Премини към съдържанието

Препоръчан отговор


Здравейте преди няколко дена имах съмнения за вирус Anti-Malwarebytes сканирах и откри Rootkit.ZeroAccess и Rootkit.0Access.H казва че е успял да го премахне , но след това нямах Интернет. Според мен последствията са от него .Нито получавам нито изпраща пакети ! Беше загубил IP-adress. Зададох на ново IP и мрежа ОК. Сканирах многократно с Anti-Malwarebytes и Avast. Накрая програмите репортуват че не откриват нищо. Ще съм благодарен ако потвърдите или продължим да чистим системата. Прикачвам двата файла с логовете ! Благодаря и приятен ден Имам диск с XP . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2/11/2008 7:14:34 AM System Uptime: 4/5/2012 1:27:56 PM (1 hours ago) . Motherboard: MSI | | 0A90 Processor: Intel Pentium II processor | Socket 775 | 1596/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 139 GiB total, 119.087 GiB free. D: is FIXED (NTFS) - 10 GiB total, 8.204 GiB free. E: is Removable I: is NetworkDisk (NTFS) - 17 GiB total, 0.634 GiB free. T: is NetworkDisk (NTFS) - 17 GiB total, 0.634 GiB free. W: is NetworkDisk (NTFS) - 17 GiB total, 0.634 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318} Description: Communications Port Device ID: ACPI\PNP0501\1 Manufacturer: (Standard port types) Name: Communications Port (COM1) PNP Device ID: ACPI\PNP0501\1 Service: Serial . Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318} Description: Communications Port Device ID: ACPI\PNP0501\2 Manufacturer: (Standard port types) Name: Communications Port (COM2) PNP Device ID: ACPI\PNP0501\2 Service: Serial . Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: CD-ROM Drive Device ID: IDE\CDROMTSSTCORP_DVD-ROM_TS-H353B_______________BC03____\5&D53766A&0&0.0.0 Manufacturer: (Standard CD-ROM drives) Name: TSSTcorp DVD-ROM TS-H353B PNP Device ID: IDE\CDROMTSSTCORP_DVD-ROM_TS-H353B_______________BC03____\5&D53766A&0&0.0.0 Service: cdrom . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9.5.0 Advanced SystemCare 3 Autorun Virus Remover 2.3 avast! Free Antivirus DAEMON Tools Datakey CIP Dosprn v1.72 Empl2004 FlexType 2K Google Chrome Google Update Helper High Definition Audio Driver Package - KB888111 HiPath SIcurity Card API Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB981793) HP Backup and Recovery Manager HP Help and Support Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers InterVideo Register Manager InterVideo WinDVD IrfanView (remove only) Java™ SE Runtime Environment 6 Update 1 K-Lite Codec Pack 2.74 Full Malwarebytes Anti-Malware, Іµрсёя 1.60.1.1000 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Office Professional Edition 2003 Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 MSXML 6 Service Pack 2 (KB954459) PDF Complete QuickTime Realtek High Definition Audio Driver SA Dictionary 2005 T2 SCR3xx USB Smart Card Reader Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360131) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2416400) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) WebFldrs XP Webshots! Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 8 Windows XP Service Pack 3 ррхёІ°тѕр WinRAR фµє»°р°цёя О±р.1 ё 6 чсУТ+ (тµрсёя 2.13) . ==== Event Viewer Messages From Past Week ======== . 4/5/2012 8:46:13 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/5/2012 8:46:13 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/5/2012 8:41:57 AM, error: NetBT [4311] - Initialization failed because the driver device could not be created. 4/4/2012 9:35:23 AM, error: Service Control Manager [7001] - The avast! Antivirus service depends on the avast! Standard Shield Support service which failed to start because of the following error: The specified path is invalid. 4/4/2012 9:35:23 AM, error: Service Control Manager [7000] - The avast! Standard Shield Support service failed to start due to the following error: The specified path is invalid. 4/4/2012 9:29:19 AM, error: Service Control Manager [7001] - The avast! Antivirus service depends on the Clmtomcatstartersvc service which failed to start because of the following error: The system cannot find the path specified. 4/4/2012 9:26:15 AM, error: Service Control Manager [7023] - The Ctdvda2k service terminated with the following error: The specified module could not be found. 4/4/2012 9:22:37 AM, error: Service Control Manager [7023] - The Ctdvda2k service terminated with the following error: The specified procedure could not be found. 4/4/2012 9:21:29 AM, error: Service Control Manager [7023] - The Vwlogger service terminated with the following error: Access is denied. 4/4/2012 9:20:29 AM, error: Service Control Manager [7023] - The Snare service terminated with the following error: Access is denied. 4/4/2012 9:19:32 AM, error: Service Control Manager [7023] - The Usb20l service terminated with the following error: Access is denied. 4/4/2012 9:18:31 AM, error: Service Control Manager [7023] - The SE2Dbus service terminated with the following error: Access is denied. 4/4/2012 9:17:30 AM, error: Service Control Manager [7023] - The BrUsbSer service terminated with the following error: Access is denied. 4/4/2012 9:16:29 AM, error: Service Control Manager [7023] - The Downloadmanagerlite service terminated with the following error: Access is denied. 4/4/2012 9:15:29 AM, error: Service Control Manager [7023] - The Lxrjd31d service terminated with the following error: Access is denied. 4/4/2012 9:14:29 AM, error: Service Control Manager [7023] - The Rpskt service terminated with the following error: Access is denied. 4/4/2012 9:13:29 AM, error: Service Control Manager [7023] - The Hcf_msft service terminated with the following error: Access is denied. 4/4/2012 9:12:29 AM, error: Service Control Manager [7023] - The Penclass service terminated with the following error: Access is denied. 4/4/2012 9:11:29 AM, error: Service Control Manager [7023] - The Btwusb service terminated with the following error: Access is denied. 4/4/2012 9:10:28 AM, error: Service Control Manager [7023] - The Avidsdmservice service terminated with the following error: Access is denied. 4/4/2012 9:09:29 AM, error: Service Control Manager [7023] - The Nimcdlbk service terminated with the following error: Access is denied. 4/4/2012 9:08:29 AM, error: Service Control Manager [7023] - The USBCamera service terminated with the following error: Access is denied. 4/4/2012 9:07:29 AM, error: Service Control Manager [7023] - The Snoopfree service terminated with the following error: Access is denied. 4/4/2012 9:06:29 AM, error: Service Control Manager [7023] - The LXARScan service terminated with the following error: Access is denied. 4/4/2012 9:05:29 AM, error: Service Control Manager [7023] - The Slimsvc service terminated with the following error: Access is denied. 4/4/2012 9:04:29 AM, error: Service Control Manager [7023] - The Dpc_srv_webcast service terminated with the following error: Access is denied. 4/4/2012 9:03:29 AM, error: Service Control Manager [7023] - The EUSBMSD service terminated with the following error: Access is denied. 4/4/2012 9:02:29 AM, error: Service Control Manager [7023] - The Ikhfile service terminated with the following error: Access is denied. 4/4/2012 9:02:01 AM, error: Service Control Manager [7023] - The CBTNDIS5 service terminated with the following error: Access is denied. 4/4/2012 9:00:38 AM, error: Service Control Manager [7023] - The Tsdhd service terminated with the following error: Access is denied. 4/4/2012 8:59:55 AM, error: Service Control Manager [7023] - The Ohci1394 service terminated with the following error: Access is denied. 4/4/2012 8:58:29 AM, error: Service Control Manager [7023] - The Pdlndint service terminated with the following error: Access is denied. 4/4/2012 8:57:30 AM, error: Service Control Manager [7023] - The Rismxdp service terminated with the following error: Access is denied. 4/4/2012 8:56:29 AM, error: Service Control Manager [7023] - The Pnkbstrk service terminated with the following error: Access is denied. 4/4/2012 8:55:34 AM, error: Service Control Manager [7023] - The Artourservice service terminated with the following error: Access is denied. 4/4/2012 8:55:07 AM, error: Service Control Manager [7023] - The Marvinbus service terminated with the following error: Access is denied. 4/3/2012 8:27:31 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Z525obex service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The YMIDUSB service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The X10nets service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Wtcls2k service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The WNCPKT service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The WmBEnum service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Vrservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Vmsprog service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The VICESYS service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Us30service service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Upsmonservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Upperdev service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Tvs service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Tsmservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Tsircsrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Tmtdi service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Tfsndres service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Syslogd service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Symantecantibotwatcher service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sqlserveragent service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The SprintRcAppSvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Snpstd service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Smservauth service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Smartlinkservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sk9920nt service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sk99202k service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Si3114r service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sfusvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sentinel service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Scarddrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sbhooksvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The S616mdm service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The S125mgmt service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The S117unic service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Rspndr service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Rimmptsk service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Quickbooksdb service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Qmofiltr service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The PTDCMdm service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Psdvdisk service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Prohlp02 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ppped service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Point32 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Pnp680r service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The PGPwded service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Perfproc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Pdlnatcm service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Pdengine service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Pccsmcfd service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Papycpu2 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ofcpfwsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The NxSysMon service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Nvraid service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ntgrip service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Nsysaudm service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The NPPTNT service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Nipsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The NIPALK service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Nimdbgk service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Naiavfilter1 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The N558 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The N3900 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The MtxDma0 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The MTsensor service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Mssql$microsoftsmlbiz service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The MRESP50 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Milshieldcleaner service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Mhndrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Mfehidk service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Megamonitorsrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Mcmispupdmgr service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Lxdj_device service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Lxcd_device service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The LMouFilt service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Kraidsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Kbdhid service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Iwebmsg service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ireike service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The IPassP service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Inort service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Inorpc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Infrastructure service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Iftpsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The HSFHWALI service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Hpt3xx service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Hpgate service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The GT891x service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The GT680x service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Govsrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ghoststartservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The GcKernel service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Gbpoll service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Fsaa service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Fs_rec service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ezplay service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Eplpdx02 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Epfwtdi service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Egathdrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The EACSvrMngr service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ds1 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The DniVad service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Dlcg_device service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The DellAMBrokerService service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Defwatch service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ddxgb service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The CTEAPSFX.DLL service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Cs429x service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Cpsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Commserver service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Cobbmservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The CoachUsb service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The CnxTrUsb service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Clmtomcatstartersvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Cdvp service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Carboncopy32 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The CA561 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Btwdins service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Bthidenum service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The BrSerIf service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Brmfrmps service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Bobo service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Bjmcmng service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Backupclientsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Axinstsv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Avgclean service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The ATNT40K service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Atkdisplf service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Arkbcfltr service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Appnnode service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The AppnBase service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Appdrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Aolservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Angel2 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Amon service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Alcaudsl service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ahcix86s service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The AGV service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Agnfilt service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The A8djavs service terminated with the following error: The specified module could not be found. 4/3/2012 12:51:15 PM, error: Service Control Manager [7023] - The Cdvp service terminated with the following error: Access is denied. 4/3/2012 12:50:15 PM, error: Service Control Manager [7023] - The Commserver service terminated with the following error: Access is denied. 4/3/2012 12:49:16 PM, error: Service Control Manager [7023] - The Tvs service terminated with the following error: Access is denied. 4/3/2012 12:48:15 PM, error: Service Control Manager [7023] - The Nimdbgk service terminated with the following error: Access is denied. 4/3/2012 12:47:15 PM, error: Service Control Manager [7023] - The Eplpdx02 service terminated with the following error: Access is denied. 4/3/2012 12:46:16 PM, error: Service Control Manager [7023] - The Mssql$microsoftsmlbiz service terminated with the following error: Access is denied. 4/3/2012 12:45:15 PM, error: Service Control Manager [7023] - The Tsircsrv service terminated with the following error: Access is denied. 4/3/2012 12:44:15 PM, error: Service Control Manager [7023] - The Smartlinkservice service terminated with the following error: Access is denied. 4/3/2012 12:43:15 PM, error: Service Control Manager [7023] - The Ddxgb service terminated with the following error: Access is denied. 4/3/2012 12:42:15 PM, error: Service Control Manager [7023] - The Cs429x service terminated with the following error: Access is denied. 4/3/2012 12:41:15 PM, error: Service Control Manager [7023] - The AppnBase service terminated with the following error: Access is denied. 4/3/2012 12:40:15 PM, error: Service Control Manager [7023] - The Sk9920nt service terminated with the following error: Access is denied. 4/3/2012 12:39:15 PM, error: Service Control Manager [7023] - The Naiavfilter1 service terminated with the following error: Access is denied. 4/3/2012 12:38:15 PM, error: Service Control Manager [7023] - The Ahcix86s service terminated with the following error: Access is denied. 4/3/2012 12:37:15 PM, error: Service Control Manager [7023] - The Vmsprog service terminated with the following error: Access is denied. 4/3/2012 12:36:15 PM, error: Service Control Manager [7023] - The Rimmptsk service terminated with the following error: Access is denied. 4/3/2012 12:35:16 PM, error: Service Control Manager [7023] - The Vrservice service terminated with the following error: Access is denied. 4/3/2012 12:34:15 PM, error: Service Control Manager [7023] - The Si3114r service terminated with the following error: Access is denied. 4/3/2012 12:33:16 PM, error: Service Control Manager [7023] - The Ezplay service terminated with the following error: Access is denied. 4/3/2012 12:32:15 PM, error: Service Control Manager [7023] - The X10nets service terminated with the following error: Access is denied. 4/3/2012 12:31:15 PM, error: Service Control Manager [7023] - The Egathdrv service terminated with the following error: Access is denied. 4/3/2012 12:30:15 PM, error: Service Control Manager [7023] - The Pdlnatcm service terminated with the following error: Access is denied. 4/3/2012 12:29:15 PM, error: Service Control Manager [7023] - The Papycpu2 service terminated with the following error: Access is denied. 4/3/2012 12:28:16 PM, error: Service Control Manager [7023] - The NxSysMon service terminated with the following error: Access is denied. 4/3/2012 12:27:16 PM, error: Service Control Manager [7023] - The MTsensor service terminated with the following error: Access is denied. 4/3/2012 12:26:15 PM, error: Service Control Manager [7023] - The Fs_rec service terminated with the following error: Access is denied. 4/3/2012 12:25:15 PM, error: Service Control Manager [7023] - The Ireike service terminated with the following error: Access is denied. 4/3/2012 12:24:19 PM, error: Service Control Manager [7023] - The Sk99202k service terminated with the following error: Access is denied. 4/3/2012 12:23:16 PM, error: Service Control Manager [7023] - The Cobbmservice service terminated with the following error: Access is denied. 4/3/2012 12:22:26 PM, error: Service Control Manager [7023] - The PTDCMdm service terminated with the following error: Access is denied. 4/3/2012 12:21:27 PM, error: Service Control Manager [7023] - The Gbpoll service terminated with the following error: Access is denied. 4/3/2012 12:20:27 PM, error: Service Control Manager [7023] - The Brmfrmps service terminated with the following error: Access is denied. 4/3/2012 12:19:22 PM, error: Service Control Manager [7023] - The Us30service service terminated with the following error: Access is denied. 4/3/2012 12:17:25 PM, error: Service Control Manager [7023] - The DniVad service terminated with the following error: Access is denied. 4/3/2012 12:16:20 PM, error: Service Control Manager [7023] - The EACSvrMngr service terminated with the following error: Access is denied. 4/3/2012 12:15:15 PM, error: Service Control Manager [7023] - The Angel2 service terminated with the following error: Access is denied. 4/3/2012 12:14:15 PM, error: Service Control Manager [7023] - The Pnp680r service terminated with the following error: Access is denied. 4/3/2012 12:13:15 PM, error: Service Control Manager [7023] - The Snpstd service terminated with the following error: Access is denied. 4/3/2012 12:12:15 PM, error: Service Control Manager [7023] - The Sentinel service terminated with the following error: Access is denied. 4/3/2012 12:11:15 PM, error: Service Control Manager [7023] - The Tmtdi service terminated with the following error: Access is denied. 4/3/2012 12:10:15 PM, error: Service Control Manager [7023] - The Iftpsvc service terminated with the following error: Access is denied. 4/3/2012 12:09:15 PM, error: Service Control Manager [7023] - The Tsmservice service terminated with the following error: Access is denied. 4/3/2012 12:08:15 PM, error: Service Control Manager [7023] - The Axinstsv service terminated with the following error: Access is denied. 4/3/2012 12:07:16 PM, error: Service Control Manager [7023] - The Infrastructure service terminated with the following error: Access is denied. 4/3/2012 12:06:15 PM, error: Service Control Manager [7023] - The Lxcd_device service terminated with the following error: Access is denied. 4/3/2012 12:05:15 PM, error: Service Control Manager [7023] - The Scarddrv service terminated with the following error: Access is denied. 4/3/2012 12:04:15 PM, error: Service Control Manager [7023] - The S125mgmt service terminated with the following error: Access is denied. 4/3/2012 12:03:15 PM, error: Service Control Manager [7023] - The Defwatch service terminated with the following error: Access is denied. 4/3/2012 12:02:15 PM, error: Service Control Manager [7023] - The Mhndrv service terminated with the following error: Access is denied. 4/3/2012 12:01:16 PM, error: Service Control Manager [7023] - The Nvraid service terminated with the following error: Access is denied. 4/3/2012 12:00:15 PM, error: Service Control Manager [7023] - The NIPALK service terminated with the following error: Access is denied. 4/3/2012 11:59:16 AM, error: Service Control Manager [7023] - The Appdrv service terminated with the following error: Access is denied. 4/3/2012 11:58:15 AM, error: Service Control Manager [7023] - The Bjmcmng service terminated with the following error: Access is denied. 4/3/2012 11:57:18 AM, error: Service Control Manager [7023] - The GcKernel service terminated with the following error: Access is denied. 4/3/2012 11:56:15 AM, error: Service Control Manager [7023] - The Carboncopy32 service terminated with the following error: Access is denied. 4/3/2012 11:55:15 AM, error: Service Control Manager [7023] - The Sfusvc service terminated with the following error: Access is denied. 4/3/2012 11:54:16 AM, error: Service Control Manager [7023] - The WNCPKT service terminated with the following error: Access is denied. 4/3/2012 11:53:15 AM, error: Service Control Manager [7023] - The Nsysaudm service terminated with the following error: Access is denied. 4/3/2012 11:52:15 AM, error: Service Control Manager [7023] - The Bthidenum service terminated with the following error: Access is denied. 4/3/2012 11:51:15 AM, error: Service Control Manager [7023] - The Ghoststartservice service terminated with the following error: Access is denied. 4/3/2012 11:50:15 AM, error: Service Control Manager [7023] - The ATNT40K service terminated with the following error: Access is denied. 4/3/2012 11:49:15 AM, error: Service Control Manager [7023] - The Bobo service terminated with the following error: Access is denied. 4/3/2012 11:48:15 AM, error: Service Control Manager [7023] - The SprintRcAppSvc service terminated with the following error: Access is denied. 4/3/2012 11:47:15 AM, error: Service Control Manager [7023] - The Clmtomcatstartersvc service terminated with the following error: Access is denied. 4/3/2012 11:46:15 AM, error: Service Control Manager [7023] - The Kbdhid service terminated with the following error: Access is denied. 4/3/2012 11:45:15 AM, error: Service Control Manager [7023] - The CnxTrUsb service terminated with the following error: Access is denied. 4/3/2012 11:44:15 AM, error: Service Control Manager [7023] - The A8djavs service terminated with the following error: Access is denied. 4/3/2012 11:43:16 AM, error: Service Control Manager [7023] - The S117unic service terminated with the following error: Access is denied. 4/3/2012 11:42:15 AM, error: Service Control Manager [7023] - The Psdvdisk service terminated with the following error: Access is denied. 4/3/2012 11:41:15 AM, error: Service Control Manager [7023] - The Mfehidk service terminated with the following error: Access is denied. 4/3/2012 11:40:15 AM, error: Service Control Manager [7023] - The Backupclientsvc service terminated with the following error: Access is denied. 4/3/2012 11:39:15 AM, error: Service Control Manager [7023] - The Avgclean service terminated with the following error: Access is denied. 4/3/2012 11:38:15 AM, error: Service Control Manager [7023] - The NPPTNT service terminated with the following error: Access is denied. 4/3/2012 11:37:15 AM, error: Service Control Manager [7023] - The Iwebmsg service terminated with the following error: Access is denied. 4/3/2012 11:36:15 AM, error: Service Control Manager [7023] - The Z525obex service terminated with the following error: Access is denied. 4/3/2012 11:35:15 AM, error: Service Control Manager [7023] - The Wtcls2k service terminated with the following error: Access is denied. 4/3/2012 11:34:15 AM, error: Service Control Manager [7023] - The YMIDUSB service terminated with the following error: Access is denied. 4/3/2012 11:33:15 AM, error: Service Control Manager [7023] - The Ds1 service terminated with the following error: Access is denied. 4/3/2012 11:32:16 AM, error: Service Control Manager [7023] - The Sqlserveragent service terminated with the following error: Access is denied. 4/3/2012 11:31:15 AM, error: Service Control Manager [7023] - The Lxdj_device service terminated with the following error: Access is denied. 4/3/2012 11:30:15 AM, error: Service Control Manager [7023] - The Inorpc service terminated with the following error: Access is denied. 4/3/2012 11:29:15 AM, error: Service Control Manager [7023] - The Prohlp02 service terminated with the following error: Access is denied. 4/3/2012 11:28:15 AM, error: Service Control Manager [7023] - The Cpsvc service terminated with the following error: Access is denied. 4/3/2012 11:27:17 AM, error: Service Control Manager [7023] - The WmBEnum service terminated with the following error: Access is denied. 4/3/2012 11:26:15 AM, error: Service Control Manager [7023] - The Hpgate service terminated with the following error: Access is denied. 4/3/2012 11:25:15 AM, error: Service Control Manager [7023] - The Smservauth service terminated with the following error: Access is denied. 4/3/2012 11:24:15 AM, error: Service Control Manager [7023] - The Ppped service terminated with the following error: Access is denied. 4/3/2012 11:23:15 AM, error: Service Control Manager [7023] - The BrSerIf service terminated with the following error: Access is denied. 4/3/2012 11:22:16 AM, error: Service Control Manager [7023] - The Amon service terminated with the following error: Access is denied. 4/3/2012 11:21:16 AM, error: Service Control Manager [7023] - The Btwdins service terminated with the following error: Access is denied. 4/3/2012 11:20:16 AM, error: Service Control Manager [7023] - The MRESP50 service terminated with the following error: Access is denied. 4/3/2012 11:19:17 AM, error: Service Control Manager [7023] - The Dlcg_device service terminated with the following error: Access is denied. 4/3/2012 11:18:20 AM, error: Service Control Manager [7023] - The GT891x service terminated with the following error: Access is denied. 4/3/2012 11:17:17 AM, error: Service Control Manager [7023] - The Sbhooksvc service terminated with the following error: Access is denied. 4/3/2012 11:16:16 AM, error: Service Control Manager [7023] - The Upsmonservice service terminated with the following error: Access is denied. 4/3/2012 11:15:15 AM, error: Service Control Manager [7023] - The Aolservice service terminated with the following error: Access is denied. 4/3/2012 11:14:17 AM, error: Service Control Manager [7023] - The CTEAPSFX.DLL service terminated with the following error: Access is denied. 4/3/2012 11:13:15 AM, error: Service Control Manager [7023] - The GT680x service terminated with the following error: Access is denied. 4/3/2012 11:12:15 AM, error: Service Control Manager [7023] - The Mcmispupdmgr service terminated with the following error: Access is denied. 4/3/2012 11:11:15 AM, error: Service Control Manager [7023] - The Tfsndres service terminated with the following error: Access is denied. 4/3/2012 11:10:15 AM, error: Service Control Manager [7023] - The Qmofiltr service terminated with the following error: Access is denied. 4/3/2012 11:09:15 AM, error: Service Control Manager [7023] - The Megamonitorsrv service terminated with the following error: Access is denied. 4/3/2012 11:08:15 AM, error: Service Control Manager [7023] - The Pccsmcfd service terminated with the following error: Access is denied. 4/3/2012 11:07:15 AM, error: Service Control Manager [7023] - The Kraidsvc service terminated with the following error: Access is denied. 4/3/2012 11:06:17 AM, error: Service Control Manager [7023] - The VICESYS service terminated with the following error: Access is denied. 4/3/2012 11:05:24 AM, error: Service Control Manager [7023] - The Milshieldcleaner service terminated with the following error: Access is denied. 4/3/2012 11:04:28 AM, error: Service Control Manager [7023] - The Atkdisplf service terminated with the following error: Access is denied. 4/3/2012 11:03:15 AM, error: Service Control Manager [7023] - The Upperdev service terminated with the following error: Access is denied. 4/3/2012 11:02:15 AM, error: Service Control Manager [7023] - The N3900 service terminated with the following error: Access is denied. 4/3/2012 11:01:22 AM, error: Service Control Manager [7023] - The Syslogd service terminated with the following error: Access is denied. 4/3/2012 11:00:16 AM, error: Service Control Manager [7023] - The Rspndr service terminated with the following error: Access is denied. 4/3/2012 10:59:15 AM, error: Service Control Manager [7023] - The Arkbcfltr service terminated with the following error: Access is denied. 4/3/2012 10:58:15 AM, error: Service Control Manager [7023] - The Ntgrip service terminated with the following error: Access is denied. 4/3/2012 10:57:15 AM, error: Service Control Manager [7023] - The AGV service terminated with the following error: Access is denied. 4/3/2012 10:56:15 AM, error: Service Control Manager [7023] - The IPassP service terminated with the following error: Access is denied. 4/3/2012 10:55:15 AM, error: Service Control Manager [7023] - The LMouFilt service terminated with the following error: Access is denied. 4/3/2012 10:54:16 AM, error: Service Control Manager [7023] - The Govsrv service terminated with the following error: Access is denied. 4/3/2012 10:53:15 AM, error: Service Control Manager [7023] - The CA561 service terminated with the following error: Access is denied. 4/3/2012 10:52:15 AM, error: Service Control Manager [7023] - The CoachUsb service terminated with the following error: Access is denied. 4/3/2012 10:51:15 AM, error: Service Control Manager [7023] - The Symantecantibotwatcher service terminated with the following error: Access is denied. 4/3/2012 10:50:17 AM, error: Service Control Manager [7023] - The Fsaa service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The S616mdm service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Quickbooksdb service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Point32 service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Pdengine service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Ofcpfwsvc service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Nipsvc service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The N558 service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The MtxDma0 service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Inort service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The HSFHWALI service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Hpt3xx service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Epfwtdi service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Appnnode service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Alcaudsl service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Agnfilt service terminated with the following error: Access is denied. 4/3/2012 1:09:15 PM, error: Service Control Manager [7023] - The DellAMBrokerService service terminated with the following error: Access is denied. 4/3/2012 1:08:15 PM, error: Service Control Manager [7023] - The PGPwded service terminated with the following error: Access is denied. 4/3/2012 1:07:15 PM, error: Service Control Manager [7023] - The Perfproc service terminated with the following error: Access is denied. 4/2/2012 11:34:25 AM, error: SCR3xx USB Smart Card Reader [0] - 4/2/2012 11:34:25 AM, error: SCardSvr [610] - Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader 0' rejected IOCTL POWER: The smart card is not responding to a reset. . ==== End Of File =========================== dds.txt DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Plamenka at 14:24:59 on 2012-04-05 Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.502.241 [GMT 3:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\System32\DkLog.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\PDF Complete\pdfsty.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AutorunRemover\AutorunRemover.exe C:\Program Files\Datakey\Crypt32\DkAutoReg.exe C:\Program Files\Datakey\Crypt32\DkMonitor.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\System32\dkcktkn.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Datecs\Flex2K.exe C:\Program Files\Siemens\Card API\bin\siecacst.exe C:\Program Files\Dosprn\DOSprn.exe C:\Program Files\Webshots\WebshotsTray.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.bg/ uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: {A5366673-E8CA-11D3-9CD9-0090271D075B} - <orphaned> TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe" mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe mRun: [Recguard] c:\windows\sminst\Recguard.exe mRun: [Reminder] c:\windows\creator\Remind_XP.exe mRun: [scheduler] c:\windows\sminst\Scheduler.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [AutorunRemover.exe] c:\program files\autorunremover\AutorunRemover.exe -Hide mRun: [DkAutoReg.exe] c:\program files\datakey\crypt32\DkAutoReg.exe mRun: [DkMonitor.exe] c:\program files\datakey\crypt32\DkMonitor.exe mRun: [DkStartup] c:\program files\datakey\crypt32\DkStartup.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\plamenka\startm~1\programs\startup\dosprn.lnk - c:\program files\dosprn\DOSprn.exe StartupFolder: c:\docume~1\plamenka\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\WebshotsTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\windows\datecs\Flex2K.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hipath~1.lnk - c:\program files\siemens\card api\bin\siecacst.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: Download All by FlashGet - \\Secretary\Share\Flashget\jc_all.htm IE: Download using FlashGet - \\Secretary\Share\Flashget\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {167248DA-0F88-4DE1-B4B1-45176751026D} - hxxps://bs.b-trust.org/wl-dl/bs/js/renew/CertManX.cab DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} - hxxps://srl.nssi.bg/ExtUsers/viewer/activeXViewer/activexviewer.cab DPF: {4DB62416-BC86-4439-B5BA-366948F47C8D} - hxxps://bs.b-trust.org/wl-dl/bs/js/sign/SCManagerX.cab DPF: {500A3316-5B0E-4253-BBE5-CE3F11A1AE71} - hxxps://inetdec.nra.bg/dds/InetVAT5Frm.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {97EA2A5E-A821-48A1-B0F9-DEDB5E0E62A2} - hxxps://inetdec.nra.bg/cabs/SignCOM.cab DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://www.extri.bg/capicom.cab DPF: {C186F386-6FC6-414C-AB53-975FB0EB15C1} - hxxp://v.netlogstatic.com/v5.00/2995//s/e/Aurigma/ImageUploaderPHP/PhotoUploader.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{02B9B549-6E76-4467-94AD-2664E3FE96D2} : NameServer = 192.168.1.1 Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2008-2-12 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2008-2-12 5248] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-4 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-4 337880] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-4 20696] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-4 44768] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-20 652360] R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-11-10 540184] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-20 20464] R3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [2010-3-17 47488] S2 awhost32;Snpstd;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 gupdate;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-4 136176] S2 GV600_4;Btwdins;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 ikhlayer;Bthidenum;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 LRMINIPORT;BrSerIf;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 mcafeeantispyware;PTDCMdm;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 navapsvc;Hpgate;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 ofcservice;NPPTNT;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 savrtpel;NIPALK;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 vet-filt;Smartlinkservice;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 vsmon;SprintRcAppSvc;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-4 136176] S3 MFE_RR;MFE_RR;\??\c:\docume~1\plamenka\locals~1\temp\mfe_rr.sys --> c:\docume~1\plamenka\locals~1\temp\mfe_rr.sys [?] S3 SCR33x USB Smart Card Reader;SCR33x USB Smart Card Reader;c:\windows\system32\drivers\scr33x.sys --> c:\windows\system32\drivers\SCR33x.sys [?] S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [2004-10-25 7796] . =============== File Associations =============== . ShellExec: pdfvista.exe: Open="c:\program files\pdf complete\pdfvista.exe" ShellExec: pdfvista.exe: Read="c:\program files\pdf complete\pdfvista.exe" . =============== Created Last 30 ================ . 2012-04-05 09:14:40 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2012-04-05 09:14:40 64512 ----a-w- c:\windows\system32\drivers\Serial.sys 2012-04-05 09:14:37 162816 ----a-w- c:\windows\system32\drivers\netbt.sys 2012-04-05 09:14:35 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2012-04-05 08:40:26 98816 ----a-w- c:\windows\sed.exe 2012-04-05 08:40:26 256000 ----a-w- c:\windows\PEV.exe 2012-04-05 08:40:26 208896 ----a-w- c:\windows\MBR.exe 2012-04-04 07:00:56 -------- d-----w- c:\documents and settings\plamenka\local settings\application data\Google 2012-04-04 07:00:43 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-04-04 06:59:16 41184 ----a-w- c:\windows\avastSS.scr 2012-04-04 06:26:10 -------- d-----w- c:\program files\AVAST Software 2012-04-04 06:26:10 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2012-04-03 14:42:55 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2012-04-03 07:48:00 -------- d-sh--w- c:\documents and settings\plamenka\local settings\application data\1cf6efbe . ==================== Find3M ==================== . 2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 14:25:40.00 ===============

