Премини към съдържанието
vratarqt

Facebook вирусът --> Enhаnced Protection Mode на антивирусната

Препоръчан отговор


Здравейте,

преди известно време(1 седмица може би) и аз се натъкнах на вируса от фейсбук (Hi. How are you? .... , после ти праща уж весел клип) Уви , вързах се, отворих клипа(за целта дръпнах някакъв препоръчителен Flash Player) и вирусът започна да препраща същите съобщение и клип от моя профил многократно на много от приятелите ми. Смених си паролата и не знам това ли му повлия, но спря да изпраща споменатите неща от мое име. На следващия ден и профилът на сестра ми във ФБ се зарази със същото нещо, но промяната на паролата първоначално не промени нищо, от профила и продължиха да се препращат съобщението и клипа на приятелите и. След още един ден вече не можехме да влизаме в ФБ, излизаше ни съобщение, че ФБ има проблем и се опитва да го оправи (в същото време обаче от лаптопа на баща ни влизахме във ФБ). И така до вчера това беше картината.От вчера вече не ни излиза съобщението,че ФБ има проблем,сестра ми казва,че като си влезе в профила вече и при нея не се препращат от само себе си съобщението и клипа (явно по някакъв начин от само себе си се е оправил ФБ-профила и, или може би това е временно и може пак да се появи? ). Сега проблемът е друг. От вчера излезе на антивирусната (долу вдясно до часовника) познатият червен прозорец Enhanced Protection Mode.Помислих, че е от самата антивирусна (Avira) ,тъй като преди около седмица и изтече лицензът, с който я дръпнах от нета. Странно, в Control Panel, добавяне/премахвяне на програми нямаше Avira-файл, но рекох си , Avira се е деинсталнала сама, понеже е изтекъл лицензът. Дръпнах си Avast. Но след инсталацията и ристартиранито на компа, при което Аваст го сканира, се появи отново червеният прозорец с Enhanced Protection Mode. Към момента обаче Аваст все още не се е деинсталирала от само себе си, или по точно - виждам я все още в Contol Panel.

Знаех вече , че имам проблем, влязох в интернет и попаднах на вашия форум. Прочетох доста теми,в които се описваше същият или отчасти същият проблем като при мен. Прочетох още, че при всеки се действа отделно, и затова публикувам нова тема.

Компютърът ми е Windows XP,версия 2002,Service Pack 3 пише също.

А да, още нещо, и при мен се появи в Диспечера на задачите ufa.exe ,койта също товари много процесора. Не знам грешка ли е , но доста пъти му давах край на процеса, за да мога въобще да влизам в нета и да правя нещо на компа.

Мисля , че това е всичко, извинявайте, ако съм Ви отегчил с дългия разказ, но не знам кое може да се окаже важно,затова описах всичко, както го видях.

Предварително благодаря,че отделяте време и за мен!

DDS файла приключи работата си. Ето двата отчета, които се появиха:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by Vlado Kurtev at 11:05:53 on 2011-07-26

Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.767.473 [GMT 3:00]

.

AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! antivirus 4.8.1368 [VPS 091127-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Vlado Kurtev\Application Data\dwm.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\Vlado Kurtev\Application Data\Microsoft\conhost.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\DOCUME~1\VLADOK~1\LOCALS~1\Temp\csrss.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\rundll32.exe

"C:\WINDOWS\update.tray-7-0\svchost.exe"

C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe

C:\WINDOWS\l1rezerv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\update.2\svchost.exe srv

C:\WINDOWS\sysdriver32.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\update.1\svchost.exe srv

C:\Program Files\Canon\CAL\CALMAIN.exe

"C:\WINDOWS\update.2\svchost.exe" stand

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\WINDOWS\update.5.0\svchost.exe srv

"C:\WINDOWS\update.5.0\svchost.exe" stand

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/home?AF=18776

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:54667

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: IsoBuster Toolbar: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - c:\program files\isobuster\prxtbIso0.dll

uWinlogon: Shell=explorer.exe,c:\documents and settings\vlado kurtev\application data\dwm.exe

uWindows: Load=c:\docume~1\vladok~1\locals~1\temp\csrss.exe

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: IsoBuster Toolbar: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - c:\program files\isobuster\prxtbIso0.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: IsoBuster Toolbar: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - c:\program files\isobuster\prxtbIso0.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

mRun: [soundMan] SOUNDMAN.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [wxpdrv] c:\windows\services32.exe

mRun: [tray_ico0] c:\windows\update.tray-7-0\svchost.exe

mRun: [sysdriver32.exe] "c:\windows\sysdriver32.exe" rezerv

mRun: [sysdriver32_.exe] "c:\windows\sysdriver32_.exe" rezerv

mRun: [l1rezerv.exe] "c:\windows\l1rezerv.exe"

mRun: [conhost] c:\documents and settings\vlado kurtev\application data\microsoft\conhost.exe

mRun: [84932378-loader2.exe] "c:\docume~1\vladok~1\locals~1\temp\84932378-loader2.exe"

mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"

mRun: [tray_ico]

mRun: [tray_ico1]

mRun: [tray_ico2]

mRun: [tray_ico3]

mRun: [tray_ico4]

mRun: [7952985.exe] "c:\windows\temp\7952985.exe"

mRun: [1005973.exe] "c:\windows\temp\1005973.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\documents and settings\vlado kurtev\start menu\programs\startup\PowerReg Scheduler.exe

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableSecureUIAPaths = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 93.155.247.2 192.168.0.1

TCP: Interfaces\{DC13E36A-826C-45EE-9466-28CAB974A7DA} : DhcpNameServer = 93.155.247.2 192.168.0.1

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\vlado kurtev\application data\mozilla\firefox\profiles\rvbk65cl.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 54667

FF - prefs.js: network.proxy.type - 1

FF - component: c:\documents and settings\vlado kurtev\application

data\mozilla\firefox\profiles\rvbk65cl.default\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}\components\FFAlert.dll

FF - component: c:\documents and settings\vlado kurtev\application data\mozilla\firefox\profiles\rvbk65cl.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll

FF - plugin: c:\documents and settings\vlado kurtev\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - Ext: Babylon OCR: ocr@babylon.com - c:\program files\mozilla firefox\extensions\ocr@babylon.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org

FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com

FF - Ext: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - %profile%\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Freemake Video Downloader: fmdownloader@gmail.com - c:\program files\freemake\freemake video downloader\browserplugin\Firefox

.

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 1500000

FF - user.js: nglayout.initialpaint.delay - 100

.

============= SERVICES / DRIVERS ===============

.

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-7-21 353168]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-26 56816]

R2 srvbtcclient;srvbtcclient;c:\windows\update.5.0\svchost.exe srv --> c:\windows\update.5.0\svchost.exe srv [?]

R2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?]

R2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?]

R2 wxpdrivers;wxpdrivers;c:\windows\update.1\svchost.exe srv --> c:\windows\update.1\svchost.exe srv [?]

S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]

S2 0234281243324666mcinstcleanup;McAfee Application Installer Cleanup (0234281243324666);c:\docume~1\vladok~1\locals~1\temp\0234281243324666mcinst.exe

c:\progra~1\common~1\mcafee\installer\cleanup.ini -cleanup -nolog -service --> c:\docume~1\vladok~1\locals~1\temp\0234281243324666mcinst.exe

c:\progra~1\common~1\mcafee\installer\cleanup.ini -cleanup -nolog -service [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [2000-6-29 3584]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\g:\test\everest 4.00 build 975 ultimate+crack\kerneld.wnt --> g:\test\everest 4.00 build 975 ultimate+crack\kerneld.wnt [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]

S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2008-7-3 391688]

S4 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]

S4 AntiVirService;Avira AntiVir Guard;"c:\program files\avira\antivir desktop\avguard.exe" --> c:\program files\avira\antivir desktop\avguard.exe [?]

S4 Ippieccsmp;Ippieccsmp; [x]

.

=============== File Associations ===============

.

regfile=regedit.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-07-25 13:28:13 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-07-25 13:17:23 -------- d--h--w- c:\windows\update.tray-7-0-lnk

2011-07-25 13:17:23 -------- d--h--w- c:\windows\update.tray-7-0

2011-07-21 12:41:26 -------- d-----w- c:\program files\IObit

2011-07-19 19:37:36 -------- d-----w- c:\windows\rpcminer

2011-07-19 19:37:36 -------- d-----w- c:\windows\phoenix

2011-07-19 19:29:44 246272 ----a-w- c:\windows\unrar.exe

2011-07-19 09:30:20 181248 ----a-w- c:\documents and settings\vlado kurtev\application data\dwm.exe

2011-07-19 09:29:54 169472 ----a-w- c:\documents and settings\vlado kurtev\application data\microsoft\conhost.exe

2011-07-18 18:28:12 -------- d-----w- c:\documents and settings\vlado kurtev\local settings\application data\Media Get LLC

2011-07-18 18:27:54 -------- d-----w- c:\documents and settings\vlado kurtev\local settings\application data\MediaGet2

2011-07-18 15:40:59 -------- d-----w- c:\documents and settings\vlado kurtev\application data\Ldoce

2011-07-18 15:40:44 -------- d-----w- c:\program files\common files\Macrovision Shared

2011-07-18 15:40:43 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE

2011-07-18 15:40:40 12464 ----a-w- c:\windows\system32\drivers\CdaC15BA.SYS

2011-07-18 12:37:09 -------- d-----w- c:\windows\ufa

2011-07-18 11:37:20 232960 ----a-w- c:\windows\l1rezerv.exe

2011-07-18 10:31:17 -------- d-----w- c:\documents and settings\vlado kurtev\local settings\application data\Solid State Networks

2011-07-18 10:07:40 181760 ----a-w- c:\program files\windows nt\dwm.exe

2011-07-18 10:07:17 169472 ----a-w- c:\program files\internet explorer\conhost.exe

2011-07-18 10:07:17 -------- d-----w- C:\Microsoft

2011-07-18 10:07:07 169472 ----a-w- c:\windows\gbot111.exe

2011-07-18 10:07:00 -------- d--h--w- c:\windows\update.2

2011-07-18 10:06:47 -------- d--h--w- c:\windows\update.5.0

2011-07-18 10:06:41 256000 ----a-w- c:\windows\sysdriver32_.exe

2011-07-18 10:06:25 256000 ----a-w- c:\windows\sysdriver32.exe

2011-07-18 10:06:02 -------- d-----w- c:\windows\av_ico

2011-07-18 10:03:48 -------- d--h--w- c:\windows\update.1

2011-07-18 10:03:38 -------- d--h--w- c:\windows\update.tray-8-0-lnk

2011-07-18 10:03:38 -------- d--h--w- c:\windows\update.tray-8-0

2011-07-17 20:19:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-17 20:11:05 1170432 ----a-w- c:\windows\services32.exe

.

==================== Find3M ====================

.

2011-06-24 09:35:01 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2011-06-04 08:06:43 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2009-04-03 18:57:13 266240 ----a-w- c:\program files\Uninstall Pando Toolbar.dll

2008-05-07 15:42:45 409695 ----a-w- c:\program files\Uninstall Fun Web Products.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST3120022A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe >>UNKNOWN [0x82F8AC78]<<

_asm { MOV EAX, 0x82f8ab98; XCHG [ESP], EAX; PUSH EAX; PUSH 0x82fdba74; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL;

ADD [EAX], AL; ADD [EAX], AL; }

1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x82F54AB8]

\Driver\Disk[0x82F04A08] -> IRP_MJ_CREATE -> 0x82F8AC78

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP

MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\Disk -> 0x82f8ac78

user & kernel MBR OK

Warning: possible MBR rootkit infection !

.

============= FINISH: 11:06:29.76 ===============

Ето сега и Attach файла :

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2/13/2008 15:57:52

System Uptime: 7/26/2011 10:00:00 (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | GA-7VT600

Processor: AMD Athlon™ XP 2200+ | Socket A | 1808/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 20 GiB total, 4.712 GiB free.

D: is FIXED (NTFS) - 49 GiB total, 15.069 GiB free.

E: is FIXED (NTFS) - 43 GiB total, 1.545 GiB free.

F: is CDROM ()

H: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP360: 7/18/2011 14:38:06 - Контролна точка на системата

RP361: 7/19/2011 15:26:01 - Контролна точка на системата

RP362: 7/21/2011 16:05:14 - Контролна точка на системата

RP363: 7/22/2011 16:28:32 - Контролна точка на системата

RP364: 7/25/2011 18:05:28 - Контролна точка на системата

.

==== Installed Programs ======================

.

1503 A.D.

A4 Tech PC Camera V

Adobe Flash Player 10 ActiveX

Adobe Reader 8.3.0

Advanced SystemCare 4

Ashampoo Burning Studio 2007

Auto Gordian Knot 2.45

avast! Antivirus

AviSynth 2.5

BitLord 1.1

C-Media WDM Audio Driver

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon G.726 WMP-Decoder

Canon MovieEdit Task for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities EOS Utility

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Codec pack Base (DivX, Xvid, 3ivx)

Compatibility Pack for the 2007 Office system

Counter-Strike 1.0

Facebook Plug-In

ffdshow (remove only)

FlexType 2K

FormatFactory 2.40

Freemake Video Downloader version 2.0.3

GOM Player

Google Earth

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

HPCarePackProducts

hppMSRedist

hppusgP1000

HPSSupply

Icy Tower v1.3.1

InterVideo DeviceService

IsoBuster Toolbar

IZArc 3.81

Java Auto Updater

Java™ 6 Update 24

Java™ 6 Update 7

K-Lite Codec Pack 3.9.0 Full

Knights Of Honor

KoralSoft - EuroDictXP

L&H TTS3000 British English

LDOCE

MarketResearch

Medal of Honor Allied Assault

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office XP Professional with FrontPage

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Mozilla Firefox (3.5.6)

MrvlUsgTracking

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 6 Service Pack 2 (KB954459)

NVIDIA Drivers

OpenOffice.org Installer 1.0

Platform

PonyProg v1.17h

Pro Evolution Soccer 6

Realtek AC'97 Audio

Revo Uninstaller 1.83

SA Dictionary 2005 T2

SafeCast Shared Components

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Skype™ 5.3

SmartSound Quicktracks Plugin

SMS version 3.0.2.8

Software Update for Web Folders

Spelling Dictionaries Support For Adobe Reader 8

SubDownloader2

The KMPlayer (remove only)

TuneUp Utilities 2008

Ulead VideoStudio 11

Update for Windows Internet Explorer 8 (KB968220)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB973815)

VIA ї»ї

VideoLAN VLC media player 0.8.6c

VideoStudio

vloader-bg 1.59

VP-EYE

WebFldrs XP

Winamp (remove only)

Windows Bulgarian Interface Pack

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Media Encoder 9 Series

Windows XP Service Pack 3

Xilisoft Video Converter Ultimate

xplorerІ professional

съ»і°рсєё ёЅтµрфµ№с ·° TuneUp Utilities 2008

су ї°єµт ·° Ashampoo Burning Studio 2007

.

==== Event Viewer Messages From Past Week ========

.

7/25/2011 16:17:22, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service EventSystem with arguments "" in order to run

the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/25/2011 16:13:11, error: W32Time [17] - Time Provider NtpClient: An error

occurred during DNS lookup of the manually configured peer

'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15

minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

7/21/2011 10:52:50, error: Service Control Manager [7026] - The following

boot-start or system-start driver(s) failed to load: avgio

7/21/2011 10:52:48, error: Service Control Manager [7000] - The Avira

AntiVir Scheduler service failed to start due to the following error: The system

cannot find the path specified.

