Премини към съдържанието

Филтри за търсене

Показани резултати за тагове 'РЕШЕН'.

  • Търсене по таг

    Въведете тагове разделени със запетая
  • Търсене по автор

Търсене в


Форуми

  • Софтуер
    • Нови Програми
    • Търсене на Програми
    • Програми - Проблеми и Дискусии
    • Драйвери - Търсене, Проблеми, Линкове
    • Операционни системи
    • Сигурност и антивирусна защита
    • Игри
  • Хардуер
    • Общи хардуерни въпроси
    • Преносими компютри
    • Дънни платки
    • Запаметяващи устройства и памети
    • Монитори, Аудио и Видеокарти
    • Периферия
    • Овърклок и PC модинг
    • Нови конфигурации и части, въпроси, препоръки и мнения
  • Мобилни телефони, GSM, Мобилни приложения, Комуникации
    • Мобилни телефони - Въпроси, Проблеми, Софтуер
    • Съвети при избор на телефон
    • Мобилни Приложения (Apps)
    • Мобилни оператори, Мрежи, Промоции, Абонаменти, Услуги
    • Други теми относно мобилни телефони
  • Уеб дизайн, Графичен дизайн, Програмиране
    • Програмиране
    • Графичен Дизайн и Визуални изкуства
    • CMS, Форумни и Торент системи
    • Хостинг, Домейни, Уеб сървъри
    • SEO, Уеб оптимизация и стандарти
  • Битова Техника
    • Аудиотехника
    • Телевизори, Видео и Фото техника, Видео наблюдение
    • Климатици - проблеми, съвети, въпроси
    • Бойлери, Печки, Отопление
    • Друга битова техника
  • Интернет, Локални Мрежи и GPS Навигации
    • Интернет, WiFi, xDSL и Локална Мрежа
    • Биткойн и Криптовалути
    • Онлайн бизнес, AdSense, Affilate програми
    • Рутери, Модеми, Суичове
    • Facebook - проблеми, въпроси, вируси
    • Skype, VoIP - Интернет телефония
    • GPS, Навигационни системи - Въпроси, Карти, Проблеми
  • Изкуство
    • Музика
    • Кино и Телевизия
    • Поезия и Лично творчество
    • Изкуство - Изящно, Приложно и Сценично
    • Фотография и Фотографска техника
    • Литература, Книги (e-books, video trainings, tutorials & etc.)
  • Други
    • Статии и ревюта
    • Образование и обща култура
    • Религия, Мистика, Езотерика
    • История
    • Философия
    • Психология и Психотерапия
    • Новини от България и Света
    • Българите по света
    • Политика
    • Право и Юридически консултации
    • Здраве и Mедицина
    • Банки, Застраховане, Финанси, Кредити
    • Тийн Зона (Teen Zone)
    • Купувам / Продавам
    • Всичко останало
  • Хоби, Развлечение и Свободно време
    • Спорт
    • Автомобили
    • Дом и семейство
    • Домашни любимци
    • Пътешествия и туризъм
    • Кулинар
    • Изповеди
    • Празни приказки и забава
  • За kaldata.com
    • Новини относно сайта
    • Предложения, Въпроси и Проблеми свързани със сайта
  • групите за са стадото аз съм вълк единак Теми
  • Photoshop майнаци Теми
  • python3 data types
  • какви са ви любимите игри?? Темиигри за вас
  • супрески игри и рекорди Темиигри за вас
  • Музикална Любимо

Блогове

Няма резултати

Няма резултати

Категории

  • Компютри
    • Компютърни конфигурации
    • Компютърни компоненти
    • Периферни устройства
    • Дънни платки
    • Мултимедия
    • Компютърни игри и софтуер
    • Администриране и интернет услуги
    • Компютърни аксесоари
    • Лаптопи и таблети
    • Видеокарти
    • Монитори
    • Процесори
    • Хард дискове и Памети
    • Други
  • Електроника
    • Телефони, GSM апарати
    • Аудио
    • Битова електроника
    • GPS и навигационни системи
    • Фотоапарати и обективи
    • TV и Видео
    • Други
  • Имоти
    • Гарсониери
    • Къщи и вили
    • Търговски площи
    • Гаражи
    • Апартаменти
    • Терени
    • Офиси
    • Други имоти в продажба
  • Авто-мото
    • Автомобили
    • Велосипеди
    • Лодки
    • Резервни части
    • Авто аксесоари
    • Мотоциклети
    • Скутери и ATV
    • Камиони и Автобуси
    • Авто сервизи и Rent-a-Car
    • Други
  • Работа
    • Работа в страната
    • Работа в чужбина
    • Стажове
    • Работа от вкъщи
    • Непълно работно време
  • Услуги
  • Строителство
  • Туризъм
  • Курсове и обучение
  • Домашни любимци
  • Други
  • супрески игри и рекорди Обяви
  • супрески игри и рекорди Обяви

Категории

  • Домашни любимци и Животни
  • Игри
  • Инциденти и Екстремни
  • Коли и превозни средства
  • Музика
    • Българска музика
    • Джаз
    • Електронна
    • Метъл и Рок
    • Народна и Фолклор
    • Поп и Диско
    • Поп-фолк
    • Рап и хип-хоп
    • Ритъм енд блус и соул
    • Друга
  • Новини и политика
  • Реклами
  • Смях и Развлечение
  • Спорт
  • Технологии, Компютри, Хардуер
  • ТВ Предавания и Шоу Програми
  • Хора и блогове
  • Филми и анимация
  • Други
  • Old School Hip-Hop and Electroo 80" Видео клипчета

Календари

  • Събития
  • Изложения
  • Семинари
  • Парти
  • Празници в България

Групи продукти

  • Банер Реклами

Търсене в...

Търси резултати които съдържат...


Дата

  • Начало

    Край


Последно обновяване

  • Начало

    Край


Филтриране по брой...