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Виждат се някои остатъци в логовете, но ще са необходими още проверки:

1. Изтеглете ComboFix от BleepingComputer

и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

Публикувано изображение

След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

Публикувано изображение

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.

3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

4. ComboFix ще провери дали Windows Recovery Console e инсталиранa.

*Ако Windows Recovery Console не е инсталирана, ще е необходимо да използвате YES за инсталация на Windows Recovery Console

*Ако Windows Recovery Console е инсталирана, ComboFix ще продължи работата си.

Публикувано изображение

Забележка: Необходимо е да сте свързани към Интернет за да може Windows Recovery Console да се изтегли.

След инсталация на Windows Recovery Console потвърдете с YES, за да продължите напред. Снимка:

Публикувано изображение

5. ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на ComboFix, моля да прочетете това: Manually restoring the Internet connection section.

6. Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

Публикувано изображение

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

ComboFix 12-04-05.09 - Plamenka 04/06/2012 10:55:50.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.502.257 [GMT 3:00]

Running from: c:\documents and settings\Plamenka\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB3255$

c:\windows\$NtUninstallKB3255$\2446036716

c:\windows\$NtUninstallKB3255$\485945278\@

c:\windows\$NtUninstallKB3255$\485945278\L\nnznorar

c:\windows\system32\regmon701.dll

c:\windows\TEMP\sig3.tmp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_THKEYS

-------\Service_thkeys

.

.

((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))

.

.

2012-04-05 09:14 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2012-04-05 09:14 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\Serial.sys

2012-04-05 09:14 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-04-05 09:14 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2012-04-04 07:00 . 2012-04-04 07:05 -------- d-----w- c:\documents and settings\Plamenka\Local Settings\Application Data\Google

2012-04-04 07:00 . 2012-04-04 07:01 -------- d-----w- c:\program files\Google

2012-04-04 07:00 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-04-04 07:00 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-04-04 07:00 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-04-04 07:00 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-04-04 07:00 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-04-04 07:00 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-04-04 07:00 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-04-04 07:00 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-04-04 06:59 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-04-04 06:59 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-04-04 06:26 . 2012-04-04 06:58 -------- d-----w- c:\program files\AVAST Software

2012-04-04 06:26 . 2012-04-04 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-04-03 14:42 . 2012-04-03 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-04-03 09:28 . 2012-04-03 09:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-04-03 07:48 . 2012-04-05 09:14 -------- d-sh--w- c:\documents and settings\Plamenka\Local Settings\Application Data\1cf6efbe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-03 09:22 . 2004-08-04 08:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-17 06:23 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2004-08-04 08:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-05_09.19.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-04 08:00 . 2004-08-03 20:14 52736 c:\windows\system32\drivers\i8042prt.sys

+ 2004-08-04 08:00 . 2004-08-03 20:14 52736 c:\windows\system32\dllcache\i8042prt.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-09-25 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-09-25 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-09-25 94208]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-04-24 888832]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-01 98304]

"AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2009-10-20 1257472]

"DkAutoReg.exe"="c:\program files\Datakey\Crypt32\DkAutoReg.exe" [2003-05-13 245760]

"DkMonitor.exe"="c:\program files\Datakey\Crypt32\DkMonitor.exe" [2003-05-13 143360]

"DkStartup"="c:\program files\Datakey\Crypt32\DkStartup.exe" [2003-05-13 217088]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Plamenka\Start Menu\Programs\Startup\

DOSprn.lnk - c:\program files\Dosprn\DOSprn.exe [2011-11-3 234496]

Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2008-2-26 192512]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2008-2-12 151552]

HiPath SIcurity Card API.lnk - c:\program files\Siemens\Card API\bin\siecacst.exe [2010-3-17 61440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\IObit\\Advanced SystemCare 3\\AWC.exe"=

"c:\\Program Files\\IObit\\Advanced SystemCare 3\\Sut_SoftUninstaller.exe"=

"c:\\Documents and Settings\\Plamenka\\Local Settings\\Temp\\_av_sfx.tm~a03296\\avast.setup"=

"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=

"c:\\Program Files\\AVAST Software\\Avast\\Setup\\avast.setup"=

"c:\\Documents and Settings\\Plamenka\\Local Settings\\Temp\\_av_sfx.tm~a01800\\avast.setup"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\WINDOWS\\system32\\msfeedssync.exe"=

.

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2/12/2008 4:27 PM 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2/12/2008 4:27 PM 5248]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/4/2012 10:00 AM 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/4/2012 10:00 AM 337880]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/4/2012 10:00 AM 20696]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/20/2009 10:29 AM 652360]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [11/10/2007 10:01 PM 540184]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/20/2009 10:29 AM 20464]

R3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [3/17/2010 4:03 PM 47488]

S2 gupdate;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2012 10:01 AM 136176]

S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2012 10:01 AM 136176]

S3 MFE_RR;MFE_RR;\??\c:\docume~1\Plamenka\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\Plamenka\LOCALS~1\Temp\mfe_rr.sys [?]

S3 SCR33x USB Smart Card Reader;SCR33x USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33x.sys --> c:\windows\system32\DRIVERS\SCR33x.sys [?]

S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [10/25/2004 1:04 AM 7796]

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

{834170a7-af3b-4d34-a757-e05eb29ee96d}

vwkernel

bwsvc

tvalz

comhost

qcmerced

a016obex

CVirtA

wg3n

SE2Cbus

vpcnets2

tmactmon

vvoice

smrt

hwdatacard

LVBulk

pcx1nd5

Wdf01000

navapsvc

ino_fltr

athr

DLARTL_M

e1000

ASLDRService

ofcservice

backupexecnamingservice

ppmoucls

VX3000

SMCB000

vsmon

amdagp

ikhlayer

cachemanxp

AmeLanPc

netcfgsvr

savrtpel

CXTUNE

epson_pm_rpcv4_01

ATMsrvc

lvselsus

W8100PCI

APLMp50

prosync1

prismxl

winvnc4

MS1000

mcafeeantispyware

mfeapfk

atksgt

TVALG

sthda

lxct_device

oracleorahome92tnslistener

ownershipprotocol

3dkeybd

TPECioCtl

tpsrv

vet-filt

slabbus

w810mdm

personalsecuredriveservice

tomcatcws3

bc_ip_f

pdlndoem

nvrd64

nhcDriverDevice

CdaD10BA

p2psvc

XUIF

s716mdfl

WscNetDr

wltrysvc

cyberpowerups

pnkbstrk

vmparport

smcirda

alcaudsl

cwafrmiregistry

p1131vid

ati2mtaa

advservice

mgactrl

SE2Bobex

IBM_LLC2

PTDCBus

vulfnths

aksusb

stllssvr

cpucoolserver

CTEDSPFX.DLL

gearaspiwdm

ibmpmsvc

lxcf_device

tvtpktfilter

PCISys

dmisrv

avidstartup

tavsvc

sit_prt

teefer2

smartscaps

radclock

scarddrv

DeviceScanner

ASNDIS5

{95808DC4-FA4A-4c74-92FE-5B863F82066B}

pmem

vxsvc

btwrchid

Nsynas32

arkbcfltr

OracleOraHome92ClientCache

AdobeActiveFileMonitor6.0

wencrservice

hmonitor

mgisvr

GoToAssist

wwnetdde

AYDrvNT_ALYAC

w810obex

macformatservice

ma_cmidi_installerservice

cpqvcagent

iolo_srv

pfmodnt

ARSVC

PDExchange

tabletservice

awhost32

ANC

hclinetd

PSI_SVC_2

riomsc

WINUSB

VrAcFil

ICAM3NT5

hsxhwazl

bltrust

DELL_A02

ftrtsvc

SymIM

aswmon2

stylexphelper

xfactorae1

niorbk

asapiw2k

hpzius12

LoopBeMidi1

megamonitorsrv

hcwPP2

pvservice

ShockMgr

LRMINIPORT

GV600_4

bthusb

p2pgasvc

nmservice

zpnodecollector

nvsvc

sony_ssm.sys

FETNDIS

nvenetfd

tifm21

aswupdsv

cqmghost

surveyor

backupexecnotificationserver

passthru

toddsrv

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

napagent

hkmsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 07:00]

.

2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 07:00]

.

2012-04-06 c:\windows\Tasks\User_Feed_Synchronization-{6482A737-AA76-49D9-B493-A348479543DB}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

IE: Download All by FlashGet - \\Secretary\Share\Flashget\jc_all.htm

IE: Download using FlashGet - \\Secretary\Share\Flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: Interfaces\{02B9B549-6E76-4467-94AD-2664E3FE96D2}: NameServer = 192.168.1.1

DPF: {167248DA-0F88-4DE1-B4B1-45176751026D} - hxxps://bs.b-trust.org/wl-dl/bs/js/renew/CertManX.cab

DPF: {4DB62416-BC86-4439-B5BA-366948F47C8D} - hxxps://bs.b-trust.org/wl-dl/bs/js/sign/SCManagerX.cab

DPF: {500A3316-5B0E-4253-BBE5-CE3F11A1AE71} - hxxps://inetdec.nra.bg/dds/InetVAT5Frm.cab

DPF: {97EA2A5E-A821-48A1-B0F9-DEDB5E0E62A2} - hxxps://inetdec.nra.bg/cabs/SignCOM.cab

DPF: {C186F386-6FC6-414C-AB53-975FB0EB15C1} - hxxp://v.netlogstatic.com/v5.00/2995//s/e/Aurigma/ImageUploaderPHP/PhotoUploader.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-06 11:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1176)

c:\windows\system32\WININET.dll

c:\windows\system32\newdll.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\System32\SCardSvr.exe

c:\windows\System32\DkLog.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\windows\System32\dkcktkn.exe

.

**************************************************************************

.

Completion time: 2012-04-06 11:09:29 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-06 08:09

ComboFix2.txt 2012-04-05 09:22

.

Pre-Run: 127,682,486,272 bytes free

Post-Run: 127,706,243,072 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - A44E7958794D42F20B69C6ABF91DE93A

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изтеглете прикачения файл => XPSP3_netsvcs.zip

Разархивирайте го на десктопа и стартирайте файла XPSP3_netsvcs.reg

Потвърдете с YES на диалоговия прозорец.

  • Отворете notepad и с copy/paste въведете следната информация:

    Folder::
    c:documents and settingsPlamenkaLocal SettingsApplication Data1cf6efbe
    Registry::
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
    "AntiVirusOverride"=dword:00000000
    
  • Запазете файла с име CFScript и го провлачете и пуснете в Combofix (както е показано на картинката отдолу).

    Публикувано изображение

  • По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !
  • Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си пост.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

ComboFix 12-04-05.09 - Plamenka 04/07/2012 17:53:46.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.502.223 [GMT 3:00]

Running from: c:\documents and settings\Plamenka\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Plamenka\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Plamenka\Local Settings\Application Data\1cf6efbe

c:\documents and settings\Plamenka\Local Settings\Application Data\1cf6efbe\@

.

.

((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))

.

.

