Премини към съдържанието

Препоръчан отговор


Здравейте преди няколко дена имах съмнения за вирус Anti-Malwarebytes сканирах и откри Rootkit.ZeroAccess и Rootkit.0Access.H казва че е успял да го премахне , но след това нямах Интернет. Според мен последствията са от него .Нито получавам нито изпраща пакети ! Беше загубил IP-adress. Зададох на ново IP и мрежа ОК. Сканирах многократно с Anti-Malwarebytes и Avast. Накрая програмите репортуват че не откриват нищо. Ще съм благодарен ако потвърдите или продължим да чистим системата. Прикачвам двата файла с логовете ! Благодаря и приятен ден Имам диск с XP . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2/11/2008 7:14:34 AM System Uptime: 4/5/2012 1:27:56 PM (1 hours ago) . Motherboard: MSI | | 0A90 Processor: Intel Pentium II processor | Socket 775 | 1596/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 139 GiB total, 119.087 GiB free. D: is FIXED (NTFS) - 10 GiB total, 8.204 GiB free. E: is Removable I: is NetworkDisk (NTFS) - 17 GiB total, 0.634 GiB free. T: is NetworkDisk (NTFS) - 17 GiB total, 0.634 GiB free. W: is NetworkDisk (NTFS) - 17 GiB total, 0.634 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318} Description: Communications Port Device ID: ACPI\PNP0501\1 Manufacturer: (Standard port types) Name: Communications Port (COM1) PNP Device ID: ACPI\PNP0501\1 Service: Serial . Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318} Description: Communications Port Device ID: ACPI\PNP0501\2 Manufacturer: (Standard port types) Name: Communications Port (COM2) PNP Device ID: ACPI\PNP0501\2 Service: Serial . Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: CD-ROM Drive Device ID: IDE\CDROMTSSTCORP_DVD-ROM_TS-H353B_______________BC03____\5&D53766A&0&0.0.0 Manufacturer: (Standard CD-ROM drives) Name: TSSTcorp DVD-ROM TS-H353B PNP Device ID: IDE\CDROMTSSTCORP_DVD-ROM_TS-H353B_______________BC03____\5&D53766A&0&0.0.0 Service: cdrom . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9.5.0 Advanced SystemCare 3 Autorun Virus Remover 2.3 avast! Free Antivirus DAEMON Tools Datakey CIP Dosprn v1.72 Empl2004 FlexType 2K Google Chrome Google Update Helper High Definition Audio Driver Package - KB888111 HiPath SIcurity Card API Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB981793) HP Backup and Recovery Manager HP Help and Support Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers InterVideo Register Manager InterVideo WinDVD IrfanView (remove only) Java™ SE Runtime Environment 6 Update 1 K-Lite Codec Pack 2.74 Full Malwarebytes Anti-Malware, Іµрсёя 1.60.1.1000 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Office Professional Edition 2003 Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 MSXML 6 Service Pack 2 (KB954459) PDF Complete QuickTime Realtek High Definition Audio Driver SA Dictionary 2005 T2 SCR3xx USB Smart Card Reader Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360131) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2416400) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) WebFldrs XP Webshots! Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 8 Windows XP Service Pack 3 ррхёІ°тѕр WinRAR фµє»°р°цёя О±р.1 ё 6 чсУТ+ (тµрсёя 2.13) . ==== Event Viewer Messages From Past Week ======== . 4/5/2012 8:46:13 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/5/2012 8:46:13 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/5/2012 8:41:57 AM, error: NetBT [4311] - Initialization failed because the driver device could not be created. 4/4/2012 9:35:23 AM, error: Service Control Manager [7001] - The avast! Antivirus service depends on the avast! Standard Shield Support service which failed to start because of the following error: The specified path is invalid. 4/4/2012 9:35:23 AM, error: Service Control Manager [7000] - The avast! Standard Shield Support service failed to start due to the following error: The specified path is invalid. 4/4/2012 9:29:19 AM, error: Service Control Manager [7001] - The avast! Antivirus service depends on the Clmtomcatstartersvc service which failed to start because of the following error: The system cannot find the path specified. 4/4/2012 9:26:15 AM, error: Service Control Manager [7023] - The Ctdvda2k service terminated with the following error: The specified module could not be found. 4/4/2012 9:22:37 AM, error: Service Control Manager [7023] - The Ctdvda2k service terminated with the following error: The specified procedure could not be found. 4/4/2012 9:21:29 AM, error: Service Control Manager [7023] - The Vwlogger service terminated with the following error: Access is denied. 4/4/2012 9:20:29 AM, error: Service Control Manager [7023] - The Snare service terminated with the following error: Access is denied. 4/4/2012 9:19:32 AM, error: Service Control Manager [7023] - The Usb20l service terminated with the following error: Access is denied. 4/4/2012 9:18:31 AM, error: Service Control Manager [7023] - The SE2Dbus service terminated with the following error: Access is denied. 4/4/2012 9:17:30 AM, error: Service Control Manager [7023] - The BrUsbSer service terminated with the following error: Access is denied. 4/4/2012 9:16:29 AM, error: Service Control Manager [7023] - The Downloadmanagerlite service terminated with the following error: Access is denied. 4/4/2012 9:15:29 AM, error: Service Control Manager [7023] - The Lxrjd31d service terminated with the following error: Access is denied. 4/4/2012 9:14:29 AM, error: Service Control Manager [7023] - The Rpskt service terminated with the following error: Access is denied. 4/4/2012 9:13:29 AM, error: Service Control Manager [7023] - The Hcf_msft service terminated with the following error: Access is denied. 4/4/2012 9:12:29 AM, error: Service Control Manager [7023] - The Penclass service terminated with the following error: Access is denied. 4/4/2012 9:11:29 AM, error: Service Control Manager [7023] - The Btwusb service terminated with the following error: Access is denied. 4/4/2012 9:10:28 AM, error: Service Control Manager [7023] - The Avidsdmservice service terminated with the following error: Access is denied. 4/4/2012 9:09:29 AM, error: Service Control Manager [7023] - The Nimcdlbk service terminated with the following error: Access is denied. 4/4/2012 9:08:29 AM, error: Service Control Manager [7023] - The USBCamera service terminated with the following error: Access is denied. 4/4/2012 9:07:29 AM, error: Service Control Manager [7023] - The Snoopfree service terminated with the following error: Access is denied. 4/4/2012 9:06:29 AM, error: Service Control Manager [7023] - The LXARScan service terminated with the following error: Access is denied. 4/4/2012 9:05:29 AM, error: Service Control Manager [7023] - The Slimsvc service terminated with the following error: Access is denied. 4/4/2012 9:04:29 AM, error: Service Control Manager [7023] - The Dpc_srv_webcast service terminated with the following error: Access is denied. 4/4/2012 9:03:29 AM, error: Service Control Manager [7023] - The EUSBMSD service terminated with the following error: Access is denied. 4/4/2012 9:02:29 AM, error: Service Control Manager [7023] - The Ikhfile service terminated with the following error: Access is denied. 4/4/2012 9:02:01 AM, error: Service Control Manager [7023] - The CBTNDIS5 service terminated with the following error: Access is denied. 4/4/2012 9:00:38 AM, error: Service Control Manager [7023] - The Tsdhd service terminated with the following error: Access is denied. 4/4/2012 8:59:55 AM, error: Service Control Manager [7023] - The Ohci1394 service terminated with the following error: Access is denied. 4/4/2012 8:58:29 AM, error: Service Control Manager [7023] - The Pdlndint service terminated with the following error: Access is denied. 4/4/2012 8:57:30 AM, error: Service Control Manager [7023] - The Rismxdp service terminated with the following error: Access is denied. 4/4/2012 8:56:29 AM, error: Service Control Manager [7023] - The Pnkbstrk service terminated with the following error: Access is denied. 4/4/2012 8:55:34 AM, error: Service Control Manager [7023] - The Artourservice service terminated with the following error: Access is denied. 4/4/2012 8:55:07 AM, error: Service Control Manager [7023] - The Marvinbus service terminated with the following error: Access is denied. 4/3/2012 8:27:31 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Z525obex service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The YMIDUSB service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The X10nets service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Wtcls2k service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The WNCPKT service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The WmBEnum service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Vrservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Vmsprog service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The VICESYS service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Us30service service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Upsmonservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Upperdev service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Tvs service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Tsmservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Tsircsrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Tmtdi service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Tfsndres service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Syslogd service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Symantecantibotwatcher service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sqlserveragent service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The SprintRcAppSvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Snpstd service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Smservauth service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Smartlinkservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sk9920nt service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sk99202k service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Si3114r service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sfusvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sentinel service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Scarddrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Sbhooksvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The S616mdm service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The S125mgmt service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The S117unic service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Rspndr service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Rimmptsk service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Quickbooksdb service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Qmofiltr service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The PTDCMdm service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Psdvdisk service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Prohlp02 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ppped service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Point32 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Pnp680r service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The PGPwded service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Perfproc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Pdlnatcm service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Pdengine service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Pccsmcfd service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Papycpu2 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ofcpfwsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The NxSysMon service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Nvraid service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ntgrip service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Nsysaudm service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The NPPTNT service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Nipsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The NIPALK service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Nimdbgk service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Naiavfilter1 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The N558 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The N3900 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The MtxDma0 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The MTsensor service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Mssql$microsoftsmlbiz service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The MRESP50 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Milshieldcleaner service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Mhndrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Mfehidk service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Megamonitorsrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Mcmispupdmgr service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Lxdj_device service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Lxcd_device service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The LMouFilt service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Kraidsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Kbdhid service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Iwebmsg service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ireike service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The IPassP service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Inort service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Inorpc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Infrastructure service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Iftpsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The HSFHWALI service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Hpt3xx service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Hpgate service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The GT891x service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The GT680x service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Govsrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ghoststartservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The GcKernel service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Gbpoll service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Fsaa service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Fs_rec service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ezplay service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Eplpdx02 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Epfwtdi service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Egathdrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The EACSvrMngr service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ds1 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The DniVad service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Dlcg_device service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The DellAMBrokerService service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Defwatch service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ddxgb service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The CTEAPSFX.DLL service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Cs429x service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Cpsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Commserver service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Cobbmservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The CoachUsb service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The CnxTrUsb service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Clmtomcatstartersvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Cdvp service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Carboncopy32 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The CA561 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Btwdins service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Bthidenum service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The BrSerIf service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Brmfrmps service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Bobo service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Bjmcmng service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Backupclientsvc service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Axinstsv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Avgclean service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The ATNT40K service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Atkdisplf service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Arkbcfltr service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Appnnode service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The AppnBase service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Appdrv service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Aolservice service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Angel2 service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Amon service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Alcaudsl service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Ahcix86s service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The AGV service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The Agnfilt service terminated with the following error: The specified module could not be found. 4/3/2012 5:29:58 PM, error: Service Control Manager [7023] - The A8djavs service terminated with the following error: The specified module could not be found. 4/3/2012 12:51:15 PM, error: Service Control Manager [7023] - The Cdvp service terminated with the following error: Access is denied. 4/3/2012 12:50:15 PM, error: Service Control Manager [7023] - The Commserver service terminated with the following error: Access is denied. 4/3/2012 12:49:16 PM, error: Service Control Manager [7023] - The Tvs service terminated with the following error: Access is denied. 4/3/2012 12:48:15 PM, error: Service Control Manager [7023] - The Nimdbgk service terminated with the following error: Access is denied. 4/3/2012 12:47:15 PM, error: Service Control Manager [7023] - The Eplpdx02 service terminated with the following error: Access is denied. 4/3/2012 12:46:16 PM, error: Service Control Manager [7023] - The Mssql$microsoftsmlbiz service terminated with the following error: Access is denied. 4/3/2012 12:45:15 PM, error: Service Control Manager [7023] - The Tsircsrv service terminated with the following error: Access is denied. 4/3/2012 12:44:15 PM, error: Service Control Manager [7023] - The Smartlinkservice service terminated with the following error: Access is denied. 4/3/2012 12:43:15 PM, error: Service Control Manager [7023] - The Ddxgb service terminated with the following error: Access is denied. 4/3/2012 12:42:15 PM, error: Service Control Manager [7023] - The Cs429x service terminated with the following error: Access is denied. 4/3/2012 12:41:15 PM, error: Service Control Manager [7023] - The AppnBase service terminated with the following error: Access is denied. 4/3/2012 12:40:15 PM, error: Service Control Manager [7023] - The Sk9920nt service terminated with the following error: Access is denied. 4/3/2012 12:39:15 PM, error: Service Control Manager [7023] - The Naiavfilter1 service terminated with the following error: Access is denied. 4/3/2012 12:38:15 PM, error: Service Control Manager [7023] - The Ahcix86s service terminated with the following error: Access is denied. 4/3/2012 12:37:15 PM, error: Service Control Manager [7023] - The Vmsprog service terminated with the following error: Access is denied. 4/3/2012 12:36:15 PM, error: Service Control Manager [7023] - The Rimmptsk service terminated with the following error: Access is denied. 4/3/2012 12:35:16 PM, error: Service Control Manager [7023] - The Vrservice service terminated with the following error: Access is denied. 4/3/2012 12:34:15 PM, error: Service Control Manager [7023] - The Si3114r service terminated with the following error: Access is denied. 4/3/2012 12:33:16 PM, error: Service Control Manager [7023] - The Ezplay service terminated with the following error: Access is denied. 4/3/2012 12:32:15 PM, error: Service Control Manager [7023] - The X10nets service terminated with the following error: Access is denied. 4/3/2012 12:31:15 PM, error: Service Control Manager [7023] - The Egathdrv service terminated with the following error: Access is denied. 4/3/2012 12:30:15 PM, error: Service Control Manager [7023] - The Pdlnatcm service terminated with the following error: Access is denied. 4/3/2012 12:29:15 PM, error: Service Control Manager [7023] - The Papycpu2 service terminated with the following error: Access is denied. 4/3/2012 12:28:16 PM, error: Service Control Manager [7023] - The NxSysMon service terminated with the following error: Access is denied. 4/3/2012 12:27:16 PM, error: Service Control Manager [7023] - The MTsensor service terminated with the following error: Access is denied. 