7/21/2011 10:52:48, error: Service Control Manager [7000] - The Avira

AntiVir Guard service failed to start due to the following error: The system

cannot find the path specified.

7/19/2011 22:28:28, error: Service Control Manager [7034] - The srvbtcclient

service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

Това е. Нещо ,което пропуснах , е че съм почти сигурен , че нямам CD с Windows XP.

Редактирано от kal (преглед на промените)
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

  • Изтеглете OTL.exe и го запазете на десктопа.
  • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
  • Сложете отметка пред Scan All Users Публикувано изображение
  • Под менюто File Age => изберете 90 days
  • Под менюто Standard Registry => променете на ALL
  • Сложете отметки пред LOP и Purity Check
  • Под Публикувано изображение с Copy/ Paste въведете следната текстова информация:
netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Application Data\*.*
%USERPROFILE%\Local Settings\Application Data\*.*
%AllUsersProfile%\*.*
%AllUsersProfile%\Application Data\*.*
%USERPROFILE%\My Documents\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
/md5start
hlp.dat
winlogon.exe
wininit.exe
userinit.exe
explorer.exe
volsnap.sys
/md5stop
  • Натиснете маркираният в синьо бутон: Публикувано изображение.
  • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt.
  • Публикувайте съдържанието на лог файловете в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Извинявам се забавянето...не сме ви забравили...просто имаме много случаи и при това не само в този форум...доста българи са засегнати от този вирус. След малко ще пиша като анализирам резултатите. Очите ми станаха на палачинки от взиране в това бялото.

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Деинсталирайте остатъците от AVIRA и avast! от Control Panel-a

Това приложение да ви е познато за да знам дали да затворя тези портове ?

"45000:UDP" = 45000:UDP:*:Enabled:msisvchost

"45001:UDP" = 45001:UDP:*:Enabled:msisvchost

"45003:UDP" = 45003:UDP:*:Enabled:msisvchost

Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.





:Processes
killallprocesses
:OTL
SRV - File not found [Disabled | Stopped] --  -- (AntiVirService)
SRV - File not found [Disabled | Stopped] --  -- (AntiVirSchedulerService)
SRV - File not found [Auto | Stopped] --  -- (0234281243324666mcinstcleanup) McAfee Application Installer Cleanup (0234281243324666)
SRV - [2011/07/26 10:08:20 | 000,348,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.5.0\svchost.exe -- (srvbtcclient)
SRV - [2011/07/25 17:44:05 | 000,256,000 | ---- | M] () [Auto | Running] -- C:\WINDOWS\sysdriver32.exe -- (srvsysdriver32)
SRV - [2011/07/25 17:21:00 | 000,495,616 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.2\svchost.exe -- (srviecheck)
SRV - [2011/07/17 23:10:50 | 001,170,432 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\update.1\svchost.exe -- (wxpdrivers)
DRV - [2009/12/07 20:36:38 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/06/11 11:28:57 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/26 17:07:52 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61717
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61717
IE - HKU\S-1-5-21-602162358-813497703-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-602162358-813497703-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54667
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54667
FF - prefs.js..network.proxy.type: 1
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
[2009/05/16 20:02:56 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\searchplugins\ask.xml
[2011/01/08 23:40:30 | 000,002,394 | ---- | M] () -- C:\Documents and Settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\searchplugins\askcom.xml
[2010/09/22 14:47:46 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\searchplugins\conduit.xml
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [1005973.exe] C:\WINDOWS\TEMP\1005973.exe ()
O4 - HKLM..\Run: [7952985.exe] C:\WINDOWS\TEMP\7952985.exe ()
O4 - HKLM..\Run: [84932378-loader2.exe] C:\Documents and Settings\Vlado Kurtev\Local Settings\Temp\84932378-loader2.exe ()
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Vlado Kurtev\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe ()
O4 - HKLM..\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe ()
O4 - HKLM..\Run: [tray_ico]  File not found
O4 - HKLM..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1]  File not found
O4 - HKLM..\Run: [tray_ico2]  File not found
O4 - HKLM..\Run: [tray_ico3]  File not found
O4 - HKLM..\Run: [tray_ico4]  File not found
O4 - HKLM..\Run: [wxpdrv] C:\WINDOWS\services32.exe ()
F3 - HKU\S-1-5-21-602162358-813497703-839522115-1003 WinNT: Load - (C:\DOCUME~1\VLADOK~1\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Vlado Kurtev\Local Settings\Temp\csrss.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Program Files\Windows NT\dwm.exe) - C:\Program Files\Windows NT\dwm.exe ()
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Program Files\Windows NT\dwm.exe) - C:\Program Files\Windows NT\dwm.exe ()
O20 - HKU\S-1-5-21-602162358-813497703-839522115-1003 Winlogon: Shell - (C:\Documents and Settings\Vlado Kurtev\Application Data\dwm.exe) - C:\Documents and Settings\Vlado Kurtev\Application Data\dwm.exe ()
O31 - SafeBoot: AlternateShell - services32.exe
O33 - MountPoints2\{aacdb56e-a1c6-11dd-875a-000d612d6c81}\Shell\AutoRun\command - "" = ysep1.exe
O33 - MountPoints2\{aacdb56e-a1c6-11dd-875a-000d612d6c81}\Shell\open\Command - "" = ysep1.exe
O33 - MountPoints2\{c7bff842-da40-11dc-b656-000d612d6c81}\Shell - "" = AutoRun
[2011/07/25 16:17:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0-lnk
[2011/07/25 16:17:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0
[2011/07/25 15:05:55 | 000,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/25 15:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Antivirus
[2011/07/25 15:05:54 | 000,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/25 15:05:54 | 000,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/25 15:05:52 | 000,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/25 15:05:52 | 000,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2011/07/25 15:05:52 | 000,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/25 15:05:52 | 000,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/25 15:05:52 | 000,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/25 15:05:30 | 001,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/19 22:37:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
[2011/07/19 22:37:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011/07/18 15:37:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011/07/18 13:07:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
[2011/07/18 13:06:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
[2011/07/18 13:06:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
[2011/07/18 13:03:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
[2011/07/18 13:03:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-8-0-lnk
[2011/07/18 13:03:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-8-0
[2011/07/26 11:23:46 | 000,000,179 | ---- | M] () -- C:\WINDOWS\info1
[2011/07/26 10:00:30 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2011/07/25 17:44:05 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe
[2011/07/25 17:44:05 | 000,256,000 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
[2011/07/25 17:26:41 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
[2011/07/21 12:39:56 | 000,181,248 | ---- | M] () -- C:\Documents and Settings\Vlado Kurtev\Application Data\dwm.exe
[2011/07/21 10:52:36 | 000,009,659 | ---- | M] () -- C:\Documents and Settings\Vlado Kurtev\Application Data\FDFA.A02
[2011/07/19 22:37:35 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011/07/19 22:37:35 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011/07/19 22:37:35 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011/07/19 22:37:31 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011/07/19 22:29:44 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011/07/18 13:07:07 | 000,169,472 | ---- | M] () -- C:\WINDOWS\gbot111.exe
[2011/07/18 13:06:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011/07/17 23:10:50 | 001,170,432 | ---- | M] () -- C:\WINDOWS\services32.exe
[2011/07/17 03:24:20 | 004,636,907 | ---- | M] () -- C:\WINDOWS\geoiplist
[2011/07/19 22:37:35 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011/07/19 22:37:34 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011/07/19 22:37:31 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011/07/19 22:29:46 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011/07/19 22:29:44 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011/07/19 22:29:44 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011/07/19 12:30:20 | 000,181,248 | ---- | C] () -- C:\Documents and Settings\Vlado Kurtev\Application Data\dwm.exe
[2011/07/19 12:29:55 | 000,009,659 | ---- | C] () -- C:\Documents and Settings\Vlado Kurtev\Application Data\FDFA.A02
[2011/07/18 14:37:20 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe
[2011/07/18 13:07:07 | 000,169,472 | ---- | C] () -- C:\WINDOWS\gbot111.exe
[2011/07/18 13:06:47 | 000,000,179 | ---- | C] () -- C:\WINDOWS\info1
[2011/07/18 13:06:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011/07/18 13:06:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32_.exe
[2011/07/18 13:06:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe
[2011/07/17 23:11:05 | 001,170,432 | ---- | C] () -- C:\WINDOWS\services32.exe
@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BF2F6B5
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6152D44C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1940DBE8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66B13F37
:files
C:\WINDOWS\update.5.0
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\update.2
C:\Documents and Settings\Vlado Kurtev\Local Settings\Temp\csrss.exe
C:\Documents and Settings\Vlado Kurtev\Application Data\dwm.exe
C:\Documents and Settings\Vlado Kurtev\Application Data\Microsoft\conhost.exe
C:\WINDOWS\update.tray-7-0
C:\WINDOWS\update.1
C:\WINDOWS\services32.exe
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\update.tray-8-0\svchost.exe
C:\WINDOWS\update.2\svchost.exe
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\services32.exe"=-
"C:\WINDOWS\update.1\svchost.exe"=-
"C:\WINDOWS\update.tray-8-0\svchost.exe"=-
"C:\WINDOWS\update.2\svchost.exe"=-
:commands
[resethosts]
[emptytemp]
След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

Изтеглете SystemLook и запазете програмата на десктопа.

  • Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
  • Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:
:reg
HKEY_USERS\S-1-5-21-602162358-813497703-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows
  • Кликнете на бутона Look, за да започне сканирането.
  • Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.

  • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравей отново! Извинявяй за забавянето, имах работа извън къщи. Разбирам, че и ти си зает - просто още едно голямо благодаря от всички нас за вашата помощ!

Така, това приложиние msisvchost съм го виждал и преди в диспечъра на задачите, при процеси, но не знам каква му е функцията, нито дали е полезен или вреден за компютъра.Във всеки случай не е инсталирано (ако е програма) от мен или някой от семейството ми. Вредно ли е това приложение ?

Сега ще направя каквото си ми посочил и пак ще пиша .

Имам въпрос:

Премахнах от Control Pdnel всички файлове,свързани с двете Антивирусни. Сега ще направя това, което ми писа за OTL програмата. Въпросът е , трябва ли отново да настроя OTL, както при първото използване - File Age -> 90 Days,Standart Registry -> All и т.н.?

Редактирано от vratarqt (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не, просто копирайте скрипта в полето отдолу и натискате Run Fix. ;) После ще проверим и този msisvchost.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравей отново! Така, направих операцията с OTL, но след рестарта не излезе нищо, просто Windows си зареди.Следователно , откъде да взема Лог файла, за да ти го дам? Междувременно , докато чаках, забелязaх , че след като в диспечъра на задачите изключа процеса ufo.exe , процесът firefox.exe започва да натоварва процесорa много - 90% и нагоре. Не знам дали това ти говори нещо , просто споделям. Та откъде да взема лог файла?

Редактирано от vratarqt (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Лог файла се намира в папката C:\_OTL\Movedfiles Копирайте го в следващия си пост...има опасност да не се е получила процедурата, защото процеса ufa.exe бе маркиран в скрипта ми за триене, но щом още стои ще се наложи да използваме алтернативен инструмент.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

В посочената папка има само една друга папка, наименувана с номера: 07262011_170155 . Тази папка пък от своя страна е празна.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Значи лог файл йок....добре минаваме на тежката артилерия, после ще се върнем на OTL да доизчистим:

1. Изтеглете ComboFix от BleepingComputer

и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

Публикувано изображение

След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

Публикувано изображение

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива. За целта може да прегледате информацията от този линк: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs.

3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

4. ComboFix ще провери дали Windows Recovery Console e инсталиранa.

*Ако Windows Recovery Console не е инсталирана, ще е необходимо да използвате YES за инсталация на Windows Recovery Console

*Ако Windows Recovery Console е инсталирана, ComboFix ще продължи работата си.

Публикувано изображение

Забележка: Необходимо е да сте свързани към Интернет за да може Windows Recovery Console да се изтегли.

След инсталация на Windows Recovery Console потвърдете с YES, за да продължите напред. Снимка:

Публикувано изображение

5. ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на Combofix, моля да прочетете това: Manually restoring the Internet connection section.

Забележка: При проблеми с ComboFix копирайте с (Copy) и поставете с (Paste) съдържанието на C:\BUG.txt в следващия си коментар.

6. Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

Публикувано изображение

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Срещам трудност! След като дръпнах CamboFix файла, четох в линка How to temporally desable your Anti-virus. Но там пише, че за да изключа Аваст , трябва да кликна с десен бутон и да направя така и така. Но това е невъзможно, понеже Аваст-иконката до часовника долу вдясно е оранжева и с който и от бутоните на мишката да кликна излиза Enhanced Protection Mode. Затова директно включих Cambo Fix. Със самото кликване върху иконката и , Аваст иконата до часовника изчезна. Но в следващата секунда CamboFix ми показа съобщение , че : antivirus: AntiVir Dekstop antivirus: avast! antivirus 4.8.1368 [VPS 091127-1] The above real time scanner(s) are still active. и ме призовава да ги изключа. При което аз влязох в Control Panel,Security Center и направих така, че WindowsFirewall да е е изключена (пише Not Monitored) а срещу Automatic Updates, Virus Proteсtion има OFF. После натиснах ОК на CamboFix Съобщението. Ноизлезе второ ,което гласи почти същото : antivirus: AntiVir Dekstop antivirus: avast! antivirus 4.8.1368 [VPS 091127-1] The above real time scanner(s) are still active but CamboFix shall continue to run.Kindly note that this is at your own risk. При това съобщение реших да ти пиша. Какво да направя, да дам ОК и на второто Съобщение от CamboFix или пък как да ги изключа тези - antivirus: AntiVir Dekstop ,аntivirus: avast! antivirus 4.8.1368 [VPS 091127-1]

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Пробвайте направо да деинсталирате антивирусната и тогава да продължите...ако не се получи просто натиснете OK.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравей отново!

Така CamboFix свърши работата си. Сега ще Paste лог файла.(Въпрос: Да пусна ли вече Windows Firewall?)

ComboFix 11-07-26.02 - Vlado Kurtev 07/26/2011 19:00:09.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.767.500 [GMT 3:00]

Running from: c:\documents and settings\Vlado Kurtev\Desktop\ComboFix.exe

AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! antivirus 4.8.1368 [VPS 091127-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Vlado Kurtev\Application Data\Desktopicon

c:\documents and settings\Vlado Kurtev\Application Data\dwm.exe

c:\documents and settings\Vlado Kurtev\Application Data\Microsoft\conhost.exe

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Vlado Kurtev\WINDOWS

C:\Microsoft

c:\program files\Internet Explorer\conhost.exe

c:\program files\Mozilla Firefox\components\npclntax.xpt

c:\program files\Uninstall Fun Web Products.dll

c:\windows\btc_client_iplist.txt

c:\windows\ddh_iplist.txt

c:\windows\front_ip_list.txt

c:\windows\gbot111.exe

c:\windows\iecheck_iplist.txt

c:\windows\info1

c:\windows\iplist.txt

c:\windows\l1rezerv.exe

c:\windows\loader2.exe_ok

c:\windows\msvrc20.dll

c:\windows\phoenix.rar

c:\windows\proc_list1.log

c:\windows\rpcminer.rar

c:\windows\services32.exe

c:\windows\sysdriver32.exe

c:\windows\sysdriver32_.exe

c:\windows\system32\drivers\etc\hѕsts

c:\windows\TEMP\1005973.exe

c:\windows\ufa.rar

c:\windows\update.1

c:\windows\update.1\svchost.exe

c:\windows\update.2

c:\windows\update.2\svchost.exe

c:\windows\update.5.0

c:\windows\update.5.0\svchost.exe

c:\windows\update.tray-7-0\svchost.exe

c:\windows\VM305Cap.exe

c:\windows\winlog-dirs.txt

c:\windows\winlog-ids.txt

c:\windows\winsetupapi.log

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_SRVIECHECK

-------\Legacy_SRVSYSDRIVER32

-------\Legacy_WXPDRIVERS

-------\Service_srviecheck

-------\Service_srvsysdriver32

-------\Service_wxpdrivers

-------\Legacy_srvbtcclient

-------\Legacy_srvbtcclient

-------\Service_srvbtcclient

-------\Service_srvbtcclient

.