Регистрация

  • Начало

    Край


Група


Skype


Facebook


Google+


Twitter


ICQ


Yahoo


Интернет сайт


Град


Интереси

Открити 362 резултата

  1. Предварително се извинявам,че не поствам ддс лог а този на комбофикс..................................................................... ComboFix 12-05-30.04 - ddt 30-05-2012 22:28:28.2.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.351.1033.18.4094.2640 [GMT 1:00] Executando de: c:\users\ddt\Desktop\ComboFix.exe AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59} SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((( Outras Exclus?es ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\xp c:\programdata\xp\EBLib.dll c:\programdata\xp\TPwSav.sys . . (((((((((((((((( Arquivos/Ficheiros criados de 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))) . . 2012-05-30 21:36 . 2012-05-30 21:36 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-05-30 21:36 . 2012-05-30 21:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-30 17:47 . 2012-05-30 17:47 -------- d-----w- c:\users\ddt\AppData\Roaming\Process Hacker 2 2012-05-30 17:41 . 2012-05-30 17:41 -------- d-----w- c:\program files\Process Hacker 2 2012-05-29 18:55 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{777C4D5F-EBEB-4269-8300-A681B779225A}\mpengine.dll 2012-05-28 20:53 . 2012-05-28 20:53 -------- d-----w- c:\program files (x86)\Calibre2 2012-05-23 20:51 . 2012-05-23 20:51 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2012-05-23 20:01 . 1997-04-22 00:00 27632 ----a-w- c:\windows\SysWow64\Ctl3dv2.dll 2012-05-23 20:01 . 2012-05-23 20:52 -------- d-----w- c:\program files (x86)\SimpleOCR 2012-05-23 20:00 . 2012-05-23 20:00 -------- d--h--w- c:\programdata\Common Files 2012-05-23 19:57 . 2012-05-23 19:57 -------- d-----w- c:\users\ddt\AppData\Local\Deployment 2012-05-23 19:30 . 2012-05-23 20:09 -------- d-----w- c:\windows\tessdata 2012-05-20 17:52 . 2012-05-20 17:56 78848 ----a-w- c:\windows\KMSEmulator.exe 2012-05-20 17:25 . 2009-04-29 08:26 49664 ----a-w- c:\windows\system32\HWS_Ctrl.dll 2012-05-20 17:25 . 2007-02-11 07:50 8192 ----a-w- c:\windows\system32\TSBWLS.dll 2012-05-20 11:03 . 2007-05-03 15:19 14032 ----a-w- c:\windows\system32\drivers\se64a.sys 2012-05-19 20:15 . 2012-05-19 20:15 -------- d-----w- c:\users\ddt\AppData\Roaming\atitray 2012-05-19 20:14 . 2012-05-19 20:22 -------- d-----w- c:\program files (x86)\Ray Adams 2012-05-18 19:44 . 2012-05-18 19:44 98304 ----a-r- c:\users\ddt\AppData\Roaming\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe 2012-05-17 18:09 . 2012-05-17 18:09 -------- d-----w- c:\program files (x86)\Toshiba TEMPRO 2012-05-17 18:08 . 2012-05-17 18:08 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-05-17 18:02 . 2012-05-17 18:02 -------- d-----w- c:\program files\ATI 2012-05-14 17:07 . 2012-05-14 17:07 -------- d-----w- c:\users\ddt\AppData\Roaming\Apowersoft 2012-05-10 18:46 . 2012-05-10 18:46 -------- d-----w- C:\found.000 2012-05-08 19:47 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-08 19:47 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-08 19:47 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-08 19:47 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-08 19:47 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-08 19:47 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-08 19:46 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-08 19:46 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-08 19:46 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-08 19:46 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-08 19:46 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-08 19:46 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-08 19:46 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-04 20:31 . 2012-05-04 20:31 -------- d-----w- c:\programdata\Kaspersky Lab . . . ((((((((((((((((((((((((((((((((((((( Relat?rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-04 22:14 . 2012-04-01 19:10 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-04 22:14 . 2011-05-15 07:34 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-04 22:14 . 2012-04-15 13:14 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-04 14:56 . 2011-05-15 13:00 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-31 04:49 . 2011-05-15 06:29 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr 2012-03-09 00:26 . 2012-03-09 00:26 74752 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-03-09 00:26 . 2012-03-09 00:26 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-03-09 00:26 . 2012-03-09 00:26 61952 ----a-w- c:\windows\system32\OVDecode64.dll 2012-03-09 00:26 . 2012-03-09 00:26 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-03-09 00:26 . 2012-03-09 00:26 16507392 ----a-w- c:\windows\system32\amdocl64.dll 2012-03-09 00:25 . 2012-03-09 00:25 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-03-09 00:24 . 2012-03-09 00:24 54272 ----a-w- c:\windows\system32\OpenCL.dll 2012-03-09 00:24 . 2012-03-09 00:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e leg?timas por padr?o n?o s?o apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}] 2011-06-24 17:37 86696 ----a-w- c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2011-06-24 86696] . [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088] "Camera Assistant Software"="c:\program files (x86)\Camera Assistant Software for Toshiba\traybar.exe" [2009-04-10 417792] "PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616] "Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 a2acc;a2acc;c:\program files (x86)\MAMUTU\a2accx64.sys [x] R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696] R3 ALSysIO;ALSysIO;c:\users\ddt\AppData\Local\Temp\ALSysIO64.sys [x] R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760] R3 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688] R3 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368] R3 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] R3 gupdate;Servi?o Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-15 136176] R3 gupdatem;Servi?o Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-15 136176] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976] R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28ux.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub; [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x] S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . Conte?do da pasta 'Tarefas Agendadas' . 2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 22:14] . 2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-15 04:21] . 2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-15 04:21] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-24 8081952] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 237056] . ------- Scan Suplementar ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0 mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 192.168.1.254 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll FF - ProfilePath - c:\users\ddt\AppData\Roaming\Mozilla\Firefox\Profiles\vkjuf6g4.default\ FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . ------- Associa??o de arquivos/ficheiros ------- . .reg=Regedit.Document . - - - - ORF?OS REMOVIDOS - - - - . SafeBoot-53541564.sys ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} - (no file) ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793} - (no file) HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe . . . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\?*?*?*?*?*?*?*?* *?*?* *C*C*l*e*a*n*e*r*& \command] @="c:\\Program Files\\CCleaner\\ccleaner.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tempo para conclus?o: 2012-05-30 22:44:21 - M?quina reiniciou ComboFix-quarantined-files.txt 2012-05-30 21:44 . Pr?-execu??o: 84.316.758.016 bytes free P?s execu??o: 83.902.189.568 bytes free . - - End Of File - - 7D9CD6104A4C6D655458F7F15F8E03AB
  2. Привет. След дълги перипетии,описани в предишните ми теми компютърът ми проработи след ъпдейт на БИОС.Проблемите бяха започнали след неуспешен опит за инсталация на програма свалена от торент, което ме кара да се съмнявам и за наличен вирус.Също имам и подозрения за autorun (или както там се казва) вирус прихванат от флашка.Ето логовете: Addition.txt
  3. от няколко дни Мозилата ми прави номера явно е заразен с нещо( със хром го няма проблема) като зареда сайт направил съм снимки на няколко от тях отдолу ми излиз 3 дразнещи рекламки (при зареждане да речем на фейсбук го няма или Kaldata също ги няма) също от време на врме ме препращат на друга страница също съм я снимал ето съдържанието на файла FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by User (administrator) on USER-PC on 05-04-2015 23:16:31 Running from C:\Users\User\Desktop Loaded Profiles: User (Available profiles: User) Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3934355252-3637834310-3928749112-1000\...\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [1442384 2015-03-26] (BitTorrent Inc.) HKU\S-1-5-21-3934355252-3637834310-3928749112-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.) IFEO\jumpflip: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 217.18.242.74 217.18.242.146 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\b623ije8.default-1428251311566 FF Homepage: hxxp://www.google.bg/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-08] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-08] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3934355252-3637834310-3928749112-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-18] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3934355252-3637834310-3928749112-1000: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml [2014-07-17] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2014-07-17] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml [2014-07-17] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2014-07-17] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-05] Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-01] CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-21] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-21] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-21] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-21] CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-01] CHR Extension: (kdliiojahgmpdhebagjlmompdkkfckee) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdliiojahgmpdhebagjlmompdkkfckee [2015-04-01] CHR Extension: (winter web) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lalfbopdcggfdchjfgkhgnifhippfnco [2015-04-01] CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-08] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-21] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-21] CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-14] (AVG Technologies) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [179752 2009-10-12] (Marvell Semiconductor, Inc.) U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2015-04-05] (Greatis Software) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-05 23:16 - 2015-04-05 23:16 - 00013256 _____ () C:\Users\User\Desktop\FRST.txt 2015-04-05 23:16 - 2015-04-05 23:16 - 00000000 ____D () C:\FRST 2015-04-05 22:09 - 2015-04-05 22:09 - 02095616 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2015-04-05 21:33 - 2015-04-05 21:33 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-04-05 19:10 - 2015-04-05 19:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-05 19:10 - 2015-04-05 19:10 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-04-05 19:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-05 19:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-05 19:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-05 18:53 - 2015-04-05 19:01 - 00000000 ____D () C:\ProgramData\RegRun 2015-04-05 18:52 - 2015-04-05 19:01 - 00000000 ____D () C:\Users\User\Documents\RegRun2 2015-04-05 18:52 - 2015-04-05 19:01 - 00000000 ____D () C:\Users\Public\Documents\regruninfo 2015-04-05 18:52 - 2015-04-05 18:52 - 00035816 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys 2015-04-05 18:52 - 2015-04-05 18:52 - 00003320 _____ () C:\Windows\System32\Tasks\UnHackMe Task Scheduler 2015-04-05 18:52 - 2015-04-05 18:52 - 00001011 _____ () C:\Users\User\Desktop\UnHackMe.lnk 2015-04-05 18:52 - 2015-04-05 18:52 - 00000002 RSHOT () C:\Windows\winstart.bat 2015-04-05 18:52 - 2015-04-05 18:52 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT 2015-04-05 18:52 - 2015-04-05 18:52 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT 2015-04-05 18:52 - 2015-04-05 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe 2015-04-05 18:52 - 2015-04-05 18:52 - 00000000 ____D () C:\Program Files (x86)\UnHackMe 2015-04-05 18:52 - 2015-03-04 16:08 - 00012800 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys 2015-04-05 18:43 - 2015-04-05 18:43 - 00799113 _____ () C:\Users\User\Desktop\bookmarks-2015-04-05.json 2015-04-05 10:21 - 2015-04-05 10:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-04-05 10:21 - 2015-04-05 10:21 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-04-05 10:21 - 2015-04-05 10:21 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2015-04-05 10:21 - 2015-04-05 10:21 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2015-04-05 10:21 - 2015-04-05 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-04-05 10:21 - 2015-04-05 10:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-04-05 10:21 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2015-04-05 08:54 - 2015-04-05 08:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-04 21:41 - 2015-04-05 19:28 - 00000000 ____D () C:\Users\User\Desktop\Стари данни Firefox 2015-04-02 14:31 - 2015-04-02 14:31 - 00000000 ____D () C:\Users\User\Tracing 2015-04-02 10:59 - 2015-04-02 10:59 - 00753184 _____ () C:\Users\User\Downloads\Adware-Removal-Tool-v3.9.1.exe 2015-04-02 10:54 - 2015-04-02 10:54 - 00002252 _____ () C:\Users\User\Downloads\software_removal_tool.log 2015-04-02 09:34 - 2015-04-05 23:13 - 00000000 ____D () C:\AdwCleaner 2015-04-01 21:39 - 2015-04-04 09:39 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-04-01 20:38 - 2015-04-04 09:41 - 00000000 ____D () C:\Program Files (x86)\winter web 2015-03-31 11:14 - 2015-03-31 11:14 - 00005655 _____ () C:\Users\User\AppData\Roaming\Aq2NwgUI4gSccuOh7R0EhHSoa 2015-03-31 11:14 - 2015-03-31 11:14 - 00004387 _____ () C:\Users\User\AppData\Roaming\dYeLfBmsrFz0iCkSvUk1F 2015-03-29 19:53 - 2015-03-29 19:53 - 00000000 ____D () C:\Users\User\Desktop\29.3.2015 2015-03-20 11:46 - 2015-03-20 11:46 - 00275368 _____ () C:\Windows\Minidump\032015-41917-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-05 23:16 - 2014-07-21 13:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent 2015-04-05 23:15 - 2014-07-23 12:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2015-04-05 23:14 - 2014-07-21 22:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-05 23:14 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-05 23:14 - 2009-07-14 07:51 - 00029344 _____ () C:\Windows\setupact.log 2015-04-05 23:13 - 2014-12-07 02:46 - 01629287 _____ () C:\Windows\WindowsUpdate.log 2015-04-05 23:13 - 2009-07-14 07:45 - 00015488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-05 23:13 - 2009-07-14 07:45 - 00015488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-05 23:08 - 2014-07-21 23:07 - 00018196 _____ () C:\Windows\PFRO.log 2015-04-05 23:05 - 2014-08-08 13:29 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool 2015-04-05 23:00 - 2014-08-01 08:52 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4CEDA2E5-FB97-4616-BB76-3DF5D55E882C} 2015-04-05 22:43 - 2015-01-14 10:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-05 22:31 - 2014-07-21 22:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-05 22:21 - 2009-07-14 08:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-05 19:22 - 2014-08-08 10:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-05 19:22 - 2009-07-14 10:13 - 00000000 ____D () C:\Windows\CSC 2015-04-05 17:28 - 2014-08-07 14:14 - 00000000 ____D () C:\ProgramData\MFAData 2015-04-05 10:11 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-04-04 21:54 - 2014-08-08 13:29 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe 2015-04-03 03:35 - 2014-07-21 22:09 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-04-02 14:31 - 2014-07-23 12:47 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-04-02 14:31 - 2014-07-23 12:47 - 00000000 ____D () C:\ProgramData\Skype 2015-03-28 23:59 - 2014-08-06 16:24 - 00000321 _____ () C:\Windows\Brownie.ini 2015-03-28 23:12 - 2015-01-14 10:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-03-28 23:12 - 2014-07-23 12:33 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe 2015-03-28 23:11 - 2015-01-14 10:46 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-03-28 23:11 - 2015-01-14 10:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-20 14:27 - 2014-07-21 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 2015-03-20 11:46 - 2014-08-15 11:30 - 00000000 ____D () C:\Windows\Minidump 2015-03-20 11:46 - 2014-06-16 13:13 - 644314156 _____ () C:\Windows\MEMORY.DMP 2015-03-11 12:54 - 2014-07-21 23:31 - 00000000 ____D () C:\Users\User\AppData\Local\Unity 2015-03-08 21:20 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\registration ==================== Files in the root of some directories ======= 2015-03-31 11:14 - 2015-03-31 11:14 - 0005655 _____ () C:\Users\User\AppData\Roaming\Aq2NwgUI4gSccuOh7R0EhHSoa 2015-03-31 11:14 - 2015-03-31 11:14 - 0004387 _____ () C:\Users\User\AppData\Roaming\dYeLfBmsrFz0iCkSvUk1F 2014-07-26 20:20 - 2014-11-20 11:21 - 0007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg 2014-07-27 23:37 - 2014-07-27 23:37 - 0000000 _____ () C:\Users\User\AppData\Local\{3A4FD82F-CC27-4BBC-ACFF-FF705728FA06} Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\Quarantine.exe C:\Users\User\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-04 00:56 ==================== End Of Log ============================ Addition.txt
  4. Пълен скан с MBAM под safe mode не намери нищо. *edit - оказа се че проблемът е бил в Windows Update клиента, инсталирането на ъпдейт KB3050265 от сайта на Майкрософт го оправи. Моля, заключете/изтрийте темата.
  5. Писах за проблема с това че постоянно ми излизат реклами докато сърфирам в интернет и ме посъветваха да си изтегля една програма на име "Farbar Recovery ScaN TOOL" i като сканирам с нея да копирам съдържанието на единия файл тук а другия да го прикрепя така и правя. Ran by georgi (administrator) on GEORGI on 15-01-2015 15:44:49 Running from D:\Download Loaded Profiles: georgi (Available profiles: georgi) Platform: Windows 8.1 N (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (XTab system) C:\Program Files (x86)\XTab\ProtectService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Buca Apps) C:\Program Files (x86)\Super Radio\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-6.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe (XTab system) C:\Program Files (x86)\XTab\HPNotify.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (BitTorrent Inc.) C:\Users\georgi\AppData\Roaming\uTorrent\uTorrent.exe (Safebridge GmbH) C:\Users\georgi\AppData\Local\Apps\2.0\LORV2KO8.YTG\1WYA2691.LHD\sfb...tion_07c596ec85ac2238_0001.0006_60d5a9d76d81363d\Sfb.Client.App.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2015-01-12] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2015-01-12] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro) HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd) HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3848238859-4023326001-2967766439-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&q={searchTerms} HKU\S-1-5-21-3848238859-4023326001-2967766439-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 HKU\S-1-5-21-3848238859-4023326001-2967766439-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-3848238859-4023326001-2967766439-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&q={searchTerms} SearchScopes: HKU\S-1-5-21-3848238859-4023326001-2967766439-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&ts=1421125840&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3848238859-4023326001-2967766439-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&ts=1421125840&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3848238859-4023326001-2967766439-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&ts=1421125840&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3848238859-4023326001-2967766439-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&ts=1421125840&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3848238859-4023326001-2967766439-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&ts=1421125840&type=default&q={searchTerms} BHO: Super Radio -> {11111111-1111-1111-1111-110611791177} -> C:\Program Files (x86)\Super Radio\Super Radio-bho64.dll (Buca Apps) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Super Radio -> {11111111-1111-1111-1111-110611791177} -> C:\Program Files (x86)\Super Radio\Super Radio-bho.dll (Buca Apps) BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 CHR StartupUrls: Default -> "https://www.google.com/" CHR DefaultSearchKeyword: Default -> webssearches CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Презентации) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-12] CHR Extension: (Google Документи) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-12] CHR Extension: (Google Диск) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-12] CHR Extension: (YouTube) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-12] CHR Extension: (Adblock Plus) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-15] CHR Extension: (Google Търсене) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-12] CHR Extension: (Електронни таблици от Google) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-12] CHR Extension: (Google Wallet) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-12] CHR Extension: (Gmail) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-12] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-09-04] (Broadcom Corporation.) S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-12] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-12] (globalUpdate) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation) R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2015-01-07] (XTab system) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] () S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] () R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-15 15:44 - 2015-01-15 15:44 - 00000000 ____D () C:\FRST 2015-01-15 15:04 - 2015-01-15 15:33 - 00070656 ___SH () C:\Users\georgi\Desktop\Thumbs.db 2015-01-14 19:56 - 2015-01-14 19:56 - 00000358 _____ () C:\Users\georgi\Desktop\Safebridge - Client (1.5).appref-ms 2015-01-14 19:56 - 2015-01-14 19:56 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Safebridge GmbH 2015-01-14 19:55 - 2015-01-14 19:56 - 00000000 ____D () C:\Users\georgi\AppData\Local\Deployment 2015-01-14 19:55 - 2015-01-14 19:55 - 00000000 ____D () C:\Users\georgi\AppData\Local\Apps\2.0 2015-01-14 19:41 - 2015-01-14 19:41 - 00002990 _____ () C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements 2015-01-14 19:41 - 2015-01-14 19:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf 2015-01-14 19:41 - 2015-01-14 19:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2015-01-14 19:41 - 2015-01-14 19:41 - 00000000 ____D () C:\Program Files\Synaptics 2015-01-14 19:41 - 2013-08-14 15:01 - 00722160 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll 2015-01-14 19:41 - 2013-08-14 15:01 - 00527600 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys 2015-01-14 19:41 - 2013-08-14 15:01 - 00421616 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo19.dll 2015-01-14 19:41 - 2013-08-14 15:01 - 00400112 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll 2015-01-14 19:41 - 2013-08-14 15:01 - 00251632 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll 2015-01-14 19:41 - 2013-08-14 15:01 - 00169712 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCom.dll 2015-01-14 19:40 - 2015-01-14 19:41 - 00001356 _____ () C:\Windows\Synaptics.log 2015-01-14 19:40 - 2013-08-14 15:01 - 00034544 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys 2015-01-14 19:33 - 2015-01-14 19:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2015-01-14 19:32 - 2014-12-31 03:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-14 19:29 - 2015-01-14 19:29 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help 2015-01-14 19:29 - 2015-01-14 19:29 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help 2015-01-14 19:23 - 2015-01-14 19:26 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 19:23 - 2014-12-31 13:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 19:22 - 2015-01-14 19:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET 2015-01-13 21:52 - 2014-10-30 14:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-01-13 21:52 - 2014-10-30 14:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-01-13 21:52 - 2014-02-10 18:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2015-01-13 21:52 - 2014-02-10 18:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2015-01-13 21:52 - 2014-01-06 23:03 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.exe 2015-01-13 21:52 - 2014-01-06 21:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe 2015-01-13 21:52 - 2013-12-08 18:57 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-01-13 21:52 - 2013-12-08 17:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-01-13 21:52 - 2013-11-08 22:34 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe 2015-01-13 21:52 - 2013-11-08 22:34 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll 2015-01-13 21:52 - 2013-11-08 21:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll 2015-01-13 21:52 - 2013-10-15 00:54 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2015-01-13 21:52 - 2013-10-15 00:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2015-01-13 21:28 - 2015-01-13 21:28 - 00000000 ____D () C:\Windows\SysWOW64\Drivers\bg-BG 2015-01-13 21:28 - 2015-01-13 21:28 - 00000000 ____D () C:\Windows\system32\Drivers\bg-BG 2015-01-13 21:28 - 2015-01-13 21:28 - 00000000 ____D () C:\Windows\system32\bg 2015-01-13 21:28 - 2015-01-13 21:28 - 00000000 ____D () C:\Windows\bg-BG 2015-01-13 20:40 - 2015-01-13 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2015-01-13 20:40 - 2015-01-13 20:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2015-01-13 20:19 - 2015-01-13 20:19 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\WinRAR 2015-01-12 21:28 - 2015-01-12 21:28 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2015-01-12 21:28 - 2015-01-12 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint 2015-01-12 21:28 - 2015-01-12 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-01-12 21:27 - 2015-01-12 21:27 - 00000000 ____D () C:\Windows\PCHEALTH 2015-01-12 21:27 - 2015-01-12 21:27 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework 2015-01-12 21:27 - 2015-01-12 21:27 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-01-12 21:26 - 2015-01-12 21:26 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services 2015-01-12 21:26 - 2015-01-12 21:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8 2015-01-12 21:26 - 2015-01-12 21:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2015-01-12 21:25 - 2015-01-14 19:45 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-01-12 21:25 - 2015-01-12 21:27 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-01-12 21:25 - 2015-01-12 21:25 - 00000000 __RHD () C:\MSOCache 2015-01-12 21:25 - 2015-01-12 21:25 - 00000000 ____D () C:\Users\georgi\AppData\Local\Microsoft Help 2015-01-12 21:25 - 2015-01-12 21:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2015-01-12 21:17 - 2015-01-12 21:17 - 00007532 _____ () C:\Users\georgi\Downloads\Microsoft Office Professional Plus 2010 with Service Pack 1 VL EN x64.torrent 2015-01-12 21:11 - 2015-01-13 21:46 - 00000000 ____D () C:\The KMPlayer 2015-01-12 21:11 - 2015-01-12 21:11 - 00000642 _____ () C:\Users\georgi\Desktop\KMPlayer.lnk 2015-01-12 21:11 - 2015-01-12 21:11 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer 2015-01-12 21:10 - 2015-01-12 21:10 - 00000000 ____D () C:\ProgramData\IHProtectUpDate 2015-01-12 21:10 - 2015-01-12 21:10 - 00000000 ____D () C:\Program Files (x86)\XTab 2015-01-12 21:08 - 2015-01-12 21:08 - 35867784 _____ (PandoraTV) C:\Users\georgi\Downloads\3.9.1.132_20150106114303.exe 2015-01-12 21:08 - 2015-01-12 21:08 - 32830712 _____ (PandoraTV) C:\Users\georgi\Downloads\3.9.0.126_20140723022507.exe 2015-01-12 21:03 - 2015-01-12 21:03 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-01-12 20:53 - 2015-01-12 20:54 - 00001301 ____H () C:\Windows\EPMBatch.ept 2015-01-12 20:44 - 2015-01-15 14:44 - 00003106 _____ () C:\Windows\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-1.job 2015-01-12 20:44 - 2015-01-15 14:44 - 00002442 _____ () C:\Windows\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-5_user.job 2015-01-12 20:44 - 2015-01-15 14:44 - 00002442 _____ () C:\Windows\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-5.job 2015-01-12 20:44 - 2015-01-15 14:44 - 00002106 _____ () C:\Windows\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-2.job 2015-01-12 20:44 - 2015-01-12 20:44 - 00006110 _____ () C:\Windows\System32\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-1 2015-01-12 20:44 - 2015-01-12 20:44 - 00005446 _____ () C:\Windows\System32\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-5 2015-01-12 20:44 - 2015-01-12 20:44 - 00005110 _____ () C:\Windows\System32\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-2 2015-01-12 20:43 - 2015-01-15 15:43 - 00005514 _____ () C:\Windows\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-6.job 2015-01-12 20:43 - 2015-01-15 14:48 - 00000942 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-01-12 20:43 - 2015-01-15 14:43 - 00005178 _____ () C:\Windows\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-7.job 2015-01-12 20:43 - 2015-01-14 20:48 - 00000938 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-01-12 20:43 - 2015-01-12 20:44 - 00000000 ____D () C:\Program Files (x86)\Super Radio 2015-01-12 20:43 - 2015-01-12 20:43 - 00008518 _____ () C:\Windows\System32\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-6 2015-01-12 20:43 - 2015-01-12 20:43 - 00008182 _____ () C:\Windows\System32\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-7 2015-01-12 20:43 - 2015-01-12 20:43 - 00003914 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA 2015-01-12 20:43 - 2015-01-12 20:43 - 00003678 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore 2015-01-12 20:43 - 2015-01-12 20:43 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\TuneUp Software 2015-01-12 20:43 - 2015-01-12 20:43 - 00000000 ____D () C:\Users\georgi\AppData\Local\TuneUp Software 2015-01-12 20:43 - 2015-01-12 20:43 - 00000000 ____D () C:\Users\georgi\AppData\Local\globalUpdate 2015-01-12 20:43 - 2015-01-12 20:43 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2015-01-12 20:43 - 2015-01-12 20:43 - 00000000 ____D () C:\Program Files (x86)\16e500f2-b385-4bcf-9ae1-8edce20f16c8 2015-01-12 20:42 - 2015-01-12 20:43 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-01-12 20:42 - 2015-01-12 20:42 