2012-04-05 09:14 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2012-04-05 09:14 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\Serial.sys

2012-04-05 09:14 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-04-05 09:14 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2012-04-04 07:00 . 2012-04-04 07:05 -------- d-----w- c:\documents and settings\Plamenka\Local Settings\Application Data\Google

2012-04-04 07:00 . 2012-04-04 07:01 -------- d-----w- c:\program files\Google

2012-04-04 07:00 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-04-04 07:00 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-04-04 07:00 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-04-04 07:00 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-04-04 07:00 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-04-04 07:00 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-04-04 07:00 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-04-04 07:00 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-04-04 06:59 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-04-04 06:59 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-04-04 06:26 . 2012-04-04 06:58 -------- d-----w- c:\program files\AVAST Software

2012-04-04 06:26 . 2012-04-04 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-04-03 14:42 . 2012-04-03 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-04-03 09:28 . 2012-04-03 09:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-03 09:22 . 2004-08-04 08:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-17 06:23 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2004-08-04 08:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-05_09.19.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-04 08:00 . 2004-08-03 20:14 52736 c:\windows\system32\drivers\i8042prt.sys

+ 2004-08-04 08:00 . 2004-08-03 20:14 52736 c:\windows\system32\dllcache\i8042prt.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-09-25 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-09-25 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-09-25 94208]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-04-24 888832]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-01 98304]

"AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2009-10-20 1257472]

"DkAutoReg.exe"="c:\program files\Datakey\Crypt32\DkAutoReg.exe" [2003-05-13 245760]

"DkMonitor.exe"="c:\program files\Datakey\Crypt32\DkMonitor.exe" [2003-05-13 143360]

"DkStartup"="c:\program files\Datakey\Crypt32\DkStartup.exe" [2003-05-13 217088]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Plamenka\Start Menu\Programs\Startup\

DOSprn.lnk - c:\program files\Dosprn\DOSprn.exe [2011-11-3 234496]

Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2008-2-26 192512]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2008-2-12 151552]

HiPath SIcurity Card API.lnk - c:\program files\Siemens\Card API\bin\siecacst.exe [2010-3-17 61440]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\IObit\\Advanced SystemCare 3\\AWC.exe"=

"c:\\Program Files\\IObit\\Advanced SystemCare 3\\Sut_SoftUninstaller.exe"=

"c:\\Documents and Settings\\Plamenka\\Local Settings\\Temp\\_av_sfx.tm~a03296\\avast.setup"=

"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=

"c:\\Program Files\\AVAST Software\\Avast\\Setup\\avast.setup"=

"c:\\Documents and Settings\\Plamenka\\Local Settings\\Temp\\_av_sfx.tm~a01800\\avast.setup"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\WINDOWS\\system32\\msfeedssync.exe"=

.

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2/12/2008 4:27 PM 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2/12/2008 4:27 PM 5248]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/4/2012 10:00 AM 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/4/2012 10:00 AM 337880]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/4/2012 10:00 AM 20696]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/20/2009 10:29 AM 652360]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [11/10/2007 10:01 PM 540184]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/20/2009 10:29 AM 20464]

R3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [3/17/2010 4:03 PM 47488]

S2 gupdate;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2012 10:01 AM 136176]

S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2012 10:01 AM 136176]

S3 MFE_RR;MFE_RR;\??\c:\docume~1\Plamenka\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\Plamenka\LOCALS~1\Temp\mfe_rr.sys [?]

S3 SCR33x USB Smart Card Reader;SCR33x USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33x.sys --> c:\windows\system32\DRIVERS\SCR33x.sys [?]

S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [10/25/2004 1:04 AM 7796]

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 07:00]

.

2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 07:00]

.

2012-04-07 c:\windows\Tasks\User_Feed_Synchronization-{6482A737-AA76-49D9-B493-A348479543DB}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

IE: Download All by FlashGet - \\Secretary\Share\Flashget\jc_all.htm

IE: Download using FlashGet - \\Secretary\Share\Flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: Interfaces\{02B9B549-6E76-4467-94AD-2664E3FE96D2}: NameServer = 192.168.1.1

DPF: {167248DA-0F88-4DE1-B4B1-45176751026D} - hxxps://bs.b-trust.org/wl-dl/bs/js/renew/CertManX.cab

DPF: {4DB62416-BC86-4439-B5BA-366948F47C8D} - hxxps://bs.b-trust.org/wl-dl/bs/js/sign/SCManagerX.cab

DPF: {500A3316-5B0E-4253-BBE5-CE3F11A1AE71} - hxxps://inetdec.nra.bg/dds/InetVAT5Frm.cab

DPF: {97EA2A5E-A821-48A1-B0F9-DEDB5E0E62A2} - hxxps://inetdec.nra.bg/cabs/SignCOM.cab

DPF: {C186F386-6FC6-414C-AB53-975FB0EB15C1} - hxxp://v.netlogstatic.com/v5.00/2995//s/e/Aurigma/ImageUploaderPHP/PhotoUploader.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-07 18:02

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

Completion time: 2012-04-07 18:04:24

ComboFix-quarantined-files.txt 2012-04-07 15:04

ComboFix2.txt 2012-04-06 08:09

ComboFix3.txt 2012-04-05 09:22

.

Pre-Run: 127,527,481,344 bytes free

Post-Run: 127,539,871,744 bytes free

.

- - End Of File - - 61C040A3D3B347F7FBEEE8A5A68C6DBE


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Дотук добре, но искам да направим още малко проверки:

СТЪПКА 1

Изтеглете OTL.exe и го запазете на десктопа.

  • Стартирайте OTL.exe
  • Направете следните настройки:
  • Сложете отметка пред Scan All Users Публикувано изображение
  • Под менюто File Age изберете 90 days
  • Под менюто Standard Registry променете на ALL
  • Сложете отметки пред LOP и Purity Check
Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%*.*
%USERPROFILE%*.*
%USERPROFILE%Application Data*.*
%USERPROFILE%Local SettingsApplication Data*.*
%AllUsersProfile%*.*
%AllUsersProfile%Application Data*.*
%USERPROFILE%My Documents*.*
%CommonProgramFiles%*.*
%PROGRAMFILES%*.*
%systemroot%system32configsystemprofile*.*
%windir%ServiceProfilesLocalServiceAppDataLocalTemp*.*
%windir%ServiceProfilesNetworkServiceAppDataLocalTemp*.*
%windir%temp*.*
%windir%system32*.
%systemroot%system32*.dll /lockedfiles
%systemroot%Tasks*.job /lockedfiles
%systemroot%system32drivers*.sys /90
%systemroot%system32drivers*.sys /lockedfiles
%systemroot%system32Spoolprtprocsw32x86*.dll
%systemroot%*. /rp /s
%systemroot%assemblytmp*.* /S /MD5
%systemroot%assemblytemp*.* /S /MD5
%systemroot%assemblyGAC_32*.* /S /MD5
%systemroot%assemblyGAC_MSIL*.* /S /MD5
/md5start
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
atapi.sys
iaStor.sys
serial.sys
disk.sys
volsnap.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
tcpip.sys
ipsec.sys
hlp.dat
/md5stop
  • Натиснете маркираният в синьо бутон: Run Scan.
  • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

СТЪПКА 2

Моля изтеглете последната версия на TDSSKiller оттук и я запазете на вашия декстоп.

  • Стартирайте TDSSKiller.exe за да стартирате приложението. След това кликнете върху бутона Change parameters.

    Публикувано изображение

  • Сложете отметки пред Verify Driver Digital Signature и Detect TDLFS file system и натиснете ОК.

    Публикувано изображение

  • Натиснете бутона Start Scan.

    Публикувано изображение

  • Ако подозрителен обект бъде засечен, действието по подразбиране ще бъде Skip, кликнете върху Continue.

    Публикувано изображение

  • Ако зловредни обекти бъдат намерени, тогава от падащото меню ще имате три възможности.

    Бъдете сигурни, че избраното действие е Cure и натиснете върху Continue > Рестартирайте за да бъде завършена поправката.

    Публикувано изображение

    Забележка: Ако Cure бутона не е наличен от възможностите, тогава моля изберете Skip бутона, не избирайте Delete освен ако не сте инструктирани затова.

  • Лог файл ще бъде създаден в свободната директория на дял C: . Потърсете за лог с името "TDSSKiller.[Version]_[Date]_[Time]_log.txt" и копирайте съдържанието му в следващия си пост.

СТЪПКА 3

Моля, изтеглете aswMBR и го запазете на вашия десктоп.

  • Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
  • Изчакайте да изтегли дефинициите на avast!
  • От падащото меню посочете дял C: както е на снимката:
Публикувано изображение
  • Изберете Scan бутона, за да започне проверката.
  • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.

СТЪПКА 4

Моля изтеглете Farbar Service Scanner и я стартирайте.

  • Сложете всички отметки
  • Натиснете бутона "Scan".
  • Ще се създаде лог файл с името (FSS.txt) в папката откъдето стартирате инструмента.
  • Копирайте съдържанието на лог файла в следващия си пост.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

СТЪПКА 2

19:21:45.0593 1748 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02

19:21:46.0718 1748 ============================================================

19:21:46.0718 1748 Current date / time: 2012/04/07 19:21:46.0718

19:21:46.0718 1748 SystemInfo:

19:21:46.0718 1748

19:21:46.0718 1748 OS Version: 5.1.2600 ServicePack: 3.0

19:21:46.0718 1748 Product type: Workstation

19:21:46.0718 1748 ComputerName: PLAMENKARAINOVA

19:21:46.0718 1748 UserName: Plamenka

19:21:46.0718 1748 Windows directory: C:\WINDOWS

19:21:46.0718 1748 System windows directory: C:\WINDOWS

19:21:46.0718 1748 Processor architecture: Intel x86

19:21:46.0718 1748 Number of processors: 1

19:21:46.0718 1748 Page size: 0x1000

19:21:46.0718 1748 Boot type: Normal boot

19:21:46.0718 1748 ============================================================

19:21:49.0062 1748 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

19:21:49.0062 1748 \Device\Harddisk0\DR0:

19:21:49.0062 1748 MBR used

19:21:49.0062 1748 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1160E866

19:21:49.0062 1748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11612766, BlocksNum 0x140249A

19:21:49.0125 1748 Initialize success

19:21:49.0125 1748 ============================================================

19:22:11.0640 1220 ============================================================

19:22:11.0640 1220 Scan started

19:22:11.0640 1220 Mode: Manual; SigCheck; TDLFS;

19:22:11.0640 1220 ============================================================

19:22:11.0781 1220 3dkeybd - ok

19:22:11.0796 1220 a016obex - ok

19:22:11.0875 1220 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys

19:22:12.0125 1220 Aavmker4 - ok

19:22:12.0156 1220 Abiosdsk - ok

19:22:12.0171 1220 abp480n5 - ok

19:22:12.0218 1220 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

19:22:13.0781 1220 ac97intc - ok

19:22:13.0984 1220 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:22:14.0609 1220 ACPI - ok

19:22:14.0640 1220 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

19:22:14.0781 1220 ACPIEC - ok

19:22:14.0781 1220 AdobeActiveFileMonitor6.0 - ok

19:22:14.0796 1220 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

19:22:15.0015 1220 adpu160m - ok

19:22:15.0031 1220 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys

19:22:15.0046 1220 adpu320 ( UnsignedFile.Multi.Generic ) - warning

19:22:15.0046 1220 adpu320 - detected UnsignedFile.Multi.Generic (1)

19:22:15.0078 1220 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

19:22:15.0234 1220 aec - ok

19:22:15.0265 1220 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

19:22:15.0359 1220 AFD - ok

19:22:15.0359 1220 Aha154x - ok

19:22:15.0406 1220 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

19:22:15.0562 1220 aic78u2 - ok

19:22:15.0578 1220 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

19:22:15.0718 1220 aic78xx - ok

19:22:15.0750 1220 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

19:22:15.0890 1220 Alerter - ok

19:22:15.0921 1220 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

19:22:15.0984 1220 ALG - ok

19:22:16.0000 1220 AliIde - ok

19:22:16.0015 1220 amdagp - ok

19:22:16.0031 1220 AmeLanPc - ok

19:22:16.0031 1220 amsint - ok

19:22:16.0046 1220 ANC - ok

19:22:16.0062 1220 APLMp50 - ok

19:22:16.0093 1220 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

19:22:16.0171 1220 AppMgmt - ok

19:22:16.0187 1220 arkbcfltr - ok

19:22:16.0187 1220 asapiw2k - ok

19:22:16.0203 1220 asc - ok

19:22:16.0218 1220 asc3350p - ok

19:22:16.0218 1220 asc3550 - ok

19:22:16.0234 1220 ASLDRService - ok

19:22:16.0234 1220 ASNDIS5 - ok

19:22:16.0343 1220 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

19:22:16.0375 1220 aspnet_state - ok

19:22:16.0406 1220 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys

19:22:16.0421 1220 aswFsBlk - ok

19:22:16.0453 1220 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys

19:22:16.0468 1220 aswMon2 - ok

19:22:16.0484 1220 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys

19:22:16.0500 1220 AswRdr - ok

19:22:16.0531 1220 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys

19:22:16.0578 1220 aswSnx - ok

19:22:16.0593 1220 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys

19:22:16.0640 1220 aswSP - ok

19:22:16.0656 1220 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys

19:22:16.0671 1220 aswTdi - ok

19:22:16.0687 1220 aswupdsv - ok

19:22:16.0718 1220 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:22:16.0859 1220 AsyncMac - ok

19:22:16.0906 1220 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

19:22:17.0125 1220 atapi - ok

19:22:17.0140 1220 Atdisk - ok

19:22:17.0156 1220 athr - ok

19:22:17.0171 1220 atksgt - ok

19:22:17.0187 1220 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:22:17.0343 1220 Atmarpc - ok

19:22:17.0359 1220 ATMsrvc - ok

19:22:17.0406 1220 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

19:22:17.0562 1220 AudioSrv - ok

19:22:17.0625 1220 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

19:22:17.0781 1220 audstub - ok

19:22:17.0890 1220 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

19:22:17.0890 1220 avast! Antivirus - ok

19:22:17.0906 1220 awhost32 - ok

19:22:17.0921 1220 AYDrvNT_ALYAC - ok

19:22:17.0921 1220 backupexecnamingservice - ok

19:22:17.0937 1220 backupexecnotificationserver - ok

19:22:17.0953 1220 bc_ip_f - ok

19:22:17.0984 1220 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

19:22:18.0140 1220 Beep - ok

19:22:18.0187 1220 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

19:22:18.0390 1220 BITS - ok

19:22:18.0406 1220 bltrust - ok

19:22:18.0453 1220 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

19:22:18.0593 1220 Browser - ok

19:22:18.0609 1220 bthusb - ok

19:22:18.0625 1220 btwrchid - ok

19:22:18.0625 1220 bwsvc - ok

19:22:18.0640 1220 cachemanxp - ok

19:22:18.0765 1220 catchme - ok

19:22:18.0828 1220 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

19:22:18.0968 1220 cbidf2k - ok

19:22:18.0984 1220 cd20xrnt - ok

19:22:19.0000 1220 CdaD10BA - ok

19:22:19.0015 1220 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

19:22:19.0156 1220 Cdaudio - ok

19:22:19.0203 1220 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

19:22:19.0343 1220 Cdfs - ok

19:22:19.0375 1220 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:22:19.0531 1220 Cdrom - ok

19:22:19.0546 1220 Changer - ok

19:22:19.0562 1220 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

19:22:19.0718 1220 CiSvc - ok

19:22:19.0734 1220 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

19:22:19.0890 1220 ClipSrv - ok

19:22:19.0968 1220 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:22:20.0031 1220 clr_optimization_v2.0.50727_32 - ok

19:22:20.0031 1220 CmdIde - ok

19:22:20.0046 1220 comhost - ok

19:22:20.0062 1220 COMSysApp - ok

19:22:20.0078 1220 Cpqarray - ok

19:22:20.0078 1220 cpqvcagent - ok

19:22:20.0093 1220 cqmghost - ok

19:22:20.0140 1220 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

19:22:20.0296 1220 CryptSvc - ok

19:22:20.0312 1220 CVirtA - ok

19:22:20.0328 1220 CXTUNE - ok

19:22:20.0359 1220 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys

19:22:20.0390 1220 d347bus ( UnsignedFile.Multi.Generic ) - warning

19:22:20.0390 1220 d347bus - detected UnsignedFile.Multi.Generic (1)

19:22:20.0406 1220 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys

19:22:20.0421 1220 d347prt ( UnsignedFile.Multi.Generic ) - warning

19:22:20.0421 1220 d347prt - detected UnsignedFile.Multi.Generic (1)

19:22:20.0421 1220 dac2w2k - ok

19:22:20.0437 1220 dac960nt - ok

19:22:20.0484 1220 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

19:22:20.0546 1220 DcomLaunch - ok

19:22:20.0562 1220 DELL_A02 - ok

19:22:20.0578 1220 DeviceScanner - ok

19:22:20.0640 1220 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

19:22:21.0031 1220 Dhcp - ok

19:22:21.0046 1220 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

19:22:21.0187 1220 Disk - ok

19:22:21.0234 1220 DkLogger (dfce12cf6420cc54ad5c5a4d3b115a6c) C:\WINDOWS\System32\DkLog.exe

19:22:21.0234 1220 DkLogger ( UnsignedFile.Multi.Generic ) - warning

19:22:21.0234 1220 DkLogger - detected UnsignedFile.Multi.Generic (1)

19:22:21.0312 1220 DkTknSrv (94d990c5cc9745b8af676bf5da088670) C:\WINDOWS\System32\dkcktkn.exe

19:22:21.0343 1220 DkTknSrv ( UnsignedFile.Multi.Generic ) - warning

19:22:21.0343 1220 DkTknSrv - detected UnsignedFile.Multi.Generic (1)

19:22:21.0359 1220 DLARTL_M - ok

19:22:21.0375 1220 dmadmin - ok

19:22:21.0406 1220 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

19:22:21.0609 1220 dmboot - ok

19:22:21.0656 1220 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

19:22:21.0812 1220 dmio - ok

19:22:21.0843 1220 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

19:22:22.0000 1220 dmload - ok

19:22:22.0046 1220 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

19:22:22.0203 1220 dmserver - ok

19:22:22.0250 1220 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

19:22:22.0406 1220 DMusic - ok

19:22:22.0562 1220 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

19:22:23.0031 1220 Dnscache - ok

19:22:23.0250 1220 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

19:22:23.0484 1220 Dot3svc - ok

19:22:23.0718 1220 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

19:22:23.0953 1220 Dot4 - ok

19:22:24.0078 1220 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

19:22:24.0234 1220 Dot4Print - ok

19:22:24.0234 1220 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

19:22:24.0406 1220 dot4usb - ok

19:22:24.0421 1220 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

19:22:24.0578 1220 dpti2o - ok

19:22:24.0625 1220 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

19:22:24.0781 1220 drmkaud - ok

19:22:24.0796 1220 e1000 - ok

19:22:24.0828 1220 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys

19:22:24.0859 1220 E100B - ok

19:22:24.0906 1220 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

19:22:25.0062 1220 EapHost - ok

19:22:25.0078 1220 epson_pm_rpcv4_01 - ok

19:22:25.0109 1220 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

19:22:25.0265 1220 ERSvc - ok

19:22:25.0312 1220 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

19:22:25.0359 1220 Eventlog - ok

19:22:25.0406 1220 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

19:22:25.0500 1220 EventSystem - ok

19:22:25.0562 1220 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

19:22:25.0734 1220 Fastfat - ok

19:22:25.0796 1220 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

19:22:25.0859 1220 FastUserSwitchingCompatibility - ok

19:22:25.0890 1220 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

19:22:26.0062 1220 Fdc - ok

19:22:26.0062 1220 FETNDIS - ok

19:22:26.0093 1220 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

19:22:26.0250 1220 Fips - ok

19:22:26.0281 1220 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

19:22:26.0421 1220 Flpydisk - ok

19:22:26.0484 1220 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

19:22:26.0640 1220 FltMgr - ok

19:22:26.0734 1220 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

19:22:26.0750 1220 FontCache3.0.0.0 - ok

19:22:26.0781 1220 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:22:26.0937 1220 Fs_Rec - ok

19:22:27.0015 1220 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:22:27.0203 1220 Ftdisk - ok

19:22:27.0234 1220 ftrtsvc - ok

19:22:27.0250 1220 gearaspiwdm - ok

19:22:27.0390 1220 GoToAssist - ok

19:22:27.0437 1220 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:22:27.0593 1220 Gpc - ok