.

((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))

.

.

2011-07-26 14:01 . 2011-07-26 14:01 -------- d-----w- C:\_OTL

2011-07-25 13:28 . 2011-07-25 13:28 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-07-25 13:17 . 2011-07-26 16:04 -------- d--h--w- c:\windows\update.tray-7-0

2011-07-25 13:17 . 2011-07-25 13:17 -------- d--h--w- c:\windows\update.tray-7-0-lnk

2011-07-25 12:05 . 2009-11-24 22:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-07-25 12:05 . 2009-11-24 22:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-07-25 12:05 . 2009-11-24 22:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-07-25 12:05 . 2009-11-24 22:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-07-25 12:05 . 2009-11-24 22:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-07-25 12:05 . 2009-11-24 22:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-07-25 12:05 . 2009-11-24 22:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-07-25 12:05 . 2009-11-24 22:47 97480 ----a-w- c:\windows\system32\AvastSS.scr

2011-07-25 12:05 . 2009-11-24 22:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2011-07-25 12:05 . 2004-01-09 08:13 380928 ----a-w- c:\windows\system32\actskin4.ocx

2011-07-21 12:41 . 2011-07-21 12:41 -------- d-----w- c:\program files\IObit

2011-07-19 19:37 . 2011-07-19 19:37 -------- d-----w- c:\windows\rpcminer

2011-07-19 19:37 . 2011-07-19 19:37 -------- d-----w- c:\windows\phoenix

2011-07-19 19:29 . 2011-07-19 19:37 246272 ----a-w- c:\windows\unrar.exe

2011-07-18 18:28 . 2011-07-18 18:28 -------- d-----w- c:\documents and settings\Vlado Kurtev\Local Settings\Application Data\Media Get LLC

2011-07-18 18:27 . 2011-07-18 18:29 -------- d-----w- c:\documents and settings\Vlado Kurtev\Local Settings\Application Data\MediaGet2

2011-07-18 15:40 . 2011-07-18 15:41 -------- d-----w- c:\documents and settings\Vlado Kurtev\Application Data\Ldoce

2011-07-18 15:40 . 2011-07-18 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision

2011-07-18 15:40 . 2011-07-18 15:40 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2011-07-18 15:40 . 2011-07-18 15:40 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE

2011-07-18 15:40 . 2011-07-18 15:40 12464 ----a-w- c:\windows\system32\drivers\CdaC15BA.SYS

2011-07-18 12:37 . 2011-07-19 19:37 -------- d-----w- c:\windows\ufa

2011-07-18 10:31 . 2011-07-18 10:31 -------- d-----w- c:\documents and settings\Vlado Kurtev\Local Settings\Application Data\Solid State Networks

2011-07-18 10:07 . 2011-07-18 10:07 181760 ----a-w- c:\program files\Windows NT\dwm.exe

2011-07-18 10:06 . 2011-07-25 13:19 -------- d-----w- c:\windows\av_ico

2011-07-18 10:03 . 2011-07-18 10:03 -------- d--h--w- c:\windows\update.tray-8-0

2011-07-18 10:03 . 2011-07-18 10:03 -------- d--h--w- c:\windows\update.tray-8-0-lnk

2011-07-17 20:19 . 2011-07-18 10:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-24 09:35 . 2010-06-23 09:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2011-06-04 08:06 . 2011-01-23 15:24 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2009-04-03 18:57 . 2009-04-03 19:10 266240 ----a-w- c:\program files\Uninstall Pando Toolbar.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\prxtbIso0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

2011-01-17 14:54 175912 ----a-w- c:\program files\IsoBuster\prxtbIso0.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\prxtbIso0.dll" [2011-01-17 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\prxtbIso0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-06-16 413072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Vlado Kurtev\Start Menu\Programs\Startup\

PowerReg Scheduler.exe [2008-6-21 256000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableSecureUIAPaths"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk *

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare V2 Personal

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd

"BigDog305"=c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

"HPUsageTracking"=c:\program files\HP\HP UT\bin\hppusg.exe "c:\program files\HP\HP UT\"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

"DisableThumbnailCache"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\BitLord\\BitLord.exe"=

"e:\\Games to Nicki\\cs\\Counter-Strike\\hl.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\update.tray-8-0\\svchost.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

"57967:TCP"= 57967:TCP:Pando P2P TCP Listening Port

"57967:UDP"= 57967:UDP:Pando P2P UDP Listening Port

"58943:TCP"= 58943:TCP:Pando P2P TCP Listening Port

"58943:UDP"= 58943:UDP:Pando P2P UDP Listening Port

"58894:TCP"= 58894:TCP:Pando P2P TCP Listening Port

"58894:UDP"= 58894:UDP:Pando P2P UDP Listening Port

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"45000:UDP"= 45000:UDP:msisvchost

"45001:UDP"= 45001:UDP:msisvchost

"45003:UDP"= 45003:UDP:msisvchost

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/13/2008 17:33 643072]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [7/21/2011 15:41 353168]

S2 0234281243324666mcinstcleanup;McAfee Application Installer Cleanup (0234281243324666);c:\docume~1\VLADOK~1\LOCALS~1\Temp\0234281243324666mcinst.exe c:\progra~1\COMMON~1\McAfee\Installer\cleanup.ini -cleanup -nolog -service --> c:\docume~1\VLADOK~1\LOCALS~1\Temp\0234281243324666mcinst.exe c:\progra~1\COMMON~1\McAfee\Installer\cleanup.ini -cleanup -nolog -service [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 13:16 130384]

S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [6/29/2000 17:24 3584]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\g:\test\EVEREST 4.00 Build 975 Ultimate+Crack\kerneld.wnt --> g:\test\EVEREST 4.00 Build 975 Ultimate+Crack\kerneld.wnt [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 13:16 753504]

S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [7/3/2008 12:32 391688]

S4 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]

S4 Ippieccsmp;Ippieccsmp; [x]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-26 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 06:09]

.

2011-07-22 c:\windows\Tasks\ASC4_AutoCare.job

- c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2011-07-21 11:29]

.

2011-07-26 c:\windows\Tasks\ASC4_AutoSweep.job

- c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe [2011-07-21 11:29]

.

2011-07-26 c:\windows\Tasks\ASC4_AutoUpdate.job

- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-07-21 11:29]

.

2011-07-26 c:\windows\Tasks\ASC4_PerformanceMonitor.job

- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-07-21 11:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.babylon.com/home?AF=18776

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:54667

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 93.155.247.2 192.168.0.1

FF - ProfilePath - c:\documents and settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 54667

FF - prefs.js: network.proxy.type - 1

FF - Ext: Babylon OCR: ocr@babylon.com - c:\program files\Mozilla Firefox\extensions\ocr@babylon.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org

FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com

FF - Ext: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - %profile%\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Freemake Video Downloader: fmdownloader@gmail.com - c:\program files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox

FF - user.js: network.http.max-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 1500000

FF - user.js: nglayout.initialpaint.delay - 100

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-Cmaudio - cmicnfg.cpl

HKLM-Run-wxpdrv - c:\windows\services32.exe

HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe

HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe

HKLM-Run-tray_ico - (no file)

HKLM-Run-tray_ico1 - (no file)

HKLM-Run-tray_ico2 - (no file)

HKLM-Run-tray_ico3 - (no file)

HKLM-Run-tray_ico4 - (no file)

AddRemove-Codec pack Base (DivX, Xvid, 3ivx) - c:\windows\system32\uninst Codec pack Base (DivX

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-26 19:07

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\g:\test\EVEREST 4.00 Build 975 Ultimate+Crack\kerneld.wnt"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3556)

c:\windows\system32\WININET.dll

c:\windows\system32\nview.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\nvwddi.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\drivers\CDAC11BA.EXE

c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\system32\UAService7.exe

c:\windows\SOUNDMAN.EXE

c:\windows\system32\rundll32.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-07-26 19:11:50 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-26 16:11

.

Pre-Run: 4,959,739,904 bytes free

Post-Run: 4,835,659,776 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect

.

- - End Of File - - EFB16EBAAE34E91D8C8F6A8AC8DF663D

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Деинсталирайте ли от Control Panel => ADD or Remove Programs => следните програми:

Avira

avast

(накрая ще инсталираме антивирусна, но само една)

*. Отворете notepad.exe и с copy/paste въведете следната информация:

KILLALL::
Driver::
0234281243324666mcinstcleanup
Ippieccsmp
AntiVirSchedulerService
File::
c:\windows\unrar.exe
c:\windows\system32\ConduitEngine.tmp
Folder::
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk
c:\windows\rpcminer
c:\windows\phoenix
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-8-0
c:\windows\update.tray-8-0-lnk
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\update.tray-8-0\\svchost.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45000:UDP"=-
"45001:UDP"=-
"45003:UDP"=-
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:54667
Firefox::
FF - ProfilePath - c:\documents and settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 54667
FF - prefs.js: network.proxy.type - 1

Запазете файла с име CFScript и го провлачете и пуснете в Combofix (както е показано на картинката отдолу).

Публикувано изображение

*. По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !

*. Когато Combofix приключи ще създаде лог файла. Моля, публикувайте този файл в следващия си пост.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Относно Антивирусните (Avira , Avast) - в Контрол панела, Добавяне/премахване на програми , не виждам нито едната, нито другата, което би трябвало да значе, че са деинсталирани?Не знам. Не знам също дали това е важно, но в момента Mozilla Firefox не ми е активна - в момента съм в нета чрез Интернет Експлолера на Уиндълс. За Мозилата ми пише, че Прокси сърварът отказва свързване. Така, сега ще направя следващата стъпка с CamboFix.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Просто се виждат остатъци от антивирусните и затова ви питах...нищо това е поправимо...колкото до активния браузър - Combofix прави Internet Explorer браузър по-подразбиране (и това се оправя). Прокситата също ще бъдат оправени...включени са в скрипта ми...Действайте. :mistaken:

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравей отново! Така, и ComcoFix свърши работата ,ето лог файла: (Мозилата се оправи, в момента чрез нея съм в нета :mistaken: ) ComboFix 11-07-26.02 - Vlado Kurtev 07/26/2011 19:58:00.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.767.378 [GMT 3:00] Running from: c:\documents and settings\Vlado Kurtev\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Vlado Kurtev\Desktop\CFScript.txt AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: avast! antivirus 4.8.1368 [VPS 091127-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . FILE :: "c:\windows\system32\ConduitEngine.tmp" "c:\windows\unrar.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Vlado Kurtev\Application Data\PriceGong c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\1.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\a.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\b.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\c.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\d.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\e.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\f.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\g.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\h.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\i.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\J.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\k.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\l.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\m.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\n.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\o.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\p.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\q.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\r.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\s.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\t.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\u.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\v.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\w.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\x.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\y.xml c:\documents and settings\Vlado Kurtev\Application Data\PriceGong\Data\z.xml c:\windows\av_ico c:\windows\av_ico\ico_avast_desktop.ico c:\windows\av_ico\ico_avast_start.ico c:\windows\av_ico\ico_avira_start.ico c:\windows\phoenix c:\windows\phoenix\kernels\phatk\__init__.py c:\windows\phoenix\kernels\phatk\__init__.pyc c:\windows\phoenix\kernels\phatk\BFIPatcher.py c:\windows\phoenix\kernels\phatk\kernel.cl c:\windows\phoenix\kernels\poclbm\__init__.py c:\windows\phoenix\kernels\poclbm\__init__.pyc c:\windows\phoenix\kernels\poclbm\BFIPatcher.py c:\windows\phoenix\kernels\poclbm\kernel.cl c:\windows\phoenix\phoenix.exe c:\windows\rpcminer c:\windows\rpcminer\bitcoinminercuda_10.cubin c:\windows\rpcminer\bitcoinminercuda_11.cubin c:\windows\rpcminer\bitcoinminercuda_20.cubin c:\windows\rpcminer\bitcoinmineropencl.cl c:\windows\rpcminer\cudart32_32_16.dll c:\windows\rpcminer\curllib.dll c:\windows\rpcminer\libeay32.dll c:\windows\rpcminer\libsasl.dll c:\windows\rpcminer\openldap.dll c:\windows\rpcminer\rpcminer-4way.exe c:\windows\rpcminer\rpcminer-cpu.exe c:\windows\rpcminer\rpcminer-cuda.exe c:\windows\rpcminer\rpcminer-opencl.exe c:\windows\rpcminer\ssleay32.dll c:\windows\system32\ConduitEngine.tmp c:\windows\system32\drivers\etc\hѕsts c:\windows\ufa c:\windows\ufa\ufa.exe c:\windows\unrar.exe c:\windows\update.tray-7-0-lnk c:\windows\update.tray-7-0-lnk\svchost.exe c:\windows\update.tray-7-0 c:\windows\update.tray-8-0-lnk c:\windows\update.tray-8-0-lnk\svchost.exe c:\windows\update.tray-8-0 c:\windows\update.tray-8-0\svchost.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_0234281243324666MCINSTCLEANUP -------\Legacy_ANTIVIRSCHEDULERSERVICE -------\Service_0234281243324666mcinstcleanup -------\Service_AntiVirSchedulerService -------\Service_Ippieccsmp . . ((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 ))))))))))))))))))))))))))))))) . . 2011-07-26 14:01 . 2011-07-26 14:01 -------- d-----w- C:\_OTL 2011-07-25 13:28 . 2011-07-25 13:28 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-07-25 12:05 . 2009-11-24 22:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-25 12:05 . 2009-11-24 22:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-25 12:05 . 2009-11-24 22:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-07-25 12:05 . 2009-11-24 22:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-07-25 12:05 . 2009-11-24 22:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-07-25 12:05 . 2009-11-24 22:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-25 12:05 . 2009-11-24 22:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-07-25 12:05 . 2009-11-24 22:47 97480 ----a-w- c:\windows\system32\AvastSS.scr 2011-07-25 12:05 . 2009-11-24 22:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-25 12:05 . 2004-01-09 08:13 380928 ----a-w- c:\windows\system32\actskin4.ocx 2011-07-21 12:41 . 2011-07-21 12:41 -------- d-----w- c:\program files\IObit 2011-07-18 18:28 . 2011-07-18 18:28 -------- d-----w- c:\documents and settings\Vlado Kurtev\Local Settings\Application Data\Media Get LLC 2011-07-18 18:27 . 2011-07-18 18:29 -------- d-----w- c:\documents and settings\Vlado Kurtev\Local Settings\Application Data\MediaGet2 2011-07-18 15:40 . 2011-07-18 15:41 -------- d-----w- c:\documents and settings\Vlado Kurtev\Application Data\Ldoce 2011-07-18 15:40 . 2011-07-18 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision 2011-07-18 15:40 . 2011-07-18 15:40 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2011-07-18 15:40 . 2011-07-18 15:40 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE 2011-07-18 15:40 . 2011-07-18 15:40 12464 ----a-w- c:\windows\system32\drivers\CdaC15BA.SYS 2011-07-18 10:31 . 2011-07-18 10:31 -------- d-----w- c:\documents and settings\Vlado Kurtev\Local Settings\Application Data\Solid State Networks 2011-07-18 10:07 . 2011-07-18 10:07 181760 ----a-w- c:\program files\Windows NT\dwm.exe 2011-07-17 20:19 . 2011-07-18 10:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-24 09:35 . 2010-06-23 09:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-04-03 18:57 . 2009-04-03 19:10 266240 ----a-w- c:\program files\Uninstall Pando Toolbar.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-07-26_16.07.45 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-26 17:05 . 2011-07-26 17:05 16384 c:\windows\temp\Perflib_Perfdata_254.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\prxtbIso0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}] 2011-01-17 14:54 175912 ----a-w- c:\program files\IsoBuster\prxtbIso0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\prxtbIso0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\prxtbIso0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="nwiz.exe" [2006-10-22 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Vlado Kurtev\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [2008-6-21 256000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd "BigDog305"=c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) "HPUsageTracking"=c:\program files\HP\HP UT\bin\hppusg.exe "c:\program files\HP\HP UT\" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "e:\\Games to Nicki\\cs\\Counter-Strike\\hl.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "57967:TCP"= 57967:TCP:Pando P2P TCP Listening Port "57967:UDP"= 57967:UDP:Pando P2P UDP Listening Port "58943:TCP"= 58943:TCP:Pando P2P TCP Listening Port "58943:UDP"= 58943:UDP:Pando P2P UDP Listening Port "58894:TCP"= 58894:TCP:Pando P2P TCP Listening Port "58894:UDP"= 58894:UDP:Pando P2P UDP Listening Port "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/13/2008 17:33 643072] R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [7/21/2011 15:41 353168] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 13:16 130384] S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [6/29/2000 17:24 3584] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\g:\test\EVEREST 4.00 Build 975 Ultimate+Crack\kerneld.wnt --> g:\test\EVEREST 4.00 Build 975 Ultimate+Crack\kerneld.wnt [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 13:16 753504] S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [7/3/2008 12:32 391688] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder . 2011-07-26 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 06:09] . 2011-07-22 c:\windows\Tasks\ASC4_AutoCare.job - c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2011-07-21 11:29] . 2011-07-26 c:\windows\Tasks\ASC4_AutoSweep.job - c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe [2011-07-21 11:29] . 2011-07-26 c:\windows\Tasks\ASC4_AutoUpdate.job - c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-07-21 11:29] . 2011-07-26 c:\windows\Tasks\ASC4_PerformanceMonitor.job - c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-07-21 11:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 93.155.247.2 192.168.0.1 FF - ProfilePath - c:\documents and settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q= FF - Ext: Babylon OCR: ocr@babylon.com - c:\program files\Mozilla Firefox\extensions\ocr@babylon.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: myBabylon Toolbar: {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - %profile%\extensions\{34ea1c70-42cc-42c5-aa29-ec58b95a343e} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Freemake Video Downloader: fmdownloader@gmail.com - c:\program files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox FF - user.js: network.http.max-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1500000 FF - user.js: nglayout.initialpaint.delay - 100 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-26 20:05 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\g:\test\EVEREST 4.00 Build 975 Ultimate+Crack\kerneld.wnt" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1876) c:\windows\system32\WININET.dll c:\windows\system32\nview.dll c:\windows\system32\ieframe.dll c:\windows\system32\nvwddi.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\UAService7.exe c:\windows\SOUNDMAN.EXE c:\windows\system32\rundll32.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-07-26 20:09:01 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-26 17:08 ComboFix2.txt 2011-07-26 16:11 . Pre-Run: 4,826,783,744 bytes free Post-Run: 4,808,097,792 bytes free . - - End Of File - - EF5D67D1C6F97E86B6339CB855089F12

