , че до безкрай . Забелязвам ,че вместо обичайната 2.4 mb/s в момента тегля максимум със 1.8 mb/s . Ходих при приятели за да съм уверен , че проблема не е от нета ми . Поздрави , Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-08-2015 02 Ran by Кико (administrator) on КИКО-PC (12-08-2015 22:10:15) Running from C:\Users\Кико\Downloads Loaded Profiles: Кико (Available Profiles: Кико) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 10 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe () C:\Users\Кико\AppData\Local\Viber\Viber.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe () C:\Program Files (x86)\T-Mobile\ConnectionManager\Background\ModemListener.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6326448 2012-12-21] (ESET) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-04-09] (NVIDIA Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [T-Mobile ModemListener] => C:\Program Files (x86)\T-Mobile\ConnectionManager\Background\ModemListener.exe [114552 2012-12-05] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2056131698-3958520328-2186146214-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\S-1-5-21-2056131698-3958520328-2186146214-1000\...\Run: [uTorrent] => C:\Users\Кико\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-08-01] (BitTorrent Inc.) HKU\S-1-5-21-2056131698-3958520328-2186146214-1000\...\Run: [Viber] => C:\Users\Кико\AppData\Local\Viber\Viber.exe [72389840 2015-07-15] () HKU\S-1-5-18\...\Run: [20090604] => D:\games\Encore\Hoyle\RegApp\encore_reg.exe /r "D:\games\Encore\Hoyle\RegApp\encore_reg.rpd" AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-09] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-04-09] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2056131698-3958520328-2186146214-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/ BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{07AFA42B-6F8B-4398-8B05-B05E75053358}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{8781299D-5F6C-4C3D-8278-09851F1EA46F}: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-08-02] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2056131698-3958520328-2186146214-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Кико\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-2056131698-3958520328-2186146214-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Кико\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-24] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2056131698-3958520328-2186146214-1000: pcpitstop.com/PCMaticPlugin -> C:\Users\Кико\AppData\Roaming\PCPitstop\PC Matic Plugin\1.0.0.1\npPCMaticPlugin.1.0.0.1.dll [2013-07-22] (PC Pitstop LLC) FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-09-03] Chrome: ======= CHR Profile: C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-03] CHR Extension: (Google Drive) - C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-03] CHR Extension: (YouTube) - C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-03] CHR Extension: (Google Search) - C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-03] CHR Extension: (Heroes & Generals) - C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-08-23] CHR Extension: (Arcane Legends) - C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2015-01-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03] CHR Extension: (Gmail) - C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-03] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1333424 2012-12-21] (ESET) S2 HiPatchService; d:\games\Hi-Rez Studios\HiPatchService.exe [8704 2015-07-27] (Hi-Rez Studios) [File not signed] S4 Modem Device Helper; C:\Program Files (x86)\T-Mobile\ConnectionManager\BackgroundService\ServiceManager.exe [51576 2012-12-04] () [File not signed] S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3071632 2014-05-06] (INCA Internet Co., Ltd.) S4 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-05-26] () S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [62592 2014-03-24] (Advanced Card Systems Ltd.) S3 ALCATELUSB; C:\Windows\System32\Drivers\AlcatelUsb.sys [25088 2012-12-04] (Windows ® Codename Longhorn DDK provider) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-09-03] (DT Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-01-10] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET) S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2012-12-04] (TCT International Mobile Ltd) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-09] (NVIDIA Corporation) S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 npkcrypt; \??\D:\Games\Lineage II\system\npkcrypt.sys [X] S3 npkycryp; \??\D:\Games\Lineage II\system\npkycryp.sys [X] S3 SmbDrv; system32\DRIVERS\Smb_driver.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 X6va020; \??\C:\Windows\SysWOW64\Drivers\X6va020 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-12 22:10 - 2015-08-12 22:10 - 00013335 _____ C:\Users\Кико\Downloads\FRST.txt 2015-08-12 22:10 - 2015-08-12 22:10 - 00000000 ____D C:\FRST 2015-08-12 22:09 - 2015-08-12 22:10 - 02172928 _____ (Farbar) C:\Users\Кико\Downloads\FRST64.exe 2015-08-12 21:57 - 2015-08-12 21:57 - 00000312 _____ C:\Users\Кико\Desktop\Системата ми е инфектирана - Какво да правя сега- - Премахване на зловреден софтуер - HiJackThis логове - kaldata.com - Форуми.url 2015-08-12 21:50 - 2015-08-12 21:51 - 02082630 _____ (J.C. Kessels ) C:\Users\Кико\Downloads\MyDefrag-v4.3.1.exe 2015-08-12 20:46 - 2015-08-12 20:46 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS 2015-08-12 17:41 - 2015-08-12 17:41 - 00019402 _____ C:\Users\Кико\Downloads\Terminator Genisys 2015 READNFO 480p HDRip XviD AC3-NoGroup.torrent 2015-08-12 17:41 - 2015-08-12 17:41 - 00019402 _____ C:\Users\Кико\Downloads\Terminator Genisys 2015 READNFO 480p HDRip XviD AC3-NoGroup (1).torrent 2015-08-12 02:41 - 2015-07-30 16:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 02:41 - 2015-07-30 16:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-11 22:39 - 2015-07-30 21:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-11 22:39 - 2015-07-30 21:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-11 22:39 - 2015-07-30 21:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-11 22:39 - 2015-07-30 21:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-08-11 22:39 - 2015-07-30 21:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-11 22:39 - 2015-07-30 21:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-08-11 22:39 - 2015-07-30 21:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-08-11 22:39 - 2015-07-30 20:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2015-08-11 22:39 - 2015-07-30 20:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-08-11 22:39 - 2015-07-30 20:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-08-11 22:39 - 2015-07-30 20:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-08-11 22:39 - 2015-07-30 20:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-08-11 22:39 - 2015-07-30 20:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-08-11 22:39 - 2015-07-30 19:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-11 22:39 - 2015-07-30 19:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-11 22:39 - 2015-07-30 19:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-08-11 22:39 - 2015-07-28 23:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-08-11 22:39 - 2015-07-28 23:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-08-11 22:39 - 2015-07-28 23:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-08-11 22:39 - 2015-07-28 23:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-08-11 22:39 - 2015-07-28 23:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-08-11 22:39 - 2015-07-28 23:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-08-11 22:39 - 2015-07-28 23:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-08-11 22:39 - 2015-07-28 22:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-08-11 22:39 - 2015-07-15 21:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-11 22:39 - 2015-07-15 21:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-08-11 22:39 - 2015-07-15 21:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-08-11 22:39 - 2015-07-15 21:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-11 22:39 - 2015-07-15 21:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-11 22:39 - 2015-07-15 21:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-08-11 22:39 - 2015-07-15 21:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-08-11 22:39 - 2015-07-15 21:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-08-11 22:39 - 2015-07-15 21:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-08-11 22:39 - 2015-07-15 21:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-08-11 22:39 - 2015-07-15 21:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-08-11 22:39 - 2015-07-15 21:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-08-11 22:39 - 2015-07-15 21:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-11 22:39 - 2015-07-15 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-08-11 22:39 - 2015-07-15 21:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-08-11 22:39 - 2015-07-15 21:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-08-11 22:39 - 2015-07-15 21:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-08-11 22:39 - 2015-07-15 20:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-08-11 22:39 - 2015-07-15 20:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-08-11 22:39 - 2015-07-15 20:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-08-11 22:39 - 2015-07-15 20:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-08-11 22:39 - 2015-07-15 20:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-08-11 22:39 - 2015-07-15 20:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-08-11 22:39 - 2015-07-15 20:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-08-11 22:39 - 2015-07-15 20:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-08-11 22:39 - 2015-07-15 20:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-08-11 22:39 - 2015-07-15 20:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-08-11 22:39 - 2015-07-15 20:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-08-11 22:39 - 2015-07-15 20:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-08-11 22:39 - 2015-07-15 20:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-08-11 22:39 - 2015-07-15 20:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-08-11 22:39 - 2015-07-15 20:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-08-11 22:39 - 2015-07-15 20:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-08-11 22:39 - 2015-07-15 20:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-08-11 22:39 - 2015-07-15 20:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-08-11 22:39 - 2015-07-15 20:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-08-11 22:39 - 2015-07-15 20:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-08-11 22:39 - 2015-07-15 20:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-08-11 22:39 - 2015-07-15 20:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 19:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-08-11 22:39 - 2015-07-15 19:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-08-11 22:39 - 2015-07-15 19:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-08-11 22:39 - 2015-07-15 19:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-08-11 22:39 - 2015-07-15 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-08-11 22:39 - 2015-07-15 19:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 19:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 19:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 19:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 06:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-11 22:39 - 2015-07-15 06:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-11 22:39 - 2015-07-15 06:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-11 22:39 - 2015-07-15 06:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-08-11 22:39 - 2015-07-15 06:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-08-11 22:39 - 2015-07-15 05:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-08-11 22:39 - 2015-07-15 05:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-08-11 22:39 - 2015-07-15 05:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-08-11 22:39 - 2015-07-15 05:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-08-11 22:39 - 2015-07-10 20:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-11 22:39 - 2015-07-10 20:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2015-08-11 22:39 - 2015-07-10 20:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-08-11 22:39 - 2015-07-10 20:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-08-11 22:39 - 2015-07-10 20:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-08-11 22:39 - 2015-07-10 20:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2015-08-11 22:39 - 2015-07-09 20:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-11 22:39 - 2015-07-09 20:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-11 22:39 - 2015-07-09 20:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe 2015-08-11 22:39 - 2015-07-01 23:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-11 22:39 - 2015-07-01 23:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-08-11 22:39 - 2015-07-01 23:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-08-11 22:39 - 2015-07-01 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2015-08-11 22:38 - 2015-07-26 02:18 - 19291648 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-11 22:38 - 2015-07-26 02:18 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-11 22:38 - 2015-07-26 02:18 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-11 22:38 - 2015-07-26 02:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-11 22:38 - 2015-07-26 02:18 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-11 22:38 - 2015-07-26 02:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-08-11 22:38 - 2015-07-26 02:18 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-11 22:38 - 2015-07-26 02:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-08-11 22:38 - 2015-07-26 02:17 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-11 22:38 - 2015-07-26 02:17 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-08-11 22:38 - 2015-07-25 23:24 - 14383616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-08-11 22:38 - 2015-07-25 23:24 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-08-11 22:38 - 2015-07-25 23:24 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-08-11 22:38 - 2015-07-25 23:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-08-11 22:38 - 2015-07-25 23:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-08-11 22:38 - 2015-07-25 23:24 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-08-11 22:38 - 2015-07-25 23:24 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 13774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 02865664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-08-11 22:38 - 2015-07-25 23:23 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-08-11 22:38 - 2015-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-08-11 22:38 - 2015-07-25 21:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-11 22:38 - 2015-07-25 21:17 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-08-11 22:38 - 2015-07-25 21:09 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-11 22:38 - 2015-07-25 20:52 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2015-08-11 22:38 - 2015-07-25 20:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-08-11 22:37 - 2015-07-20 21:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-08-11 22:37 - 2015-07-20 21:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-08-11 22:37 - 2015-07-20 21:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-08-11 22:37 - 2015-07-20 21:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-08-11 22:37 - 2015-07-20 21:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-08-11 22:37 - 2015-07-20 21:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-08-11 22:37 - 2015-07-20 21:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-08-11 22:37 - 2015-07-20 21:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-08-11 22:37 - 2015-07-20 21:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-08-11 22:37 - 2015-07-20 21:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-08-11 22:37 - 2015-07-20 21:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-08-11 22:37 - 2015-07-20 20:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-08-11 22:37 - 2015-07-20 20:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-08-11 22:37 - 2015-07-20 20:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-08-11 22:37 - 2015-07-20 20:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-08-11 22:37 - 2015-07-20 20:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-08-11 22:37 - 2015-07-10 20:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-11 22:37 - 2015-07-10 20:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-08-11 22:37 - 2015-05-09 21:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2015-08-10 12:31 - 2015-08-10 12:31 - 00000069 _____ C:\Users\Кико\Desktop\-Saphir-I Am Alive- - YouTube.url 2015-08-10 00:27 - 2015-08-12 02:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-08-10 00:27 - 2015-08-12 02:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-10 00:27 - 2015-08-12 02:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-08-10 00:26 - 2015-08-10 00:27 - 13095136 _____ (Microsoft Corporation) C:\Users\Кико\Downloads\Silverlight_x64.exe 2015-08-10 00:24 - 2015-08-10 00:24 - 00761856 _____ C:\Users\Кико\Downloads\PCMaticPlugin (1).msi 2015-08-10 00:22 - 2015-08-10 00:22 - 00761856 _____ C:\Users\Кико\Downloads\PCMaticPlugin.msi 2015-08-10 00:22 - 2015-08-10 00:22 - 00000000 ____D C:\Users\Кико\AppData\Roaming\PCPitstop 2015-08-09 23:42 - 2015-08-09 23:47 - 00000000 ____D C:\Users\Кико\Desktop\Italo Disco 2015-08-09 20:10 - 2015-08-09 20:10 - 00000000 ____D C:\Users\Кико\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks 2015-08-09 19:27 - 2015-08-09 19:27 - 00015407 _____ C:\Users\Кико\Downloads\Malwarebytes Anti-Malware Premium v2.1.8.1057 Final.torrent 2015-08-09 16:36 - 2015-08-09 16:42 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Кико\Downloads\mbam-setup-2.1.8.1057.exe 2015-08-09 16:34 - 2015-08-09 16:34 - 06693128 _____ (Wargaming.net ) C:\Users\Кико\Downloads\WoT_internet_install_eu.exe 2015-08-09 16:15 - 2015-08-09 16:15 - 01275427 _____ C:\Users\Кико\Downloads\J1mB0_s_Crosshair_Mod_v1.50_-_Curse_Client.zip 2015-08-09 16:10 - 2015-08-09 16:10 - 00012982 _____ C:\Users\Кико\Downloads\The.Stoning.of.Soraya.M.2008.BRRip.x264-WAR.torrent 2015-08-09 16:09 - 2015-08-09 16:09 - 00024603 _____ C:\Users\Кико\Downloads\wtsto.rar 2015-08-09 16:03 - 2015-08-09 16:03 - 00014714 _____ C:\Users\Кико\Downloads\Petite HD Porn 3.torrent 2015-08-09 16:03 - 2015-08-09 16:03 - 00014714 _____ C:\Users\Кико\Downloads\Petite HD Porn 3 (1).torrent 2015-08-07 23:03 - 2015-08-07 23:03 - 00000069 _____ C:\Users\Кико\Desktop\BOBBY O - Obsession (December 2011 NEW RELEASE) - YouTube.url 2015-08-06 11:28 - 2015-08-06 11:28 - 00098432 _____ C:\Users\Кико\Downloads\Battlefield 4 (RePack) (Update 11) [R.G. Games].torrent 2015-08-05 03:11 - 2015-08-05 03:11 - 00000249 _____ C:\Users\Кико\Desktop\Интересни решения - снимки и друго.... - Страница 12.url 2015-08-04 15:55 - 2015-08-11 22:25 - 00003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings 2015-08-04 15:55 - 2015-08-04 15:55 - 00000000 ____D C:\Program Files\Common Files\AV 2015-08-04 00:43 - 2015-08-04 00:43 - 00000069 _____ C:\Users\Кико\Desktop\The Voice UK 2013 - Conor Scott performs 'Starry Eyed' - Blind Auditions 3 - BBC One - YouTube.url 2015-08-04 00:29 - 2015-08-04 00:29 - 00000069 _____ C:\Users\Кико\Desktop\Top Greatest First Singing Auditions - YouTube.url 2015-08-04 00:25 - 2015-08-04 00:25 - 00000069 _____ C:\Users\Кико\Desktop\How To Sing Good - 3 Easy Tips For How To Sing Good - YouTube.url 2015-08-04 00:06 - 2015-08-04 00:06 - 00000069 _____ C:\Users\Кико\Desktop\Wiggle - Vintage 1920s Broadway Jason Derulo - Snoop Dogg Cover - YouTube.url 2015-08-02 13:08 - 2015-08-02 13:08 - 00405360 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-02 13:08 - 2015-08-02 13:08 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2015-08-02 10:36 - 2015-08-02 10:36 - 00000813 _____ C:\Users\Public\Desktop\Smite.lnk 2015-08-02 10:36 - 2015-08-02 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2015-08-02 10:36 - 2015-08-02 10:36 - 00000000 ____D C:\ProgramData\Hi-Rez Studios 2015-08-02 10:33 - 2015-08-02 10:34 - 51997064 _____ (Hi-Rez Studios) C:\Users\Кико\Downloads\InstallHiRezGamesEnglish.exe 2015-08-02 02:22 - 2015-08-10 21:04 - 00000000 ____D C:\Users\Кико\Documents\Euro Truck Simulator 2 2015-08-02 02:19 - 2015-08-02 02:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 2015-08-01 22:12 - 2015-08-01 22:12 - 00034146 _____ C:\Users\Кико\Downloads\ComputerDesktopWallpapers.torrent 2015-08-01 22:05 - 2015-08-01 22:05 - 00015919 _____ C:\Users\Кико\Downloads\Euro.Truck.Simulator.2.v1.19.2.1.Incl.27.DLC-RePack.iso.torrent 2015-07-30 00:08 - 2015-07-30 00:08 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk 2015-07-30 00:07 - 2015-07-30 00:07 - 00931408 _____ (Google Inc.) C:\Users\Кико\Downloads\GoogleEarthSetup.exe 2015-07-29 02:24 - 2015-07-29 02:24 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo 2015-07-29 02:24 - 2015-07-29 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan 2015-07-29 02:23 - 2015-07-29 02:23 - 02143832 _____ C:\Users\Кико\Downloads\instsf449.exe 2015-07-29 01:49 - 2015-07-29 02:08 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server 2015-07-29 01:48 - 2015-07-29 01:49 - 21370837 _____ C:\Users\Кико\Downloads\RTSSSetup620-[Guru3D.com].rar 2015-07-29 01:46 - 2015-07-29 01:46 - 01199856 _____ ( ) C:\Users\Кико\Downloads\hwmonitor_1.28.exe 2015-07-28 18:11 - 2015-07-28 18:11 - 00000069 _____ C:\Users\Кико\Desktop\90's Megamix - Dance Hits of the 90s - Epic 2 Hour Video Mix! - YouTube.url 2015-07-27 22:00 - 2015-07-27 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Croteam 2015-07-27 13:36 - 2015-07-27 13:36 - 00023495 _____ C:\Users\Кико\Downloads\Serious.Sam.3.BFE.Gold.Edition-PROPHET.torrent 2015-07-27 13:28 - 2015-07-27 13:29 - 67701008 _____ (Viber Media Inc) C:\Users\Кико\Downloads\ViberSetup.exe 2015-07-26 23:23 - 2015-07-26 23:23 - 00000087 _____ C:\Users\Кико\The Hottest Amateur-Selfies You Have Ever Seen!! - Photo #67.url 2015-07-25 23:47 - 2015-07-25 23:47 - 00000069 _____ C:\Users\Кико\Desktop\Teena Marie - Lovergirl - YouTube.url 2015-07-24 21:53 - 2015-08-10 12:50 - 00000184 _____ C:\Users\Кико\Desktop\Acer24@abv.bg.txt 2015-07-23 09:21 - 2015-07-23 09:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2015-07-23 09:19 - 2015-07-23 09:20 - 30993712 _____ (Riot Games) C:\Users\Кико\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe 2015-07-23 00:42 - 2015-07-23 00:42 - 00000000 ____D C:\Users\Кико\AppData\Local\CEF 2015-07-18 11:58 - 2015-08-12 22:03 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0c137f342174d.job 2015-07-18 11:58 - 2015-08-12 20:44 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c137f2566f12.job 2015-07-18 11:58 - 2015-07-18 11:58 - 00003994 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0c137f342174d 2015-07-18 11:58 - 2015-07-18 11:58 - 00003742 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0c137f2566f12 2015-07-15 12:19 - 2015-07-15 12:19 - 00000000 ____D C:\Users\Кико\AppData\Roaming\Trove 2015-07-15 10:39 - 2015-06-02 03:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2015-07-15 10:39 - 2015-06-02 02:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll 2015-07-15 10:38 - 2015-07-04 21:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-07-15 10:38 - 2015-07-04 20:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-07-15 10:38 - 2015-06-17 20:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-07-15 10:38 - 2015-06-17 20:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-07-15 10:38 - 2015-04-27 22:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-07-15 10:38 - 2015-04-27 22:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-07-15 10:38 - 2015-04-27 22:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-07-15 10:38 - 2015-04-27 22:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-07-15 10:38 - 2015-04-27 22:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-07-15 10:38 - 2015-04-27 22:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-07-15 10:38 - 2015-04-27 22:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-07-15 10:38 - 2015-04-27 22:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-07-15 10:37 - 2015-06-16 00:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-07-15 10:37 - 2015-06-16 00:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-07-15 10:37 - 2015-06-16 00:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-07-15 10:37 - 2015-06-16 00:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2015-07-15 10:37 - 2015-06-16 00:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-07-15 10:37 - 2015-06-16 00:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-07-15 10:37 - 2015-06-16 00:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-07-15 10:37 - 2015-06-16 00:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-07-15 10:37 - 2015-06-16 00:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2015-07-15 10:37 - 2015-06-16 00:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-07-15 10:37 - 2015-06-16 00:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2015-07-15 10:37 - 2015-06-16 00:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2015-07-15 10:37 - 2015-06-11 20:56 - 01112576 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-07-15 10:37 - 2015-06-11 20:16 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-07-15 10:37 - 2015-06-11 20:15 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2015-07-13 20:53 - 2015-07-13 20:53 - 00040720 _____ C:\Users\Кико\Downloads\Terminator.2.Judgment.Day.1991.WS.DVDRip.XviD.BG.and.ENG.Audio-Atany.torrent 2015-07-13 20:53 - 2015-07-13 20:53 - 00040720 _____ C:\Users\Кико\Downloads\Terminator.2.Judgment.Day.1991.WS.DVDRip.XviD.BG.and.ENG.Audio-Atany (1).torrent 2015-07-13 20:50 - 2015-07-13 20:50 - 06386866 _____ ( ) C:\Users\Кико\Downloads\MKVPlayerSetupD.exe 2015-07-13 20:48 - 2015-07-13 20:48 - 00056165 _____ C:\Users\Кико\Downloads\MKVToolNix 7.5.0 Final + Portable.torrent 2015-07-13 18:20 - 2015-07-13 18:20 - 00015302 _____ C:\Users\Кико\Downloads\Terminator.2.Judgment.Day.1991.BDRip.x265-WAR (1).torrent 2015-07-13 18:19 - 2015-07-13 18:19 - 00025828 _____ C:\Users\Кико\Downloads\Terminator.2.DirCut.1991.720p.HDDVD.DTS.x264_ESiR.(subs.sab.bz).rar 2015-07-13 18:19 - 2015-07-13 18:19 - 00015302 _____ C:\Users\Кико\Downloads\Terminator.2.Judgment.Day.1991.BDRip.x265-WAR.torrent ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-12 22:06 - 2015-01-20 00:52 - 00000000 ____D C:\Program Files (x86)\Steam 2015-08-12 22:04 - 2014-10-20 05:53 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfec11141dff92.job 2015-08-12 22:03 - 2014-11-13 09:59 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfff0f4ff0b4c9.job 2015-08-12 21:58 - 2014-06-18 00:41 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8a74e7f78ebf.job 2015-08-12 21:28 - 2015-07-09 19:22 - 00000000 ____D C:\Users\Кико\AppData\Roaming\uTorrent 2015-08-12 21:21 - 2014-01-28 19:16 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2056131698-3958520328-2186146214-1000UA.job 2015-08-12 21:06 - 2009-07-14 07:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-12 21:06 - 2009-07-14 07:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-12 20:46 - 2013-09-03 00:56 - 01112495 _____ C:\Windows\WindowsUpdate.log 2015-08-12 20:45 - 2014-05-15 22:29 - 00000000 ____D C:\Users\Кико\AppData\Roaming\ViberPC 2015-08-12 20:44 - 2015-05-18 22:58 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d091a4feaf1b16.job 2015-08-12 20:44 - 2013-09-03 02:05 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-12 20:43 - 2015-06-23 14:23 - 00007112 _____ C:\Windows\setupact.log 2015-08-12 20:43 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-12 13:04 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache 2015-08-12 11:00 - 2009-07-14 07:45 - 00431352 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-12 10:58 - 2014-12-11 15:14 - 00000000 ____D C:\Windows\system32\appraiser 2015-08-12 10:58 - 2014-05-07 02:31 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-08-12 02:35 - 2013-09-15 02:42 - 00000000 ____D C:\Windows\system32\MRT 2015-08-12 02:32 - 2013-09-15 02:42 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-10 18:21 - 2014-01-28 19:16 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2056131698-3958520328-2186146214-1000Core.job 2015-08-10 12:24 - 2015-01-26 17:25 - 00000000 ____D C:\Users\Кико\Desktop\Funny 2015-08-10 10:41 - 2015-03-06 00:41 - 00010124 _____ C:\Windows\PFRO.log 2015-08-09 16:01 - 2013-09-03 00:58 - 00000000 ____D C:\Users\Кико 2015-08-02 21:29 - 2014-06-17 10:10 - 00000000 ____D C:\Users\Кико\AppData\Roaming\SpinTires 2015-08-02 20:18 - 2013-09-03 03:14 - 00000000 ____D C:\Users\Кико\Desktop\Games 2015-08-02 13:55 - 2013-10-13 10:12 - 00000000 ____D C:\Users\Кико\Documents\My Games 2015-08-02 12:38 - 2015-05-26 02:33 - 00037790 _____ C:\Windows\DirectX.log 2015-08-02 10:36 - 2013-09-03 01:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-08-02 01:48 - 2014-09-20 01:27 - 00000000 ____D C:\Users\Кико\AppData\Local\Warframe 2015-07-31 17:14 - 2013-09-03 11:19 - 00000000 ____D C:\Users\Кико\AppData\Roaming\Skype 2015-07-30 20:54 - 2013-12-15 00:27 - 00000000 ____D C:\Users\Кико\Documents\VirtualDJ 2015-07-29 01:50 - 2013-09-03 11:38 - 00000000 ____D C:\Windows\SysWOW64\directx 2015-07-27 13:39 - 2015-05-24 21:59 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-07-27 13:38 - 2013-09-03 11:19 - 00000000 ____D C:\ProgramData\Skype 2015-07-27 13:31 - 2014-10-30 01:32 - 00000961 _____ C:\Users\Кико\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk 2015-07-27 13:31 - 2014-10-30 01:31 - 00000000 ____D C:\Users\Кико\AppData\Local\Viber 2015-07-24 21:40 - 2015-04-19 20:39 - 00000000 ____D C:\Users\Кико\Desktop\Dokumenti 2015-07-18 11:58 - 2015-05-18 22:58 - 00003742 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d091a4feaf1b16 2015-07-18 11:58 - 2014-11-13 09:59 - 00003994 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfff0f4ff0b4c9 2015-07-18 11:45 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-07-15 11:16 - 2009-07-14 08:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI ==================== Files in the root of some directories ======= 2013-12-23 01:15 - 2015-04-04 04:08 - 0007603 _____ () C:\Users\Кико\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\Кико\AppData\Local\Temp\855773e187c67c0dab3ae888acfa66a9.dll C:\Users\Кико\AppData\Local\Temp\d4f5d244a0909d75573750c06e9db24d.dll C:\Users\Кико\AppData\Local\Temp\sfamcc00001.dll C:\Users\Кико\AppData\Local\Temp\sfextra.dll C:\Users\Кико\AppData\Local\Temp\SkypeSetup.exe C:\Users\Кико\AppData\Local\Temp\unrar.dll C:\Users\Кико\AppData\Local\Temp\_isDD83.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-12 00:31 ==================== End of log ============================ Addition.txt
  6. Така... отдавна не съм има проблеми с щайгата, но ето че и това дойде... От седмица съм с Win7 64bit и днеска реших да го активирам, обаче попаднах на кофти активатор! Още докато нещата се инсталираха усетих, че нещо не е наред като видях програмите който почнаха да се инсталират сами... и се появяваха по бързо от колкото ги махах. В крайна сметка махнах всички програми, но има няколко процеса който съм убеден, че не са с Win-а и при спиране те се включват сами веднага. Използвам Panda Free и засега не засича нищо, но имам 2-3 програми който стоят в старт менюто и не мога да се отървя от тях и няколкото процеси който се рестартират пак и пак... ПС. Гледам, че има още 1 тема като моята, но в нея пишеше, че стъпките са специално за дадения потребител и може да доведе до повреди в операционната система и не съм ги прилагал. FRST.txt Addition.txt
  7. Привет. След дълги перипетии,описани в предишните ми теми компютърът ми проработи след ъпдейт на БИОС.Проблемите бяха започнали след неуспешен опит за инсталация на програма свалена от торент, което ме кара да се съмнявам и за наличен вирус.Също имам и подозрения за autorun (или както там се казва) вирус прихванат от флашка.Ето логовете: Addition.txt
  8. От известно време когато съм във фейсбук и слушам музика от ютуб фейсбук лагва....пускам да гледам Кръстника и усещам как на места звука насича,а картината на едно място е бавна ,на друго забързва много....Кашперския намери 1 троянец,malwarebytes anti malware и тя намери 2-3.Та изтри ги,рестнах-пак същото,филма си лагва.Всички драйвъри са обновени,в игрите проблеми нямам.Та се съмнявам за вирус ,затова в този раздел пуснах темата.
  9. Здравейте!Лаптопа ми е нов на 2-3месеца ,но работи изключително бавно,имам предвид в Chrome като пиша и текста се появява след 1-2секунди примерно,като цяло не използвам почти никакви програми,ето логовете Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015 Ran by Dell (administrator) on DELL-PC on 14-07-2015 10:44:17 Running from C:\Users\Dell\Desktop Loaded Profiles: Dell (Available Profiles: Dell) Platform: Windows 8.1 Connected (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSysSvc64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (AIMP DevTeam) C:\Program Files (x86)\AIMP3\AIMP3.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe () C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\ouc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Users\Dell\AppData\Local\Viber\Viber.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Dell) C:\Program Files\Dell\Dell Data Services\DDSSvc.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5776712 2013-11-26] (Dell Inc.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573720 2014-05-06] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2014-04-10] (Waves Audio Ltd.) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.) HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] () HKU\S-1-5-21-1353754189-2006675028-370256372-1001\...\Run: [uTorrent] => C:\Users\Dell\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-12] (BitTorrent Inc.) HKU\S-1-5-21-1353754189-2006675028-370256372-1001\...\Run: [Viber] => C:\Users\Dell\AppData\Local\Viber\Viber.exe [80035536 2015-06-10] () HKU\S-1-5-21-1353754189-2006675028-370256372-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.) HKU\S-1-5-21-1353754189-2006675028-370256372-1001\...\MountPoints2: {698d1252-ebdc-11e4-8270-f470c499c1b5} - "E:\autorun.exe" HKU\S-1-5-21-1353754189-2006675028-370256372-1001\...\MountPoints2: {a68dd632-dd41-11e4-825b-d54ccb47a18c} - "E:\AutoRun.exe" HKU\S-1-5-21-1353754189-2006675028-370256372-1001\...\MountPoints2: {a68dd6a5-dd41-11e4-825b-d54ccb47a18c} - "E:\AutoRun.exe" HKU\S-1-5-21-1353754189-2006675028-370256372-1001\...\MountPoints2: {a68dd84d-dd41-11e4-825b-d54ccb47a18c} - "G:\AutoRun.exe" HKU\S-1-5-21-1353754189-2006675028-370256372-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1353754189-2006675028-370256372-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-1353754189-2006675028-370256372-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1353754189-2006675028-370256372-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-1353754189-2006675028-370256372-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22] (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{6472DF88-8DA3-4641-AA53-F9BE056B1A8A}: [NameServer] 212.39.90.42 212.39.90.43 Tcpip\..\Interfaces\{9520A722-C3EB-424C-86F1-A74A2F638176}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oh4ckppu.default FF DefaultSearchEngine: Google Default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-09] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] () FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-09] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-09] (Google Inc.) FF Plugin HKU\S-1-5-21-1353754189-2006675028-370256372-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-05-02] (Ubisoft) FF SearchPlugin: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oh4ckppu.default\searchplugins\google-default.xml [2015-04-07] FF SearchPlugin: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oh4ckppu.default\searchplugins\youtube.xml [2015-04-07] FF Extension: Thumbnail Zoom Plus - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oh4ckppu.