4/3/2012 12:26:15 PM, error: Service Control Manager [7023] - The Fs_rec service terminated with the following error: Access is denied. 4/3/2012 12:25:15 PM, error: Service Control Manager [7023] - The Ireike service terminated with the following error: Access is denied. 4/3/2012 12:24:19 PM, error: Service Control Manager [7023] - The Sk99202k service terminated with the following error: Access is denied. 4/3/2012 12:23:16 PM, error: Service Control Manager [7023] - The Cobbmservice service terminated with the following error: Access is denied. 4/3/2012 12:22:26 PM, error: Service Control Manager [7023] - The PTDCMdm service terminated with the following error: Access is denied. 4/3/2012 12:21:27 PM, error: Service Control Manager [7023] - The Gbpoll service terminated with the following error: Access is denied. 4/3/2012 12:20:27 PM, error: Service Control Manager [7023] - The Brmfrmps service terminated with the following error: Access is denied. 4/3/2012 12:19:22 PM, error: Service Control Manager [7023] - The Us30service service terminated with the following error: Access is denied. 4/3/2012 12:17:25 PM, error: Service Control Manager [7023] - The DniVad service terminated with the following error: Access is denied. 4/3/2012 12:16:20 PM, error: Service Control Manager [7023] - The EACSvrMngr service terminated with the following error: Access is denied. 4/3/2012 12:15:15 PM, error: Service Control Manager [7023] - The Angel2 service terminated with the following error: Access is denied. 4/3/2012 12:14:15 PM, error: Service Control Manager [7023] - The Pnp680r service terminated with the following error: Access is denied. 4/3/2012 12:13:15 PM, error: Service Control Manager [7023] - The Snpstd service terminated with the following error: Access is denied. 4/3/2012 12:12:15 PM, error: Service Control Manager [7023] - The Sentinel service terminated with the following error: Access is denied. 4/3/2012 12:11:15 PM, error: Service Control Manager [7023] - The Tmtdi service terminated with the following error: Access is denied. 4/3/2012 12:10:15 PM, error: Service Control Manager [7023] - The Iftpsvc service terminated with the following error: Access is denied. 4/3/2012 12:09:15 PM, error: Service Control Manager [7023] - The Tsmservice service terminated with the following error: Access is denied. 4/3/2012 12:08:15 PM, error: Service Control Manager [7023] - The Axinstsv service terminated with the following error: Access is denied. 4/3/2012 12:07:16 PM, error: Service Control Manager [7023] - The Infrastructure service terminated with the following error: Access is denied. 4/3/2012 12:06:15 PM, error: Service Control Manager [7023] - The Lxcd_device service terminated with the following error: Access is denied. 4/3/2012 12:05:15 PM, error: Service Control Manager [7023] - The Scarddrv service terminated with the following error: Access is denied. 4/3/2012 12:04:15 PM, error: Service Control Manager [7023] - The S125mgmt service terminated with the following error: Access is denied. 4/3/2012 12:03:15 PM, error: Service Control Manager [7023] - The Defwatch service terminated with the following error: Access is denied. 4/3/2012 12:02:15 PM, error: Service Control Manager [7023] - The Mhndrv service terminated with the following error: Access is denied. 4/3/2012 12:01:16 PM, error: Service Control Manager [7023] - The Nvraid service terminated with the following error: Access is denied. 4/3/2012 12:00:15 PM, error: Service Control Manager [7023] - The NIPALK service terminated with the following error: Access is denied. 4/3/2012 11:59:16 AM, error: Service Control Manager [7023] - The Appdrv service terminated with the following error: Access is denied. 4/3/2012 11:58:15 AM, error: Service Control Manager [7023] - The Bjmcmng service terminated with the following error: Access is denied. 4/3/2012 11:57:18 AM, error: Service Control Manager [7023] - The GcKernel service terminated with the following error: Access is denied. 4/3/2012 11:56:15 AM, error: Service Control Manager [7023] - The Carboncopy32 service terminated with the following error: Access is denied. 4/3/2012 11:55:15 AM, error: Service Control Manager [7023] - The Sfusvc service terminated with the following error: Access is denied. 4/3/2012 11:54:16 AM, error: Service Control Manager [7023] - The WNCPKT service terminated with the following error: Access is denied. 4/3/2012 11:53:15 AM, error: Service Control Manager [7023] - The Nsysaudm service terminated with the following error: Access is denied. 4/3/2012 11:52:15 AM, error: Service Control Manager [7023] - The Bthidenum service terminated with the following error: Access is denied. 4/3/2012 11:51:15 AM, error: Service Control Manager [7023] - The Ghoststartservice service terminated with the following error: Access is denied. 4/3/2012 11:50:15 AM, error: Service Control Manager [7023] - The ATNT40K service terminated with the following error: Access is denied. 4/3/2012 11:49:15 AM, error: Service Control Manager [7023] - The Bobo service terminated with the following error: Access is denied. 4/3/2012 11:48:15 AM, error: Service Control Manager [7023] - The SprintRcAppSvc service terminated with the following error: Access is denied. 4/3/2012 11:47:15 AM, error: Service Control Manager [7023] - The Clmtomcatstartersvc service terminated with the following error: Access is denied. 4/3/2012 11:46:15 AM, error: Service Control Manager [7023] - The Kbdhid service terminated with the following error: Access is denied. 4/3/2012 11:45:15 AM, error: Service Control Manager [7023] - The CnxTrUsb service terminated with the following error: Access is denied. 4/3/2012 11:44:15 AM, error: Service Control Manager [7023] - The A8djavs service terminated with the following error: Access is denied. 4/3/2012 11:43:16 AM, error: Service Control Manager [7023] - The S117unic service terminated with the following error: Access is denied. 4/3/2012 11:42:15 AM, error: Service Control Manager [7023] - The Psdvdisk service terminated with the following error: Access is denied. 4/3/2012 11:41:15 AM, error: Service Control Manager [7023] - The Mfehidk service terminated with the following error: Access is denied. 4/3/2012 11:40:15 AM, error: Service Control Manager [7023] - The Backupclientsvc service terminated with the following error: Access is denied. 4/3/2012 11:39:15 AM, error: Service Control Manager [7023] - The Avgclean service terminated with the following error: Access is denied. 4/3/2012 11:38:15 AM, error: Service Control Manager [7023] - The NPPTNT service terminated with the following error: Access is denied. 4/3/2012 11:37:15 AM, error: Service Control Manager [7023] - The Iwebmsg service terminated with the following error: Access is denied. 4/3/2012 11:36:15 AM, error: Service Control Manager [7023] - The Z525obex service terminated with the following error: Access is denied. 4/3/2012 11:35:15 AM, error: Service Control Manager [7023] - The Wtcls2k service terminated with the following error: Access is denied. 4/3/2012 11:34:15 AM, error: Service Control Manager [7023] - The YMIDUSB service terminated with the following error: Access is denied. 4/3/2012 11:33:15 AM, error: Service Control Manager [7023] - The Ds1 service terminated with the following error: Access is denied. 4/3/2012 11:32:16 AM, error: Service Control Manager [7023] - The Sqlserveragent service terminated with the following error: Access is denied. 4/3/2012 11:31:15 AM, error: Service Control Manager [7023] - The Lxdj_device service terminated with the following error: Access is denied. 4/3/2012 11:30:15 AM, error: Service Control Manager [7023] - The Inorpc service terminated with the following error: Access is denied. 4/3/2012 11:29:15 AM, error: Service Control Manager [7023] - The Prohlp02 service terminated with the following error: Access is denied. 4/3/2012 11:28:15 AM, error: Service Control Manager [7023] - The Cpsvc service terminated with the following error: Access is denied. 4/3/2012 11:27:17 AM, error: Service Control Manager [7023] - The WmBEnum service terminated with the following error: Access is denied. 4/3/2012 11:26:15 AM, error: Service Control Manager [7023] - The Hpgate service terminated with the following error: Access is denied. 4/3/2012 11:25:15 AM, error: Service Control Manager [7023] - The Smservauth service terminated with the following error: Access is denied. 4/3/2012 11:24:15 AM, error: Service Control Manager [7023] - The Ppped service terminated with the following error: Access is denied. 4/3/2012 11:23:15 AM, error: Service Control Manager [7023] - The BrSerIf service terminated with the following error: Access is denied. 4/3/2012 11:22:16 AM, error: Service Control Manager [7023] - The Amon service terminated with the following error: Access is denied. 4/3/2012 11:21:16 AM, error: Service Control Manager [7023] - The Btwdins service terminated with the following error: Access is denied. 4/3/2012 11:20:16 AM, error: Service Control Manager [7023] - The MRESP50 service terminated with the following error: Access is denied. 4/3/2012 11:19:17 AM, error: Service Control Manager [7023] - The Dlcg_device service terminated with the following error: Access is denied. 4/3/2012 11:18:20 AM, error: Service Control Manager [7023] - The GT891x service terminated with the following error: Access is denied. 4/3/2012 11:17:17 AM, error: Service Control Manager [7023] - The Sbhooksvc service terminated with the following error: Access is denied. 4/3/2012 11:16:16 AM, error: Service Control Manager [7023] - The Upsmonservice service terminated with the following error: Access is denied. 4/3/2012 11:15:15 AM, error: Service Control Manager [7023] - The Aolservice service terminated with the following error: Access is denied. 4/3/2012 11:14:17 AM, error: Service Control Manager [7023] - The CTEAPSFX.DLL service terminated with the following error: Access is denied. 4/3/2012 11:13:15 AM, error: Service Control Manager [7023] - The GT680x service terminated with the following error: Access is denied. 4/3/2012 11:12:15 AM, error: Service Control Manager [7023] - The Mcmispupdmgr service terminated with the following error: Access is denied. 4/3/2012 11:11:15 AM, error: Service Control Manager [7023] - The Tfsndres service terminated with the following error: Access is denied. 4/3/2012 11:10:15 AM, error: Service Control Manager [7023] - The Qmofiltr service terminated with the following error: Access is denied. 4/3/2012 11:09:15 AM, error: Service Control Manager [7023] - The Megamonitorsrv service terminated with the following error: Access is denied. 4/3/2012 11:08:15 AM, error: Service Control Manager [7023] - The Pccsmcfd service terminated with the following error: Access is denied. 4/3/2012 11:07:15 AM, error: Service Control Manager [7023] - The Kraidsvc service terminated with the following error: Access is denied. 4/3/2012 11:06:17 AM, error: Service Control Manager [7023] - The VICESYS service terminated with the following error: Access is denied. 4/3/2012 11:05:24 AM, error: Service Control Manager [7023] - The Milshieldcleaner service terminated with the following error: Access is denied. 4/3/2012 11:04:28 AM, error: Service Control Manager [7023] - The Atkdisplf service terminated with the following error: Access is denied. 4/3/2012 11:03:15 AM, error: Service Control Manager [7023] - The Upperdev service terminated with the following error: Access is denied. 4/3/2012 11:02:15 AM, error: Service Control Manager [7023] - The N3900 service terminated with the following error: Access is denied. 4/3/2012 11:01:22 AM, error: Service Control Manager [7023] - The Syslogd service terminated with the following error: Access is denied. 4/3/2012 11:00:16 AM, error: Service Control Manager [7023] - The Rspndr service terminated with the following error: Access is denied. 4/3/2012 10:59:15 AM, error: Service Control Manager [7023] - The Arkbcfltr service terminated with the following error: Access is denied. 4/3/2012 10:58:15 AM, error: Service Control Manager [7023] - The Ntgrip service terminated with the following error: Access is denied. 4/3/2012 10:57:15 AM, error: Service Control Manager [7023] - The AGV service terminated with the following error: Access is denied. 4/3/2012 10:56:15 AM, error: Service Control Manager [7023] - The IPassP service terminated with the following error: Access is denied. 4/3/2012 10:55:15 AM, error: Service Control Manager [7023] - The LMouFilt service terminated with the following error: Access is denied. 4/3/2012 10:54:16 AM, error: Service Control Manager [7023] - The Govsrv service terminated with the following error: Access is denied. 4/3/2012 10:53:15 AM, error: Service Control Manager [7023] - The CA561 service terminated with the following error: Access is denied. 4/3/2012 10:52:15 AM, error: Service Control Manager [7023] - The CoachUsb service terminated with the following error: Access is denied. 4/3/2012 10:51:15 AM, error: Service Control Manager [7023] - The Symantecantibotwatcher service terminated with the following error: Access is denied. 4/3/2012 10:50:17 AM, error: Service Control Manager [7023] - The Fsaa service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The S616mdm service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Quickbooksdb service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Point32 service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Pdengine service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Ofcpfwsvc service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Nipsvc service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The N558 service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The MtxDma0 service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Inort service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The HSFHWALI service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Hpt3xx service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Epfwtdi service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Appnnode service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Alcaudsl service terminated with the following error: Access is denied. 4/3/2012 1:12:44 PM, error: Service Control Manager [7023] - The Agnfilt service terminated with the following error: Access is denied. 4/3/2012 1:09:15 PM, error: Service Control Manager [7023] - The DellAMBrokerService service terminated with the following error: Access is denied. 4/3/2012 1:08:15 PM, error: Service Control Manager [7023] - The PGPwded service terminated with the following error: Access is denied. 4/3/2012 1:07:15 PM, error: Service Control Manager [7023] - The Perfproc service terminated with the following error: Access is denied. 4/2/2012 11:34:25 AM, error: SCR3xx USB Smart Card Reader [0] - 4/2/2012 11:34:25 AM, error: SCardSvr [610] - Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader 0' rejected IOCTL POWER: The smart card is not responding to a reset. . ==== End Of File =========================== dds.txt DDS (Ver_2011-09-30.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Plamenka at 14:24:59 on 2012-04-05 Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.502.241 [GMT 3:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\System32\DkLog.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\PDF Complete\pdfsty.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AutorunRemover\AutorunRemover.exe C:\Program Files\Datakey\Crypt32\DkAutoReg.exe C:\Program Files\Datakey\Crypt32\DkMonitor.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\System32\dkcktkn.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Datecs\Flex2K.exe C:\Program Files\Siemens\Card API\bin\siecacst.exe C:\Program Files\Dosprn\DOSprn.exe C:\Program Files\Webshots\WebshotsTray.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.bg/ uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: {A5366673-E8CA-11D3-9CD9-0090271D075B} - <orphaned> TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe" mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe mRun: [Recguard] c:\windows\sminst\Recguard.exe mRun: [Reminder] c:\windows\creator\Remind_XP.exe mRun: [scheduler] c:\windows\sminst\Scheduler.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [AutorunRemover.exe] c:\program files\autorunremover\AutorunRemover.exe -Hide mRun: [DkAutoReg.exe] c:\program files\datakey\crypt32\DkAutoReg.exe mRun: [DkMonitor.exe] c:\program files\datakey\crypt32\DkMonitor.exe mRun: [DkStartup] c:\program files\datakey\crypt32\DkStartup.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\plamenka\startm~1\programs\startup\dosprn.lnk - c:\program files\dosprn\DOSprn.exe StartupFolder: c:\docume~1\plamenka\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\WebshotsTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\windows\datecs\Flex2K.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hipath~1.lnk - c:\program files\siemens\card api\bin\siecacst.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: Download All by FlashGet - \\Secretary\Share\Flashget\jc_all.htm IE: Download using FlashGet - \\Secretary\Share\Flashget\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {167248DA-0F88-4DE1-B4B1-45176751026D} - hxxps://bs.b-trust.org/wl-dl/bs/js/renew/CertManX.cab DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} - hxxps://srl.nssi.bg/ExtUsers/viewer/activeXViewer/activexviewer.cab DPF: {4DB62416-BC86-4439-B5BA-366948F47C8D} - hxxps://bs.b-trust.org/wl-dl/bs/js/sign/SCManagerX.cab DPF: {500A3316-5B0E-4253-BBE5-CE3F11A1AE71} - hxxps://inetdec.nra.bg/dds/InetVAT5Frm.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {97EA2A5E-A821-48A1-B0F9-DEDB5E0E62A2} - hxxps://inetdec.nra.bg/cabs/SignCOM.cab DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://www.extri.bg/capicom.cab DPF: {C186F386-6FC6-414C-AB53-975FB0EB15C1} - hxxp://v.netlogstatic.com/v5.00/2995//s/e/Aurigma/ImageUploaderPHP/PhotoUploader.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{02B9B549-6E76-4467-94AD-2664E3FE96D2} : NameServer = 192.168.1.1 Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2008-2-12 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2008-2-12 5248] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-4 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-4 337880] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-4 20696] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-4 44768] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-20 652360] R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-11-10 540184] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-20 20464] R3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [2010-3-17 47488] S2 awhost32;Snpstd;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 gupdate;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-4 136176] S2 GV600_4;Btwdins;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 ikhlayer;Bthidenum;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 LRMINIPORT;BrSerIf;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 mcafeeantispyware;PTDCMdm;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 navapsvc;Hpgate;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 ofcservice;NPPTNT;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 savrtpel;NIPALK;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 vet-filt;Smartlinkservice;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 vsmon;SprintRcAppSvc;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-4 136176] S3 MFE_RR;MFE_RR;\??\c:\docume~1\plamenka\locals~1\temp\mfe_rr.sys --> c:\docume~1\plamenka\locals~1\temp\mfe_rr.sys [?] S3 SCR33x USB Smart Card Reader;SCR33x USB Smart Card Reader;c:\windows\system32\drivers\scr33x.sys --> c:\windows\system32\drivers\SCR33x.sys [?] S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [2004-10-25 7796] . =============== File Associations =============== . ShellExec: pdfvista.exe: Open="c:\program files\pdf complete\pdfvista.exe" ShellExec: pdfvista.exe: Read="c:\program files\pdf complete\pdfvista.exe" . =============== Created Last 30 ================ . 2012-04-05 09:14:40 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2012-04-05 09:14:40 64512 ----a-w- c:\windows\system32\drivers\Serial.sys 2012-04-05 09:14:37 162816 ----a-w- c:\windows\system32\drivers\netbt.sys 2012-04-05 09:14:35 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2012-04-05 08:40:26 98816 ----a-w- c:\windows\sed.exe 2012-04-05 08:40:26 256000 ----a-w- c:\windows\PEV.exe 2012-04-05 08:40:26 208896 ----a-w- c:\windows\MBR.exe 2012-04-04 07:00:56 -------- d-----w- c:\documents and settings\plamenka\local settings\application data\Google 2012-04-04 07:00:43 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-04-04 06:59:16 41184 ----a-w- c:\windows\avastSS.scr 2012-04-04 06:26:10 -------- d-----w- c:\program files\AVAST Software 2012-04-04 06:26:10 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2012-04-03 14:42:55 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2012-04-03 07:48:00 -------- d-sh--w- c:\documents and settings\plamenka\local settings\application data\1cf6efbe . ==================== Find3M ==================== . 2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 14:25:40.00 ===============