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-01-12 20:41 - 2015-01-12 20:41 - 00001408 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 10.2.lnk 2015-01-12 20:41 - 2015-01-12 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.2 2015-01-12 20:41 - 2015-01-12 20:41 - 00000000 ____D () C:\Program Files (x86)\EaseUS 2015-01-12 20:41 - 2014-11-18 14:46 - 03384928 _____ () C:\Windows\system32\BootMan.exe 2015-01-12 20:41 - 2014-11-18 14:46 - 02502240 _____ () C:\Windows\SysWOW64\BootMan.exe 2015-01-12 20:41 - 2014-11-18 14:46 - 00021088 _____ () C:\Windows\SysWOW64\EuEpmGdi.dll 2015-01-12 20:41 - 2014-11-18 14:46 - 00017504 _____ () C:\Windows\system32\EuEpmGdi.dll 2015-01-12 20:41 - 2014-11-18 14:39 - 00018528 _____ () C:\Windows\system32\epmntdrv.sys 2015-01-12 20:41 - 2014-11-18 14:39 - 00014944 _____ () C:\Windows\SysWOW64\epmntdrv.sys 2015-01-12 20:41 - 2014-11-18 14:39 - 00010848 _____ () C:\Windows\system32\EuGdiDrv.sys 2015-01-12 20:41 - 2014-11-18 14:39 - 00010208 _____ () C:\Windows\SysWOW64\EuGdiDrv.sys 2015-01-12 20:41 - 2014-11-18 14:38 - 00101984 _____ () C:\Windows\system32\setupempdrvx64.exe 2015-01-12 20:41 - 2014-11-18 14:38 - 00088160 _____ () C:\Windows\SysWOW64\setupempdrv03.exe 2015-01-12 20:39 - 2015-01-13 20:40 - 00001947 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2015-01-12 20:39 - 2015-01-13 20:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2015-01-12 20:39 - 2015-01-12 20:39 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-12 20:39 - 2015-01-12 20:39 - 00002039 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2015-01-12 20:39 - 2015-01-12 20:39 - 00000000 ____D () C:\ProgramData\McAfee 2015-01-12 20:39 - 2015-01-12 20:39 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-01-12 20:38 - 2015-01-14 14:52 - 00000000 ____D () C:\Users\georgi\AppData\Local\Adobe 2015-01-12 20:38 - 2015-01-12 21:01 - 00000000 ____D () C:\ProgramData\Adobe 2015-01-12 20:35 - 2015-01-12 20:35 - 01937984 _____ () C:\Users\georgi\Downloads\winrar-x64-521b1 (1).exe 2015-01-12 20:35 - 2015-01-12 20:35 - 00001009 _____ () C:\Users\georgi\Desktop\WinRAR.lnk 2015-01-12 20:35 - 2015-01-12 20:35 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-12 20:35 - 2015-01-12 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-12 20:35 - 2015-01-12 20:35 - 00000000 ____D () C:\Program Files\WinRAR 2015-01-12 20:34 - 2015-01-12 20:34 - 01937984 _____ () C:\Users\georgi\Downloads\winrar-x64-521b1.exe 2015-01-12 20:24 - 2015-01-12 20:40 - 30603720 _____ (EaseUS ) C:\Users\georgi\Downloads\epm.exe 2015-01-12 20:20 - 2015-01-12 21:09 - 00002487 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-12 20:20 - 2015-01-12 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-01-12 20:19 - 2015-01-15 15:24 - 00001012 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-12 20:19 - 2015-01-14 20:24 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-12 20:19 - 2015-01-12 20:20 - 00000000 ____D () C:\Users\georgi\AppData\Local\Google 2015-01-12 20:19 - 2015-01-12 20:20 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-12 20:19 - 2015-01-12 20:19 - 00003984 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-01-12 20:19 - 2015-01-12 20:19 - 00003748 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-01-12 20:12 - 2015-01-14 19:41 - 00013746 _____ () C:\Windows\DPINST.LOG 2015-01-12 20:12 - 2015-01-12 20:12 - 00002106 _____ () C:\Users\Public\Desktop\OneKey Recovery.lnk 2015-01-12 20:12 - 2015-01-12 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo 2015-01-12 20:12 - 2015-01-12 20:12 - 00000000 ____D () C:\ProgramData\Energy Manager 2015-01-12 20:12 - 2015-01-12 20:12 - 00000000 ____D () C:\ProgramData\Downloaded Installations 2015-01-12 20:12 - 2015-01-12 20:12 - 00000000 ____D () C:\Program Files\DIFX 2015-01-12 20:11 - 2015-01-12 20:12 - 00000000 ____D () C:\ProgramData\OneKey Recovery 2015-01-12 20:11 - 2015-01-12 20:11 - 00000000 ____D () C:\ProgramData\Temp 2015-01-12 20:11 - 2012-06-13 17:10 - 00102376 _____ ("CyberLink) C:\Windows\system32\Drivers\wsvd.sys 2015-01-12 20:09 - 2015-01-12 20:09 - 00836954 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-12 20:09 - 2015-01-12 20:09 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\Intel Corporation 2015-01-12 20:09 - 2013-07-03 11:25 - 00074344 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelPcc.sys 2015-01-12 20:08 - 2015-01-12 20:08 - 00000000 ____D () C:\Users\georgi\Intel 2015-01-12 20:07 - 2015-01-12 20:09 - 00000000 ____D () C:\ProgramData\Intel 2015-01-12 20:07 - 2013-09-04 07:53 - 00016344 ____R (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll 2015-01-12 20:06 - 2015-01-12 20:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2015-01-12 20:06 - 2013-09-04 07:53 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll 2015-01-12 20:06 - 2013-09-04 07:53 - 00099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys 2015-01-12 20:05 - 2015-01-12 20:05 - 00000000 ____D () C:\Program Files (x86)\USB Camera 2015-01-12 20:04 - 2015-01-12 20:04 - 00000000 ____D () C:\Users\georgi\Documents\Bluetooth Exchange Folder 2015-01-12 20:04 - 2015-01-12 20:04 - 00000000 ____D () C:\Users\georgi\AppData\Local\Broadcom 2015-01-12 20:04 - 2015-01-12 20:04 - 00000000 ____D () C:\Program Files (x86)\Vimicro 2015-01-12 20:04 - 2013-08-30 11:10 - 01065472 _____ (Vimicro Corporation) C:\Windows\system32\Drivers\vm331avs.sys 2015-01-12 20:04 - 2013-08-30 10:49 - 00001677 _____ () C:\Windows\vm331Rmv.ini 2015-01-12 20:04 - 2013-08-30 10:49 - 00001677 _____ () C:\Windows\SysWOW64\vm331Rmv.ini 2015-01-12 20:04 - 2013-05-21 16:53 - 00663552 _____ () C:\Windows\SysWOW64\vmprp331.ax 2015-01-12 20:04 - 2013-05-21 16:52 - 01072640 _____ () C:\Windows\system32\331prx64.ax 2015-01-12 20:04 - 2013-04-15 16:24 - 00358912 _____ (Vimicro Corporation) C:\Windows\system32\VmCoinst.dll 2015-01-12 20:04 - 2010-07-01 08:38 - 00000356 _____ () C:\Windows\system\vm331avs.rsf 2015-01-12 20:03 - 2013-07-12 07:41 - 00228568 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys 2015-01-12 20:03 - 2013-07-12 07:41 - 00186584 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys 2015-01-12 20:03 - 2013-07-12 07:41 - 00038616 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys 2015-01-12 20:03 - 2012-07-27 10:18 - 00040248 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys 2015-01-12 20:02 - 2015-01-12 20:11 - 00000000 ____D () C:\Program Files\Lenovo 2015-01-12 20:01 - 2015-01-12 20:12 - 00000000 ____D () C:\Program Files (x86)\Lenovo 2015-01-12 20:01 - 2015-01-12 20:01 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\InstallShield 2015-01-12 20:01 - 2013-08-07 13:37 - 07474864 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL63a.SYS 2015-01-12 20:01 - 2013-08-07 12:17 - 04011520 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll 2015-01-12 20:01 - 2013-08-07 12:16 - 03777024 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll 2015-01-12 20:00 - 2015-01-12 20:00 - 00000000 ____H () C:\ProgramData\DP45977C.lfl 2015-01-12 20:00 - 2015-01-12 20:00 - 00000000 ____D () C:\ProgramData\AmUStor 2015-01-12 20:00 - 2015-01-12 20:00 - 00000000 ____D () C:\Program Files\Dolby Digital Plus 2015-01-12 20:00 - 2015-01-12 20:00 - 00000000 ____D () C:\Program Files (x86)\AmIcoSingLun 2015-01-12 19:59 - 2013-08-11 22:54 - 06101504 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll 2015-01-12 19:59 - 2013-08-11 22:54 - 01897984 _____ (IDT, Inc.) C:\Windows\system32\IDTNC64.cpl 2015-01-12 19:59 - 2013-08-11 22:54 - 00338944 _____ (IDT, Inc.) C:\Windows\system32\stacsv64.exe 2015-01-12 19:59 - 2013-08-11 22:54 - 00088576 _____ (IDT, Inc.) C:\Windows\system32\IDTPMA64.exe 2015-01-12 19:58 - 2013-08-11 22:54 - 02213376 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll 2015-01-12 19:58 - 2013-08-11 22:54 - 00697856 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll 2015-01-12 19:58 - 2013-08-11 22:54 - 00551936 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys 2015-01-12 19:58 - 2013-08-11 22:54 - 00499200 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll 2015-01-12 19:58 - 2013-08-11 22:54 - 00256000 _____ (IDT, Inc.) C:\Windows\system32\st646490.dll 2015-01-12 19:58 - 2013-08-05 18:11 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll 2015-01-12 19:58 - 2013-08-05 13:56 - 06219096 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll 2015-01-12 19:58 - 2013-08-05 13:56 - 01908568 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll 2015-01-12 19:58 - 2013-08-05 13:56 - 00312152 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll 2015-01-12 19:58 - 2013-08-05 13:56 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll 2015-01-12 19:57 - 2015-01-12 20:00 - 00000000 ____D () C:\Program Files\IDT 2015-01-12 19:57 - 2015-01-12 19:57 - 00000000 ____D () C:\Windows\SysWOW64\Atheros_L1e 2015-01-12 19:57 - 2013-08-05 11:50 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll 2015-01-12 19:57 - 2013-07-18 13:55 - 00130248 _____ (Qualcomm Atheros Co., Ltd.) C:\Windows\system32\Drivers\L1C63x64.sys 2015-01-12 19:54 - 2015-01-12 20:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-12 19:53 - 2015-01-12 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PartitionMagic 8.0 2015-01-12 19:49 - 2015-01-12 19:49 - 00000000 ____D () C:\Users\georgi\AppData\Local\Intel_Corporation 2015-01-12 19:46 - 2015-01-15 15:24 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\Skype 2015-01-12 19:46 - 2015-01-12 19:46 - 00002713 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-01-12 19:46 - 2015-01-12 19:46 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-12 19:46 - 2015-01-12 19:46 - 00000000 ____D () C:\Users\georgi\AppData\Local\Skype 2015-01-12 19:46 - 2015-01-12 19:46 - 00000000 ____D () C:\ProgramData\Skype 2015-01-12 19:46 - 2015-01-12 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-12 19:45 - 2015-01-12 19:45 - 00001367 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk 2015-01-12 19:44 - 2015-01-12 20:43 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2015-01-12 19:44 - 2015-01-12 19:45 - 00000000 ____D () C:\Users\georgi\AppData\Local\NVIDIA 2015-01-12 19:44 - 2015-01-12 19:44 - 00000000 ____D () C:\Users\georgi\AppData\Local\NVIDIA Corporation 2015-01-12 19:44 - 2015-01-12 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-01-12 19:44 - 2014-07-25 06:01 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2015-01-12 19:44 - 2014-07-25 06:01 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2015-01-12 19:44 - 2014-07-25 06:01 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2015-01-12 19:44 - 2014-07-25 06:01 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2015-01-12 19:44 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2015-01-12 19:44 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2015-01-12 19:44 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2015-01-12 19:44 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2015-01-12 19:44 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2015-01-12 19:44 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2015-01-12 19:43 - 2015-01-12 19:44 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2015-01-12 19:42 - 2015-01-12 20:41 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\OpenCandy 2015-01-12 19:42 - 2015-01-12 19:42 - 00000896 _____ () C:\Users\georgi\Desktop\µTorrent.lnk 2015-01-12 19:42 - 2015-01-12 19:42 - 00000876 _____ () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-01-12 19:42 - 2015-01-12 19:42 - 00000000 ____D () C:\ProgramData\APN 2015-01-12 19:42 - 2014-07-02 12:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 14498552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-01-12 19:42 - 2014-07-02 12:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 02814656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-01-12 19:42 - 2014-03-31 08:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2015-01-12 19:42 - 2014-03-31 08:42 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2015-01-12 19:42 - 2014-03-31 08:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2015-01-12 19:41 - 2015-01-15 15:45 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\uTorrent 2015-01-12 19:41 - 2015-01-12 19:41 - 00000000 ____D () C:\NVIDIA 2015-01-12 19:38 - 2015-01-12 19:38 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\Macromedia 2015-01-12 19:33 - 2015-01-12 20:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-01-12 19:33 - 2015-01-12 20:09 - 00000000 ____D () C:\Program Files (x86)\Intel 2015-01-12 19:33 - 2015-01-12 19:33 - 00000732 _____ () C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk 2015-01-12 19:32 - 2015-01-12 20:09 - 00000000 ____D () C:\Program Files\Intel 2015-01-12 19:32 - 2013-10-05 14:32 - 07587824 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 02474856 _____ (Intel Corporation) C:\Windows\system32\SETCE2D.tmp 2015-01-12 19:32 - 2013-10-05 14:32 - 00844784 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 00771056 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 00769520 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 00754672 _____ (Intel Corporation) C:\Windows\system32\GfxUIHotKeyMenu.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 00396272 _____ (Intel Corporation) C:\Windows\system32\CustomModeApp.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 00393712 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 00391152 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 00279024 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 00153072 _____ (Intel Corporation) C:\Windows\system32\difx64.exe 2015-01-12 19:32 - 2013-10-02 01:25 - 00180224 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3316.dll 2015-01-12 19:32 - 2013-10-02 01:20 - 00002940 _____ () C:\Windows\system32\iglhxs64.vp 2015-01-12 19:32 - 2013-10-02 01:17 - 07850496 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll 2015-01-12 19:32 - 2013-10-02 01:17 - 00412160 _____ () C:\Windows\system32\igdmd64.dll 2015-01-12 19:32 - 2013-10-02 01:16 - 12130304 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll 2015-01-12 19:32 - 2013-10-02 01:16 - 09081856 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll 2015-01-12 19:32 - 2013-10-02 01:16 - 04185600 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys 2015-01-12 19:32 - 2013-10-02 01:16 - 00526848 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00526336 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00525312 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00524800 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00524800 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00524288 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00524288 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00523776 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00523776 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00220672 _____ () C:\Windows\system32\igdde64.dll 2015-01-12 19:32 - 2013-10-02 01:16 - 00160256 _____ () C:\Windows\system32\igdail64.dll 2015-01-12 19:32 - 2013-10-02 01:16 - 00066560 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 04067328 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 02384896 _____ () C:\Windows\system32\GfxRes.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 00623616 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 00548864 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 00527360 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00526848 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00526848 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00526336 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00526336 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00525312 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00525312 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00525312 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00524800 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00523776 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00522240 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00521728 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00517120 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00516096 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00513536 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00513024 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00371200 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00345600 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 00279040 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl 2015-01-12 19:32 - 2013-10-02 01:15 - 00265030 _____ () C:\Windows\system32\Gfxres.th-TH.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00251250 _____ () C:\Windows\system32\Gfxres.el-GR.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00243712 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 00233293 _____ () C:\Windows\system32\Gfxres.ru-RU.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00223744 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 00199323 _____ () C:\Windows\system32\Gfxres.ar-SA.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00196855 _____ () C:\Windows\system32\Gfxres.ja-JP.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00194048 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 00190937 _____ () C:\Windows\system32\Gfxres.he-IL.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00179235 _____ () C:\Windows\system32\Gfxres.ko-KR.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00179170 _____ () C:\Windows\system32\Gfxres.it-IT.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00176818 _____ () C:\Windows\system32\Gfxres.es-ES.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00176555 _____ () C:\Windows\system32\Gfxres.fr-FR.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00176526 _____ () C:\Windows\system32\Gfxres.de-DE.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00175165 _____ () C:\Windows\system32\Gfxres.ro-RO.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00174165 _____ () C:\Windows\system32\Gfxres.hu-HU.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00173876 _____ () C:\Windows\system32\Gfxres.tr-TR.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00173626 _____ () C:\Windows\system32\Gfxres.pl-PL.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00173401 _____ () C:\Windows\system32\Gfxres.nl-NL.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00172630 _____ () C:\Windows\system32\Gfxres.pt-BR.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00171980 _____ () C:\Windows\system32\Gfxres.fi-FI.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00171631 _____ () C:\Windows\system32\Gfxres.sk-SK.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00171464 _____ () C:\Windows\system32\Gfxres.sv-SE.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00171207 _____ () C:\Windows\system32\Gfxres.pt-PT.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00170928 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00170073 _____ () C:\Windows\system32\Gfxres.hr-HR.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00166591 _____ () C:\Windows\system32\Gfxres.sl-SI.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00165303 _____ () C:\Windows\system32\Gfxres.nb-NO.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00164653 _____ () C:\Windows\system32\Gfxres.da-DK.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00159945 _____ () C:\Windows\system32\Gfxres.en-US.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00153231 _____ () C:\Windows\system32\Gfxres.zh-TW.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00151479 _____ () C:\Windows\system32\Gfxres.zh-CN.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00029184 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 00012288 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 25986048 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 11417600 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 06225408 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 03292672 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 00492032 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 00343040 _____ () C:\Windows\SysWOW64\igdmd32.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 00329216 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 00304640 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 00180736 _____ () C:\Windows\SysWOW64\igdde32.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 00142848 _____ () C:\Windows\SysWOW64\igdail32.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 00025088 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll 2015-01-12 19:32 - 2013-10-02 01:01 - 20946944 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll 2015-01-12 19:32 - 2013-10-02 01:01 - 02974208 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll 2015-01-12 19:32 - 2013-10-02 01:01 - 00290816 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll 2015-01-12 19:32 - 2013-10-02 01:01 - 00253440 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 04010144 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAAC64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 01423520 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSecureSourceFilter64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 00750752 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiWinNextAgent64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 00632480 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAudioFilter64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 00598688 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMux64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 00344736 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSilenceFilter64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 00209056 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUtils64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 00176288 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiDDEAgent64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 00121504 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMCUMD64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 00094368 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiLogServer64.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 02064896 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 01814016 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 01127424 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 01123328 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 00214528 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 00179712 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 00158720 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 00149504 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 00133120 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 00128000 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 00064000 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll 2015-01-12 19:31 - 2015-01-15 15:23 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3848238859-4023326001-2967766439-1001 2015-01-12 19:30 - 2015-01-12 20:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-12 19:30 - 2015-01-12 19:45 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-01-12 19:30 - 2015-01-12 19:44 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-01-12 19:30 - 2014-10-03 17:37 - 00082432 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-01-12 19:30 - 2014-10-03 17:37 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2015-01-12 19:30 - 2014-07-02 10:55 - 06783776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-01-12 19:30 - 2014-07-02 10:55 - 03522392 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-01-12 19:30 - 2014-07-02 10:55 - 02559960 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-01-12 19:30 - 2014-07-02 10:55 - 01084704 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2015-01-12 19:30 - 2014-07-02 10:55 - 00935368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-01-12 19:30 - 2014-07-02 10:55 - 00618440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll 2015-01-12 19:30 - 2014-07-02 10:55 - 00386520 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-01-12 19:30 - 2014-07-02 10:55 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2015-01-12 19:30 - 2014-07-02 10:55 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-01-12 19:30 - 2014-07-02 02:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin 2015-01-12 19:29 - 2013-10-02 01:25 - 00449528 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys 2015-01-12 19:28 - 2015-01-15 15:30 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CB8B9234-3F65-4E42-BF87-1578FF027AF2} 2015-01-12 19:28 - 2015-01-12 19:28 - 00000424 _____ () C:\Users\georgi\Desktop\This PC - Shortcut.lnk 2015-01-12 19:28 - 2015-01-12 19:28 - 00000000 ____D () C:\Intel 2015-01-12 19:26 - 2015-01-15 15:34 - 00000000 ___RD () C:\Users\georgi\SkyDrive 2015-01-12 19:24 - 2015-01-14 14:52 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\Adobe 2015-01-12 19:24 - 2015-01-12 21:09 - 00001668 _____ () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-12 19:24 - 2015-01-12 19:25 - 00000000 ____D () C:\Users\georgi\AppData\Local\Packages 2015-01-12 19:24 - 2015-01-12 19:24 - 00003300 _____ () C:\Windows\System32\Tasks\KMS Server Daily Activate 2015-01-12 19:24 - 2015-01-12 19:24 - 00003114 _____ () C:\Windows\System32\Tasks\KMS Server OnLogon Activate 2015-01-12 19:24 - 2015-01-12 19:24 - 00000000 ____D () C:\Users\georgi\AppData\Local\VirtualStore 2015-01-12 19:24 - 2013-08-22 04:40 - 00040664 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys 2015-01-12 19:23 - 2015-01-14 14:24 - 00000000 ____D () C:\Users\georgi 2015-01-12 19:23 - 2015-01-12 19:23 - 00000020 ___SH () C:\Users\georgi\ntuser.ini 2015-01-12 19:23 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-12 19:23 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-12 19:23 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-01-12 19:23 - 2013-08-22 07:36 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-12 19:22 - 2015-01-14 14:31 - 00820548 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-12 19:19 - 2015-01-15 15:27 - 01814039 _____ () C:\Windows\WindowsUpdate.log 2015-01-12 19:15 - 2013-08-21 21:17 - 02407936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2015-01-12 19:12 - 2015-01-13 21:43 - 00005274 _____ () C:\Windows\PFRO.log 2015-01-12 19:12 - 2015-01-12 19:24 - 00000000 ____D () C:\Windows\Panther 2015-01-12 18:57 - 2015-01-12 18:57 - 00000000 ____D () C:\Windows.old ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-15 15:24 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-01-15 15:16 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-01-15 15:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru 2015-01-14 19:45 - 2013-08-22 05:25 - 00000167 _____ () C:\Windows\win.ini 2015-01-14 19:41 - 2013-08-22 06:45 - 00009889 _____ () C:\Windows\setupact.log 2015-01-14 19:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG 2015-01-14 19:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\bg-BG 2015-01-14 19:27 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates 2015-01-14 19:27 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Common Files\System 2015-01-14 19:25 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-01-14 14:24 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-13 21:43 - 2013-08-22 06:44 - 00473392 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-13 21:43 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-01-13 21:28 - 2013-08-22 11:12 - 00000000 ____D () C:\Program Files\Windows Journal 2015-01-13 21:28 - 2013-08-22 11:10 - 00000000 ____D () C:\Windows\SysWOW64\WCN 2015-01-13 21:28 - 2013-08-22 11:10 - 00000000 ____D () C:\Windows\SysWOW64\slmgr 2015-01-13 21:28 - 2013-08-22 11:10 - 00000000 ____D () C:\Windows\system32\WCN 2015-01-13 21:28 - 2013-08-22 11:10 - 00000000 ____D () C:\Windows\system32\slmgr 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\WinStore 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\migwiz 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\Help 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\FileManager 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-01-13 21:28 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe 2015-01-13 21:28 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\system32\Sysprep 2015-01-13 21:28 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\system32\oobe 2015-01-13 21:28 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\servicing 2015-01-12 21:28 - 2013-08-22 11:12 - 00000000 ____D () C:\Windows\ShellNew 2015-01-12 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-01-12 20:12 - 2013-02-17 10:48 - 00035600 _____ (Lenovo Corporation) C:\Windows\system32\Drivers\AcpiVpc.sys 2015-01-12 20:12 - 2012-02-21 05:48 - 02356592 _____ (Microsoft Corporation) C:\Windows\system32\WudfUpdate_01011.dll 2015-01-12 20:05 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System 2015-01-12 19:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\restore 2015-01-12 19:24 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\Camera 2015-01-12 19:24 - 2013-08-22 06:44 - 00000000 ____D () C:\Windows\Setup 2015-01-12 19:19 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache 2015-01-12 19:14 - 2013-08-22 07:37 - 00001720 _____ () C:\Windows\DtcInstall.log 2015-01-12 19:14 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\Recovery 2015-01-12 19:12 - 2013-08-22 07:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template Some content of TEMP: ==================== C:\Users\georgi\AppData\Local\Temp\DseShExt-x64.dll C:\Users\georgi\AppData\Local\Temp\DseShExt-x86.dll C:\Users\georgi\AppData\Local\Temp\ose00000.exe C:\Users\georgi\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\georgi\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\georgi\AppData\Local\Temp\TUUUninstallHelper.exe C:\Users\georgi\AppData\Local\Temp\utt966F.tmp.exe C:\Users\georgi\AppData\Local\Temp\_is279A.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-12 19:12 ==================== End Of Log ============================ Addition.txt