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2015-04-07] FF Extension: Adblock Plus - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oh4ckppu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-07] Chrome: ======= CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-07] CHR Extension: (Google Docs) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-07] CHR Extension: (Google Drive) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-07] CHR Extension: (YouTube) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-07] CHR Extension: (Google Search) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-07] CHR Extension: (Photo Zoom for Facebook) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-07-09] CHR Extension: (Google Sheets) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-07] CHR Extension: (Stylish) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-04-07] CHR Extension: (AdBlock) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-07] CHR Extension: (Google Wallet) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-07] CHR Extension: (Hover Zoom) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-07-09] CHR Extension: (Gmail) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 Dell Data Services; C:\Program Files\Dell\Dell Data Services\DDSSvc.exe [45936 2014-11-13] (Dell) R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [92528 2015-05-05] (Dell) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.) R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-18] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-18] (Intel Corporation) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] () R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-22] (Intel Corporation) S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887232 2013-12-24] (Intel® Corporation) R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-11] (Dell Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS) S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.) S2 VIVACOM 3G USB Modem. RunOuc; C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [651856 2013-10-26] () R2 WavesSysSvc; C:\Program Files\Realtek\Audio\HDA\WavesSysSvc64.exe [497664 2014-04-07] (Waves Audio Ltd.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) S2 HiPatchService; D:\Games\HiPatchService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-11] (Qualcomm Atheros Communications, Inc.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-18] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-18] (Intel Corporation) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-04-26] (DT Soft Ltd) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] () [File not signed] S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] () [File not signed] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] () [File not signed] S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () [File not signed] S3 hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [121728 2013-10-23] (Huawei Technologies Co., Ltd.) S3 hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys [376448 2013-11-01] (Huawei Technologies Co., Ltd.) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-11] (Intel Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-20] (Synaptics Incorporated) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-14 10:44 - 2015-07-14 10:45 - 00018282 _____ C:\Users\Dell\Desktop\FRST.txt 2015-07-14 10:44 - 2015-07-14 10:44 - 00000000 ____D C:\FRST 2015-07-14 10:43 - 2015-07-14 10:43 - 02133504 _____ (Farbar) C:\Users\Dell\Desktop\FRST64.exe 2015-07-14 10:42 - 2015-07-14 10:42 - 01636864 _____ (Farbar) C:\Users\Dell\Desktop\a.exe 2015-07-11 17:59 - 2015-07-11 17:59 - 00001062 _____ C:\Users\Dell\Desktop\GuitarPro - Shortcut.lnk 2015-07-09 09:57 - 2015-07-09 09:57 - 00002285 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-09 09:57 - 2015-07-09 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-07-09 09:54 - 2015-07-14 09:59 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-09 09:54 - 2015-07-14 09:59 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-09 09:54 - 2015-07-09 09:54 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-09 09:54 - 2015-07-09 09:54 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-09 09:52 - 2015-07-09 09:52 - 00931408 _____ (Google Inc.) C:\Users\Dell\Downloads\ChromeSetup.exe 2015-07-07 20:58 - 2015-07-09 21:16 - 00000000 ____D C:\Users\Dell\AppData\Roaming\TS3Client 2015-07-07 20:58 - 2015-07-07 20:58 - 00001184 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2015-07-07 20:58 - 2015-07-07 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2015-07-07 20:57 - 2015-07-07 20:58 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2015-07-07 20:55 - 2015-07-07 20:57 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Dell\Downloads\TeamSpeak3-Client-win32-3.0.16.exe 2015-07-06 11:19 - 2015-07-06 11:19 - 00001775 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-07-06 11:19 - 2015-07-06 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-07-06 11:16 - 2015-07-06 11:19 - 00000000 ____D C:\Program Files\iTunes 2015-07-06 11:16 - 2015-07-06 11:16 - 00000000 ____D C:\Program Files\iPod 2015-07-06 11:16 - 2015-07-06 11:16 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-06-25 17:37 - 2015-07-07 16:26 - 00000000 ____D C:\Users\Dell\Desktop\uroci 2015-06-23 15:51 - 2015-06-23 15:51 - 00004024 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask 2015-06-23 15:51 - 2015-06-23 15:51 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask 2015-06-23 15:51 - 2015-06-23 15:51 - 00003214 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest 2015-06-23 15:51 - 2015-06-23 15:51 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows 2015-06-23 15:51 - 2015-06-23 15:51 - 00000000 ____D C:\Program Files\Dell Support Center 2015-06-14 08:54 - 2015-06-14 08:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-14 10:38 - 2015-04-08 13:45 - 00000000 ____D C:\Users\Dell\AppData\Roaming\AIMP3 2015-07-14 10:27 - 2015-04-07 19:14 - 02066256 _____ C:\Windows\WindowsUpdate.log 2015-07-14 10:09 - 2014-11-29 09:36 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2015-07-14 10:08 - 2015-06-03 16:46 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Skype 2015-07-14 10:07 - 2015-04-07 17:46 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1353754189-2006675028-370256372-1001 2015-07-14 10:05 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\AppReadiness 2015-07-14 10:00 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\sru 2015-07-14 09:59 - 2015-04-08 16:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-14 09:21 - 2015-04-07 17:46 - 00000000 ____D C:\ProgramData\softthinks 2015-07-14 09:08 - 2015-04-07 17:45 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{767366E0-BF56-478F-865B-741B5A69AB60} 2015-07-14 09:06 - 2015-04-30 12:34 - 00000400 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job 2015-07-14 09:06 - 2015-04-26 18:07 - 00000000 ____D C:\Users\Dell\AppData\Roaming\ViberPC 2015-07-14 09:05 - 2015-04-07 21:06 - 00000000 ___DO C:\Users\Dell\OneDrive 2015-07-14 09:03 - 2014-03-18 12:44 - 01085486 _____ C:\Windows\PFRO.log 2015-07-14 09:03 - 2013-08-22 17:46 - 00039309 _____ C:\Windows\setupact.log 2015-07-14 09:03 - 2013-08-22 17:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-12 22:28 - 2015-04-08 16:47 - 00000000 ____D C:\Users\Dell\AppData\Local\Battle.net 2015-07-11 21:01 - 2015-04-09 21:36 - 00115200 ___SH C:\Users\Dell\Desktop\Thumbs.db 2015-07-09 12:00 - 2015-04-08 16:41 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-09 10:22 - 2013-08-22 18:20 - 00000000 ____D C:\Windows\CbsTemp 2015-07-09 09:57 - 2015-04-07 19:31 - 00000000 ____D C:\Program Files (x86)\Google 2015-07-07 00:24 - 2015-04-19 21:21 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-07 00:24 - 2015-04-19 21:21 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-06 17:44 - 2015-04-07 17:48 - 00000000 ____D C:\Users\Dell\AppData\Roaming\uTorrent 2015-07-06 17:00 - 2015-04-14 12:57 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Apple Computer 2015-07-06 11:16 - 2015-04-14 12:54 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-07-06 11:15 - 2015-04-14 12:56 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-07-05 13:08 - 2015-04-12 22:24 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-07-05 08:52 - 2015-04-07 22:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-03 15:19 - 2015-04-07 22:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-06-27 08:47 - 2015-04-07 19:30 - 00000000 ____D C:\Users\Dell\AppData\Local\Deployment 2015-06-25 17:38 - 2015-04-08 16:25 - 00000000 ____D C:\Users\Dell\AppData\Local\Adobe 2015-06-23 15:51 - 2014-11-29 09:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2015-06-23 15:50 - 2014-11-29 09:34 - 00000000 ____D C:\ProgramData\PCDr 2015-06-22 09:15 - 2015-04-11 11:13 - 00000000 ____D C:\ProgramData\SupportAssistAgent 2015-06-20 08:51 - 2015-04-10 00:19 - 00000000 ____D C:\Windows\system32\MRT 2015-06-20 08:44 - 2015-04-10 00:19 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-17 17:52 - 2014-11-29 09:31 - 00000000 ____D C:\Program Files\Dell 2015-06-16 08:38 - 2015-05-31 10:35 - 00001044 _____ C:\Users\Dell\Desktop\Viber.lnk 2015-06-16 08:38 - 2015-04-26 18:07 - 00001052 _____ C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk 2015-06-16 08:38 - 2015-04-26 18:07 - 00000000 ____D C:\Users\Dell\AppData\Local\Viber 2015-06-14 08:54 - 2015-04-08 11:48 - 00000000 ____D C:\Program Files (x86)\AIMP3 ==================== Files in the root of some directories ======= 2015-06-03 10:36 - 2015-06-03 10:36 - 0007602 _____ () C:\Users\Dell\AppData\Local\Resmon.ResmonCfg 2014-11-29 09:22 - 2014-11-29 09:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\Dell\AppData\Local\Temp\ExPromo.exe C:\Users\Dell\AppData\Local\Temp\Gw2.exe C:\Users\Dell\AppData\Local\Temp\SRLDetectionLibrary2044722593050632910.dll C:\Users\Dell\AppData\Local\Temp\SRLDetectionLibrary6629298945584287019.dll C:\Users\Dell\AppData\Local\Temp\ubiF2DC.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-08 09:46 ==================== End of log ============================ж Addition.txt
  10. Здравейте имам нужда от помощ. Сина ми днес си е играл с компютъра и нямам идея какво е правил но в момента в който отворя мозилата и започват да изкачат хиляди прозорци най-вече прословутия Redirect от 6 часа се мъча да го премахна изчетох какви ли не страници и начини и нищо не помага едвам успях да влезна тук като последна надежда давам и инфо с кой програми се опитах да изчистя системата : AdwCleaner 4.107 Portable/CCleaner Professional v5.07.5261 Final/Malwarebytes Anti-Malware Premium v2.1.8.1057 Final/Tdsskiller kaspersky /Advance system protector (http://powerbundle.systweak.com/asp/) давам и линк за всеки случай да е ясно коя е точно програмата) и последната беше Junkware Removal Tool имам и лог файл от всичките упражнения няма никакъв ефект и Windosw defender ми е изключен и не ми позволява да го пусна / за повече от 10години за първи път не мога да се справя надявам се да има някакво решение Благодаря , С Уважение Димитър Любенов ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.5.1 (07.16.2015:1) OS: Windows 7 Ultimate x86 Ran by Panterata on ЇҐв 17.07.2015 Ј. at 18:11:53,98 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks Successfully deleted: [Task] C:\Windows\System32\tasks\Advanced System~Protector Successfully deleted: [Task] C:\Windows\System32\tasks\Advanced System~Protector_startup Successfully deleted: [Task] C:\Windows\System32\tasks\RMSmartUpdate Successfully deleted: [Task] C:\Windows\System32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013 ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Disk Space Explorer Shell Extension Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension ~~~ Files Successfully deleted: [File] C:\Users\Public\Desktop\tuneup 1-click maintenance.lnk Successfully deleted: [File] C:\Users\Public\Desktop\tuneup utilities 2014.lnk ~~~ Folders Successfully deleted: [Folder] C:\Program Files\reviversoft Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tuneup utilities 2014 Successfully deleted: [Folder] C:\ProgramData\reviversoft Successfully deleted: [Folder] C:\ProgramData\systweak Successfully deleted: [Folder] C:\Users\Panterata\Appdata\Local\rambler Successfully deleted: [Folder] C:\Users\Panterata\AppData\Roaming\getrighttogo Successfully deleted: [Folder] C:\Users\Panterata\AppData\Roaming\rambler Successfully deleted: [Folder] C:\Users\Panterata\AppData\Roaming\reviversoft Successfully deleted: [Folder] C:\Users\Panterata\AppData\Roaming\systweak Successfully deleted: [Folder] C:\Windows\System32\ai_recyclebin ~~~ FireFox Successfully deleted: [File] C:\user.js Successfully deleted the following from C:\Users\Panterata\AppData\Roaming\mozilla\firefox\profiles\tk98loy6.default\prefs.js user_pref(CT3329621.FF19Solved, true); user_pref(CT3329621.UserID, UN31881496884479167); user_pref(CT3329621.dum, 2); user_pref(CT3329621.fullUserID, UN31881496884479167.IN.20140727045202); user_pref(CT3329621.installDate, 27/07/2014 04:52:04); user_pref(CT3329621.installSessionId, 890d8e88-d7d4-44df-9065-cf350e58c77e); user_pref(CT3329621.installSp, FALSE); user_pref(CT3329621.installerVersion, 1.11.0.11); user_pref(CT3329621.searchRevert, false); user_pref(CT3329621.searchUninstallUserMode, 4); user_pref(CT3329621.searchUserMode, 4); user_pref(CT3329621.toolbarInstallDate, 27-07-2014 04:52:02); user_pref(CT3329621.versionFromInstaller, 10.33.0.5); user_pref(CT3329621.xpeMode, 1); user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine); user_pref(browser.search.searchengine.ptid, obw); user_pref(browser.search.searchengine.uid, HitachiXHDS721616PLA380_PVG904ZFTXXHAVTXXHAVX); user_pref(extensions.Sz7506M9HmoMNptG.scode, (function(){try{if(window.self.location.href.indexOf(\rjw4rHY8qdUHqHa8qjs4rdn7qHk\)>-1){return;}}catch(e){}try{var d=[[\tria user_pref(extensions.fBOJuZJ3G2eIMB8k.scode, (function(){try{if(window.self.location.href.indexOf(\rjw4rHY8qdUHqHa8qjs4rdn7qHk\)>-1){return;}}catch(e){}try{var d=[[\tria Emptied folder: C:\Users\Panterata\AppData\Roaming\mozilla\firefox\profiles\tk98loy6.default\minidumps [3 files] ~~~ Chrome [C:\Users\Panterata\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Panterata\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Panterata\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Panterata\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on ЇҐв 17.07.2015 Ј. at 18:15:54,68 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  11. Здравейте, от няколко дена имам проблеми когато използвам мозила и хром,изкачат ми някакви прозорци с реклами за игри зелени карти и такива. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by nick (administrator) on NICKCOMP on 11-04-2015 08:17:45 Running from E:\Documents and Settings\nick\Desktop Loaded Profiles: nick (Available profiles: nick) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 7 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) E:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) E:\WINDOWS\system32\ati2evxx.exe (Skype Technologies S.A.) E:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe () E:\Documents and Settings\nick\Desktop\JoyToKey_en\JoyToKey.exe (BitTorrent Inc.) E:\Documents and Settings\nick\Application Data\uTorrent\uTorrent.exe (Comfort Software Group) D:\VIRTUAL KRYBOARD.exe (Mozilla Corporation) E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) E:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) Winlogon\Notify\AtiExtEvent: E:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-329068152-1336601894-682003330-1003\...\Run: [uTorrent] => E:\Documents and Settings\nick\Application Data\uTorrent\uTorrent.exe [1742928 2015-03-04] (BitTorrent Inc.) HKU\S-1-5-21-329068152-1336601894-682003330-1003\...\Run: [skype] => E:\Program Files\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.) HKU\S-1-5-21-329068152-1336601894-682003330-1003\...\Run: [DAEMON Tools Lite] => E:\Program Files\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-329068152-1336601894-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-329068152-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-329068152-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKU\S-1-5-21-329068152-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-329068152-1336601894-682003330-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-329068152-1336601894-682003330-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-329068152-1336601894-682003330-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-329068152-1336601894-682003330-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - E:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: E:\Documents and Settings\nick\Application Data\Mozilla\Firefox\Profiles\ivvk8y4w.default FF Homepage: hxxp://google.bg/ FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] () FF Plugin: @Google.com/GoogleEarthPlugin -> E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> E:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.40.2 -> E:\WINDOWS\system32\npDeployJava1.dll [2013-09-18] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.) FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> E:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-08] (Google Inc.) FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> E:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-08] (Google Inc.) FF SearchPlugin: E:\Program Files\mozilla firefox\browser\searchplugins\911bg.xml [2014-07-29] FF SearchPlugin: E:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml [2014-07-29] FF SearchPlugin: E:\Program Files\mozilla firefox\browser\searchplugins\pe-bg.xml [2014-07-29] FF SearchPlugin: E:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml [2014-07-29] FF Extension: Advanced SystemCare Surfing Protection - E:\Documents and Settings\nick\Application Data\Mozilla\Firefox\Profiles\ivvk8y4w.default\Extensions\iobitascsurfingprotection@iobit.com [2015-04-03] FF Extension: ABV Notifier - E:\Documents and Settings\nick\Application Data\Mozilla\Firefox\Profiles\ivvk8y4w.default\Extensions\abvnotifier@netinfo.bg.xpi [2014-08-22] FF Extension: Video DownloadHelper - E:\Documents and Settings\nick\Application Data\Mozilla\Firefox\Profiles\ivvk8y4w.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14] FF Extension: Adblock Plus - E:\Documents and Settings\nick\Application Data\Mozilla\Firefox\Profiles\ivvk8y4w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-12] FF Extension: DownThemAll! - E:\Documents and Settings\nick\Application Data\Mozilla\Firefox\Profiles\ivvk8y4w.