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Виждат се някои остатъци в логовете, но ще са необходими още проверки:

1. Изтеглете ComboFix от BleepingComputer

и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

Публикувано изображение

След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

Публикувано изображение

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.

3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

4. ComboFix ще провери дали Windows Recovery Console e инсталиранa.

*Ако Windows Recovery Console не е инсталирана, ще е необходимо да използвате YES за инсталация на Windows Recovery Console

*Ако Windows Recovery Console е инсталирана, ComboFix ще продължи работата си.

Публикувано изображение

Забележка: Необходимо е да сте свързани към Интернет за да може Windows Recovery Console да се изтегли.

След инсталация на Windows Recovery Console потвърдете с YES, за да продължите напред. Снимка:

Публикувано изображение

5. ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на ComboFix, моля да прочетете това: Manually restoring the Internet connection section.

6. Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

Публикувано изображение

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

ComboFix 12-04-05.09 - Plamenka 04/06/2012 10:55:50.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.502.257 [GMT 3:00]

Running from: c:\documents and settings\Plamenka\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB3255$

c:\windows\$NtUninstallKB3255$\2446036716

c:\windows\$NtUninstallKB3255$\485945278\@

c:\windows\$NtUninstallKB3255$\485945278\L\nnznorar

c:\windows\system32\regmon701.dll

c:\windows\TEMP\sig3.tmp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_THKEYS

-------\Service_thkeys

.

.

((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))

.

.