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добра работа...повторете сканирането с OTL с настройките от началния ми пост и публикувайте логовете. Ще продължим късно вечерта или утре, защото имам лични ангажименти.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравей отново! Благодаря ти за отделеното от теб време дотук ! Благодаря не само за точните инструкции, но и за коректното и любезно отношение. Мисля единствено да включа отново Windows Firewall, като все пак някаква защита ,докато компютъра работи. Очаквам следващата ни среща.До скоро! Така, OTL даде следния отчет,прикачвам.

OTL.Txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте отново...имаме още доста работа...

Тъй като си имаме работа с unicode characters с които форумната система не може да работи ще се наложи да използваме алтернативен метод.

Архивирам скрипт файла към поста си. Изтеглете го и го разархивирайте.

Стартирайте файла OTL.TXT и копирайте цялото съдържание с бутона Ctrl + A (за да го маркирате), след това Ctrl + C (за да го копирате) и след това Ctrl + V (за да го поставите в OTL под колонката Custom Scans/Fixes като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта).

След като въведете скрипта натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

Лог файла би трябвало да се съхранява в C:\_OTL\MovedFiles.

Изтеглете SystemLook и запазете програмата на десктопа.

  • Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
  • Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:
:reg
HKEY_USERS\S-1-5-21-602162358-813497703-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections /sub
  • Кликнете на бутона Look, за да започне сканирането.
  • Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.

OTL.zip

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добро утро! Така, OTL свърши с работата си, сега ще копирам резултата.Да изчакам ли с SystemLook докато анализираш OTL резултата? All processes killed ========== OTL ========== Service HidServ stopped successfully! Service HidServ deleted successfully! Service AntiVirService stopped successfully! Service AntiVirService deleted successfully! Service catchme stopped successfully! Service catchme deleted successfully! Error: Unable to stop service avgntflt! Unable to delete service\driver key avgntflt. File move failed. C:\WINDOWS\system32\drivers\avgntflt.sys scheduled to be moved on reboot. Service aswRdr stopped successfully! Service aswRdr deleted successfully! C:\WINDOWS\system32\drivers\aswRdr.sys moved successfully. Service ssmdrv stopped successfully! Service ssmdrv deleted successfully! C:\WINDOWS\system32\drivers\ssmdrv.sys moved successfully. Service avipbb stopped successfully! Service avipbb deleted successfully! C:\WINDOWS\system32\drivers\avipbb.sys moved successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Ask.com" removed from browser.search.order.1 C:\Documents and Settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\searchplugins\ask.xml moved successfully. C:\Documents and Settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\searchplugins\askcom.xml moved successfully. C:\Documents and Settings\Vlado Kurtev\Application Data\Mozilla\Firefox\Profiles\rvbk65cl.default\searchplugins\conduit.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-21-602162358-813497703-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Program Files\Windows NT\dwm.exe deleted successfully. C:\Program Files\Windows NT\dwm.exe moved successfully. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Program Files\Windows NT\dwm.exe deleted successfully. File C:\Program Files\Windows NT\dwm.exe not found. File C:\WINDOWS\System32\drivers\aswRdr.sys not found. C:\WINDOWS\system32\drivers\aswTdi.sys moved successfully. C:\WINDOWS\system32\drivers\aavmker4.sys moved successfully. C:\WINDOWS\system32\drivers\aswSP.sys moved successfully. C:\WINDOWS\system32\AvastSS.scr moved successfully. C:\WINDOWS\system32\drivers\aswmon2.sys moved successfully. C:\WINDOWS\system32\drivers\aswmon.sys moved successfully. C:\WINDOWS\system32\drivers\aswFsBlk.sys moved successfully. C:\WINDOWS\system32\aswBoot.exe moved successfully. C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk moved successfully. C:\Documents and Settings\Vlado Kurtev\Application Data\FDFA.A02 moved successfully. C:\WINDOWS\geoiplist moved successfully. C:\WINDOWS\geoiplist.rar moved successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:4BF2F6B5 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:6152D44C deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:1940DBE8 deleted successfully. Unable to delete ADS C:\WINDOWS: . ADS C:\Documents and Settings\All Users\Application Data\TEMP:66B13F37 deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49219 bytes User: Vlado Kurtev ->Temp folder emptied: 3141 bytes ->Temporary Internet Files folder emptied: 335766 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 64965348 bytes ->Google Chrome cache emptied: 103147259 bytes ->Flash cache emptied: 456 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 53768 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 483 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 161.00 mb OTL by OldTimer - Version 3.2.26.1 log created on 07272011_094654 Files\Folders moved on Reboot... C:\WINDOWS\system32\drivers\avgntflt.sys moved successfully. Registry entries deleted on Reboot...

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Преди да продължим трябва да премахнем още един ред...(явно не съм запазил документа като UNICODE, а като ANSI). Да опитаме отново...пак изтеглете прикачения файл и повторете инструкциите ми от предишния ми пост. След това продължете със SystemLook.

OTL.Txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Така, направих операцията с OTL, а после и тази с SystemLook. Ето резуртата от SystemLook : SystemLook 04.09.10 by jpshortstuff Log created at 10:45 on 27/07/2011 by Vlado Kurtev Administrator - Elevation successful ========== reg ========== [HKEY_USERS\S-1-5-21-602162358-813497703-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows] "DebugOptions"="2048" "Documents"="" "DosPrint"="no" "NetMessage"="no" "NullPort"="None" "Programs"="com exe bat pif cmd" "Device"="Microsoft XPS Document Writer,winspool,Ne00:" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections] "DefaultConnectionSettings"=46 00 00 00 99 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 38 d9 73 4a 6e c8 01 01 00 00 00 57 e3 cb 99 00 00 00 00 00 00 00 00 00 00 00 00 (REG_BINARY) "SavedLegacySettings"=46 00 00 00 c8 48 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 38 d9 73 4a 6e c8 01 01 00 00 00 57 e3 cb 99 00 00 00 00 00 00 00 00 00 00 00 00 (REG_BINARY) -= EOF =- IСега виждам , че в папката : C:\_OTL\MovedFiles има нов Notepad файл от OTL.Ето какво пише в него: ========== OTL ========== Unable to delete ADS C:\WINDOWS: . ========== COMMANDS ========== OTL by OldTimer - Version 3.2.26.1 log created on 07272011_104004

Редактирано от vratarqt (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Аххх как мразя Unicode...

Отворете прикачение файл от вашия пост тук:

Под секцията:

========== Alternate Data Streams ==========

ще видите един ред с името @Alternate Data Stream - 108 bytes -> C:\WINDOWS (с един ченгел отзад)...

копирайте този ред в OTL....

Над него сложете следния ред:

:OTL

тук сложете реда @Alternate Data Stream - 108 bytes -> C:\WINDOWS с ченгела отзад и натиснете Run Fix.

Публикувайте лог файла,

Дано да се получи.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход


  • Подобни теми

    • от beemer
      Здравейте, както съм споделил тук, имам съмнение за заразен компютър, като опитвайки се да инсталирам Malwarebytes не успявам да го отворя по никакъв начин, което ме навява още по-силно на съмнението, че съм барнал вирус.
      Прикачвам репорт файловете.
      Ще помоля за вашето съдействие.
       
      Addition.txt
      FRST.txt
    • от porata
      Добър ден. Мисля че съм се заразил от някъде с доста неприятни вируси
      Днес забелязах че след рестарт на машината първото нещо което стартира след като се пусне лин-а е някакъв произволен сайт в този случай сайт с няккакви реклами..
      Както и самата машина някак си започна да забива и насича 
      Ети логовете