  6. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2015 Ran by dss (administrator) on EER-E4C3292B17D on 11-03-2015 00:44:39 Running from C:\Documents and Settings\dss\My Documents\Downloads Loaded Profiles: dss (Available profiles: dss) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (VIA Technologies, Inc.) C:\WINDOWS\system32\KaraokeSer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer3\TeamViewer_Host.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Logitech Inc.) C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) C:\Program Files\Logitech\Video\LogiTray.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (blekko) C:\Documents and Settings\All Users\Application Data\File Bulldog Anti-phishing Domain Advisor\filebulldog_antiphishing.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) D:\install\wcescomm.exe (Microsoft Corporation) D:\install\rapimgr.exe (Logitech Inc.) C:\Program Files\Logitech\Video\FxSvr2.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Softonic) C:\Documents and Settings\dss\Local Settings\Application Data\Softonic\Softonic.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [LVCOMSX] => C:\WINDOWS\system32\LVCOMSX.EXE [221184 2005-07-20] (Logitech Inc.) HKLM\...\Run: [LogitechVideoRepair] => C:\Program Files\Logitech\Video\ISStart.exe [458752 2005-06-09] (Logitech Inc.) HKLM\...\Run: [LogitechVideoTray] => C:\Program Files\Logitech\Video\LogiTray.exe [217088 2005-06-09] (Logitech Inc.) HKLM\...\Run: [File Bulldog Anti-phishing Domain Advisor] => C:\Documents and Settings\All Users\Application Data\File Bulldog Anti-phishing Domain Advisor\filebulldog_antiphishing.exe [223808 2013-02-11] (blekko) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [GB_UPDATE] => D:\install\Razer Game Booster\AutoUpdate.exe/AUTORUN HKLM\...\Run: [userFaultCheck] => %systemroot%\system32\dumprep 0 -u HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1934744 2015-01-28] (APN) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-26] (AVAST Software) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\...\Run: [LogitechSoftwareUpdate] => C:\Program Files\Logitech\Video\ManifestEngine.exe [196608 2005-06-09] (Logitech Inc.) HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\...\Run: [GameCenter] => C:\Documents and Settings\dss\Application Data\GameCenter\gamecenter.exe [100352 2012-11-17] (http://joyvy.com/) HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\...\Run: [H/PC Connection Agent] => D:\install\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation) HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\...\Run: [DAEMON Tools Lite] => D:\install\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21645408 2014-07-24] (Skype Technologies S.A.) HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\...\Run: [softonicAssistant] => C:\Documents and Settings\dss\Local Settings\Application Data\SoftonicAssistant\SoftonicAssistant.exe [1829832 2014-11-11] () HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\...\Run: [softonic for Windows] => C:\Documents and Settings\dss\Local Settings\Application Data\Softonic\Softonic.exe [4170224 2014-05-26] (Softonic) HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\...\Run: [GoogleChromeAutoLaunch_2D074F53D60AF6DE46C89F49EA3F6A62] => C:\Program Files\Google\Chrome\Application\chrome.exe [809288 2015-02-28] (Google Inc.) HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.) HKLM\...\AppCertDlls: [x64] -> c:\program files\browser tab search by ask\safetynut\x64\safetycrt.dll HKLM\...\AppCertDlls: [x86] -> c:\program files\browser tab search by ask\safetynut\safetycrt.dll ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) BootExecute: autocheck autochk * sdnclean.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyServer: [s-1-5-21-2000478354-1326574676-1417001333-1003] => localhost:8080 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/ URLSearchHook: HKLM - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} URLSearchHook: HKLM - (No Name) - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - No File SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=210&systemid=488&v=a13277-343&apn_uid=1845170684324049&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKU\S-1-5-21-2000478354-1326574676-1417001333-1003 -> {58980B25-A37C-4A16-AD10-F1D8785D5DDF} URL = http://www.buenosearch.com/?babsrc=SP_kms&tt=na&mntrId=0b4e5db6cdc947031b5e6d7088b3d35e&affID=128493&tsp=5302&q={searchTerms}&r=680 BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-26] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\dss\Application Data\Mozilla\Firefox\Profiles\wc0xrvbw.default-1425967882656 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-27] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2010-02-23] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2010-02-23] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-11] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\dss\Application Data\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-11-12] FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta461.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta461\ff FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-23] Chrome: ======= CHR Profile: C:\Documents and Settings\dss\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Documents and Settings\dss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-29] CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\dss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-05] CHR Extension: (Hangouts) - C:\Documents and Settings\dss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-03-10] CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\dss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-10] CHR Extension: (Google Wallet) - C:\Documents and Settings\dss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08] CHR HKLM\...\Chrome\Extension: [dpibobdfligkefmphegochbolpmnlnge] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha495\ch\WebexpEnhancedV1alpha495.crx [Not Found] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-02-23] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-23] CHR HKLM\...\Chrome\Extension: [kondcmgjibmegpklggnhnojajjgflfgg] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta461\ch\VideoPlayerV3beta461.crx [Not Found] CHR HKLM\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-28] (APN LLC.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-26] (AVAST Software) R2 KaraokeService; C:\WINDOWS\system32\KaraokeSer.exe [88688 2011-02-17] (VIA Technologies, Inc.) R2 TeamViewer; C:\Program Files\TeamViewer3\TeamViewer_Host.exe [181544 2008-03-12] (TeamViewer GmbH) S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [X] <==== ATTENTION ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AMBFilt; C:\WINDOWS\System32\drivers\AMBFilt.sys [1656960 2009-06-26] (Creative) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-02-26] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-02-26] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-02-26] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-02-26] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-02-26] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-02-26] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-02-26] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-02-26] () R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices) R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-06-02] (AVG Technologies) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-20] (DT Soft Ltd) R3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [22016 2005-05-27] (Logitech Inc.) S3 MonFilt; C:\WINDOWS\System32\drivers\MonFilt.sys [1389056 2008-12-02] (Creative Technology Ltd.) R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [13616 2012-06-13] (Marvell Semiconductor Inc.) R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2012-06-13] (Marvell Semiconductor Inc.) [File not signed] R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [13616 2012-06-13] (Marvell Semiconductor Inc.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 PID_0928; C:\WINDOWS\System32\DRIVERS\LV561AV.SYS [211712 2005-01-31] (Logitech Inc.) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2012-12-16] (Duplex Secure Ltd.) R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2795376 2011-02-17] (VIA Technologies, Inc.) U3 a13uhq3o; C:\WINDOWS\system32\Drivers\a13uhq3o.sys [0 ] (Marvell Semiconductor Inc.) <==== ATTENTION (zero size file/folder) S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X] S4 IntelIde; No ImagePath S3 RTHDMIAzAudService; system32\drivers\RtKHDMI.sys [X] S3 WinRing0_1_2_0; \??\D:\install\Razer Game Booster\Driver\WinRing0.sys [X] ========================== Drivers MD5 ======================= C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17 C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5 C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557 C:\WINDOWS\System32\drivers\afd.sys F6B7B1ECD7B41736BDB6FF4B092BCB79 C:\WINDOWS\System32\drivers\AMBFilt.sys 57221EF8A056B5FB47CDDA3BA28DD377 C:\WINDOWS\system32\drivers\aswHwid.sys 9D23DE88C3B18BA87CD4587177CA6CEA C:\WINDOWS\system32\drivers\aswMonFlt.sys 98F4C60F5C3E77B4A2CD1F06F7198D49 C:\WINDOWS\system32\drivers\aswRdr.sys 0926775B8C3B32EE99921CCB0F85378E C:\WINDOWS\system32\Drivers\aswRvrt.sys 6544697080421E62E97AAFBD0A8AA391 C:\WINDOWS\system32\drivers\aswSnx.sys E73CBE3420ECFA8FF7D0467E170E335D C:\WINDOWS\system32\drivers\aswSP.sys 1624D5AD126B8AFE2B2E85E5B8364EB6 C:\WINDOWS\system32\drivers\aswTdi.sys 4C0ECF1AFA6992904814C74B99DD36F9 C:\WINDOWS\system32\Drivers\aswVmm.sys 0EFBC2962B156E8AC267F96D4D93EF06 C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys C2B6F2161ABD498D2B453050FFC81812 C:\WINDOWS\System32\drivers\AtihdXP3.sys 924971A182E07463765EF9FA8876F24F C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159 C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68 C:\WINDOWS\system32\drivers\avgtpx86.sys 9D9B2624C7E8365FC699561111A46A99 C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9 C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9 C:\WINDOWS\System32\DRIVERS\CCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025C C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32 C:\WINDOWS\System32\DRIVERS\cdrom.sys 4B0A100EAF5C49EF3CCA8C641431EACC C:\WINDOWS\System32\DRIVERS\disk.sys 47B6AAEC570F2C11D8BAD80A064D8ED1 C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41 C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45 C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8 C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys 687AF6BB383885FF6A64071B189A7F3E C:\WINDOWS\system32\Drivers\exFat.sys 4D893323DAE445E34A4C9038B0551BC9 C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E C:\WINDOWS\system32\Drivers\Fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81 C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3 C:\WINDOWS\system32\Drivers\Flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0 C:\WINDOWS\System32\DRIVERS\fltMgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0 C:\WINDOWS\system32\Drivers\Fs_Rec.sys 30D42943A54704EF13E2562911DBFCEA C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 573C7D0A32852B48F3058CFD8026F511 C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1 C:\WINDOWS\System32\Drivers\HTTP.sys 937031C085718C1C04A9C0864625EC6B C:\WINDOWS\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30 C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E C:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys 3BB22519A194418D5FEC05D800A19AD0 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182 C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5 C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91 C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89 C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99 C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378 C:\WINDOWS\system32\Drivers\KSecDD.sys C6EBF1D6AD71DF30DB49B8D3287E1368 C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys 79D1DBFEC599EC47244AF7B06AE2A04E C:\WINDOWS\System32\drivers\lvusbsta.sys C5EFBD05A5195402121711A6EBBB271F C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6 C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1 C:\WINDOWS\System32\drivers\MonFilt.sys 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04 C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685 C:\WINDOWS\system32\Drivers\MountMgr.sys 1A1FAA5102466F418494E94FF9B0B091 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 4FEFD389D71126EE581B9F9CB2918BE4 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys FB2FCCC70F7174C7BF64F48E96D3ADF4 C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027 C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1 C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136 C:\WINDOWS\System32\drivers\MSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1D C:\WINDOWS\system32\Drivers\Mup.sys F7B1AD991491F02AF6DA70B00B8BF114 C:\WINDOWS\system32\Drivers\mv61xxmm.sys D74224C4D52AC609A89C83791E5A709C C:\WINDOWS\system32\Drivers\mv64xxmm.sys 6090786DAA545A3EC7D34A46A8CD1661 C:\WINDOWS\system32\Drivers\mvxxmm.sys 93A609C515C87F604C09F78E80E03F1D C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DB C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D C:\WINDOWS\System32\DRIVERS\NdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 091735A5F20ACB1DC147383A905AE002 C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849 C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB C:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0 C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0 C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A C:\WINDOWS\system32\Drivers\Ntfs.sys 4C51D5275AE8A16999EDFE7E647D00DE C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57 C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9 C:\WINDOWS\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6 C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1 C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1 C:\WINDOWS\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0 C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1 C:\WINDOWS\System32\DRIVERS\LV561AV.SYS 5BD2C6D982481D548107C602E7CCFBBC C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99 C:\WINDOWS\System32\DRIVERS\psched.sys D8E11D311785F89F1D70A28B0E879127 C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD C:\WINDOWS\System32\Drivers\PxHelp20.sys E42E3433DBB4CFFE8FDD91EAB29AEA8E C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242 C:\WINDOWS\System32\DRIVERS\rdbss.sys 77050C6615F6EB5402F832B27FD695E0 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 47EA20320E3D6FDC7B7BB22B2B881CA6 C:\WINDOWS\system32\Drivers\RDPWD.sys C7D9BC54354B8C706ABF172D48313F1B C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5 C:\WINDOWS\System32\DRIVERS\rspndr.sys 743D7D59767073A617B1DCC6C546F234 C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys 1323BA3CA4E8D863EB00CD81C0AAF356 C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit C:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE C:\WINDOWS\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7 C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562 C:\WINDOWS\System32\DRIVERS\SLIP.sys 866D538EBE33709A5C9F5C62B73B7D14 C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F C:\WINDOWS\System32\Drivers\sptd.sys 68103A2B441BBF3908EBB587F0704D6C C:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D C:\WINDOWS\System32\DRIVERS\srv.sys 9B390283569EA58D43D2586032B892F5 C:\WINDOWS\System32\DRIVERS\StreamIP.sys 77813007BA6265C4B6098187E6ED79D2 C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01 C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290 C:\WINDOWS\System32\DRIVERS\tcpip.sys 51E41F16ACD80B8B39C0AE703A213F09 C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397 C:\WINDOWS\system32\Drivers\TDTCP.sys C0578456F29E5F26285F81B7B71FE57D C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9 C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31 C:\WINDOWS\System32\drivers\usbaudio.sys 65898A183FBF1D1F7759D5CCB364DCD4 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FC C:\WINDOWS\System32\DRIVERS\usbehci.sys 52674B5DBEE499342A599C7771ABECAA C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6 C:\WINDOWS\System32\Drivers\usbvideo.sys 813236B1183CFCF289E367BD5DE6E29E C:\WINDOWS\System32\DRIVERS\usb8023x.sys B4D7B7AD8A9F7C063C5CC3E2C1A0724E C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1 C:\WINDOWS\System32\drivers\viahduaa.sys A11C98A43D7239B1D83DB79707483B1B C:\WINDOWS\System32\DRIVERS\vmmouse.sys 2E11190F37F0499CCA53CC1F92C5A3F7 C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025 C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6 C:\WINDOWS\System32\Drivers\wdf01000.sys BBCFEAB7E871CDDAC2D397EE7FA91FDC C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F C:\WINDOWS\System32\DRIVERS\wpdusb.sys CF4DEF1BF66F06964DC0D91844239104 C:\WINDOWS\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8 C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS C98B39829C2BBD34E454150633C62C78 C:\WINDOWS\System32\DRIVERS\WudfPf.sys 6FF66513D372D479EF1810223C8D20CE C:\WINDOWS\System32\DRIVERS\wudfrd.sys AC13CB789D93412106B0FB6C7EB2BCB6 C:\WINDOWS\system32\Drivers\a13uhq3o.sys ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== Three Months Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-11 00:42 - 2015-03-11 00:42 - 00026829 _____ () C:\Documents and Settings\dss\Desktop\Addition.txt 2015-03-11 00:41 - 2015-03-11 00:41 - 00043288 _____ () C:\Documents and Settings\dss\Desktop\Shortcut.txt 2015-03-10 23:37 - 2015-03-10 23:37 - 00000000 __SHD () C:\found.000 2015-03-10 23:23 - 2015-03-10 23:23 - 00000336 _____ () C:\Program Files\%B5Torrent%20Pro%203.4.2%20Build%2038913%20Stable.torrent.txt 2015-03-10 23:22 - 2015-03-10 23:22 - 00002164 _____ () C:\Program Files\%B5Torrent%20Pro%203.4.2%20Build%2038758%20Stable.torrent 2015-03-10 23:19 - 2015-03-10 23:21 - 00002606 _____ () C:\Program Files\%B5Torrent%20Pro%203.4.2%20Build%2038913%20Stable.torrent 2015-03-10 11:42 - 2015-03-10 11:42 - 00000000 ____D () C:\Documents and Settings\dss\Start Menu\Programs\Google Chrome 2015-03-10 11:42 - 2015-03-10 11:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avnex 2015-03-10 11:39 - 2015-03-10 11:43 - 00000000 ____D () C:\Program Files\ AV WebCam Morpher 2015-03-10 08:37 - 2015-03-10 11:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2015-03-10 08:37 - 2015-03-10 08:37 - 00001811 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2015-03-10 08:11 - 2015-03-10 08:11 - 00000000 ____D () C:\Documents and Settings\dss\Desktop\Old Firefox Data 2015-03-09 16:09 - 2015-03-11 00:09 - 00000262 _____ () C:\WINDOWS\Tasks\PC-Mechanic Maintenance.job 2015-03-09 16:09 - 2015-03-11 00:07 - 00000262 _____ () C:\WINDOWS\Tasks\PC-Mechanic Subscription.job 2015-03-09 16:08 - 2015-03-11 00:08 - 00000256 _____ () C:\WINDOWS\Tasks\PC-Mechanic Startup.job 2015-03-09 16:08 - 2015-03-09 16:08 - 00000818 _____ () C:\Documents and Settings\All Users\Desktop\PC Mechanic.lnk 2015-03-09 16:08 - 2015-03-09 16:08 - 00000000 ____D () C:\Program Files\Uniblue 2015-03-09 16:08 - 2015-03-09 16:08 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\Uniblue 2015-03-09 16:08 - 2015-03-09 16:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue 2015-03-09 16:00 - 2015-03-09 16:00 - 00000000 ____D () C:\Documents and Settings\dss\Start Menu\Programs\Sawbuck 2015-03-09 08:48 - 2015-03-10 13:46 - 00055240 _____ () C:\Documents and Settings\dss\Desktop\пустошта.odt 2015-03-09 08:48 - 2015-03-10 13:46 - 00000129 ____H () C:\Documents and Settings\dss\Desktop\.~lock.пустошта.odt# 2015-03-09 08:35 - 2015-03-08 08:35 - 00008439 _____ () C:\Documents and Settings\dss\My Documents\untitled_0odt 2015-03-08 20:20 - 2015-03-08 20:21 - 00000403 _____ () C:\WINDOWS\wmsetup.log 2015-03-06 09:21 - 2015-03-10 07:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-04 12:34 - 2015-03-07 09:40 - 00065172 _____ () C:\Documents and Settings\dss\Desktop\готови ли сте.odt 2015-03-01 18:32 - 2015-03-01 18:32 - 00001216 _____ () C:\Documents and Settings\dss\Desktop\Graboid Video.lnk 2015-03-01 18:31 - 2015-03-01 18:32 - 00000000 ____D () C:\Documents and Settings\dss\Start Menu\Programs\Graboid Video 2015-03-01 18:31 - 2015-03-01 18:31 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\Graboid Inc 2015-03-01 08:33 - 2015-03-01 08:33 - 00000182 _____ () C:\drwtsn32.log 2015-02-27 17:24 - 2015-02-27 17:24 - 00012098 _____ () C:\Program Files\WinAVI All-In-One Converter 1.7.0.4734 (2012).torrent 2015-02-27 17:24 - 2015-02-27 17:24 - 00000979 _____ () C:\Documents and Settings\dss\Desktop\WinAVI All-in-One Converter.lnk 2015-02-27 17:24 - 2015-02-27 17:24 - 00000000 ____D () C:\Program Files\WinAVI 2015-02-27 17:24 - 2015-02-27 17:24 - 00000000 ____D () C:\Documents and Settings\dss\Start Menu\Programs\WinAVI All-in-One Converter 2015-02-27 17:24 - 2015-02-27 17:24 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\WinAVI 2015-02-27 17:24 - 2015-02-27 17:24 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\WinAVI 2015-02-27 17:21 - 2015-02-27 17:21 - 00001668 _____ () C:\Program Files\iMedia.Converterv2.0.1 Mac OSX.zip.torrent 2015-02-27 17:20 - 2012-09-08 21:38 - 37532835 _____ () C:\video-converter-ultimate7.exe 2015-02-27 17:19 - 2015-02-27 17:19 - 00011996 _____ () C:\Program Files\ImTOO Video Converter Ultimate.torrent 2015-02-27 17:13 - 2015-02-27 17:13 - 00001734 _____ () C:\Documents and Settings\dss\Desktop\ImTOO HD Video Converter.lnk 2015-02-27 17:13 - 2015-02-27 17:13 - 00000000 ____D () C:\Program Files\ImTOO 2015-02-27 17:13 - 2015-02-27 17:13 - 00000000 ____D () C:\Documents and Settings\dss\Start Menu\Programs\ImTOO 2015-02-27 17:13 - 2015-02-27 17:13 - 00000000 ____D () C:\Documents and Settings\dss\My Documents\ImTOO Software Studio 2015-02-27 17:13 - 2015-02-27 17:13 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\ImTOO Software Studio 2015-02-27 17:12 - 2015-02-27 17:12 - 00001630 _____ () C:\Program Files\ImTOO HD Video Converter v5.1.26.0904.torrent 2015-02-27 16:58 - 2015-02-27 17:19 - 00000000 ____D () C:\Program Files\FreeTime 2015-02-27 16:57 - 2015-02-27 16:57 - 00016958 _____ () C:\Program Files\FFSetup3.3.3.0.exe.torrent 2015-02-27 16:48 - 2015-02-27 16:48 - 00000000 ____D () C:\Documents and Settings\dss\My Documents\Bigasoft Total Video Converter 2015-02-27 16:44 - 2015-02-27 16:44 - 00000926 _____ () C:\Documents and Settings\All Users\Desktop\Bigasoft Total Video Converter.lnk 2015-02-27 16:44 - 2015-02-27 16:44 - 00000000 ____D () C:\Program Files\Bigasoft 2015-02-27 16:44 - 2015-02-27 16:44 - 00000000 ____D () C:\Documents and Settings\dss\Start Menu\Programs\Bigasoft 2015-02-27 16:44 - 2015-02-27 16:44 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\Bigasoft Total Video Converter 4 2015-02-27 16:42 - 2015-02-27 16:42 - 00011120 _____ () C:\Program Files\Bigasoft Total Video Converter v4.5.2.5491.torrent 2015-02-27 16:37 - 2015-02-27 16:38 - 00000067 _____ () C:\WINDOWS\Power Video Converter.INI 2015-02-27 16:35 - 2015-02-27 16:35 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\RHEng 2015-02-27 14:40 - 2015-03-11 00:10 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-27 14:40 - 2015-02-27 14:40 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-02-27 14:40 - 2015-02-27 14:40 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-02-27 11:30 - 2015-02-27 11:30 - 00001767 _____ () C:\Documents and Settings\All Users\Desktop\Google Slides.lnk 2015-02-27 11:30 - 2015-02-27 11:30 - 00001765 _____ () C:\Documents and Settings\All Users\Desktop\Google Sheets.lnk 2015-02-27 11:30 - 2015-02-27 11:30 - 00001755 _____ () C:\Documents and Settings\All Users\Desktop\Google Docs.lnk 2015-02-27 11:30 - 2015-02-27 11:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive 2015-02-26 22:42 - 2015-02-26 22:42 - 00001731 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk 2015-02-26 22:42 - 2015-02-26 22:42 - 00000000 ____D () C:\WINDOWS\jumpshot.com 2015-02-26 22:42 - 2015-02-26 22:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software 2015-02-26 22:41 - 2015-02-26 22:42 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2015-02-26 22:41 - 2015-02-26 22:42 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2015-02-26 22:41 - 2015-02-26 22:42 - 00073480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2015-02-26 22:41 - 2015-02-26 22:41 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-02-26 22:41 - 2015-02-26 22:41 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-02-26 22:41 - 2015-02-26 22:41 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2015-02-26 22:41 - 2015-02-26 22:41 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2015-02-26 22:41 - 2015-02-26 22:41 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-02-26 22:41 - 2015-02-26 22:41 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-02-26 22:41 - 2015-02-26 22:41 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-02-26 21:55 - 2015-02-26 22:28 - 00000000 ____D () C:\Documents and Settings\dss\Desktop\sw4b4[1] 2015-02-26 21:51 - 2015-02-26 22:28 - 00000000 ____D () C:\Documents and Settings\dss\Desktop\sw4b4 2015-02-26 21:36 - 2015-02-26 22:28 - 00000000 ____D () C:\Program Files\VirtualDub MPEG2 1.6(2).11 2015-02-26 11:34 - 2015-03-04 12:18 - 00068471 _____ () C:\Documents and Settings\dss\Desktop\новото разбиране за любовта.odt 2015-02-25 07:40 - 2015-02-25 07:40 - 00177657 _____ () C:\Documents and Settings\dss\Desktop\тунела на реалността.txt 2015-02-25 00:35 - 2015-02-25 00:35 - 00246409 _____ () C:\Documents and Settings\dss\Desktop\Т1.ass 2015-02-23 10:02 - 2015-02-23 10:06 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\Dropbox 2015-02-23 10:01 - 2015-02-23 10:01 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\AVAST Software 2015-02-23 10:00 - 2015-03-11 00:07 - 00000358 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-02-23 09:58 - 2015-02-23 09:58 - 00000000 ____D () C:\Program Files\AVAST Software 2015-02-23 09:58 - 2015-02-23 09:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software 2015-02-23 09:50 - 2015-02-23 09:50 - 00000000 ____D () C:\OETemp 2015-02-16 15:46 - 2015-02-16 15:46 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\fontconfig 2015-02-16 15:41 - 2015-02-16 15:41 - 00000775 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\ASSDraw3.lnk 2015-02-16 15:41 - 2015-02-16 15:41 - 00000746 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Aegisub.lnk 2015-02-16 15:36 - 2015-02-16 15:36 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\SubtitleCreator 2015-02-16 15:35 - 2015-02-26 22:29 - 00000000 ____D () C:\Program Files\SubtitleCreator 2015-02-16 15:35 - 2015-02-16 15:35 - 00000832 _____ () C:\Documents and Settings\dss\Desktop\SubtitleCreator.lnk 2015-02-16 15:20 - 2015-02-26 22:29 - 00000000 ____D () C:\Program Files\URUSoft 2015-02-16 15:20 - 2015-02-16 15:20 - 00001813 _____ () C:\Documents and Settings\dss\Desktop\Subtitle Workshop.lnk 2015-02-15 07:49 - 2015-02-15 07:50 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\Softonic 2015-02-15 07:49 - 2015-02-15 07:49 - 00001047 _____ () C:\Documents and Settings\dss\Desktop\Softonic.lnk 2015-02-15 07:49 - 2015-02-15 07:49 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\fontconfig 2015-02-15 07:48 - 2015-03-11 00:09 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\SoftonicAssistant 2015-02-15 07:48 - 2015-02-25 13:56 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\Aegisub 2015-02-15 07:48 - 2015-02-16 15:42 - 00000000 ____D () C:\Program Files\Aegisub 2015-02-15 07:48 - 2015-02-15 08:04 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\Aegisub 2015-02-15 07:47 - 2015-02-15 07:48 - 21680922 _____ (Aegisub Team ) C:\Documents and Settings\dss\Desktop\Aegisub-3.0.2-32.exe 2015-01-22 09:42 - 2015-01-22 09:42 - 00000000 ____D () C:\Program Files\AskPartnerNetwork 2015-01-22 09:40 - 2015-01-22 09:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\APN 2015-01-13 10:42 - 2015-01-13 13:56 - 00062971 _____ () C:\Documents and Settings\dss\Desktop\Untitled 2.odt 2015-01-11 23:32 - 2015-01-12 17:47 - 00000129 ____H () C:\Documents and Settings\dss\Desktop\.~lock.крион.odt# 2015-01-02 09:56 - 2015-01-03 16:25 - 00000129 ____H () C:\Documents and Settings\dss\Desktop\.~lock.14.odt# 2015-01-02 09:55 - 2015-01-02 09:55 - 00061609 _____ () C:\Documents and Settings\dss\My Documents\Untitled 1.odt 2014-12-28 07:43 - 2015-01-01 15:59 - 00000129 ____H () C:\Documents and Settings\dss\Desktop\.