2012-04-05 09:14 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2012-04-05 09:14 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\Serial.sys

2012-04-05 09:14 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-04-05 09:14 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2012-04-04 07:00 . 2012-04-04 07:05 -------- d-----w- c:\documents and settings\Plamenka\Local Settings\Application Data\Google

2012-04-04 07:00 . 2012-04-04 07:01 -------- d-----w- c:\program files\Google

2012-04-04 07:00 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-04-04 07:00 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-04-04 07:00 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-04-04 07:00 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-04-04 07:00 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-04-04 07:00 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-04-04 07:00 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-04-04 07:00 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-04-04 06:59 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-04-04 06:59 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-04-04 06:26 . 2012-04-04 06:58 -------- d-----w- c:\program files\AVAST Software

2012-04-04 06:26 . 2012-04-04 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-04-03 14:42 . 2012-04-03 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-04-03 09:28 . 2012-04-03 09:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-04-03 07:48 . 2012-04-05 09:14 -------- d-sh--w- c:\documents and settings\Plamenka\Local Settings\Application Data\1cf6efbe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-03 09:22 . 2004-08-04 08:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-17 06:23 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2004-08-04 08:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-05_09.19.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-04 08:00 . 2004-08-03 20:14 52736 c:\windows\system32\drivers\i8042prt.sys

+ 2004-08-04 08:00 . 2004-08-03 20:14 52736 c:\windows\system32\dllcache\i8042prt.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-09-25 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-09-25 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-09-25 94208]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-04-24 888832]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-01 98304]

"AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2009-10-20 1257472]

"DkAutoReg.exe"="c:\program files\Datakey\Crypt32\DkAutoReg.exe" [2003-05-13 245760]

"DkMonitor.exe"="c:\program files\Datakey\Crypt32\DkMonitor.exe" [2003-05-13 143360]

"DkStartup"="c:\program files\Datakey\Crypt32\DkStartup.exe" [2003-05-13 217088]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Plamenka\Start Menu\Programs\Startup\

DOSprn.lnk - c:\program files\Dosprn\DOSprn.exe [2011-11-3 234496]

Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2008-2-26 192512]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2008-2-12 151552]

HiPath SIcurity Card API.lnk - c:\program files\Siemens\Card API\bin\siecacst.exe [2010-3-17 61440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\IObit\\Advanced SystemCare 3\\AWC.exe"=

"c:\\Program Files\\IObit\\Advanced SystemCare 3\\Sut_SoftUninstaller.exe"=

"c:\\Documents and Settings\\Plamenka\\Local Settings\\Temp\\_av_sfx.tm~a03296\\avast.setup"=

"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=

"c:\\Program Files\\AVAST Software\\Avast\\Setup\\avast.setup"=

"c:\\Documents and Settings\\Plamenka\\Local Settings\\Temp\\_av_sfx.tm~a01800\\avast.setup"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\WINDOWS\\system32\\msfeedssync.exe"=

.

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2/12/2008 4:27 PM 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2/12/2008 4:27 PM 5248]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/4/2012 10:00 AM 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/4/2012 10:00 AM 337880]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/4/2012 10:00 AM 20696]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/20/2009 10:29 AM 652360]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [11/10/2007 10:01 PM 540184]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/20/2009 10:29 AM 20464]

R3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [3/17/2010 4:03 PM 47488]

S2 gupdate;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2012 10:01 AM 136176]

S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2012 10:01 AM 136176]

S3 MFE_RR;MFE_RR;\??\c:\docume~1\Plamenka\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\Plamenka\LOCALS~1\Temp\mfe_rr.sys [?]

S3 SCR33x USB Smart Card Reader;SCR33x USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33x.sys --> c:\windows\system32\DRIVERS\SCR33x.sys [?]

S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [10/25/2004 1:04 AM 7796]

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

{834170a7-af3b-4d34-a757-e05eb29ee96d}

vwkernel

bwsvc

tvalz

comhost

qcmerced

a016obex

CVirtA

wg3n

SE2Cbus

vpcnets2

tmactmon

vvoice

smrt

hwdatacard

LVBulk

pcx1nd5

Wdf01000

navapsvc

ino_fltr

athr

DLARTL_M

e1000

ASLDRService

ofcservice

backupexecnamingservice

ppmoucls

VX3000

SMCB000

vsmon

amdagp

ikhlayer

cachemanxp

AmeLanPc

netcfgsvr

savrtpel

CXTUNE

epson_pm_rpcv4_01

ATMsrvc

lvselsus

W8100PCI

APLMp50

prosync1

prismxl

winvnc4

MS1000

mcafeeantispyware

mfeapfk

atksgt

TVALG

sthda

lxct_device

oracleorahome92tnslistener

ownershipprotocol

3dkeybd

TPECioCtl

tpsrv

vet-filt

slabbus

w810mdm

personalsecuredriveservice

tomcatcws3

bc_ip_f

pdlndoem

nvrd64

nhcDriverDevice

CdaD10BA

p2psvc

XUIF

s716mdfl

WscNetDr

wltrysvc

cyberpowerups

pnkbstrk

vmparport

smcirda

alcaudsl

cwafrmiregistry

p1131vid

ati2mtaa

advservice

mgactrl

SE2Bobex

IBM_LLC2

PTDCBus

vulfnths

aksusb

stllssvr

cpucoolserver

CTEDSPFX.DLL

gearaspiwdm

ibmpmsvc

lxcf_device

tvtpktfilter

PCISys

dmisrv

avidstartup

tavsvc

sit_prt

teefer2

smartscaps

radclock

scarddrv

DeviceScanner

ASNDIS5

{95808DC4-FA4A-4c74-92FE-5B863F82066B}

pmem

vxsvc

btwrchid

Nsynas32

arkbcfltr

OracleOraHome92ClientCache

AdobeActiveFileMonitor6.0

wencrservice

hmonitor

mgisvr

GoToAssist

wwnetdde

AYDrvNT_ALYAC

w810obex

macformatservice

ma_cmidi_installerservice

cpqvcagent

iolo_srv

pfmodnt

ARSVC

PDExchange

tabletservice

awhost32

ANC

hclinetd

PSI_SVC_2

riomsc

WINUSB

VrAcFil

ICAM3NT5

hsxhwazl

bltrust

DELL_A02

ftrtsvc

SymIM

aswmon2

stylexphelper

xfactorae1

niorbk

asapiw2k

hpzius12

LoopBeMidi1

megamonitorsrv

hcwPP2

pvservice

ShockMgr

LRMINIPORT

GV600_4

bthusb

p2pgasvc

nmservice

zpnodecollector

nvsvc

sony_ssm.sys

FETNDIS

nvenetfd

tifm21

aswupdsv

cqmghost

surveyor

backupexecnotificationserver

passthru

toddsrv

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

napagent

hkmsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 07:00]

.

2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 07:00]

.

2012-04-06 c:\windows\Tasks\User_Feed_Synchronization-{6482A737-AA76-49D9-B493-A348479543DB}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

IE: Download All by FlashGet - \\Secretary\Share\Flashget\jc_all.htm

IE: Download using FlashGet - \\Secretary\Share\Flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: Interfaces\{02B9B549-6E76-4467-94AD-2664E3FE96D2}: NameServer = 192.168.1.1

DPF: {167248DA-0F88-4DE1-B4B1-45176751026D} - hxxps://bs.b-trust.org/wl-dl/bs/js/renew/CertManX.cab

DPF: {4DB62416-BC86-4439-B5BA-366948F47C8D} - hxxps://bs.b-trust.org/wl-dl/bs/js/sign/SCManagerX.cab

DPF: {500A3316-5B0E-4253-BBE5-CE3F11A1AE71} - hxxps://inetdec.nra.bg/dds/InetVAT5Frm.cab

DPF: {97EA2A5E-A821-48A1-B0F9-DEDB5E0E62A2} - hxxps://inetdec.nra.bg/cabs/SignCOM.cab

DPF: {C186F386-6FC6-414C-AB53-975FB0EB15C1} - hxxp://v.netlogstatic.com/v5.00/2995//s/e/Aurigma/ImageUploaderPHP/PhotoUploader.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-06 11:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1176)

c:\windows\system32\WININET.dll

c:\windows\system32\newdll.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\System32\SCardSvr.exe

c:\windows\System32\DkLog.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\windows\System32\dkcktkn.exe

.

**************************************************************************

.

Completion time: 2012-04-06 11:09:29 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-06 08:09

ComboFix2.txt 2012-04-05 09:22

.

Pre-Run: 127,682,486,272 bytes free

Post-Run: 127,706,243,072 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - A44E7958794D42F20B69C6ABF91DE93A

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изтеглете прикачения файл => XPSP3_netsvcs.zip

Разархивирайте го на десктопа и стартирайте файла XPSP3_netsvcs.reg

Потвърдете с YES на диалоговия прозорец.

  • Отворете notepad и с copy/paste въведете следната информация:

    Folder::
    c:documents and settingsPlamenkaLocal SettingsApplication Data1cf6efbe
    Registry::
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
    "AntiVirusOverride"=dword:00000000
    
  • Запазете файла с име CFScript и го провлачете и пуснете в Combofix (както е показано на картинката отдолу).

    Публикувано изображение

  • По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !
  • Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си пост.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

ComboFix 12-04-05.09 - Plamenka 04/07/2012 17:53:46.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.502.223 [GMT 3:00]

Running from: c:\documents and settings\Plamenka\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Plamenka\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Plamenka\Local Settings\Application Data\1cf6efbe

c:\documents and settings\Plamenka\Local Settings\Application Data\1cf6efbe\@

.

.

((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))

.

.

2012-04-05 09:14 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2012-04-05 09:14 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\Serial.sys

2012-04-05 09:14 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-04-05 09:14 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2012-04-04 07:00 . 2012-04-04 07:05 -------- d-----w- c:\documents and settings\Plamenka\Local Settings\Application Data\Google

2012-04-04 07:00 . 2012-04-04 07:01 -------- d-----w- c:\program files\Google

2012-04-04 07:00 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-04-04 07:00 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-04-04 07:00 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-04-04 07:00 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-04-04 07:00 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-04-04 07:00 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-04-04 07:00 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-04-04 07:00 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-04-04 06:59 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-04-04 06:59 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-04-04 06:26 . 2012-04-04 06:58 -------- d-----w- c:\program files\AVAST Software

2012-04-04 06:26 . 2012-04-04 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-04-03 14:42 . 2012-04-03 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-04-03 09:28 . 2012-04-03 09:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-03 09:22 . 2004-08-04 08:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-17 06:23 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2004-08-04 08:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-05_09.19.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-04 08:00 . 2004-08-03 20:14 52736 c:\windows\system32\drivers\i8042prt.sys

+ 2004-08-04 08:00 . 2004-08-03 20:14 52736 c:\windows\system32\dllcache\i8042prt.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-09-25 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-09-25 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-09-25 94208]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-04-24 888832]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-01 98304]

"AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2009-10-20 1257472]

"DkAutoReg.exe"="c:\program files\Datakey\Crypt32\DkAutoReg.exe" [2003-05-13 245760]

"DkMonitor.exe"="c:\program files\Datakey\Crypt32\DkMonitor.exe" [2003-05-13 143360]

"DkStartup"="c:\program files\Datakey\Crypt32\DkStartup.exe" [2003-05-13 217088]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Plamenka\Start Menu\Programs\Startup\

DOSprn.lnk - c:\program files\Dosprn\DOSprn.exe [2011-11-3 234496]

Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2008-2-26 192512]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2008-2-12 151552]

HiPath SIcurity Card API.lnk - c:\program files\Siemens\Card API\bin\siecacst.exe [2010-3-17 61440]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\IObit\\Advanced SystemCare 3\\AWC.exe"=

"c:\\Program Files\\IObit\\Advanced SystemCare 3\\Sut_SoftUninstaller.exe"=

"c:\\Documents and Settings\\Plamenka\\Local Settings\\Temp\\_av_sfx.tm~a03296\\avast.setup"=

"c:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe"=

"c:\\Program Files\\AVAST Software\\Avast\\Setup\\avast.setup"=

"c:\\Documents and Settings\\Plamenka\\Local Settings\\Temp\\_av_sfx.tm~a01800\\avast.setup"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\WINDOWS\\system32\\msfeedssync.exe"=

.

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2/12/2008 4:27 PM 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2/12/2008 4:27 PM 5248]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/4/2012 10:00 AM 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/4/2012 10:00 AM 337880]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/4/2012 10:00 AM 20696]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/20/2009 10:29 AM 652360]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [11/10/2007 10:01 PM 540184]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/20/2009 10:29 AM 20464]

R3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [3/17/2010 4:03 PM 47488]

S2 gupdate;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2012 10:01 AM 136176]

S3 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2012 10:01 AM 136176]

S3 MFE_RR;MFE_RR;\??\c:\docume~1\Plamenka\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\Plamenka\LOCALS~1\Temp\mfe_rr.sys [?]

S3 SCR33x USB Smart Card Reader;SCR33x USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33x.sys --> c:\windows\system32\DRIVERS\SCR33x.sys [?]

S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [10/25/2004 1:04 AM 7796]

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 07:00]

.

2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 07:00]

.