19:22:27.0687 1220 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

19:22:27.0703 1220 gupdate - ok

19:22:27.0703 1220 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

19:22:27.0718 1220 gupdatem - ok

19:22:27.0734 1220 GV600_4 - ok

19:22:27.0750 1220 hclinetd - ok

19:22:27.0750 1220 hcwPP2 - ok

19:22:27.0796 1220 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

19:22:27.0968 1220 HDAudBus - ok

19:22:28.0046 1220 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

19:22:28.0218 1220 helpsvc - ok

19:22:28.0234 1220 HidServ - ok

19:22:28.0265 1220 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

19:22:28.0421 1220 HidUsb - ok

19:22:28.0468 1220 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

19:22:28.0687 1220 hkmsvc - ok

19:22:28.0687 1220 hmonitor - ok

19:22:28.0703 1220 hpn - ok

19:22:28.0718 1220 hpzius12 - ok

19:22:28.0734 1220 hsxhwazl - ok

19:22:28.0796 1220 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

19:22:28.0843 1220 HTTP - ok

19:22:28.0875 1220 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

19:22:29.0140 1220 HTTPFilter - ok

19:22:29.0187 1220 hwdatacard - ok

19:22:29.0328 1220 i2omgmt - ok

19:22:29.0421 1220 i2omp - ok

19:22:29.0578 1220 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

19:22:29.0859 1220 i8042prt - ok

19:22:30.0265 1220 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

19:22:30.0453 1220 i81x - ok

19:22:30.0484 1220 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

19:22:30.0687 1220 iAimFP0 - ok

19:22:30.0718 1220 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

19:22:30.0875 1220 iAimFP1 - ok

19:22:30.0906 1220 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

19:22:31.0218 1220 iAimFP2 - ok

19:22:31.0343 1220 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

19:22:31.0671 1220 iAimFP3 - ok

19:22:31.0703 1220 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

19:22:32.0484 1220 iAimFP4 - ok

19:22:32.0593 1220 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys

19:22:32.0906 1220 iAimFP5 - ok

19:22:32.0937 1220 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys

19:22:33.0140 1220 iAimFP6 - ok

19:22:33.0171 1220 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys

19:22:33.0390 1220 iAimFP7 - ok

19:22:33.0406 1220 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

19:22:33.0562 1220 iAimTV0 - ok

19:22:33.0578 1220 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

19:22:33.0718 1220 iAimTV1 - ok

19:22:33.0734 1220 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

19:22:33.0875 1220 iAimTV3 - ok

19:22:33.0890 1220 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

19:22:34.0031 1220 iAimTV4 - ok

19:22:34.0062 1220 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys

19:22:34.0218 1220 iAimTV5 - ok

19:22:34.0218 1220 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys

19:22:34.0375 1220 iAimTV6 - ok

19:22:34.0453 1220 ialm (85d42b7f0dd406adf5e3ec7659a279ec) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

19:22:34.0546 1220 ialm - ok

19:22:34.0546 1220 ICAM3NT5 - ok

19:22:34.0640 1220 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

19:22:34.0703 1220 idsvc - ok

19:22:34.0703 1220 ikhlayer - ok

19:22:34.0781 1220 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

19:22:34.0937 1220 Imapi - ok

19:22:34.0984 1220 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

19:22:35.0140 1220 ImapiService - ok

19:22:35.0156 1220 ini910u - ok

19:22:35.0171 1220 ino_fltr - ok

19:22:35.0328 1220 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys

19:22:35.0562 1220 IntcAzAudAddService - ok

19:22:35.0750 1220 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

19:22:35.0875 1220 IntelIde - ok

19:22:35.0921 1220 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

19:22:36.0078 1220 intelppm - ok

19:22:36.0078 1220 iolo_srv - ok

19:22:36.0109 1220 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

19:22:36.0265 1220 Ip6Fw - ok

19:22:36.0296 1220 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:22:36.0453 1220 IpFilterDriver - ok

19:22:36.0484 1220 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:22:36.0625 1220 IpInIp - ok

19:22:36.0656 1220 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:22:36.0812 1220 IpNat - ok

19:22:36.0843 1220 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

19:22:36.0984 1220 IPSec - ok

19:22:37.0015 1220 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

19:22:37.0093 1220 IRENUM - ok

19:22:37.0125 1220 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:22:37.0281 1220 isapnp - ok

19:22:37.0375 1220 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

19:22:37.0390 1220 IviRegMgr - ok

19:22:37.0406 1220 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:22:37.0562 1220 Kbdclass - ok

19:22:37.0593 1220 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

19:22:37.0734 1220 kmixer - ok

19:22:37.0781 1220 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

19:22:37.0859 1220 KSecDD - ok

19:22:37.0890 1220 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

19:22:37.0953 1220 lanmanserver - ok

19:22:38.0640 1220 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

19:22:38.0718 1220 lanmanworkstation - ok

19:22:38.0734 1220 lbrtfdc - ok

19:22:38.0812 1220 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

19:22:38.0984 1220 LmHosts - ok

19:22:39.0000 1220 LoopBeMidi1 - ok

19:22:39.0000 1220 LRMINIPORT - ok

19:22:39.0015 1220 LVBulk - ok

19:22:39.0031 1220 lvselsus - ok

19:22:39.0046 1220 lxcf_device - ok

19:22:39.0062 1220 lxct_device - ok

19:22:39.0078 1220 macformatservice - ok

19:22:39.0078 1220 ma_cmidi_installerservice - ok

19:22:39.0125 1220 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

19:22:39.0140 1220 MBAMProtector - ok

19:22:39.0312 1220 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

19:22:39.0390 1220 MBAMService - ok

19:22:39.0421 1220 mcafeeantispyware - ok

19:22:39.0437 1220 megamonitorsrv - ok

19:22:39.0468 1220 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

19:22:39.0640 1220 Messenger - ok

19:22:39.0656 1220 mfeapfk - ok

19:22:39.0765 1220 MFE_RR - ok

19:22:39.0781 1220 mgisvr - ok

19:22:39.0843 1220 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

19:22:40.0000 1220 mnmdd - ok

19:22:40.0046 1220 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

19:22:40.0187 1220 mnmsrvc - ok

19:22:40.0218 1220 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

19:22:40.0375 1220 Modem - ok

19:22:40.0406 1220 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:22:40.0562 1220 Mouclass - ok

19:22:40.0593 1220 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

19:22:40.0750 1220 mouhid - ok

19:22:40.0796 1220 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

19:22:40.0937 1220 MountMgr - ok

19:22:40.0953 1220 mraid35x - ok

19:22:40.0968 1220 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:22:41.0125 1220 MRxDAV - ok

19:22:41.0187 1220 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

19:22:41.0234 1220 MRxSmb - ok

19:22:41.0250 1220 MS1000 - ok

19:22:41.0296 1220 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

19:22:41.0437 1220 MSDTC - ok

19:22:41.0453 1220 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

19:22:41.0609 1220 Msfs - ok

19:22:41.0625 1220 MSIServer - ok

19:22:41.0640 1220 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:22:41.0812 1220 MSKSSRV - ok

19:22:41.0843 1220 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:22:42.0015 1220 MSPCLOCK - ok

19:22:42.0046 1220 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

19:22:42.0203 1220 MSPQM - ok

19:22:42.0250 1220 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:22:42.0406 1220 mssmbios - ok

19:22:42.0437 1220 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

19:22:42.0484 1220 Mup - ok

19:22:42.0546 1220 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

19:22:42.0718 1220 napagent - ok

19:22:42.0718 1220 navapsvc - ok

19:22:42.0765 1220 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

19:22:42.0906 1220 NDIS - ok

19:22:42.0953 1220 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:22:43.0015 1220 NdisTapi - ok

19:22:43.0031 1220 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:22:43.0187 1220 Ndisuio - ok

19:22:43.0218 1220 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:22:43.0359 1220 NdisWan - ok

19:22:43.0421 1220 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

19:22:43.0484 1220 NDProxy - ok

19:22:43.0500 1220 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

19:22:43.0640 1220 NetBIOS - ok

19:22:43.0687 1220 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\drivers\netbt.sys

19:22:43.0828 1220 NetBT - ok

19:22:43.0843 1220 netcfgsvr - ok

19:22:43.0890 1220 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

19:22:44.0031 1220 NetDDE - ok

19:22:44.0031 1220 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

19:22:44.0187 1220 NetDDEdsdm - ok

19:22:44.0218 1220 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

19:22:44.0359 1220 Netlogon - ok

19:22:44.0515 1220 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

19:22:44.0687 1220 Netman - ok

19:22:44.0796 1220 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:22:44.0812 1220 NetTcpPortSharing - ok

19:22:44.0828 1220 nhcDriverDevice - ok

19:22:44.0843 1220 niorbk - ok

19:22:44.0906 1220 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

19:22:45.0062 1220 Nla - ok

19:22:45.0078 1220 nmservice - ok

19:22:45.0156 1220 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

19:22:45.0375 1220 Npfs - ok

19:22:45.0390 1220 Nsynas32 - ok

19:22:45.0453 1220 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

19:22:45.0625 1220 Ntfs - ok

19:22:45.0671 1220 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

19:22:45.0843 1220 NtLmSsp - ok

19:22:45.0890 1220 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

19:22:46.0046 1220 NtmsSvc - ok

19:22:46.0093 1220 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

19:22:46.0250 1220 Null - ok

19:22:46.0250 1220 nvenetfd - ok

19:22:46.0265 1220 nvrd64 - ok

19:22:46.0281 1220 nvsvc - ok

19:22:46.0312 1220 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:22:46.0453 1220 NwlnkFlt - ok

19:22:46.0468 1220 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:22:46.0609 1220 NwlnkFwd - ok

19:22:46.0625 1220 ofcservice - ok

19:22:46.0640 1220 OracleOraHome92ClientCache - ok

19:22:46.0656 1220 oracleorahome92tnslistener - ok

19:22:46.0750 1220 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:22:46.0765 1220 ose - ok

19:22:46.0765 1220 ownershipprotocol - ok

19:22:46.0781 1220 p2pgasvc - ok

19:22:46.0796 1220 p2psvc - ok

19:22:46.0859 1220 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

19:22:47.0015 1220 P3 - ok

19:22:47.0093 1220 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

19:22:47.0359 1220 Parport - ok

19:22:47.0390 1220 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

19:22:47.0609 1220 PartMgr - ok

19:22:47.0640 1220 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

19:22:47.0796 1220 ParVdm - ok

19:22:47.0828 1220 passthru - ok

19:22:47.0921 1220 PCA (2a42ddaeaae7743c55a3fa68a7ad9538) C:\WINDOWS\SMINST\PCAngel.exe

19:22:47.0937 1220 PCA ( UnsignedFile.Multi.Generic ) - warning

19:22:47.0937 1220 PCA - detected UnsignedFile.Multi.Generic (1)

19:22:47.0968 1220 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

19:22:48.0109 1220 PCI - ok

19:22:48.0125 1220 PCIDump - ok

19:22:48.0156 1220 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

19:22:48.0296 1220 PCIIde - ok

19:22:48.0328 1220 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

19:22:48.0468 1220 Pcmcia - ok

19:22:48.0484 1220 pcx1nd5 - ok

19:22:48.0484 1220 PDCOMP - ok

19:22:48.0500 1220 PDExchange - ok

19:22:48.0593 1220 pdfcDispatcher - ok

19:22:48.0609 1220 PDFRAME - ok

19:22:48.0625 1220 pdlndoem - ok

19:22:48.0640 1220 PDRELI - ok

19:22:48.0640 1220 PDRFRAME - ok

19:22:48.0656 1220 perc2 - ok

19:22:48.0671 1220 perc2hib - ok

19:22:48.0703 1220 personalsecuredriveservice - ok

19:22:48.0718 1220 pfmodnt - ok

19:22:48.0765 1220 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

19:22:48.0875 1220 PlugPlay - ok

19:22:48.0890 1220 pmem - ok

19:22:48.0906 1220 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

19:22:49.0109 1220 PolicyAgent - ok

19:22:49.0109 1220 ppmoucls - ok

19:22:49.0140 1220 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:22:49.0296 1220 PptpMiniport - ok

19:22:49.0312 1220 prismxl - ok

19:22:49.0312 1220 prosync1 - ok

19:22:49.0328 1220 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

19:22:49.0593 1220 ProtectedStorage - ok

19:22:49.0609 1220 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

19:22:49.0750 1220 PSched - ok

19:22:49.0750 1220 PSI_SVC_2 - ok

19:22:49.0796 1220 PTDCBus - ok

19:22:49.0828 1220 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:22:49.0984 1220 Ptilink - ok

19:22:50.0000 1220 pvservice - ok

19:22:50.0000 1220 qcmerced - ok

19:22:50.0015 1220 ql1080 - ok

19:22:50.0031 1220 Ql10wnt - ok

19:22:50.0046 1220 ql12160 - ok

19:22:50.0062 1220 ql1240 - ok

19:22:50.0078 1220 ql1280 - ok

19:22:50.0078 1220 radclock - ok

19:22:50.0109 1220 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:22:50.0265 1220 RasAcd - ok

19:22:50.0296 1220 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

19:22:50.0500 1220 RasAuto - ok

19:22:50.0531 1220 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:22:50.0718 1220 Rasl2tp - ok

19:22:50.0781 1220 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

19:22:50.0921 1220 RasMan - ok

19:22:50.0937 1220 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:22:51.0109 1220 RasPppoe - ok

19:22:51.0156 1220 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

19:22:51.0281 1220 Raspti - ok

19:22:51.0312 1220 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:22:51.0453 1220 Rdbss - ok

19:22:51.0484 1220 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:22:51.0625 1220 RDPCDD - ok

19:22:51.0640 1220 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

19:22:51.0796 1220 rdpdr - ok

19:22:51.0828 1220 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

19:22:51.0875 1220 RDPWD - ok

19:22:51.0906 1220 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

19:22:52.0062 1220 RDSessMgr - ok

19:22:52.0109 1220 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

19:22:52.0250 1220 RemoteAccess - ok

19:22:52.0296 1220 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

19:22:52.0468 1220 RemoteRegistry - ok

19:22:52.0515 1220 riomsc - ok

19:22:52.0531 1220 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

19:22:52.0781 1220 RpcLocator - ok

19:22:52.0843 1220 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

19:22:52.0984 1220 RpcSs - ok

19:22:53.0015 1220 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

19:22:53.0171 1220 RSVP - ok

19:22:53.0187 1220 s716mdfl - ok

19:22:53.0234 1220 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

19:22:53.0375 1220 SamSs - ok

19:22:53.0390 1220 savrtpel - ok

19:22:53.0390 1220 scarddrv - ok

19:22:53.0437 1220 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

19:22:53.0625 1220 SCardSvr - ok

19:22:53.0671 1220 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

19:22:53.0843 1220 Schedule - ok

19:22:53.0890 1220 SCR33x USB Smart Card Reader - ok

19:22:53.0937 1220 SCR3xx USB Smart Card Reader (a2b0f1ad2919b13c7eb0fc743492bfd1) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys

19:22:54.0000 1220 SCR3xx USB Smart Card Reader - ok

19:22:54.0000 1220 SE2Cbus - ok

19:22:54.0046 1220 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:22:54.0109 1220 Secdrv - ok

19:22:54.0140 1220 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

19:22:54.0296 1220 seclogon - ok

19:22:54.0312 1220 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

19:22:54.0468 1220 SENS - ok

19:22:54.0515 1220 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

19:22:54.0656 1220 serenum - ok

19:22:54.0718 1220 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

19:22:55.0015 1220 Sfloppy - ok

19:22:55.0062 1220 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

19:22:55.0234 1220 SharedAccess - ok

19:22:55.0281 1220 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

19:22:55.0312 1220 ShellHWDetection - ok

19:22:55.0328 1220 ShockMgr - ok

19:22:55.0328 1220 Simbad - ok

19:22:55.0343 1220 sit_prt - ok

19:22:55.0359 1220 slabbus - ok

19:22:55.0375 1220 smartscaps - ok

19:22:55.0375 1220 SMCB000 - ok

19:22:55.0390 1220 smcirda - ok

19:22:55.0406 1220 smrt - ok

19:22:55.0421 1220 sony_ssm.sys - ok

19:22:55.0421 1220 Sparrow - ok

19:22:55.0437 1220 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

19:22:55.0578 1220 splitter - ok

19:22:55.0640 1220 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

19:22:55.0671 1220 Spooler - ok

19:22:55.0781 1220 SQLWriter (9263c8898732e2b890f7e954e7729ab7) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

19:22:55.0796 1220 SQLWriter - ok

19:22:55.0828 1220 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

19:22:55.0890 1220 sr - ok

19:22:55.0953 1220 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

19:22:56.0046 1220 srservice - ok

19:22:56.0093 1220 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

19:22:56.0156 1220 Srv - ok

19:22:56.0187 1220 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

19:22:56.0250 1220 SSDPSRV - ok

19:22:56.0296 1220 STC2DFU (594898b175b8b7d2897a71227d4bbda1) C:\WINDOWS\system32\DRIVERS\Stc2Dfu.SYS

19:22:56.0343 1220 STC2DFU - ok

19:22:56.0359 1220 sthda - ok

19:22:56.0406 1220 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

19:22:56.0578 1220 stisvc - ok

19:22:56.0593 1220 stllssvr - ok

19:22:56.0609 1220 stylexphelper - ok

19:22:56.0625 1220 surveyor - ok

19:22:56.0656 1220 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

19:22:56.0812 1220 swenum - ok

19:22:56.0843 1220 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

19:22:57.0000 1220 swmidi - ok

19:22:57.0015 1220 SwPrv - ok

19:22:57.0078 1220 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

19:22:57.0234 1220 symc810 - ok

19:22:57.0250 1220 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

19:22:57.0406 1220 symc8xx - ok

19:22:57.0421 1220 SymIM - ok

19:22:57.0484 1220 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys

19:22:57.0484 1220 Symmpi ( UnsignedFile.Multi.Generic ) - warning

19:22:57.0484 1220 Symmpi - detected UnsignedFile.Multi.Generic (1)

19:22:57.0500 1220 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

19:22:57.0718 1220 sym_hi - ok

19:22:57.0734 1220 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

19:22:57.0875 1220 sym_u3 - ok

19:22:57.0906 1220 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

19:22:58.0046 1220 sysaudio - ok

19:22:58.0062 1220 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

19:22:58.0218 1220 SysmonLog - ok

19:22:58.0218 1220 tabletservice - ok

19:22:58.0250 1220 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

19:22:58.0406 1220 TapiSrv - ok

19:22:58.0421 1220 tavsvc - ok

19:22:58.0453 1220 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:22:58.0484 1220 Tcpip - ok

19:22:58.0515 1220 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

19:22:58.0640 1220 TDPIPE - ok

19:22:58.0656 1220 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

19:22:58.0812 1220 TDTCP - ok

19:22:58.0828 1220 teefer2 - ok

19:22:58.0859 1220 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

19:22:59.0015 1220 TermDD - ok

19:22:59.0078 1220 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

19:22:59.0234 1220 TermService - ok

19:22:59.0281 1220 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

19:22:59.0312 1220 Themes - ok

19:22:59.0312 1220 tifm21 - ok

19:22:59.0375 1220 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

19:22:59.0500 1220 TlntSvr - ok

19:22:59.0500 1220 tmactmon - ok

19:22:59.0515 1220 toddsrv - ok

19:22:59.0531 1220 tomcatcws3 - ok

19:22:59.0546 1220 TosIde - ok

19:22:59.0546 1220 TPECioCtl - ok

19:22:59.0562 1220 tpsrv - ok

19:22:59.0593 1220 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

19:22:59.0781 1220 TrkWks - ok

19:22:59.0796 1220 TVALG - ok

19:22:59.0812 1220 tvalz - ok

19:22:59.0859 1220 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

19:23:00.0078 1220 Udfs - ok

19:23:00.0093 1220 ultra - ok

19:23:00.0125 1220 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

19:23:00.0281 1220 upnphost - ok

19:23:00.0296 1220 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

19:23:00.0437 1220 UPS - ok

19:23:00.0468 1220 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:23:00.0625 1220 usbccgp - ok

19:23:00.0671 1220 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:23:00.0812 1220 usbehci - ok

19:23:00.0828 1220 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:23:00.0984 1220 usbhub - ok

19:23:01.0015 1220 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

19:23:01.0156 1220 usbscan - ok

19:23:01.0187 1220 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:23:01.0328 1220 USBSTOR - ok

19:23:01.0359 1220 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

19:23:01.0500 1220 usbuhci - ok

19:23:01.0515 1220 vet-filt - ok

19:23:01.0531 1220 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

19:23:01.0687 1220 VgaSave - ok

19:23:01.0703 1220 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

19:23:01.0859 1220 ViaIde - ok

19:23:01.0875 1220 vmparport - ok

19:23:01.0906 1220 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

19:23:02.0078 1220 VolSnap - ok

19:23:02.0093 1220 vpcnets2 - ok

19:23:02.0109 1220 VrAcFil - ok

19:23:02.0125 1220 vsmon - ok

19:23:02.0171 1220 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

19:23:02.0250 1220 VSS - ok

19:23:02.0250 1220 vvoice - ok

19:23:02.0265 1220 vwkernel - ok

19:23:02.0281 1220 VX3000 - ok

19:23:02.0296 1220 vxsvc - ok

19:23:02.0328 1220 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

19:23:02.0468 1220 W32Time - ok

19:23:02.0484 1220 W8100PCI - ok

19:23:02.0500 1220 w810mdm - ok

19:23:02.0515 1220 w810obex - ok

19:23:02.0531 1220 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:23:02.0656 1220 Wanarp - ok

19:23:02.0671 1220 Wdf01000 - ok

19:23:02.0687 1220 WDICA - ok

19:23:02.0703 1220 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

19:23:02.0843 1220 wdmaud - ok

19:23:02.0875 1220 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

19:23:03.0031 1220 WebClient - ok

19:23:03.0062 1220 wencrservice - ok

19:23:03.0062 1220 wg3n - ok

19:23:03.0125 1220 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

19:23:03.0265 1220 winmgmt - ok

19:23:03.0296 1220 WINUSB - ok

19:23:03.0296 1220 winvnc4 - ok

19:23:03.0312 1220 wltrysvc - ok

19:23:03.0359 1220 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll

19:23:03.0500 1220 WmdmPmSN - ok

19:23:03.0578 1220 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

19:23:03.0640 1220 Wmi - ok

19:23:03.0671 1220 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

19:23:03.0812 1220 WmiApSrv - ok

19:23:03.0890 1220 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

19:23:04.0031 1220 WS2IFSL - ok

19:23:04.0046 1220 WscNetDr - ok

19:23:04.0093 1220 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

19:23:04.0234 1220 wscsvc - ok

19:23:04.0265 1220 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

19:23:04.0437 1220 wuauserv - ok

19:23:04.0453 1220 wwnetdde - ok

19:23:04.0515 1220 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

19:23:04.0687 1220 WZCSVC - ok

19:23:04.0703 1220 xfactorae1 - ok

19:23:04.0734 1220 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

19:23:04.0890 1220 xmlprov - ok

19:23:04.0906 1220 XUIF - ok

19:23:04.0921 1220 zpnodecollector - ok

19:23:04.0937 1220 {834170a7-af3b-4d34-a757-e05eb29ee96d} - ok

19:23:04.0937 1220 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok

19:23:04.0953 1220 MBR (0x1B8) (0c808e7238c810543120b2dc771ed1ba) \Device\Harddisk0\DR0