       
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
      Ran by GAMEPC (administrator) on GAMEPC-PC (10-01-2018 17:49:26)
      Running from C:\Users\GAMEPC\Downloads
      Loaded Profiles: GAMEPC (Available Profiles: GAMEPC)
      Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Български (България)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [AutoKMS] => C:\Windows\AutoKMS.exe [615936 2017-09-08] ()
      HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-17] (Disc Soft Ltd)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Viber] => C:\Users\GAMEPC\AppData\Local\Viber\Viber.exe [34472016 2017-12-12] (Viber Media S.à r.l.)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Discord] => C:\Users\GAMEPC\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [GAMEPC] => explorer.exe hxxp://ozirizsoos.info <==== ATTENTION
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\MountPoints2: {609d2171-c4d2-11e7-a1c0-048d38748987} - E:\Lenovo_Suite.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 87.121.24.12
      Tcpip\..\Interfaces\{F8E6BFBF-08DD-4CEC-8468-25670AF9DFE4}: [DhcpNameServer] 87.121.24.12
      Internet Explorer:
      ==================
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-21] (Oracle Corporation)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-21] (Oracle Corporation)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-21] (Oracle Corporation)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-21] (Oracle Corporation)
      FireFox:
      ========
      FF DefaultProfile: mrpwyf7s.default
      FF ProfilePath: C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default [2018-01-10]
      FF Homepage: Mozilla\Firefox\Profiles\mrpwyf7s.default -> google.bg
      FF Extension: (uBlock Origin) - C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\Extensions\uBlock0@raymondhill.net.xpi [2017-12-26]
      FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-21] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-21] (Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
      FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-21] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-21] (Oracle Corporation)
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-04] (NVIDIA Corporation)
      FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-04] (NVIDIA Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
      Chrome: 
      =======
      CHR StartupUrls: Default -> "hxxp://google.bg/"
      CHR Profile: C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default [2018-01-10]
      CHR Extension: (Презентации) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Документи) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Диск) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-08]
      CHR Extension: (YouTube) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-08]
      CHR Extension: (Таблици) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Документи офлайн) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-08]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-08]
      CHR Extension: (Gmail) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-08]
      CHR Extension: (Chrome Media Router) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-12]
      Opera: 
      =======
      OPR Extension: (uBlock Origin) - C:\Users\GAMEPC\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2017-12-16]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-16] ()
      R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291392 2017-08-17] (Disc Soft Ltd)
      S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2017-12-08] (EasyAntiCheat Ltd)
      R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
      S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
      S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2017-09-08] (Realtek Semiconductor.) [File not signed]
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-06-20] (Microsoft Corporation)
      R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651136 2017-09-08] (Microsoft Corporation) [File not signed]
      R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
      R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2017-09-08] (Advanced Micro Devices Inc.)
      R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-09-11] (Disc Soft Ltd)
      R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-09-11] (Disc Soft Ltd)
      R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-09-08] (REALiX(tm))
      S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2017-09-08] (Qualcomm Atheros Co., Ltd.)
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-16] (NVIDIA Corporation)
      R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-11-16] (NVIDIA Corporation)
      R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-11-16] (NVIDIA Corporation)
      R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [61656 2017-09-08] (Realtek Semiconductor Corporation )
      S3 BEDaisy; \??\C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [X]
      S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-01-10 17:49 - 2018-01-10 17:49 - 000013425 _____ C:\Users\GAMEPC\Downloads\FRST.txt
      2018-01-10 17:48 - 2018-01-10 17:49 - 000000000 ____D C:\FRST
      2018-01-10 17:47 - 2018-01-10 17:47 - 002393088 _____ (Farbar) C:\Users\GAMEPC\Downloads\FRST64.exe
      2018-01-10 16:50 - 2018-01-10 16:50 - 000047308 _____ C:\Users\GAMEPC\Downloads\Malcolm.S05.BGAUDIO.torrent
      2018-01-10 15:52 - 2018-01-09 21:50 - 000000230 ___SH C:\Users\Public\Libraries.ini
      2018-01-08 22:48 - 2018-01-08 22:48 - 000025438 _____ C:\Users\GAMEPC\Downloads\Malcolm in the Middle Season 4 TVRip BGAudio [***].torrent
      2018-01-08 18:01 - 2018-01-08 18:01 - 000000000 ____D C:\Program Files (x86)\VulkanRT
      2018-01-08 18:01 - 2018-01-04 02:01 - 000137528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
      2018-01-08 18:01 - 2017-11-02 22:15 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
      2018-01-08 18:01 - 2017-11-02 22:15 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
      2018-01-08 18:01 - 2017-11-02 22:15 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
      2018-01-08 18:01 - 2017-11-02 22:14 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
      2018-01-08 18:00 - 2018-01-08 18:00 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
      2018-01-08 17:58 - 2018-01-04 03:39 - 040269624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 035278136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 035179080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 027856456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 019796008 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 018730328 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 017303112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
      2018-01-08 17:58 - 2018-01-04 03:39 - 016450056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 015408072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 013430632 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 012842984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 011015584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 010900248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 003902448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 003874728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 003432944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 001975184 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439065.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 001674544 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439065.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 001134952 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 001125688 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 001054512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000988144 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000939504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000885680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000616240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000528312 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000506672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000447424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000226760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
      2018-01-08 17:58 - 2018-01-04 03:39 - 000171896 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000154208 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000149736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000132072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000045600 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
      2018-01-08 17:58 - 2018-01-04 03:39 - 000000669 _____ C:\Windows\system32\nv-vk64.json
      2018-01-06 18:55 - 2018-01-06 18:55 - 000019998 _____ C:\Users\GAMEPC\Downloads\Malcolm in the Middle Season 3 TVRip BGAudio [***].torrent
      2018-01-05 18:31 - 2018-01-05 18:31 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Electronic Arts
      2018-01-05 18:13 - 2018-01-05 18:13 - 000000000 ____D C:\Users\GAMEPC\Documents\PCSX2
      2018-01-05 18:12 - 2018-01-05 18:12 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\PCSX2
      2018-01-05 18:02 - 2018-01-05 18:02 - 000039666 _____ C:\Users\GAMEPC\Downloads\Harry.Potter.and.the.Deathly.Hallows.Part.2-SKIDROW.torrent
      2018-01-05 18:02 - 2018-01-05 18:02 - 000039666 _____ C:\Users\GAMEPC\Downloads\Harry.Potter.and.the.Deathly.Hallows.Part.2-SKIDROW (1).torrent
      2018-01-05 18:02 - 2018-01-05 18:02 - 000006830 _____ C:\Users\GAMEPC\Downloads\Harry.Potter.and.The.Deathly.Hallows.Part.2.Proper.CRACK.ONLY-RELOADED.torrent
      2018-01-05 17:59 - 2018-01-05 17:59 - 000060214 _____ C:\Users\GAMEPC\Downloads\Crash_titans_pc_rus.iso (1).torrent
      2018-01-05 17:58 - 2018-01-05 17:58 - 000060214 _____ C:\Users\GAMEPC\Downloads\Crash_titans_pc_rus.iso.torrent
      2018-01-04 22:15 - 2018-01-04 22:15 - 000024355 _____ C:\Users\GAMEPC\Downloads\Malcolm.In.Тhe.Middle.S02.TVRiP.BGAUDiO-GOMBO.torrent
      2018-01-03 21:18 - 2018-01-03 21:18 - 000016750 _____ C:\Users\GAMEPC\Downloads\Malcolm.In.Тhe.Middle.S01.TVRiP.BGAUDiO-GOMBO.torrent
      2018-01-02 14:13 - 2018-01-02 14:13 - 000014967 _____ C:\Users\GAMEPC\Downloads\The.X.Files.I.Want.to.Believe.2008.DVDRip.XviD.BGAUDiO-SiSO.torrent
      2018-01-02 14:12 - 2018-01-02 14:12 - 000034573 _____ C:\Users\GAMEPC\Downloads\The.X.Files.I.Want.to.Believe.2008.DC.480p.BDRip.XviD.AC3-AsA.torrent
      2018-01-02 14:12 - 2018-01-02 14:12 - 000025883 _____ C:\Users\GAMEPC\Downloads\The.X.Files.I.Want.to.Believe.2008.DirCut.720p.BluRay.DTS.x264_ESiR.(subs.sab.bz).rar
      2018-01-02 13:49 - 2018-01-02 13:49 - 000014977 _____ C:\Users\GAMEPC\Downloads\The.X.Files.1998.BDRip.XviD.Dual.Audio[Bul-Eng]-TBO (1).torrent
      2018-01-02 13:47 - 2018-01-02 13:47 - 000014977 _____ C:\Users\GAMEPC\Downloads\The.X.Files.1998.BDRip.XviD.Dual.Audio[Bul-Eng]-TBO.torrent
      2018-01-02 09:53 - 2018-01-02 09:53 - 000114625 _____ C:\Users\GAMEPC\Downloads\Bright.2017.HDRip.XviD.AC3-EVO.torrent
      2018-01-02 09:53 - 2018-01-02 09:53 - 000039426 _____ C:\Users\GAMEPC\Downloads\bright.2017.1080p.nf.web-dl.dd5.1.h.264-ika(subsunacs.net).rar
      2017-12-28 21:02 - 2017-12-28 21:02 - 000035829 _____ C:\Users\GAMEPC\Downloads\The X Files S01 ep10-12.torrent
      2017-12-28 21:02 - 2017-12-28 21:02 - 000034149 _____ C:\Users\GAMEPC\Downloads\The X Files S01 ep07-09.torrent
      2017-12-28 18:17 - 2017-12-28 18:17 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\TslGame
      2017-12-28 17:03 - 2017-12-28 17:03 - 000000222 _____ C:\Users\GAMEPC\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS.url
      2017-12-28 17:03 - 2017-12-28 17:03 - 000000222 _____ C:\Users\GAMEPC\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS (Test Server).url
      2017-12-27 21:05 - 2017-12-27 21:05 - 000034969 _____ C:\Users\GAMEPC\Downloads\The X Files S01 ep04-06.torrent
      2017-12-27 21:04 - 2017-12-27 21:04 - 000070165 _____ C:\Users\GAMEPC\Downloads\The X Files S01 ep01-03 (1).torrent
      2017-12-27 19:01 - 2017-12-27 19:01 - 000070165 _____ C:\Users\GAMEPC\Downloads\The X Files S01 ep01-03.torrent
      2017-12-27 17:54 - 2017-12-27 17:54 - 000068903 _____ C:\Users\GAMEPC\Downloads\The.X-Files.S10.1080p.BluRay.AVC.x264.MULTi.AC3-STM.torrent
      2017-12-26 18:47 - 2017-12-26 18:47 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\GAMEPC\Downloads\flashplayer28_ka_install.exe
      2017-12-25 18:43 - 2017-12-25 18:43 - 000014387 _____ C:\Users\GAMEPC\Downloads\Scooby.Doo.And.The.Loch.Ness.Monster.2004.DVDRip.XviD.BGAUDIO-RRGroup.torrent
      2017-12-25 18:42 - 2017-12-25 18:42 - 000014469 _____ C:\Users\GAMEPC\Downloads\Scooby.Doo.Pirates.Ahoy.2006.DVDRip.XviD.BGAUDIO-RRGroup.torrent
      2017-12-25 18:41 - 2017-12-25 18:41 - 000016605 _____ C:\Users\GAMEPC\Downloads\Scooby-Doo.and.the.Alien.Invaders(2000)[BGAudio]TVRip.XviD-CoveR.avi.torrent
      2017-12-25 18:40 - 2017-12-25 18:40 - 000015973 _____ C:\Users\GAMEPC\Downloads\Scooby-Doo! and the Monster of Mexico (2003) [BG Audio] TVRip.XviD-CoveR.avi.torrent
      2017-12-25 18:40 - 2017-12-25 18:40 - 000015973 _____ C:\Users\GAMEPC\Downloads\Scooby-Doo! and the Monster of Mexico (2003) [BG Audio] TVRip.XviD-CoveR.avi (1).torrent
      2017-12-24 20:09 - 2017-12-24 20:09 - 000014490 _____ C:\Users\GAMEPC\Downloads\The.Nut.Job.2014.BDRip.XviD.BGaudio-REFLUX.torrent
      2017-12-24 14:27 - 2017-12-24 14:27 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Adobe
      2017-12-23 21:42 - 2017-12-23 21:42 - 001556480 _____ C:\Users\GAMEPC\Downloads\Непотвърдено 653969.crdownload
      2017-12-21 16:16 - 2017-12-16 02:21 - 001990128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438871.dll
      2017-12-21 16:16 - 2017-12-16 02:21 - 001674736 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438871.dll
      2017-12-17 17:07 - 2017-12-17 17:47 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Might & Magic Heroes VI
      2017-12-17 17:07 - 2017-12-17 17:17 - 000000000 ____D C:\Users\GAMEPC\Documents\Might & Magic Heroes VI
      2017-12-17 17:07 - 2017-12-17 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Repack by Fenixx
      2017-12-17 16:27 - 2017-12-17 16:27 - 000038163 _____ C:\Users\GAMEPC\Downloads\Might & Magic.Heroes 6.Gold Edition.v 2.1.1.0 + 4 DLC.(Бука).(2012).Repack.torrent
      2017-12-17 15:54 - 2017-12-17 15:54 - 000003429 _____ C:\Users\GAMEPC\Downloads\DiRT Rally Hotfix v1.0.109.3940 - BAT.torrent
      2017-12-17 15:53 - 2017-12-17 15:53 - 000105021 _____ C:\Users\GAMEPC\Downloads\DiRT.Rally-RELOADED.torrent
      2017-12-16 22:49 - 2017-12-16 22:50 - 004228256 _____ (Husdawg, LLC) C:\Users\GAMEPC\Downloads\Detection.exe
      2017-12-16 16:33 - 2017-12-16 16:33 - 000000000 ____D C:\Users\GAMEPC\Documents\Diablo III
      2017-12-16 13:58 - 2017-12-16 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
      2017-12-16 13:53 - 2017-12-16 15:13 - 000000000 ____D C:\Users\GAMEPC\Documents\StarCraft II
      2017-12-16 13:52 - 2017-12-16 14:34 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
      2017-12-16 13:48 - 2017-12-16 14:38 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Blizzard Entertainment
      2017-12-16 13:47 - 2017-12-16 13:47 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Blizzard
      2017-12-16 13:46 - 2017-12-16 13:47 - 000000000 ____D C:\ProgramData\Battle.net
      2017-12-16 13:46 - 2017-12-16 13:46 - 004215792 _____ (Blizzard Entertainment) C:\Users\GAMEPC\Downloads\StarCraft-II-Setup.exe
      2017-12-14 14:20 - 2017-12-14 14:21 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Viber
      2017-12-11 21:56 - 2018-01-10 16:01 - 000002131 _____ C:\Users\GAMEPC\Desktop\Discord.lnk
      2017-12-11 21:55 - 2018-01-10 16:01 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Discord
      2017-12-11 21:55 - 2017-12-11 21:55 - 054332920 _____ (Discord Inc.) C:\Users\GAMEPC\Downloads\DiscordSetup (1).exe
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-01-10 17:45 - 2009-07-14 07:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-01-10 17:45 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2018-01-10 17:41 - 2017-12-06 18:25 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\ViberPC
      2018-01-10 17:41 - 2017-09-23 17:42 - 000000000 ____D C:\Program Files (x86)\Steam
      2018-01-10 17:41 - 2017-09-08 13:25 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Skype
      2018-01-10 17:40 - 2017-09-08 13:03 - 000000000 ____D C:\ProgramData\NVIDIA
      2018-01-10 17:39 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-01-10 17:32 - 2009-07-14 06:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-01-10 17:32 - 2009-07-14 06:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-01-10 17:30 - 2017-09-08 12:34 - 000000000 ____D C:\Program Files (x86)\Opera
      2018-01-10 17:16 - 2017-09-10 00:33 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\qBittorrent
      2018-01-10 16:34 - 2017-09-08 12:51 - 000000000 ____D C:\Users\GAMEPC\AppData\LocalLow\Mozilla
      2018-01-10 16:01 - 2017-10-13 15:36 - 000000000 ____D C:\Users\GAMEPC\Documents\ViberDownloads
      2018-01-10 16:01 - 2017-09-09 21:09 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
      2018-01-10 16:01 - 2017-09-09 21:09 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\discord
      2018-01-10 16:01 - 2017-09-08 13:05 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\NVIDIA
      2018-01-10 15:58 - 2017-09-08 12:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2018-01-10 15:58 - 2017-09-08 12:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2018-01-09 21:27 - 2017-09-18 18:14 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2018-01-09 21:27 - 2017-09-18 18:14 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2018-01-09 21:27 - 2017-09-18 18:14 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
      2018-01-09 21:27 - 2017-09-18 18:14 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2018-01-09 21:27 - 2017-09-18 18:14 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2018-01-09 21:27 - 2017-09-18 18:14 - 000000000 ____D C:\Windows\system32\Macromed
      2018-01-09 17:15 - 2017-09-08 12:35 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-01-09 17:15 - 2017-09-08 12:35 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-01-08 18:02 - 2017-09-08 13:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
      2018-01-08 18:02 - 2017-09-08 12:20 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
      2018-01-08 18:02 - 2017-09-08 12:20 - 000000000 ____D C:\Program Files\NVIDIA Corporation
      2018-01-05 18:41 - 2017-09-08 14:54 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\CrashDumps
      2018-01-05 18:28 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2018-01-04 16:47 - 2017-09-27 00:35 - 000000000 ____D C:\Users\GAMEPC\Documents\Euro Truck Simulator 2
      2018-01-04 03:39 - 2017-09-08 13:02 - 019677112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
      2018-01-04 03:39 - 2017-09-08 13:02 - 004375648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
      2018-01-04 03:39 - 2017-09-08 13:02 - 000492048 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
      2018-01-04 03:39 - 2017-09-08 12:22 - 022573984 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
      2018-01-04 03:39 - 2017-09-08 12:21 - 000045386 _____ C:\Windows\system32\nvinfo.pb
      2018-01-04 03:39 - 2017-09-08 12:19 - 001682288 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
      2018-01-04 02:33 - 2017-09-08 13:03 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
      2018-01-04 01:50 - 2017-09-08 13:03 - 005951336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 002588232 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 001768480 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 000631880 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 000450352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 000123704 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 000081992 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
      2017-12-28 18:18 - 2017-09-08 13:05 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\NVIDIA Corporation
      2017-12-28 18:17 - 2017-09-08 12:20 - 000000000 ____D C:\ProgramData\Package Cache
      2017-12-25 18:46 - 2017-09-10 00:39 - 000000973 _____ C:\Users\GAMEPC\Desktop\PotPlayer 64 bit.lnk
      2017-12-24 21:07 - 2017-09-08 13:03 - 007928821 _____ C:\Windows\system32\nvcoproc.bin
      2017-12-21 16:10 - 2017-09-08 12:35 - 000003864 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1504866897
      2017-12-17 17:48 - 2017-11-29 18:58 - 000000000 ____D C:\ProgramData\Codemasters
      2017-12-17 17:48 - 2017-09-28 19:51 - 000000000 ____D C:\Users\GAMEPC\Documents\My Games
      2017-12-17 17:07 - 2017-11-28 17:35 - 000000000 ____D C:\ProgramData\Orbit
      2017-12-16 21:51 - 2017-09-08 12:51 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Mozilla
      2017-12-15 15:29 - 2017-09-08 12:20 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
      2017-12-11 21:56 - 2017-09-09 21:09 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\SquirrelTemp
      Some files in TEMP:
      ====================
      2017-12-28 18:19 - 2017-12-28 18:19 - 000000180 _____ () C:\Users\GAMEPC\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
      2017-12-28 18:19 - 2018-01-09 18:20 - 000000016 _____ () C:\Users\GAMEPC\AppData\Local\Temp\9cfeec25b194d212cb1a549f559db4ab.dll
      2011-04-29 03:10 - 2011-04-29 03:10 - 002027328 _____ (Electronic Arts, Inc.) C:\Users\GAMEPC\AppData\Local\Temp\installerdll1824963827.dll
      2011-04-29 03:10 - 2011-04-29 03:10 - 002027328 _____ (Electronic Arts, Inc.) C:\Users\GAMEPC\AppData\Local\Temp\installerdll1824966448.dll
      2017-10-21 13:00 - 2017-10-21 13:00 - 001856576 _____ (Oracle Corporation) C:\Users\GAMEPC\AppData\Local\Temp\jre-8u151-windows-au.exe
      2017-11-15 00:12 - 2017-10-27 18:06 - 000760032 _____ (NVIDIA Corporation) C:\Users\GAMEPC\AppData\Local\Temp\nvSCPAPI.dll
      2017-09-08 13:03 - 2017-12-16 00:47 - 000874880 _____ (NVIDIA Corporation) C:\Users\GAMEPC\AppData\Local\Temp\nvSCPAPI64.dll
      2017-11-15 00:09 - 2017-12-16 00:47 - 000371000 _____ (NVIDIA Corporation) C:\Users\GAMEPC\AppData\Local\Temp\nvStInst.exe
      2011-04-29 03:31 - 2011-04-29 03:31 - 034523568 _____ (Electronic Arts, Inc.) C:\Users\GAMEPC\AppData\Local\Temp\Setup.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-01-10 17:08
      ==================== End of FRST.txt ============================