2012-04-07 c:\windows\Tasks\User_Feed_Synchronization-{6482A737-AA76-49D9-B493-A348479543DB}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

IE: Download All by FlashGet - \\Secretary\Share\Flashget\jc_all.htm

IE: Download using FlashGet - \\Secretary\Share\Flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: Interfaces\{02B9B549-6E76-4467-94AD-2664E3FE96D2}: NameServer = 192.168.1.1

DPF: {167248DA-0F88-4DE1-B4B1-45176751026D} - hxxps://bs.b-trust.org/wl-dl/bs/js/renew/CertManX.cab

DPF: {4DB62416-BC86-4439-B5BA-366948F47C8D} - hxxps://bs.b-trust.org/wl-dl/bs/js/sign/SCManagerX.cab

DPF: {500A3316-5B0E-4253-BBE5-CE3F11A1AE71} - hxxps://inetdec.nra.bg/dds/InetVAT5Frm.cab

DPF: {97EA2A5E-A821-48A1-B0F9-DEDB5E0E62A2} - hxxps://inetdec.nra.bg/cabs/SignCOM.cab

DPF: {C186F386-6FC6-414C-AB53-975FB0EB15C1} - hxxp://v.netlogstatic.com/v5.00/2995//s/e/Aurigma/ImageUploaderPHP/PhotoUploader.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-07 18:02

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

Completion time: 2012-04-07 18:04:24

ComboFix-quarantined-files.txt 2012-04-07 15:04

ComboFix2.txt 2012-04-06 08:09

ComboFix3.txt 2012-04-05 09:22

.

Pre-Run: 127,527,481,344 bytes free

Post-Run: 127,539,871,744 bytes free

.

- - End Of File - - 61C040A3D3B347F7FBEEE8A5A68C6DBE


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Дотук добре, но искам да направим още малко проверки:

СТЪПКА 1

Изтеглете OTL.exe и го запазете на десктопа.

  • Стартирайте OTL.exe
  • Направете следните настройки:
  • Сложете отметка пред Scan All Users Публикувано изображение
  • Под менюто File Age изберете 90 days
  • Под менюто Standard Registry променете на ALL
  • Сложете отметки пред LOP и Purity Check
Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%*.*
%USERPROFILE%*.*
%USERPROFILE%Application Data*.*
%USERPROFILE%Local SettingsApplication Data*.*
%AllUsersProfile%*.*
%AllUsersProfile%Application Data*.*
%USERPROFILE%My Documents*.*
%CommonProgramFiles%*.*
%PROGRAMFILES%*.*
%systemroot%system32configsystemprofile*.*
%windir%ServiceProfilesLocalServiceAppDataLocalTemp*.*
%windir%ServiceProfilesNetworkServiceAppDataLocalTemp*.*
%windir%temp*.*
%windir%system32*.
%systemroot%system32*.dll /lockedfiles
%systemroot%Tasks*.job /lockedfiles
%systemroot%system32drivers*.sys /90
%systemroot%system32drivers*.sys /lockedfiles
%systemroot%system32Spoolprtprocsw32x86*.dll
%systemroot%*. /rp /s
%systemroot%assemblytmp*.* /S /MD5
%systemroot%assemblytemp*.* /S /MD5
%systemroot%assemblyGAC_32*.* /S /MD5
%systemroot%assemblyGAC_MSIL*.* /S /MD5
/md5start
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
atapi.sys
iaStor.sys
serial.sys
disk.sys
volsnap.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
tcpip.sys
ipsec.sys
hlp.dat
/md5stop
  • Натиснете маркираният в синьо бутон: Run Scan.
  • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

СТЪПКА 2

Моля изтеглете последната версия на TDSSKiller оттук и я запазете на вашия декстоп.

  • Стартирайте TDSSKiller.exe за да стартирате приложението. След това кликнете върху бутона Change parameters.

    Публикувано изображение

  • Сложете отметки пред Verify Driver Digital Signature и Detect TDLFS file system и натиснете ОК.

    Публикувано изображение

  • Натиснете бутона Start Scan.

    Публикувано изображение

  • Ако подозрителен обект бъде засечен, действието по подразбиране ще бъде Skip, кликнете върху Continue.

    Публикувано изображение

  • Ако зловредни обекти бъдат намерени, тогава от падащото меню ще имате три възможности.

    Бъдете сигурни, че избраното действие е Cure и натиснете върху Continue > Рестартирайте за да бъде завършена поправката.

    Публикувано изображение

    Забележка: Ако Cure бутона не е наличен от възможностите, тогава моля изберете Skip бутона, не избирайте Delete освен ако не сте инструктирани затова.

  • Лог файл ще бъде създаден в свободната директория на дял C: . Потърсете за лог с името "TDSSKiller.[Version]_[Date]_[Time]_log.txt" и копирайте съдържанието му в следващия си пост.

СТЪПКА 3

Моля, изтеглете aswMBR и го запазете на вашия десктоп.

  • Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
  • Изчакайте да изтегли дефинициите на avast!
  • От падащото меню посочете дял C: както е на снимката:
Публикувано изображение
  • Изберете Scan бутона, за да започне проверката.
  • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.

СТЪПКА 4

Моля изтеглете Farbar Service Scanner и я стартирайте.

  • Сложете всички отметки
  • Натиснете бутона "Scan".
  • Ще се създаде лог файл с името (FSS.txt) в папката откъдето стартирате инструмента.
  • Копирайте съдържанието на лог файла в следващия си пост.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

СТЪПКА 2

19:21:45.0593 1748 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02

19:21:46.0718 1748 ============================================================

19:21:46.0718 1748 Current date / time: 2012/04/07 19:21:46.0718

19:21:46.0718 1748 SystemInfo:

19:21:46.0718 1748

19:21:46.0718 1748 OS Version: 5.1.2600 ServicePack: 3.0

19:21:46.0718 1748 Product type: Workstation

19:21:46.0718 1748 ComputerName: PLAMENKARAINOVA

19:21:46.0718 1748 UserName: Plamenka

19:21:46.0718 1748 Windows directory: C:\WINDOWS

19:21:46.0718 1748 System windows directory: C:\WINDOWS

19:21:46.0718 1748 Processor architecture: Intel x86

19:21:46.0718 1748 Number of processors: 1

19:21:46.0718 1748 Page size: 0x1000

19:21:46.0718 1748 Boot type: Normal boot

19:21:46.0718 1748 ============================================================

19:21:49.0062 1748 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

19:21:49.0062 1748 \Device\Harddisk0\DR0:

19:21:49.0062 1748 MBR used

19:21:49.0062 1748 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1160E866

19:21:49.0062 1748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11612766, BlocksNum 0x140249A

19:21:49.0125 1748 Initialize success

19:21:49.0125 1748 ============================================================

19:22:11.0640 1220 ============================================================

19:22:11.0640 1220 Scan started

19:22:11.0640 1220 Mode: Manual; SigCheck; TDLFS;

19:22:11.0640 1220 ============================================================

19:22:11.0781 1220 3dkeybd - ok

19:22:11.0796 1220 a016obex - ok

19:22:11.0875 1220 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys

19:22:12.0125 1220 Aavmker4 - ok

19:22:12.0156 1220 Abiosdsk - ok

19:22:12.0171 1220 abp480n5 - ok

19:22:12.0218 1220 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

19:22:13.0781 1220 ac97intc - ok

19:22:13.0984 1220 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:22:14.0609 1220 ACPI - ok

19:22:14.0640 1220 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

19:22:14.0781 1220 ACPIEC - ok

19:22:14.0781 1220 AdobeActiveFileMonitor6.0 - ok

19:22:14.0796 1220 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

19:22:15.0015 1220 adpu160m - ok

19:22:15.0031 1220 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys

19:22:15.0046 1220 adpu320 ( UnsignedFile.Multi.Generic ) - warning

19:22:15.0046 1220 adpu320 - detected UnsignedFile.Multi.Generic (1)

19:22:15.0078 1220 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

19:22:15.0234 1220 aec - ok

19:22:15.0265 1220 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

19:22:15.0359 1220 AFD - ok

19:22:15.0359 1220 Aha154x - ok

19:22:15.0406 1220 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

19:22:15.0562 1220 aic78u2 - ok

19:22:15.0578 1220 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

19:22:15.0718 1220 aic78xx - ok

19:22:15.0750 1220 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

19:22:15.0890 1220 Alerter - ok

19:22:15.0921 1220 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

19:22:15.0984 1220 ALG - ok

19:22:16.0000 1220 AliIde - ok

19:22:16.0015 1220 amdagp - ok

19:22:16.0031 1220 AmeLanPc - ok

19:22:16.0031 1220 amsint - ok

19:22:16.0046 1220 ANC - ok

19:22:16.0062 1220 APLMp50 - ok

19:22:16.0093 1220 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

19:22:16.0171 1220 AppMgmt - ok

19:22:16.0187 1220 arkbcfltr - ok

19:22:16.0187 1220 asapiw2k - ok

19:22:16.0203 1220 asc - ok

19:22:16.0218 1220 asc3350p - ok

19:22:16.0218 1220 asc3550 - ok

19:22:16.0234 1220 ASLDRService - ok

19:22:16.0234 1220 ASNDIS5 - ok

19:22:16.0343 1220 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

19:22:16.0375 1220 aspnet_state - ok

19:22:16.0406 1220 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys

19:22:16.0421 1220 aswFsBlk - ok

19:22:16.0453 1220 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys

19:22:16.0468 1220 aswMon2 - ok

19:22:16.0484 1220 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys

19:22:16.0500 1220 AswRdr - ok

19:22:16.0531 1220 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys

19:22:16.0578 1220 aswSnx - ok

19:22:16.0593 1220 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys

19:22:16.0640 1220 aswSP - ok

19:22:16.0656 1220 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys

19:22:16.0671 1220 aswTdi - ok

19:22:16.0687 1220 aswupdsv - ok

19:22:16.0718 1220 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:22:16.0859 1220 AsyncMac - ok

19:22:16.0906 1220 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

19:22:17.0125 1220 atapi - ok

19:22:17.0140 1220 Atdisk - ok

19:22:17.0156 1220 athr - ok

19:22:17.0171 1220 atksgt - ok

19:22:17.0187 1220 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:22:17.0343 1220 Atmarpc - ok

19:22:17.0359 1220 ATMsrvc - ok

19:22:17.0406 1220 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

19:22:17.0562 1220 AudioSrv - ok

19:22:17.0625 1220 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

19:22:17.0781 1220 audstub - ok

19:22:17.0890 1220 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

19:22:17.0890 1220 avast! Antivirus - ok

19:22:17.0906 1220 awhost32 - ok

19:22:17.0921 1220 AYDrvNT_ALYAC - ok

19:22:17.0921 1220 backupexecnamingservice - ok

19:22:17.0937 1220 backupexecnotificationserver - ok

19:22:17.0953 1220 bc_ip_f - ok

19:22:17.0984 1220 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

19:22:18.0140 1220 Beep - ok

19:22:18.0187 1220 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

19:22:18.0390 1220 BITS - ok

19:22:18.0406 1220 bltrust - ok

19:22:18.0453 1220 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

19:22:18.0593 1220 Browser - ok

19:22:18.0609 1220 bthusb - ok

19:22:18.0625 1220 btwrchid - ok

19:22:18.0625 1220 bwsvc - ok

19:22:18.0640 1220 cachemanxp - ok

19:22:18.0765 1220 catchme - ok

19:22:18.0828 1220 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

19:22:18.0968 1220 cbidf2k - ok

19:22:18.0984 1220 cd20xrnt - ok

19:22:19.0000 1220 CdaD10BA - ok

19:22:19.0015 1220 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

19:22:19.0156 1220 Cdaudio - ok

19:22:19.0203 1220 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

19:22:19.0343 1220 Cdfs - ok

19:22:19.0375 1220 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:22:19.0531 1220 Cdrom - ok

19:22:19.0546 1220 Changer - ok

19:22:19.0562 1220 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

19:22:19.0718 1220 CiSvc - ok

19:22:19.0734 1220 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

19:22:19.0890 1220 ClipSrv - ok

19:22:19.0968 1220 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:22:20.0031 1220 clr_optimization_v2.0.50727_32 - ok