19:23:05.0203 1220 \Device\Harddisk0\DR0 - ok

19:23:05.0218 1220 Boot (0x1200) (b592005a6acea05ce3192ccd058969c4) \Device\Harddisk0\DR0\Partition0

19:23:05.0218 1220 \Device\Harddisk0\DR0\Partition0 - ok

19:23:05.0218 1220 Boot (0x1200) (f1723416ca25f57dd9d95bca902cbfb2) \Device\Harddisk0\DR0\Partition1

19:23:05.0218 1220 \Device\Harddisk0\DR0\Partition1 - ok

19:23:05.0218 1220 ============================================================

19:23:05.0218 1220 Scan finished

19:23:05.0218 1220 ============================================================

19:23:05.0343 3048 Detected object count: 7

19:23:05.0343 3048 Actual detected object count: 7

19:26:46.0656 3048 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 d347bus ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 d347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 d347prt ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 d347prt ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 DkLogger ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 DkLogger ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 DkTknSrv ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 DkTknSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 PCA ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 PCA ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:27:42.0546 0536 Deinitialize success

СТЪПКА 3

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-07 19:33:48

-----------------------------

19:33:48.296 OS Version: Windows 5.1.2600 Service Pack 3

19:33:48.296 Number of processors: 1 586 0x1601

19:33:48.296 ComputerName: PLAMENKARAINOVA UserName: Plamenka

19:33:52.406 Initialize success

19:33:55.531 AVAST engine defs: 12040700

19:35:19.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

19:35:19.843 Disk 0 Vendor: SAMSUNG_HD161HJ JF100-20 Size: 152627MB BusType: 3

19:35:19.859 Disk 0 MBR read successfully

19:35:19.875 Disk 0 MBR scan

19:35:19.875 Disk 0 unknown MBR code

19:35:19.875 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 142365 MB offset 63

19:35:19.906 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10244 MB offset 291579750

19:35:19.921 Disk 0 scanning sectors +312560640

19:35:19.968 Disk 0 scanning C:\WINDOWS\system32\drivers

19:35:32.953 Service scanning

19:35:45.953 Modules scanning

19:35:51.953 Disk 0 trace - called modules:

19:35:51.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

19:35:51.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d7d998]

19:35:51.968 3 CLASSPNP.SYS[f85f4fd7] -> nt!IofCallDriver -> \Device\0000005f[0x82d7ef18]

19:35:51.968 5 ACPI.sys[f8465620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82d8b3a0]

19:35:52.218 AVAST engine scan C:\

19:46:05.484 File: C:\old\Program Files\Symantec_Client_Security\Symantec AntiVirus\qsinfo.dll **INFECTED** Win32:MalOb-HG [Cryp]

21:38:48.718 Scan finished successfully

09:47:54.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Plamenka\Desktop\OTL\MBR.dat"

09:47:54.750 The log file has been saved successfully to "C:\Documents and Settings\Plamenka\Desktop\OTL\aswMBR.txt"

СТЪПКА 4

Farbar Service Scanner Version: 01-03-2012

Ran by Plamenka (administrator) on 08-04-2012 at 09:49:56

Running from "C:\Documents and Settings\Plamenka\Desktop"

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

aswTdi(8) Gpc(6) IPSec(4) NetBT(9) PSched(7) Tcpip(3)

0x09000000040000000100000002000000030000000800000056000000050000000600000007000000

IpSec Tag value is correct.

**** End of log ****

OTL.Txt

Extras.Txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

здравейте,

ТОВА НОРМАЛНО ЛИ Е ???

След стартиране на OTL, Copy/ Paste и Run Fix

в статус бара на OTL изписва "Killing processes. DO NOT INTERRUPT......" и компютъра е зависнал вече повевче от час и половина /имах отворе Task Manager -от час и половина неактивен , часовника е умрял / ТОВА НОРМАЛНО ЛИ Е???

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ок, спрете инструмента и рестартирайте компютъра (може и през Task Manager-a) Рестартирайте в Safe Mode и пробвайте оттам. Спрете всички програми преди да го изпълните. В друга тема се получи същото, защото скрипта е доста дълъг. Пишете за резултатите.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не мога да изпратя лог-а. Може би е прекалено голям. Прикачвам го04102012_081747.zip Ето и MBR.DATMBR.zip

Редактирано от B-boy[StyLe]
Латиница ! (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

До тук добре.

Финални проверки...

Направете нова проверка, както е описано в този пост, стъпка 1

Прикачете лог файловете ако са много големи.

И второ:

Изтеглете GrantPerms.zip и го разархивирайте в папка по избор. Стартирайте GrantPerms.exe и въведете следната информация:

c:\windows\$NtUninstallKB3255$
C:\WINDOWS\$NtUninstallKB938828$

Натиснете Unlock и след това List Permissions. Публикувайте лог файла в следващия си пост.

Следвайте следната инструкция за работа със SystemLook:

Изтеглете SystemLook и запазете програмата на десктопа.

  • Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
  • Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:

    :dir
    c:\windows\$NtUninstallKB3255$ /s
    C:\WINDOWS\$NtUninstallKB938828$ /s
  • Кликнете на бутона Look, за да започне сканирането.
  • Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Лог фаила от OTL - OTL.zip

GrantPerms by Farbar

Ran by Plamenka (administrator) at 2012-04-10 14:57:08

===============================================

ERROR: Parsing the SD of <\\?\c:\windows\$NtUninstallKB3255$ > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

\\?\C:\WINDOWS\$NtUninstallKB938828$

Owner: BUILTIN\Administrators

DACL(NP)(AI):

BUILTIN\Administrators FULL ALLOW (CI)(OI)

NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)

BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)

BUILTIN\Users READ/EXECUTE ALLOW (I)

BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(IO)(I)

BUILTIN\Power Users change ALLOW (I)

BUILTIN\Power Users change ALLOW (CI)(OI)(IO)(I)

BUILTIN\Administrators FULL ALLOW (I)

BUILTIN\Administrators FULL ALLOW (CI)(OI)(IO)(I)

NT AUTHORITY\SYSTEM FULL ALLOW (I)

NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(IO)(I)

CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)

SystemLook 30.07.11 by jpshortstuff

Log created at 14:59 on 10/04/2012 by Plamenka

Administrator - Elevation successful

========== dir ==========

c:\windows\$NtUninstallKB3255$ - Unable to find folder.

C:\WINDOWS\$NtUninstallKB938828$ - Parameters: "/s"

---Files---

explorer.exe --a--c- 1032192 bytes [14:51 19/02/2008] [08:00 04/08/2004]

C:\WINDOWS\$NtUninstallKB938828$\spuninst d----c- [14:51 19/02/2008]

spuninst.exe --a--c- 213216 bytes [14:51 19/02/2008] [23:12 12/10/2005]

spuninst.inf --a--c- 5161 bytes [14:51 19/02/2008] [14:51 19/02/2008]

spuninst.txt --a--c- 311 bytes [14:51 19/02/2008] [14:51 19/02/2008]

updspapi.dll --a--c- 371424 bytes [14:51 19/02/2008] [23:12 12/10/2005]

-= EOF =-

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Последен напън:

  • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
  • Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
:OTL
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ctl3dv2.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\ntldr:KAVICHS
:files
dir /s /a "C:\8f1faac2df4bafcb014484efad6630ed" /c
:commands
[emptytemp]
След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл - OTL fix log. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

здравейте отново,

След два опита при които ОТЛ-то зависва както преди го пуснах в Сеив Мод

ето и резултата:

All processes killed

========== OTL ==========

Unable to delete ADS C:WINDOWSSystem32ctl3dv2.dll:KAVICHS .

Unable to delete ADS C:ntldr:KAVICHS .

========== FILES ==========

< dir /s /a "C:8f1faac2df4bafcb014484efad6630ed" /c >

Volume in drive C has no label.

Volume Serial Number is 10A9-DC13

Directory of C:8f1faac2df4bafcb014484efad6630ed

02/17/2012 04:50 PM <DIR> .

02/17/2012 04:50 PM <DIR> ..

02/17/2012 04:50 PM 788 $shtdwn$.req

01/27/2012 12:27 AM 3,650,706 mrt.exe._p

01/27/2012 12:13 AM 92,976 mrtstub.exe

3 File(s) 3,744,470 bytes

Total Files Listed:

3 File(s) 3,744,470 bytes

2 Dir(s) 126,844,305,408 bytes free

C:Documents and SettingsPlamenkaDesktopcmd.bat deleted successfully.

C:Documents and SettingsPlamenkaDesktopcmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Plamenka

->Temp folder emptied: 335644 bytes

->Temporary Internet Files folder emptied: 30964474 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 734 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32dllcache .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 483 bytes

%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 1056 bytes

%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 1289041 bytes

Total Files Cleaned = 31.00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 04182012_104103

FilesFolders moved on Reboot...

Registry entries deleted on Reboot...

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Отворете virustotal и с бутона Browse намерете файла:

C:ntldr (за този файл трябва да покажете скритите файлове)

My Computer => Tools => Folder Options => View => Hidden files and folders => слагате радиобутона пред Show Hidden FIles and Folders

My Computer => Tools => Folder Options => View => Hide protected operating system files(recommended) => премахнете отметката

Натиснете бутона SEND.

Ако файла вече е анализирам, моля натиснете Reanalyse.

Повторете стъпките за този файл:

C:WINDOWSSystem32ctl3dv2.dll

Публикувайте резултатите от проверката за този файл в следващяи си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

SHA256: 644335c778eed2c2acb701657fb337cef93bde486650878d3c6ebc2ac4d4a447 SHA1: cb8c794dbe38d7bbe79e992823678e493370e975 MD5: c1b29b4e6eea9510610db2ec4d6db160 File size: 244.2 KB ( 250048 bytes ) File name: C:ntldr File type: DOS EXE Detection ratio: 1 / 42 Analysis date: 2012-04-20 10:32:31 UTC ( 3 минути ago ) More details Antivirus Result Update AhnLab-V3 - 20120420 AntiVir - 20120420 Antiy-AVL - 20120420 Avast - 20120420 AVG - 20120420 BitDefender - 20120420 ByteHero - 20120417 CAT-QuickHeal - 20120420 ClamAV - 20120419 Commtouch - 20120420 Comodo - 20120420 DrWeb - 20120420 Emsisoft - 20120420 eSafe - 20120419 eTrust-Vet - 20120420 F-Prot - 20120420 F-Secure - 20120420 Fortinet - 20120420 GData - 20120420 Ikarus - 20120420 Jiangmin - 20120420 K7AntiVirus - 20120418 Kaspersky - 20120420 McAfee - 20120420 McAfee-GW-Edition Heuristic.BehavesLike.Exploit.CodeExec.O 20120420 Microsoft - 20120420 NOD32 - 20120420 Norman - 20120420 nProtect - 20120420 Panda - 20120420 PCTools - 20120420 Rising - 20120420 Sophos - 20120420 SUPERAntiSpyware - 20120402 Symantec - 20120420 TheHacker - 20120420 TrendMicro - 20120420 TrendMicro-HouseCall - 20120420 VBA32 - 20120419 VIPRE - 20120420 ViRobot - 20120420 VirusBuster - 20120420 SHA256: 3387135a5075439b9238d6c486b047d4dba8d9a6d1dad6bb74050347c70616db SHA1: 17155dedec7d8cd7aa305e204c489c6bc3060cf7 MD5: 637d88e7a1bedc4457c80dbc8ba9f135 File size: 26.6 KB ( 27200 bytes ) File name: C:WINDOWSsystem32ctl3dv2.dll File type: Win16 EXE Detection ratio: 0 / 42 Analysis date: 2012-04-20 10:43:13 UTC ( 2 минути ago ) More details Antivirus Result Update AhnLab-V3 - 20120420 AntiVir - 20120420 Antiy-AVL - 20120420 Avast - 20120420 AVG - 20120420 BitDefender - 20120420 ByteHero - 20120417 CAT-QuickHeal - 20120420 ClamAV - 20120419 Commtouch - 20120420 Comodo - 20120420 DrWeb - 20120420 Emsisoft - 20120420 eSafe - 20120419 eTrust-Vet - 20120420 F-Prot - 20120420 F-Secure - 20120420 Fortinet - 20120420 GData - 20120420 Ikarus - 20120420 Jiangmin - 20120420 K7AntiVirus - 20120418 Kaspersky - 20120420 McAfee - 20120420 McAfee-GW-Edition - 20120420 Microsoft - 20120420 NOD32 - 20120420 Norman - 20120420 nProtect - 20120420 Panda - 20120420 PCTools - 20120420 Rising - 20120420 Sophos - 20120420 SUPERAntiSpyware - 20120402 Symantec - 20120420 TheHacker - 20120420 TrendMicro - 20120420 TrendMicro-HouseCall - 20120420 VBA32 - 20120419 VIPRE - 20120420 ViRobot - 20120420 VirusBuster - 20120420

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не искам да ми копирате резултатите... Може ли да ми дадете линковете към самите резултати от проверката ? :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Така. Мисля че може да пропуснем последните стъпки. Упоритите ADS потоци не искат да се премахнат заради проблеми с правата на линкнатите два обекта. Можем да: - Пробваме да взема права над тези обекти и да премахнем ADS потоците. - Да не се занимаваме с тях - безредни са - размера е под минималния за създаване на изпълним код. - Създадени са от Kaspersky 5 - стартите версии създаваха такива потоци. Безопасни са, но malware по-принцип може да се възползва от тях и затова в новите версии на Kaspersky няма такива потоци. Можем да пробваме да почистим остатъците от Kaspersky и да видим дали това ще помогне (с някой инструмент за деинсталация). Така или иначе компютъра вече е чист. Някакви други проблеми преди финалните ми съвети. :)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

За сега няма други проблеми. :) Ако ми препоръчате деинсталатор бих пробвал да почистя остатаците от Kaspersky 5. Благодаря за помоща!

Редактирано от i5o (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

По едно време ми се намираха някакви конкретни деинсталатори за версия 5, но сега нещо не ги намирам...

Все пак почистете остатъците с тези:

kavremover.exe (трябва да въведете кода показан при стартиране на инструмента. Оставете да премахне всички познати продукти).

KAV_REGISTRY_CLEANER (разархивирайте в папка по избор и стартирайте exe-то).

KisKav6Remove.zip (разархивирайте в папка по избор и старайте exe-то).

Рестартирайте след почистването.

За ADS потоците се сетих, че от Kaspersky имат инструмент и за тях.

Изтеглете този инструмент - Klstreamremover.zip

Разархивирайте го в C:

След това от Start => Run => напишете командата - C:Klstreamremover.exe –r

Натиснете Enter и рестартирайте.

После отговорете как е минало и ще дам финалните си съвети.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте, Извинявам се за дългото време преди отговора ми. Пуснах всички инструменти и почистването премина без проблеми. Очаквам вашите съвети. Благодаря.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте, Ами то няма какво повече да се прави, но все пак ще ми е любопитно дали stream-овете са били успешно премахнати. И да не са, не е голям проблем, но ако ви се занимава пуснете нова проверка с OTL и публикувайте резултатите... Ако пък искате да приключваме ще пиша как да деинсталирате използваните от нас неща.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

OTL logfile created on: 5/17/2012 3:54:26 PM - Run 3

OTL by OldTimer - Version 3.2.39.2 Folder = C:Documents and SettingsPlamenkaDesktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000402 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.42 Mb Total Physical Memory | 243.78 Mb Available Physical Memory | 48.52% Memory free

1.20 Gb Paging File | 0.84 Gb Available in Paging File | 70.30% Paging File free

Paging file location(s): C:pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 139.03 Gb Total Space | 114.59 Gb Free Space | 82.42% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 8.20 Gb Free Space | 82.01% Space Free | Partition Type: NTFS

Drive I: | 16.94 Gb Total Space | 1.24 Gb Free Space | 7.33% Space Free | Partition Type: NTFS

Drive T: | 16.94 Gb Total Space | 1.24 Gb Free Space | 7.33% Space Free | Partition Type: NTFS

Drive W: | 16.94 Gb Total Space | 1.24 Gb Free Space | 7.33% Space Free | Partition Type: NTFS

Computer Name: PLAMENKARAINOVA | User Name: Plamenka | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/10 14:21:44 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsPlamenkaDesktopOTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe

PRC - [2012/03/07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:Program FilesAVAST SoftwareAvastAvastUI.exe

PRC - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:Program FilesAVAST SoftwareAvastAvastSvc.exe

PRC - [2010/12/16 17:19:34 | 002,402,512 | ---- | M] (IObit) -- C:Program FilesIObitAdvanced SystemCare 3AWC.exe

PRC - [2008/04/14 03:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe

PRC - [2007/01/05 06:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe

PRC - [2006/04/24 21:42:06 | 000,888,832 | ---- | M] () -- C:WINDOWSSMINSTScheduler.exe

PRC - [2006/01/05 14:34:56 | 000,061,440 | ---- | M] (Siemens AG) -- C:Program FilesSiemensCard APIbinsiecacst.exe

PRC - [2003/09/12 23:55:10 | 000,234,496 | ---- | M] (DOSPRN) -- C:Program FilesDosprnDOSprn.exe

PRC - [2003/05/13 04:58:00 | 000,475,136 | R--- | M] (Datakey, Inc.) -- C:WINDOWSsystem32dkcktkn.exe

PRC - [2003/05/13 04:52:00 | 000,143,360 | R--- | M] (Datakey, Inc.) -- C:Program FilesDatakeyCrypt32dkMonitor.exe

PRC - [2003/05/13 04:48:00 | 000,245,760 | R--- | M] (Datakey, Inc.) -- C:Program FilesDatakeyCrypt32dkAutoReg.exe

PRC - [2003/05/13 04:37:00 | 000,102,400 | R--- | M] (Datakey, Inc.) -- C:WINDOWSsystem32dklog.exe

PRC - [2000/12/30 13:39:58 | 000,151,552 | ---- | M] () -- C:WINDOWSDatecsFlex2K.exe

PRC - [2000/09/13 11:51:58 | 000,192,512 | ---- | M] (The Webshots Corporation) -- C:Program FilesWebshotsWebshotsTray.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/16 22:46:16 | 001,759,232 | ---- | M] () -- C:Program FilesAVAST SoftwareAvastdefs12051601algo.dll

MOD - [2010/01/22 15:13:30 | 000,323,160 | ---- | M] () -- C:Program FilesIObitAdvanced SystemCare 3winSkinD7R.bpl

MOD - [2010/01/22 15:13:16 | 000,045,656 | ---- | M] () -- C:Program FilesIObitAdvanced SystemCare 3CoolTrayIcon_D6plus.bpl

MOD - [2010/01/22 15:11:36 | 000,150,616 | ---- | M] () -- C:Program FilesIObitAdvanced SystemCare 3STFix.dll

MOD - [2010/01/22 15:11:30 | 000,057,432 | ---- | M] () -- C:Program FilesIObitAdvanced SystemCare 3NtfsData.dll

MOD - [2006/04/24 21:42:06 | 000,888,832 | ---- | M] () -- C:WINDOWSSMINSTScheduler.exe

MOD - [2002/12/09 09:38:28 | 000,094,274 | ---- | M] () -- C:WINDOWSsystem32HPBHEALR.DLL

MOD - [2000/12/30 13:39:58 | 000,151,552 | ---- | M] () -- C:WINDOWSDatecsFlex2K.exe

MOD - [2000/12/13 01:55:40 | 000,028,672 | ---- | M] () -- C:WINDOWSsystem32newdll.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%System32hidserv.dll -- (HidServ)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe -- (MBAMService)

SRV - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:Program FilesAVAST SoftwareAvastAvastSvc.exe -- (avast! Antivirus)

SRV - [2007/01/05 06:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe -- (IviRegMgr)

SRV - [2003/05/13 04:58:00 | 000,475,136 | R--- | M] (Datakey, Inc.) [Auto | Running] -- C:WINDOWSsystem32dkcktkn.exe -- (DkTknSrv)

SRV - [2003/05/13 04:37:00 | 000,102,400 | R--- | M] (Datakey, Inc.) [Auto | Running] -- C:WINDOWSsystem32dklog.exe -- (DkLogger)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSSCR33x.sys -- (SCR33x USB Smart Card Reader)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:WINDOWSsystem32driversmbam.sys -- (MBAMProtector)

DRV - [2012/03/07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:WINDOWSSystem32driversaswSnx.sys -- (aswSnx)

DRV - [2012/03/07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WINDOWSSystem32driversaswSP.sys -- (aswSP)

DRV - [2012/03/07 02:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WINDOWSSystem32driversaswRdr.sys -- (AswRdr)

DRV - [2012/03/07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WINDOWSSystem32driversaswTdi.sys -- (aswTdi)

DRV - [2012/03/07 02:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:WINDOWSSystem32driversaswmon2.sys -- (aswMon2)

DRV - [2012/03/07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:WINDOWSSystem32driversaswFsBlk.sys -- (aswFsBlk)

DRV - [2012/03/07 01:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WINDOWSSystem32driversaavmker4.sys -- (Aavmker4)

DRV - [2007/01/30 21:57:50 | 004,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversRtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/11/07 05:35:00 | 000,047,488 | R--- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversSCR3XX2K.sys -- (SCR3xx USB Smart Card Reader)

DRV - [2004/10/25 01:04:00 | 000,007,796 | R--- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversStc2Dfu.sys -- (STC2DFU)

DRV - [2004/08/22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:WINDOWSsystem32driversd347prt.sys -- (d347prt)

DRV - [2004/08/22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:WINDOWSsystem32driversd347bus.sys -- (d347bus)

DRV - [2004/08/03 20:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswVchNTxx.sys -- (iAimFP4)

DRV - [2004/08/03 20:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswSiINTxx.sys -- (iAimFP3)

DRV - [2004/08/03 20:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswATV10nt.sys -- (iAimTV5)

DRV - [2004/08/03 20:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswCh7xxNT.sys -- (iAimTV4)

DRV - [2004/08/03 20:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswATV06nt.sys -- (iAimTV6)

DRV - [2004/08/03 20:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswATV04nt.sys -- (iAimTV3)

DRV - [2004/08/03 20:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswATV02NT.sys -- (iAimTV1)

DRV - [2004/08/03 20:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswATV01nt.sys -- (iAimTV0)

DRV - [2004/08/03 20:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV09NT.sys -- (iAimFP7)

DRV - [2004/08/03 20:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV07nt.sys -- (iAimFP5)

DRV - [2004/08/03 20:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV08NT.sys -- (iAimFP6)

DRV - [2004/08/03 20:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversi81xnt5.sys -- (i81x)

DRV - [2004/08/03 20:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV01nt.sys -- (iAimFP0)

DRV - [2004/08/03 20:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV02NT.sys -- (iAimFP1)

DRV - [2004/08/03 20:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV05NT.sys -- (iAimFP2)

DRV - [2002/04/04 09:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32driverssymmpi.sys -- (Symmpi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.bg/

IE - HKCU..SearchScopes,DefaultScope = {C1D0976E-4F98-4B91-8B6A-1A76D5FCCC7C}

IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU..SearchScopes{C1D0976E-4F98-4B91-8B6A-1A76D5FCCC7C}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight4.1.10111.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program FilesAdobeReader 9.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - Extension: YouTube = C:Documents and SettingsPlamenkaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2_0

CHR - Extension: Google u0422u044Au0440u0441u0435u043Du0435 = C:Documents and SettingsPlamenkaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.14_0

CHR - Extension: avast! WebRep = C:Documents and SettingsPlamenkaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsicmlaeflemplmjndnaapfdbbnpncnbda7.0.1426_0

CHR - Extension: Gmail = C:Documents and SettingsPlamenkaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia6.1.3_0

O1 HOSTS File: ([2012/04/07 18:01:52 | 000,000,027 | ---- | M]) - C:WINDOWSsystem32driversetchosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll (AVAST Software)

O3 - HKLM..Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll (AVAST Software)

O4 - HKLM..Run: [avast] C:Program FilesAVAST SoftwareAvastavastUI.exe (AVAST Software)

O4 - HKLM..Run: [DkAutoReg.exe] C:Program FilesDatakeyCrypt32dkAutoReg.exe (Datakey, Inc.)