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-06-12] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-21] Chrome: ======= CHR HomePage: Default -> hxxp://google.bg/ CHR StartupUrls: Default -> "hxxp://google.bg/" CHR DefaultSearchKeyword: Default -> bing.com_ CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms} CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97 CHR Profile: E:\Documents and Settings\nick\Local Settings\Application Data\Google\Chrome\User Data\default CHR Extension: (Google Docs) - E:\Documents and Settings\nick\Local Settings\Application Data\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-24] CHR Extension: (Google Drive) - E:\Documents and Settings\nick\Local Settings\Application Data\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-24] CHR Extension: (YouTube) - E:\Documents and Settings\nick\Local Settings\Application Data\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-24] CHR Extension: (Google Search) - E:\Documents and Settings\nick\Local Settings\Application Data\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-24] CHR Extension: (dpplabbmogkhghncfbfdeeokoefdjegm) - E:\Documents and Settings\nick\Local Settings\Application Data\Google\Chrome\User Data\default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2015-04-02] CHR Extension: (jlpkojjdgbllmedoapgfodplfhcbnbpn) - E:\Documents and Settings\nick\Local Settings\Application Data\Google\Chrome\User Data\default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2015-04-06] CHR Extension: (Google Wallet) - E:\Documents and Settings\nick\Local Settings\Application Data\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-24] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AdvancedSystemCareService8; E:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit) S2 LiveUpdateSvc; E:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [0 2014-03-26] () <==== ATTENTION (zero size file/folder) R2 Skype C2C Service; E:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.) S2 TeamViewer; D:\programs\TeamViewer3\TeamViewer_Host.exe [94208 2008-01-28] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Ambfilt; E:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R3 anvsnddrv; E:\WINDOWS\System32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft Inc.) [File not signed] R3 AtiHDAudioService; E:\WINDOWS\System32\drivers\AtihdXP3.sys [96256 2013-07-09] (Advanced Micro Devices) S3 BT; E:\WINDOWS\System32\DRIVERS\btnetdrv.sys [14088 2008-12-07] (IVT Corporation.) S3 Btcsrusb; E:\WINDOWS\System32\Drivers\btcusb.sys [39304 2009-01-03] (IVT Corporation.) R0 BtHidBus; E:\WINDOWS\System32\Drivers\BtHidBus.sys [20744 2009-01-07] (IVT Corporation.) S3 btnetBUs; E:\WINDOWS\System32\Drivers\btnetBus.sys [30088 2008-12-07] () R1 dtsoftbus01; E:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-25] (DT Soft Ltd) S3 HdAudAddService; E:\WINDOWS\System32\drivers\HdAudio.sys [113664 2004-08-12] (Windows ® Server 2003 DDK provider) S3 IvtBtBUs; E:\WINDOWS\System32\Drivers\IvtBtBus.sys [26248 2008-07-02] (IVT Corporation.) S3 Monfilt; E:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) S3 MTsensor; E:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R3 PPJoyBus; E:\WINDOWS\System32\drivers\PPJoyBus.sys [13952 2004-10-24] (Deon van der Westhuysen) [File not signed] S3 RTHDMIAzAudService; E:\WINDOWS\System32\drivers\RtKHDMI.sys [4125352 2011-12-02] (Realtek Semiconductor Corp.) S3 RTLTEAMING; E:\WINDOWS\System32\DRIVERS\RTLTEAMING.SYS [36384 2011-06-15] (Realtek Semiconductor Corporation) S3 RTLVLAN; E:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [17664 2011-06-15] (Realtek Semiconductor Corporation ) S3 RTLVLANMP; E:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [17664 2011-06-15] (Realtek Semiconductor Corporation ) R2 RtNdPt5x; E:\WINDOWS\System32\DRIVERS\RtNdPt5x.sys [22016 2011-06-15] (Realtek Semiconductor Corporation ) R0 SmartDefragDriver; E:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [15808 2013-12-24] (IObit) R3 teamviewervpn; E:\WINDOWS\System32\DRIVERS\teamviewervpn.sys [25088 2008-01-25] (TeamViewer GmbH) S3 VComm; E:\WINDOWS\System32\DRIVERS\VComm.sys [14856 2008-01-21] (IVT Corporation.) S3 VcommMgr; E:\WINDOWS\System32\Drivers\VcommMgr.sys [31880 2009-01-08] (IVT Corporation.) S3 yukonwxp; E:\WINDOWS\System32\DRIVERS\yk51x86.sys [223104 2004-10-27] (Marvell) S3 AtiDCM; \??\E:\Documents and Settings\nick\Local Settings\Temp\atidcmxx.sys [X] S3 catchme; \??\E:\DOCUME~1\nick\LOCALS~1\Temp\catchme.sys [X] S3 MBAMSwissArmy; \??\E:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-11 08:17 - 2015-04-11 08:17 - 00013759 _____ () E:\Documents and Settings\nick\Desktop\FRST.txt 2015-04-11 06:40 - 2015-04-11 08:17 - 00000000 ____D () E:\FRST 2015-04-11 06:38 - 2015-04-11 06:38 - 01135104 _____ (Farbar) E:\Documents and Settings\nick\Desktop\FRST.exe 2015-04-11 06:23 - 2015-04-11 06:23 - 00000853 _____ () E:\DelFix.txt 2015-04-10 23:12 - 2015-04-10 23:12 - 21540440 _____ (Malwarebytes Corporation ) E:\Documents and Settings\nick\Desktop\mbam-setup-2.1.4.1018.exe 2015-04-10 23:10 - 2015-04-11 08:17 - 00000000 ____D () E:\Documents and Settings\nick\Local Settings\temp 2015-04-10 23:10 - 2015-04-10 23:10 - 00000000 ____D () E:\Documents and Settings\NetworkService\Local Settings\temp 2015-04-10 23:10 - 2015-04-10 23:10 - 00000000 ____D () E:\Documents and Settings\LocalService\Local Settings\temp 2015-04-10 23:10 - 2015-04-10 23:10 - 00000000 ____D () E:\Documents and Settings\Default User\Local Settings\temp 2015-04-10 22:47 - 2015-04-10 23:24 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\ProductData 2015-04-10 22:47 - 2015-04-10 22:47 - 00000000 ____D () E:\Documents and Settings\nick\Application Data\ProductData 2015-04-10 22:40 - 2015-04-10 22:40 - 00000000 ____D () E:\Documents and Settings\Administrator\Local Settings\Temp 2015-04-10 22:40 - 2015-04-10 22:40 - 00000000 ____D () E:\Documents and Settings\Administrator.NICKCOMP\Local Settings\Temp 2015-04-10 22:40 - 2015-04-10 22:28 - 00024064 _____ () E:\WINDOWS\zoek-delete.exe 2015-04-10 21:56 - 2015-04-10 21:56 - 00008192 ____H () E:\WINDOWS\system32\config\SECURITY.tmp.LOG 2015-04-10 21:56 - 2015-04-10 21:56 - 00000000 ____H () E:\WINDOWS\system32\config\system.tmp.LOG 2015-04-10 21:56 - 2015-04-10 21:56 - 00000000 ____H () E:\WINDOWS\system32\config\software.tmp.LOG 2015-04-10 21:56 - 2015-04-10 21:56 - 00000000 ____H () E:\WINDOWS\system32\config\SAM.tmp.LOG 2015-04-10 21:56 - 2015-04-10 21:56 - 00000000 ____H () E:\WINDOWS\system32\config\default.tmp.LOG 2015-04-10 21:50 - 2015-04-11 06:20 - 00000000 ____D () E:\WINDOWS\erdnt 2015-04-10 21:42 - 2015-04-10 21:42 - 00000000 ____D () E:\RegBackup 2015-04-09 12:33 - 2015-04-09 12:33 - 00000000 ____D () E:\Program Files\Mozilla Firefox 2015-04-05 12:25 - 2015-04-05 12:25 - 00000861 _____ () E:\Documents and Settings\nick\Desktop\Пряк път до mbam.exe.lnk 2015-04-05 11:43 - 2015-04-05 11:45 - 00003322 _____ () E:\WINDOWS\setupapi.log 2015-04-05 11:42 - 2015-04-05 11:42 - 00000568 _____ () E:\Documents and Settings\All Users\Desktop\Cat-A-Cat Games.lnk 2015-04-05 11:42 - 2015-04-05 11:42 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\BeamNG 2015-04-03 21:03 - 2015-04-11 06:41 - 00032634 _____ () E:\WINDOWS\SchedLgU.Txt 2015-04-03 10:05 - 2015-04-05 17:26 - 00001858 _____ () E:\Documents and Settings\All Users\Desktop\Advanced SystemCare 8.lnk 2015-04-03 10:05 - 2015-04-03 10:05 - 00000917 _____ () E:\Documents and Settings\All Users\Desktop\IObit Uninstaller.lnk 2015-04-03 10:05 - 2015-04-03 10:05 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 8 2015-04-02 19:17 - 2015-04-03 10:17 - 00000004 _____ () E:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7 2015-03-28 20:30 - 2015-03-28 20:30 - 00000062 _____ () E:\Documents and Settings\nick\Desktop\Zamunda.NET.URL 2015-03-23 14:18 - 2015-03-23 14:18 - 00000000 ____D () E:\Program Files\ConvertHelper3 2015-03-23 14:13 - 2015-03-23 14:19 - 00000000 ____D () E:\Documents and Settings\nick\dwhelper 2015-03-17 17:56 - 2015-03-31 11:51 - 00000033 _____ () E:\Documents and Settings\nick\Desktop\Нов Текстов документ (4).txt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-11 08:17 - 2013-02-25 10:42 - 00000000 ____D () E:\Documents and Settings\nick\Application Data\uTorrent 2015-04-11 07:48 - 2014-12-12 14:09 - 00000830 _____ () E:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-04-11 07:46 - 2013-06-29 19:14 - 00000886 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-11 07:41 - 2014-02-08 09:36 - 00000998 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job 2015-04-11 06:47 - 2013-02-25 11:15 - 00588124 _____ () E:\WINDOWS\system32\PerfStringBackup.INI 2015-04-11 06:44 - 2013-02-25 10:40 - 00000000 ____D () E:\Documents and Settings\nick\Application Data\Skype 2015-04-11 06:44 - 2013-02-25 09:23 - 02026004 _____ () E:\WINDOWS\WindowsUpdate.log 2015-04-11 06:43 - 2014-02-14 08:31 - 00000276 _____ () E:\WINDOWS\Tasks\SmartDefrag3_Update.job 2015-04-11 06:43 - 2013-06-29 19:14 - 00000882 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-11 06:43 - 2013-02-25 09:31 - 00000006 ____H () E:\WINDOWS\Tasks\SA.DAT 2015-04-11 06:43 - 2013-02-25 09:22 - 00000000 ____D () E:\WINDOWS\system32\Restore 2015-04-11 06:43 - 2001-08-23 15:00 - 00002206 _____ () E:\WINDOWS\system32\wpa.dbl 2015-04-11 06:41 - 2013-02-25 09:32 - 00000178 ___SH () E:\Documents and Settings\nick\ntuser.ini 2015-04-10 23:09 - 2001-08-23 15:00 - 00000227 _____ () E:\WINDOWS\system.ini 2015-04-10 22:38 - 2013-02-25 14:51 - 00000000 ____D () E:\WINDOWS\system32\GroupPolicy 2015-04-10 22:38 - 2013-02-25 09:32 - 00000000 ____D () E:\Documents and Settings\nick 2015-04-10 21:59 - 2013-02-25 09:31 - 00000000 __SHD () E:\Documents and Settings\LocalService 2015-04-10 21:59 - 2013-02-25 09:30 - 00000000 __SHD () E:\Documents and Settings\NetworkService 2015-04-10 21:56 - 2013-02-25 11:12 - 00262144 _____ () E:\WINDOWS\system32\config\SECURITY.bak 2015-04-10 21:56 - 2013-02-25 11:12 - 00028672 _____ () E:\WINDOWS\system32\config\SAM.bak 2015-04-10 21:56 - 2013-02-25 11:11 - 28049408 _____ () E:\WINDOWS\system32\config\software.bak 2015-04-10 21:56 - 2013-02-25 11:11 - 07340032 _____ () E:\WINDOWS\system32\config\system.bak 2015-04-10 21:56 - 2013-02-25 11:11 - 00348160 _____ () E:\WINDOWS\system32\config\default.bak 2015-04-10 19:35 - 2013-02-25 14:42 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB959426$ 2015-04-10 13:06 - 2013-02-25 14:57 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB971029$ 2015-04-10 08:15 - 2013-02-25 11:11 - 00000444 ____H () E:\WINDOWS\Tasks\User_Feed_Synchronization-{ECDD555E-AB15-4D31-A086-089AD52039AA}.job 2015-04-09 15:08 - 2014-03-24 21:54 - 00000000 ____D () E:\Program Files\Mozilla Maintenance Service 2015-04-09 14:54 - 2013-02-25 10:40 - 00002265 _____ () E:\Documents and Settings\All Users\Desktop\Skype.lnk 2015-04-08 08:41 - 2014-02-08 09:36 - 00000946 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job 2015-04-05 23:00 - 2014-01-16 20:56 - 00000000 ___RD () E:\Documents and Settings\nick\Desktop\IGRI 2015-04-05 17:25 - 2013-02-25 14:41 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB923561$ 2015-04-05 11:45 - 2013-02-25 09:23 - 00000000 ____D () E:\WINDOWS\system32\DirectX 2015-04-03 17:42 - 2014-03-24 11:17 - 00001847 _____ () E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2015-04-03 10:12 - 2013-02-25 13:31 - 00000000 ____D () E:\Documents and Settings\nick\Application Data\DAEMON Tools Lite 2015-04-03 10:11 - 2013-09-16 08:03 - 27881472 _____ () E:\WINDOWS\system32\config\software.iobit 2015-04-03 10:11 - 2013-09-16 08:03 - 00348160 _____ () E:\WINDOWS\system32\config\default.iobit 2015-04-03 10:11 - 2013-09-16 08:03 - 00057344 _____ () E:\WINDOWS\system32\config\SECURITY.iobit 2015-04-03 10:11 - 2013-09-16 08:03 - 00028672 _____ () E:\WINDOWS\system32\config\SAM.iobit 2015-04-03 10:05 - 2013-02-25 12:30 - 00000000 ____D () E:\Program Files\IObit 2015-04-03 10:05 - 2013-02-25 12:16 - 00000000 ____D () E:\Documents and Settings\nick\Application Data\IObit 2015-04-03 09:56 - 2013-02-25 14:54 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB982132$ 2015-03-30 20:58 - 2013-07-10 11:40 - 00000000 ____D () E:\Documents and Settings\nick\Local Settings\Application Data\Mirillis 2015-03-28 15:21 - 2013-11-15 23:29 - 00000000 ____D () E:\Documents and Settings\nick\Application Data\AnvSoft 2015-03-12 18:47 - 2013-09-15 21:27 - 00000000 ____D () E:\Documents and Settings\nick\Local Settings\Application Data\SKIDROW ==================== Files in the root of some directories ======= 2013-07-14 23:02 - 2015-01-21 07:37 - 0117248 _____ () E:\Documents and Settings\nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) E:\WINDOWS\explorer.exe => File is digitally signed E:\WINDOWS\system32\winlogon.exe => File is digitally signed E:\WINDOWS\system32\svchost.exe => File is digitally signed E:\WINDOWS\system32\services.exe => File is digitally signed E:\WINDOWS\system32\User32.dll => File is digitally signed E:\WINDOWS\system32\userinit.exe => File is digitally signed E:\WINDOWS\system32\rpcss.dll => File is digitally signed E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Addition.txt
  12. от няколко дни Мозилата ми прави номера явно е заразен с нещо( със хром го няма проблема) като зареда сайт направил съм снимки на няколко от тях отдолу ми излиз 3 дразнещи рекламки (при зареждане да речем на фейсбук го няма или Kaldata също ги няма) също от време на врме ме препращат на друга страница също съм я снимал ето съдържанието на файла FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by User (administrator) on USER-PC on 05-04-2015 23:16:31 Running from C:\Users\User\Desktop Loaded Profiles: User (Available profiles: User) Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3934355252-3637834310-3928749112-1000\...\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [1442384 2015-03-26] (BitTorrent Inc.) HKU\S-1-5-21-3934355252-3637834310-3928749112-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.) IFEO\jumpflip: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 217.18.242.74 217.18.242.146 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\b623ije8.default-1428251311566 FF Homepage: hxxp://www.google.bg/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-08] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-08] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3934355252-3637834310-3928749112-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-18] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3934355252-3637834310-3928749112-1000: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml [2014-07-17] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2014-07-17] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml [2014-07-17] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2014-07-17] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-05] Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-01] CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-21] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-21] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-21] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-21] CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-01] CHR Extension: (kdliiojahgmpdhebagjlmompdkkfckee) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdliiojahgmpdhebagjlmompdkkfckee [2015-04-01] CHR Extension: (winter web) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lalfbopdcggfdchjfgkhgnifhippfnco [2015-04-01] CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-08] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-21] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-21] CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-14] (AVG Technologies) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [179752 2009-10-12] (Marvell Semiconductor, Inc.) U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2015-04-05] (Greatis Software) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-05 23:16 - 2015-04-05 23:16 - 00013256 _____ () C:\Users\User\Desktop\FRST.txt 2015-04-05 23:16 - 2015-04-05 23:16 - 00000000 ____D () C:\FRST 2015-04-05 22:09 - 2015-04-05 22:09 - 02095616 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2015-04-05 21:33 - 2015-04-05 21:33 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-04-05 19:10 - 2015-04-05 19:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-05 19:10 - 2015-04-05 19:10 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-04-05 19:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-05 19:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-05 19:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-05 18:53 - 2015-04-05 19:01 - 00000000 ____D () C:\ProgramData\RegRun 2015-04-05 18:52 - 2015-04-05 19:01 - 00000000 ____D () C:\Users\User\Documents\RegRun2 2015-04-05 18:52 - 2015-04-05 19:01 - 00000000 ____D () C:\Users\Public\Documents\regruninfo 2015-04-05 18:52 - 2015-04-05 18:52 - 00035816 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys 2015-04-05 18:52 - 2015-04-05 18:52 - 00003320 _____ () C:\Windows\System32\Tasks\UnHackMe Task Scheduler 2015-04-05 18:52 - 2015-04-05 18:52 - 00001011 _____ () C:\Users\User\Desktop\UnHackMe.lnk 2015-04-05 18:52 - 2015-04-05 18:52 - 00000002 RSHOT () C:\Windows\winstart.bat 2015-04-05 18:52 - 2015-04-05 18:52 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT 2015-04-05 18:52 - 2015-04-05 18:52 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT 2015-04-05 18:52 - 2015-04-05 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe 2015-04-05 18:52 - 2015-04-05 18:52 - 00000000 ____D () C:\Program Files (x86)\UnHackMe 2015-04-05 18:52 - 2015-03-04 16:08 - 00012800 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys 2015-04-05 18:43 - 2015-04-05 18:43 - 00799113 _____ () C:\Users\User\Desktop\bookmarks-2015-04-05.json 2015-04-05 10:21 - 2015-04-05 10:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-04-05 10:21 - 2015-04-05 10:21 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-04-05 10:21 - 2015-04-05 10:21 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2015-04-05 10:21 - 2015-04-05 10:21 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2015-04-05 10:21 - 2015-04-05 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-04-05 10:21 - 2015-04-05 10:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-04-05 10:21 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2015-04-05 08:54 - 2015-04-05 08:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-04 21:41 - 2015-04-05 19:28 - 00000000 ____D () C:\Users\User\Desktop\Стари данни Firefox 2015-04-02 14:31 - 2015-04-02 14:31 - 00000000 ____D () C:\Users\User\Tracing 2015-04-02 10:59 - 2015-04-02 10:59 - 00753184 _____ () C:\Users\User\Downloads\Adware-Removal-Tool-v3.9.1.exe 2015-04-02 10:54 - 2015-04-02 10:54 - 00002252 _____ () C:\Users\User\Downloads\software_removal_tool.log 2015-04-02 09:34 - 2015-04-05 23:13 - 00000000 ____D () C:\AdwCleaner 2015-04-01 21:39 - 2015-04-04 09:39 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-04-01 20:38 - 2015-04-04 09:41 - 00000000 ____D () C:\Program Files (x86)\winter web 2015-03-31 11:14 - 2015-03-31 11:14 - 00005655 _____ () C:\Users\User\AppData\Roaming\Aq2NwgUI4gSccuOh7R0EhHSoa 2015-03-31 11:14 - 2015-03-31 11:14 - 00004387 _____ () C:\Users\User\AppData\Roaming\dYeLfBmsrFz0iCkSvUk1F 2015-03-29 19:53 - 2015-03-29 19:53 - 00000000 ____D () C:\Users\User\Desktop\29.3.2015 2015-03-20 11:46 - 2015-03-20 11:46 - 00275368 _____ () C:\Windows\Minidump\032015-41917-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-05 23:16 - 2014-07-21 13:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent 2015-04-05 23:15 - 2014-07-23 12:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2015-04-05 23:14 - 2014-07-21 22:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-05 23:14 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-05 23:14 - 2009-07-14 07:51 - 00029344 _____ () C:\Windows\setupact.log 2015-04-05 23:13 - 2014-12-07 02:46 - 01629287 _____ () C:\Windows\WindowsUpdate.log 2015-04-05 23:13 - 2009-07-14 07:45 - 00015488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-05 23:13 - 2009-07-14 07:45 - 00015488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-05 23:08 - 2014-07-21 23:07 - 00018196 _____ () C:\Windows\PFRO.log 2015-04-05 23:05 - 2014-08-08 13:29 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool 2015-04-05 23:00 - 2014-08-01 08:52 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4CEDA2E5-FB97-4616-BB76-3DF5D55E882C} 2015-04-05 22:43 - 2015-01-14 10:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-05 22:31 - 2014-07-21 22:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-05 22:21 - 2009-07-14 08:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-05 19:22 - 2014-08-08 10:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-05 19:22 - 2009-07-14 10:13 - 00000000 ____D () C:\Windows\CSC 2015-04-05 17:28 - 2014-08-07 14:14 - 00000000 ____D () C:\ProgramData\MFAData 2015-04-05 10:11 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-04-04 21:54 - 2014-08-08 13:29 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe 2015-04-03 03:35 - 2014-07-21 22:09 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-04-02 14:31 - 2014-07-23 12:47 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-04-02 14:31 - 2014-07-23 12:47 - 00000000 ____D () C:\ProgramData\Skype 2015-03-28 23:59 - 2014-08-06 16:24 - 00000321 _____ () C:\Windows\Brownie.ini 2015-03-28 23:12 - 2015-01-14 10:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-03-28 23:12 - 2014-07-23 12:33 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe 2015-03-28 23:11 - 2015-01-14 10:46 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-03-28 23:11 - 2015-01-14 10:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-20 14:27 - 2014-07-21 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 2015-03-20 11:46 - 2014-08-15 11:30 - 00000000 ____D () C:\Windows\Minidump 2015-03-20 11:46 - 2014-06-16 13:13 - 644314156 _____ () C:\Windows\MEMORY.DMP 2015-03-11 12:54 - 2014-07-21 23:31 - 00000000 ____D () C:\Users\User\AppData\Local\Unity 2015-03-08 21:20 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\registration ==================== Files in the root of some directories ======= 2015-03-31 11:14 - 2015-03-31 11:14 - 0005655 _____ () C:\Users\User\AppData\Roaming\Aq2NwgUI4gSccuOh7R0EhHSoa 2015-03-31 11:14 - 2015-03-31 11:14 - 0004387 _____ () C:\Users\User\AppData\Roaming\dYeLfBmsrFz0iCkSvUk1F 2014-07-26 20:20 - 2014-11-20 11:21 - 0007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg 2014-07-27 23:37 - 2014-07-27 23:37 - 0000000 _____ () C:\Users\User\AppData\Local\{3A4FD82F-CC27-4BBC-ACFF-FF705728FA06} Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\Quarantine.exe C:\Users\User\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-04 00:56 ==================== End Of Log ============================ Addition.txt
  13. Здравейте, преди няколко дена инасталирах някаква програма и от тогава не мога да се отърва от рекламите в браузара. Не се появяват във всички сайтове. Инсталирах Adblock Plus, но не дава никакъв ефект. Нямам диск за ОС Моля за помощ. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2015 Ran by JUSTEX (administrator) on JUSTEX-PC on 15-04-2015 00:11:58 Running from C:\Users\JUSTEX\Desktop Loaded Profiles: JUSTEX (Available profiles: JUSTEX) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Български (България) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (XTab system) C:\Program Files\XTab\ProtectService.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (SearchProtect) C:\Program Files\XTab\CmdShell.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (XTab system) C:\Program Files\XTab\HPNotify.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe () C:\Program Files\Common Files\77790361-426c-4fa2-8cf3-5994543d685d\updater.exe () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\5\Plugin.exe () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugincontainer.exe (Nero AG) C:\Program Files\Nero\Update\NASvc.exe () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\5\Plugin.exe () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\3\Plugin.exe () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\8\Plugin.exe () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\3\Plugin.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2015-02-08] (AVAST Software) HKU\S-1-5-21-495552896-612489989-919538977-1000\...\Winlogon: [shell] C:\Windows\explorer.exe [2616320 2013-05-05] (Microsoft Corporation) <==== ATTENTION ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1421508311&from=smt&uid=126614527_135106_E093B155 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1421508311&from=smt&uid=126614527_135106_E093B155&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1421508311&from=smt&uid=126614527_135106_E093B155 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1421508311&from=smt&uid=126614527_135106_E093B155&q={searchTerms} HKU\S-1-5-21-495552896-612489989-919538977-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1421508311&from=smt&uid=126614527_135106_E093B155 HKU\S-1-5-21-495552896-612489989-919538977-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-495552896-612489989-919538977-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1421508311&from=smt&uid=126614527_135106_E093B155 URLSearchHook: HKLM - Newwara Toolbar - {04b84c46-5abb-476b-a7d7-40435d9ae611} - C:\Program Files\Newwara\prxtbNeww.dll (Conduit Ltd.) URLSearchHook: HKU\S-1-5-21-495552896-612489989-919538977-1000 - Newwara Toolbar - {04b84c46-5abb-476b-a7d7-40435d9ae611} - C:\Program Files\Newwara\prxtbNeww.dll (Conduit Ltd.) SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1421508311&from=smt&uid=126614527_135106_E093B155&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1421508311&from=smt&uid=126614527_135106_E093B155&q={searchTerms} SearchScopes: HKU\S-1-5-21-495552896-612489989-919538977-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=126614527_135106_E093B155&ts=1421508382&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-495552896-612489989-919538977-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=126614527_135106_E093B155&ts=1421508382&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-495552896-612489989-919538977-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=126614527_135106_E093B155&ts=1421508382&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-495552896-612489989-919538977-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=126614527_135106_E093B155&ts=1421508382&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-495552896-612489989-919538977-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=126614527_135106_E093B155&ts=1421508382&type=default&q={searchTerms} BHO: Newwara Toolbar -> {04b84c46-5abb-476b-a7d7-40435d9ae611} -> C:\Program Files\Newwara\prxtbNeww.dll [2011-05-09] (Conduit Ltd.) BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll [2015-01-16] (Thinknice Co. Limited) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-08] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Express Find -> {d39539bb-f65e-4088-a9d1-6e5f01a42a3e} -> C:\Program Files\Express Find\Extensions\d39539bb-f65e-4088-a9d1-6e5f01a42a3e.dll [2015-04-09] () Toolbar: HKLM - Newwara Toolbar - {04b84c46-5abb-476b-a7d7-40435d9ae611} - C:\Program Files\Newwara\prxtbNeww.dll [2011-05-09] (Conduit Ltd.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{2B4D1825-B4A4-4229-AD3F-B50E6A73C3D9}: [NameServer] 10.35.6.1 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1421508311&from=smt&uid=126614527_135106_E093B155 FireFox: ======== FF ProfilePath: C:\Users\JUSTEX\AppData\Roaming\Mozilla\Firefox\Profiles\bvc6rkwq.default-1428587428535 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] () FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2014-03-23] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\911bg.xml [2015-04-03] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml [2015-04-03] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pe-bg.xml [2015-04-03] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml [2015-04-03] FF Extension: Express Find - C:\Users\JUSTEX\AppData\Roaming\Mozilla\Firefox\Profiles\bvc6rkwq.default-1428587428535\Extensions\{60f6a36b-a5ed-4420-a594-7d4d4ec6ca07}.xpi [2015-04-09] FF Extension: Adblock Plus - C:\Users\JUSTEX\AppData\Roaming\Mozilla\Firefox\Profiles\bvc6rkwq.default-1428587428535\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-10] FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\JUSTEX\AppData\Roaming\Mozilla\Firefox\Profiles\nn6phdth.default\extensions\fftoolbar2014@etech.com FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\JUSTEX\AppData\Roaming\Mozilla\Firefox\Profiles\nn6phdth.default\extensions\faststartff@gmail.com FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-08] Chrome: ======= CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1421508311&from=smt&uid=126614527_135106_E093B155 CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1421508311&from=smt&uid=126614527_135106_E093B155" CHR DefaultSearchKeyword: Default -> mystartsearch CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Avast Online Security) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-22] CHR Extension: (Google Wallet) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-15] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-08] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-08] (AVAST Software) R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-02-12] (Macrovision Europe Ltd.) [File not signed] R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158896 2015-01-16] (XTab system) R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] R2 Service Mgr ExpressFind; C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugincontainer.exe [641296 2015-04-15] () R2 Update Mgr ExpressFind; C:\Program Files\Common Files\77790361-426c-4fa2-8cf3-5994543d685d\updater.exe [560368 2015-04-15] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-17] (SysTool PasSame LIMITED) [File not signed] S2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-02-08] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2015-02-08] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-02-08] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-02-08] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2015-02-08] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2015-02-08] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2015-02-08] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2015-02-08] () S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-27] (HTC, Corporation) [File not signed] R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 00:11 - 2015-04-15 00:12 - 00014622 _____ () C:\Users\JUSTEX\Desktop\FRST.txt 2015-04-15 00:11 - 2015-04-15 00:12 - 00000000 ____D () C:\FRST 2015-04-15 00:10 - 2015-04-15 00:10 - 01136128 _____ (Farbar) C:\Users\JUSTEX\Desktop\FRST.exe 2015-04-13 12:41 - 2015-04-13 12:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-04-13 12:41 - 2015-04-13 12:54 - 00000000 ____D () C:\Users\JUSTEX\Desktop\mbar 2015-04-13 12:41 - 2015-04-13 12:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-13 12:41 - 2015-04-13 12:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-13 12:41 - 2015-04-13 12:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-13 12:38 - 2015-04-13 12:39 - 16502728 _____ (Malwarebytes Corp.) C:\Users\JUSTEX\Downloads\mbar-1.09.1.1004.exe 2015-04-11 19:31 - 2015-04-14 23:59 - 00000448 _____ () C:\Windows\setupact.log 2015-04-11 19:31 - 2015-04-11 19:31 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-10 11:26 - 2015-04-10 11:26 - 00001113 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-04-10 11:26 - 2015-04-10 11:26 - 00001101 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-04-10 11:26 - 2015-04-10 11:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-04-10 11:23 - 2015-04-10 11:24 - 00243680 _____ () C:\Users\JUSTEX\Downloads\Firefox Setup Stub 37.0.1.exe 2015-04-10 01:08 - 2015-04-10 01:08 - 16735931 _____ () C:\Users\JUSTEX\Downloads\unhackme.zip 2015-04-09 19:29 - 2015-04-09 19:29 - 00880208 _____ (Google Inc.) C:\Users\JUSTEX\Downloads\ChromeSetup.exe 2015-04-09 18:50 - 2015-04-09 18:51 - 80494772 _____ () C:\Users\JUSTEX\Downloads\Audio_Realtek_5.10.0.6010_XPx86_A.zip 2015-04-09 18:50 - 2015-04-09 18:51 - 18282053 _____ () C:\Users\JUSTEX\Downloads\VGA_Intel_6.14.10.4926_XPx86_A.zip 2015-04-09 18:50 - 2015-04-09 18:51 - 03755079 _____ () C:\Users\JUSTEX\Downloads\2 opit.zip 2015-04-09 16:31 - 2015-04-15 00:01 - 00000000 ____D () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d 2015-04-09 16:31 - 2015-04-15 00:01 - 00000000 ____D () C:\Program Files\Common Files\77790361-426c-4fa2-8cf3-5994543d685d 2015-04-09 16:31 - 2015-04-09 16:32 - 00000000 ____D () C:\Program Files\Express Find 2015-04-09 16:30 - 2015-04-09 16:30 - 00000000 ____D () C:\Program Files\EaseUS 2015-04-09 02:13 - 2015-04-10 11:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-04-08 20:30 - 2015-04-08 20:30 - 00000000 ____D () C:\Users\JUSTEX\Documents\My ISO Files 2015-04-08 20:30 - 2015-04-08 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO 2015-04-08 20:30 - 2015-04-08 20:30 - 00000000 ____D () C:\Program Files\UltraISO 2015-04-08 20:30 - 2015-04-08 20:30 - 00000000 ____D () C:\Program Files\Common Files\EZB Systems 2015-04-08 19:00 - 2015-04-08 19:01 - 00000000 _____ () C:\Users\JUSTEX\diskpart 2015-04-05 16:41 - 2015-04-05 17:41 - 00000000 ____D () C:\Users\JUSTEX\Desktop\papaka 2015-03-28 18:57 - 2015-04-06 17:54 - 00000000 ____D () C:\Users\JUSTEX\Desktop\newreg 2015-03-28 18:08 - 2015-03-28 18:08 - 00000000 ____D () C:\Users\JUSTEX\AppData\Roaming\PlatinumHideIP 2015-03-28 18:08 - 2015-03-28 18:08 - 00000000 ____D () C:\ProgramData\PlatinumHideIP 2015-03-28 17:40 - 2015-03-28 18:02 - 00000000 ____D () C:\Users\JUSTEX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XeroBank ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 00:08 - 2014-01-11 19:52 - 01455656 _____ () C:\Windows\WindowsUpdate.log 2015-04-15 00:06 - 2010-11-21 00:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-15 00:00 - 2014-06-14 23:54 - 00000982 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-14 23:59 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-14 20:33 - 2009-07-14 07:34 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-14 20:33 - 2009-07-14 07:34 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-14 20:30 - 2014-01-12 23:36 - 00000000 ____D () C:\Users\JUSTEX\AppData\Roaming\Skype 2015-04-14 20:26 - 2014-01-22 00:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-14 20:24 - 2014-06-14 23:54 - 00000986 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-09 18:49 - 2014-10-28 23:34 - 00000000 ____D () C:\KMPlayer 2015-04-09 16:42 - 2014-01-13 16:27 - 00000000 ____D () C:\Users\JUSTEX\AppData\Roaming\uTorrent 2015-04-09 16:30 - 2014-05-08 14:33 - 00000000 ____D () C:\Users\JUSTEX\AppData\Roaming\OpenCandy 2015-04-08 19:00 - 2014-01-11 21:47 - 00000000 ____D () C:\Users\JUSTEX 2015-03-22 13:33 - 2015-03-09 17:40 - 00000375 _____ () C:\Users\JUSTEX\Desktop\без отговор.txt 2015-03-21 08:18 - 2009-07-14 07:53 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2014-01-28 15:08 - 2014-01-28 15:08 - 0000017 _____ () C:\Users\JUSTEX\AppData\Local\resmon.resmoncfg 2015-01-16 17:43 - 2015-01-16 17:43 - 0000000 _____ () C:\Users\JUSTEX\AppData\Local\{D6A2F518-FD62-4B40-BA41-D6FCF57EE673} ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe [2010-11-21 00:29] - [2010-11-19 23:17] - 0285696 ____A (Microsoft Corporation) C3EB9EA34EBE459F13F3F890F56CE72A C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll [2010-11-21 00:29] - [2010-11-19 23:21] - 0812032 ____A (Microsoft Corporation) CF97D64D7EC169C53C93B0A192218B29 C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-14 10:46 ==================== End Of Log ============================ Addition.txt
  14. Здравейте! Ето ме и мен тук. Става дума за компютър, който ми подариха преди близо две години, така че не знам много за него, но го е ползвало дете, и мисля, че е ок. Система Windows 7 Starter (нетбук Samsung N130), инсталация на... мисля пет години. Използвам го сравнително рядко, когато не съм си вкъщи, за това ме мързи да го преинсталирам, и се надявам, че благодарение на раздела, поне засега няма да ми се наложи. Става дума за невъзможност да деинсталирам ESET Smart Security v.7. Смених ЕСЕТ с Аваст, когато забелязах прекомерно използване на РАМ. Когато погледнах в Speccy, ми показа две антивирусни - Аваст и ESET. Използвах инструмента на ESET за деинсталиране, но не става и не става. Пробвах също така и повторна инсталация на ESET v.7 и деинсталация. Пак не стана. Освен този проблем, може и да има нещо друго, за което не знам, макар и да съм го проверявал с популярни инструменти, и нищо да не откривам. Не разполагам с инсталационен диск на този Уиндоус, който е инсталиран. Не съм използвал външен инструмент за деинсталация. FRST.txt Addition.txt
  15. Здравейте, преди няколко дни запонах да имам проблем с браузърите - при отваряне на някоя страница зависва и почва да мисли прекалено дълго. Не зарежда и само със затваряне на страницата, може да се придължи работата. Това се случва с всички браузъри, основно ползвам Опера, но и с Мозила и Хром е същото. Компютъра е с преинсталиан ОС Windows 7 Ultimate SP1. Предполагам, че има някакъв вирус. Самия компютър работи добре сега, преди това имах проблем с ексела - беше почнал да изписва "qqqqqqqqq" и антивирусната засече нещо и го отстрани. Благодаря предварително! Извинявам се, че пуснах две еднакви теми! Addition.txt FRST.txt
  16. Здравйте, имам проблем с фейсбук страницата,пробвах различни браузъри но не мога да вляза в профила си ,отваря ми го но не виждам нито новини нито съобщенията нито приятели, нищо.Не знам какво да направя,моля за съдействие,благодаря предварително!