19:22:20.0031 1220 CmdIde - ok

19:22:20.0046 1220 comhost - ok

19:22:20.0062 1220 COMSysApp - ok

19:22:20.0078 1220 Cpqarray - ok

19:22:20.0078 1220 cpqvcagent - ok

19:22:20.0093 1220 cqmghost - ok

19:22:20.0140 1220 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

19:22:20.0296 1220 CryptSvc - ok

19:22:20.0312 1220 CVirtA - ok

19:22:20.0328 1220 CXTUNE - ok

19:22:20.0359 1220 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys

19:22:20.0390 1220 d347bus ( UnsignedFile.Multi.Generic ) - warning

19:22:20.0390 1220 d347bus - detected UnsignedFile.Multi.Generic (1)

19:22:20.0406 1220 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys

19:22:20.0421 1220 d347prt ( UnsignedFile.Multi.Generic ) - warning

19:22:20.0421 1220 d347prt - detected UnsignedFile.Multi.Generic (1)

19:22:20.0421 1220 dac2w2k - ok

19:22:20.0437 1220 dac960nt - ok

19:22:20.0484 1220 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

19:22:20.0546 1220 DcomLaunch - ok

19:22:20.0562 1220 DELL_A02 - ok

19:22:20.0578 1220 DeviceScanner - ok

19:22:20.0640 1220 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

19:22:21.0031 1220 Dhcp - ok

19:22:21.0046 1220 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

19:22:21.0187 1220 Disk - ok

19:22:21.0234 1220 DkLogger (dfce12cf6420cc54ad5c5a4d3b115a6c) C:\WINDOWS\System32\DkLog.exe

19:22:21.0234 1220 DkLogger ( UnsignedFile.Multi.Generic ) - warning

19:22:21.0234 1220 DkLogger - detected UnsignedFile.Multi.Generic (1)

19:22:21.0312 1220 DkTknSrv (94d990c5cc9745b8af676bf5da088670) C:\WINDOWS\System32\dkcktkn.exe

19:22:21.0343 1220 DkTknSrv ( UnsignedFile.Multi.Generic ) - warning

19:22:21.0343 1220 DkTknSrv - detected UnsignedFile.Multi.Generic (1)

19:22:21.0359 1220 DLARTL_M - ok

19:22:21.0375 1220 dmadmin - ok

19:22:21.0406 1220 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

19:22:21.0609 1220 dmboot - ok

19:22:21.0656 1220 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

19:22:21.0812 1220 dmio - ok

19:22:21.0843 1220 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

19:22:22.0000 1220 dmload - ok

19:22:22.0046 1220 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

19:22:22.0203 1220 dmserver - ok

19:22:22.0250 1220 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

19:22:22.0406 1220 DMusic - ok

19:22:22.0562 1220 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

19:22:23.0031 1220 Dnscache - ok

19:22:23.0250 1220 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

19:22:23.0484 1220 Dot3svc - ok

19:22:23.0718 1220 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

19:22:23.0953 1220 Dot4 - ok

19:22:24.0078 1220 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

19:22:24.0234 1220 Dot4Print - ok

19:22:24.0234 1220 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

19:22:24.0406 1220 dot4usb - ok

19:22:24.0421 1220 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

19:22:24.0578 1220 dpti2o - ok

19:22:24.0625 1220 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

19:22:24.0781 1220 drmkaud - ok

19:22:24.0796 1220 e1000 - ok

19:22:24.0828 1220 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys

19:22:24.0859 1220 E100B - ok

19:22:24.0906 1220 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

19:22:25.0062 1220 EapHost - ok

19:22:25.0078 1220 epson_pm_rpcv4_01 - ok

19:22:25.0109 1220 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

19:22:25.0265 1220 ERSvc - ok

19:22:25.0312 1220 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

19:22:25.0359 1220 Eventlog - ok

19:22:25.0406 1220 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

19:22:25.0500 1220 EventSystem - ok

19:22:25.0562 1220 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

19:22:25.0734 1220 Fastfat - ok

19:22:25.0796 1220 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

19:22:25.0859 1220 FastUserSwitchingCompatibility - ok

19:22:25.0890 1220 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

19:22:26.0062 1220 Fdc - ok

19:22:26.0062 1220 FETNDIS - ok

19:22:26.0093 1220 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

19:22:26.0250 1220 Fips - ok

19:22:26.0281 1220 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

19:22:26.0421 1220 Flpydisk - ok

19:22:26.0484 1220 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

19:22:26.0640 1220 FltMgr - ok

19:22:26.0734 1220 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

19:22:26.0750 1220 FontCache3.0.0.0 - ok

19:22:26.0781 1220 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:22:26.0937 1220 Fs_Rec - ok

19:22:27.0015 1220 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:22:27.0203 1220 Ftdisk - ok

19:22:27.0234 1220 ftrtsvc - ok

19:22:27.0250 1220 gearaspiwdm - ok

19:22:27.0390 1220 GoToAssist - ok

19:22:27.0437 1220 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:22:27.0593 1220 Gpc - ok

19:22:27.0687 1220 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

19:22:27.0703 1220 gupdate - ok

19:22:27.0703 1220 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

19:22:27.0718 1220 gupdatem - ok

19:22:27.0734 1220 GV600_4 - ok

19:22:27.0750 1220 hclinetd - ok

19:22:27.0750 1220 hcwPP2 - ok

19:22:27.0796 1220 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

19:22:27.0968 1220 HDAudBus - ok

19:22:28.0046 1220 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

19:22:28.0218 1220 helpsvc - ok

19:22:28.0234 1220 HidServ - ok

19:22:28.0265 1220 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

19:22:28.0421 1220 HidUsb - ok

19:22:28.0468 1220 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

19:22:28.0687 1220 hkmsvc - ok

19:22:28.0687 1220 hmonitor - ok

19:22:28.0703 1220 hpn - ok

19:22:28.0718 1220 hpzius12 - ok

19:22:28.0734 1220 hsxhwazl - ok

19:22:28.0796 1220 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

19:22:28.0843 1220 HTTP - ok

19:22:28.0875 1220 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

19:22:29.0140 1220 HTTPFilter - ok

19:22:29.0187 1220 hwdatacard - ok

19:22:29.0328 1220 i2omgmt - ok

19:22:29.0421 1220 i2omp - ok

19:22:29.0578 1220 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

19:22:29.0859 1220 i8042prt - ok

19:22:30.0265 1220 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

19:22:30.0453 1220 i81x - ok

19:22:30.0484 1220 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

19:22:30.0687 1220 iAimFP0 - ok

19:22:30.0718 1220 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

19:22:30.0875 1220 iAimFP1 - ok

19:22:30.0906 1220 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

19:22:31.0218 1220 iAimFP2 - ok

19:22:31.0343 1220 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

19:22:31.0671 1220 iAimFP3 - ok

19:22:31.0703 1220 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

19:22:32.0484 1220 iAimFP4 - ok

19:22:32.0593 1220 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys

19:22:32.0906 1220 iAimFP5 - ok

19:22:32.0937 1220 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys

19:22:33.0140 1220 iAimFP6 - ok

19:22:33.0171 1220 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys

19:22:33.0390 1220 iAimFP7 - ok

19:22:33.0406 1220 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

19:22:33.0562 1220 iAimTV0 - ok

19:22:33.0578 1220 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

19:22:33.0718 1220 iAimTV1 - ok

19:22:33.0734 1220 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

19:22:33.0875 1220 iAimTV3 - ok

19:22:33.0890 1220 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

19:22:34.0031 1220 iAimTV4 - ok

19:22:34.0062 1220 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys

19:22:34.0218 1220 iAimTV5 - ok

19:22:34.0218 1220 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys

19:22:34.0375 1220 iAimTV6 - ok

19:22:34.0453 1220 ialm (85d42b7f0dd406adf5e3ec7659a279ec) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

19:22:34.0546 1220 ialm - ok

19:22:34.0546 1220 ICAM3NT5 - ok

19:22:34.0640 1220 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

19:22:34.0703 1220 idsvc - ok

19:22:34.0703 1220 ikhlayer - ok

19:22:34.0781 1220 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

19:22:34.0937 1220 Imapi - ok

19:22:34.0984 1220 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

19:22:35.0140 1220 ImapiService - ok

19:22:35.0156 1220 ini910u - ok

19:22:35.0171 1220 ino_fltr - ok

19:22:35.0328 1220 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys

19:22:35.0562 1220 IntcAzAudAddService - ok

19:22:35.0750 1220 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

19:22:35.0875 1220 IntelIde - ok

19:22:35.0921 1220 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

19:22:36.0078 1220 intelppm - ok

19:22:36.0078 1220 iolo_srv - ok

19:22:36.0109 1220 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

19:22:36.0265 1220 Ip6Fw - ok

19:22:36.0296 1220 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:22:36.0453 1220 IpFilterDriver - ok

19:22:36.0484 1220 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:22:36.0625 1220 IpInIp - ok

19:22:36.0656 1220 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:22:36.0812 1220 IpNat - ok

19:22:36.0843 1220 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

19:22:36.0984 1220 IPSec - ok

19:22:37.0015 1220 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

19:22:37.0093 1220 IRENUM - ok

19:22:37.0125 1220 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:22:37.0281 1220 isapnp - ok

19:22:37.0375 1220 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

19:22:37.0390 1220 IviRegMgr - ok

19:22:37.0406 1220 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:22:37.0562 1220 Kbdclass - ok

19:22:37.0593 1220 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

19:22:37.0734 1220 kmixer - ok

19:22:37.0781 1220 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

19:22:37.0859 1220 KSecDD - ok

19:22:37.0890 1220 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

19:22:37.0953 1220 lanmanserver - ok

19:22:38.0640 1220 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

19:22:38.0718 1220 lanmanworkstation - ok

19:22:38.0734 1220 lbrtfdc - ok

19:22:38.0812 1220 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

19:22:38.0984 1220 LmHosts - ok

19:22:39.0000 1220 LoopBeMidi1 - ok

19:22:39.0000 1220 LRMINIPORT - ok

19:22:39.0015 1220 LVBulk - ok

19:22:39.0031 1220 lvselsus - ok

19:22:39.0046 1220 lxcf_device - ok

19:22:39.0062 1220 lxct_device - ok

19:22:39.0078 1220 macformatservice - ok

19:22:39.0078 1220 ma_cmidi_installerservice - ok

19:22:39.0125 1220 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

19:22:39.0140 1220 MBAMProtector - ok

19:22:39.0312 1220 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

19:22:39.0390 1220 MBAMService - ok

19:22:39.0421 1220 mcafeeantispyware - ok

19:22:39.0437 1220 megamonitorsrv - ok

19:22:39.0468 1220 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

19:22:39.0640 1220 Messenger - ok

19:22:39.0656 1220 mfeapfk - ok

19:22:39.0765 1220 MFE_RR - ok

19:22:39.0781 1220 mgisvr - ok

19:22:39.0843 1220 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

19:22:40.0000 1220 mnmdd - ok

19:22:40.0046 1220 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

19:22:40.0187 1220 mnmsrvc - ok

19:22:40.0218 1220 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

19:22:40.0375 1220 Modem - ok

19:22:40.0406 1220 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:22:40.0562 1220 Mouclass - ok

19:22:40.0593 1220 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

19:22:40.0750 1220 mouhid - ok

19:22:40.0796 1220 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

19:22:40.0937 1220 MountMgr - ok

19:22:40.0953 1220 mraid35x - ok

19:22:40.0968 1220 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:22:41.0125 1220 MRxDAV - ok

19:22:41.0187 1220 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

19:22:41.0234 1220 MRxSmb - ok

19:22:41.0250 1220 MS1000 - ok

19:22:41.0296 1220 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

19:22:41.0437 1220 MSDTC - ok

19:22:41.0453 1220 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

19:22:41.0609 1220 Msfs - ok

19:22:41.0625 1220 MSIServer - ok

19:22:41.0640 1220 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:22:41.0812 1220 MSKSSRV - ok