O4 - HKLM..Run: [DkMonitor.exe] C:Program FilesDatakeyCrypt32dkMonitor.exe (Datakey, Inc.)

O4 - HKLM..Run: [DkStartup] C:Program FilesDatakeyCrypt32DkStartup.exe (Datakey, Inc.)

O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRecguard.exe ()

O4 - HKLM..Run: [Reminder] C:WINDOWSCREATORRemind_XP.exe ()

O4 - HKLM..Run: [scheduler] C:WINDOWSSMINSTScheduler.exe ()

O4 - HKLM..Run: [setRefresh] C:Program FilesCompaqSetRefreshSetRefresh.exe (Hewlett-Packard Company)

O4 - HKCU..Run: [Advanced SystemCare 3] C:Program FilesIObitAdvanced SystemCare 3AWC.exe (IObit)

O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupFlexType 2K.lnk = C:WINDOWSDatecsFlex2K.exe ()

O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupHiPath SIcurity Card API.lnk = C:Program FilesSiemensCard APIbinsiecacst.exe (Siemens AG)

O4 - Startup: C:Documents and SettingsPlamenkaStart MenuProgramsStartupDOSprn.lnk = C:Program FilesDosprnDOSprn.exe (DOSPRN)

O4 - Startup: C:Documents and SettingsPlamenkaStart MenuProgramsStartupWebshots.lnk = C:Program FilesWebshotsWebshotsTray.exe (The Webshots Corporation)

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerInfodelivery present

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoResolveSearch = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binnpjpi160_01.dll (Sun Microsystems, Inc.)

O16 - DPF: {167248DA-0F88-4DE1-B4B1-45176751026D} https://bs.b-trust.org/wl-dl/bs/js/renew/CertManX.cab (CertManX Control)

O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://srl.nssi.bg/ExtUsers/viewer/activeXViewer/activexviewer.cab (Crystal Report Viewer Control 9)

O16 - DPF: {4DB62416-BC86-4439-B5BA-366948F47C8D} https://bs.b-trust.org/wl-dl/bs/js/sign/SCManagerX.cab (SCManagerX Control)

O16 - DPF: {500A3316-5B0E-4253-BBE5-CE3F11A1AE71} https://inetdec.nra.bg/dds/InetVAT5Frm.cab (InetVAT5Form Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {97EA2A5E-A821-48A1-B0F9-DEDB5E0E62A2} https://inetdec.nra.bg/cabs/SignCOM.cab (SignedFile Object)

O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} https://www.extri.bg/capicom.cab (Settings Class)

O16 - DPF: {C186F386-6FC6-414C-AB53-975FB0EB15C1} http://v.netlogstatic.com/v5.00/2995//s/e/Aurigma/ImageUploaderPHP/PhotoUploader.cab (Photo Uploader Control)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{02B9B549-6E76-4467-94AD-2664E3FE96D2}: NameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WINDOWSexplorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) - C:WINDOWSsystem32userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:Documents and SettingsPlamenkaLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O24 - Desktop BackupWallPaper: C:Documents and SettingsPlamenkaLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = ComFile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 08:55:34 | 000,000,000 | ---D | C] -- C:Documents and SettingsPlamenkaDesktopНова папка

[2012/04/20 08:23:37 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32mucltui.dll

[2012/04/20 08:23:37 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32mucltui.dll.mui

[2012/04/19 08:54:58 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsMicrosoft Silverlight

[2012/04/19 08:54:52 | 000,000,000 | ---D | C] -- C:Program FilesMicrosoft Silverlight

========== Files - Modified Within 30 Days ==========

[2012/05/17 15:50:02 | 000,001,946 | ---- | M] () -- C:WINDOWSwebshots.ini

[2012/05/17 15:11:01 | 000,000,890 | ---- | M] () -- C:WINDOWS asksGoogleUpdateTaskMachineUA.job

[2012/05/17 14:26:20 | 000,000,428 | -H-- | M] () -- C:WINDOWS asksUser_Feed_Synchronization-{6482A737-AA76-49D9-B493-A348479543DB}.job

[2012/05/17 12:24:45 | 000,001,158 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl

[2012/05/17 12:24:18 | 000,000,886 | ---- | M] () -- C:WINDOWS asksGoogleUpdateTaskMachineCore.job

[2012/05/17 12:23:52 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat

[2012/05/17 12:23:51 | 526,897,152 | -HS- | M] () -- C:hiberfil.sys

[2012/05/17 08:28:55 | 000,001,813 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopGoogle Chrome.lnk

[2012/05/17 08:12:05 | 003,932,214 | ---- | M] () -- C:WINDOWSwebshots.bmp

[2012/05/15 16:03:40 | 000,471,628 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat

[2012/05/15 16:03:40 | 000,083,692 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat

[2012/05/15 14:24:14 | 000,002,425 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopДекларации Обр.1 и 6.lnk

[2012/04/26 08:38:26 | 000,000,680 | ---- | M] () -- C:Documents and SettingsPlamenkaStart MenuProgramsStartupWebshots.lnk

[2012/04/26 08:33:39 | 000,278,944 | ---- | M] () -- C:WINDOWSSystem32FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/04/26 16:52:52 | 000,016,448 | ---- | C] () -- C:KLStreamRemover.exe

[2012/04/18 10:43:40 | 526,897,152 | -HS- | C] () -- C:hiberfil.sys

[2012/04/05 11:40:26 | 000,256,000 | ---- | C] () -- C:WINDOWSPEV.exe

[2012/04/05 11:40:26 | 000,208,896 | ---- | C] () -- C:WINDOWSMBR.exe

[2012/04/05 11:40:26 | 000,098,816 | ---- | C] () -- C:WINDOWSsed.exe

[2012/04/05 11:40:26 | 000,080,412 | ---- | C] () -- C:WINDOWSgrep.exe

[2012/04/05 11:40:26 | 000,068,096 | ---- | C] () -- C:WINDOWSzip.exe

[2012/02/17 09:23:28 | 000,003,072 | ---- | C] () -- C:WINDOWSSystem32iacenc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:WINDOWSSystem32ctl3dv2.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:ntldr:KAVICHS

< End of report >

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Подобни теми

    • от v3cko
      malwarbytes засече троянец и други гадинки
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.08.2018
      Ran by BECKO (administrator) on BECKO-PC (12-08-2018 08:46:39)
      Running from C:\Users\BECKO\Downloads
      Loaded Profiles: BECKO (Available Profiles: BECKO)
      Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Английски (Съединени щати)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
      (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      (Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
      (Microsoft Corporation) C:\Windows\System32\rundll32.exe
      (Intel Corporation) C:\Windows\System32\igfxtray.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
      (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
      (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2018-08-11] (Synaptics Incorporated)
      HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\...\Run: [Chromium] => "c:\users\becko\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{4447F6FC-1164-470A-9CC4-84A798333B40}: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{566E0D37-D76E-44FA-984D-4A40BF15E2B7}: [DhcpNameServer] 192.168.0.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
      StartMenuInternet: IEXPLORE.EXE - iexplore.exe
      FireFox:
      ========
      FF ProfilePath: C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default [2018-08-12]
      FF user.js: detected! => C:\Users\BECKO\AppData\Roaming\K-Meleon\ignaeef5.default\user.js [2006-04-06]
      FF Homepage: K-Meleon\ignaeef5.default -> google.bg
      FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-08-11] ()
      FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.)
      FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-11] (Google Inc.)
      Chrome: 
      =======
      CHR HomePage: Default -> hxxp://google.bg/
      CHR StartupUrls: Default -> "hxxps://www.google.bg/"
      CHR Profile: C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default [2018-08-12]
      CHR Extension: (Презентации) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-11]
      CHR Extension: (Документи) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-11]
      CHR Extension: (Google Диск) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-11]
      CHR Extension: (YouTube) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-11]
      CHR Extension: (Adblock Plus) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-08-11]
      CHR Extension: (Таблици) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-11]
      CHR Extension: (Google Документи офлайн) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-11]
      CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-08-11]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-11]
      CHR Extension: (Gmail) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-11]
      CHR Extension: (Chrome Media Router) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-11]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1680088 2018-08-11] (Broadcom Corporation.)
      R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
      R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [175320 2018-08-11] (Broadcom Corporation.)
      S3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [144600 2018-08-11] (Broadcom Corporation.)
      R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-06-19] (Malwarebytes)
      S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [38224 2018-08-11] ()
      R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2018-08-11] (Intel Corporation)
      R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2018-08-11] (Intel Corporation)
      R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [44800 2018-08-11] (Infineon Technologies AG)
      R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2018-08-11] (Windows (R) Codename Longhorn DDK provider)
      R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [165608 2018-08-11] (Malwarebytes)
      R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [95488 2018-08-12] (Malwarebytes)
      R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [42728 2018-08-12] (Malwarebytes)
      R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-08-12] (Malwarebytes)
      R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [73336 2018-08-12] (Malwarebytes)
      R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7523840 2018-08-11] (Intel Corporation)
      R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [7424 2018-08-11] ()
      R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2018-08-12] (Zemana Ltd.)
      R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2018-08-12] (Zemana Ltd.)
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-12 08:46 - 2018-08-12 08:47 - 000008916 _____ C:\Users\BECKO\Downloads\FRST.txt
      2018-08-12 08:46 - 2018-08-12 08:46 - 000000000 ____D C:\FRST
      2018-08-12 08:44 - 2018-08-12 08:44 - 001773056 _____ (Farbar) C:\Users\BECKO\Downloads\FRST.exe
      2018-08-12 08:08 - 2018-08-12 08:46 - 000032169 _____ C:\Windows\ZAM.krnl.trace
      2018-08-12 08:08 - 2018-08-12 08:46 - 000011705 _____ C:\Windows\ZAM_Guard.krnl.trace
      2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
      2018-08-12 08:08 - 2018-08-12 08:08 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
      2018-08-12 08:08 - 2018-08-12 08:08 - 000001892 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
      2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
      2018-08-12 08:08 - 2018-08-12 08:08 - 000000000 ____D C:\Program Files\Zemana AntiMalware
      2018-08-12 08:06 - 2018-08-12 08:06 - 000000000 ____D C:\Users\BECKO\AppData\Local\Zemana
      2018-08-12 08:05 - 2018-08-12 08:05 - 006625600 _____ (Zemana Ltd. ) C:\Users\BECKO\Downloads\Zemana.AntiMalware.Setup.exe
      2018-08-12 07:45 - 2018-08-12 07:45 - 007417040 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.2.2.exe
      2018-08-12 07:44 - 2018-08-12 07:45 - 000000000 ____D C:\AdwCleaner
      2018-08-12 07:44 - 2018-08-12 07:44 - 007277776 _____ (Malwarebytes) C:\Users\BECKO\Downloads\adwcleaner_7.1.1.exe
      2018-08-12 07:12 - 2018-08-12 07:12 - 000000000 ____D C:\Users\BECKO\AppData\Local\CrashDumps
      2018-08-12 06:43 - 2018-08-12 08:36 - 000000000 ____D C:\ProgramData\RogueKiller
      2018-08-12 06:43 - 2018-08-12 08:16 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
      2018-08-12 06:42 - 2018-08-12 06:42 - 000001005 _____ C:\Users\Public\Desktop\RogueKiller.lnk
      2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
      2018-08-12 06:42 - 2018-08-12 06:42 - 000000000 ____D C:\Program Files\RogueKiller
      2018-08-12 06:41 - 2018-08-12 06:41 - 036826200 _____ (Adlice Software ) C:\Users\BECKO\Downloads\RogueKiller_setup.exe
      2018-08-12 06:39 - 2018-08-12 06:39 - 000000000 _____ C:\Users\BECKO\Downloads\RogueKiller.exe
      2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ C:\Users\BECKO\AppData\Roaming\WB.CFG
      2018-08-12 00:38 - 2018-08-11 13:48 - 000000000 ____D C:\Windows\Panther
      2018-08-12 00:32 - 2018-08-12 00:32 - 000000000 ____D C:\Windows.old
      2018-08-12 00:20 - 2018-08-12 00:20 - 000000000 ____D C:\Windows\pss
      2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
      2018-08-11 22:23 - 2018-08-11 22:23 - 000000000 ____D C:\Program Files\Synaptics
      2018-08-11 22:18 - 2018-08-11 22:18 - 000214312 _____ (Synaptics Incorporated) C:\Windows\system32\SynCtrl.dll
      2018-08-11 22:18 - 2018-08-11 22:18 - 000173352 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
      2018-08-11 22:18 - 2018-08-11 22:18 - 000120104 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo4.dll
      2018-08-11 22:14 - 2018-08-11 22:14 - 000165160 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
      2018-08-11 22:11 - 2018-08-11 22:11 - 001303728 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
      2018-08-11 22:09 - 2018-08-11 22:09 - 000046592 _____ (REDC) C:\Windows\system32\Drivers\risdptsk.sys
      2018-08-11 22:04 - 2018-08-11 22:04 - 000044800 _____ (Infineon Technologies AG) C:\Windows\system32\Drivers\ifxtpm.sys
      2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
      2018-08-11 21:57 - 2018-08-11 21:57 - 000000000 ____D C:\Program Files\AuthenTec
      2018-08-11 21:54 - 2018-08-11 21:54 - 000000000 ____D C:\Intel
      2018-08-11 21:52 - 2018-08-11 21:53 - 000571904 _____ (Intel Corporation) C:\Windows\system32\igdumdx32.dll
      2018-08-11 21:52 - 2018-08-11 21:52 - 000452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
      2018-08-11 21:51 - 2018-08-11 21:52 - 004411392 _____ (Intel Corporation) C:\Windows\system32\igd10umd32.dll
      2018-08-11 21:48 - 2018-08-11 21:51 - 011405312 _____ (Intel Corporation) C:\Windows\system32\ig4icd32.dll
      2018-08-11 21:48 - 2018-08-11 21:48 - 000004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
      2018-08-11 21:48 - 2018-08-11 21:48 - 000000268 _____ C:\Windows\system32\GfxUI.exe.config
      2018-08-11 21:47 - 2018-08-11 21:48 - 003157784 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
      2018-08-11 21:47 - 2018-08-11 21:47 - 000189552 _____ C:\Windows\system32\Gfxres.th-TH.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000121173 _____ C:\Windows\system32\Gfxres.tr-TR.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000120320 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
      2018-08-11 21:47 - 2018-08-11 21:47 - 000104044 _____ C:\Windows\system32\Gfxres.zh-TW.resources
      2018-08-11 21:47 - 2018-08-11 21:47 - 000102883 _____ C:\Windows\system32\Gfxres.zh-CN.resources
      2018-08-11 21:46 - 2018-08-11 21:47 - 000119360 _____ C:\Windows\system32\Gfxres.sv-SE.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000178407 _____ C:\Windows\system32\Gfxres.el-GR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000165395 _____ C:\Windows\system32\Gfxres.ru-RU.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000139909 _____ C:\Windows\system32\Gfxres.ar-SA.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000136401 _____ C:\Windows\system32\Gfxres.ja-JP.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000133746 _____ C:\Windows\system32\Gfxres.he-IL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000125558 _____ C:\Windows\system32\Gfxres.it-IT.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000123230 _____ C:\Windows\system32\Gfxres.ko-KR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000122927 _____ C:\Windows\system32\Gfxres.es-ES.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000122709 _____ C:\Windows\system32\Gfxres.de-DE.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000120800 _____ C:\Windows\system32\Gfxres.fr-FR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000120366 _____ C:\Windows\system32\Gfxres.pt-BR.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119616 _____ C:\Windows\system32\Gfxres.hu-HU.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119586 _____ C:\Windows\system32\Gfxres.nl-NL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000119067 _____ C:\Windows\system32\Gfxres.pt-PT.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118745 _____ C:\Windows\system32\Gfxres.cs-CZ.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118697 _____ C:\Windows\system32\Gfxres.fi-FI.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118409 _____ C:\Windows\system32\Gfxres.pl-PL.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000118058 _____ C:\Windows\system32\Gfxres.sk-SK.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114852 _____ C:\Windows\system32\Gfxres.nb-NO.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114372 _____ C:\Windows\system32\Gfxres.sl-SI.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000114261 _____ C:\Windows\system32\Gfxres.da-DK.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000110214 _____ C:\Windows\system32\Gfxres.en-US.resources
      2018-08-11 21:46 - 2018-08-11 21:46 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
      2018-08-11 21:46 - 2018-08-11 21:46 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
      2018-08-11 21:45 - 2018-08-11 21:46 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086528 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000086016 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000085504 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084992 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000084480 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000082944 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
      2018-08-11 21:45 - 2018-08-11 21:45 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
      2018-08-11 21:43 - 2018-08-11 21:45 - 008198936 _____ (Intel(R) Corporation) C:\Windows\system32\TVWSetup.exe
      2018-08-11 21:43 - 2018-08-11 21:43 - 000261632 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
      2018-08-11 21:43 - 2018-08-11 21:43 - 000179480 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
      2018-08-11 21:43 - 2018-08-11 21:43 - 000023552 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
      2018-08-11 21:42 - 2018-08-11 21:43 - 000172824 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000828928 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000268056 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000228864 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000208896 _____ (Intel Corporation) C:\Windows\system32\iglhsip32.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000195584 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000171288 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000147456 _____ (Intel Corporation) C:\Windows\system32\iglhcp32.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000138008 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
      2018-08-11 21:42 - 2018-08-11 21:42 - 000130048 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000115200 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
      2018-08-11 21:42 - 2018-08-11 21:42 - 000095232 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
      2018-08-11 21:42 - 2018-08-11 21:42 - 000057856 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
      2018-08-11 21:41 - 2018-08-11 21:42 - 001921265 _____ C:\Windows\system32\iglhxa32.cpa
      2018-08-11 21:41 - 2018-08-11 21:41 - 000439308 _____ C:\Windows\system32\igcompkrng500.bin
      2018-08-11 21:41 - 2018-08-11 21:41 - 000092356 _____ C:\Windows\system32\igfcg500m.bin
      2018-08-11 21:41 - 2018-08-11 21:41 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2555.dll
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060254 _____ C:\Windows\system32\iglhxg32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060226 _____ C:\Windows\system32\iglhxc32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000060015 _____ C:\Windows\system32\iglhxo32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000051628 _____ C:\Windows\system32\iglhxs32.vp
      2018-08-11 21:41 - 2018-08-11 21:41 - 000001090 _____ C:\Windows\system32\iglhxa32.vp
      2018-08-11 21:40 - 2018-08-11 21:41 - 000982240 _____ C:\Windows\system32\igkrng500.bin
      2018-08-11 21:37 - 2018-08-11 21:37 - 000017408 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\KMWDFILTER.sys
      2018-08-11 21:36 - 2018-08-11 21:36 - 000007424 _____ () C:\Windows\system32\Drivers\whfltr2k.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000095488 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000073336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
      2018-08-11 20:30 - 2018-08-12 07:51 - 000042728 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
      2018-08-11 20:30 - 2018-08-11 20:30 - 000165608 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
      2018-08-11 20:27 - 2018-08-11 20:28 - 000000000 ____D C:\Users\BECKO\Downloads\windows.loader.v2.2.2
      2018-08-11 20:26 - 2018-08-11 20:26 - 001768154 _____ C:\Users\BECKO\Downloads\windows.loader.v2.2.2.zip
      2018-08-11 19:36 - 2018-08-11 19:36 - 078989872 _____ (Malwarebytes ) C:\Users\BECKO\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6237.exe
      2018-08-11 19:36 - 2018-08-11 19:36 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\ProgramData\Malwarebytes
      2018-08-11 19:36 - 2018-08-11 19:36 - 000000000 ____D C:\Program Files\Malwarebytes
      2018-08-11 19:36 - 2018-06-19 14:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
      2018-08-11 19:15 - 2018-08-11 19:15 - 000038224 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
      2018-08-11 19:14 - 2018-08-11 19:15 - 000000000 ____D C:\ProgramData\HitmanPro
      2018-08-11 18:56 - 2018-08-12 08:13 - 000001134 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
      2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll
      2018-08-11 18:53 - 2018-08-12 06:28 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\41B13405-F6F9-0E07-41F8-1ED9F82C4739
      2018-08-11 18:52 - 2018-08-11 19:54 - 000000000 ____D C:\ProgramData\McAfee
      2018-08-11 18:51 - 2018-08-12 00:31 - 000000000 ____D C:\Windows\system32\yiuxtdsr
      2018-08-11 18:50 - 2018-08-11 19:43 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Sound Volume Control
      2018-08-11 18:47 - 2018-08-11 18:47 - 000000000 ____D C:\Windows\system32\appmgmt
      2018-08-11 18:28 - 2018-08-11 18:28 - 017142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 011220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 004240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 003969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 003914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
      2018-08-11 18:28 - 2018-08-11 18:28 - 002166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
      2018-08-11 18:28 - 2018-08-11 18:28 - 001818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 001051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
      2018-08-11 18:28 - 2018-08-11 18:28 - 000610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
      2018-08-11 18:28 - 2018-08-11 18:28 - 000244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
      2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
      2018-08-11 18:28 - 2018-08-11 18:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
      2018-08-11 18:28 - 2018-08-11 18:28 - 000000000 ____D C:\Users\BECKO\AppData\LocalLow\Temp
      2018-08-11 18:27 - 2018-08-11 18:27 - 001294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
      2018-08-11 18:27 - 2018-08-11 18:27 - 000240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
      2018-08-11 18:27 - 2018-08-11 18:27 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
      2018-08-11 18:27 - 2018-08-11 18:27 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
      2018-08-11 18:27 - 2018-08-11 18:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2018-08-11 18:27 - 2018-08-11 18:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 003419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 002284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 001080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
      2018-08-11 18:25 - 2018-08-11 18:25 - 000002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
      2018-08-11 18:23 - 2018-08-11 18:23 - 001505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
      2018-08-11 18:22 - 2018-08-11 18:22 - 031194832 _____ (Microsoft Corporation) C:\Users\BECKO\Downloads\IE11-Windows6.1-x86-bg-bg.exe
      2018-08-11 17:59 - 2018-08-11 18:02 - 009037312 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys
      2018-08-11 17:57 - 2018-08-11 17:58 - 002760704 _____ (Intel Corporation) C:\Windows\system32\NETwNr32.dll
      2018-08-11 17:57 - 2018-08-11 17:57 - 000684032 _____ (Intel Corporation) C:\Windows\system32\NETwNc32.dll
      2018-08-11 17:55 - 2018-08-11 17:57 - 007523840 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwNs32.sys
      2018-08-11 17:55 - 2018-08-11 17:55 - 000527344 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
      2018-08-11 17:55 - 2018-08-11 17:55 - 000026096 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
      2018-08-11 17:54 - 2018-08-11 17:54 - 000232664 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1y6232.sys
      2018-08-11 17:54 - 2018-08-11 17:54 - 000121440 _____ (Intel Corporation) C:\Windows\system32\e1000msg.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000081600 _____ (Intel Corporation) C:\Windows\system32\NicInstY.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000028792 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
      2018-08-11 17:54 - 2018-08-11 17:54 - 000003313 _____ C:\Windows\system32\e1y6232.din
      2018-08-11 17:53 - 2018-08-11 17:53 - 000144600 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
      2018-08-11 17:53 - 2018-08-11 17:53 - 000060120 _____ (Broadcom Corporation.) C:\Windows\system32\btwdi.dll
      2018-08-11 17:52 - 2018-08-11 17:53 - 001680088 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
      2018-08-11 17:52 - 2018-08-11 17:52 - 001640152 _____ (Broadcom Corporation.) C:\Windows\system32\BcmBtRSupport.dll
      2018-08-11 17:52 - 2018-08-11 17:52 - 000175320 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
      2018-08-11 17:50 - 2018-08-11 17:50 - 000048128 _____ (REDC) C:\Windows\system32\Drivers\rimmptsk.sys
      2018-08-11 17:45 - 2018-08-11 17:45 - 001461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoinstaller01009.dll
      2018-08-11 17:45 - 2018-08-11 17:45 - 000015544 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\CPQBttn.sys
      2018-08-11 17:44 - 2018-08-11 17:44 - 000971752 _____ (AuthenTec, Inc.) C:\Windows\system32\Drivers\ATSwpWDF.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000035896 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\Accelerometer.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000026168 _____ (Hewlett-Packard Company) C:\Windows\system32\hpservice.exe
      2018-08-11 17:42 - 2018-08-11 17:42 - 000025656 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\hpdskflt.sys
      2018-08-11 17:42 - 2018-08-11 17:42 - 000016952 _____ (Hewlett-Packard Company) C:\Windows\system32\accelerometerdll.DLL
      2018-08-11 17:42 - 2018-08-11 17:42 - 000014392 _____ (Hewlett-Packard Company) C:\Windows\system32\HPMDPCoInst12.dll
      2018-08-11 17:40 - 2018-08-12 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
      2018-08-11 17:39 - 2018-08-11 17:39 - 004107032 _____ (Easeware ) C:\Users\BECKO\Downloads\DriverEasy_Setup.exe
      2018-08-11 16:22 - 2018-08-11 16:22 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Adobe
      2018-08-11 16:21 - 2018-08-11 18:15 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
      2018-08-11 16:21 - 2018-08-11 18:15 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
      2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Windows\system32\Macromed
      2018-08-11 16:21 - 2018-08-11 18:15 - 000000000 ____D C:\Users\BECKO\AppData\Local\Adobe
      2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Macromedia
      2018-08-11 16:21 - 2018-08-11 16:21 - 000000000 ____D C:\Users\BECKO\AppData\Local\CEF
      2018-08-11 16:17 - 2018-08-11 17:11 - 000000000 ____D C:\Users\BECKO\AppData\Local\K-Meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Meleon.lnk
      2018-08-11 16:17 - 2018-08-11 16:17 - 000001067 _____ C:\Users\Public\Desktop\K-Meleon.lnk
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\Downloads\k-meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Mozilla
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\K-Meleon
      2018-08-11 16:17 - 2018-08-11 16:17 - 000000000 ____D C:\Program Files\K-Meleon
      2018-08-11 16:14 - 2018-08-11 16:14 - 032875887 _____ (kmeleonbrowser.org) C:\Users\BECKO\Downloads\K-Meleon76RC.exe
      2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
      2018-08-11 16:04 - 2018-08-11 16:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
      2018-08-11 16:04 - 2012-07-26 06:39 - 000526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
      2018-08-11 16:04 - 2012-07-26 06:39 - 000047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
      2018-08-11 16:04 - 2012-07-26 05:46 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
      2018-08-11 16:04 - 2012-06-02 17:34 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
      2018-08-11 14:20 - 2018-07-17 01:02 - 000480888 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      2018-08-11 14:18 - 2018-08-11 14:18 - 000000492 _____ C:\Users\BECKO\Desktop\LFS.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-08-11 14:04 - 2018-08-11 14:04 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Google
      2018-08-11 14:03 - 2018-08-11 14:18 - 000000000 ____D C:\Users\BECKO\AppData\Local\Google
      2018-08-11 14:03 - 2018-08-11 14:03 - 000000000 ____D C:\Program Files\Google
      2018-08-11 14:02 - 2018-08-11 14:02 - 000057560 _____ C:\Users\BECKO\AppData\Local\GDIPFONTCACHEV1.DAT
      2018-08-11 13:49 - 2018-08-11 13:49 - 000001417 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2018-08-11 13:49 - 2014-05-14 19:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
      2018-08-11 13:49 - 2014-05-14 19:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
      2018-08-11 13:49 - 2014-05-14 19:23 - 000036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
      2018-08-11 13:49 - 2014-05-14 19:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
      2018-08-11 13:49 - 2014-05-14 19:17 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
      2018-08-11 13:49 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
      2018-08-11 13:49 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
      2018-08-11 13:48 - 2018-08-12 08:13 - 000000000 ____D C:\Users\BECKO
      2018-08-11 13:48 - 2018-08-11 13:48 - 000000020 ___SH C:\Users\BECKO\ntuser.ini
      2018-08-11 13:48 - 2018-08-11 13:48 - 000000000 ____D C:\Users\BECKO\AppData\Local\VirtualStore
      2018-08-11 13:48 - 2010-11-21 03:46 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Media Center Programs
      2018-08-11 13:43 - 2018-08-11 13:43 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
      2018-08-11 13:42 - 2018-08-11 13:42 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
      2018-08-11 13:41 - 2018-08-11 13:41 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-08-12 07:58 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-08-12 07:56 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-08-12 07:56 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
      2018-08-12 07:51 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-08-12 00:38 - 2009-07-14 07:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
      2018-08-11 21:57 - 2009-07-14 07:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
      2018-08-11 21:40 - 2009-07-14 01:09 - 004967424 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll
      2018-08-11 18:36 - 2009-07-14 07:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT
      2018-08-11 18:34 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions
      2018-08-11 17:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache
      2018-08-11 17:24 - 2010-11-21 03:38 - 000000000 ____D C:\Windows\system32\WCN
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\sysprep
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\oobe
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\migwiz
      2018-08-11 17:24 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\servicing
      2018-08-11 17:23 - 2010-11-21 03:46 - 000000000 ____D C:\Program Files\Windows Journal
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Sidebar
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Defender
      2018-08-11 17:23 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\DVD Maker
      2018-08-11 17:23 - 2009-07-14 05:37 - 000000000 ____D C:\Program Files\Common Files\System
      2018-08-11 14:05 - 2017-10-21 15:53 - 000000000 ____D C:\LFS
      2018-08-11 13:48 - 2009-07-14 05:37 - 000000000 __RHD C:\Users\Public\Libraries
      2018-08-11 13:43 - 2009-07-14 07:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2018-08-11 13:39 - 2010-11-21 03:46 - 000000000 ____D C:\Windows\CSC
      ==================== Files in the root of some directories =======
      2018-08-11 18:54 - 2018-07-20 18:17 - 084469760 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Roaming\rasapi32.dll
      2018-08-12 00:53 - 2018-08-12 00:53 - 000000046 _____ () C:\Users\BECKO\AppData\Roaming\WB.CFG
      Some files in TEMP:
      ====================
      2018-08-12 06:43 - 2018-08-11 18:28 - 001289096 _____ (Microsoft Corporation) C:\Users\BECKO\AppData\Local\Temp\dllnt_dump.dll
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-08-11 13:38
      ==================== End of FRST.txt ============================
      Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02.08.2018
      Ran by BECKO (12-08-2018 08:47:38)
      Running from C:\Users\BECKO\Downloads
      Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2018-08-11 10:48:46)
      Boot Mode: Normal
      ==========================================================