       
      Addition_10-01-2018 17.50.21.txt
    • от Васил Джамбазов
      Както казва заглавието когато влизам в различни страници и трябва да ми излезе това captcha дето проверавя дали съм робот но не ми излиза нищо. Или само си върти или напълно нищо не показва. Пробвал съм със 4 различни браузъри и наквсякъде е същото. Рових в нета сумати време и нищо не ми помага. Де-инсталирах антивирусна, махах всички екстенжъни на браузърите и няма резултат. Мисля че проблема ми е в самия компютър някъде.  
      - Не разполагам с компакт диск за ОС. 
       
       
      Addition.txt
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
      Ran by userr (administrator) on USERR-PC (24-12-2017 01:13:05)
      Running from E:\scoped_dir3952_30355
      Loaded Profiles: userr (Available Profiles: userr)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Bulgarian (Bulgaria)
      Internet Explorer Version 11 (Default browser: Opera)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
      (Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      () C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      () C:\Windows\SysWOW64\PnkBstrA.exe
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
      () C:\Program Files (x86)\qBittorrent\qbittorrent.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Gaijin Entertainment) C:\Users\userr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
      (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
      HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
      HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-23] (AVAST Software)
      HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
      HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2014-01-30] (ABBYY Production LLC.)
      HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2016-03-03] ()
      HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "D:\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [15377920 2014-04-29] ()
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [Gaijin.Net Agent] => C:\Users\userr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2268232 2017-11-01] (Gaijin Entertainment)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\MountPoints2: {87819dae-0c57-11e4-9eea-d050991a0dfa} - G:\setup.exe
      AppInit_DLLs: C:\Users\userr\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => No File
      IFEO\bitguard.exe: [Debugger] tasklist.exe
      IFEO\bprotect.exe: [Debugger] tasklist.exe
      IFEO\bpsvc.exe: [Debugger] tasklist.exe
      IFEO\browserdefender.exe: [Debugger] tasklist.exe
      IFEO\browserprotect.exe: [Debugger] tasklist.exe
      IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
      IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
      IFEO\jumpflip: [Debugger] tasklist.exe
      IFEO\protectedsearch.exe: [Debugger] tasklist.exe
      IFEO\searchinstaller.exe: [Debugger] tasklist.exe
      IFEO\searchprotection.exe: [Debugger] tasklist.exe
      IFEO\searchprotector.exe: [Debugger] tasklist.exe
      IFEO\searchsettings.exe: [Debugger] tasklist.exe
      IFEO\searchsettings64.exe: [Debugger] tasklist.exe
      IFEO\snapdo.exe: [Debugger] tasklist.exe
      IFEO\stinst32.exe: [Debugger] tasklist.exe
      IFEO\stinst64.exe: [Debugger] tasklist.exe
      IFEO\umbrella.exe: [Debugger] tasklist.exe
      IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
      IFEO\volaro: [Debugger] tasklist.exe
      IFEO\vonteera: [Debugger] tasklist.exe
      IFEO\websteroids.exe: [Debugger] tasklist.exe
      IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
      Startup: C:\Users\userr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Изрязване на екран и стартиране на OneNote 2010.lnk [2017-04-19]
      ShortcutTarget: Изрязване на екран и стартиране на OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      AutoConfigURL: [S-1-5-21-845983760-1135253478-3104952537-1000] => hxxp://un-stop.net/wpad.dat?c88dfa84e125e454a786d466e2e3db8a7686672
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
      Tcpip\..\Interfaces\{5650381A-159B-4673-BC63-260706D9F749}: [DhcpNameServer] 192.168.100.1
      ManualProxies: 0hxxp://un-stop.net/wpad.dat?c88dfa84e125e454a786d466e2e3db8a7686672
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1431722435&z=60bd0491cc64661fd12a8edg0zcc0g3m0oeo1zbcat&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13800&tm=449&src=ds&p={searchTerms}
      SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13800&tm=449&src=ds&p={searchTerms}
      SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-15] (Oracle Corporation)
      BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-12-23] (AVAST Software)
      BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
      BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-15] (Oracle Corporation)
      BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-15] (Oracle Corporation)
      BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-12-23] (AVAST Software)
      BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-15] (Oracle Corporation)
      StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1431722400&z=cc566e9454f28cf2ca26295g0z7cdgamco6odz3eec&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX
      FireFox:
      ========
      FF ProfilePath: C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default [2017-12-24]
      FF user.js: detected! => C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\user.js [2016-03-15]
      FF Extension: (Avast SafePrice) - C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\Extensions\sp@avast.com.xpi [2017-12-23]
      FF Extension: (Avast Online Security) - C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\Extensions\wrc@avast.com.xpi [2017-12-23]
      FF SearchPlugin: C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\searchplugins\default-search.xml [2014-08-24]
      FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-15] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-15] (Oracle Corporation)
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-12-05] (Adobe Systems, Inc.)
      FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-15] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-15] (Oracle Corporation)
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-01] (NVIDIA Corporation)
      FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-01] (NVIDIA Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR Profile: C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default [2017-12-24]
      CHR Extension: (Assassin's Creed IV Black Flag) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibflpbghgmiinfaefgnldmfajdance [2017-06-01]
      CHR Extension: (Docs) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-19]
      CHR Extension: (YouTube) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-20]
      CHR Extension: (Google Docs Offline) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
      CHR Extension: (Gmail) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-19]
      CHR Extension: (Chrome Media Router) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\userr\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [2014-08-24]
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      Opera: 
      =======
      OPR Extension: (Adblock Plus) - C:\Users\userr\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-09-29]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC)
      S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-23] (AVAST Software)
      R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2015-09-25] (Autodesk) [File not signed]
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-23] (AVAST Software)
      S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-01-26] (BitRaider, LLC)
      S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6532664 2016-08-06] (GOG.com)
      S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
      R2 mi-raysat_3dsMax2009_64; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [65536 2008-03-09] () [File not signed]
      S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4121080 2011-06-13] (INCA Internet Co., Ltd.) [File not signed]
      R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
      S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
      R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-04-01] (NVIDIA Corporation)
      R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
      R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-24] ()
      S3 TunngleService; D:\Tunngle\TnglCtrl.exe [809424 2015-10-27] (Tunngle.net GmbH) [File not signed]
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      S2 Ds3Service; "D:\Downloads\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe" [X]
      S3 GalaxyClientService; "C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe" [X]
      S2 Hamachi2Svc; "D:\LogMeIn Hamachi\x64\hamachi-2.exe" -s [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2017-12-23] (AVAST Software)
      S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2017-12-23] (AVAST Software)
      S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2017-12-23] (AVAST Software)
      S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2017-12-23] (AVAST Software)
      S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2017-12-23] (AVAST Software)
      R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2017-12-23] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2017-12-23] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146664 2017-12-23] (AVAST Software)
      S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2017-12-23] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2017-12-23] (AVAST Software)
      S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2017-12-23] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457400 2017-12-23] (AVAST Software)
      S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2017-12-23] (AVAST Software)
      S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2017-12-23] (AVAST Software)
      S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2016-06-30] ()
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-07-15] (DT Soft Ltd)
      S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-01-24] ()
      R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2016-06-30] ()
      R3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2014-09-16] (MotioninJoy) [File not signed]
      S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
      R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
      R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-04-01] (NVIDIA Corporation)
      R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
      S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [21888 2006-01-29] (Syncrosoft GmbH) [File not signed]
      R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
      U3 aswbdisk; no ImagePath
      S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
      S3 dump_wmimmc; \??\D:\Phantasy Star Universe\PHANTASY STAR UNIVERSE\GameGuard\dump_wmimmc.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-24 01:12 - 2017-12-24 01:13 - 000000000 ____D C:\FRST
      2017-12-23 12:34 - 2017-12-23 12:34 - 000000000 ____D C:\ProgramData\SWCUTemp
      2017-12-23 03:20 - 2017-12-23 03:20 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-23 03:20 - 2017-12-23 03:20 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-23 03:20 - 2017-12-23 03:20 - 000004474 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
      2017-12-23 03:20 - 2017-12-23 03:20 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-23 02:44 - 2017-12-23 02:44 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
      2017-12-23 02:44 - 2017-12-23 02:44 - 000001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2017-12-23 02:44 - 2017-12-23 02:44 - 000000000 ____D C:\Users\userr\AppData\Roaming\AVAST Software
      2017-12-23 02:44 - 2017-12-23 02:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
      2017-12-23 02:43 - 2017-12-23 02:41 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      2017-12-23 02:43 - 2017-12-23 02:41 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
      2017-12-23 02:39 - 2017-12-23 02:39 - 000000000 ____D C:\Program Files\AVAST Software
      2017-12-23 02:30 - 2017-12-23 02:38 - 000000000 ____D C:\Users\userr\AppData\Local\AvgSetupLog
      2017-12-23 02:07 - 2017-12-24 01:10 - 000000000 ____D C:\Users\userr\AppData\LocalLow\Mozilla
      2017-12-23 02:06 - 2017-12-23 02:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-12-23 02:06 - 2017-12-23 02:06 - 000000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-12-10 18:50 - 2017-12-10 19:16 - 000000000 ____D C:\Users\userr\AppData\Roaming\Kodi
      2017-12-10 18:50 - 2017-12-10 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
      2017-12-10 18:49 - 2017-12-10 18:50 - 000000000 ____D C:\Program Files (x86)\Kodi
      2017-12-06 22:46 - 2017-12-06 22:46 - 000000000 ____D C:\Program Files\Common Files\Avast Software
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-24 00:38 - 2014-07-15 18:17 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-23 12:42 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 12:42 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 12:34 - 2014-07-15 17:50 - 000000000 ____D C:\ProgramData\NVIDIA
      2017-12-23 12:33 - 2014-08-24 19:53 - 000000000 ____D C:\Users\userr\AppData\Roaming\AVG
      2017-12-23 12:33 - 2014-08-24 19:53 - 000000000 ____D C:\Users\userr\AppData\Local\AVG
      2017-12-23 12:33 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-12-23 03:20 - 2014-08-26 10:46 - 000000000 ____D C:\Users\userr\AppData\Local\Adobe
      2017-12-23 03:20 - 2014-07-15 18:17 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-23 03:16 - 2016-01-03 00:01 - 000000000 ____D C:\Users\userr\AppData\Local\CrashDumps
      2017-12-23 02:38 - 2016-05-15 19:06 - 000000000 ____D C:\ProgramData\AVAST Software
      2017-12-23 02:38 - 2014-08-24 19:52 - 000000000 ____D C:\ProgramData\AVG
      2017-12-23 02:07 - 2014-07-15 18:21 - 000000000 ____D C:\Users\userr\AppData\Roaming\Mozilla
      2017-12-23 02:06 - 2014-07-15 18:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-21 04:29 - 2014-10-16 22:00 - 000003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1413489654
      2017-12-21 04:29 - 2014-07-15 18:15 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2017-12-21 04:29 - 2014-07-15 18:15 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2017-12-20 12:42 - 2014-07-15 22:11 - 000000000 ____D C:\Program Files (x86)\Opera
      2017-12-12 02:54 - 2014-07-15 18:15 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-10 19:02 - 2014-07-18 10:15 - 000000000 ____D C:\Program Files (x86)\Winamp
      2017-12-02 15:06 - 2016-02-27 13:58 - 000000000 ____D C:\Users\userr\AppData\Roaming\vlc
      2017-11-30 19:55 - 2009-07-14 07:13 - 000800086 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-11-30 19:55 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      ==================== Files in the root of some directories =======
      2015-06-28 11:25 - 2015-06-28 12:50 - 000003958 _____ () C:\Users\userr\AppData\Roaming\LTspiceIV.ini
      2016-01-01 23:01 - 2016-01-15 22:41 - 000007168 _____ () C:\Users\userr\AppData\Roaming\SQLiteManager3.pref
      2016-03-10 19:19 - 2016-03-10 19:19 - 000003584 _____ () C:\Users\userr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2014-07-23 18:59 - 2016-02-24 12:08 - 000000601 _____ () C:\Users\userr\AppData\Local\DialogChoices.xml
      2016-12-14 12:38 - 2016-12-14 12:38 - 000000600 _____ () C:\Users\userr\AppData\Local\PUTTY.RND
      2015-05-29 13:21 - 2015-05-29 13:21 - 000003992 _____ () C:\Users\userr\AppData\Local\recently-used.xbel
      2016-01-01 23:13 - 2009-09-24 21:36 - 000000486 _____ () C:\Users\userr\AppData\Local\uninstall.html
      Some files in TEMP:
      ====================
      2015-09-25 10:11 - 2014-07-31 18:54 - 000015752 _____ (Autodesk, Inc.) C:\Users\userr\AppData\Local\Temp\AcDeltree.exe
      2016-12-09 15:51 - 2016-12-09 15:51 - 000223744 _____ (Un4seen Developments) C:\Users\userr\AppData\Local\Temp\Bass.dll
      2016-12-09 15:51 - 2016-12-09 15:51 - 000647168 _____ (radio42) C:\Users\userr\AppData\Local\Temp\Bass.Net.dll
      2016-04-16 11:05 - 2016-04-16 11:05 - 000385024 _____ (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\Crysis_Patch_1_2_launcher.exe
      2016-04-22 16:02 - 2016-04-23 19:52 - 000208896 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7340014.dll
      2016-04-22 16:08 - 2016-04-23 19:41 - 000204800 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7370014.dll
      2016-04-23 19:57 - 2016-04-24 10:30 - 000204800 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7390004.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000027352 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\DseShExt-x64.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000029912 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\DseShExt-x86.dll
      2015-12-15 08:20 - 2015-12-15 08:20 - 000010240 _____ () C:\Users\userr\AppData\Local\Temp\fh2communityupdaterselfupdate.exe
      2016-06-13 18:37 - 2016-06-13 18:37 - 001962752 _____ (Flexera Software LLC) C:\Users\userr\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
      2015-01-29 15:58 - 2006-01-09 06:35 - 000159744 ____R () C:\Users\userr\AppData\Local\Temp\GMfc.dll
      2016-03-21 16:06 - 2016-03-21 16:06 - 001022043 _____ (                                                            ) C:\Users\userr\AppData\Local\Temp\ICReinstall_HDVideoPlayer.exe
      2016-07-28 09:16 - 2016-07-28 09:16 - 000741440 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u101-windows-au.exe
      2016-10-22 10:00 - 2016-10-22 10:00 - 000737856 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u111-windows-au.exe
      2017-01-21 09:41 - 2017-01-21 09:41 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u121-windows-au.exe
      2017-04-25 10:50 - 2017-04-25 10:50 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u131-windows-au.exe
      2017-07-21 08:54 - 2017-07-21 08:54 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u141-windows-au.exe
      2017-11-15 11:43 - 2017-11-15 11:43 - 001856576 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u151-windows-au.exe
      2016-03-27 09:48 - 2016-03-27 09:48 - 000736320 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u77-windows-au.exe
      2016-04-24 10:15 - 2016-04-24 10:15 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u91-windows-au.exe
      2015-01-29 15:58 - 1999-12-17 14:00 - 000995383 ____R (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\Mfc42.dll
      2015-01-29 15:58 - 1999-12-17 14:00 - 000295000 ____R (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\MSVCRT.dll
      2016-03-07 10:20 - 2016-03-07 10:20 - 005495448 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe
      2016-08-16 17:42 - 2016-08-16 17:42 - 006359496 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.23.exe
      2016-01-25 13:38 - 2016-01-25 13:38 - 006350128 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.6.exe
      2017-01-02 12:39 - 2017-01-02 12:39 - 006456560 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.63.11.exe
      2017-06-14 10:20 - 2017-06-14 10:20 - 006441096 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.63.14.exe
      2015-09-01 18:07 - 2016-08-25 22:50 - 000746088 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvSCPAPI.dll