19:22:41.0843 1220 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:22:42.0015 1220 MSPCLOCK - ok

19:22:42.0046 1220 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

19:22:42.0203 1220 MSPQM - ok

19:22:42.0250 1220 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:22:42.0406 1220 mssmbios - ok

19:22:42.0437 1220 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

19:22:42.0484 1220 Mup - ok

19:22:42.0546 1220 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

19:22:42.0718 1220 napagent - ok

19:22:42.0718 1220 navapsvc - ok

19:22:42.0765 1220 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

19:22:42.0906 1220 NDIS - ok

19:22:42.0953 1220 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:22:43.0015 1220 NdisTapi - ok

19:22:43.0031 1220 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:22:43.0187 1220 Ndisuio - ok

19:22:43.0218 1220 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:22:43.0359 1220 NdisWan - ok

19:22:43.0421 1220 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

19:22:43.0484 1220 NDProxy - ok

19:22:43.0500 1220 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

19:22:43.0640 1220 NetBIOS - ok

19:22:43.0687 1220 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\drivers\netbt.sys

19:22:43.0828 1220 NetBT - ok

19:22:43.0843 1220 netcfgsvr - ok

19:22:43.0890 1220 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

19:22:44.0031 1220 NetDDE - ok

19:22:44.0031 1220 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

19:22:44.0187 1220 NetDDEdsdm - ok

19:22:44.0218 1220 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

19:22:44.0359 1220 Netlogon - ok

19:22:44.0515 1220 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

19:22:44.0687 1220 Netman - ok

19:22:44.0796 1220 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:22:44.0812 1220 NetTcpPortSharing - ok

19:22:44.0828 1220 nhcDriverDevice - ok

19:22:44.0843 1220 niorbk - ok

19:22:44.0906 1220 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

19:22:45.0062 1220 Nla - ok

19:22:45.0078 1220 nmservice - ok

19:22:45.0156 1220 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

19:22:45.0375 1220 Npfs - ok

19:22:45.0390 1220 Nsynas32 - ok

19:22:45.0453 1220 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

19:22:45.0625 1220 Ntfs - ok

19:22:45.0671 1220 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

19:22:45.0843 1220 NtLmSsp - ok

19:22:45.0890 1220 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

19:22:46.0046 1220 NtmsSvc - ok

19:22:46.0093 1220 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

19:22:46.0250 1220 Null - ok

19:22:46.0250 1220 nvenetfd - ok

19:22:46.0265 1220 nvrd64 - ok

19:22:46.0281 1220 nvsvc - ok

19:22:46.0312 1220 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:22:46.0453 1220 NwlnkFlt - ok

19:22:46.0468 1220 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:22:46.0609 1220 NwlnkFwd - ok

19:22:46.0625 1220 ofcservice - ok

19:22:46.0640 1220 OracleOraHome92ClientCache - ok

19:22:46.0656 1220 oracleorahome92tnslistener - ok

19:22:46.0750 1220 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:22:46.0765 1220 ose - ok

19:22:46.0765 1220 ownershipprotocol - ok

19:22:46.0781 1220 p2pgasvc - ok

19:22:46.0796 1220 p2psvc - ok

19:22:46.0859 1220 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

19:22:47.0015 1220 P3 - ok

19:22:47.0093 1220 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

19:22:47.0359 1220 Parport - ok

19:22:47.0390 1220 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

19:22:47.0609 1220 PartMgr - ok

19:22:47.0640 1220 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

19:22:47.0796 1220 ParVdm - ok

19:22:47.0828 1220 passthru - ok

19:22:47.0921 1220 PCA (2a42ddaeaae7743c55a3fa68a7ad9538) C:\WINDOWS\SMINST\PCAngel.exe

19:22:47.0937 1220 PCA ( UnsignedFile.Multi.Generic ) - warning

19:22:47.0937 1220 PCA - detected UnsignedFile.Multi.Generic (1)

19:22:47.0968 1220 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

19:22:48.0109 1220 PCI - ok

19:22:48.0125 1220 PCIDump - ok

19:22:48.0156 1220 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

19:22:48.0296 1220 PCIIde - ok

19:22:48.0328 1220 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

19:22:48.0468 1220 Pcmcia - ok

19:22:48.0484 1220 pcx1nd5 - ok

19:22:48.0484 1220 PDCOMP - ok

19:22:48.0500 1220 PDExchange - ok

19:22:48.0593 1220 pdfcDispatcher - ok

19:22:48.0609 1220 PDFRAME - ok

19:22:48.0625 1220 pdlndoem - ok

19:22:48.0640 1220 PDRELI - ok

19:22:48.0640 1220 PDRFRAME - ok

19:22:48.0656 1220 perc2 - ok

19:22:48.0671 1220 perc2hib - ok

19:22:48.0703 1220 personalsecuredriveservice - ok

19:22:48.0718 1220 pfmodnt - ok

19:22:48.0765 1220 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

19:22:48.0875 1220 PlugPlay - ok

19:22:48.0890 1220 pmem - ok

19:22:48.0906 1220 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

19:22:49.0109 1220 PolicyAgent - ok

19:22:49.0109 1220 ppmoucls - ok

19:22:49.0140 1220 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:22:49.0296 1220 PptpMiniport - ok

19:22:49.0312 1220 prismxl - ok

19:22:49.0312 1220 prosync1 - ok

19:22:49.0328 1220 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

19:22:49.0593 1220 ProtectedStorage - ok

19:22:49.0609 1220 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

19:22:49.0750 1220 PSched - ok

19:22:49.0750 1220 PSI_SVC_2 - ok

19:22:49.0796 1220 PTDCBus - ok

19:22:49.0828 1220 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:22:49.0984 1220 Ptilink - ok

19:22:50.0000 1220 pvservice - ok

19:22:50.0000 1220 qcmerced - ok

19:22:50.0015 1220 ql1080 - ok

19:22:50.0031 1220 Ql10wnt - ok

19:22:50.0046 1220 ql12160 - ok

19:22:50.0062 1220 ql1240 - ok

19:22:50.0078 1220 ql1280 - ok

19:22:50.0078 1220 radclock - ok

19:22:50.0109 1220 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:22:50.0265 1220 RasAcd - ok

19:22:50.0296 1220 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

19:22:50.0500 1220 RasAuto - ok

19:22:50.0531 1220 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:22:50.0718 1220 Rasl2tp - ok

19:22:50.0781 1220 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

19:22:50.0921 1220 RasMan - ok

19:22:50.0937 1220 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:22:51.0109 1220 RasPppoe - ok

19:22:51.0156 1220 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

19:22:51.0281 1220 Raspti - ok

19:22:51.0312 1220 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:22:51.0453 1220 Rdbss - ok

19:22:51.0484 1220 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:22:51.0625 1220 RDPCDD - ok

19:22:51.0640 1220 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

19:22:51.0796 1220 rdpdr - ok

19:22:51.0828 1220 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

19:22:51.0875 1220 RDPWD - ok

19:22:51.0906 1220 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

19:22:52.0062 1220 RDSessMgr - ok

19:22:52.0109 1220 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

19:22:52.0250 1220 RemoteAccess - ok

19:22:52.0296 1220 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

19:22:52.0468 1220 RemoteRegistry - ok

19:22:52.0515 1220 riomsc - ok

19:22:52.0531 1220 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

19:22:52.0781 1220 RpcLocator - ok

19:22:52.0843 1220 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

19:22:52.0984 1220 RpcSs - ok

19:22:53.0015 1220 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

19:22:53.0171 1220 RSVP - ok

19:22:53.0187 1220 s716mdfl - ok

19:22:53.0234 1220 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

19:22:53.0375 1220 SamSs - ok

19:22:53.0390 1220 savrtpel - ok

19:22:53.0390 1220 scarddrv - ok

19:22:53.0437 1220 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

19:22:53.0625 1220 SCardSvr - ok

19:22:53.0671 1220 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

19:22:53.0843 1220 Schedule - ok

19:22:53.0890 1220 SCR33x USB Smart Card Reader - ok

19:22:53.0937 1220 SCR3xx USB Smart Card Reader (a2b0f1ad2919b13c7eb0fc743492bfd1) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys

19:22:54.0000 1220 SCR3xx USB Smart Card Reader - ok

19:22:54.0000 1220 SE2Cbus - ok

19:22:54.0046 1220 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:22:54.0109 1220 Secdrv - ok

19:22:54.0140 1220 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

19:22:54.0296 1220 seclogon - ok

19:22:54.0312 1220 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

19:22:54.0468 1220 SENS - ok

19:22:54.0515 1220 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

19:22:54.0656 1220 serenum - ok

19:22:54.0718 1220 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

19:22:55.0015 1220 Sfloppy - ok

19:22:55.0062 1220 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

19:22:55.0234 1220 SharedAccess - ok

19:22:55.0281 1220 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

19:22:55.0312 1220 ShellHWDetection - ok

19:22:55.0328 1220 ShockMgr - ok

19:22:55.0328 1220 Simbad - ok

19:22:55.0343 1220 sit_prt - ok

19:22:55.0359 1220 slabbus - ok

19:22:55.0375 1220 smartscaps - ok

19:22:55.0375 1220 SMCB000 - ok

19:22:55.0390 1220 smcirda - ok

19:22:55.0406 1220 smrt - ok

19:22:55.0421 1220 sony_ssm.sys - ok

19:22:55.0421 1220 Sparrow - ok

19:22:55.0437 1220 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

19:22:55.0578 1220 splitter - ok

19:22:55.0640 1220 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

19:22:55.0671 1220 Spooler - ok

19:22:55.0781 1220 SQLWriter (9263c8898732e2b890f7e954e7729ab7) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

19:22:55.0796 1220 SQLWriter - ok

19:22:55.0828 1220 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

19:22:55.0890 1220 sr - ok

19:22:55.0953 1220 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

19:22:56.0046 1220 srservice - ok

19:22:56.0093 1220 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

19:22:56.0156 1220 Srv - ok

19:22:56.0187 1220 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

19:22:56.0250 1220 SSDPSRV - ok

19:22:56.0296 1220 STC2DFU (594898b175b8b7d2897a71227d4bbda1) C:\WINDOWS\system32\DRIVERS\Stc2Dfu.SYS

19:22:56.0343 1220 STC2DFU - ok

19:22:56.0359 1220 sthda - ok

19:22:56.0406 1220 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

19:22:56.0578 1220 stisvc - ok

19:22:56.0593 1220 stllssvr - ok

19:22:56.0609 1220 stylexphelper - ok

19:22:56.0625 1220 surveyor - ok

19:22:56.0656 1220 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

19:22:56.0812 1220 swenum - ok

19:22:56.0843 1220 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

19:22:57.0000 1220 swmidi - ok

19:22:57.0015 1220 SwPrv - ok

19:22:57.0078 1220 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

19:22:57.0234 1220 symc810 - ok

19:22:57.0250 1220 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

19:22:57.0406 1220 symc8xx - ok

19:22:57.0421 1220 SymIM - ok

19:22:57.0484 1220 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys

19:22:57.0484 1220 Symmpi ( UnsignedFile.Multi.Generic ) - warning

19:22:57.0484 1220 Symmpi - detected UnsignedFile.Multi.Generic (1)

19:22:57.0500 1220 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

19:22:57.0718 1220 sym_hi - ok

19:22:57.0734 1220 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

19:22:57.0875 1220 sym_u3 - ok

19:22:57.0906 1220 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

19:22:58.0046 1220 sysaudio - ok

19:22:58.0062 1220 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

19:22:58.0218 1220 SysmonLog - ok

19:22:58.0218 1220 tabletservice - ok

19:22:58.0250 1220 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

19:22:58.0406 1220 TapiSrv - ok

19:22:58.0421 1220 tavsvc - ok

19:22:58.0453 1220 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:22:58.0484 1220 Tcpip - ok