~lock.3.4.odt# 2014-12-24 20:53 - 2015-02-28 08:41 - 00000000 ____D () C:\Documents and Settings\dss\Desktop\от флашката ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-11 00:45 - 2010-02-23 15:43 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Temp 2015-03-11 00:44 - 2014-02-11 11:34 - 00000000 ____D () C:\FRST 2015-03-11 00:10 - 2010-02-23 15:50 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\Skype 2015-03-11 00:09 - 2010-02-23 15:51 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-11 00:09 - 2010-02-23 15:51 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-11 00:09 - 2010-02-23 15:35 - 01343322 _____ () C:\WINDOWS\WindowsUpdate.log 2015-03-11 00:07 - 2014-03-27 22:33 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2015-03-11 00:07 - 2010-02-23 15:41 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-03-11 00:07 - 2010-02-23 07:30 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-03-11 00:07 - 2010-02-23 07:30 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2015-03-11 00:06 - 2010-02-23 15:43 - 00000000 ____D () C:\Documents and Settings\dss 2015-03-11 00:06 - 2010-02-23 15:41 - 00000000 __SHD () C:\Documents and Settings\LocalService 2015-03-11 00:06 - 2010-02-23 15:40 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2015-03-11 00:06 - 2010-02-23 15:33 - 00000000 ____D () C:\WINDOWS\Registration 2015-03-11 00:05 - 2010-02-23 15:41 - 00032526 _____ () C:\WINDOWS\SchedLgU.Txt 2015-03-10 23:58 - 2008-04-14 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2015-03-10 23:44 - 2013-01-02 22:11 - 00000000 ____D () C:\WINDOWS\system32\NtmsData 2015-03-10 23:43 - 2012-11-12 06:15 - 00000000 ____D () C:\Documents and Settings\dss\My Documents\sibtitri 2015-03-10 23:31 - 2010-02-23 15:34 - 00000000 ____D () C:\WINDOWS\system32\Restore 2015-03-10 23:30 - 2010-02-23 15:43 - 00000178 ___SH () C:\Documents and Settings\dss\ntuser.ini 2015-03-10 23:16 - 2010-02-23 15:51 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\uTorrent 2015-03-10 21:31 - 2012-11-12 07:37 - 00077824 _____ () C:\Documents and Settings\dss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-10 15:57 - 2012-11-12 06:17 - 00000000 ____D () C:\Documents and Settings\dss\Desktop\subtitri 2015-03-10 15:39 - 2013-01-14 08:49 - 00001811 _____ () C:\Documents and Settings\dss\Desktop\Google Chrome.lnk 2015-03-10 11:11 - 2010-02-23 15:56 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\Google 2015-03-10 09:03 - 2014-02-01 22:56 - 00002501 _____ () C:\Documents and Settings\dss\Desktop\Microsoft Word 2010 (2).lnk 2015-03-10 08:36 - 2010-02-23 15:50 - 00000000 ____D () C:\Program Files\Google 2015-03-10 07:49 - 2010-02-23 16:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-03-10 00:38 - 2010-02-23 16:01 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-10 00:38 - 2010-02-23 16:01 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2015-03-09 16:29 - 2012-11-12 07:08 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt 2015-03-08 21:37 - 2010-02-23 15:35 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM 2015-03-08 15:00 - 2014-03-27 22:33 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2015-03-05 13:33 - 2014-10-14 12:47 - 00077020 _____ () C:\WINDOWS\setupapi.log 2015-02-27 17:06 - 2012-11-12 06:53 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\vlc 2015-02-27 14:41 - 2012-11-12 19:44 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\Adobe 2015-02-27 10:27 - 2012-11-19 09:22 - 00000000 ____D () C:\Documents and Settings\dss\My Documents\Outlook Files 2015-02-27 08:29 - 2014-11-17 10:45 - 00000000 ____D () C:\Documents and Settings\dss\Desktop\Стари данни Firefox 2015-02-23 10:02 - 2010-02-23 15:56 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\Temp 2015-02-23 09:53 - 2014-01-31 17:12 - 00000000 ____D () C:\Program Files\Avira 2015-02-23 09:52 - 2012-11-13 21:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira 2015-02-16 15:43 - 2014-08-12 23:35 - 00338022 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2015-02-16 15:28 - 2012-11-15 07:11 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\Media Player Classic 2015-02-12 23:51 - 2010-02-23 16:00 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2015-02-11 14:40 - 2013-07-30 09:22 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-11 14:34 - 2012-06-13 17:36 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt.exe 2015-02-11 14:33 - 2012-11-12 06:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2015-02-11 14:33 - 2008-04-14 14:00 - 00000603 _____ () C:\WINDOWS\win.ini 2015-02-11 00:26 - 2014-08-23 07:00 - 01062838 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2000478354-1326574676-1417001333-1003-0.dat 2015-02-09 15:50 - 2012-11-12 19:25 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\Paint.NET ==================== Files in the root of some directories ======= 2014-03-10 20:30 - 2014-03-10 20:32 - 0000952 _____ () C:\Program Files\%B5Torrent%203.2.0.27708.torrent 2015-03-10 23:22 - 2015-03-10 23:22 - 0002164 _____ () C:\Program Files\%B5Torrent%20Pro%203.4.2%20Build%2038758%20Stable.torrent 2015-03-10 23:19 - 2015-03-10 23:21 - 0002606 _____ () C:\Program Files\%B5Torrent%20Pro%203.4.2%20Build%2038913%20Stable.torrent 2015-03-10 23:23 - 2015-03-10 23:23 - 0000336 _____ () C:\Program Files\%B5Torrent%20Pro%203.4.2%20Build%2038913%20Stable.torrent.txt 2014-08-05 07:04 - 2014-08-05 07:04 - 0001362 _____ () C:\Program Files\Atlantis Word Processor 1.6.5.10 RC4.torrent 2014-06-11 08:37 - 2014-06-11 08:37 - 0002276 _____ () C:\Program Files\Atlantis Word Processor 1.6.6.1 Final.torrent 2014-08-05 07:03 - 2014-08-05 07:03 - 0002274 _____ () C:\Program Files\Atlantis Word Processor 1.6.6.1.Final.torrent 2015-02-27 16:42 - 2015-02-27 16:42 - 0011120 _____ () C:\Program Files\Bigasoft Total Video Converter v4.5.2.5491.torrent 2014-08-06 06:33 - 2014-08-06 06:33 - 0009873 _____ () C:\Program Files\Corel WordPerfect Office X3.torrent 2014-08-06 06:35 - 2014-08-06 06:35 - 0014466 _____ () C:\Program Files\Corel.WordPerfect.Office.X5.v15.0.0.357.incl.keymaker-CORE.torrent 2012-11-12 06:51 - 2012-11-12 06:51 - 0004758 _____ () C:\Program Files\DTLite4461-0327.exe.torrent 2012-11-12 06:15 - 2012-11-12 06:30 - 1276411904 _____ () C:\Program Files\en_office_professional_plus_2010_with_sp1_vl_x86_dvd.iso 2015-02-27 16:57 - 2015-02-27 16:57 - 0016958 _____ () C:\Program Files\FFSetup3.3.3.0.exe.torrent 2014-07-08 05:34 - 2014-07-08 05:34 - 0002620 _____ () C:\Program Files\FlexType XP + kg.torrent 2015-02-27 17:21 - 2015-02-27 17:21 - 0001668 _____ () C:\Program Files\iMedia.Converterv2.0.1 Mac OSX.zip.torrent 2015-02-27 17:12 - 2015-02-27 17:12 - 0001630 _____ () C:\Program Files\ImTOO HD Video Converter v5.1.26.0904.torrent 2015-02-27 17:19 - 2015-02-27 17:19 - 0011996 _____ () C:\Program Files\ImTOO Video Converter Ultimate.torrent 2012-11-12 06:25 - 2012-11-12 06:25 - 0001458 _____ () C:\Program Files\Kantaris_0.6.4_setup.exe.torrent 2014-03-05 19:31 - 2014-06-02 17:26 - 0003752 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml 2014-03-10 09:38 - 2014-03-10 09:38 - 1141328 _____ (BitTorrent Inc.) C:\Program Files\utorrent.exe 2015-02-27 17:24 - 2015-02-27 17:24 - 0012098 _____ () C:\Program Files\WinAVI All-In-One Converter 1.7.0.4734 (2012).torrent 2012-11-12 06:42 - 2012-11-12 06:42 - 0004866 _____ () C:\Program Files\WinZip 12.torrent 2013-01-23 18:46 - 2013-01-23 18:46 - 0001292 _____ () C:\Program Files\WinZip_Pro_Portable_14.0.9029_En.paf.exe.torrent 2014-08-05 07:09 - 2014-08-05 07:09 - 0016475 _____ () C:\Program Files\WordPerfect_16.0.0.388.torrent 2014-06-11 08:33 - 2014-06-11 08:33 - 0002456 _____ () C:\Program Files\WordPress 2.6 Beta 2.torrent 2012-12-09 08:27 - 2012-12-09 08:27 - 0002528 ____N () C:\Documents and Settings\dss\Application Data\$_hpcst$.hpc 2012-11-12 07:37 - 2015-03-10 21:31 - 0077824 _____ () C:\Documents and Settings\dss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-01-13 23:57 - 2013-01-13 23:57 - 0004096 ____H () C:\Documents and Settings\dss\Local Settings\Application Data\keyfile3.drm Some content of TEMP: ==================== C:\Documents and Settings\dss\Local Settings\Temp\1424980754671_subtitle-workshop.exe C:\Documents and Settings\dss\Local Settings\Temp\avgnt.exe C:\Documents and Settings\dss\Local Settings\Temp\bandoffer.exe C:\Documents and Settings\dss\Local Settings\Temp\CloudBackup3990.exe C:\Documents and Settings\dss\Local Settings\Temp\DicterSetup.exe C:\Documents and Settings\dss\Local Settings\Temp\DicterSetup2.exe C:\Documents and Settings\dss\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbm1fco.dll C:\Documents and Settings\dss\Local Settings\Temp\GLF1F8.tmp.dll C:\Documents and Settings\dss\Local Settings\Temp\KMP_3.2.0.0.exe C:\Documents and Settings\dss\Local Settings\Temp\ochelper.exe C:\Documents and Settings\dss\Local Settings\Temp\Quarantine.exe C:\Documents and Settings\dss\Local Settings\Temp\SoftonicAssistant_v0-1-6.exe C:\Documents and Settings\dss\Local Settings\Temp\Softonic_EN_1-5-11_EN-Production_10_CleanRelease.exe C:\Documents and Settings\dss\Local Settings\Temp\subtitle-workshop.exe C:\Documents and Settings\dss\Local Settings\Temp\utt10.tmp.exe C:\Documents and Settings\dss\Local Settings\Temp\utt12.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Addition.txt
  7. Добър вечер, HJT група! Вчера си инсталирах въпросната притурка за времето - http://www.windows8downloads.com/win8-weather-gizmo-shxfncyw/ Без каквото и да е уведомление с инсталацията се добавиха и няколко допълнителни програми - YouTube ускорител, iHats и не знам си още какво, които ги деинсталирах от Контролен панел и направих почистване с CCleaner! За всеки случаи реших да направя профилактично сканиране с Malwarebyte's, който държа. Откри гадинки, които след рестартиране си заминаха. До този момент при сканиране не отчита зловред в системата, но все пак искам да направил допълнителни проверки, за да съм сигурен., че няма гадини в затишие или друга подозрителна дейност. Ползвам Windows 8.1 Professional x64 и KAV 2014. PS Прилагам и log от бързо сканиране на Локален диск (C:) от тази вечер на Malwarebyte's: PS 2 Това е log-а от снощи с въпросните зарази, които бяха премахнати: PS3 Не ми дава да постна съдържанието на FRST.txt в коментара и за това го прикачвам допълнително! Addition.txt FRST.txt
  8. Здравейте! Тъй като не съм преинсталирал уиндоуса от много време, системата ми се забави доста. Подредих малко папките и файловете, тъй като беше пълна анархия. Та въпроса ми е какво да правя? Просто искам да разбера дали ми е инфектирана системата? Иначе ще се търпи, но се позабави малко. Благодаря предварително!
  9. Здравейте, искам да помоля някой ако има възможност да погледне моите логове. Нямам някакви признаци че има вируси, но ме притеснява факта че като си отворя windows task managera имам средно по 40+ процеса, което преди не ми е правило впечетление да са толкова много. Съответно се чудя дали не работи и други ненужни работи Прикачвам и снимка с процесите към момента. Ще съм благодарян ако някой изрази мнение DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Kamen at 20:06:54 on 2013-07-07 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.1023.285 [GMT 3:00] . AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *Disabled* . ============== Running Processes ================ . C:Program FilesIObitAdvanced SystemCare 6ASCService.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32WgaTray.exe C:Program FilesIObitAdvanced SystemCare 6Monitor.exe C:WINDOWSExplorer.EXE C:Program FilesMyPC BackupBackupStack.exe C:Documents and SettingsAll UsersApplication DataBrowserDefender2.6.1339.144{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}BrowserDefender.exe C:Program FilesDefaultTabDefaultTabSearch.exe C:Documents and SettingsAll UsersApplication DataBrowserDefender2.6.1339.144{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}BrowserDefender.exe C:Documents and SettingsKamenApplication DataDefaultTabDefaultTabDTUpdate.exe C:Documents and SettingsAll UsersApplication DataSkypeToolbarsSkype C2C Servicec2c_service.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesSkypePhoneSkype.exe C:Program FilesMcAfee Security Scan3.0.318SSScheduler.exe C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe C:Program FilesAnalog DevicesSoundMAXSMAgent.exe C:WINDOWSsystem32wdfmgr.exe C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe C:WINDOWSSystem32alg.exe C:WINDOWSsystem32wscntfy.exe C:Program FilesMozilla Firefoxfirefox.exe C:Program FilesMozilla Firefoxplugin-container.exe C:WINDOWSsystem32wbemwmiprvse.exe C:WINDOWSSystem32svchost.exe -k netsvcs C:WINDOWSsystem32svchost.exe -k NetworkService C:WINDOWSsystem32svchost.exe -k LocalService C:WINDOWSsystem32svchost.exe -k imgsvc C:WINDOWSSystem32svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . BHO: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - <orphaned> BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - d:bitcometprogramitoolsBitCometBHO_1.5.4.11.dll BHO: mixidj Helper Object: {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - c:program filesmixidjmixidj1.8.18.8bhmixidj.dll BHO: SelectionLinks: {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - c:program filesoappsSelectionLinks.dll BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:documents and settingskamenapplication datadefaulttabdefaulttabDefaultTabBHO.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll BHO: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - <orphaned> TB: MixiDJ Toolbar: {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - c:program filesmixidjmixidj1.8.18.8mixidjTlbr.dll uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe uRun: [skype] "c:program filesskypephoneSkype.exe" /minimized /regrun uRun: [MSMSGS] "c:program filesmessengermsmsgs.exe" /background uRun: [Advanced SystemCare 6] "c:program filesiobitadvanced systemcare 6ASCTray.exe" /AutoStart mRun: [nwiz] c:program filesnvidia corporationnviewnwiz.exe /installquiet mRun: [startCCC] "c:program filesati technologiesati.acecore-staticCLIStart.exe" MSRun mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe" mRun: [KernelFaultCheck] c:windowssystem32dumprep 0 -k dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE StartupFolder: c:docume~1alluse~1startm~1programsstartupmcafee~1.lnk - c:program filesmcafee security scan3.0.318SSScheduler.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: &D&ownload &with BitComet - d:bitcometprogramiBitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - d:bitcometprogramiBitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - d:bitcometprogramitoolsBitCometBHO_1.5.4.11.dll/206 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 95.87.194.4 95.87.255.190 TCP: Interfaces{DA4F01A7-83D9-47A4-86C1-25AB856660F8} : DHCPNameServer = 95.87.194.4 95.87.255.190 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll Notify: AtiExtEvent - Ati2evxx.dll . ================= FIREFOX =================== . FF - ProfilePath - c:documents and settingskamenapplication datamozillafirefoxprofilesyrk5isa5.default FF - prefs.js: browser.search.selectedEngine - Mixi.DJ Search FF - prefs.js: network.proxy.type - 0 FF - component: c:documents and settingskamenapplication datamozillafirefoxprofilesyrk5isa5.defaultextensions{b042753d-f57e-4e8e-a01b-7379a6d4cefb}componentsIBitCometExtension.dll FF - component: c:program filesavgavg10firefoxcomponentsavgssff.dll FF - component: c:program filesmozilla firefoxextensions{82af8dca-6de9-405d-bd5e-43525bdad38a}componentsSkypeFfComponent.dll FF - plugin: c:program filesadobereader 10.0readerairnppdf32.dll FF - plugin: c:program filesiobitadvanced systemcare 6browerprotectnp_Asc_plugin.dll FF - plugin: c:program filesiobitadvanced systemcare 6browerprotectNPASCSafariPluginProtect.dll FF - plugin: c:program filesmcafee security scan3.0.318npMcAfeeMSS.dll FF - plugin: c:program filesvideodownloadconverter_4zeiinstallr1.binNP4zEISb.dll FF - plugin: c:windowssystem32macromedflashNPSWF32_11_7_700_224.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109153 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 245025be00000000000000112f40e6d6 FF - user.js: extensions.BabylonToolbar_i.hardId - 245025be00000000000000112f40e6d6 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15416 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:05:22 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.chrome.favicons - false FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.cache.memory.capacity - 16000 FF - user.js: content.notify.ontimer - true FF - user.js: content.maxtextrun - 4095 FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.switch.threshold - 1000000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: dom.disable_window_status_change - true FF - user.js: extensions.mixidj.tlbrSrchUrl - FF - user.js: extensions.mixidj.id - 245025be00000000000000112f40e6d6 FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916} FF - user.js: extensions.mixidj.instlDay - 15884 FF - user.js: extensions.mixidj.vrsn - 1.8.18.8 FF - user.js: extensions.mixidj.vrsni - 1.8.18.8 FF - user.js: extensions.mixidj.vrsnTs - 1.8.18.818:59:40 FF - user.js: extensions.mixidj.prtnrId - mixidj FF - user.js: extensions.mixidj.prdct - mixidj FF - user.js: extensions.mixidj.aflt - babsst FF - user.js: extensions.mixidj.smplGrp - none FF - user.js: extensions.mixidj.tlbrId - baseyh FF - user.js: extensions.mixidj.instlRef - sst FF - user.js: extensions.mixidj.dfltLng - en FF - user.js: extensions.mixidj.excTlbr - false FF - user.js: extensions.mixidj.ffxUnstlRst - false FF - user.js: extensions.mixidj.admin - false FF - user.js: extensions.mixidj.autoRvrt - false FF - user.js: extensions.mixidj.rvrt - false FF - user.js: extensions.mixidj.newTab - false . ============= SERVICES / DRIVERS =============== . R1 ArcSec;ArcSec;c:windowssystem32driversArcSec.sys [2010-9-21 192504] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32driversdtsoftbus01.sys [2011-1-28 218688] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:program filesiobitadvanced systemcare 6ASCService.exe [2013-3-13 574272] R2 BackupStack;Computer Backup (MyPC Backup);c:program filesmypc backupBackupStack.exe [2013-5-31 32808] R2 BrowserDefendert;BrowserDefendert;c:documents and settingsall usersapplication databrowserdefender2.6.1339.144{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}BrowserDefender.exe [2013-6-28 2827728] R2 DefaultTabSearch;DefaultTabSearch;c:program filesdefaulttabDefaultTabSearch.exe [2013-2-11 572928] R2 DefaultTabUpdate;DefaultTabUpdate;c:documents and settingskamenapplication datadefaulttabdefaulttabDTUpdate.exe [2013-6-28 107520] R2 Skype C2C Service;Skype C2C Service;c:documents and settingsall usersapplication dataskypetoolbarsskype c2c servicec2c_service.exe [2013-5-14 3289208] S1 archlp;archlp;c:windowssystem32driversarchlp.sys --> c:windowssystem32driversarchlp.sys [?] S2 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2013-6-3 162408] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2012-4-19 256904] S3 GGSAFERDriver;GGSAFER Driver;??c:program filesgarena plusroomsafedrv.sys --> c:program filesgarena plusroomsafedrv.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:program filesmcafee security scan3.0.318McCHSvc.exe [2013-2-5 235216] S3 MozillaMaintenance;Mozilla Maintenance Service;c:program filesmozilla maintenance servicemaintenanceservice.exe [2012-5-3 117144] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:program filesiobitgame booster 3driverWinRing0.sys [2013-6-28 14416] . =============== File Associations =============== . ShellExec: BitComet.exe: open="d:bitcometprogramiBitComet.exe" . =============== Created Last 30 ================ . 2013-06-28 15:59:38 -------- d-----w- c:documents and settingsall usersapplication dataBrowserDefender 2013-06-28 15:59:33 -------- d-----w- c:program filesmixidj 2013-06-28 15:59:29 -------- d-----w- c:documents and settingskamenapplication dataBabSolution 2013-06-28 15:59:27 -------- d-----w- c:documents and settingskamenapplication datamixidj 2013-06-28 15:59:09 -------- d-----w- c:program filesDefaultTab 2013-06-28 15:59:08 -------- d--h--w- c:windowssystem32GroupPolicy 2013-06-28 15:58:49 -------- d-----w- c:documents and settingskamenapplication dataDefaultTab 2013-06-28 15:58:40 -------- d-----w- c:program filesOApps 2013-06-27 20:51:05 -------- d-----w- c:documents and settingskamenlocal settingsapplication dataPokki 2013-06-27 20:50:40 -------- d-----w- c:program filescommon filesSpigot 2013-06-27 20:48:50 -------- d-----w- c:program filesMyPC Backup 2013-06-07 17:29:39 -------- d-----w- c:documents and settingskamenapplication dataDriverCure 2013-06-07 17:29:38 -------- d-----w- c:documents and settingskamenapplication dataSpeedyPC Software 2013-06-07 17:29:16 -------- d-----w- c:program filescommon filesSpeedyPC Software 2013-06-07 17:29:12 -------- d-----w- c:program filesSpeedyPC Software 2013-06-07 17:29:12 -------- d-----w- c:documents and settingsall usersapplication dataSpeedyPC Software . ==================== Find3M ==================== . 2013-06-12 16:52:22 692104 ----a-w- c:windowssystem32FlashPlayerApp.exe 2013-06-12 16:52:21 71048 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2013-04-17 17:22:24 23360 ----a-w- c:windowssystem32RegistryDefragBootTime.exe . ============= FINISH: 20:12:53,00 ===============
  10. Здравейте, колеги! Значи проблема е следния, Windows XP Home, не стартира, бие сини екрани, няма влизане в Safe Mode BSOD-a е 0х000000D0, което сочи проблем с паметта: [*]паметите претествани и поставена друга памет, проблемът остава... [*]Премахнах вскякакви PCI, PCI-e и други периферни платки и устройства... [*]буутнах от HBCD и в момента, в който зададох mini WinXP, настъпи поредния BSOD. [*]Откачих харда и отново буутнах, хоп, зареди си мини WinXP-то като пушка. закачих харда (hot plug) и му изтрих MBR. Направих му Surface test, който не показа проблеми с устройството... Въпросът ми е, възможно ли е да е MBR вирус, има ли начин да се изчисти, не ми се занимава да преинсталирам системата! Благодаря
  11. Много ми се товари лаптопа като ползвам гугъл хром и ме съмнява , че ми се е лепнало нещо разполагам със юсб инсталация на уиндоус .Искам да кажа още , че съм с две операционни системи уиндоус товари доста ,но при рестарт като заредя убунту си върви добре .Не мога тук да прикачвам файлове за това го качвам тук http://gangosan.grn.cc/upload/public.php?service=files&t=ff6f85ad7e340c6d5c54a05d7cc0368c
  12. Здравейте уважаеми съфорумци и добро утро.При стартиране на компютъра и зареждане на програмите ,получавам следното съобщение...http://dox.bg/files/dw?a=9a3c2e09abВ някои форуми четох,че това е вирус.В други,че просто трябва да реша проблема.Моля някой компетентен да ми каже какво е това според него.Благодаря.Прикачвам файлове от сканирането...DDS (Ver_2011-09-30.01) - NTFS_AMD64Internet Explorer: 9.10.9200.16736Run by Daniel at 7:30:49 on 2013-12-07Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1026.18.8086.5730 [GMT 2:00].AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}.============== Running Processes ===============.C:Windowssystem32wininit.exeC:Windowssystem32lsm.exeC:Windowssystem32svchost.exe -k DcomLaunchC:Windowssystem32svchost.exe -k RPCSSC:Windowssystem32atiesrxx.exeC:WindowsSystem32svchost.exe -k LocalServiceNetworkRestrictedC:WindowsSystem32svchost.exe -k LocalSystemNetworkRestrictedC:Windowssystem32svchost.exe -k LocalServiceC:Windowssystem32svchost.exe -k netsvcsC:Windowssystem32svchost.exe -k NetworkServiceC:Program FilesAVAST SoftwareAvastAvastSvc.exeC:Windowssystem32atieclxx.exeC:WindowsSystem32spoolsv.exeC:Windowssystem32svchost.exe -k LocalServiceNoNetworkC:Windowssystem32taskhost.exeC:Program Files (x86)Common FilesAdobeARM1.0armsvc.exeC:Program FilesInteliCLS ClientHeciServer.exeC:Windowssystem32Dwm.exeC:Program Files (x86)IntelIntel® Management Engine ComponentsDALjhi_service.exeC:WindowsSysWOW64PnkBstrA.exeC:Windowssystem32svchost.exe -k imgsvcC:WindowsExplorer.EXEC:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonationC:WindowsSystem32svchost.exe -k secsvcsC:Windowssystem32SearchIndexer.exeC:Program FilesLucidlogix TechnologiesVIRTUVirtuControlPanel.exeC:Program FilesWindows Media Playerwmpnetwk.exeC:Program FilesRealtekAudioHDARAVCpl64.exeC:WindowsSystem32igfxpers.exeC:UsersDanielAppDataRoaminguTorrentuTorrent.exeC:WindowsSystem32svchost.exe -k LocalServicePeerNetC:Program Files (x86)XFastUSBXFastUsb.exeC:Program FilesLucidlogix TechnologiesVIRTUEKAG20NT.EXEC:Program Files (x86)LogitechLWSWebcam SoftwareLWS.exeC:Program FilesAVAST SoftwareAvastavastui.exeC:Program Files (x86)LogitechLWSWebcam SoftwareCameraHelperShell.exeC:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exeC:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exeC:Program Files (x86)ATI TechnologiesHydraVisionHydraDM.exeC:Program Files (x86)ATI TechnologiesHydraVisionHydraDM64.exeC:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exeC:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exeC:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exeC:WindowsservicingTrustedInstaller.exeC:Program Files (x86)GoogleChromeApplicationchrome.exeC:Program Files (x86)GoogleChromeApplicationchrome.exeC:Program Files (x86)GoogleChromeApplicationchrome.exeC:Program Files (x86)GoogleChromeApplicationchrome.exeC:Program Files (x86)GoogleChromeApplicationchrome.exeC:Windowssystem32svchost.exe -k SDRSVCC:Program Files (x86)GoogleChromeApplicationchrome.exeC:Program Files (x86)GoogleChromeApplicationchrome.exeC:Program Files (x86)GoogleChromeApplicationchrome.exeC:Windowssystem32SearchProtocolHost.exeC:Windowssystem32SearchFilterHost.exeC:Windowssystem32conhost.exeC:Windowssystem32wbemwmiprvse.exeC:Windowssystem32DllHost.exeC:WindowsSystem32cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.commStart Page = hxxp://www.google.commWinlogon: Userinit = userinit.exeBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dlluRun: [ASRockXTU] <no file>mRun: [XFastUSB] "C:Program Files (x86)XFastUSBXFastUsb.exe"mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"mRun: [LWS] C:Program Files (x86)LogitechLWSWebcam SoftwareLWS.exe -hidemRun: [AvastUI.exe] "C:Program FilesAVAST SoftwareAvastAvastUI.exe" /noguimRun: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRunmRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" amlmRun: [20131121] C:Program FilesAVAST SoftwareAvastsetupemupdate958adf70-e171-410d-95ee-755566de5ac6.exe /checkmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0TCP: NameServer = 192.168.0.1TCP: Interfaces{BD70F641-C4CA-4A19-9768-5E3659BE6FCB} : DHCPNameServer = 192.168.0.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:Program Files (x86)GoogleChromeApplication31.0.1650.63Installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dllx64-Run: [VIRTU] C:Program FilesLucidlogix TechnologiesVIRTUVirtuControlPanel.Exe /hidex64-Run: [RTHDVCPL] C:Program FilesRealtekAudioHDARAVCpl64.exe -sx64-Run: [igfxTray] C:WindowsSystem32igfxtray.exex64-Run: [HotKeysCmds] C:WindowsSystem32hkcmd.exex64-Run: [Persistence] C:WindowsSystem32igfxpers.exex64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 aswRvrt;avast! Revert;C:WindowsSystem32driversaswRvrt.sys [2013-8-13 65776]R0 aswVmm;avast! VM Monitor;C:WindowsSystem32driversaswVmm.sys [2013-8-13 205320]R1 AsrAppCharger;AsrAppCharger;C:WindowsSystem32driversAsrAppCharger.sys [2013-8-13 15368]R1 aswSnx;aswSnx;C:WindowsSystem32driversaswSnx.sys [2013-8-13 1032416]R1 aswSP;aswSP;C:WindowsSystem32driversaswsp.sys [2013-8-13 409832]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:WindowsSystem32driversdtsoftbus01.sys [2013-8-22 283064]R1 FNETURPX;FNETURPX;C:WindowsSystem32driversFNETURPX.SYS [2013-8-13 15936]R2 AdobeARMservice;Adobe Acrobat Update Service;C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [2013-5-11 65640]R2 AMD External Events Utility;AMD External Events Utility;C:WindowsSystem32atiesrxx.exe [2013-4-30 238080]R2 aswFsBlk;aswFsBlk;C:WindowsSystem32driversaswFsBlk.sys [2013-8-13 38984]R2 aswMonFlt;aswMonFlt;C:WindowsSystem32driversaswMonFlt.sys [2013-8-13 84328]R2 avast! Antivirus;avast! Antivirus;C:Program FilesAVAST SoftwareAvastAvastSvc.exe [2013-10-21 50344]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:Program FilesInteliCLS ClientHeciServer.exe [2012-2-2 628448]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:Program Files (x86)IntelIntel® Management Engine ComponentsDALJhi_service.exe [2013-8-13 161560]R2 UNS;Intel® Management and Security Application User Notification Service;C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2013-8-13 363800]R3 amdkmdag;amdkmdag;C:WindowsSystem32driversatikmdag.sys [2013-4-30 11922944]R3 amdkmdap;amdkmdap;C:WindowsSystem32driversatikmpag.sys [2013-4-30 359936]R3 asmthub3;ASMedia USB3 Hub Service;C:WindowsSystem32driversasmthub3.sys [2011-3-4 126952]R3 asmtxhci;ASMEDIA XHCI Service;C:WindowsSystem32driversasmtxhci.sys [2011-3-4 390632]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:WindowsSystem32driversAtihdW76.sys [2012-5-14 96896]R3 IntcDAud;Intel® Display Audio;C:WindowsSystem32driversIntcDAud.sys [2013-8-13 317440]R3 LgBttPort;LGE Bluetooth TransPort;C:WindowsSystem32driverslgbtpt64.sys [2009-9-29 16384]R3 lgbusenum;LG Bluetooth Bus Enumerator;C:WindowsSystem32driverslgbtbs64.sys [2009-9-29 14848]R3 LGVMODEM;LGE Virtual Modem;C:WindowsSystem32driverslgvmdm64.sys [2009-9-29 17408]R3 LVRS64;Logitech RightSound Filter Driver;C:WindowsSystem32driverslvrs64.sys [2012-9-21 351520]R3 LVUVC64;Logitech Webcam C160(UVC);C:WindowsSystem32driverslvuvc64.sys [2012-9-21 4763680]R3 MBfilt;MBfilt;C:WindowsSystem32driversMBfilt64.sys [2013-8-13 32344]R3 MEIx64;Intel® Management Engine Interface ;C:WindowsSystem32driversHECIx64.sys [2013-8-13 60184]R3 RTL8167;Realtek 8167 NT Driver;C:WindowsSystem32driversRt64win7.sys [2013-8-13 565352]R3 VirtuWDDM;VirtuWDDM;C:WindowsSystem32driversVirtuWDDM.sys [2013-8-13 66336]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]S2 gupdate;Услуга на Google Актуализация (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2013-9-2 116648]S2 SkypeUpdate;Skype Updater;C:Program Files (x86)SkypeUpdaterUpdater.exe [2013-9-5 171680]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2013-8-13 257416]S3 Andbus;LGE Android Platform Composite USB Device;C:WindowsSystem32driverslgandbus64.sys [2010-3-30 19456]S3 AndDiag;LGE Android Platform USB Serial Port;C:WindowsSystem32driverslganddiag64.sys [2010-3-30 27648]S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:WindowsSystem32driverslgandgps64.sys [2010-3-30 27136]S3 ANDModem;LGE Android Platform USB Modem;C:WindowsSystem32driverslgandmodem64.sys [2010-3-30 33792]S3 dmvsc;dmvsc;C:WindowsSystem32driversdmvsc.sys [2011-4-12 71168]S3 FNETTBOH_305;FNETTBOH_305;C:WindowsSystem32driversFNETTBOH_305.SYS [2013-8-13 32320]S3 gupdatem;Услуга на Google Актуализация (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2013-9-2 116648]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:WindowsSystem32driversrdpvideominiport.sys [2010-11-21 20992]S3 Synth3dVsc;Synth3dVsc;C:WindowsSystem32driversSynth3dVsc.sys [2011-4-12 88960]S3 terminpt;Microsoft Remote Desktop Input Driver;C:WindowsSystem32driversterminpt.sys [2011-4-12 34816]S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2010-11-21 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:WindowsSystem32driversTsUsbGD.sys [2010-11-21 31232]S3 tsusbhub;tsusbhub;C:WindowsSystem32driverstsusbhub.sys [2011-4-12 117248]S3 WatAdminSvc;Услуга на технологиите за активиране на Windows;C:WindowsSystem32WatWatAdminSvc.exe [2013-8-13 1255736].=============== Created Last 30 ================.2013-12-07 05:23:55 10285968 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{E62DCE3A-4205-4515-B2D3-1FA91F15B9AE}mpengine.dll2013-12-02 01:50:46 123904 ----a-w- C:UsersDanielAppDataRoamingRAVCpl32i.exe2013-12-02 01:50:40 1089024 ----a-w- C:UsersDanielAppDataRoamingRAVCpl64i.exe2013-12-02 01:43:32 257 ----a-w- C:UsersDanielAppDataRoamingRAVCpl.bat2013-11-26 15:17:24 99840 ----a-w- C:WindowsSystem32driversusbccgp.sys2013-11-26 15:17:24 7808 ----a-w- C:WindowsSystem32driversusbd.sys2013-11-26 15:17:24 52736 ----a-w- C:WindowsSystem32driversusbehci.sys2013-11-26 15:17:24 343040 ----a-w- C:WindowsSystem32driversusbhub.sys2013-11-26 15:17:24 325120 ----a-w- C:WindowsSystem32driversusbport.sys2013-11-26 15:17:24 30720 ----a-w- C:WindowsSystem32driversusbuhci.sys2013-11-26 15:17:24 25600 ----a-w- C:WindowsSystem32driversusbohci.sys2013-11-14 04:13:45 1474048 ----a-w- C:WindowsSystem32crypt32.dll.==================== Find3M ====================.2013-11-26 15:20:59 71048 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl2013-11-26 15:20:59 692616 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe2013-11-11 03:50:16 267936 ------w- C:WindowsSystem32MpSigStub.exe2013-10-31 06:29:17 281872 ----a-w- C:WindowsSysWow64PnkBstrB.exe2013-10-31 06:29:06 281872 ----a-w- C:WindowsSysWow64PnkBstrB.ex02013-10-31 06:29:04 76888 ----a-w- C:WindowsSysWow64PnkBstrA.exe2013-10-31 05:18:17 0 ----a-w- C:Windowsativpsrm.bin2013-10-21 16:07:54 92544 ----a-w- C:WindowsSystem32driversaswRdr2.sys2013-10-21 16:07:54 84328 ----a-w- C:WindowsSystem32driversaswMonFlt.sys2013-10-21 16:07:54 65776 ----a-w- C:WindowsSystem32driversaswRvrt.sys2013-10-21 16:07:54 205320 ----a-w- C:WindowsSystem32driversaswVmm.sys2013-10-21 16:07:54 1032416 ----a-w- C:WindowsSystem32driversaswSnx.sys2013-10-21 16:07:53 43152 ----a-w- C:WindowsavastSS.scr2013-10-12 08:45:20 2241536 ----a-w- C:WindowsSystem32wininet.dll2013-10-12 08:43:37 3959808 ----a-w- C:WindowsSystem32jscript9.dll2013-10-12 08:43:32 67072 ----a-w- C:WindowsSystem32iesetup.dll2013-10-12 08:43:32 136704 ----a-w- C:WindowsSystem32iesysprep.dll2013-10-12 07:03:50 1767936 ----a-w- C:WindowsSysWow64wininet.dll2013-10-12 07:02:33 2877952 ----a-w- C:WindowsSysWow64jscript9.dll2013-10-12 07:02:29 61440 ----a-w- C:WindowsSysWow64iesetup.dll2013-10-12 07:02:29 109056 ----a-w- C:WindowsSysWow64iesysprep.dll2013-10-12 06:35:26 2706432 ----a-w- C:WindowsSystem32mshtml.tlb2013-10-12 06:08:58 2706432 ----a-w- C:WindowsSysWow64mshtml.tlb2013-10-12 05:44:38 89600 ----a-w- C:WindowsSystem32RegisterIEPKEYs.exe2013-10-12 05:15:39 71680 ----a-w- C:WindowsSysWow64RegisterIEPKEYs.exe2013-10-12 02:25:45 832000 ----a-w- C:WindowsSystem32nshwfp.dll2013-10-12 02:24:37 861184 ----a-w- C:WindowsSystem32IKEEXT.DLL2013-10-12 02:24:22 324096 ----a-w- C:WindowsSystem32FWPUCLNT.DLL2013-10-12 02:23:22 706560 ----a-w- C:WindowsSystem32BFE.DLL2013-10-12 01:57:21 657920 ----a-w- C:WindowsSysWow64nshwfp.dll2013-10-12 01:56:33 216576 ----a-w- C:WindowsSysWow64FWPUCLNT.DLL2013-10-11 11:59:34 3894632 ----a-r- C:WindowsSysWow64pbsvc.exe2013-10-05 19:57:25 1168384 ----a-w- C:WindowsSysWow64crypt32.dll2013-10-04 02:28:31 190464 ----a-w- C:WindowsSystem32SmartcardCredentialProvider.dll2013-10-04 02:25:17 197120 ----a-w- C:WindowsSystem32credui.dll2013-10-04 02:24:44 1931264 ----a-w- C:WindowsSystem32authui.dll2013-10-04 02:02:25 1796608 ----a-w- C:WindowsSysWow64authui.dll2013-10-04 01:58:50 152576 ----a-w- C:WindowsSysWow64SmartcardCredentialProvider.dll2013-10-04 01:56:25 168960 ----a-w- C:WindowsSysWow64credui.dll2013-10-03 02:23:48 404480 ----a-w- C:WindowsSystem32gdi32.dll2013-10-03 02:00:44 311808 ----a-w- C:WindowsSysWow64gdi32.dll2013-09-28 01:14:56 496128 ----a-w- C:WindowsSystem32driversafd.sys2013-09-25 02:30:47 95680 ----a-w- C:WindowsSystem32driversksecdd.sys2013-09-25 02:30:47 154560 ----a-w- C:WindowsSystem32driversksecpkg.sys2013-09-25 02:27:35 28672 ----a-w- C:WindowsSystem32sspisrv.dll2013-09-25 02:27:34 135680 ----a-w- C:WindowsSystem32sspicli.dll2013-09-25 02:27:03 28160 ----a-w- C:WindowsSystem32secur32.dll2013-09-25 02:27:01 340992 ----a-w- C:WindowsSystem32schannel.dll2013-09-25 02:26:13 307200 ----a-w- C:WindowsSystem32ncrypt.dll2013-09-25 02:25:38 1446400 ----a-w- C:WindowsSystem32lsasrv.dll2013-09-25 02:01:59 96768 ----a-w- C:WindowsSysWow64sspicli.dll2013-09-25 02:00:58 22016 ----a-w- C:WindowsSysWow64secur32.dll2013-09-25 02:00:56 247808 ----a-w- C:WindowsSysWow64schannel.dll2013-09-25 01:59:53 220160 ----a-w- C:WindowsSysWow64ncrypt.dll2013-09-25 01:08:17 30720 ----a-w- C:WindowsSystem32lsass.exe2013-09-15 06:32:21 32320 ----a-w- C:WindowsSystem32driversFNETTBOH_305.SYS2013-09-14 02:20:55 376768 ----a-w- C:WindowsSystem32driversnetio.sys.============= FINISH: 7:31:03,55 ===============Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKPunkBuster ServicesRealtek Ethernet Controller DriverRealtek High Definition Audio DriverSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Skype™ 6.10SpeccyStar Wars: The Old RepublicUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)VIRTU 1.2.112XFastUSB.==== End Of File ===========================