      ==================== Accounts: =============================
      Administrator (S-1-5-21-4192057778-3853912004-1886924142-500 - Administrator - Disabled)
      BECKO (S-1-5-21-4192057778-3853912004-1886924142-1001 - Administrator - Enabled) => C:\Users\BECKO
      Guest (S-1-5-21-4192057778-3853912004-1886924142-501 - Limited - Disabled)
      HomeGroupUser$ (S-1-5-21-4192057778-3853912004-1886924142-1002 - Limited - Enabled)
      ==================== Security Center ========================
      (If an entry is included in the fixlist, it will be removed.)
      AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
      AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
      AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      ==================== Installed Programs ======================
      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
      Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
      Adobe Flash Player 30 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
      Driver Easy 5.6.4 (HKLM\...\DriverEasy_is1) (Version: 5.6.4 - Easeware)
      Google Chrome (HKLM\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
      Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
      K-Meleon 76.0 (x86 en-US) (HKLM\...\K-Meleon 76.0 (x86 en-US)) (Version: 76.0 - kmeleonbrowser.org)
      Malwarebytes, версия 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
      Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
      RogueKiller version 12.12.31.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.31.0 - Adlice Software)
      Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
      Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
      ==================== Custom CLSID (Whitelisted): ==========================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      CustomCLSID: HKU\S-1-5-21-4192057778-3853912004-1886924142-1001_Classes\CLSID\{d33c6260-dafc-4b90-bf39-8ad6a5f19b7d}\localserver32 -> "C:\Program Files\Avira\SoftwareUpdater\AviraSoftwareUpdaterToastNotificationsBridge.exe" -ToastActivated => No File
      ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-08-12] ()
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2018-08-11] (Intel Corporation)
      ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2018-08-12] ()
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
      ==================== Scheduled Tasks (Whitelisted) =============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      Task: {15D51586-5D78-42F1-9AC0-F11850F32BB2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-08-11] (Adobe Systems Incorporated)
      Task: {4311FBF7-FF23-4B96-8A7A-7C848E6879A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-11] (Google Inc.)
      Task: {755ADDF9-F707-4126-9FD6-5EE5C09A6ED0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-08-11] (Google Inc.)
      Task: {87310821-94B6-4F2B-B233-805F8167F2AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-11] (Adobe Systems Incorporated)
      Task: {A663C5B5-F8F8-4769-83E9-A86545183E28} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-08-11] (Adobe Systems Incorporated)
      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      ==================== Shortcuts & WMI ========================
      (The entries could be listed to be restored or removed.)

      ==================== Loaded Modules (Whitelisted) ==============
      2018-08-11 19:36 - 2018-07-03 12:59 - 002077904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
      2018-08-11 19:36 - 2018-06-18 13:32 - 002169040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
      2018-08-11 14:04 - 2018-08-08 03:55 - 004076888 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
      2018-08-11 14:04 - 2018-08-08 03:55 - 000096088 _____ () C:\Program Files\Google\Chrome\Application\68.0.3440.106\libegl.dll
      ==================== Alternate Data Streams (Whitelisted) =========
      (If an entry is included in the fixlist, only the ADS will be removed.)
      AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [6121592]
      ==================== Safe Mode (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      ==================== Association (Whitelisted) ===============
      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

      ==================== Internet Explorer trusted/restricted ===============
      (If an entry is included in the fixlist, it will be removed from the registry.)

      ==================== Hosts content: ===============================
      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
      2009-07-14 05:04 - 2009-06-11 00:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

      ==================== Other Areas ============================
      (Currently there is no automatic fix for this section.)
      HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.0.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.
      ==================== MSCONFIG/TASK MANAGER disabled items ==

      ==================== FirewallRules (Whitelisted) ===============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      FirewallRules: [{38F020BD-9D8B-47A7-BA58-523640743E70}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
      FirewallRules: [TCP Query User{73CDBD4B-E707-4433-90BB-0CA4D37853D5}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe
      FirewallRules: [UDP Query User{43AE0B81-FBBA-40D9-9930-B10662946E5D}D:\lfs\lfs.exe] => (Allow) D:\lfs\lfs.exe
      FirewallRules: [{EB2B59E7-24DC-4376-8CA5-5C73EB6B45AC}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
      FirewallRules: [TCP Query User{3CA70832-11D6-43D6-996B-CE4FD0FFCA2F}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
      FirewallRules: [UDP Query User{A8FAE1F8-F48D-463D-9467-C469B6224C66}C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
      FirewallRules: [{C20D9306-3310-4603-955A-D8750AB02ABC}] => (Allow) C:\Users\BECKO\AppData\Local\Chromium\Application\chrome.exe
      ==================== Restore Points =========================
      11-08-2018 13:48:58 Windows Update
      11-08-2018 14:19:49 Windows Update
      11-08-2018 16:16:29 Windows Backup
      11-08-2018 16:53:14 Language Pack Installation
      11-08-2018 18:23:09 Програма за инсталиране на модули за Windows
      11-08-2018 18:41:57 Windows Update
      11-08-2018 18:46:40 Removed Avira Software Updater
      11-08-2018 19:18:13 Точка на възстановяване на HitmanPro
      11-08-2018 19:29:58 Точка на възстановяване на HitmanPro
      ==================== Faulty Device Manager Devices =============
      Name: RICOH Bay8Controller
      Description: RICOH Bay8Controller
      Class Guid: 
      Manufacturer: 
      Service: 
      Problem: : The drivers for this device are not installed. (Code 28)
      Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

      ==================== Event log errors: =========================
      Application errors:
      ==================
      Error: (08/12/2018 07:53:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:48:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:16:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/12/2018 07:12:39 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Име на приложение с грешки: rundll32.exe_rasapi32.dll, версия: 6.1.7600.16385, времево клеймо: 0x4a5bc637
      Име на модул с грешки: rasapi32.dll_unloaded, версия: 0.0.0.0, времево клеймо: 0x5b51fcfc
      Код на изключение: 0xc0000005
      Отместване на грешка: 0x5d2300fb
      ИД на процес на грешка: 0xc58
      Начален час на приложението с грешки: 0x01d431b9f55ad649
      Път на приложението с грешки: C:\Windows\System32\rundll32.exe
      Път на модула с грешки: rasapi32.dll
      ИД на доклад: f345bb24-9de5-11e8-8c5b-002713343a56
      Error: (08/12/2018 12:27:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 10:30:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 08:31:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Error: (08/11/2018 07:56:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

      System errors:
      =============
      Error: (08/12/2018 07:50:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Software Protection беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 120000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.
      Error: (08/12/2018 07:50:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:50:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Windows Media Player Network Sharing Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.
      Error: (08/12/2018 07:50:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга Bluetooth Driver Management Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:46:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: Услуга Windows Media Player Network Sharing Service не може да бъде стартирана поради следната грешка: 
      Системата не може да намери указания път.
      Error: (08/12/2018 07:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга HP Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
      Description: Услуга Bluetooth Driver Management Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).
      Error: (08/12/2018 07:45:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
      Description: Услуга Windows Media Player Network Sharing Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 30000 милисекунди ще бъде предприето следното коригиращо действие: Restart the service.