      2015-11-22 12:40 - 2015-11-14 07:54 - 000835776 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvSCPAPI64.dll
      2015-10-13 12:53 - 2015-07-23 02:46 - 000783688 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvStInst.exe
      2015-08-04 14:25 - 2015-08-04 14:25 - 000032984 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\SDShelEx-win32.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000031960 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\SDShelEx-x64.dll
      2006-01-04 09:04 - 2006-01-04 09:04 - 000098304 ____R () C:\Users\userr\AppData\Local\Temp\Setup.exe
      2016-06-23 10:10 - 2016-07-05 21:28 - 000192512 _____ () C:\Users\userr\AppData\Local\Temp\sfamcc00001.dll
      2015-02-10 19:56 - 2015-02-10 19:56 - 000105984 _____ () C:\Users\userr\AppData\Local\Temp\sfextra.dll
      2016-09-12 19:41 - 2016-09-12 19:42 - 036634172 _____ (Bogdan Ureche                                               ) C:\Users\userr\AppData\Local\Temp\SQLiteExpertPersSetup.exe
      2015-01-29 15:58 - 2006-01-09 18:37 - 000393216 ____R () C:\Users\userr\AppData\Local\Temp\UnivUI.dll
      2015-12-20 20:03 - 2015-12-20 20:03 - 013977352 _____ (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\vcredist_2015_Update_1_x86.exe
      2016-09-02 18:27 - 2016-09-02 18:28 - 000003584 _____ () C:\Users\userr\AppData\Local\Temp\_j5iljyu.dll
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-19 00:16
      ==================== End of FRST.txt ============================
      FRST.txt
    • от Емилиян Радоев
      Лаптома ми се товарии загрява мисля, че имам вируси в системата
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
      Ran by Emiliyan (administrator) on WISE (20-12-2017 16:03:52)
      Running from C:\Users\Emiliyan\Downloads
      Loaded Profiles: Emiliyan (Available Profiles: Emiliyan)
      Platform: Windows 8 (X64) Language: English (United States)
      Internet Explorer Version 10 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AMD) C:\Windows\System32\atiesrxx.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
      (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
      (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
      (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
      (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
      (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [] => [X]
      HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
      HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
      HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
      HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
      HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
      HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
      HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
      HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-12-19] (AVAST Software)
      HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
      HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-22] (Pegatron Corporation)
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-17] (Disc Soft Ltd)
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\Run: [Chromium] => "c:\users\emiliyan\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\MountPoints2: {3200876f-a128-11e7-be97-74e543b067e1} - "E:\stp-fifa17.exe" 
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\MountPoints2: {5d49cdaf-cde8-11e7-bea2-74e543b067e1} - "F:\Install.exe" 
      Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Tcpip\..\Interfaces\{4162F2B5-AEAE-42DB-9CD1-CF34657B6E2D}: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Tcpip\..\Interfaces\{72560D0F-2D93-4ECB-9356-DBA41E983165}: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
      SearchScopes: HKU\S-1-5-21-3433298263-1705697951-3842491668-1001 -> DefaultScope {0117524D-8F49-4D9B-B308-983D78D06507} URL = 
      BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
      BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
      Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
      Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
      FireFox:
      ========
      FF DefaultProfile: 1dnbjirw.default
      FF ProfilePath: C:\Users\Emiliyan\AppData\Roaming\Mozilla\Firefox\Profiles\1dnbjirw.default [2017-12-20]
      FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
      FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-07-24] (Nero AG)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
      FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
      Chrome: 
      =======
      CHR Profile: C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default [2017-12-20]
      CHR Extension: (Slides) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Docs) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Google Drive) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-21]
      CHR Extension: (YouTube) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-21]
      CHR Extension: (Google Docs Offline) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-21]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-21]
      CHR Extension: (Gmail) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-21]
      CHR Extension: (Chrome Media Router) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-12-19] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-12-19] (AVAST Software)
      R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291392 2017-08-17] (Disc Soft Ltd)
      R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
      R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
      R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
      R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-08-03] (McAfee, Inc.)
      R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-08-03] (McAfee, Inc.)
      R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-08-03] (McAfee, Inc.)
      S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
      R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-05-26] (McAfee, Inc.)
      R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-05-26] (McAfee, Inc.)
      R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-05-26] (McAfee, Inc.)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
      S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-12-19] (AVAST Software)
      S1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-12-19] (AVAST Software s.r.o.)
      R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-12-19] (AVAST Software s.r.o.)
      R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-12-19] (AVAST Software s.r.o.)
      R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-12-19] (AVAST Software s.r.o.)
      S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-12-19] (AVAST Software)
      R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-12-19] (AVAST Software)
      R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-12-19] (AVAST Software)
      R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-12-19] (AVAST Software)
      R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-12-19] (AVAST Software)
      R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-12-19] (AVAST Software)
      R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-12-19] (AVAST Software)
      R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-12-19] (AVAST Software)
      R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
      S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [69672 2012-08-03] (McAfee, Inc.)
      S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
      R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-09-24] (Disc Soft Ltd)
      R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-09-24] (Disc Soft Ltd)
      R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [169320 2012-08-03] (McAfee, Inc.)
      R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [300392 2012-08-03] (McAfee, Inc.)
      S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [66736 2012-07-19] (McAfee, Inc.)
      R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [513456 2012-08-03] (McAfee, Inc.)
      R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [752672 2012-08-03] (McAfee, Inc.)
      S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [106112 2012-08-03] (McAfee, Inc.)
      R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [335784 2012-08-03] (McAfee, Inc.)
      R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
      R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
      S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-20 16:03 - 2017-12-20 16:04 - 000015501 _____ C:\Users\Emiliyan\Downloads\FRST.txt
      2017-12-20 16:03 - 2017-12-20 16:03 - 002392064 _____ (Farbar) C:\Users\Emiliyan\Downloads\FRST64.exe
      2017-12-20 16:03 - 2017-12-20 16:03 - 000000000 ____D C:\FRST
      2017-12-20 15:51 - 2017-12-20 15:51 - 001931969 _____ C:\Users\Emiliyan\Downloads\ProcessExplorer.zip
      2017-12-19 22:11 - 2017-12-20 00:14 - 000000000 ____D C:\Users\Emiliyan\Downloads\In.Time.2011.BRRip.XviD.BGAudio-SLSS
      2017-12-19 22:10 - 2017-12-19 22:23 - 000000000 ____D C:\Users\Emiliyan\Downloads\We're.the.Millers.2013.BDRip.XviD.BGAUDiO-SLSS
      2017-12-19 19:41 - 2017-12-19 19:42 - 000000000 ____D C:\Users\Emiliyan\Downloads\Spico
      2017-12-19 19:35 - 2017-12-19 19:44 - 000000000 ____D C:\Users\Emiliyan\Downloads\KMSpico 9.2.3
      2017-12-19 19:32 - 2017-12-19 19:32 - 000000000 ____D C:\ProgramData\SWCUTemp
      2017-12-19 19:27 - 2017-12-19 19:27 - 000000000 ____D C:\Users\Emiliyan\Downloads\KMSpico_10.2.0
      2017-12-19 19:12 - 2017-12-20 15:36 - 000000000 ____D C:\Program Files\KMSpico
      2017-12-19 19:12 - 2017-12-19 19:12 - 000003742 _____ C:\WINDOWS\System32\Tasks\Optimize Thumbnail Cache Files
      2017-12-19 19:12 - 2017-12-19 19:12 - 000003272 _____ C:\WINDOWS\System32\Tasks\InstallShield® Update Service Scheduler
      2017-12-19 18:45 - 2017-12-19 18:45 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\AVAST Software
      2017-12-19 18:43 - 2017-12-19 19:11 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
      2017-12-19 18:43 - 2017-12-19 18:43 - 000001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2017-12-19 18:43 - 2017-12-19 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
      2017-12-19 18:43 - 2017-12-19 18:43 - 000000000 ____D C:\Program Files\Common Files\Avast Software
      2017-12-19 18:42 - 2017-12-19 18:43 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
      2017-12-19 18:42 - 2017-12-19 18:42 - 000001087 _____ C:\Users\Emiliyan\Desktop\Your Unin-staller!.lnk
      2017-12-19 18:42 - 2017-12-19 18:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
      2017-12-19 18:42 - 2017-12-19 18:42 - 000000000 ____D C:\Program Files (x86)\Your Uninstaller! 7
      2017-12-19 18:42 - 2017-12-19 18:41 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
      2017-12-19 18:41 - 2017-12-20 15:36 - 000000000 ____D C:\Users\Emiliyan\AppData\Local\{F5EAC3B6-D142-AF0E-BCDA-8AE698B2767E}
      2017-12-19 18:41 - 2017-12-19 18:54 - 000000000 ____D C:\ProgramData\TEMP
      2017-12-19 18:41 - 2017-12-19 18:41 - 006822592 _____ (URSoft, Inc. ) C:\Users\Emiliyan\Downloads\your_uninstaller [1].exe
      2017-12-19 18:41 - 2017-12-19 18:41 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
      2017-12-19 18:41 - 2017-12-19 18:41 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\URSoft
      2017-12-19 18:39 - 2017-12-20 15:37 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Opera Software
      2017-12-19 18:39 - 2017-12-20 15:37 - 000000000 ____D C:\Users\Emiliyan\AppData\Local\Opera Software
      2017-12-19 18:39 - 2017-12-19 18:39 - 000000000 ____D C:\Program Files\AVAST Software
      2017-12-19 18:38 - 2017-12-19 18:38 - 007289800 _____ (URSoft, Inc. ) C:\Users\Emiliyan\Downloads\yusetup7.exe
      2017-12-19 18:38 - 2017-12-19 18:38 - 000002657 _____ C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk
      2017-12-19 13:42 - 2017-12-19 13:42 - 000281568 _____ C:\WINDOWS\Minidump\121917-26937-01.dmp
      2017-12-19 13:30 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\DigitalPlayground -  Janice Griffith (50 Ways To Fuck) 12 november 2014 [.mp4]
      2017-12-19 13:28 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\TeensLikeItBig - Elsa Jean, Gia Paige, Gina Valentina (The Cocksuckers Club)
      2017-12-19 13:27 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\Naughty Bookworms - Lexi Diamond
      2017-12-19 13:27 - 2017-12-19 13:27 - 000008240 _____ C:\Users\Emiliyan\Downloads\TeensLikeItBig - Elsa Jean, Gia Paige, Gina Valentina (The Cocksuckers Club).torrent
      2017-12-19 13:26 - 2017-12-19 13:26 - 000017308 _____ C:\Users\Emiliyan\Downloads\Naughty Bookworms - Lexi Diamond.torrent
      2017-12-19 13:26 - 2017-12-19 13:26 - 000013206 _____ C:\Users\Emiliyan\Downloads\DigitalPlayground -  Janice Griffith (50 Ways To Fuck) 12 november 2014 [.mp4].torrent
      2017-12-19 13:22 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\Tiny4K- Elsa Jean - Big Game Tiny Hole
      2017-12-19 13:22 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\KAYLEE HAZE aka Kylie Nicole - Break My Hymen
      2017-12-19 13:22 - 2017-12-19 13:22 - 000019856 _____ C:\Users\Emiliyan\Downloads\Tiny4K- Elsa Jean - Big Game Tiny Hole.torrent
      2017-12-19 13:22 - 2017-12-19 13:22 - 000016441 _____ C:\Users\Emiliyan\Downloads\KAYLEE HAZE aka Kylie Nicole - Break My Hymen.torrent
      2017-12-19 13:18 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\RKPrimeReality - Apolonia Lapiedra - Apolonias Blew Movie
      2017-12-19 13:17 - 2017-12-19 13:17 - 000013807 _____ C:\Users\Emiliyan\Downloads\RKPrimeReality - Apolonia Lapiedra - Apolonias Blew Movie.torrent
      2017-12-19 13:15 - 2017-12-19 13:15 - 000019694 _____ C:\Users\Emiliyan\Downloads\TeensLikeItBig - Janice Griffith.torrent
      2017-12-19 13:15 - 2017-12-19 13:15 - 000018341 _____ C:\Users\Emiliyan\Downloads\BangbrosClips - Piper Perri (Pipe Her!! And By Her, We Mean Pipeperr!) NEW February 19 2015 SD MP4s.torrent
      2017-12-19 13:08 - 2017-12-19 13:08 - 000014431 _____ C:\Users\Emiliyan\Downloads\RKPrime - Tiffany Watson (Naughty Trainer).torrent
      2017-12-19 12:57 - 2017-12-19 12:57 - 000016656 _____ C:\Users\Emiliyan\Downloads\Elsa Jean - Bubble Blonde.torrent
      2017-12-19 12:19 - 2017-12-19 12:19 - 018316917 _____ C:\Users\Emiliyan\Downloads\Drift Pack.rar
      2017-12-17 23:39 - 2017-12-17 23:39 - 000000627 _____ C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\arhiv.lnk
      2017-12-14 00:48 - 2017-12-14 00:48 - 000000000 _____ C:\Users\Emiliyan\Desktop\New Text Document (2).txt
      2017-12-12 14:12 - 2017-12-12 14:12 - 000281512 _____ C:\WINDOWS\Minidump\121217-37562-01.dmp
      2017-12-11 20:22 - 2017-12-11 20:22 - 000000000 ____D C:\Mu BattleZone Hard (No Sound)(1)
      2017-12-11 20:01 - 2017-12-11 20:02 - 092586941 _____ C:\Mu BattleZone Hard (No Sound)(1).rar
      2017-12-07 16:14 - 2017-12-07 16:14 - 000000000 ____D C:\Users\Emiliyan\Downloads\1231
      2017-12-07 16:13 - 2017-12-07 16:14 - 092586941 _____ C:\Users\Emiliyan\Downloads\1231.rar
      2017-12-07 13:12 - 2017-12-07 13:12 - 000015260 _____ C:\Users\Emiliyan\Downloads\ReVolt_17.1124a.exe.torrent
      2017-11-24 14:44 - 2017-11-24 14:44 - 016270006 _____ C:\Users\Emiliyan\Downloads\sa-mp-0.3.7-install (1).exe
      2017-11-24 14:38 - 2017-12-18 18:43 - 000000000 ____D C:\Users\Emiliyan\Documents\GTA San Andreas User Files
      2017-11-24 14:38 - 2017-11-24 14:38 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
      2017-11-24 14:38 - 2017-11-24 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
      2017-11-24 14:28 - 2017-11-24 14:28 - 000001914 _____ C:\Users\Public\Desktop\GTA San Andreas.lnk
      2017-11-24 14:28 - 2017-11-24 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
      2017-11-24 14:28 - 2017-11-24 14:28 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
      2017-11-24 14:04 - 2017-11-24 14:04 - 016270006 _____ C:\Users\Emiliyan\Downloads\sa-mp-0.3.7-install.exe
      2017-11-24 14:04 - 2017-11-24 14:04 - 000000000 ____D C:\Users\Emiliyan\Downloads\crack
      2017-11-24 14:03 - 2017-11-24 14:03 - 004811976 _____ C:\Users\Emiliyan\Downloads\crack.rar
      2017-11-24 14:03 - 2017-11-24 14:03 - 000162504 _____ C:\Users\Emiliyan\Downloads\[ArenaBG.com]-Grand Theft Auto (GTA) San Andreas-HOODLUM.torrent
      2017-11-23 17:55 - 2017-12-19 18:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-20 15:51 - 2017-06-22 01:33 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\uTorrent
      2017-12-20 15:46 - 2017-06-22 14:55 - 000000000 ____D C:\Users\Emiliyan\AppData\LocalLow\Mozilla
      2017-12-20 12:14 - 2017-06-22 14:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2017-12-19 19:37 - 2012-07-26 09:28 - 000848230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2017-12-19 19:37 - 2012-07-26 07:37 - 000000000 ____D C:\WINDOWS\Inf
      2017-12-19 19:31 - 2017-06-22 00:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
      2017-12-19 19:30 - 2012-07-26 09:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-12-19 19:12 - 2012-08-29 23:53 - 000000000 ____D C:\WINDOWS\System32\Tasks\Toshiba
      2017-12-19 19:10 - 2017-07-07 21:08 - 000000000 ____D C:\Users\Emiliyan\Downloads\simson
      2017-12-19 18:52 - 2012-08-30 09:14 - 000000000 ____D C:\WINDOWS\Panther
      2017-12-19 18:52 - 2012-07-26 10:12 - 000000000 ___HD C:\Program Files\WindowsApps
      2017-12-19 18:52 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\AUInstallAgent
      2017-12-19 18:41 - 2017-09-24 18:24 - 000000000 ____D C:\ProgramData\AVAST Software
      2017-12-19 13:56 - 2017-11-19 22:13 - 000000000 ____D C:\Users\Emiliyan\Downloads1
      2017-12-19 13:42 - 2017-06-22 12:00 - 000000000 ____D C:\WINDOWS\Minidump
      2017-12-19 13:42 - 2017-06-22 11:59 - 715990818 _____ C:\WINDOWS\MEMORY.DMP
      2017-12-18 21:49 - 2017-10-12 12:37 - 000222208 ___SH C:\Users\Emiliyan\Desktop\Thumbs.db
      2017-12-12 22:20 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
      2017-12-12 22:20 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2017-12-12 14:11 - 2017-06-22 14:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-12 08:49 - 2017-09-21 16:27 - 000002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-12 08:49 - 2017-09-21 16:27 - 000002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-12-11 00:40 - 2017-06-22 14:53 - 000000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-11-24 15:37 - 2017-09-25 19:03 - 000281088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2017-11-24 15:36 - 2012-07-26 07:26 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
      2017-11-24 14:28 - 2012-08-29 23:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
      2017-11-23 17:56 - 2017-06-22 14:55 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Mozilla
      2017-11-23 17:56 - 2017-06-22 14:53 - 000000935 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
      ==================== Files in the root of some directories =======
      2017-06-22 01:24 - 2017-06-22 01:24 - 000007606 _____ () C:\Users\Emiliyan\AppData\Local\Resmon.ResmonCfg
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-15 14:17
      ==================== End of FRST.txt ============================
      Addition.txt
    • от embolado
      Здравейте! От няколко дни NOD32 периодично ми изкарва съобщението от картинката, което ме кара да се съмянвам, че компютъра ми има вирус.