  13. Здравейте, нуждая се от помощта ви. МВАМ е сложила под карантина файлове в system32, сега не работи уиндоса. Под всеки файл, който изпише, накрая пише Тrojan Downloader нещо такова, аз я изключих и не можах да го запиша точно троянеца какъв е Не мога и снимки да направя. Пуснах Авира - сканира - нищо не намери За да отворя браузъра трябваше да затворя МВАМ Влязох в папката system32 - в синьо са изписани две папки - dllcache и DRVSTORE - може би са заразените, не разбирам. Първата е празна, втората има вътре още две подпапки и двете и те са в синьо и всичко им е в синьо. Ако има значение така се казват amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194 amdppm_C66586B319F61C772BA2DAB141D0FE08F299F411 Уиндоса е ХР
  14. Здравейте, От вчера лаптопът ми прихвана този вирус Istartsurf, не съм наясно защо антивирусната ми програма не го засича- Microsoft Security Essentials. При тест с Pareto Logic се индикира за около 750 проблема, но не желае да ги прочисти. Лаптопът работи изключително бавно за възможностите си, като това е още преди да има тези проблеми. Периодично правя дефрагментиране, прочистване на папка TEMP, както и прочистване в Manage search engines. Ще се радвам на помощта Ви. Благодаря предварително!
  15. Здравейте, обръщам се към вас с молба за помощ за почистване на системата ми. Опитах да инсталирам Multi Skype Launcher - приложение, което съм ползвал и преди. Свалих го оттук - http://download.cnet.com/Multi-Skype-Launcher/3000-2349_4-75326711.html?part=dl-&subj=dl&tag=button. Още при инсталирането антивирусната ми даде предупреждение за блокиран файл в Temp папките. След това се появиха няколко други нежелани приложения, които почнаха да се ъпдейтват, да отварят страници в браузъра ... Деинсталирах всички и изтрих ръчно папките и файловете, които успях да намеря. Сканирах с Avast, не намери нищо. След това пуснах MBAM, опитах да премахна заразите ръчно и с други почистващи програми. Прикачвам актуалните логове, твърде големи са, за да ги публикувам в темата. Имам инсталационен диск (Windows7 Ultimate x64).
  16. Седях си на компютъра, пуснах си скайп и хром, както винаги и изведнъж, когато ги превключих иконките се смениха. Натиснах рефреш, рестартирах компютъра, но няма промяна. Опитах да си сменя иконката на скайп от properties/shortcut, там иконката си беше тази, която е по подразбиране. Log от Malwarebytes: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.11.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 STEFANOS :: STEFANOS-U300 [administrator] 12-Oct-12 5:05:57 PM mbam-log-2012-10-12 (17-05-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 227354 Time elapsed: 15 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Attack . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 23-Dec-09 5:36:03 PM System Uptime: 12-Oct-12 2:05:18 PM (3 hours ago) . Motherboard: TOSHIBA | | Satellite U300 Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | U2E1 | 2201/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 56 GiB total, 22.96 GiB free. D: is FIXED (NTFS) - 55 GiB total, 0.426 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Realtek PCIe FE Family Controller Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FF501179&REV_01\4&3AB4A1D&0&00E1 Manufacturer: Realtek Name: Realtek PCIe FE Family Controller PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FF501179&REV_01\4&3AB4A1D&0&00E1 Service: RTL8167 . ==== System Restore Points =================== . No restore point in system. . ==== Image File Execution Options ============= . . ==== Installed Programs ====================== . Фотогалерия на Windows Live µTorrent Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS6 AIMP3 Ask Toolbar Bluetooth Stack for Windows by Toshiba COMODO Internet Security D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dev-C++ 5 beta 9 release (4.9.9.2) Foxit PDF Creator Toolbar Updater Foxit Reader Google Chrome Google Earth Google Update Helper ImgBurn Intel(R) Graphics Media Accelerator Driver Intel(R) TV Wizard JavaFX 2.1.1 Junk Mail filter update KoralSoft - EuroDictXP Light Image Resizer 4.1.1.5 Malwarebytes Anti-Malware version 1.65.0.1400 Maustreiber Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Application Error Reporting Microsoft Corporation Microsoft DirectX SDK (June 2010) Microsoft LifeCam Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSVCRT Network Stumbler 0.4.0 (remove only) Orbit Downloader Picasa 3 PokerStars PowerISO RocketDock 1.3.5 Rosetta Stone Version 3 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition Skype Click to Call Skype Launcher Skype™ 5.10 TOSHIBA Face Recognition Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition UseNeXT VirusTotal Uploader 2.0 VIVACOM 3G USB MODEM VLC media player 1.1.11 WaterReminder WaterReminder Shortcuts WinDjView 1.0.3 Windows iLivid Toolbar Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.11 (32-битова версия) XviD4PSP 5.10.276.1 . ==== Event Viewer Messages From Past Week ======== . 12-Oct-12 10:31:15 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. . ==== End Of File =========================== DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 9.0.8112.16421 Run by STEFANOS at 17:27:42 on 2012-10-12 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1031.18.3062.1030 [GMT 3:00] . AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Comodo\COMODO Internet Security\cfp.exe C:\Program Files\VIVACOM 3G USB MODEM\ModemListener.exe C:\Windows\VM305_STI.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe D:\MeLI\programi\AIMP3\AIMP3.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k SDRSVC . ============== Pseudo HJT Report =============== . uStart Page = hxxp://eu.ask.com/?l=dis&o=101702 uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=3672827c000000000000001b24caabd9&tlver=1.4.19.19&ss=1&affID=17981 uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned> uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned> BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\program files\orbitdownloader\orbitcth.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\windows ilivid toolbar\datamngr\toolbar\searchqudtx.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL TB: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\windows ilivid toolbar\datamngr\toolbar\searchqudtx.dll TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\program files\orbitdownloader\GrabPro.dll uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [ModemListener] c:\program files\vivacom 3g usb modem\ModemListener.exe start mRun: [BigDog305] c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202 IE: Download with &Media Finder - c:\program files\media finder\hook.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: ?&?????? ??? Microsoft Excel - <no file> IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 84.54.128.6 84.54.128.8 TCP: Interfaces\{AFA9A997-E9A1-4EDD-AB2C-5832418A47A2} : DHCPNameServer = 77.77.167.56 77.77.167.55 TCP: Interfaces\{EB3CBAB5-FB16-44A6-98A2-F0CC6D3EB025} : DHCPNameServer = 84.54.128.6 84.54.128.8 TCP: Interfaces\{EB3CBAB5-FB16-44A6-98A2-F0CC6D3EB025}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 192.168.1.1 TCP: Interfaces\{EB3CBAB5-FB16-44A6-98A2-F0CC6D3EB025}\5726E647 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{EB3CBAB5-FB16-44A6-98A2-F0CC6D3EB025}\9435B41425 : DHCPNameServer = 192.168.1.1 192.168.0.1 TCP: Interfaces\{EB3CBAB5-FB16-44A6-98A2-F0CC6D3EB025}\C696E6B6379737 : DHCPNameServer = 192.168.30.129 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp . ============= SERVICES / DRIVERS =============== . R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-12-19 19600] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-1-17 491816] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 39640] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 DeviceManager;DeviceManager;c:\program files\common files\devicehelper\devicemanager.exe -start --> c:\program files\common files\devicehelper\DeviceManager.exe -start [?] R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber fur Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-10 136176] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-21 39272] S3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [2010-10-27 105344] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576] S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-11 545792] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-1-12 15872] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-12 257568] S3 SysMouseFilterF3;SysMouseFilterF3;c:\windows\system32\drivers\SysMouseFilterF3.sys [2010-3-19 18808] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-12 52224] S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2006-5-8 391688] . =============== Created Last 30 ================ . 2012-10-11 12:49:28 -------- d-----w- c:\users\stefanos\appdata\local\{8D308284-CC17-4221-9DE8-EEAED9687F4C} 2012-10-10 11:07:59 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-10-05 05:11:11 -------- d-----w- c:\users\stefanos\appdata\local\{738F023C-4BEE-4FC9-93F2-63D462BCEDD8} 2012-09-28 20:51:47 -------- d-----w- c:\users\stefanos\appdata\roaming\Malwarebytes 2012-09-28 12:11:48 -------- d-----w- c:\users\stefanos\appdata\local\APN 2012-09-26 13:20:21 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-25 04:18:24 -------- d-----w- c:\users\stefanos\appdata\local\{3CEFD304-F187-43C9-AE67-F4864A0B494C} 2012-09-24 02:47:53 748680 ----a-w- c:\program files\internet explorer\iexplore.exe 2012-09-24 02:47:52 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll 2012-09-24 02:47:52 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll 2012-09-24 02:47:51 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-09-14 03:08:50 -------- d-----w- c:\users\stefanos\appdata\local\{800C2766-87B2-4AC5-9EB7-C1550E1563DE} . ==================== Find3M ==================== . 2012-09-23 10:11:31 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-23 10:11:31 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-07 14:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-10 23:56:14 542208 ----a-w- c:\windows\system32\kerberos.dll 2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll 2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 17:29:04.58 ===============
  17. Така... отдавна не съм има проблеми с щайгата, но ето че и това дойде... От седмица съм с Win7 64bit и днеска реших да го активирам, обаче попаднах на кофти активатор! Още докато нещата се инсталираха усетих, че нещо не е наред като видях програмите който почнаха да се инсталират сами... и се появяваха по бързо от колкото ги махах. В крайна сметка махнах всички програми, но има няколко процеса който съм убеден, че не са с Win-а и при спиране те се включват сами веднага. Използвам Panda Free и засега не засича нищо, но имам 2-3 програми който стоят в старт менюто и не мога да се отървя от тях и няколкото процеси който се рестартират пак и пак... ПС. Гледам, че има още 1 тема като моята, но в нея пишеше, че стъпките са специално за дадения потребител и може да доведе до повреди в операционната система и не съм ги прилагал. FRST.txt Addition.txt
  18. Проблемът ми е много неприятен... много често ме крашва от браузърите които ползвам (google chrome,mozilla) крашва и различни приставки.Освен това от време на време ми се рестартира и компютъра.Странното е,че преинсталирах няколко пъти windowsa и продължава да ми прави тези проблеми,в смисъл не съм изтривал всички файлове от компютъра по време на преинсталация,но се надявах,че след това няма да имам проблеми. dds : DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 6.0.2900.5512 Run by tony at 23:25:44 on 2012-12-05 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.1014.442 [GMT 2:00] . . ============== Running Processes ================ . C:WINDOWSsystem32spoolsv.exe C:Program FilesPANDORA.TVPanServicePandoraService.exe C:WINDOWSSystem32alg.exe C:WINDOWSsystem32wscntfy.exe C:WINDOWSExplorer.EXE C:Program FilesAsk.comUpdaterUpdater.exe C:Program FilesWinampwinampa.exe C:WINDOWSRTHDCPL.EXE C:WINDOWSsystem32igfxtray.exe C:WINDOWSsystem32hkcmd.exe C:WINDOWSsystem32igfxpers.exe C:WINDOWSsystem32igfxsrvc.exe C:Program FilesDatecsFlexType 2KFType2K.exe C:Program FilesSkypePhoneSkype.exe C:Program FilesWeather Watcherww.exe C:Documents and SettingsAll UsersApplication DataSkypeToolbarsSkype C2C Servicec2c_service.exe C:Program FilesInternet Download ManagerIEMonitor.exe C:Documents and SettingsTEMP.TONY-852F52CF8B.000Local SettingsApplication DataGoogleChromeApplicationchrome.exe C:Documents and SettingsTEMP.TONY-852F52CF8B.000Local SettingsApplication DataGoogleChromeApplicationchrome.exe C:Documents and SettingsTEMP.TONY-852F52CF8B.000Local SettingsApplication DataGoogleChromeApplicationchrome.exe C:Program FilesInternet Download ManagerIDMan.exe C:WINDOWSsystem32wbemwmiprvse.exe C:WINDOWSSystem32svchost.exe -k netsvcs C:WINDOWSsystem32svchost.exe -k NetworkService C:WINDOWSsystem32svchost.exe -k LocalService C:WINDOWSsystem32svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:program filesinternet download managerIDMIECC.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:program filesask.comGenericAskToolbar.dll TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:program filesask.comGenericAskToolbar.dll uRun: [iDMan] c:program filesinternet download managerIDMan.exe /onboot mRun: [ApnUpdater] "c:program filesask.comupdaterUpdater.exe" mRun: [WinampAgent] "c:program fileswinampwinampa.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [igfxTray] c:windowssystem32igfxtray.exe mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe mRun: [Persistence] c:windowssystem32igfxpers.exe StartupFolder: c:docume~1alluse~1startm~1programsstartupflexty~1.lnk - c:program filesdatecsflextype 2kFType2K.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Download all links with IDM - c:program filesinternet download managerIEGetAll.htm IE: Download with IDM - c:program filesinternet download managerIEExt.htm IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe TCP: Interfaces{35E0C601-7FD2-4393-9BF6-4D6249D5069B} : NameServer = 46.238.15.1,89.190.192.248 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:documents and settingstemp.tony-852f52cf8b.000application datamozillafirefoxprofilesdmu9ujdd.default FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll FF - plugin: c:program filesvideodownloadconverter_4zeiinstallr2.binNP4zEISb.dll FF - plugin: c:windowssystem32macromedflashNPSWF32_11_4_402_287.dll . ============= SERVICES / DRIVERS =============== . R1 IDMTDI;IDMTDI;c:windowssystem32driversidmtdi.sys [2012-2-23 104456] R2 PanService;PandoraService;c:program filespandora.tvpanservicePandoraService.exe [2012-7-2 578264] R2 Skype C2C Service;Skype C2C Service;c:documents and settingsall usersapplication dataskypetoolbarsskype c2c servicec2c_service.exe [2012-11-22 3290304] S2 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2012-11-9 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2012-7-2 250808] S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [2012-7-30 1684736] S3 MozillaMaintenance;Mozilla Maintenance Service;c:program filesmozilla maintenance servicemaintenanceservice.exe [2012-7-2 115168] . =============== Created Last 30 ================ . 2012-12-04 20:37:48 -------- d-----w- c:documents and settingstemp.tony-852f52cf8b.000application dataIDM 2012-12-04 20:37:48 -------- d-----w- c:documents and settingstemp.tony-852f52cf8b.000application dataDMCache 2012-12-02 20:18:30 -------- d-----w- c:documents and settingstemp.tony-852f52cf8b.000application datauTorrent 2012-12-02 17:33:03 -------- d-----w- c:documents and settingstemp.tony-852f52cf8b.000application dataWeatherWatcher 2012-12-02 15:08:52 -------- d-----w- c:documents and settingstemp.tony-852f52cf8b.000local settingsapplication dataWMTools Downloaded Files 2012-12-02 10:55:07 -------- d-----w- c:documents and settingstemp.tony-852f52cf8b.000local settingsapplication dataGoogle 2012-12-02 10:34:35 -------- d-----w- c:documents and settingstemp.tony-852f52cf8b.000local settingsapplication dataMozilla 2012-11-27 14:32:04 19576610 --sh--r- c:windowsservices.exe 2012-11-22 08:34:38 5885632 ----a-w- c:program filesmozilla firefoxextensions{82af8dca-6de9-405d-bd5e-43525bdad38a}componentsSkypeFfComponent.dll 2012-11-17 18:44:19 -------- d-----w- C:Muzika 2012-11-11 17:51:19 -------- d-----w- C:Frazi . ==================== Find3M ==================== . 2012-11-29 08:38:29 90112 ----a-w- c:windowsDUMP440d.tmp 2012-11-03 20:31:43 90112 ----a-w- c:windowsDUMP4df1.tmp 2012-10-09 10:46:12 73656 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2012-10-09 10:46:12 696760 ----a-w- c:windowssystem32FlashPlayerApp.exe 2012-09-10 07:41:53 24768136 ----a-w- C:SkypeSetupFull.exe 2010-07-22 20:04:36 19576610 --sh--r- c:windowsservices.exe . ============= FINISH: 23:26:01.51 ===============
  19. Днес попаднах на един лаптоп с антивирусна eset Endpoint security. Вчера ползвателя на компютъра е отворил някакъв линк и антивирусната му постоянно открива вирус spy.zbot.yw. Изписва че го изтрива, но явно не успява понеже през 1 час антивирусната пак го открива. Постоянно спира различни програми, като: Outlook, IE, Mozilla Ето логовете от FRST FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2014 01Ran by Kremena Georgieva (administrator) on AVANTYS-LPC on 09-05-2014 13:47:26Running from C:UsersKremena GeorgievaDesktopWindows 7 Professional Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Enigma Software Group USA, LLC.) C:Program FilesEnigma Software GroupSpyHunterSH4Service.exe(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe(NVIDIA Corporation) C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe(IDT, Inc.) C:Program FilesIDTWDMstacsv64.exe(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplayNvXDSync.exe(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe(Microsoft Corporation) C:WindowsSystem32wlanext.exe(ABBYY (BIT Software)) C:Program Files (x86)ABBYY FineReader 9.0NetworkLicenseServer.exe(Andrea Electronics Corporation) C:Program FilesIDTWDMAESTSr64.exe(Microsoft Corporation) C:Program Files (x86)SkypeToolbarsAutoUpdateSkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:Program Files (x86)SkypeToolbarsPNRSvcSkypeC2CPNRSvc.exe(ESET) C:Program FilesESETESET NOD32 Antivirusx86ekrn.exe(Intel® Corporation) C:Program FilesIntelWiFibinEvtEng.exe(COMPANYVERS_NAME) C:Program Files (x86)FromDocToPDF_65bar1.bin65barsvc.exe() C:WindowsSysWOW64FUSServices.exe(HP) C:Program Files (x86)HPHPLaserJetServiceHPLaserJetService.exe(HP) C:WindowsSystem32HPSIsvc.exe(Intel® Corporation) C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe(TeamViewer GmbH) C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe(Intel Corporation) C:WindowsSystem32igfxtray.exe(Intel Corporation) C:WindowsSystem32igfxpers.exe(Alps Electric Co., Ltd.) C:Program FilesDellTPadApoint.exe(Alps Electric Co., Ltd.) C:Program FilesDellTPadApMsgFwd.exe(Dell Inc.) C:Program FilesDellQuickSetquickset.exe(Synaptics Incorporated) C:Program FilesSynapticsSynTPSynTPEnh.exe(Alps Electric Co., Ltd.) C:Program FilesDellTPadhidfind.exe(Alps Electric Co., Ltd.) C:Program FilesDellTPadApntEx.exe(IDT, Inc.) C:Program FilesIDTWDMsttray64.exe(Intel Corporation) C:WindowsSystem32hkcmd.exe(Intel® Corporation) C:Program FilesCommon FilesIntelWirelessCommoniFrmewrk.exe(ESET) C:Program FilesESETESET NOD32 Antivirusegui.exe() C:Program Files (x86)FromDocToPDF_65bar1.binAppIntegrator64.exe(Nero AG) C:Program Files (x86)Common FilesNeroLibNMIndexStoreSvr.exe(Synaptics Incorporated) C:Program Files (x86)SynapticsScrybescrybe.exe(Renesas Electronics Corporation) C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe(Intel Corporation) C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe(Nero AG) C:Program Files (x86)Common FilesNeroLibNMIndexingService.exe(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvtray.exe(Microsoft Corporation) C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE(Intel Corporation) C:Program FilesIntelBluetoothHSBTHSAmpPalService.exe(Intel® Corporation) C:Program FilesIntelBluetoothHSBTHSSecurityMgr.exe(Intel Corporation) C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe(Intel Corporation) C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe(Intel Corporation) C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe(Google) C:UsersKremena GeorgievaAppDataLocalGoogleGoogle Talk Plugingoogletalkplugin.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe(Microsoft Corporation) C:Program Files (x86)Common Filesmicrosoft sharedDWDW20.EXE(Skype Technologies S.A.) C:Program Files (x86)SkypePhoneSkype.exe(TeamViewer GmbH) C:Program Files (x86)TeamViewerVersion8TeamViewer.exe(TeamViewer GmbH) C:Program Files (x86)TeamViewerVersion8tv_w32.exe(TeamViewer GmbH) C:Program Files (x86)TeamViewerVersion8tv_x64.exe(TeamViewer GmbH) C:Program Files (x86)TeamViewerVersion8TeamViewer_Desktop.exe(Microsoft Corporation) C:Program FilesInternet Exploreriexplore.exe ==================== Registry (Whitelisted) ================== HKLM...Run: [Apoint] => C:Program FilesDellTPadApoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)HKLM...Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:Program FilesIntelTurboBoostRunTBGadgetOnce.vbs"HKLM...Run: [QuickSet] => C:Program FilesDellQuickSetQuickSet.exe [3668336 2011-03-24] (Dell Inc.)HKLM...Run: [synTPEnh] => C:Program FilesSynapticsSynTPSynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated)HKLM...Run: [sysTrayApp] => C:Program FilesIDTWDMsttray64.exe [525312 2011-01-25] (IDT, Inc.)HKLM...Run: [intelPROSet] => C:Program FilesCommon FilesIntelWirelessCommoniFrmewrk.exe [1935120 2012-01-04] (Intel® Corporation)HKLM...Run: [egui] => C:Program FilesESETESET NOD32 Antivirusegui.exe [4144944 2013-02-14] (ESET)HKLM...Run: [FromDocToPDF Home Page Guard 64 bit] => C:Program Files (x86)FromDocToPDF_65bar1.binAppIntegrator64.exe [548936 2013-10-02] ()HKLM-x32...Run: [NUSB3MON] => C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)HKLM-x32...Run: [iAStorIcon] => C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe [283160 2010-11-05] (Intel Corporation)HKLM-x32...Run: [PWRISOVM.EXE] => C:Program Files (x86)PowerISOPWRISOVM.EXE [307200 2011-06-15] (PowerISO Computing, Inc.)HKLM-x32...Run: [] => [X]HKLM-x32...Run: [HPUsageTrackingLEDM] => C:Program Files (x86)HPHP UT LEDMbinhppusg.exe [30264 2009-10-15] (Hewlett-Packard Company)HKLM-x32...Run: [FromDocToPDF Search Scope Monitor] => C:Program Files (x86)FromDocToPDF_65bar1.bin65SrchMn.exe [44784 2013-10-02] (MindSpark)WinlogonNotifyigfxcui: C:Windowssystem32igfxdev.dll (Intel Corporation)HKUS-1-5-21-1639035527-594000354-161818179-1000...Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:Program Files (x86)Common FilesNeroLibNMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)HKUS-1-5-21-1639035527-594000354-161818179-1000...Run: [Google Update] => C:UsersKremena GeorgievaAppDataLocalGoogleUpdateGoogleUpdate.exe [136176 2011-09-02] (Google Inc.)HKUS-1-5-21-1639035527-594000354-161818179-1000...Run: [internet Security] => C:ProgramDataildefender.exeHKUS-1-5-21-1639035527-594000354-161818179-1000...Run: [skype] => C:Program Files (x86)SkypePhoneSkype.exe [20922016 2014-02-10] (Skype Technologies S.A.)HKUS-1-5-21-1639035527-594000354-161818179-1000...Run: [dufy.exe] => C:UsersKremena GeorgievaAppDataRoamingUxmidufy.exe [0 2014-05-09] ()HKUS-1-5-21-1639035527-594000354-161818179-1000...MountPoints2: F - F:OriginInstaller.exeHKUS-1-5-21-1639035527-594000354-161818179-1000...MountPoints2: {4194b8eb-d5ea-11e0-a8cc-bc77373ea80e} - G:setup_vmb_lite.exe /checkApplicationPresenceHKUS-1-5-21-1639035527-594000354-161818179-1000...MountPoints2: {4194b8fb-d5ea-11e0-a8cc-bc77373ea80e} - G:setup_vmc_lite.exe /checkApplicationPresenceHKUS-1-5-21-1639035527-594000354-161818179-1000...MountPoints2: {4194b900-d5ea-11e0-a8cc-bc77373ea80e} - G:setup_vmc_lite.exe /checkApplicationPresenceHKUS-1-5-21-1639035527-594000354-161818179-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0...Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:Program Files (x86)Common FilesNeroLibNMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)HKUS-1-5-21-1639035527-594000354-161818179-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0...Run: [Google Update] => C:UsersKremena GeorgievaAppDataLocalGoogleUpdateGoogleUpdate.exe [136176 2011-09-02] (Google Inc.)HKUS-1-5-21-1639035527-594000354-161818179-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0...Run: [internet Security] => C:ProgramDataildefender.exeHKUS-1-5-21-1639035527-594000354-161818179-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0...Run: [skype] => C:Program Files (x86)SkypePhoneSkype.exe [20922016 2014-02-10] (Skype Technologies S.A.)HKUS-1-5-21-1639035527-594000354-161818179-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0...MountPoints2: F - F:OriginInstaller.exeHKUS-1-5-21-1639035527-594000354-161818179-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0...MountPoints2: {4194b8eb-d5ea-11e0-a8cc-bc77373ea80e} - G:setup_vmb_lite.exe /checkApplicationPresenceHKUS-1-5-21-1639035527-594000354-161818179-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0...MountPoints2: {4194b8fb-d5ea-11e0-a8cc-bc77373ea80e} - G:setup_vmc_lite.exe /checkApplicationPresenceHKUS-1-5-21-1639035527-594000354-161818179-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0...MountPoints2: {4194b900-d5ea-11e0-a8cc-bc77373ea80e} - G:setup_vmc_lite.exe /checkApplicationPresenceHKUS-1-5-21-1639035527-594000354-161818179-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0...Run: [skype] => C:Program Files (x86)SkypePhoneSkype.exe [20922016 2014-02-10] (Skype Technologies S.A.)HKUS-1-5-21-1639035527-594000354-161818179-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0...Policiessystem: [DisableLockWorkstation] 0HKUS-1-5-21-1639035527-594000354-161818179-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0...MountPoints2: G - G:DriverPackSolution.exeHKUS-1-5-21-1639035527-594000354-161818179-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0...MountPoints2: {6187428b-a310-11e1-b0de-bc77373ea80e} - G:SISetup.exeHKUS-1-5-21-1639035527-594000354-161818179-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0...MountPoints2: {618742ac-a310-11e1-b0de-bc77373ea80e} - G:SISetup.exeAppInit_DLLs: C:Windowssystem32nvinitx.dll => C:Windowssystem32nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)AppInit_DLLs-x32: C:WindowsSysWOW64nvinit.dll => C:WindowsSysWOW64nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupScrybe.lnkShortcutTarget: Scrybe.lnk -> C:WindowsInstaller{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe (Acresso Software Inc.) ==================== Internet (Whitelisted) ==================== HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 0x6DC78D5E1431CE01HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = bg-BGHKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.bg/URLSearchHook: HKCU - (No Name) - {96f454ea-9d38-474f-b504-56193e00c1a5} - No FileSearchScopes: HKLM-x32 - DefaultScope {5245D202-A352-4632-81D5-B71195D794E9} URL = BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll (Microsoft Corporation)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation)BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:Program Files (x86)Hotspot ShieldHssIEHssIE_64.dll No FileBHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelper.dll (Adobe Systems Incorporated)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll (Sun Microsystems, Inc.)BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program Files (x86)AdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet ExplorerSkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:Program Files (x86)Microsoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll (Sun Microsystems, Inc.)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program Files (x86)AdobeAcrobat 8.0AcrobatAcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKCU - No Name - {96F454EA-9D38-474F-B504-56193E00C1A5} - No FileDPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll (Microsoft Corporation)Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:Program Files (x86)BelarcAdvisorSystemBAVoilaX.dll (Belarc, Inc.)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet ExplorerSkypeIEPlugin.dll (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies)TcpipParameters: [DhcpNameServer] 192.168.0.1Tcpip..Interfaces{723903CB-F96D-4D6F-9FD9-B4E8ED979191}: [NameServer]0.0.0.0 FireFox:========FF ProfilePath: C:UsersKremena GeorgievaAppDataRoamingMozillaFirefoxProfilescucvn5gy.defaultFF DefaultSearchEngine: uTorrentControl_v6 Customized Web SearchFF SelectedSearchEngine: uTorrentControl_v6 Customized Web SearchFF Homepage: about:homeFF Keyword.URL: hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=370858F4-7C20-4B75-B1EA-B1C50A43C025&n=77fd78b7&ind=2013100215&p2=^Y6^xdm007^YYA^bg&si=CKDIvOeR-LkCFcmV3godrlUA-g&searchfor=FF Plugin: @adobe.com/FlashPlayer - C:Windowssystem32MacromedFlashNPSWF64_13_0_0_206.