      Windows Defender:
      ===================================
      Date: 2018-08-11 18:49:37.775
      Description: 
      Windows Defender has detected spyware or other potentially unwanted software.
      For more information please see the following:
      http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289
      Name:SoftwareBundler:Win32/Prepscram
      ID:226289
      Severity:High
      Category:Software Bundler
      Path Found:file:C:\Program Files\KMSPico 10.2.1 Final\WindowsLoader.exe;process:pid:1664
      Detection Type:Concrete
      Detection Source:Real-Time Protection
      Status:Unknown
      Process Name:
      CodeIntegrity:
      ===================================
      Date: 2018-08-11 18:47:53.133
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:47:33.024
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:46:32.355
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:36:54.706
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:34:39.836
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:29:33.389
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:26:43.817
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      Date: 2018-08-11 18:19:33.847
      Description: 
      Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Antivirus\avirasecuritycenteragent.exe because the set of per-page image hashes could not be found on the system.
      ==================== Memory info =========================== 
      Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
      Percentage of memory in use: 57%
      Total physical RAM: 3000.26 MB
      Available physical RAM: 1266.7 MB
      Total Virtual: 7094.55 MB
      Available Virtual: 5571.67 MB
      ==================== Drives ================================
      Drive c: () (Fixed) (Total:100.1 GB) (Free:34 GB) NTFS
      Drive d: () (Fixed) (Total:365.12 GB) (Free:278.48 GB) NTFS
      \\?\Volume{b6af5893-9d52-11e8-b3b1-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
      \\?\Volume{b6af5896-9d52-11e8-b3b1-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS
      ==================== MBR & Partition Table ==================
      ========================================================
      Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0FD73A73)
      Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 2: (Not Active) - (Size=100.1 GB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS)
      Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
      ==================== End of Addition.txt ============================
      това беше открито снощи 
      Malwarebytes
      www.malwarebytes.com
      -Детайли за регистъра-
      Дата на сканиране: 11.08.18 г.
      Час на сканиране: 19:39
      Файл на регистъра: 1355b5a2-9d85-11e8-97c9-002713343a56.json
      Администратор: Да
      -Информация за софтуера-
      Версия: 3.5.1.2522
      Версия на компонентите: 1.0.391
      Актуализирай версията на пакета: 1.0.6301
      Лиценз: Пробен период
      -Системна информация-
      OS: Windows 7 Service Pack 1
      CPU: x86
      Файлова система: NTFS
      Потребител: BECKO-PC\BECKO
      -Резюме на сканирането-
      Тип сканиране: Threat Scan
      Сканирането е стартирано от: Ръчно
      Резултат: Завършено
      Сканирани обекти: 158748
      Открити заплахи: 85
      Заплахи под карантина: 85
      Изтекло време: 3 мин, 55 сек
      -Опции за сканиране-
      Памет: Разрешено
      Стартиране: Разрешено
      Файлова система: Разрешено
      Архиви: Разрешено
      руткитове: Разрешено
      Евристика: Разрешено
      PUP: Открий
      PUM: Открий
      -Детайли за сканирането-
      Процес: 0
      (Не бяха открити зловредни елементи)
      Модул: 0
      (Не бяха открити зловредни елементи)
      Ключ на регистъра: 16
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Chromium tatec, Под карантина, [3754], [483380],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3754], [483380],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3754], [483380],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OPERA SCHEDULED AUTOUPDATE 4086469641, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}, Под карантина, [103], [535908],1.0.6301
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Multitimer_is1, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium tatec, Под карантина, [3725], [-1],0.0.0
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3725], [-1],0.0.0
      PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}, Под карантина, [3725], [-1],0.0.0
      Adware.FastDataX, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\FastDataX, Под карантина, [3932], [484533],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Под карантина, [417], [518478],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Под карантина, [417], [518476],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\Speedycar, Под карантина, [417], [518473],1.0.6301
      Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\TechnologyDesktopnew, Под карантина, [417], [518479],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D2A33A63-8223-EBE3-33A3-9B63E32348E3}, Под карантина, [3725], [542290],1.0.6301
      Стойност на регистъра: 6
      Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Multitimer, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.NotChromeRun, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GOOGLECHROMEAUTOLAUNCH_A26881468A4EFB18BAF645F9B1FB72E9, Под карантина, [6940], [241243],1.0.6301
      Adware.Tuto4PC.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|QWTD433SW12, Под карантина, [3704], [522751],1.0.6301
      Adware.NeoBar, HKU\S-1-5-21-4192057778-3853912004-1886924142-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|AwRWNQQxQn, Под карантина, [1236], [431477],1.0.6301
      Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A62AD84-CD2D-4C9B-AB06-213D0315B69D}|PATH, Под карантина, [103], [535907],1.0.6301
      PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BE6502A1-73F7-4D69-A62B-FDC3122C8BAB}|PATH, Под карантина, [3754], [483378],1.0.6301
      Данни на регистъра: 0
      (Не бяха открити зловредни елементи)
      Поток данни: 0
      (Не бяха открити зловредни елементи)
      Папка: 8
      PUP.Optional.BundleInstaller, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\845712, Под карантина, [407], [463480],1.0.6301
      Adware.Tuto4PC, C:\PROGRAM FILES\MULTITIMER, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\5b2ec796-04d1-0, Под карантина, [679], [407181],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\5b2ec796-56c1-1, Под карантина, [679], [407181],1.0.6301
      Adware.NeoBar, C:\USERS\BECKO\APPDATA\LOCAL\CYPJMERAKY, Под карантина, [1236], [431477],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\USERS\BECKO\APPDATA\LOCAL\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}, Под карантина, [3725], [542290],1.0.6301
      Файл: 55
      PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\5b2ec796-04d1-0\BITAC33.tmp, Под карантина, [3742], [257931],1.0.6301
      PUP.Optional.Amonetize.Gen, C:\PROGRAMDATA\5b2ec796-56c1-1\BIT96A0.tmp, Под карантина, [3742], [257931],1.0.6301
      PUP.Optional.BundleInstaller, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\845712\ic-0.9290ec7e4e043.exe, Под карантина, [407], [463480],1.0.6301
      PUP.Optional.BundleInstaller, C:\Users\BECKO\AppData\Local\Temp\845712\ic-0.ab640b600fd5f8.exe, Под карантина, [407], [463480],1.0.6301
      PUP.Optional.WinYahoo.Generic, C:\WINDOWS\SYSTEM32\TASKS\Chromium tatec, Под карантина, [3754], [483380],1.0.6301
      Adware.Agent, C:\WINDOWS\SYSTEM32\TASKS\OPERA SCHEDULED AUTOUPDATE 4086469641, Под карантина, [103], [535908],1.0.6301
      Adware.Agent, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\allradio_4.27_portable.exe, Под карантина, [103], [536191],1.0.6301
      Adware.Tuto4PC, C:\PROGRAM FILES\MULTITIMER\UNINS000.DAT, Под карантина, [2764], [474048],1.0.6301
      Adware.Tuto4PC, C:\Program Files\Multitimer\Multitimer.exe, Под карантина, [2764], [474048],1.0.6301
      Adware.Tuto4PC, C:\Program Files\Multitimer\unins000.exe, Под карантина, [2764], [474048],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\fado, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\hdat1, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{5AE19F82-D0A3-1544-5665-8B06CC2700C8}\hdat2, Под карантина, [3725], [484243],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Chromium tatec, Под карантина, [3725], [-1],0.0.0
      Adware.Tuto4PC.Generic, C:\PROGRAM FILES\YUYFG\5138832.EXE, Под карантина, [3704], [522751],1.0.6301
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Под карантина, [679], [-1],0.0.0
      Adware.NeoBar, C:\Users\BECKO\AppData\Local\cypjMERAky\activation.exe, Под карантина, [1236], [431477],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\USERS\BECKO\APPDATA\LOCAL\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HOWTOREMOVE\HOWTOREMOVE.HTML, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\chromium-min.jpg, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\control panel-min-min.JPG, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\down.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\ff menu.JPG, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\ff search engine-min.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\hp-min ff.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\hp-min ie.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\search engine.gif, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\setup pages.gif, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\sp-min.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\start-min.jpg, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\HowToRemove\up.png, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\lilacisa, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\lonadel, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\uninst.exe, Под карантина, [3725], [542290],1.0.6301
      PUP.Optional.WinYahoo.TskLnk, C:\Users\BECKO\AppData\Local\{0BF43DA8-2F5C-5110-42C4-74F866AC8860}\uninstp.dat, Под карантина, [3725], [542290],1.0.6301
      Ransom.Crysis, C:\USERS\BECKO\APPDATA\ROAMING\MICROSOFT\WINDOWS\REACSRHG\UIFBACFE.EXE, Под карантина, [7210], [551188],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\Sound Volume Control.lnk, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\ROAMING\SOUND VOLUME CONTROL\SNDVOL.EXE, Под карантина, [0], [392686],1.0.6301
      PUP.Optional.BundleInstaller, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\REGISTRY_ACTIVATION_2751393056.EXE, Под карантина, [407], [505351],1.0.6301
      Trojan.MalPack, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\WINDOWSLOADER.EXE, Под карантина, [4152], [500527],1.0.6301
      Backdoor.Bot, C:\PROGRAM FILES\KMSPICO 10.2.1 FINAL\ACTIVATION.EXE, Под карантина, [806], [419768],1.0.6301
      Adware.Agent, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\IS-AT1Q7.TMP\ZRGVBV.DLL, Под карантина, [103], [539849],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP2_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP3_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\TEMP4_WINDOWS LOADER 3.1.ZIP\WINDOWS LOADER 3.1.EXE, Под карантина, [0], [392686],1.0.6301
      Adware.Tuto4PC, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\EYEKAZXXJYM.EXE, Под карантина, [2764], [474076],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\REFSUTIL.EXE, Под карантина, [0], [392686],1.0.6301
      Generic.Malware/Suspicious, C:\USERS\BECKO\APPDATA\LOCAL\TEMP\BEAD.TMP.EXE, Под карантина, [0], [392686],1.0.6301
      Физически сектор: 0
      (Не бяха открити зловредни елементи)
      WMI: 0
      (Не бяха открити зловредни елементи)

      (end)
    • от Антон Ангелов
      Здравейте,
      Имам съмнения, че системата ми е заразена работи, бавно и първият път, като отворя нов таб във файрфокс се отварят още два прозореца с реклами.
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
      Ran by Anton (administrator) on DESKTOP-IRI1MIH (04-08-2018 17:20:24)
      Running from C:\Users\Anton\Desktop
      Loaded Profiles: Anton (Available Profiles: Anton)
      Platform: Windows 10 Enterprise Version 1709 16299.431 (X64) Language: Български (България)
      Internet Explorer Version 11 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AMD) C:\Windows\System32\atiesrxx.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
      (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
      (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
      (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
      () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
      (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Intel Corporation) C:\Windows\System32\igfxHK.exe
      () C:\Windows\System32\igfxTray.exe
      (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
      () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
      (Realtek semiconductor) C:\Windows\RTFTrack.exe
      (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
      (BitTorrent Inc.) C:\Users\Anton\AppData\Roaming\uTorrent\uTorrent.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (BitTorrent Inc.) C:\Users\Anton\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
      (BitTorrent Inc.) C:\Users\Anton\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
      () C:\Program Files\WindowsApps\60145ScottBrogden.ditto-cp_3.21.223.0_x86__n6b029mg40na2\Ditto.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
      (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
      (Lenovo Group Limited) C:\Users\Anton\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe
      (AVAST Software) C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
      (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
      (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
      HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5052120 2015-06-01] (Realtek semiconductor)
      HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-22] (AVAST Software)
      HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
      HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
      HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
      HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-22] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
      HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\Run: [uTorrent] => C:\Users\Anton\AppData\Roaming\uTorrent\uTorrent.exe [1984184 2018-06-22] (BitTorrent Inc.)
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\Run: [Viber] => C:\Users\Anton\AppData\Local\Viber\Viber.exe [37338696 2018-04-24] (Viber Media S.à r.l.)
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5263040 2018-01-30] (Disc Soft Ltd)
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7368480 2018-08-04] (Lavasoft)
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\MountPoints2: {a097669a-1fdb-11e8-8817-f8a963267c4d} - "I:\startme.exe"
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\MountPoints2: {a09767e5-1fdb-11e8-8817-f8a963267c4d} - "H:\SETUP.EXE"
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\...\MountPoints2: {a0976fa4-1fdb-11e8-8817-f8a963267c4d} - "I:\Setup.exe"
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 62.221.132.211 85.130.60.11
      Tcpip\..\Interfaces\{3dad8f67-5fb2-42f7-8404-142ac9dfe4b7}: [DhcpNameServer] 192.168.1.1
      Tcpip\..\Interfaces\{7fd9a328-bcce-42f4-bd1c-45a1f2ee1e6c}: [DhcpNameServer] 62.221.132.211 85.130.60.11
      Internet Explorer:
      ==================
      HKU\S-1-5-21-1747955922-307037692-2103265143-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180523__yaie
      SearchScopes: HKU\S-1-5-21-1747955922-307037692-2103265143-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10420__180523__yaie&p={searchTerms}
      BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-04-10] (Microsoft Corporation)
      BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
      BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
      BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
      Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
      Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
      Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
      Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
      FireFox:
      ========
      FF DefaultProfile: 6l09fpov.default-1519148072560
      FF ProfilePath: C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560 [2018-08-04]
      FF Homepage: Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560 -> about:home
      FF NewTab: Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180523__yaff
      FF Extension: (Easy YouTube mp3) - C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560\Extensions\d.lehr@chello.at.xpi [2018-07-07]
      FF Extension: (Avast Online Security) - C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560\Extensions\wrc@avast.com.xpi [2018-06-01]
      FF Extension: (Adblock Plus) - C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-18]
      FF SearchPlugin: C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\6l09fpov.default-1519148072560\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-23]
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-14] ()
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
      FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-14] ()
      FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-10] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
      FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
      FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
      FF Plugin HKU\S-1-5-21-1747955922-307037692-2103265143-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Anton\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)
      Chrome:
      =======
      CHR HomePage: Default -> hxxp://www.google.com
      CHR Profile: C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default [2018-07-25]
      CHR Extension: (YouTube) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-26]
      CHR Extension: (Adobe Acrobat) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-26]
      CHR Extension: (Avast SafePrice) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-02-18]
      CHR Extension: (Avast Online Security) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-26]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-26]
      CHR Extension: (Chrome Media Router) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-23]
      CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
      R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
      R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
      R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-06-22] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-06-22] (AVAST Software)
      R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3480768 2018-01-30] (Disc Soft Ltd)
      R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2016-09-20] (Nero AG)
      R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
      R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
      S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-31] (Microsoft Corporation)
      R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
      R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
      R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25888 2018-08-04] ()
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc.)
      R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-06-22] (AVAST Software)
      R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-06-22] (AVAST Software)
      R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-06-22] (AVAST Software)
      R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-06-22] (AVAST Software)
      R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-06-22] (AVAST Software)
      S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-06-22] (AVAST Software)
      R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-06-22] (AVAST Software)
      S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-06-22] (AVAST Software)
      R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-06-22] (AVAST Software)
      R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-06-22] (AVAST Software)
      R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-06-22] (AVAST Software)
      R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-06-22] (AVAST Software)
      R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467064 2018-07-25] (AVAST Software)
      R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-06-22] (AVAST Software)
      R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-06-22] (AVAST Software)
      R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-03-04] (Disc Soft Ltd)
      R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-03-04] (Disc Soft Ltd)
      R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
      S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
      R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp.)
      R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
      S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-04 17:19 - 2018-08-04 17:20 - 000040238 _____ C:\Users\Anton\Desktop\Addition.txt
      2018-08-04 17:16 - 2018-08-04 17:23 - 000018696 _____ C:\Users\Anton\Desktop\FRST.txt
      2018-08-04 17:16 - 2018-08-04 17:20 - 000000000 ____D C:\FRST
      2018-08-04 17:14 - 2018-08-04 17:15 - 002412544 _____ (Farbar) C:\Users\Anton\Desktop\FRST64.exe
      2018-08-04 17:09 - 2018-08-04 17:09 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
      2018-07-25 15:13 - 2018-07-25 15:13 - 000000000 ____D C:\Users\Anton\AppData\Local\PlaceholderTileLogoFolder
      2018-07-25 15:11 - 2018-07-25 15:11 - 000107310 _____ C:\Users\Anton\Desktop\FileZilla.xml
      2018-07-25 15:10 - 2018-07-25 15:11 - 007791072 _____ (Tim Kosse) C:\Users\Anton\Downloads\FileZilla_3.35.1_win64-setup.exe
      2018-07-19 13:01 - 2018-07-19 13:01 - 000000711 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tanki Online.lnk
      2018-07-19 12:59 - 2018-07-19 12:59 - 009644712 _____ (AlternativaGame Ltd ) C:\Users\Anton\Downloads\tankionline_eu.exe
      2018-07-19 09:44 - 2018-08-04 17:06 - 000000000 ____D C:\Users\Anton\AppData\LocalLow\uTorrent
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-08-04 17:22 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
      2018-08-04 17:22 - 2017-09-26 18:50 - 000000000 ____D C:\Users\Anton\AppData\Roaming\uTorrent
      2018-08-04 17:21 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\AppReadiness
      2018-08-04 17:09 - 2017-09-26 00:28 - 000000000 ____D C:\Users\Anton\AppData\LocalLow\Mozilla
      2018-08-04 17:08 - 2018-06-23 10:14 - 000000000 ____D C:\Users\Anton\AppData\Local\AVAST Software
      2018-08-04 17:06 - 2017-10-12 22:48 - 000000000 ____D C:\Users\Anton\AppData\Local\HTC MediaHub
      2018-08-04 17:05 - 2017-12-31 07:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2018-08-04 17:05 - 2017-10-23 19:45 - 000000000 ____D C:\Program Files (x86)\TeamViewer
      2018-08-04 17:05 - 2017-10-21 12:50 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
      2018-08-04 17:05 - 2017-09-26 00:39 - 000000000 __SHD C:\Users\Anton\IntelGraphicsProfiles
      2018-07-25 20:17 - 2017-09-29 11:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
      2018-07-25 20:00 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\system32\NDF
      2018-07-25 19:52 - 2017-12-31 07:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
      2018-07-25 17:10 - 2017-12-31 07:18 - 000000000 ____D C:\Users\Anton
      2018-07-25 16:53 - 2017-09-26 19:10 - 000000000 ____D C:\Users\Anton\AppData\Roaming\vlc
      2018-07-25 16:51 - 2018-06-03 23:14 - 000000000 ____D C:\Users\Anton\AppData\Roaming\FileZilla
      2018-07-25 15:48 - 2018-06-03 23:14 - 000000000 ____D C:\Users\Anton\AppData\Local\FileZilla
      2018-07-25 15:13 - 2017-12-31 07:19 - 000000000 ____D C:\Users\Anton\AppData\Local\Packages
      2018-07-25 15:13 - 2017-09-29 16:46 - 000000000 ___HD C:\Program Files\WindowsApps
      2018-07-25 15:12 - 2018-06-03 23:12 - 000000000 ____D C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
      2018-07-25 15:12 - 2018-06-03 23:12 - 000000000 ____D C:\Program Files\FileZilla FTP Client
      2018-07-25 14:51 - 2017-09-26 18:43 - 000467064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
      2018-07-24 21:36 - 2017-12-31 07:35 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
      2018-07-22 16:34 - 2017-10-08 22:55 - 000000875 _____ C:\Users\Anton\Desktop\Книги.txt
      2018-07-22 15:44 - 2017-09-29 16:37 - 000000000 ____D C:\WINDOWS\CbsTemp
      2018-07-18 23:21 - 2018-06-26 23:00 - 000000000 ____D C:\Users\Anton\AppData\Local\CrashDumps
      2018-07-18 23:19 - 2018-04-21 10:07 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
      2018-07-18 23:18 - 2015-10-30 10:24 - 000000167 _____ C:\WINDOWS\win.ini
      2018-07-15 13:29 - 2017-09-27 00:48 - 000000000 ____D C:\WINDOWS\system32\MRT
      2018-07-15 13:24 - 2017-09-27 00:48 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
      2018-07-15 13:17 - 2017-09-29 16:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
      2018-07-15 12:58 - 2017-12-23 17:33 - 000000000 ___DC C:\WINDOWS\Panther
      2018-07-15 12:16 - 2017-12-31 07:34 - 000065683 _____ C:\WINDOWS\diagwrn.xml
      2018-07-15 12:16 - 2017-12-31 07:34 - 000062868 _____ C:\WINDOWS\diagerr.xml
      2018-07-15 10:45 - 2017-10-21 13:22 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
      2018-07-15 10:43 - 2017-09-29 11:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
      2018-07-15 10:07 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\Registration
      2018-07-15 10:06 - 2018-04-12 20:30 - 000000000 ___HD C:\$WINDOWS.~BT
      2018-07-14 11:11 - 2017-10-15 22:30 - 000000000 ____D C:\Users\Anton\AppData\Local\LenovoServiceBridge
      2018-07-14 11:05 - 2018-03-15 00:41 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
      2018-07-14 11:05 - 2017-12-31 07:35 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
      2018-07-14 11:05 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
      2018-07-14 11:05 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2018-07-10 23:51 - 2017-09-29 00:46 - 000000187 _____ C:\Users\Anton\Desktop\Angliski.txt
      2018-07-10 20:48 - 2017-12-31 07:35 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
      2018-07-10 20:47 - 2017-09-26 18:59 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
      2018-07-10 08:13 - 2017-12-31 07:35 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1747955922-307037692-2103265143-1001
      2018-07-10 08:13 - 2017-09-26 00:26 - 000002391 _____ C:\Users\Anton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      2018-07-10 08:13 - 2017-09-26 00:26 - 000000000 ___RD C:\Users\Anton\OneDrive
      2018-07-08 23:05 - 2018-02-20 20:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2018-07-08 23:05 - 2018-02-20 20:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2018-07-07 15:25 - 2018-02-20 20:34 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
      ==================== Files in the root of some directories =======
      2018-06-03 22:57 - 2018-06-03 23:09 - 000000600 _____ () C:\Users\Anton\AppData\Roaming\winscp.rnd
      2018-02-25 19:38 - 2018-02-25 19:38 - 000001456 _____ () C:\Users\Anton\AppData\Local\Adobe Save for Web 13.0 Prefs
      2018-06-10 00:20 - 2018-06-10 00:20 - 000002031 _____ () C:\Users\Anton\AppData\Local\recently-used.xbel
      Some files in TEMP:
      ====================
      2018-07-10 08:14 - 2018-08-04 17:09 - 000391024 _____ (adaware) C:\Users\Anton\AppData\Local\Temp\wcupdater.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-07-22 16:44
      ==================== End of FRST.txt ============================
      Addition.txt
    • от CaptainJord
      Здравейте, откакто изтеглих един файл и го стартирах антивирусната ми засече някакъв вирус относно видеокартата ми (няма как файлове от видеокартата ми да са вирус) .. не знам и аз точно какво е та за по ясно ето снимка .. Колкото и да се опитвам да го махна то пак излиза ..
       
       

      Addition.txt
    • от D101149
      Здравейте! Имам вируси в компютъра. Имах Malwebytes anti-virus, изтече му лиценза пробният и го махнах и сега съм с есет за 30 дена. По-добър от Malwerbytes обаче постоянно ми вади някакъв вирус като вляза в chrome за CoinMiner
      прикачам файловете, които са ви нужни. благодаря!

      FRST.txt
      Addition.txt
    • от ℒℴ♥e
      Значи проблема е, че ми се товари процесора без видима причина, и към бонус това ми спами, някакви рандом реклами в браузера през (период от-време) без, да го стартирам, дори! (той сам се стартира)
      Вече съм с win10 pro и не знам какви са пръвите стъпки, които да направя (ако нещо се е променило (от преди време) да ми кажете), какво се правеше от самото начало?
      Като се има в предвид, че евентуално вирусите ми блокират "Malwarebytes Anti-Malware" (не се стартира след инстал) и може би, да са двойно повече от посл. път (към 500, да кажем сега).
      Не мога и да изтегля Farbar Recovery Scan Tool да кача! Не мога да го download изобщо. Браузера, които и да е, изключва при стартиране на линка!!
      Не завиждам, всъщност на този, който би се занимал с мен. И предварително, се извинявам на всеки, който съм обидил по-някакъв начин!
      И също така, съм много признателен на всички Вас, които ми оправихте последния мега-тера-гига-удар, който понесе компютъра ми, преди време и до-сега работи безотказно !!!
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.