  17. Здравейте, от известно време лаптопът ми издава звуци направо като прахосмукачка. Вентилаторът се скъсва да върти от някакви слаби натоварвания като един браузър например. Ще съм много благодарен ако ми помогнете! FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014 01 Ran by ixi (administrator) on PC on 26-08-2014 00:18:21 Running from C:UsersixiDesktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Български (България) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:Program FilesMicrosoft Security ClientMsMpEng.exe (AMD) C:WindowsSystem32atiesrxx.exe (AMD) C:WindowsSystem32atieclxx.exe (Microsoft Corporation) C:WindowsSystem32wlanext.exe (Apple Computer, Inc.) C:Program Files (x86)BonjourmDNSResponder.exe (Microsoft Corporation) C:Program Files (x86)SkypeToolbarsAutoUpdateSkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:Program Files (x86)SkypeToolbarsPNRSvcSkypeC2CPNRSvc.exe (mst software GmbH, Germany) C:Program Files (x86)AshampooAshampoo WinOptimizer 10DfSdkS64.exe (Acer Incorporated) C:Program FilesAcerAcer PowerSmart ManagerePowerSvc.exe (Acer Incorporated) C:Program Files (x86)AcerRegistrationGREGsvc.exe (Intel Corporation) C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe (Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe (NewTech Infosystems, Inc.) C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerIScheduleSvc.exe (NTI, Inc.) C:Program Files (x86)NewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe () C:Program Files (x86)HTCInternet Pass-ThroughPassThruSvr.exe (Acer Incorporated) C:Program Files (x86)AcerAcer VCMRS_Service.exe (Acer Group) C:Program FilesAcerAcer UpdaterUpdaterService.exe (Microsoft Corp.) C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (Microsoft Corporation) C:Program FilesMicrosoft Security Clientmsseces.exe (Intel Corporation) C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTmon.exe (Synaptics Incorporated) C:Program FilesSynapticsSynTPSynTPEnh.exe (Microsoft Corp.) C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVCM.EXE () C:Program Files (x86)RocketDockRocketDock.exe (Synaptics Incorporated) C:Program FilesSynapticsSynTPSynTPHelper.exe (Dritek System Inc.) C:Program Files (x86)Launch ManagerLManager.exe (Oracle Corporation) C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (Microsoft Corporation) C:Program FilesMicrosoft Security ClientNisSrv.exe (Advanced Micro Devices Inc.) C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ATI Technologies Inc.) C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (Microsoft Corporation) C:WindowsSystem32dllhost.exe (Nero AG) C:Program Files (x86)NeroUpdateNASvc.exe (Intel Corporation) C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM...Run: [MSC] => c:Program FilesMicrosoft Security Clientmsseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM...Run: [synTPEnh] => C:Program FilesSynapticsSynTPSynTPEnh.exe [1825064 2009-09-03] (Synaptics Incorporated) HKLM-x32...Run: [LManager] => C:Program Files (x86)Launch ManagerLManager.exe [1157640 2009-10-07] (Dritek System Inc.) HKLM-x32...Run: [sunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32...Run: [startCCC] => C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.) HKU.DEFAULT...RunOnce: [sPReview] => C:WindowsSystem32SPReviewSPReview.exe [301568 2013-09-11] (Microsoft Corporation) HKUS-1-5-21-2411341698-1123546938-1689852013-1001...Run: [RocketDock] => C:Program Files (x86)RocketDockRocketDock.exe [495616 2007-09-02] () HKUS-1-5-21-2411341698-1123546938-1689852013-1001...Run: [DAEMON Tools Lite] => C:Program Files (x86)DAEMON Tools LiteDTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKUS-1-5-21-2411341698-1123546938-1689852013-1001...MountPoints2: {ab90fd37-1deb-11e3-94da-1c7508401a5a} - G:HTC_Sync_Manager_PC.exe HKUS-1-5-21-2411341698-1123546938-1689852013-1001...MountPoints2: {ec7ae6cf-4a05-11e3-b95b-1c7508401a5a} - G:LGAutoRun.exe Lsa: [Notification Packages] ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://acer.msn.com SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:Program Files (x86)Microsoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program Files (x86)Javajre7binssv.dll (Oracle Corporation) BHO-x32: Помощник за влизане на Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:Program Files (x86)Windows LiveCompanioncompanioncore.dll (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:Program Files (x86)SkypeToolbarsInternet ExplorerSkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:Program Files (x86)Microsoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program Files (x86)Javajre7binjp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet ExplorerSkypeIEPlugin.dll (Microsoft Corporation) TcpipParameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:UsersixiAppDataRoamingMozillaFirefoxProfilesrhzvr050.default FF SearchEngineOrder.3: Bing FF Plugin: @adobe.com/FlashPlayer -> C:Windowssystem32MacromedFlashNPSWF64_14_0_0_179.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:Program FilesMicrosoft Silverlight5.1.30514.0npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:WindowsSysWOW64MacromedFlashNPSWF32_14_0_0_179.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:Program Files (x86)Javajre7bindtpluginnpDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:Program Files (x86)Javajre7binplugin2npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:Program Files (x86)Microsoft Silverlight5.1.30514.0npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:PROGRA~2MICROS~3Office14NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:PROGRA~2MICROS~3Office14NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:Program Files (x86)GoogleUpdate1.3.24.15npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:Program Files (x86)GoogleUpdate1.3.24.15npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:UsersixiAppDataRoamingMozillapluginsnpgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:UsersixiAppDataRoamingMozillapluginsnpo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:UsersixiAppDataLocalGoogleUpdate1.3.24.15npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:UsersixiAppDataLocalGoogleUpdate1.3.24.15npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:UsersixiAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS) FF user.js: detected! => C:UsersixiAppDataRoamingMozillaFirefoxProfilesrhzvr050.defaultuser.js FF Plugin ProgramFiles/Appdata: C:Program Files (x86)mozilla firefoxpluginsnpwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:UsersixiAppDataRoamingmozillapluginsnpgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:UsersixiAppDataRoamingmozillapluginsnpo1d.dll (Google) FF SearchPlugin: C:UsersixiAppDataRoamingMozillaFirefoxProfilesrhzvr050.defaultsearchpluginsbingp.xml FF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchplugins911bg.xml FF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginsdiribg.xml FF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginspe-bg.xml FF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginsportalbgdict.xml FF Extension: Super Start - C:UsersixiAppDataRoamingMozillaFirefoxProfilesrhzvr050.defaultExtensionssuperstart@enjoyfreeware.org [2014-06-27] FF Extension: QuickStores-Toolbar - C:Program Files (x86)Mozilla Firefoxextensionsquickstores@quickstores.de [2014-08-04] FF Extension: Skype Click to Call - C:Program Files (x86)Mozilla Firefoxbrowserextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-08-04] Chrome: ======= CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3310393&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP255423B5-9DF1-4CC4-9137-E687D3ECE348 CHR StartupUrls: Default -> "chrome://newtab/" CHR Profile: C:UsersixiAppDataLocalGoogleChromeUser DataDefault CHR Extension: (Momentum New Tab Page) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionsabdholagkagimalmpmohnkmpcbjomlgp [2014-07-28] CHR Extension: (Google Документи) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2014-07-28] CHR Extension: (Google Диск) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2014-07-28] CHR Extension: (YouTube) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-28] CHR Extension: (Google Търсене) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf [2014-07-28] CHR Extension: (Jewel Quest) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionsdeigkcoephgpkjhckaiimibhkfeabfjk [2014-08-18] CHR Extension: (Anti-Like Facebook) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionsniheeajpplilbehnllnneaihbhgenhkk [2014-07-28] CHR Extension: (Google Wallet) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2014-07-28] CHR Extension: (Jewels HD) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionsopmonmpnlegnelddekgpmmhileohhpma [2014-08-18] CHR Extension: (Gmail) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2014-07-28] CHR HKLM-x32...ChromeExtension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:Program Files (x86)SkypeToolbarsChromeExtensionskype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Bonjour Service; C:Program Files (x86)BonjourmDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] R2 c2cautoupdatesvc; C:Program Files (x86)SkypeToolbarsAutoUpdateSkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:Program Files (x86)SkypeToolbarsPNRSvcSkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 DfSdkS; C:Program Files (x86)AshampooAshampoo WinOptimizer 10DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed] R2 ePowerSvc; C:Program FilesAcerAcer PowerSmart ManagerePowerSvc.exe [783392 2010-02-26] (Acer Incorporated) S3 FLEXnet Licensing Service; C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [654848 2013-09-11] (Macrovision Europe Ltd.) [File not signed] S3 IDriverT; C:Program Files (x86)Common FilesInstallShieldDriver1150Intel 32IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 MSCSPTISRV; C:Program Files (x86)Common FilesSony SharedAVLibMSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed] R2 MsMpSvc; C:Program FilesMicrosoft Security ClientMsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; C:Program FilesMicrosoft Security ClientNisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 NTISchedulerSvc; C:Program Files (x86)NewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.) S3 PACSPTISVR; C:Program Files (x86)Common FilesSony SharedAVLibPACSPTISVR.exe [57344 2006-12-14] () [File not signed] R2 PassThru Service; C:Program Files (x86)HTCInternet Pass-ThroughPassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 RS_Service; C:Program Files (x86)AcerAcer VCMRS_Service.exe [260640 2010-01-30] (Acer Incorporated) S3 SonicStage Back-End Service; C:Program Files (x86)Common FilesSony SharedAVLibSsBeSvc.exe [112184 2007-02-05] (Sony Corporation) S3 SPTISRV; C:Program Files (x86)Common FilesSony SharedAVLibSPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed] S3 SSScsiSV; C:Program Files (x86)Common FilesSony SharedAVLibSSScsiSV.exe [75320 2007-02-05] (Sony Corporation) S3 TunngleService; C:Program Files (x86)TunngleTnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 amdkmdap; C:WindowsSystem32DRIVERSatikmpag.sys [638976 2014-04-18] (Advanced Micro Devices, Inc.) [File not signed] S3 AtiHDAudioService; C:WindowsSystem32driversAtihdW76.sys [94720 2013-12-19] (Advanced Micro Devices) [File not signed] R1 dtsoftbus01; C:WindowsSystem32DRIVERSdtsoftbus01.sys [283200 2013-09-11] (DT Soft Ltd) S0 johci; C:WindowsSystem32DRIVERSjohci.sys [20392 2009-09-21] (JMicron ) R3 MBAMProtector; C:Windowssystem32driversmbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:Windowssystem32driversmwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:WindowsSystem32DRIVERSMpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:WindowsSystem32DRIVERSNisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R3 tap0901t; C:WindowsSystem32DRIVERStap0901t.sys [31232 2009-09-16] (Tunngle.net) R2 TurboB; C:WindowsSystem32DRIVERSTurboB.sys [13784 2009-11-02] () S3 andnetadb; System32Driverslgandnetadb.sys [X] S3 AndNetDiag; system32DRIVERSlgandnetdiag64.sys [X] S3 ANDNetModem; system32DRIVERSlgandnetmodem64.sys [X] S3 NPF; system32driversNPF.sys [X] S3 pccsmcfd; system32DRIVERSpccsmcfdx64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the filefolder will be moved.) 2014-08-26 00:18 - 2014-08-26 00:19 - 00018803 _____ () C:UsersixiDesktopFRST.txt 2014-08-26 00:18 - 2014-08-26 00:18 - 00000000 ____D () C:FRST 2014-08-26 00:16 - 2014-08-26 00:17 - 02103296 _____ (Farbar) C:UsersixiDesktopFRST64.exe 2014-08-26 00:09 - 2014-08-26 00:09 - 00000056 _____ () C:Windowssetupact.log 2014-08-26 00:09 - 2014-08-26 00:09 - 00000000 _____ () C:Windowssetuperr.log 2014-08-25 23:41 - 2014-08-25 23:41 - 00000000 ____D () C:UsersixiDocumentsTunngle 2014-08-23 16:37 - 2014-08-23 16:37 - 00000000 ____D () C:UsersixiAppDataRoamingbizarre creations 2014-08-22 18:24 - 2014-08-22 18:24 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsBlur 2014-08-22 15:52 - 2014-08-22 15:52 - 00000000 ____D () C:UsersixiAppDataRoamingLeadertech 2014-08-21 16:15 - 2014-08-22 15:55 - 00000000 ____D () C:UsersixiAppDataRoamingLucasArts 2014-08-20 18:27 - 2014-08-22 15:53 - 00000183 _____ () C:Windowsdisney.ini 2014-08-20 18:04 - 2014-08-20 18:04 - 00000000 ____D () C:UsersixiAppDataLocalMercurySteam 2014-08-20 18:04 - 2014-08-20 18:04 - 00000000 ____D () C:UsersixiAppDataLocalEMU 2014-08-18 15:58 - 2014-08-18 15:58 - 00001315 _____ () C:UsersixiDesktopOneDrive.lnk 2014-08-18 15:55 - 2014-08-18 15:57 - 00000000 ___RD () C:UsersixiOneDrive 2014-08-18 15:55 - 2014-08-18 15:56 - 00002166 _____ () C:UsersixiAppDataRoamingMicrosoftWindowsStart MenuProgramsMicrosoft OneDrive.lnk 2014-08-18 15:55 - 2014-08-18 15:55 - 00000000 ____D () C:ProgramDataMicrosoft OneDrive 2014-08-18 15:55 - 2014-08-18 15:55 - 00000000 ____D () C:Program Files (x86)Microsoft OneDrive 2014-08-17 12:56 - 2014-07-01 01:24 - 00008856 _____ (Microsoft Corporation) C:Windowssystem32icardres.dll 2014-08-17 12:56 - 2014-07-01 01:14 - 00008856 _____ (Microsoft Corporation) C:WindowsSysWOW64icardres.dll 2014-08-17 12:56 - 2014-03-10 00:48 - 01389208 _____ (Microsoft Corporation) C:Windowssystem32icardagt.exe 2014-08-17 12:56 - 2014-03-10 00:48 - 00171160 _____ (Microsoft Corporation) C:Windowssystem32infocardapi.dll 2014-08-17 12:56 - 2014-03-10 00:47 - 00619672 _____ (Microsoft Corporation) C:WindowsSysWOW64icardagt.exe 2014-08-17 12:56 - 2014-03-10 00:47 - 00099480 _____ (Microsoft Corporation) C:WindowsSysWOW64infocardapi.dll 2014-08-17 12:55 - 2014-06-06 09:16 - 00035480 _____ (Microsoft Corporation) C:WindowsSysWOW64TsWpfWrp.exe 2014-08-17 12:55 - 