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:Program FilesMicrosoft Silverlight5.1.30214.0npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:PROGRA~1MICROS~1Office14NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:WindowsSysWOW64MacromedFlashNPSWF32_13_0_0_206.dll ()FF Plugin-x32: @FromDocToPDF_65.com/Plugin - C:Program Files (x86)FromDocToPDF_65bar1.binNP65Stub.dll (MindSpark)FF Plugin-x32: @java.com/JavaPlugin - C:Program Files (x86)Javajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:Program Files (x86)Microsoft Silverlight5.1.30214.0npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision - C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:UsersKremena GeorgievaAppDataRoamingMozillapluginsnpgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:UsersKremena GeorgievaAppDataRoamingMozillapluginsnpo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:UsersKremena GeorgievaAppDataLocalGoogleUpdate1.3.23.9npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:UsersKremena GeorgievaAppDataLocalGoogleUpdate1.3.23.9npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:Program Files (x86)mozilla firefoxpluginsnpBitCometAgent.dll (BitComet)FF Plugin ProgramFiles/Appdata: C:Program Files (x86)mozilla firefoxpluginsnpdeployJava1.dll (Sun Microsystems, Inc.)FF Plugin ProgramFiles/Appdata: C:Program Files (x86)mozilla firefoxpluginsnppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:UsersKremena GeorgievaAppDataRoamingmozillapluginsnpgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:UsersKremena GeorgievaAppDataRoamingmozillapluginsnpo1d.dll (Google)FF SearchPlugin: C:UsersKremena GeorgievaAppDataRoamingMozillaFirefoxProfilescucvn5gy.defaultsearchpluginsask-web-search.xmlFF SearchPlugin: C:UsersKremena GeorgievaAppDataRoamingMozillaFirefoxProfilescucvn5gy.defaultsearchpluginsutorrentcontrolv6-customized-web-search.xmlFF Extension: FromDocToPDF - C:UsersKremena GeorgievaAppDataRoamingMozillaFirefoxProfilescucvn5gy.defaultExtensions65ffxtbr@FromDocToPDF_65.com [2014-05-09]FF Extension: Skype Click to Call - C:Program Files (x86)Mozilla Firefoxbrowserextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-08]FF HKLM...ThunderbirdExtensions: [eplgTb@eset.com] - C:Program FilesESETESET NOD32 AntivirusMozilla ThunderbirdFF Extension: ESET Endpoint Security Extension - C:Program FilesESETESET NOD32 AntivirusMozilla Thunderbird [2013-06-18]FF HKLM-x32...FirefoxExtensions: [65ffxtbr@FromDocToPDF_65.com] - C:Program Files (x86)FromDocToPDF_65bar1.binFF Extension: FromDocToPDF - C:Program Files (x86)FromDocToPDF_65bar1.bin [2013-10-02]FF HKLM-x32...ThunderbirdExtensions: [eplgTb@eset.com] - C:Program FilesESETESET NOD32 AntivirusMozilla ThunderbirdFF Extension: ESET Endpoint Security Extension - C:Program FilesESETESET NOD32 AntivirusMozilla Thunderbird [2013-06-18] Chrome: =======CHR HomePage: hxxp://search.conduit.com/?ctid=CT3289075&SearchSource=48&CUI=UN42719476852070012&UM=1CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3289075&SearchSource=48&CUI=UN42719476852070012&UM=1]},"spdy":{"servers":["googleads.g.doubleclick.net:443","toolbarqueries.google.com:443","clients2.google.com:443"]},"tabs":{"use_compact_navigation_bar":false,"use_vertical_tabs":false},"translate_accepted_count":{"de":1,"en":0},"translate_denied_count":{"de":0,"en":8},"translate_language_blacklist":["en"CHR Extension: (No Name) - C:UsersKremena GeorgievaAppDataLocalGoogleChromeUser DataDefaultExtensionscflheckfmhopnialghigdlggahiomebp [2013-04-04]CHR HKCU...ChromeExtension: [cflheckfmhopnialghigdlggahiomebp] - C:UsersKremena GeorgievaAppDataLocalCREcflheckfmhopnialghigdlggahiomebp.crx [2013-03-27]CHR HKLM-x32...ChromeExtension: [cflheckfmhopnialghigdlggahiomebp] - C:UsersKremena GeorgievaAppDataLocalCREcflheckfmhopnialghigdlggahiomebp.crx [2013-03-27]CHR HKLM-x32...ChromeExtension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:Program Files (x86)SkypeToolbarsChromeExtensionskype_chrome_extension.crx [2014-03-03]CHR StartMenuInternet: Google Chrome - C:UsersKremena GeorgievaAppDataLocalGoogleChromeApplicationchrome.exe ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Professional.9.0; C:Program Files (x86)ABBYY FineReader 9.0NetworkLicenseServer.exe [566560 2007-09-24] (ABBYY (BIT Software))R2 c2cautoupdatesvc; C:Program Files (x86)SkypeToolbarsAutoUpdateSkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)R2 c2cpnrsvc; C:Program Files (x86)SkypeToolbarsPNRSvcSkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)S3 EhttpSrv; C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe [40888 2013-02-14] (ESET)R2 ekrn; C:Program FilesESETESET NOD32 Antivirusx86ekrn.exe [1020304 2013-02-14] (ESET)S3 ESHASRV; C:Program FilesESETESET NOD32 AntivirusEShaSrv.exe [190208 2013-02-14] (ESET)R2 FromDocToPDF_65Service; C:Program Files (x86)FromDocToPDF_65bar1.bin65barsvc.exe [42504 2013-10-02] (COMPANYVERS_NAME)R2 FUSServices; C:WindowsSysWOW64FUSServices.exe [10752 2009-04-22] ()S3 MyWiFiDHCPDNS; C:Program FilesIntelWiFibinPanDhcpDns.exe [340240 2012-01-04] ()R3 NMIndexingService; C:Program Files (x86)Common FilesNeroLibNMIndexingService.exe [529704 2008-02-28] (Nero AG)S2 ScrybeUpdater; C:Program Files (x86)SynapticsScrybeServiceScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)R2 SpyHunter 4 Service; C:Program FilesEnigma Software GroupSpyHunterSH4Service.exe [1025408 2013-05-07] (Enigma Software Group USA, LLC.) ==================== Drivers (Whitelisted) ==================== S2 ALIWEHCD; C:WindowsSystem32Driversmfpec.sys [39552 2007-05-06] (None)S3 AliWGP; C:WindowsSystem32DRIVERSmfpcomp.sys [13184 2007-01-09] (None)R1 eamonm; C:WindowsSystem32DRIVERSeamonm.sys [217000 2013-02-04] (ESET)U5 edevmon; C:WindowsSystem32Driversedevmon.sys [183016 2013-04-09] (ESET)R1 ehdrv; C:WindowsSystem32DRIVERSehdrv.sys [153200 2013-02-04] (ESET)R2 epfwwfpr; C:WindowsSystem32DRIVERSepfwwfpr.sys [141304 2013-02-04] (ESET)S3 EsgScanner; C:WindowsSystem32DRIVERSEsgScanner.sys [22704 2012-06-22] ()S3 FaxLffv2; C:WindowsSystem32DriversFaxLffv2.sys [31232 2008-06-18] (OEM)R3 MBAMSwissArmy; C:Windowssystem32driversMBAMSwissArmy.sys [119512 2014-05-09] (Malwarebytes Corporation)S3 mvusbews; C:WindowsSystem32Driversmvusbews.sys [20480 2010-04-28] (Marvell Semiconductor, Inc.)R1 nvkflt; C:WindowsSystem32DRIVERSnvkflt.sys [284008 2012-10-08] (NVIDIA Corporation)S3 RimUsb; C:WindowsSystem32DriversRimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)S3 taphss6; C:WindowsSystem32DRIVERStaphss6.sys [42184 2013-02-22] (Anchorfree Inc.)S3 WUSBVBus; C:WindowsSystem32DRIVERSmfpvbus.sys [12416 2006-10-20] (None)S3 XMLDIUSB; C:WindowsSystem32DriversXMLDIUSB.sys [55808 2010-01-29] (OEM)S3 AthBTPort; system32DRIVERSbtath_flt.sys [X]S3 BTATH_A2DP; system32driversbtath_a2dp.sys [X]S3 BTATH_BUS; system32DRIVERSbtath_bus.sys [X]S3 BTATH_HCRP; system32DRIVERSbtath_hcrp.sys [X]S3 BTATH_LWFLT; system32DRIVERSbtath_lwflt.sys [X]S3 BTATH_RCP; system32DRIVERSbtath_rcp.sys [X]S3 btmaudio; system32driversbtmaud.sys [X]S3 btmaux; system32DRIVERSbtmaux.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-09 13:47 - 2014-05-09 13:48 - 00023407 _____ () C:UsersKremena GeorgievaDesktopFRST.txt2014-05-09 13:47 - 2014-05-09 13:47 - 00000000 ____D () C:FRST2014-05-09 13:46 - 2014-05-09 13:46 - 02064384 _____ (Farbar) C:UsersKremena GeorgievaDesktopFRST64.exe2014-05-09 10:48 - 2014-05-09 10:49 - 00119512 _____ (Malwarebytes Corporation) C:Windowssystem32DriversMBAMSwissArmy.sys2014-05-09 10:48 - 2014-05-09 10:48 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Malware2014-05-09 10:48 - 2014-05-09 10:48 - 00000000 ____D () C:Program Files (x86)Malwarebytes Anti-Malware2014-05-09 10:48 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:Windowssystem32Driversmbamchameleon.sys2014-05-09 10:48 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:Windowssystem32Driversmwac.sys2014-05-09 10:48 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:Windowssystem32Driversmbam.sys2014-05-08 14:36 - 2014-05-07 18:44 - 00156783 _____ () C:UsersKremena GeorgievaDesktopflipper.swf2014-05-08 14:33 - 2014-05-08 14:33 - 00000000 ____D () C:UsersKremena GeorgievaDesktopInterton_20142014-05-08 14:32 - 2014-05-08 14:34 - 13142453 _____ () C:UsersKremena GeorgievaDesktopInterton_2014.rar2014-05-08 14:30 - 2014-05-08 14:30 - 00000000 ____D () C:UsersKremena GeorgievaDesktopEuropeanColorCosmeticPackaging2014-05-08 14:28 - 2014-05-08 14:35 - 13142453 _____ () C:UsersKremena GeorgievaDesktopEuropeanColorCosmeticPackaging.rar2014-05-08 14:23 - 2014-05-09 12:41 - 00000000 ____D () C:UsersKremena GeorgievaAppDataRoamingIwbeis2014-05-08 14:23 - 2014-05-09 12:40 - 00000000 ____D () C:UsersKremena GeorgievaAppDataRoamingUxmi2014-05-08 08:54 - 2014-05-08 08:54 - 00000000 ___SD () C:Windowssystem32CompatTel2014-05-06 09:27 - 2014-04-14 05:24 - 00465408 _____ (Microsoft Corporation) C:Windowssystem32aepdu.dll2014-05-06 09:27 - 2014-04-14 05:19 - 00424448 _____ (Microsoft Corporation) C:Windowssystem32aeinv.dll2014-05-03 05:20 - 2014-04-29 17:01 - 23547904 _____ (Microsoft Corporation) C:Windowssystem32mshtml.dll2014-05-03 05:20 - 2014-04-29 15:48 - 17384448 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.dll2014-05-03 05:19 - 2014-04-29 16:40 - 02724864 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb2014-05-03 05:19 - 2014-04-29 15:34 - 02724864 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb2014-04-21 12:51 - 2014-04-21 12:51 - 00000000 __SHD () C:UsersKremena GeorgievaAppDataLocalEmieUserList2014-04-21 12:51 - 2014-04-21 12:51 - 00000000 __SHD () C:UsersKremena GeorgievaAppDataLocalEmieSiteList2014-04-21 11:29 - 2014-03-06 12:31 - 00004096 _____ (Microsoft Corporation) C:Windowssystem32ieetwcollectorres.dll2014-04-21 11:29 - 2014-03-06 11:59 - 00066048 _____ (Microsoft Corporation) C:Windowssystem32iesetup.dll2014-04-21 11:29 - 2014-03-06 11:57 - 00548352 _____ (Microsoft Corporation) C:Windowssystem32vbscript.dll2014-04-21 11:29 - 2014-03-06 11:57 - 00048640 _____ (Microsoft Corporation) C:Windowssystem32ieetwproxystub.dll2014-04-21 11:29 - 2014-03-06 11:40 - 00051200 _____ (Microsoft Corporation) C:Windowssystem32jsproxy.dll2014-04-21 11:29 - 2014-03-06 11:39 - 00033792 _____ (Microsoft Corporation) C:Windowssystem32iernonce.dll2014-04-21 11:29 - 2014-03-06 11:32 - 00574976 _____ (Microsoft Corporation) C:Windowssystem32ieui.dll2014-04-21 11:29 - 2014-03-06 11:29 - 00139264 _____ (Microsoft Corporation) C:Windowssystem32ieUnatt.exe2014-04-21 11:29 - 2014-03-06 11:29 - 00111616 _____ (Microsoft Corporation) C:Windowssystem32ieetwcollector.exe2014-04-21 11:29 - 2014-03-06 11:28 - 00752640 _____ (Microsoft Corporation) C:Windowssystem32jscript9diag.dll2014-04-21 11:29 - 2014-03-06 11:15 - 00940032 _____ (Microsoft Corporation) C:Windowssystem32MsSpellCheckingFacility.exe2014-04-21 11:29 - 2014-03-06 11:09 - 00453120 _____ (Microsoft Corporation) C:Windowssystem32dxtmsft.dll2014-04-21 11:29 - 2014-03-06 11:03 - 00586240 _____ (Microsoft Corporation) C:Windowssystem32ie4uinit.exe2014-04-21 11:29 - 2014-03-06 11:02 - 00455168 _____ (Microsoft Corporation) C:WindowsSysWOW64vbscript.dll2014-04-21 11:29 - 2014-03-06 11:02 - 00061952 _____ (Microsoft Corporation) C:WindowsSysWOW64iesetup.dll2014-04-21 11:29 - 2014-03-06 11:01 - 00051200 _____ (Microsoft Corporation) C:WindowsSysWOW64ieetwproxystub.dll2014-04-21 11:29 - 2014-03-06 10:56 - 00038400 _____ (Microsoft Corporation) C:Windowssystem32JavaScriptCollectionAgent.dll2014-04-21 11:29 - 2014-03-06 10:48 - 00195584 _____ (Microsoft Corporation) C:Windowssystem32msrating.dll2014-04-21 11:29 - 2014-03-06 10:46 - 00043008 _____ (Microsoft Corporation) C:WindowsSysWOW64jsproxy.dll2014-04-21 11:29 - 2014-03-06 10:45 - 00032768 _____ (Microsoft Corporation) C:WindowsSysWOW64iernonce.dll2014-04-21 11:29 - 2014-03-06 10:42 - 00296960 _____ (Microsoft Corporation) C:Windowssystem32dxtrans.dll2014-04-21 11:29 - 2014-03-06 10:40 - 00440832 _____ (Microsoft Corporation) C:WindowsSysWOW64ieui.dll2014-04-21 11:29 - 2014-03-06 10:38 - 00112128 _____ (Microsoft Corporation) C:WindowsSysWOW64ieUnatt.exe2014-04-21 11:29 - 2014-03-06 10:36 - 00592896 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript9diag.dll2014-04-21 11:29 - 2014-03-06 10:22 - 00367616 _____ (Microsoft Corporation) C:WindowsSysWOW64dxtmsft.dll2014-04-21 11:29 - 2014-03-06 10:21 - 00628736 _____ (Microsoft Corporation) C:Windowssystem32msfeeds.dll2014-04-21 11:29 - 2014-03-06 10:13 - 00032256 _____ (Microsoft Corporation) C:WindowsSysWOW64JavaScriptCollectionAgent.dll2014-04-21 11:29 - 2014-03-06 10:07 - 00164864 _____ (Microsoft Corporation) C:WindowsSysWOW64msrating.dll2014-04-21 11:29 - 2014-03-06 10:01 - 00244224 _____ (Microsoft Corporation) C:WindowsSysWOW64dxtrans.dll2014-04-21 11:29 - 2014-03-06 09:46 - 00524288 _____ (Microsoft Corporation) C:WindowsSysWOW64msfeeds.dll2014-04-21 11:29 - 2014-03-06 08:50 - 00846336 _____ (Microsoft Corporation) C:Windowssystem32ieapfltr.dll2014-04-21 11:29 - 2014-03-06 08:43 - 00704512 _____ (Microsoft Corporation) C:WindowsSysWOW64ieapfltr.dll2014-04-21 07:23 - 2014-03-06 11:53 - 02767360 _____ (Microsoft Corporation) C:Windowssystem32iertutil.dll2014-04-21 07:23 - 2014-03-06 10:47 - 02178048 _____ (Microsoft Corporation) C:WindowsSysWOW64iertutil.dll2014-04-21 07:23 - 2014-03-06 08:41 - 01789440 _____ (Microsoft Corporation) C:WindowsSysWOW64wininet.dll2014-04-21 07:22 - 2014-03-06 11:11 - 05784064 _____ (Microsoft Corporation) C:Windowssystem32jscript9.dll2014-04-21 07:22 - 2014-03-06 10:46 - 04254720 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript9.dll2014-04-21 07:22 - 2014-03-06 10:11 - 02043904 _____ (Microsoft Corporation) C:Windowssystem32inetcpl.cpl2014-04-21 07:22 - 2014-03-06 09:53 - 13551104 _____ (Microsoft Corporation) C:Windowssystem32ieframe.dll2014-04-21 07:22 - 2014-03-06 09:40 - 01967104 _____ (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl2014-04-21 07:22 - 2014-03-06 09:36 - 11745792 _____ (Microsoft Corporation) C:WindowsSysWOW64ieframe.dll2014-04-21 07:22 - 2014-03-06 09:22 - 02260480 _____ (Microsoft Corporation) C:Windowssystem32wininet.dll2014-04-21 07:22 - 2014-03-06 08:58 - 01400832 _____ (Microsoft Corporation) C:Windowssystem32urlmon.dll2014-04-21 07:22 - 2014-03-06 08:36 - 01143808 _____ (Microsoft Corporation) C:WindowsSysWOW64urlmon.dll2014-04-10 13:33 - 2014-03-04 12:44 - 01163264 _____ (Microsoft Corporation) C:Windowssystem32kernel32.dll2014-04-10 13:33 - 2014-03-04 12:44 - 00362496 _____ (Microsoft Corporation) C:Windowssystem32wow64win.dll2014-04-10 13:33 - 2014-03-04 12:44 - 00243712 _____ (Microsoft Corporation) C:Windowssystem32wow64.dll2014-04-10 13:33 - 2014-03-04 12:44 - 00016384 _____ (Microsoft Corporation) C:Windowssystem32ntvdm64.dll2014-04-10 13:33 - 2014-03-04 12:44 - 00013312 _____ (Microsoft Corporation) C:Windowssystem32wow64cpu.dll2014-04-10 13:33 - 2014-03-04 12:17 - 00014336 _____ (Microsoft Corporation) C:WindowsSysWOW64ntvdm64.dll2014-04-10 13:33 - 2014-03-04 12:16 - 01114112 _____ (Microsoft Corporation) C:WindowsSysWOW64kernel32.dll2014-04-10 13:33 - 2014-03-04 12:16 - 00025600 _____ (Microsoft Corporation) C:WindowsSysWOW64setup16.exe2014-04-10 13:33 - 2014-03-04 12:16 - 00005120 _____ (Microsoft Corporation) C:WindowsSysWOW64wow32.dll2014-04-10 13:33 - 2014-03-04 11:09 - 00007680 _____ (Microsoft Corporation) C:WindowsSysWOW64instnm.exe2014-04-10 13:33 - 2014-03-04 11:09 - 00002048 _____ (Microsoft Corporation) C:WindowsSysWOW64user.exe2014-04-10 13:33 - 2014-02-04 05:35 - 00274880 _____ (Microsoft Corporation) C:Windowssystem32Driversmsiscsi.sys2014-04-10 13:33 - 2014-02-04 05:35 - 00190912 _____ (Microsoft Corporation) C:Windowssystem32Driversstorport.sys2014-04-10 13:33 - 2014-02-04 05:35 - 00027584 _____ (Microsoft Corporation) C:Windowssystem32DriversDiskdump.sys2014-04-10 13:33 - 2014-02-04 05:28 - 00002048 _____ (Microsoft Corporation) C:Windowssystem32iologmsg.dll2014-04-10 13:33 - 2014-02-04 05:00 - 00002048 _____ (Microsoft Corporation) C:WindowsSysWOW64iologmsg.dll2014-04-10 13:33 - 2014-01-24 05:37 - 01684928 _____ (Microsoft Corporation) C:Windowssystem32Driversntfs.sys ==================== One Month Modified Files and Folders ======= 2014-05-09 13:48 - 2014-05-09 13:47 - 00023407 _____ () C:UsersKremena GeorgievaDesktopFRST.txt2014-05-09 13:47 - 2014-05-09 13:47 - 00000000 ____D () C:FRST2014-05-09 13:46 - 2014-05-09 13:46 - 02064384 _____ (Farbar) C:UsersKremena GeorgievaDesktopFRST64.exe2014-05-09 13:40 - 2011-09-02 16:31 - 00000000 ____D () C:UsersKremena GeorgievaAppDataRoamingSkype2014-05-09 13:37 - 2014-04-03 09:32 - 00001056 _____ () C:WindowsTasksGoogleUpdateTaskUserS-1-5-21-1639035527-594000354-161818179-1000UA1cf4f06770d21cf.job2014-05-09 13:36 - 2012-07-22 22:25 - 00000830 _____ () C:WindowsTasksAdobe Flash Player Updater.job2014-05-09 13:16 - 2011-09-06 20:05 - 00000000 ____D () C:UsersKremena GeorgievaAppDataLocalCrashDumps2014-05-09 13:16 - 2011-09-03 09:04 - 00000000 ____D () C:UsersKremena GeorgievaAppDataRoamingTeamViewer2014-05-09 13:14 - 2013-12-20 12:00 - 00020923 _____ () C:UsersKremena GeorgievaDesktop2014.xlsx2014-05-09 12:42 - 2009-07-14 08:13 - 00006446 _____ () C:Windowssystem32PerfStringBackup.INI2014-05-09 12:41 - 2014-05-08 14:23 - 00000000 ____D () C:UsersKremena GeorgievaAppDataRoamingIwbeis2014-05-09 12:40 - 2014-05-08 14:23 - 00000000 ____D () C:UsersKremena GeorgievaAppDataRoamingUxmi2014-05-09 12:40 - 2009-07-14 06:20 - 00000000 ____D () C:Windowstracing2014-05-09 10:49 - 2014-05-09 10:48 - 00119512 _____ (Malwarebytes Corporation) C:Windowssystem32DriversMBAMSwissArmy.sys2014-05-09 10:48 - 2014-05-09 10:48 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Malware2014-05-09 10:48 - 2014-05-09 10:48 - 00000000 ____D () C:Program Files (x86)Malwarebytes Anti-Malware2014-05-09 10:48 - 2013-06-18 12:55 - 00000000 ____D () C:ProgramDataMalwarebytes2014-05-09 10:45 - 2009-07-14 07:45 - 00022096 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-05-09 10:45 - 2009-07-14 07:45 - 00022096 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-05-09 10:38 - 2011-09-04 07:33 - 00000000 ____D () C:WindowsMinidump2014-05-09 10:30 - 2011-09-02 15:10 - 01962955 _____ () C:WindowsWindowsUpdate.log2014-05-09 10:04 - 2011-12-07 12:08 - 00000000 ____D () C:UsersKremena GeorgievaAppDataLocalESET2014-05-09 09:49 - 2011-09-02 19:25 - 00001004 _____ () C:WindowsTasksGoogleUpdateTaskUserS-1-5-21-1639035527-594000354-161818179-1000Core.job2014-05-08 14:35 - 2014-05-08 14:28 - 13142453 _____ () C:UsersKremena GeorgievaDesktopEuropeanColorCosmeticPackaging.rar2014-05-08 14:34 - 2014-05-08 14:32 - 13142453 _____ () C:UsersKremena GeorgievaDesktopInterton_2014.rar2014-05-08 14:33 - 2014-05-08 14:33 - 00000000 ____D () C:UsersKremena GeorgievaDesktopInterton_20142014-05-08 14:30 - 2014-05-08 14:30 - 00000000 ____D () C:UsersKremena GeorgievaDesktopEuropeanColorCosmeticPackaging2014-05-08 14:29 - 2012-08-08 11:45 - 00000000 ____D () C:ProgramDataboost_interprocess2014-05-08 10:23 - 2013-09-07 12:08 - 00000000 ____D () C:UsersKremena GeorgievaDesktopimages2014-05-08 09:23 - 2011-11-22 17:07 - 00065536 _____ () C:Windowssystem32Ikeext.etl2014-05-08 09:22 - 2011-09-02 18:08 - 00000000 ____D () C:ProgramDataNVIDIA2014-05-08 09:22 - 2009-07-14 08:08 - 00000006 ____H () C:WindowsTasksSA.DAT2014-05-08 09:22 - 2009-07-14 07:51 - 00104465 _____ () C:Windowssetupact.log2014-05-08 08:54 - 2014-05-08 08:54 - 00000000 ___SD () C:Windowssystem32CompatTel2014-05-07 18:44 - 2014-05-08 14:36 - 00156783 _____ () C:UsersKremena GeorgievaDesktopflipper.swf2014-05-01 12:48 - 2011-09-02 16:03 - 00000000 ____D () C:UsersKremena GeorgievaAppDataRoamingMozilla2014-04-30 10:56 - 2013-09-22 12:10 - 00000000 ____D () C:UsersKremena GeorgievaDesktopInvoices2014-04-29 17:01 - 2014-05-03 05:20 - 23547904 _____ (Microsoft Corporation) C:Windowssystem32mshtml.dll2014-04-29 16:40 - 2014-05-03 05:19 - 02724864 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb2014-04-29 15:48 - 2014-05-03 05:20 - 17384448 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.dll2014-04-29 15:34 - 2014-05-03 05:19 - 02724864 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb2014-04-29 11:37 - 2012-07-22 22:25 - 00003768 _____ () C:WindowsSystem32TasksAdobe Flash Player Updater2014-04-29 11:37 - 2012-05-21 09:37 - 00692400 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerApp.exe2014-04-29 11:37 - 2011-09-02 16:05 - 00070832 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerCPLApp.cpl2014-04-21 14:18 - 2009-07-14 06:20 - 00000000 ____D () C:Windowsrescache2014-04-21 12:51 - 2014-04-21 12:51 - 00000000 __SHD () C:UsersKremena GeorgievaAppDataLocalEmieUserList2014-04-21 12:51 - 2014-04-21 12:51 - 00000000 __SHD () C:UsersKremena GeorgievaAppDataLocalEmieSiteList2014-04-21 12:49 - 2009-07-14 06:20 - 00000000 ____D () C:WindowsPolicyDefinitions2014-04-18 11:21 - 2010-11-21 06:47 - 00233646 _____ () C:WindowsPFRO.log2014-04-17 15:26 - 2012-02-06 12:47 - 00031232 _____ () C:UsersKremena GeorgievaDesktopCopy of Kopas 30 50.xls2014-04-15 08:58 - 2011-09-02 17:49 - 00000000 ____D () C:ProgramDataMicrosoft Help2014-04-15 08:56 - 2013-07-16 09:24 - 00000000 ____D () C:Windowssystem32MRT2014-04-15 08:52 - 2011-09-02 16:03 - 90655440 _____ (Microsoft Corporation) C:Windowssystem32MRT.exe2014-04-14 05:24 - 2014-05-06 09:27 - 00465408 _____ (Microsoft Corporation) C:Windowssystem32aepdu.dll2014-04-14 05:19 - 2014-05-06 09:27 - 00424448 _____ (Microsoft Corporation) C:Windowssystem32aeinv.dll2014-04-11 08:47 - 2013-03-10 21:00 - 00000000 ____D () C:Program Files (x86)Mozilla Maintenance Service2014-04-09 09:03 - 2013-01-24 16:16 - 00000000 ____D () C:UsersKremena GeorgievaDesktopMe ZeroAccess:C:$Recycle.BinS-1-5-21-1639035527-594000354-161818179-1000$b3625afb9fe626920b66025267b1f4f9 Files to move or delete:====================C:UsersKremena GeorgievaLJM1130_M1210_Full_Solution.exe Some content of TEMP:====================C:UsersAdministratorAppDataLocalTempGomEncDnInstaller.exeC:UsersAdministratorAppDataLocalTempSHSetup.exeC:UsersAdministratorAppDataLocalTempsiinst.exeC:UsersAdministratorAppDataLocalTempstrings.dllC:UsersAdministratorAppDataLocalTemptbuTor.dll ==================== Bamital & volsnap Check ================= C:WindowsSystem32winlogon.exe => MD5 is legitC:WindowsSystem32wininit.exe => MD5 is legitC:WindowsSysWOW64wininit.exe => MD5 is legitC:Windowsexplorer.exe => MD5 is legitC:WindowsSysWOW64explorer.exe => MD5 is legitC:WindowsSystem32svchost.exe => MD5 is legitC:WindowsSysWOW64svchost.exe => MD5 is legitC:WindowsSystem32services.exe => MD5 is legitC:WindowsSystem32User32.dll => MD5 is legitC:WindowsSysWOW64User32.dll => MD5 is legitC:WindowsSystem32userinit.exe => MD5 is legitC:WindowsSysWOW64userinit.exe => MD5 is legitC:WindowsSystem32rpcss.dll => MD5 is legitC:WindowsSystem32Driversvolsnap.sys => MD5 is legit LastRegBack: 2014-04-29 09:05 ==================== End Of Log ============================ Прикачих и от Eset лог-аAddition.txt eset.txt FRST.txt
  20. Здравейте, от известно време лаптопът ми издава звуци направо като прахосмукачка. Вентилаторът се скъсва да върти от някакви слаби натоварвания като един браузър например. Ще съм много благодарен ако ми помогнете! FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014 01 Ran by ixi (administrator) on PC on 26-08-2014 00:18:21 Running from C:UsersixiDesktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Български (България) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:Program FilesMicrosoft Security ClientMsMpEng.exe (AMD) C:WindowsSystem32atiesrxx.exe (AMD) C:WindowsSystem32atieclxx.exe (Microsoft Corporation) C:WindowsSystem32wlanext.exe (Apple Computer, Inc.) C:Program Files (x86)BonjourmDNSResponder.exe (Microsoft Corporation) C:Program Files (x86)SkypeToolbarsAutoUpdateSkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:Program Files (x86)SkypeToolbarsPNRSvcSkypeC2CPNRSvc.exe (mst software GmbH, Germany) C:Program Files (x86)AshampooAshampoo WinOptimizer 10DfSdkS64.exe (Acer Incorporated) C:Program FilesAcerAcer PowerSmart ManagerePowerSvc.exe (Acer Incorporated) C:Program Files (x86)AcerRegistrationGREGsvc.exe (Intel Corporation) C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe (Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe (NewTech Infosystems, Inc.) C:Program Files (x86)NewTech InfosystemsAcer Backup ManagerIScheduleSvc.exe (NTI, Inc.) C:Program Files (x86)NewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe () C:Program Files (x86)HTCInternet Pass-ThroughPassThruSvr.exe (Acer Incorporated) C:Program Files (x86)AcerAcer VCMRS_Service.exe (Acer Group) C:Program FilesAcerAcer UpdaterUpdaterService.exe (Microsoft Corp.) C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (Microsoft Corporation) C:Program FilesMicrosoft Security Clientmsseces.exe (Intel Corporation) C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTmon.exe (Synaptics Incorporated) C:Program FilesSynapticsSynTPSynTPEnh.exe (Microsoft Corp.) C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVCM.EXE () C:Program Files (x86)RocketDockRocketDock.exe (Synaptics Incorporated) C:Program FilesSynapticsSynTPSynTPHelper.exe (Dritek System Inc.) C:Program Files (x86)Launch ManagerLManager.exe (Oracle Corporation) C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (Microsoft Corporation) C:Program FilesMicrosoft Security ClientNisSrv.exe (Advanced Micro Devices Inc.) C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ATI Technologies Inc.) C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (Microsoft Corporation) C:WindowsSystem32dllhost.exe (Nero AG) C:Program Files (x86)NeroUpdateNASvc.exe (Intel Corporation) C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM...Run: [MSC] => c:Program FilesMicrosoft Security Clientmsseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM...Run: [synTPEnh] => C:Program FilesSynapticsSynTPSynTPEnh.exe [1825064 2009-09-03] (Synaptics Incorporated) HKLM-x32...Run: [LManager] => C:Program Files (x86)Launch ManagerLManager.exe [1157640 2009-10-07] (Dritek System Inc.) HKLM-x32...Run: [sunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32...Run: [startCCC] => C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.) HKU.DEFAULT...RunOnce: [sPReview] => C:WindowsSystem32SPReviewSPReview.exe [301568 2013-09-11] (Microsoft Corporation) HKUS-1-5-21-2411341698-1123546938-1689852013-1001...Run: [RocketDock] => C:Program Files (x86)RocketDockRocketDock.exe [495616 2007-09-02] () HKUS-1-5-21-2411341698-1123546938-1689852013-1001...Run: [DAEMON Tools Lite] => C:Program Files (x86)DAEMON Tools LiteDTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKUS-1-5-21-2411341698-1123546938-1689852013-1001...MountPoints2: {ab90fd37-1deb-11e3-94da-1c7508401a5a} - G:HTC_Sync_Manager_PC.exe HKUS-1-5-21-2411341698-1123546938-1689852013-1001...MountPoints2: {ec7ae6cf-4a05-11e3-b95b-1c7508401a5a} - G:LGAutoRun.exe Lsa: [Notification Packages] ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://acer.msn.com SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:Program Files (x86)Microsoft OfficeOffice14GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program Files (x86)Javajre7binssv.dll (Oracle Corporation) BHO-x32: Помощник за влизане на Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:Program Files (x86)Windows LiveCompanioncompanioncore.dll (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:Program Files (x86)SkypeToolbarsInternet ExplorerSkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:Program Files (x86)Microsoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program Files (x86)Javajre7binjp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet ExplorerSkypeIEPlugin.dll (Microsoft Corporation) TcpipParameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:UsersixiAppDataRoamingMozillaFirefoxProfilesrhzvr050.default FF SearchEngineOrder.3: Bing FF Plugin: @adobe.com/FlashPlayer -> C:Windowssystem32MacromedFlashNPSWF64_14_0_0_179.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:Program FilesMicrosoft Silverlight5.1.30514.0npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:WindowsSysWOW64MacromedFlashNPSWF32_14_0_0_179.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:Program Files (x86)Javajre7bindtpluginnpDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:Program Files (x86)Javajre7binplugin2npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:Program Files (x86)Microsoft Silverlight5.1.30514.0npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:PROGRA~2MICROS~3Office14NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:PROGRA~2MICROS~3Office14NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:Program Files (x86)GoogleUpdate1.3.24.15npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:Program Files (x86)GoogleUpdate1.3.24.15npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:UsersixiAppDataRoamingMozillapluginsnpgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:UsersixiAppDataRoamingMozillapluginsnpo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:UsersixiAppDataLocalGoogleUpdate1.3.24.15npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:UsersixiAppDataLocalGoogleUpdate1.3.24.15npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:UsersixiAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS) FF user.js: detected! => C:UsersixiAppDataRoamingMozillaFirefoxProfilesrhzvr050.defaultuser.js FF Plugin ProgramFiles/Appdata: C:Program Files (x86)mozilla firefoxpluginsnpwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:UsersixiAppDataRoamingmozillapluginsnpgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:UsersixiAppDataRoamingmozillapluginsnpo1d.dll (Google) FF SearchPlugin: C:UsersixiAppDataRoamingMozillaFirefoxProfilesrhzvr050.defaultsearchpluginsbingp.xml FF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchplugins911bg.xml FF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginsdiribg.xml FF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginspe-bg.xml FF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginsportalbgdict.xml FF Extension: Super Start - C:UsersixiAppDataRoamingMozillaFirefoxProfilesrhzvr050.defaultExtensionssuperstart@enjoyfreeware.org [2014-06-27] FF Extension: QuickStores-Toolbar - C:Program Files (x86)Mozilla Firefoxextensionsquickstores@quickstores.de [2014-08-04] FF Extension: Skype Click to Call - C:Program Files (x86)Mozilla Firefoxbrowserextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-08-04] Chrome: ======= CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3310393&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP255423B5-9DF1-4CC4-9137-E687D3ECE348 CHR StartupUrls: Default -> "chrome://newtab/" CHR Profile: C:UsersixiAppDataLocalGoogleChromeUser DataDefault CHR Extension: (Momentum New Tab Page) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionsabdholagkagimalmpmohnkmpcbjomlgp [2014-07-28] CHR Extension: (Google Документи) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2014-07-28] CHR Extension: (Google Диск) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2014-07-28] CHR Extension: (YouTube) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-28] CHR Extension: (Google Търсене) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf [2014-07-28] CHR Extension: (Jewel Quest) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionsdeigkcoephgpkjhckaiimibhkfeabfjk [2014-08-18] CHR Extension: (Anti-Like Facebook) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionsniheeajpplilbehnllnneaihbhgenhkk [2014-07-28] CHR Extension: (Google Wallet) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2014-07-28] CHR Extension: (Jewels HD) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionsopmonmpnlegnelddekgpmmhileohhpma [2014-08-18] CHR Extension: (Gmail) - C:UsersixiAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2014-07-28] CHR HKLM-x32...ChromeExtension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:Program Files (x86)SkypeToolbarsChromeExtensionskype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Bonjour Service; C:Program Files (x86)BonjourmDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] R2 c2cautoupdatesvc; C:Program Files (x86)SkypeToolbarsAutoUpdateSkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:Program Files (x86)SkypeToolbarsPNRSvcSkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 DfSdkS; C:Program Files (x86)AshampooAshampoo WinOptimizer 10DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed] R2 ePowerSvc; C:Program FilesAcerAcer PowerSmart ManagerePowerSvc.exe [783392 2010-02-26] (Acer Incorporated) S3 FLEXnet Licensing Service; C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [654848 2013-09-11] (Macrovision Europe Ltd.) [File not signed] S3 IDriverT; C:Program Files (x86)Common FilesInstallShieldDriver1150Intel 32IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 MSCSPTISRV; C:Program Files (x86)Common FilesSony SharedAVLibMSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed] R2 MsMpSvc; C:Program FilesMicrosoft Security ClientMsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; C:Program FilesMicrosoft Security ClientNisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 NTISchedulerSvc; C:Program Files (x86)NewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.) S3 PACSPTISVR; C:Program Files (x86)Common FilesSony SharedAVLibPACSPTISVR.exe [57344 2006-12-14] () [File not signed] R2 PassThru Service; C:Program Files (x86)HTCInternet Pass-ThroughPassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 RS_Service; C:Program Files (x86)AcerAcer VCMRS_Service.exe [260640 2010-01-30] (Acer Incorporated) S3 SonicStage Back-End Service; C:Program Files (x86)Common FilesSony SharedAVLibSsBeSvc.exe [112184 2007-02-05] (Sony Corporation) S3 SPTISRV; C:Program Files (x86)Common FilesSony SharedAVLibSPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed] S3 SSScsiSV; C:Program Files (x86)Common FilesSony SharedAVLibSSScsiSV.exe [75320 2007-02-05] (Sony Corporation) S3 TunngleService; C:Program Files (x86)TunngleTnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 amdkmdap; C:WindowsSystem32DRIVERSatikmpag.sys [638976 2014-04-18] (Advanced Micro Devices, Inc.) [File not signed] S3 AtiHDAudioService; C:WindowsSystem32driversAtihdW76.sys [94720 2013-12-19] (Advanced Micro Devices) [File not signed] R1 dtsoftbus01; C:WindowsSystem32DRIVERSdtsoftbus01.sys [283200 2013-09-11] (DT Soft Ltd) S0 johci; C:WindowsSystem32DRIVERSjohci.sys [20392 2009-09-21] (JMicron ) R3 MBAMProtector; C:Windowssystem32driversmbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:Windowssystem32driversmwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:WindowsSystem32DRIVERSMpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:WindowsSystem32DRIVERSNisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R3 tap0901t; C:WindowsSystem32DRIVERStap0901t.sys [31232 2009-09-16] (Tunngle.net) R2 TurboB; C:WindowsSystem32DRIVERSTurboB.sys [13784 2009-11-02] () S3 andnetadb; System32Driverslgandnetadb.sys [X] S3 AndNetDiag; system32DRIVERSlgandnetdiag64.sys [X] S3 ANDNetModem; system32DRIVERSlgandnetmodem64.sys [X] S3 NPF; system32driversNPF.sys [X] S3 pccsmcfd; system32DRIVERSpccsmcfdx64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the filefolder will be moved.) 