      Ето и логовете от FRST
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
      Ran by USER (administrator) on USER-PC (23-12-2017 17:16:05)
      Running from C:\Users\USER\Desktop
      Loaded Profiles: USER (Available Profiles: USER)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
      Internet Explorer Version 10 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
      (Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
      (Node.js) C:\Windows\Prey\versions\1.7.2\bin\node.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
      () D:\Install\Testing Tools\quietHDD\quietHDD.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
      (Fork, Ltd.) C:\Windows\Prey\versions\1.7.2\node_modules\triggers\bin\lightevt.exe
      (HP) C:\Windows\System32\HPSIsvc.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
      (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
      (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
      (ESET) C:\Program Files\ESET\ESET Security\egui.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [324352 2017-12-21] (ESET)
      HKLM-x32\...\Run: [] => [X]
      HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
      HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [322432 2012-04-04] (Hewlett-Packard Company)
      HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-05-14] (IVT Corporation)
      Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
      Winlogon\Notify\WgaLogon:
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {027c0954-011d-11e7-92c7-b4b52f788ef4} - F:\DriverPack.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {95871b5f-00b7-11e7-8cf1-b4b52f788ef4} - F:\DriverPack.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {d96b13d4-6d84-11e5-92f1-b4b52f788ef4} - H:\setup.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {e6bf35c6-0111-11e7-8df9-b4b52f788ef4} - F:\DriverPack.exe
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\...\MountPoints2: {e80d797e-c983-11e5-bc97-b4b52f788ef4} - F:\setup.exe
      AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2014-05-16] (Jaksta Technologies Pty Ltd)
      Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quietHDD.lnk [2013-03-09]
      ShortcutTarget: quietHDD.lnk -> D:\Install\Testing Tools\quietHDD\quietHDD.exe ()
      GroupPolicy: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      ProxyServer: [S-1-5-21-2316775370-2964681540-2297035872-1000] => https=127.0.0.1:54745
      Hosts: 127.0.0.1   www.martau.com
      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{3D41CC7B-1CA0-4A34-B378-EF83D183B83F}: [NameServer] 8.8.8.8,8.8.4.4
      Tcpip\..\Interfaces\{42A1B73C-2FD5-4744-A1AC-DD4C68DBB756}: [DhcpNameServer] 192.168.1.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.bg/
      HKU\S-1-5-21-2316775370-2964681540-2297035872-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      SearchScopes: HKU\S-1-5-21-2316775370-2964681540-2297035872-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
      BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
      BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
      Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
      Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
      FireFox:
      ========
      FF DefaultProfile: bx4xcpl7.default
      FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default [2017-12-23]
      FF Homepage: Mozilla\Firefox\Profiles\bx4xcpl7.default -> google.bg
      FF NewTabOverride: Mozilla\Firefox\Profiles\bx4xcpl7.default -> Enabled: "id":"{66E978CD-981F-47DF-AC42-E3CF417C1467
      FF Extension: (MEGA) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\firefox@mega.co.nz.xpi [2017-11-17]
      FF Extension: (New Tab Homepage) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2017-11-18]
      FF Extension: (image-save) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{6f99b5da-d696-4a33-8cc4-072873422204}.xpi [2017-11-17]
      FF Extension: (Adblock Plus) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\bx4xcpl7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-13] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1630456 2013-06-07] (IVT Corporation)
      R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-05-14] (IVT Corporation)
      R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2017-11-22] (Fork, Ltd.) [File not signed]
      R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1940584 2017-12-21] (ESET)
      R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [368512 2012-04-04] (Hewlett-Packard Company)
      S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
      S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
      S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-08] (Microsoft Corporation) [File not signed]
      R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-09-06] (DEVGURU Co., LTD.)
      S4 STacSV; C:\Program Files\IDT\WDM\stacsv64.exe [323072 2012-09-20] (IDT, Inc.) [File not signed]
      S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [283480 2017-03-04] (Sysprogs OU)
      U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
      R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
      R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24840 2009-01-07] (IVT Corporation.)
      S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
      S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [35848 2008-12-07] ()
      S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-06] (Samsung Electronics Co., Ltd.)
      S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-06-04] (Disc Soft Ltd)
      S3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-10-08] (DT Soft Ltd)
      R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [134368 2017-12-08] (ESET)
      R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180088 2017-12-08] (ESET)
      R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [106304 2017-12-08] (ESET)
      S1 ISODrive; C:\Windows\SysWOW64\Drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
      S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [31624 2008-07-02] (IVT Corporation.)
      S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
      R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1162952 2013-07-13] (Ralink Technology, Corp.)
      R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1864328 2012-10-03] ()
      S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-06] (Samsung Electronics Co., Ltd.)
      U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
      U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
      S3 BT; system32\DRIVERS\btnetdrv.sys [X]
      S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
      S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
      S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
      S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
      S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
      S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
      S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
      S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
      S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
      S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
      S3 VComm; system32\DRIVERS\VComm.sys [X]
      S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
      S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-23 17:16 - 2017-12-23 17:16 - 000012226 _____ C:\Users\USER\Desktop\FRST.txt
      2017-12-23 17:15 - 2017-12-23 17:16 - 000000000 ____D C:\FRST
      2017-12-23 16:58 - 2017-12-23 16:58 - 002392064 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
      2017-12-14 23:52 - 2017-12-14 23:52 - 000000000 ____D C:\Users\USER\AppData\Local\Viber
      2017-11-29 17:30 - 2017-11-29 17:30 - 000000000 ____D C:\Users\USER\AppData\Roaming\ABBYY
      2017-11-28 23:28 - 2017-11-28 23:28 - 000002697 _____ C:\Users\Public\Desktop\Skype.lnk
      2017-11-28 23:28 - 2017-11-28 23:28 - 000000000 ___RD C:\Program Files (x86)\Skype
      2017-11-28 23:28 - 2017-11-28 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      2017-11-24 13:58 - 2017-12-11 17:13 - 000001438 _____ C:\Users\USER\Desktop\Mozilla Firefox.lnk
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-23 17:15 - 2017-03-03 19:29 - 000000000 ____D C:\Users\USER\AppData\LocalLow\Mozilla
      2017-12-23 17:14 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 17:14 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 17:09 - 2017-05-08 00:51 - 000000000 ____D C:\Users\USER\AppData\Roaming\Skype
      2017-12-23 17:08 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2017-12-23 17:06 - 2017-11-22 20:05 - 000000000 ____D C:\Windows\Prey
      2017-12-23 17:06 - 2013-09-13 16:20 - 000001017 _____ C:\Windows\SysWOW64\bscs.ini
      2017-12-23 17:06 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-12-23 16:55 - 2009-07-14 07:13 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-12-23 02:05 - 2013-04-26 22:50 - 000000000 ____D C:\Users\USER\AppData\Local\CrashDumps
      2017-12-23 00:51 - 2017-11-22 19:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
      2017-12-22 18:37 - 2014-11-03 20:17 - 000004096 _____ C:\Users\USER\AppData\Local\keyfile3.drm
      2017-12-22 01:38 - 2017-07-11 22:53 - 000000000 ____D C:\Users\USER\AppData\Roaming\uTorrent
      2017-12-21 21:59 - 2013-11-26 22:18 - 000000000 ____D C:\Users\USER\AppData\Roaming\vlc
      2017-12-18 15:30 - 2016-03-18 02:15 - 000012288 ___SH C:\Users\USER\AppData\Roaming\Thumbs.db
      2017-12-17 10:12 - 2017-10-21 08:34 - 000000000 ____D C:\Users\USER\AppData\Roaming\ViberPC
      2017-12-13 01:23 - 2017-11-17 22:38 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-13 01:23 - 2017-11-17 22:38 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-13 01:23 - 2017-11-17 22:38 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-13 01:23 - 2013-03-28 20:01 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-13 01:23 - 2012-12-29 22:02 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-09 11:17 - 2017-11-17 21:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-08 23:22 - 2017-11-17 21:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-12-08 20:25 - 2017-11-02 09:02 - 000134368 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
      2017-12-08 20:25 - 2017-10-09 16:49 - 000180088 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
      2017-12-08 20:25 - 2017-09-19 09:05 - 000106304 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
      2017-11-28 23:28 - 2012-12-30 00:31 - 000000000 ____D C:\ProgramData\Skype
      ==================== Files in the root of some directories =======
      2016-03-18 02:15 - 2017-12-18 15:30 - 000012288 ___SH () C:\Users\USER\AppData\Roaming\Thumbs.db
      2016-02-08 01:25 - 2016-02-08 01:25 - 000006529 _____ () C:\Users\USER\AppData\Roaming\UserTile.png
      2015-06-08 18:55 - 2015-08-20 17:08 - 000000031 _____ () C:\Users\USER\AppData\Local\burnaware.ini
      2013-04-18 15:40 - 2015-08-23 12:48 - 000007680 _____ () C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2017-09-25 20:21 - 2017-09-25 20:21 - 000000036 _____ () C:\Users\USER\AppData\Local\housecall.guid.cache
      2014-11-03 20:17 - 2017-12-22 18:37 - 000004096 _____ () C:\Users\USER\AppData\Local\keyfile3.drm
      2013-02-05 23:18 - 2013-02-05 23:18 - 000000001 _____ () C:\Users\USER\AppData\Local\llftool.4.25.agreement
      2015-06-19 18:43 - 2015-06-19 18:43 - 000000001 _____ () C:\Users\USER\AppData\Local\llftool.4.40.agreement
      2017-06-20 18:27 - 2017-06-20 18:27 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.1.10.agreement
      2017-08-28 22:48 - 2017-08-28 22:48 - 000000013 _____ () C:\Users\USER\AppData\Local\RawCopy.savedialog.dir
      2017-08-28 22:48 - 2017-08-28 22:48 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.savedialog.filterindex
      2017-06-20 18:27 - 2017-08-29 12:08 - 000000001 _____ () C:\Users\USER\AppData\Local\RawCopy.sourcedisk.index
      2013-02-18 20:48 - 2017-11-11 20:47 - 000007652 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-19 02:06
      ==================== End of FRST.txt ============================
       
       
      Addition.txt
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.