2014-06-06 09:12 - 00035480 _____ (Microsoft Corporation) C:Windowssystem32TsWpfWrp.exe 2014-08-17 12:54 - 2014-08-01 02:41 - 00348856 _____ (Microsoft Corporation) C:Windowssystem32iedkcs32.dll 2014-08-17 12:54 - 2014-08-01 02:16 - 00307384 _____ (Microsoft Corporation) C:WindowsSysWOW64iedkcs32.dll 2014-08-17 12:54 - 2014-07-25 17:52 - 23645696 _____ (Microsoft Corporation) C:Windowssystem32mshtml.dll 2014-08-17 12:54 - 2014-07-25 17:02 - 02724864 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb 2014-08-17 12:54 - 2014-07-25 17:01 - 00004096 _____ (Microsoft Corporation) C:Windowssystem32ieetwcollectorres.dll 2014-08-17 12:54 - 2014-07-25 16:51 - 17524224 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.dll 2014-08-17 12:54 - 2014-07-25 16:30 - 00066048 _____ (Microsoft Corporation) C:Windowssystem32iesetup.dll 2014-08-17 12:54 - 2014-07-25 16:28 - 00548352 _____ (Microsoft Corporation) C:Windowssystem32vbscript.dll 2014-08-17 12:54 - 2014-07-25 16:28 - 00048640 _____ (Microsoft Corporation) C:Windowssystem32ieetwproxystub.dll 2014-08-17 12:54 - 2014-07-25 16:25 - 02774528 _____ (Microsoft Corporation) C:Windowssystem32iertutil.dll 2014-08-17 12:54 - 2014-07-25 16:25 - 00083968 _____ (Microsoft Corporation) C:Windowssystem32MshtmlDac.dll 2014-08-17 12:54 - 2014-07-25 16:11 - 00051200 _____ (Microsoft Corporation) C:Windowssystem32jsproxy.dll 2014-08-17 12:54 - 2014-07-25 16:10 - 00033792 _____ (Microsoft Corporation) C:Windowssystem32iernonce.dll 2014-08-17 12:54 - 2014-07-25 16:04 - 02724864 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb 2014-08-17 12:54 - 2014-07-25 16:03 - 00598016 _____ (Microsoft Corporation) C:Windowssystem32ieui.dll 2014-08-17 12:54 - 2014-07-25 16:00 - 00139264 _____ (Microsoft Corporation) C:Windowssystem32ieUnatt.exe 2014-08-17 12:54 - 2014-07-25 16:00 - 00111616 _____ (Microsoft Corporation) C:Windowssystem32ieetwcollector.exe 2014-08-17 12:54 - 2014-07-25 15:59 - 00758272 _____ (Microsoft Corporation) C:Windowssystem32jscript9diag.dll 2014-08-17 12:54 - 2014-07-25 15:47 - 00940032 _____ (Microsoft Corporation) C:Windowssystem32MsSpellCheckingFacility.exe 2014-08-17 12:54 - 2014-07-25 15:40 - 00452096 _____ (Microsoft Corporation) C:Windowssystem32dxtmsft.dll 2014-08-17 12:54 - 2014-07-25 15:34 - 00455168 _____ (Microsoft Corporation) C:WindowsSysWOW64vbscript.dll 2014-08-17 12:54 - 2014-07-25 15:34 - 00061952 _____ (Microsoft Corporation) C:WindowsSysWOW64iesetup.dll 2014-08-17 12:54 - 2014-07-25 15:33 - 00051200 _____ (Microsoft Corporation) C:WindowsSysWOW64ieetwproxystub.dll 2014-08-17 12:54 - 2014-07-25 15:30 - 00061952 _____ (Microsoft Corporation) C:WindowsSysWOW64MshtmlDac.dll 2014-08-17 12:54 - 2014-07-25 15:28 - 05824512 _____ (Microsoft Corporation) C:Windowssystem32jscript9.dll 2014-08-17 12:54 - 2014-07-25 15:28 - 00072704 _____ (Microsoft Corporation) C:Windowssystem32JavaScriptCollectionAgent.dll 2014-08-17 12:54 - 2014-07-25 15:21 - 02184704 _____ (Microsoft Corporation) C:WindowsSysWOW64iertutil.dll 2014-08-17 12:54 - 2014-07-25 15:19 - 00195584 _____ (Microsoft Corporation) C:Windowssystem32msrating.dll 2014-08-17 12:54 - 2014-07-25 15:18 - 00043008 _____ (Microsoft Corporation) C:WindowsSysWOW64jsproxy.dll 2014-08-17 12:54 - 2014-07-25 15:17 - 00085504 _____ (Microsoft Corporation) C:Windowssystem32mshtmled.dll 2014-08-17 12:54 - 2014-07-25 15:17 - 00032768 _____ (Microsoft Corporation) C:WindowsSysWOW64iernonce.dll 2014-08-17 12:54 - 2014-07-25 15:12 - 00438784 _____ (Microsoft Corporation) C:WindowsSysWOW64ieui.dll 2014-08-17 12:54 - 2014-07-25 15:10 - 00292864 _____ (Microsoft Corporation) C:Windowssystem32dxtrans.dll 2014-08-17 12:54 - 2014-07-25 15:10 - 00112128 _____ (Microsoft Corporation) C:WindowsSysWOW64ieUnatt.exe 2014-08-17 12:54 - 2014-07-25 15:08 - 00597504 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript9diag.dll 2014-08-17 12:54 - 2014-07-25 15:06 - 04204032 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript9.dll 2014-08-17 12:54 - 2014-07-25 14:52 - 00367104 _____ (Microsoft Corporation) C:WindowsSysWOW64dxtmsft.dll 2014-08-17 12:54 - 2014-07-25 14:47 - 00631808 _____ (Microsoft Corporation) C:Windowssystem32msfeeds.dll 2014-08-17 12:54 - 2014-07-25 14:43 - 00060416 _____ (Microsoft Corporation) C:WindowsSysWOW64JavaScriptCollectionAgent.dll 2014-08-17 12:54 - 2014-07-25 14:42 - 00692736 _____ (Microsoft Corporation) C:Windowssystem32ie4uinit.exe 2014-08-17 12:54 - 2014-07-25 14:39 - 02087936 _____ (Microsoft Corporation) C:Windowssystem32inetcpl.cpl 2014-08-17 12:54 - 2014-07-25 14:39 - 01249280 _____ (Microsoft Corporation) C:Windowssystem32mshtmlmedia.dll 2014-08-17 12:54 - 2014-07-25 14:36 - 00164864 _____ (Microsoft Corporation) C:WindowsSysWOW64msrating.dll 2014-08-17 12:54 - 2014-07-25 14:34 - 00069632 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtmled.dll 2014-08-17 12:54 - 2014-07-25 14:29 - 00239616 _____ (Microsoft Corporation) C:WindowsSysWOW64dxtrans.dll 2014-08-17 12:54 - 2014-07-25 14:23 - 13547008 _____ (Microsoft Corporation) C:Windowssystem32ieframe.dll 2014-08-17 12:54 - 2014-07-25 14:13 - 00526336 _____ (Microsoft Corporation) C:WindowsSysWOW64msfeeds.dll 2014-08-17 12:54 - 2014-07-25 14:07 - 02001920 _____ (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl 2014-08-17 12:54 - 2014-07-25 14:07 - 01068032 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtmlmedia.dll 2014-08-17 12:54 - 2014-07-25 14:03 - 11772928 _____ (Microsoft Corporation) C:WindowsSysWOW64ieframe.dll 2014-08-17 12:54 - 2014-07-25 13:52 - 02266624 _____ (Microsoft Corporation) C:Windowssystem32wininet.dll 2014-08-17 12:54 - 2014-07-25 13:26 - 01431040 _____ (Microsoft Corporation) C:Windowssystem32urlmon.dll 2014-08-17 12:54 - 2014-07-25 13:17 - 00846336 _____ (Microsoft Corporation) C:Windowssystem32ieapfltr.dll 2014-08-17 12:54 - 2014-07-25 13:09 - 00704512 _____ (Microsoft Corporation) C:WindowsSysWOW64ieapfltr.dll 2014-08-17 12:54 - 2014-07-25 13:05 - 01792512 _____ (Microsoft Corporation) C:WindowsSysWOW64wininet.dll 2014-08-17 12:54 - 2014-07-25 13:00 - 01169920 _____ (Microsoft Corporation) C:WindowsSysWOW64urlmon.dll 2014-08-17 12:54 - 2014-07-16 06:23 - 00002048 _____ (Microsoft Corporation) C:Windowssystem32tzres.dll 2014-08-17 12:54 - 2014-07-16 05:46 - 00002048 _____ (Microsoft Corporation) C:WindowsSysWOW64tzres.dll 2014-08-17 12:54 - 2014-06-03 13:02 - 03241984 _____ (Microsoft Corporation) C:Windowssystem32msi.dll 2014-08-17 12:54 - 2014-06-03 13:02 - 01941504 _____ (Microsoft Corporation) C:Windowssystem32authui.dll 2014-08-17 12:54 - 2014-06-03 13:02 - 00504320 _____ (Microsoft Corporation) C:Windowssystem32msihnd.dll 2014-08-17 12:54 - 2014-06-03 13:02 - 00112064 _____ (Microsoft Corporation) C:Windowssystem32consent.exe 2014-08-17 12:54 - 2014-06-03 12:29 - 02363392 _____ (Microsoft Corporation) C:WindowsSysWOW64msi.dll 2014-08-17 12:54 - 2014-06-03 12:29 - 01805824 _____ (Microsoft Corporation) C:WindowsSysWOW64authui.dll 2014-08-17 12:54 - 2014-06-03 12:29 - 00337408 _____ (Microsoft Corporation) C:WindowsSysWOW64msihnd.dll 2014-08-17 12:53 - 2014-07-14 05:02 - 01216000 _____ (Microsoft Corporation) C:Windowssystem32rpcrt4.dll 2014-08-17 12:53 - 2014-07-14 04:40 - 00664064 _____ (Microsoft Corporation) C:WindowsSysWOW64rpcrt4.dll 2014-08-17 12:53 - 2014-06-25 05:05 - 14175744 _____ (Microsoft Corporation) C:Windowssystem32shell32.dll 2014-08-17 12:53 - 2014-06-25 04:41 - 12874240 _____ (Microsoft Corporation) C:WindowsSysWOW64shell32.dll 2014-08-17 12:53 - 2014-06-16 05:10 - 00985536 _____ (Microsoft Corporation) C:Windowssystem32Driversdxgkrnl.sys 2014-08-17 12:38 - 2014-08-17 12:38 - 00000000 ____D () C:ProgramDataATI 2014-08-17 12:35 - 2014-08-17 12:35 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsCatalyst Control Center 2014-08-17 12:34 - 2009-11-12 00:31 - 06106624 _____ (ATI Technologies Inc.) C:Windowssystem32Driversatikmdag.sys 2014-08-17 12:34 - 2009-11-11 23:18 - 00053248 _____ (Advanced Micro Devices Inc.) C:WindowsSysWOW64aticalrt.dll 2014-08-17 12:34 - 2009-11-11 23:18 - 00053248 _____ (Advanced Micro Devices Inc.) C:WindowsSysWOW64aticalcl.dll 2014-08-17 12:34 - 2009-11-11 23:18 - 00043008 _____ (Advanced Micro Devices Inc.) C:Windowssystem32aticalrt64.dll 2014-08-17 12:34 - 2009-11-11 23:18 - 00039936 _____ (Advanced Micro Devices Inc.) C:Windowssystem32aticalcl64.dll 2014-08-17 12:34 - 2009-11-11 23:17 - 04634112 _____ (Advanced Micro Devices Inc.) C:Windowssystem32aticaldd64.dll 2014-08-17 12:34 - 2009-11-11 23:16 - 03547136 _____ (Advanced Micro Devices Inc.) C:WindowsSysWOW64aticaldd.dll 2014-08-17 12:34 - 2009-11-11 22:34 - 00479232 _____ (Advanced Micro Devices, Inc.) C:Windowssystem32ATIDEMGX.dll 2014-08-17 12:34 - 2009-11-11 22:34 - 00438784 _____ (AMD) C:Windowssystem32atieclxx.exe 2014-08-17 12:34 - 2009-11-11 22:33 - 00202752 _____ (AMD) C:Windowssystem32atiesrxx.exe 2014-08-17 12:34 - 2009-11-11 22:32 - 00120320 _____ (AMD) C:Windowssystem32atitmm64.dll 2014-08-17 12:34 - 2009-11-11 22:31 - 00421376 _____ (ATI Technologies, Inc.) C:Windowssystem32atipdl64.dll 2014-08-17 12:34 - 2009-11-11 22:31 - 00356352 _____ (ATI Technologies, Inc.) C:WindowsSysWOW64atipdlxx.dll 2014-08-17 12:34 - 2009-11-11 22:31 - 00059392 _____ (ATI Technologies, Inc.) C:Windowssystem32atiedu64.dll 2014-08-17 12:34 - 2009-11-11 22:31 - 00043520 _____ (ATI Technologies, Inc.) C:WindowsSysWOW64ati2edxx.dll 2014-08-17 12:34 - 2009-11-11 22:31 - 00012288 _____ (AMD) C:Windowssystem32atimuixx.dll 2014-08-17 12:34 - 2009-11-11 22:28 - 03034624 _____ (ATI Technologies Inc. ) C:WindowsSysWOW64atidxx32.dll 2014-08-17 12:34 - 2009-11-11 22:23 - 17199616 _____ (ATI Technologies Inc.) C:Windowssystem32atio6axx.dll 2014-08-17 12:34 - 2009-11-11 22:20 - 03624448 _____ (ATI Technologies Inc. ) C:Windowssystem32atidxx64.dll 2014-08-17 12:34 - 2009-11-11 22:12 - 03602432 _____ (ATI Technologies Inc. ) C:WindowsSysWOW64atiumdag.dll 2014-08-17 12:34 - 2009-11-11 22:06 - 04661760 _____ (ATI Technologies Inc. ) C:Windowssystem32atiumd64.dll 2014-08-17 12:34 - 2009-11-11 22:00 - 12964352 _____ (ATI Technologies Inc.) C:WindowsSysWOW64atioglxx.dll 2014-08-17 12:34 - 2009-11-11 22:00 - 02599424 _____ (Advanced Micro Devices, Inc. ) C:Windowssystem32atiumd6a.dll 2014-08-17 12:34 - 2009-11-11 21:57 - 00402016 _____ () C:Windowssystem32atiumd6a.cap 2014-08-17 12:34 - 2009-11-11 21:54 - 02899456 _____ (Advanced Micro Devices, Inc. ) C:WindowsSysWOW64atiumdva.dll 2014-08-17 12:34 - 2009-11-11 21:53 - 00402016 _____ () C:WindowsSysWOW64atiumdva.cap 2014-08-17 12:34 - 2009-11-11 21:41 - 00302592 _____ (Advanced Micro Devices, Inc.) C:Windowssystem32atiadlxx.dll 2014-08-17 12:34 - 2009-11-11 21:41 - 00208896 _____ (Advanced Micro Devices, Inc.) C:WindowsSysWOW64atiadlxy.dll 2014-08-17 12:34 - 2009-11-11 21:41 - 00053248 _____ (Advanced Micro Devices, Inc. ) C:Windowssystem32atimpc64.dll 2014-08-17 12:34 - 2009-11-11 21:41 - 00053248 _____ (Advanced Micro Devices, Inc. ) C:Windowssystem32amdpcom64.dll 2014-08-17 12:34 - 2009-11-11 21:41 - 00052224 _____ (Advanced Micro Devices, Inc. ) C:WindowsSysWOW64atimpc32.dll 2014-08-17 12:34 - 2009-11-11 21:41 - 00052224 _____ (Advanced Micro Devices, Inc. ) C:WindowsSysWOW64amdpcom32.dll 2014-08-17 12:34 - 2009-11-11 21:26 - 00053248 _____ (ATI Technologies Inc.) C:Windowssystem32Driversati2erec.dll 2014-08-17 12:34 - 2009-09-08 23:14 - 00018618 _____ () C:Windowsatiogl.xml 2014-08-17 12:34 - 2009-09-01 15:55 - 00195855 _____ () C:Windowssystem32atiicdxx.dat 2014-08-17 12:34 - 2009-02-18 13:55 - 00332288 _____ () C:Windowssystem32ATIODE.exe 2014-08-17 12:34 - 2009-02-03 16:52 - 00051200 _____ () C:Windowssystem32ATIODCLI.exe 2014-08-17 12:33 - 2014-08-17 12:35 - 00000000 ____D () C:Program FilesATI Technologies 2014-08-17 12:27 - 2014-08-17 12:27 - 00060968 _____ () C:WindowsSysWOW64CCCInstall_201408171227475244.log 2014-08-16 11:44 - 2014-08-16 11:44 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsFinalWire 2014-08-15 20:08 - 2014-08-16 01:10 - 00000000 ____D () C:ProgramDataHi-Rez Studios 2014-08-15 20:08 - 2014-08-15 20:08 - 00000000 ____D () C:UsersixiAppDataRoamingAwesomium 2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:UsersixiAppDataRoamingMicrosoftWindowsStart MenuProgramsAMD Gaming Evolved 2014-08-15 19:33 - 2014-08-17 12:28 - 00000000 ____D () C:ProgramDataAMD 2014-08-15 19:33 - 2014-08-16 11:22 - 00000000 ____D () C:UsersixiAppDataRoamingRaptr 2014-08-15 19:33 - 2014-08-15 19:34 - 00000000 ____D () C:Program Files (x86)Raptr 2014-08-15 19:33 - 2014-08-15 19:33 - 00061828 _____ () C:WindowsSysWOW64CCCInstall_201408151933168008.log 2014-08-15 19:33 - 2014-08-15 19:33 - 00000000 ____D () C:UsersixiAppDataRoaminglibrary_dir 2014-08-15 19:30 - 2014-08-15 19:30 - 00000000 ____D () C:Program FilesCommon FilesATI Technologies 2014-08-15 19:29 - 2014-08-15 19:29 - 00000000 ____D () C:Program FilesATI 2014-08-14 15:01 - 2014-08-14 15:01 - 00000000 ____D () C:Program FilesAMD 2014-08-14 14:53 - 2014-08-14 14:53 - 00000000 ____D () C:UsersixiAppDataRoamingATI 2014-08-14 14:53 - 2014-08-14 14:53 - 00000000 ____D () C:UsersixiAppDataLocalATI 2014-08-13 02:00 - 2014-08-13 02:00 - 04575232 _____ (Google Inc.) C:WindowsSysWOW64GPhotos.scr 2014-08-08 23:52 - 2014-08-08 23:52 - 00000000 ____D () C:UsersixiAppDataLocalSkyrim 2014-08-08 23:44 - 2014-08-08 23:44 - 00272808 _____ (Oracle Corporation) C:WindowsSysWOW64javaws.exe 2014-08-08 23:44 - 2014-08-08 23:44 - 00175528 _____ (Oracle Corporation) C:WindowsSysWOW64javaw.exe 2014-08-08 23:44 - 2014-08-08 23:44 - 00175528 _____ (Oracle Corporation) C:WindowsSysWOW64java.exe 2014-08-08 23:44 - 2014-08-08 23:44 - 00098216 _____ (Oracle Corporation) C:WindowsSysWOW64WindowsAccessBridge-32.dll 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:WindowsSun 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:UsersixiAppDataRoamingOracle 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:ProgramDataOracle 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsJava 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:Program Files (x86)Java 2014-08-07 23:22 - 2014-08-07 23:22 - 00000001 _____ () C:UsersixiAppDataLocalllftool.4.40.agreement 2014-08-04 20:26 - 2014-08-04 20:26 - 00000000 ____D () C:Program Files (x86)Mozilla Firefox 2014-07-29 20:17 - 2014-07-29 20:17 - 00003154 _____ () C:WindowsSystem32Tasks{105E1070-765D-47E0-B952-AB4259F339C9} 2014-07-29 11:22 - 2014-08-25 23:50 - 00000830 _____ () C:WindowsTasksAdobe Flash Player Updater.job 2014-07-29 11:22 - 2014-08-20 15:58 - 00003768 _____ () C:WindowsSystem32TasksAdobe Flash Player Updater 2014-07-28 23:06 - 2014-08-16 01:06 - 00002185 _____ () C:UsersPublicDesktopGoogle Chrome.lnk 2014-07-27 15:30 - 2014-07-27 15:30 - 00003168 _____ () C:WindowsSystem32Tasks{45C9B672-0BA5-4BC0-8CC5-3956706456A8} 2014-07-27 15:13 - 2014-08-15 19:07 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsCCleaner 2014-07-27 15:13 - 2014-07-27 15:14 - 00000000 ____D () C:Program FilesCCleaner 2014-07-27 15:13 - 2014-07-27 15:13 - 00002768 _____ () C:WindowsSystem32TasksCCleanerSkipUAC ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the filefolder will be moved.) 