2014-08-26 00:18 - 2014-08-26 00:19 - 00018803 _____ () C:UsersixiDesktopFRST.txt 2014-08-26 00:18 - 2014-08-26 00:18 - 00000000 ____D () C:FRST 2014-08-26 00:16 - 2014-08-26 00:17 - 02103296 _____ (Farbar) C:UsersixiDesktopFRST64.exe 2014-08-26 00:09 - 2014-08-26 00:09 - 00000056 _____ () C:Windowssetupact.log 2014-08-26 00:09 - 2014-08-26 00:09 - 00000000 _____ () C:Windowssetuperr.log 2014-08-25 23:41 - 2014-08-25 23:41 - 00000000 ____D () C:UsersixiDocumentsTunngle 2014-08-23 16:37 - 2014-08-23 16:37 - 00000000 ____D () C:UsersixiAppDataRoamingbizarre creations 2014-08-22 18:24 - 2014-08-22 18:24 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsBlur 2014-08-22 15:52 - 2014-08-22 15:52 - 00000000 ____D () C:UsersixiAppDataRoamingLeadertech 2014-08-21 16:15 - 2014-08-22 15:55 - 00000000 ____D () C:UsersixiAppDataRoamingLucasArts 2014-08-20 18:27 - 2014-08-22 15:53 - 00000183 _____ () C:Windowsdisney.ini 2014-08-20 18:04 - 2014-08-20 18:04 - 00000000 ____D () C:UsersixiAppDataLocalMercurySteam 2014-08-20 18:04 - 2014-08-20 18:04 - 00000000 ____D () C:UsersixiAppDataLocalEMU 2014-08-18 15:58 - 2014-08-18 15:58 - 00001315 _____ () C:UsersixiDesktopOneDrive.lnk 2014-08-18 15:55 - 2014-08-18 15:57 - 00000000 ___RD () C:UsersixiOneDrive 2014-08-18 15:55 - 2014-08-18 15:56 - 00002166 _____ () C:UsersixiAppDataRoamingMicrosoftWindowsStart MenuProgramsMicrosoft OneDrive.lnk 2014-08-18 15:55 - 2014-08-18 15:55 - 00000000 ____D () C:ProgramDataMicrosoft OneDrive 2014-08-18 15:55 - 2014-08-18 15:55 - 00000000 ____D () C:Program Files (x86)Microsoft OneDrive 2014-08-17 12:56 - 2014-07-01 01:24 - 00008856 _____ (Microsoft Corporation) C:Windowssystem32icardres.dll 2014-08-17 12:56 - 2014-07-01 01:14 - 00008856 _____ (Microsoft Corporation) C:WindowsSysWOW64icardres.dll 2014-08-17 12:56 - 2014-03-10 00:48 - 01389208 _____ (Microsoft Corporation) C:Windowssystem32icardagt.exe 2014-08-17 12:56 - 2014-03-10 00:48 - 00171160 _____ (Microsoft Corporation) C:Windowssystem32infocardapi.dll 2014-08-17 12:56 - 2014-03-10 00:47 - 00619672 _____ (Microsoft Corporation) C:WindowsSysWOW64icardagt.exe 2014-08-17 12:56 - 2014-03-10 00:47 - 00099480 _____ (Microsoft Corporation) C:WindowsSysWOW64infocardapi.dll 2014-08-17 12:55 - 2014-06-06 09:16 - 00035480 _____ (Microsoft Corporation) C:WindowsSysWOW64TsWpfWrp.exe 2014-08-17 12:55 - 2014-06-06 09:12 - 00035480 _____ (Microsoft Corporation) C:Windowssystem32TsWpfWrp.exe 2014-08-17 12:54 - 2014-08-01 02:41 - 00348856 _____ (Microsoft Corporation) C:Windowssystem32iedkcs32.dll 2014-08-17 12:54 - 2014-08-01 02:16 - 00307384 _____ (Microsoft Corporation) C:WindowsSysWOW64iedkcs32.dll 2014-08-17 12:54 - 2014-07-25 17:52 - 23645696 _____ (Microsoft Corporation) C:Windowssystem32mshtml.dll 2014-08-17 12:54 - 2014-07-25 17:02 - 02724864 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb 2014-08-17 12:54 - 2014-07-25 17:01 - 00004096 _____ (Microsoft Corporation) C:Windowssystem32ieetwcollectorres.dll 2014-08-17 12:54 - 2014-07-25 16:51 - 17524224 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.dll 2014-08-17 12:54 - 2014-07-25 16:30 - 00066048 _____ (Microsoft Corporation) C:Windowssystem32iesetup.dll 2014-08-17 12:54 - 2014-07-25 16:28 - 00548352 _____ (Microsoft Corporation) C:Windowssystem32vbscript.dll 2014-08-17 12:54 - 2014-07-25 16:28 - 00048640 _____ (Microsoft Corporation) C:Windowssystem32ieetwproxystub.dll 2014-08-17 12:54 - 2014-07-25 16:25 - 02774528 _____ (Microsoft Corporation) C:Windowssystem32iertutil.dll 2014-08-17 12:54 - 2014-07-25 16:25 - 00083968 _____ (Microsoft Corporation) C:Windowssystem32MshtmlDac.dll 2014-08-17 12:54 - 2014-07-25 16:11 - 00051200 _____ (Microsoft Corporation) C:Windowssystem32jsproxy.dll 2014-08-17 12:54 - 2014-07-25 16:10 - 00033792 _____ (Microsoft Corporation) C:Windowssystem32iernonce.dll 2014-08-17 12:54 - 2014-07-25 16:04 - 02724864 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb 2014-08-17 12:54 - 2014-07-25 16:03 - 00598016 _____ (Microsoft Corporation) C:Windowssystem32ieui.dll 2014-08-17 12:54 - 2014-07-25 16:00 - 00139264 _____ (Microsoft Corporation) C:Windowssystem32ieUnatt.exe 2014-08-17 12:54 - 2014-07-25 16:00 - 00111616 _____ (Microsoft Corporation) C:Windowssystem32ieetwcollector.exe 2014-08-17 12:54 - 2014-07-25 15:59 - 00758272 _____ (Microsoft Corporation) C:Windowssystem32jscript9diag.dll 2014-08-17 12:54 - 2014-07-25 15:47 - 00940032 _____ (Microsoft Corporation) C:Windowssystem32MsSpellCheckingFacility.exe 2014-08-17 12:54 - 2014-07-25 15:40 - 00452096 _____ (Microsoft Corporation) C:Windowssystem32dxtmsft.dll 2014-08-17 12:54 - 2014-07-25 15:34 - 00455168 _____ (Microsoft Corporation) C:WindowsSysWOW64vbscript.dll 2014-08-17 12:54 - 2014-07-25 15:34 - 00061952 _____ (Microsoft Corporation) C:WindowsSysWOW64iesetup.dll 2014-08-17 12:54 - 2014-07-25 15:33 - 00051200 _____ (Microsoft Corporation) C:WindowsSysWOW64ieetwproxystub.dll 2014-08-17 12:54 - 2014-07-25 15:30 - 00061952 _____ (Microsoft Corporation) C:WindowsSysWOW64MshtmlDac.dll 2014-08-17 12:54 - 2014-07-25 15:28 - 05824512 _____ (Microsoft Corporation) C:Windowssystem32jscript9.dll 2014-08-17 12:54 - 2014-07-25 15:28 - 00072704 _____ (Microsoft Corporation) C:Windowssystem32JavaScriptCollectionAgent.dll 2014-08-17 12:54 - 2014-07-25 15:21 - 02184704 _____ (Microsoft Corporation) C:WindowsSysWOW64iertutil.dll 2014-08-17 12:54 - 2014-07-25 15:19 - 00195584 _____ (Microsoft Corporation) C:Windowssystem32msrating.dll 2014-08-17 12:54 - 2014-07-25 15:18 - 00043008 _____ (Microsoft Corporation) C:WindowsSysWOW64jsproxy.dll 2014-08-17 12:54 - 2014-07-25 15:17 - 00085504 _____ (Microsoft Corporation) C:Windowssystem32mshtmled.dll 2014-08-17 12:54 - 2014-07-25 15:17 - 00032768 _____ (Microsoft Corporation) C:WindowsSysWOW64iernonce.dll 2014-08-17 12:54 - 2014-07-25 15:12 - 00438784 _____ (Microsoft Corporation) C:WindowsSysWOW64ieui.dll 2014-08-17 12:54 - 2014-07-25 15:10 - 00292864 _____ (Microsoft Corporation) C:Windowssystem32dxtrans.dll 2014-08-17 12:54 - 2014-07-25 15:10 - 00112128 _____ (Microsoft Corporation) C:WindowsSysWOW64ieUnatt.exe 2014-08-17 12:54 - 2014-07-25 15:08 - 00597504 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript9diag.dll 2014-08-17 12:54 - 2014-07-25 15:06 - 04204032 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript9.dll 2014-08-17 12:54 - 2014-07-25 14:52 - 00367104 _____ (Microsoft Corporation) C:WindowsSysWOW64dxtmsft.dll 2014-08-17 12:54 - 2014-07-25 14:47 - 00631808 _____ (Microsoft Corporation) C:Windowssystem32msfeeds.dll 2014-08-17 12:54 - 2014-07-25 14:43 - 00060416 _____ (Microsoft Corporation) C:WindowsSysWOW64JavaScriptCollectionAgent.dll 2014-08-17 12:54 - 2014-07-25 14:42 - 00692736 _____ (Microsoft Corporation) C:Windowssystem32ie4uinit.exe 2014-08-17 12:54 - 2014-07-25 14:39 - 02087936 _____ (Microsoft Corporation) C:Windowssystem32inetcpl.cpl 2014-08-17 12:54 - 2014-07-25 14:39 - 01249280 _____ (Microsoft Corporation) C:Windowssystem32mshtmlmedia.dll 2014-08-17 12:54 - 2014-07-25 14:36 - 00164864 _____ (Microsoft Corporation) C:WindowsSysWOW64msrating.dll 2014-08-17 12:54 - 2014-07-25 14:34 - 00069632 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtmled.dll 2014-08-17 12:54 - 2014-07-25 14:29 - 00239616 _____ (Microsoft Corporation) C:WindowsSysWOW64dxtrans.dll 2014-08-17 12:54 - 2014-07-25 14:23 - 13547008 _____ (Microsoft Corporation) C:Windowssystem32ieframe.dll 2014-08-17 12:54 - 2014-07-25 14:13 - 00526336 _____ (Microsoft Corporation) C:WindowsSysWOW64msfeeds.dll 2014-08-17 12:54 - 2014-07-25 14:07 - 02001920 _____ (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl 2014-08-17 12:54 - 2014-07-25 14:07 - 01068032 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtmlmedia.dll 2014-08-17 12:54 - 2014-07-25 14:03 - 11772928 _____ (Microsoft Corporation) C:WindowsSysWOW64ieframe.dll 2014-08-17 12:54 - 2014-07-25 13:52 - 02266624 _____ (Microsoft Corporation) C:Windowssystem32wininet.dll 2014-08-17 12:54 - 2014-07-25 13:26 - 01431040 _____ (Microsoft Corporation) C:Windowssystem32urlmon.dll 2014-08-17 12:54 - 2014-07-25 13:17 - 00846336 _____ (Microsoft Corporation) C:Windowssystem32ieapfltr.dll 2014-08-17 12:54 - 2014-07-25 13:09 - 00704512 _____ (Microsoft Corporation) C:WindowsSysWOW64ieapfltr.dll 2014-08-17 12:54 - 2014-07-25 13:05 - 01792512 _____ (Microsoft Corporation) C:WindowsSysWOW64wininet.dll 2014-08-17 12:54 - 2014-07-25 13:00 - 01169920 _____ (Microsoft Corporation) C:WindowsSysWOW64urlmon.dll 2014-08-17 12:54 - 2014-07-16 06:23 - 00002048 _____ (Microsoft Corporation) C:Windowssystem32tzres.dll 2014-08-17 12:54 - 2014-07-16 05:46 - 00002048 _____ (Microsoft Corporation) C:WindowsSysWOW64tzres.dll 2014-08-17 12:54 - 2014-06-03 13:02 - 03241984 _____ (Microsoft Corporation) C:Windowssystem32msi.dll 2014-08-17 12:54 - 2014-06-03 13:02 - 01941504 _____ (Microsoft Corporation) C:Windowssystem32authui.dll 2014-08-17 12:54 - 2014-06-03 13:02 - 00504320 _____ (Microsoft Corporation) C:Windowssystem32msihnd.dll 2014-08-17 12:54 - 2014-06-03 13:02 - 00112064 _____ (Microsoft Corporation) C:Windowssystem32consent.exe 2014-08-17 12:54 - 2014-06-03 12:29 - 02363392 _____ (Microsoft Corporation) C:WindowsSysWOW64msi.dll 2014-08-17 12:54 - 2014-06-03 12:29 - 01805824 _____ (Microsoft Corporation) C:WindowsSysWOW64authui.dll 2014-08-17 12:54 - 2014-06-03 12:29 - 00337408 _____ (Microsoft Corporation) C:WindowsSysWOW64msihnd.dll 2014-08-17 12:53 - 2014-07-14 05:02 - 01216000 _____ (Microsoft Corporation) C:Windowssystem32rpcrt4.dll 2014-08-17 12:53 - 2014-07-14 04:40 - 00664064 _____ (Microsoft Corporation) C:WindowsSysWOW64rpcrt4.dll 2014-08-17 12:53 - 2014-06-25 05:05 - 14175744 _____ (Microsoft Corporation) C:Windowssystem32shell32.dll 2014-08-17 12:53 - 2014-06-25 04:41 - 12874240 _____ (Microsoft Corporation) C:WindowsSysWOW64shell32.dll 2014-08-17 12:53 - 2014-06-16 05:10 - 00985536 _____ (Microsoft Corporation) C:Windowssystem32Driversdxgkrnl.sys 2014-08-17 12:38 - 2014-08-17 12:38 - 00000000 ____D () C:ProgramDataATI 2014-08-17 12:35 - 2014-08-17 12:35 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsCatalyst Control Center 2014-08-17 12:34 - 2009-11-12 00:31 - 06106624 _____ (ATI Technologies Inc.) C:Windowssystem32Driversatikmdag.sys 2014-08-17 12:34 - 2009-11-11 23:18 - 00053248 _____ (Advanced Micro Devices Inc.) C:WindowsSysWOW64aticalrt.dll 2014-08-17 12:34 - 2009-11-11 23:18 - 00053248 _____ (Advanced Micro Devices Inc.) C:WindowsSysWOW64aticalcl.dll 2014-08-17 12:34 - 2009-11-11 23:18 - 00043008 _____ (Advanced Micro Devices Inc.) C:Windowssystem32aticalrt64.dll 2014-08-17 12:34 - 2009-11-11 23:18 - 00039936 _____ (Advanced Micro Devices Inc.) C:Windowssystem32aticalcl64.dll 2014-08-17 12:34 - 2009-11-11 23:17 - 04634112 _____ (Advanced Micro Devices Inc.) C:Windowssystem32aticaldd64.dll 2014-08-17 12:34 - 2009-11-11 23:16 - 03547136 _____ (Advanced Micro Devices Inc.) C:WindowsSysWOW64aticaldd.dll 2014-08-17 12:34 - 2009-11-11 22:34 - 00479232 _____ (Advanced Micro Devices, Inc.) C:Windowssystem32ATIDEMGX.dll 2014-08-17 12:34 - 2009-11-11 22:34 - 00438784 _____ (AMD) C:Windowssystem32atieclxx.exe 2014-08-17 12:34 - 2009-11-11 22:33 - 00202752 _____ (AMD) C:Windowssystem32atiesrxx.exe 2014-08-17 12:34 - 2009-11-11 22:32 - 00120320 _____ (AMD) C:Windowssystem32atitmm64.dll 2014-08-17 12:34 - 2009-11-11 22:31 - 00421376 _____ (ATI Technologies, Inc.) C:Windowssystem32atipdl64.dll 2014-08-17 12:34 - 2009-11-11 22:31 - 00356352 _____ (ATI Technologies, Inc.) C:WindowsSysWOW64atipdlxx.dll 2014-08-17 12:34 - 2009-11-11 22:31 - 00059392 _____ (ATI Technologies, Inc.) C:Windowssystem32atiedu64.dll 2014-08-17 12:34 - 2009-11-11 22:31 - 00043520 _____ (ATI Technologies, Inc.) C:WindowsSysWOW64ati2edxx.dll 2014-08-17 12:34 - 2009-11-11 22:31 - 00012288 _____ (AMD) C:Windowssystem32atimuixx.dll 2014-08-17 12:34 - 2009-11-11 22:28 - 03034624 _____ (ATI Technologies Inc. ) C:WindowsSysWOW64atidxx32.dll 2014-08-17 12:34 - 2009-11-11 22:23 - 17199616 _____ (ATI Technologies Inc.) C:Windowssystem32atio6axx.dll 2014-08-17 12:34 - 2009-11-11 22:20 - 03624448 _____ (ATI Technologies Inc. ) C:Windowssystem32atidxx64.dll 2014-08-17 12:34 - 2009-11-11 22:12 - 03602432 _____ (ATI Technologies Inc. ) C:WindowsSysWOW64atiumdag.dll 2014-08-17 12:34 - 2009-11-11 22:06 - 04661760 _____ (ATI Technologies Inc. ) C:Windowssystem32atiumd64.dll 2014-08-17 12:34 - 2009-11-11 22:00 - 12964352 _____ (ATI Technologies Inc.) C:WindowsSysWOW64atioglxx.dll 2014-08-17 12:34 - 2009-11-11 22:00 - 02599424 _____ (Advanced Micro Devices, Inc. ) C:Windowssystem32atiumd6a.dll 2014-08-17 12:34 - 2009-11-11 21:57 - 00402016 _____ () C:Windowssystem32atiumd6a.cap 2014-08-17 12:34 - 2009-11-11 21:54 - 02899456 _____ (Advanced Micro Devices, Inc. ) C:WindowsSysWOW64atiumdva.dll 2014-08-17 12:34 - 2009-11-11 21:53 - 00402016 _____ () C:WindowsSysWOW64atiumdva.cap 2014-08-17 12:34 - 2009-11-11 21:41 - 00302592 _____ (Advanced Micro Devices, Inc.) C:Windowssystem32atiadlxx.dll 2014-08-17 12:34 - 2009-11-11 21:41 - 00208896 _____ (Advanced Micro Devices, Inc.) C:WindowsSysWOW64atiadlxy.dll 2014-08-17 12:34 - 2009-11-11 21:41 - 00053248 _____ (Advanced Micro Devices, Inc. ) C:Windowssystem32atimpc64.dll 2014-08-17 12:34 - 2009-11-11 21:41 - 00053248 _____ (Advanced Micro Devices, Inc. ) C:Windowssystem32amdpcom64.dll 2014-08-17 12:34 - 2009-11-11 21:41 - 00052224 _____ (Advanced Micro Devices, Inc. ) C:WindowsSysWOW64atimpc32.dll 2014-08-17 12:34 - 2009-11-11 21:41 - 00052224 _____ (Advanced Micro Devices, Inc. ) C:WindowsSysWOW64amdpcom32.dll 2014-08-17 12:34 - 2009-11-11 21:26 - 00053248 _____ (ATI Technologies Inc.) C:Windowssystem32Driversati2erec.dll 2014-08-17 12:34 - 2009-09-08 23:14 - 00018618 _____ () C:Windowsatiogl.xml 2014-08-17 12:34 - 2009-09-01 15:55 - 00195855 _____ () C:Windowssystem32atiicdxx.dat 2014-08-17 12:34 - 2009-02-18 13:55 - 00332288 _____ () C:Windowssystem32ATIODE.exe 2014-08-17 12:34 - 2009-02-03 16:52 - 00051200 _____ () C:Windowssystem32ATIODCLI.exe 2014-08-17 12:33 - 2014-08-17 12:35 - 00000000 ____D () C:Program FilesATI Technologies 2014-08-17 12:27 - 2014-08-17 12:27 - 00060968 _____ () C:WindowsSysWOW64CCCInstall_201408171227475244.log 2014-08-16 11:44 - 2014-08-16 11:44 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsFinalWire 2014-08-15 20:08 - 2014-08-16 01:10 - 00000000 ____D () C:ProgramDataHi-Rez Studios 2014-08-15 20:08 - 2014-08-15 20:08 - 00000000 ____D () C:UsersixiAppDataRoamingAwesomium 2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:UsersixiAppDataRoamingMicrosoftWindowsStart MenuProgramsAMD Gaming Evolved 2014-08-15 19:33 - 2014-08-17 12:28 - 00000000 ____D () C:ProgramDataAMD 2014-08-15 19:33 - 2014-08-16 11:22 - 00000000 ____D () C:UsersixiAppDataRoamingRaptr 2014-08-15 19:33 - 2014-08-15 19:34 - 00000000 ____D () C:Program Files (x86)Raptr 2014-08-15 19:33 - 2014-08-15 19:33 - 00061828 _____ () C:WindowsSysWOW64CCCInstall_201408151933168008.log 2014-08-15 19:33 - 2014-08-15 19:33 - 00000000 ____D () C:UsersixiAppDataRoaminglibrary_dir 2014-08-15 19:30 - 2014-08-15 19:30 - 00000000 ____D () C:Program FilesCommon FilesATI Technologies 2014-08-15 19:29 - 2014-08-15 19:29 - 00000000 ____D () C:Program FilesATI 2014-08-14 15:01 - 2014-08-14 15:01 - 00000000 ____D () C:Program FilesAMD 2014-08-14 14:53 - 2014-08-14 14:53 - 00000000 ____D () C:UsersixiAppDataRoamingATI 2014-08-14 14:53 - 2014-08-14 14:53 - 00000000 ____D () C:UsersixiAppDataLocalATI 2014-08-13 02:00 - 2014-08-13 02:00 - 04575232 _____ (Google Inc.) C:WindowsSysWOW64GPhotos.scr 2014-08-08 23:52 - 2014-08-08 23:52 - 00000000 ____D () C:UsersixiAppDataLocalSkyrim 2014-08-08 23:44 - 2014-08-08 23:44 - 00272808 _____ (Oracle Corporation) C:WindowsSysWOW64javaws.exe 2014-08-08 23:44 - 2014-08-08 23:44 - 00175528 _____ (Oracle Corporation) C:WindowsSysWOW64javaw.exe 2014-08-08 23:44 - 2014-08-08 23:44 - 00175528 _____ (Oracle Corporation) C:WindowsSysWOW64java.exe 2014-08-08 23:44 - 2014-08-08 23:44 - 00098216 _____ (Oracle Corporation) C:WindowsSysWOW64WindowsAccessBridge-32.dll 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:WindowsSun 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:UsersixiAppDataRoamingOracle 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:ProgramDataOracle 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsJava 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:Program Files (x86)Java 2014-08-07 23:22 - 2014-08-07 23:22 - 00000001 _____ () C:UsersixiAppDataLocalllftool.4.40.agreement 2014-08-04 20:26 - 2014-08-04 20:26 - 00000000 ____D () C:Program Files (x86)Mozilla Firefox 2014-07-29 20:17 - 2014-07-29 20:17 - 00003154 _____ () C:WindowsSystem32Tasks{105E1070-765D-47E0-B952-AB4259F339C9} 2014-07-29 11:22 - 2014-08-25 23:50 - 00000830 _____ () C:WindowsTasksAdobe Flash Player Updater.job 2014-07-29 11:22 - 2014-08-20 15:58 - 00003768 _____ () C:WindowsSystem32TasksAdobe Flash Player Updater 2014-07-28 23:06 - 2014-08-16 01:06 - 00002185 _____ () C:UsersPublicDesktopGoogle Chrome.lnk 2014-07-27 15:30 - 2014-07-27 15:30 - 00003168 _____ () C:WindowsSystem32Tasks{45C9B672-0BA5-4BC0-8CC5-3956706456A8} 2014-07-27 15:13 - 2014-08-15 19:07 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsCCleaner 2014-07-27 15:13 - 2014-07-27 15:14 - 00000000 ____D () C:Program FilesCCleaner 2014-07-27 15:13 - 2014-07-27 15:13 - 00002768 _____ () C:WindowsSystem32TasksCCleanerSkipUAC ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the filefolder will be moved.) 2014-08-26 00:19 - 2014-08-26 00:18 - 00018803 _____ () C:UsersixiDesktopFRST.txt 2014-08-26 00:18 - 2014-08-26 00:18 - 00000000 ____D () C:FRST 2014-08-26 00:17 - 2014-08-26 00:16 - 02103296 _____ (Farbar) C:UsersixiDesktopFRST64.exe 2014-08-26 00:17 - 2009-07-14 07:45 - 00009920 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-26 00:17 - 2009-07-14 07:45 - 00009920 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-26 00:15 - 2009-07-14 08:13 - 00799264 _____ () C:Windowssystem32PerfStringBackup.INI 2014-08-26 00:13 - 2013-09-11 15:14 - 01406453 _____ () C:WindowsWindowsUpdate.log 2014-08-26 00:10 - 2014-07-25 22:59 - 00000988 _____ () C:WindowsTasksGoogleUpdateTaskMachineCore.job 2014-08-26 00:10 - 2009-07-14 08:08 - 00000006 ____H () C:WindowsTasksSA.DAT 2014-08-26 00:09 - 2014-08-26 00:09 - 00000056 _____ () C:Windowssetupact.log 2014-08-26 00:09 - 2014-08-26 00:09 - 00000000 _____ () C:Windowssetuperr.log 2014-08-26 00:09 - 2013-09-11 16:46 - 00000000 ____D () C:UsersixiAppDataRoaminguTorrent 2014-08-26 00:04 - 2014-07-25 22:59 - 00000992 _____ () C:WindowsTasksGoogleUpdateTaskMachineUA.job 2014-08-25 23:58 - 2014-07-19 10:31 - 00000000 ____D () C:ProgramDataTunngle 2014-08-25 23:50 - 2014-07-29 11:22 - 00000830 _____ () C:WindowsTasksAdobe Flash Player Updater.job 2014-08-25 23:48 - 2014-07-11 23:43 - 00001000 _____ () C:WindowsTasksGoogleUpdateTaskUserS-1-5-21-2411341698-1123546938-1689852013-1001UA.job 2014-08-25 23:48 - 2014-07-11 23:43 - 00000948 _____ () C:WindowsTasksGoogleUpdateTaskUserS-1-5-21-2411341698-1123546938-1689852013-1001Core.job 2014-08-25 23:42 - 2013-10-12 17:20 - 00000000 ____D () C:UsersixiDocumentsMy Games 2014-08-25 23:41 - 2014-08-25 23:41 - 00000000 ____D () C:UsersixiDocumentsTunngle 2014-08-25 03:13 - 2014-05-31 07:32 - 00122584 _____ (Malwarebytes Corporation) C:Windowssystem32DriversMBAMSwissArmy.sys 2014-08-24 12:13 - 2009-07-14 08:08 - 00032534 _____ () C:WindowsTasksSCHEDLGU.TXT 2014-08-23 16:37 - 2014-08-23 16:37 - 00000000 ____D () C:UsersixiAppDataRoamingbizarre creations 2014-08-22 18:24 - 2014-08-22 18:24 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsBlur 2014-08-22 18:24 - 2010-09-13 11:56 - 00000000 ___HD () C:Program Files (x86)InstallShield Installation Information 2014-08-22 16:08 - 2009-07-14 08:32 - 00000000 ___RD () C:ProgramDataMicrosoftWindowsStart MenuProgramsGames 2014-08-22 15:55 - 2014-08-21 16:15 - 00000000 ____D () C:UsersixiAppDataRoamingLucasArts 2014-08-22 15:53 - 2014-08-20 18:27 - 00000183 _____ () C:Windowsdisney.ini 2014-08-22 15:52 - 2014-08-22 15:52 - 00000000 ____D () C:UsersixiAppDataRoamingLeadertech 2014-08-20 18:04 - 2014-08-20 18:04 - 00000000 ____D () C:UsersixiAppDataLocalMercurySteam 2014-08-20 18:04 - 2014-08-20 18:04 - 00000000 ____D () C:UsersixiAppDataLocalEMU 2014-08-20 17:46 - 2013-09-11 16:48 - 00000000 ____D () C:UsersixiAppDataRoamingDAEMON Tools Lite 2014-08-20 15:58 - 2014-07-29 11:22 - 00003768 _____ () C:WindowsSystem32TasksAdobe Flash Player Updater 2014-08-20 15:58 - 2013-09-12 15:02 - 00699568 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerApp.exe 2014-08-20 15:58 - 2013-09-12 15:02 - 00071344 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerCPLApp.cpl 2014-08-20 00:31 - 2013-09-11 17:09 - 00000000 ____D () C:UsersixiAppDataRoamingSkype 2014-08-18 20:49 - 2013-09-11 16:57 - 00000000 ____D () C:ProgramDataSkype 2014-08-18 15:58 - 2014-08-18 15:58 - 00001315 _____ () C:UsersixiDesktopOneDrive.lnk 2014-08-18 15:57 - 2014-08-18 15:55 - 00000000 ___RD () C:UsersixiOneDrive 2014-08-18 15:56 - 2014-08-18 15:55 - 00002166 _____ () C:UsersixiAppDataRoamingMicrosoftWindowsStart MenuProgramsMicrosoft OneDrive.lnk 2014-08-18 15:55 - 2014-08-18 15:55 - 00000000 ____D () C:ProgramDataMicrosoft OneDrive 2014-08-18 15:55 - 2014-08-18 15:55 - 00000000 ____D () C:Program Files (x86)Microsoft OneDrive 2014-08-18 15:55 - 2013-09-11 15:48 - 00000000 ____D () C:Usersixi 2014-08-18 15:36 - 2009-07-14 06:20 - 00000000 ____D () C:Windowsrescache 2014-08-17 13:10 - 2009-07-14 06:20 - 00000000 ____D () C:WindowsSysWOW64bg-BG 2014-08-17 13:10 - 2009-07-14 06:20 - 00000000 ____D () C:Windowssystem32bg-BG 2014-08-17 13:10 - 2009-07-14 06:20 - 00000000 ____D () C:WindowsPolicyDefinitions 2014-08-17 13:09 - 2013-09-11 16:51 - 00000000 ____D () C:ProgramDataMicrosoft Help 2014-08-17 13:04 - 2013-09-11 22:50 - 00000000 ____D () C:Windowssystem32MRT 2014-08-17 13:00 - 2013-09-11 22:49 - 99218768 _____ (Microsoft Corporation) C:Windowssystem32MRT.exe 2014-08-17 12:38 - 2014-08-17 12:38 - 00000000 ____D () C:ProgramDataATI 2014-08-17 12:35 - 2014-08-17 12:35 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsCatalyst Control Center 2014-08-17 12:35 - 2014-08-17 12:33 - 00000000 ____D () C:Program FilesATI Technologies 2014-08-17 12:28 - 2014-08-15 19:33 - 00000000 ____D () C:ProgramDataAMD 2014-08-17 12:28 - 2013-09-11 15:13 - 00000000 ____D () C:Program Files (x86)ATI Technologies 2014-08-17 12:27 - 2014-08-17 12:27 - 00060968 _____ () C:WindowsSysWOW64CCCInstall_201408171227475244.log 2014-08-16 13:58 - 2013-10-28 12:54 - 00000000 ____D () C:Program Files (x86)Steam 2014-08-16 11:48 - 2013-09-12 04:30 - 00000000 ____D () C:Program Files (x86)SpeedFan 2014-08-16 11:44 - 2014-08-16 11:44 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsFinalWire 2014-08-16 11:44 - 2013-09-13 22:31 - 00000000 ____D () C:Program Files (x86)FinalWire 2014-08-16 11:22 - 2014-08-15 19:33 - 00000000 ____D () C:UsersixiAppDataRoamingRaptr 2014-08-16 01:10 - 2014-08-15 20:08 - 00000000 ____D () C:ProgramDataHi-Rez Studios 2014-08-16 01:06 - 2014-07-28 23:06 - 00002185 _____ () C:UsersPublicDesktopGoogle Chrome.lnk 2014-08-15 20:08 - 2014-08-15 20:08 - 00000000 ____D () C:UsersixiAppDataRoamingAwesomium 2014-08-15 19:34 - 2014-08-15 19:34 - 00000000 ____D () C:UsersixiAppDataRoamingMicrosoftWindowsStart MenuProgramsAMD Gaming Evolved 2014-08-15 19:34 - 2014-08-15 19:33 - 00000000 ____D () C:Program Files (x86)Raptr 2014-08-15 19:33 - 2014-08-15 19:33 - 00061828 _____ () C:WindowsSysWOW64CCCInstall_201408151933168008.log 2014-08-15 19:33 - 2014-08-15 19:33 - 00000000 ____D () C:UsersixiAppDataRoaminglibrary_dir 2014-08-15 19:30 - 2014-08-15 19:30 - 00000000 ____D () C:Program FilesCommon FilesATI Technologies 2014-08-15 19:30 - 2013-09-18 17:03 - 00000000 ____D () C:ProgramDataPackage Cache 2014-08-15 19:29 - 2014-08-15 19:29 - 00000000 ____D () C:Program FilesATI 2014-08-15 19:07 - 2014-07-27 15:13 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsCCleaner 2014-08-15 19:07 - 2014-07-25 23:00 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome 2014-08-15 19:07 - 2013-09-15 12:30 - 00000000 ____D () C:WindowsMinidump 2014-08-15 19:07 - 2009-07-14 06:20 - 00000000 ____D () C:Windowsregistration 2014-08-15 19:07 - 2009-07-14 06:20 - 00000000 ____D () C:WindowsAppCompat 2014-08-14 15:01 - 2014-08-14 15:01 - 00000000 ____D () C:Program FilesAMD 2014-08-14 14:53 - 2014-08-14 14:53 - 00000000 ____D () C:UsersixiAppDataRoamingATI 2014-08-14 14:53 - 2014-08-14 14:53 - 00000000 ____D () C:UsersixiAppDataLocalATI 2014-08-13 02:00 - 2014-08-13 02:00 - 04575232 _____ (Google Inc.) C:WindowsSysWOW64GPhotos.scr 2014-08-08 23:52 - 2014-08-08 23:52 - 00000000 ____D () C:UsersixiAppDataLocalSkyrim 2014-08-08 23:44 - 2014-08-08 23:44 - 00272808 _____ (Oracle Corporation) C:WindowsSysWOW64javaws.exe 2014-08-08 23:44 - 2014-08-08 23:44 - 00175528 _____ (Oracle Corporation) C:WindowsSysWOW64javaw.exe 2014-08-08 23:44 - 2014-08-08 23:44 - 00175528 _____ (Oracle Corporation) C:WindowsSysWOW64java.exe 2014-08-08 23:44 - 2014-08-08 23:44 - 00098216 _____ (Oracle Corporation) C:WindowsSysWOW64WindowsAccessBridge-32.dll 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:WindowsSun 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:UsersixiAppDataRoamingOracle 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:ProgramDataOracle 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsJava 2014-08-08 23:44 - 2014-08-08 23:44 - 00000000 ____D () C:Program Files (x86)Java 2014-08-07 23:22 - 2014-08-07 23:22 - 00000001 _____ () C:UsersixiAppDataLocalllftool.4.40.agreement 2014-08-07 10:50 - 2013-09-11 16:52 - 00000000 ____D () C:Program Files (x86)Mozilla Maintenance Service 2014-08-04 20:26 - 2014-08-04 20:26 - 00000000 ____D () C:Program Files (x86)Mozilla Firefox 2014-08-01 02:41 - 2014-08-17 12:54 - 00348856 _____ (Microsoft Corporation) C:Windowssystem32iedkcs32.dll 2014-08-01 02:16 - 2014-08-17 12:54 - 00307384 _____ (Microsoft Corporation) C:WindowsSysWOW64iedkcs32.dll 2014-07-29 22:09 - 2009-07-14 06:20 - 00000000 ____D () C:Windowssecurity 2014-07-29 20:17 - 2014-07-29 20:17 - 00003154 _____ () C:WindowsSystem32Tasks{105E1070-765D-47E0-B952-AB4259F339C9} 2014-07-28 23:06 - 2013-09-11 16:49 - 00000000 ____D () C:UsersixiAppDataLocalGoogle 2014-07-27 15:30 - 2014-07-27 15:30 - 00003168 _____ () C:WindowsSystem32Tasks{45C9B672-0BA5-4BC0-8CC5-3956706456A8} 2014-07-27 15:14 - 2014-07-27 15:13 - 00000000 ____D () C:Program FilesCCleaner 2014-07-27 15:13 - 2014-07-27 15:13 - 00002768 _____ () C:WindowsSystem32TasksCCleanerSkipUAC 2014-07-27 12:36 - 2013-09-11 18:40 - 00000000 ____D () C:Program FilesMicrosoft Silverlight 2014-07-27 12:36 - 2013-09-11 18:40 - 00000000 ____D () C:Program Files (x86)Microsoft Silverlight Some content of TEMP: ==================== C:UsersixiAppDataLocalTemp_isAA35.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:WindowsSystem32winlogon.exe => File is digitally signed C:WindowsSystem32wininit.exe => File is digitally signed C:WindowsSysWOW64wininit.exe => File is digitally signed C:Windowsexplorer.exe => File is digitally signed C:WindowsSysWOW64explorer.exe => File is digitally signed C:WindowsSystem32svchost.exe => File is digitally signed C:WindowsSysWOW64svchost.exe => File is digitally signed C:WindowsSystem32services.exe => File is digitally signed C:WindowsSystem32User32.dll => File is digitally signed C:WindowsSysWOW64User32.dll => File is digitally signed C:WindowsSystem32userinit.exe => File is digitally signed C:WindowsSysWOW64userinit.exe => File is digitally signed C:WindowsSystem32rpcss.dll => File is digitally signed C:WindowsSystem32Driversvolsnap.sys => File is digitally signed LastRegBack: 2014-08-17 21:00 ==================== End Of Log ============================ Addition.txt
  21. Здравейте! От известно време забелязвам, че компютъра от подписа стана много бавен и понякога дори не мога да отворя task manager-а.... Ето какво е причинявало забавянето Според мен е вирус... Спирам го ръчно и след определено време се стартира отново... Интересното е, че имам легален KIS2014..., и не е "изпищял", сега правя фул скан на компа... P.S. В заглавието съм направил грешка..., имах предвид Coin-miner.exe...
  22. Ето и резултатите след сканирането. FRST.txt Addition.txt
×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.