2014-08-26 00:19 - 2014-08-26 00:18 - 00018803 _____ () C:UsersixiDesktopFRST.txt 2014-08-26 00:18 - 2014-08-26 00:18 - 00000000 ____D () C:FRST 2014-08-26 00:17 - 2014-08-26 00:16 - 02103296 _____ (Farbar) C:UsersixiDesktopFRST64.exe 2014-08-26 00:17 - 2009-07-14 07:45 - 00009920 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-26 00:17 - 2009-07-14 07:45 - 00009920 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-26 00:15 - 2009-07-14 08:13 - 00799264 _____ () C:Windowssystem32PerfStringBackup.INI 2014-08-26 00:13 - 2013-09-11 15:14 - 01406453 _____ () C:WindowsWindowsUpdate.log 2014-08-26 00:10 - 2014-07-25 22:59 - 00000988 _____ () C:WindowsTasksGoogleUpdateTaskMachineCore.job 2014-08-26 00:10 - 2009-07-14 08:08 - 00000006 ____H () C:WindowsTasksSA.DAT 2014-08-26 00:09 - 2014-08-26 00:09 - 00000056 _____ () C:Windowssetupact.log 2014-08-26 00:09 - 2014-08-26 00:09 - 00000000 _____ () C:Windowssetuperr.log 2014-08-26 00:09 - 2013-09-11 16:46 - 00000000 ____D () C:UsersixiAppDataRoaminguTorrent 2014-08-26 00:04 - 2014-07-25 22:59 - 00000992 _____ () C:WindowsTasksGoogleUpdateTaskMachineUA.job 2014-08-25 23:58 - 2014-07-19 10:31 - 00000000 ____D () C:ProgramDataTunngle 2014-08-25 23:50 - 2014-07-29 11:22 - 00000830 _____ () C:WindowsTasksAdobe Flash Player Updater.job 2014-08-25 23:48 - 2014-07-11 23:43 - 00001000 _____ () C:WindowsTasksGoogleUpdateTaskUserS-1-5-21-2411341698-1123546938-1689852013-1001UA.job 2014-08-25 23:48 - 2014-07-11 23:43 - 00000948 _____ () C:WindowsTasksGoogleUpdateTaskUserS-1-5-21-2411341698-1123546938-1689852013-1001Core.job 2014-08-25 23:42 - 2013-10-12 17:20 - 00000000 ____D () C:UsersixiDocumentsMy Games 2014-08-25 23:41 - 2014-08-25 23:41 - 00000000 ____D () C:UsersixiDocumentsTunngle 2014-08-25 03:13 - 2014-05-31 07:32 - 00122584 _____ (Malwarebytes Corporation) C:Windowssystem32DriversMBAMSwissArmy.sys 2014-08-24 12:13 - 2009-07-14 08:08 - 00032534 _____ () C:WindowsTasksSCHEDLGU.TXT 2014-08-23 16:37 - 2014-08-23 16:37 - 00000000 ____D () C:UsersixiAppDataRoamingbizarre creations 2014-08-22 18:24 - 2014-08-22 18:24 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsBlur 2014-08-22 18:24 - 2010-09-13 11:56 - 00000000 ___HD () C:Program Files (x86)InstallShield Installation Information 2014-08-22 16:08 - 2009-07-14 08:32 - 00000000 ___RD () C:ProgramDataMicrosoftWindowsStart MenuProgramsGames 2014-08-22 15:55 - 2014-08-21 16:15 - 00000000 ____D () C:UsersixiAppDataRoamingLucasArts 2014-08-22 15:53 - 2014-08-20 18:27 - 00000183 _____ () C:Windowsdisney.ini 2014-08-22 15:52 - 2014-08-22 15:52 - 00000000 ____D () C:UsersixiAppDataRoamingLeadertech 2014-08-20 18:04 - 2014-08-20 18:04 - 00000000 ____D () C:UsersixiAppDataLocalMercurySteam 2014-08-20 18:04 - 2014-08-20 18:04 - 00000000 ____D () C:UsersixiAppDataLocalEMU 2014-08-20 17:46 - 2013-09-11 16:48 - 00000000 ____D () C:UsersixiAppDataRoamingDAEMON Tools Lite 2014-08-20 15:58 - 2014-07-29 11:22 - 00003768 _____ () C:WindowsSystem32TasksAdobe Flash Player Updater 2014-08-20 15:58 - 2013-09-12 15:02 - 00699568 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerApp.exe 2014-08-20 15:58 - 2013-09-12 15:02 - 00071344 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerCPLApp.cpl 2014-08-20 00:31 - 2013-09-11 17:09 - 00000000 ____D () C:UsersixiAppDataRoamingSkype 2014-08-18 20:49 - 2013-09-11 16:57 - 00000000 ____D () C:ProgramDataSkype 2014-08-18 15:58 - 2014-08-18 15:58 - 00001315 _____ () C:UsersixiDesktopOneDrive.lnk 2014-08-18 15:57 - 2014-08-18 15:55 - 00000000 ___RD () C:UsersixiOneDrive 2014-08-18 15:56 - 2014-08-18 15:55 - 00002166 _____ () C:UsersixiAppDataRoamingMicrosoftWindowsStart MenuProgramsMicrosoft OneDrive.lnk 2014-08-18 15:55 - 2014-08-18 15:55 - 00000000 ____D () C:ProgramDataMicrosoft OneDrive 2014-08-18 15:55 - 2014-08-18 15:55 - 00000000 ____D () C:Program Files (x86)Microsoft OneDrive 2014-08-18 15:55 - 2013-09-11 15:48 - 00000000 ____D () C:Usersixi 2014-08-18 15:36 - 2009-07-14 06:20 - 00000000 ____D () C:Windowsrescache 2014-08-17 13:10 - 2009-07-14 06:20 - 00000000 ____D () C:WindowsSysWOW64bg-BG 2014-08-17 13:10 - 2009-07-14 06:20 - 00000000 ____D () C:Windowssystem32bg-BG 2014-08-17 13:10 - 2009-07-14 06:20 - 00000000 ____D () C:WindowsPolicyDefinitions 2014-08-17 13:09 - 2013-09-11 16:51 - 00000000 ____D () C:ProgramDataMicrosoft Help 2014-08-17 13:04 - 2013-09-11 22:50 - 00000000 ____D () C:Windowssystem32MRT 2014-08-17 13:00 - 2013-09-11 22:49 - 99218768 _____ (Microsoft Corporation) C:Windowssystem32MRT.exe 2014-08-17 12:38 - 2014-08-17 12:38 - 00000000 ____D () C:ProgramDataATI 2014-08-17 12:35 - 2014-08-17 12:35 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsCatalyst Control Center 2014-08-17 12:35 - 2014-08-17 12:33 - 00000000 ____D () C:Program FilesATI Technologies 2014-08-17 12:28 - 2014-08-15 19:33 - 00000000 ____D () C:ProgramDataAMD 2014-08-17 12:28 - 2013-09-11 15:13 - 00000000 ____D () C:Program Files (x86)ATI Technologies 2014-08-17 12:27 - 2014-08-17 12:27 - 00060968 _____ () C:WindowsSysWOW64CCCInstall_201408171227475244.log 2014-08-16 13:58 - 2013-10-28 12:54 - 00000000 ____D () C:Program Files (x86)Steam 2014-08-16 11:48 - 2013-09-12 04:30 - 00000000 ____D () C:Program Files (x86)SpeedFan 2014-08-16 11:44 - 2014-08-16 11:44 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsFinalWire 2014-08-16 11:44 - 2013-09-13 22:31 - 00000000 ____D () C:Program Files (x86)FinalWire 2014-08-16 11:22 - 2014-08-15 19:33 - 00000000 ____D () C:UsersixiAppDataRoamingRaptr 2014-08-16 01:10 - 2014-08-15 20:08 - 00000000 ____D () C:ProgramDataHi-Rez Studios 2014-08-16 01:06 - 2014-07-28 23:06 - 00002185 _____ () C:UsersPublicDesktopGoogle Chrome.lnk 2014-08-15 20:08 - 2014-08-15 20:08 - 00000000 ____D () C:UsersixiAppDataRoamingAwesomium 2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:UsersixiAppDataRoamingMicrosoftWindowsStart MenuProgramsAMD Gaming Evolved 2014-08-15 19:34 - 2014-08-15 19:33 - 00000000 ____D () C:Program Files (x86)Raptr 2014-08-15 19:33 - 2014-08-15 19:33 - 00061828 _____ () C:WindowsSysWOW64CCCInstall_201408151933168008.log 2014-08-15 19:33 - 2014-08-15 19:33 - 00000000 ____D () C:UsersixiAppDataRoaminglibrary_dir 2014-08-15 19:30 - 2014-08-15 19:30 - 00000000 ____D () C:Program FilesCommon FilesATI Technologies 2014-08-15 19:30 - 2013-09-18 17:03 - 00000000 ____D () C:ProgramDataPackage Cache 2014-08-15 19:29 - 2014-08-15 19:29 - 00000000 ____D () C:Program FilesATI 2014-08-15 19:07 - 2014-07-27 15:13 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsCCleaner 2014-08-15 19:07 - 2014-07-25 23:00 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome 2014-08-15 19:07 - 2013-09-15 12:30 - 00000000 ____D () C:WindowsMinidump 2014-08-15 19:07 - 2009-07-14 06:20 - 00000000 ____D () C:Windowsregistration 2014-08-15 19:07 - 2009-07-14 06:20 - 00000000 ____D () C:WindowsAppCompat 2014-08-14 15:01 - 2014-08-14 15:01 - 00000000 ____D () C:Program FilesAMD 2014-08-14 14:53 - 2014-08-14 14:53 - 00000000 ____D () C:UsersixiAppDataRoamingATI 2014-08-14 14:53 - 2014-08-14 14:53 - 00000000 ____D () C:UsersixiAppDataLocalATI 2014-08-13 02:00 - 2014-08-13 02:00 - 04575232 _____ (Google Inc.) C:WindowsSysWOW64GPhotos.scr 2014-08-08 23:52 - 2014-08-08 23:52 - 00000000 ____D () C:UsersixiAppDataLocalSkyrim 2014-08-08 23:44 - 2014-08-08 23:44 - 00272808 _____ (Oracle Corporation) C:WindowsSysWOW64javaws.exe 2014-08-08 23:44 - 2014-08-08 23:44 - 00175528 _____ (Oracle Corporation) C:WindowsSysWOW64javaw.exe 2014-08-08 23:44 - 2014-08-08 23:44 - 00175528 _____ (Oracle Corporation) C:WindowsSysWOW64java.exe 2014-08-08 23:44 - 2014-08-08 23:44 - 00098216 _____ (Oracle Corporation) C:WindowsSysWOW64WindowsAccessBridge-32.dll 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:WindowsSun 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:UsersixiAppDataRoamingOracle 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:ProgramDataOracle 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsJava 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:Program Files (x86)Java 2014-08-07 23:22 - 2014-08-07 23:22 - 00000001 _____ () C:UsersixiAppDataLocalllftool.4.40.agreement 2014-08-07 10:50 - 2013-09-11 16:52 - 00000000 ____D () C:Program Files (x86)Mozilla Maintenance Service 2014-08-04 20:26 - 2014-08-04 20:26 - 00000000 ____D () C:Program Files (x86)Mozilla Firefox 2014-08-01 02:41 - 2014-08-17 12:54 - 00348856 _____ (Microsoft Corporation) C:Windowssystem32iedkcs32.dll 2014-08-01 02:16 - 2014-08-17 12:54 - 00307384 _____ (Microsoft Corporation) C:WindowsSysWOW64iedkcs32.dll 2014-07-29 22:09 - 2009-07-14 06:20 - 00000000 ____D () C:Windowssecurity 2014-07-29 20:17 - 2014-07-29 20:17 - 00003154 _____ () C:WindowsSystem32Tasks{105E1070-765D-47E0-B952-AB4259F339C9} 2014-07-28 23:06 - 2013-09-11 16:49 - 00000000 ____D () C:UsersixiAppDataLocalGoogle 2014-07-27 15:30 - 2014-07-27 15:30 - 00003168 _____ () C:WindowsSystem32Tasks{45C9B672-0BA5-4BC0-8CC5-3956706456A8} 2014-07-27 15:14 - 2014-07-27 15:13 - 00000000 ____D () C:Program FilesCCleaner 2014-07-27 15:13 - 2014-07-27 15:13 - 00002768 _____ () C:WindowsSystem32TasksCCleanerSkipUAC 2014-07-27 12:36 - 2013-09-11 18:40 - 00000000 ____D () C:Program FilesMicrosoft Silverlight 2014-07-27 12:36 - 2013-09-11 18:40 - 00000000 ____D () C:Program Files (x86)Microsoft Silverlight Some content of TEMP: ==================== C:UsersixiAppDataLocalTemp_isAA35.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:WindowsSystem32winlogon.exe => File is digitally signed C:WindowsSystem32wininit.exe => File is digitally signed C:WindowsSysWOW64wininit.exe => File is digitally signed C:Windowsexplorer.exe => File is digitally signed C:WindowsSysWOW64explorer.exe => File is digitally signed C:WindowsSystem32svchost.exe => File is digitally signed C:WindowsSysWOW64svchost.exe => File is digitally signed C:WindowsSystem32services.exe => File is digitally signed C:WindowsSystem32User32.dll => File is digitally signed C:WindowsSysWOW64User32.dll => File is digitally signed C:WindowsSystem32userinit.exe => File is digitally signed C:WindowsSysWOW64userinit.exe => File is digitally signed C:WindowsSystem32rpcss.dll => File is digitally signed C:WindowsSystem32Driversvolsnap.sys => File is digitally signed LastRegBack: 2014-08-17 21:00 ==================== End Of Log ============================ Addition.txt
  18. Здравейте, От вчера лаптопът ми прихвана този вирус Istartsurf, не съм наясно защо антивирусната ми програма не го засича- Microsoft Security Essentials. При тест с Pareto Logic се индикира за около 750 проблема, но не желае да ги прочисти. Лаптопът работи изключително бавно за възможностите си, като това е още преди да има тези проблеми. Периодично правя дефрагментиране, прочистване на папка TEMP, както и прочистване в Manage search engines. Ще се радвам на помощта Ви. Благодаря предварително!
  19. Здравейте от няколко дни имам един ужасно дразнещ бъг .Когато отварям ,затварям минимизирам максимизирам програми/игри или оставя компютъра за известно време после извърша някакво действие се чува звук от грешка ...едно дънн ( незнам как по друг начин да го опиша ) та въпросното дън се повтаря десетина пъти после спира ,при повторно действие от описаните горе ,отново се започва .Когато съм натиснал на поле за писане при всеки звук се пишат по 5-10 Я-та или Q-та зависи от езика ,дано има някакво решение защото в момента нямам диск и CD нито флашка за преинсталация Благодаря ви предварително
  20. Добър вечер, HJT група! Вчера си инсталирах въпросната притурка за времето - http://www.windows8downloads.com/win8-weather-gizmo-shxfncyw/ Без каквото и да е уведомление с инсталацията се добавиха и няколко допълнителни програми - YouTube ускорител, iHats и не знам си още какво, които ги деинсталирах от Контролен панел и направих почистване с CCleaner! За всеки случаи реших да направя профилактично сканиране с Malwarebyte's, който държа. Откри гадинки, които след рестартиране си заминаха. До този момент при сканиране не отчита зловред в системата, но все пак искам да направил допълнителни проверки, за да съм сигурен., че няма гадини в затишие или друга подозрителна дейност. Ползвам Windows 8.1 Professional x64 и KAV 2014. PS Прилагам и log от бързо сканиране на Локален диск (C:) от тази вечер на Malwarebyte's: PS 2 Това е log-а от снощи с въпросните зарази, които бяха премахнати: PS3 Не ми дава да постна съдържанието на FRST.txt в коментара и за това го прикачвам допълнително! Addition.txt FRST.txt
  21. Здравейте, обръщам се към вас с молба за помощ за почистване на системата ми. Опитах да инсталирам Multi Skype Launcher - приложение, което съм ползвал и преди. Свалих го оттук - http://download.cnet.com/Multi-Skype-Launcher/3000-2349_4-75326711.html?part=dl-&subj=dl&tag=button. Още при инсталирането антивирусната ми даде предупреждение за блокиран файл в Temp папките. След това се появиха няколко други нежелани приложения, които почнаха да се ъпдейтват, да отварят страници в браузъра ... Деинсталирах всички и изтрих ръчно папките и файловете, които успях да намеря. Сканирах с Avast, не намери нищо. След това пуснах MBAM, опитах да премахна заразите ръчно и с други почистващи програми. Прикачвам актуалните логове, твърде големи са, за да ги публикувам в темата. Имам инсталационен диск (Windows7 Ultimate x64).
  22. Здравейте на целият екип,отново се обръщам към вас за помощ.От около седмица при използването на Мозила или ИЕ се наблюдава силно натоварване на системата.След около 10 мин.използване на браузерите те спират да работят.След тяхното "рестартиране" забелязвам че във фейсбук съм качил около 100 видеоклипове които препращам на приятели.Аз самия по "опасни" сайтове не съм влизал но не знам някое от децата ми къде е "цъкало" основно играят и използват фейсбук.Аваста не може да се справи с премахването а по-нататък сам не смея.Addition и FRST не мога да ги прикача прекалено са големи и няма място Качвам ги в dox.bgFRST-http://dox.bg/files/dw?a=50ff7391f5Addition-http://dox.bg/files/dw?a=20a364cc9bhttp://prikachi.com/images.php?images/305/7150305L.jpg
×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.