19:22:58.0515 1220 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

19:22:58.0640 1220 TDPIPE - ok

19:22:58.0656 1220 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

19:22:58.0812 1220 TDTCP - ok

19:22:58.0828 1220 teefer2 - ok

19:22:58.0859 1220 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

19:22:59.0015 1220 TermDD - ok

19:22:59.0078 1220 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

19:22:59.0234 1220 TermService - ok

19:22:59.0281 1220 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

19:22:59.0312 1220 Themes - ok

19:22:59.0312 1220 tifm21 - ok

19:22:59.0375 1220 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

19:22:59.0500 1220 TlntSvr - ok

19:22:59.0500 1220 tmactmon - ok

19:22:59.0515 1220 toddsrv - ok

19:22:59.0531 1220 tomcatcws3 - ok

19:22:59.0546 1220 TosIde - ok

19:22:59.0546 1220 TPECioCtl - ok

19:22:59.0562 1220 tpsrv - ok

19:22:59.0593 1220 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

19:22:59.0781 1220 TrkWks - ok

19:22:59.0796 1220 TVALG - ok

19:22:59.0812 1220 tvalz - ok

19:22:59.0859 1220 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

19:23:00.0078 1220 Udfs - ok

19:23:00.0093 1220 ultra - ok

19:23:00.0125 1220 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

19:23:00.0281 1220 upnphost - ok

19:23:00.0296 1220 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

19:23:00.0437 1220 UPS - ok

19:23:00.0468 1220 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:23:00.0625 1220 usbccgp - ok

19:23:00.0671 1220 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:23:00.0812 1220 usbehci - ok

19:23:00.0828 1220 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:23:00.0984 1220 usbhub - ok

19:23:01.0015 1220 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

19:23:01.0156 1220 usbscan - ok

19:23:01.0187 1220 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:23:01.0328 1220 USBSTOR - ok

19:23:01.0359 1220 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

19:23:01.0500 1220 usbuhci - ok

19:23:01.0515 1220 vet-filt - ok

19:23:01.0531 1220 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

19:23:01.0687 1220 VgaSave - ok

19:23:01.0703 1220 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

19:23:01.0859 1220 ViaIde - ok

19:23:01.0875 1220 vmparport - ok

19:23:01.0906 1220 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

19:23:02.0078 1220 VolSnap - ok

19:23:02.0093 1220 vpcnets2 - ok

19:23:02.0109 1220 VrAcFil - ok

19:23:02.0125 1220 vsmon - ok

19:23:02.0171 1220 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

19:23:02.0250 1220 VSS - ok

19:23:02.0250 1220 vvoice - ok

19:23:02.0265 1220 vwkernel - ok

19:23:02.0281 1220 VX3000 - ok

19:23:02.0296 1220 vxsvc - ok

19:23:02.0328 1220 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

19:23:02.0468 1220 W32Time - ok

19:23:02.0484 1220 W8100PCI - ok

19:23:02.0500 1220 w810mdm - ok

19:23:02.0515 1220 w810obex - ok

19:23:02.0531 1220 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:23:02.0656 1220 Wanarp - ok

19:23:02.0671 1220 Wdf01000 - ok

19:23:02.0687 1220 WDICA - ok

19:23:02.0703 1220 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

19:23:02.0843 1220 wdmaud - ok

19:23:02.0875 1220 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

19:23:03.0031 1220 WebClient - ok

19:23:03.0062 1220 wencrservice - ok

19:23:03.0062 1220 wg3n - ok

19:23:03.0125 1220 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

19:23:03.0265 1220 winmgmt - ok

19:23:03.0296 1220 WINUSB - ok

19:23:03.0296 1220 winvnc4 - ok

19:23:03.0312 1220 wltrysvc - ok

19:23:03.0359 1220 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll

19:23:03.0500 1220 WmdmPmSN - ok

19:23:03.0578 1220 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

19:23:03.0640 1220 Wmi - ok

19:23:03.0671 1220 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

19:23:03.0812 1220 WmiApSrv - ok

19:23:03.0890 1220 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

19:23:04.0031 1220 WS2IFSL - ok

19:23:04.0046 1220 WscNetDr - ok

19:23:04.0093 1220 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

19:23:04.0234 1220 wscsvc - ok

19:23:04.0265 1220 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

19:23:04.0437 1220 wuauserv - ok

19:23:04.0453 1220 wwnetdde - ok

19:23:04.0515 1220 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

19:23:04.0687 1220 WZCSVC - ok

19:23:04.0703 1220 xfactorae1 - ok

19:23:04.0734 1220 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

19:23:04.0890 1220 xmlprov - ok

19:23:04.0906 1220 XUIF - ok

19:23:04.0921 1220 zpnodecollector - ok

19:23:04.0937 1220 {834170a7-af3b-4d34-a757-e05eb29ee96d} - ok

19:23:04.0937 1220 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok

19:23:04.0953 1220 MBR (0x1B8) (0c808e7238c810543120b2dc771ed1ba) \Device\Harddisk0\DR0

19:23:05.0203 1220 \Device\Harddisk0\DR0 - ok

19:23:05.0218 1220 Boot (0x1200) (b592005a6acea05ce3192ccd058969c4) \Device\Harddisk0\DR0\Partition0

19:23:05.0218 1220 \Device\Harddisk0\DR0\Partition0 - ok

19:23:05.0218 1220 Boot (0x1200) (f1723416ca25f57dd9d95bca902cbfb2) \Device\Harddisk0\DR0\Partition1

19:23:05.0218 1220 \Device\Harddisk0\DR0\Partition1 - ok

19:23:05.0218 1220 ============================================================

19:23:05.0218 1220 Scan finished

19:23:05.0218 1220 ============================================================

19:23:05.0343 3048 Detected object count: 7

19:23:05.0343 3048 Actual detected object count: 7

19:26:46.0656 3048 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 d347bus ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 d347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 d347prt ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 d347prt ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 DkLogger ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 DkLogger ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 DkTknSrv ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 DkTknSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 PCA ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 PCA ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:26:46.0656 3048 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user

19:26:46.0656 3048 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:27:42.0546 0536 Deinitialize success

СТЪПКА 3

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-07 19:33:48

-----------------------------

19:33:48.296 OS Version: Windows 5.1.2600 Service Pack 3

19:33:48.296 Number of processors: 1 586 0x1601

19:33:48.296 ComputerName: PLAMENKARAINOVA UserName: Plamenka

19:33:52.406 Initialize success

19:33:55.531 AVAST engine defs: 12040700

19:35:19.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

19:35:19.843 Disk 0 Vendor: SAMSUNG_HD161HJ JF100-20 Size: 152627MB BusType: 3

19:35:19.859 Disk 0 MBR read successfully

19:35:19.875 Disk 0 MBR scan

19:35:19.875 Disk 0 unknown MBR code

19:35:19.875 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 142365 MB offset 63

19:35:19.906 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10244 MB offset 291579750

19:35:19.921 Disk 0 scanning sectors +312560640

19:35:19.968 Disk 0 scanning C:\WINDOWS\system32\drivers

19:35:32.953 Service scanning

19:35:45.953 Modules scanning

19:35:51.953 Disk 0 trace - called modules:

19:35:51.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

19:35:51.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d7d998]

19:35:51.968 3 CLASSPNP.SYS[f85f4fd7] -> nt!IofCallDriver -> \Device\0000005f[0x82d7ef18]

19:35:51.968 5 ACPI.sys[f8465620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82d8b3a0]

19:35:52.218 AVAST engine scan C:\

19:46:05.484 File: C:\old\Program Files\Symantec_Client_Security\Symantec AntiVirus\qsinfo.dll **INFECTED** Win32:MalOb-HG [Cryp]

21:38:48.718 Scan finished successfully

09:47:54.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Plamenka\Desktop\OTL\MBR.dat"

09:47:54.750 The log file has been saved successfully to "C:\Documents and Settings\Plamenka\Desktop\OTL\aswMBR.txt"

СТЪПКА 4

Farbar Service Scanner Version: 01-03-2012

Ran by Plamenka (administrator) on 08-04-2012 at 09:49:56

Running from "C:\Documents and Settings\Plamenka\Desktop"

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

aswTdi(8) Gpc(6) IPSec(4) NetBT(9) PSched(7) Tcpip(3)

0x09000000040000000100000002000000030000000800000056000000050000000600000007000000

IpSec Tag value is correct.

**** End of log ****

OTL.Txt

Extras.Txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

здравейте,

ТОВА НОРМАЛНО ЛИ Е ???

След стартиране на OTL, Copy/ Paste и Run Fix

в статус бара на OTL изписва "Killing processes. DO NOT INTERRUPT......" и компютъра е зависнал вече повевче от час и половина /имах отворе Task Manager -от час и половина неактивен , часовника е умрял / ТОВА НОРМАЛНО ЛИ Е???

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ок, спрете инструмента и рестартирайте компютъра (може и през Task Manager-a) Рестартирайте в Safe Mode и пробвайте оттам. Спрете всички програми преди да го изпълните. В друга тема се получи същото, защото скрипта е доста дълъг. Пишете за резултатите.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не мога да изпратя лог-а. Може би е прекалено голям. Прикачвам го04102012_081747.zip Ето и MBR.DATMBR.zip

Редактирано от B-boy[StyLe]
Латиница ! (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

До тук добре.

Финални проверки...

Направете нова проверка, както е описано в този пост, стъпка 1

Прикачете лог файловете ако са много големи.

И второ:

Изтеглете GrantPerms.zip и го разархивирайте в папка по избор. Стартирайте GrantPerms.exe и въведете следната информация:

c:\windows\$NtUninstallKB3255$
C:\WINDOWS\$NtUninstallKB938828$

Натиснете Unlock и след това List Permissions. Публикувайте лог файла в следващия си пост.

Следвайте следната инструкция за работа със SystemLook:

Изтеглете SystemLook и запазете програмата на десктопа.

  • Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
  • Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:

    :dir
    c:\windows\$NtUninstallKB3255$ /s
    C:\WINDOWS\$NtUninstallKB938828$ /s
  • Кликнете на бутона Look, за да започне сканирането.
  • Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Лог фаила от OTL - OTL.zip

GrantPerms by Farbar

Ran by Plamenka (administrator) at 2012-04-10 14:57:08

===============================================

ERROR: Parsing the SD of <\\?\c:\windows\$NtUninstallKB3255$ > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.

\\?\C:\WINDOWS\$NtUninstallKB938828$

Owner: BUILTIN\Administrators

DACL(NP)(AI):

BUILTIN\Administrators FULL ALLOW (CI)(OI)

NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)

BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)

BUILTIN\Users READ/EXECUTE ALLOW (I)

BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(IO)(I)

BUILTIN\Power Users change ALLOW (I)

BUILTIN\Power Users change ALLOW (CI)(OI)(IO)(I)

BUILTIN\Administrators FULL ALLOW (I)

BUILTIN\Administrators FULL ALLOW (CI)(OI)(IO)(I)

NT AUTHORITY\SYSTEM FULL ALLOW (I)

NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(IO)(I)

CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)

SystemLook 30.07.11 by jpshortstuff

Log created at 14:59 on 10/04/2012 by Plamenka

Administrator - Elevation successful

========== dir ==========

c:\windows\$NtUninstallKB3255$ - Unable to find folder.

C:\WINDOWS\$NtUninstallKB938828$ - Parameters: "/s"

---Files---

explorer.exe --a--c- 1032192 bytes [14:51 19/02/2008] [08:00 04/08/2004]

C:\WINDOWS\$NtUninstallKB938828$\spuninst d----c- [14:51 19/02/2008]

spuninst.exe --a--c- 213216 bytes [14:51 19/02/2008] [23:12 12/10/2005]

spuninst.inf --a--c- 5161 bytes [14:51 19/02/2008] [14:51 19/02/2008]

spuninst.txt --a--c- 311 bytes [14:51 19/02/2008] [14:51 19/02/2008]

updspapi.dll --a--c- 371424 bytes [14:51 19/02/2008] [23:12 12/10/2005]

-= EOF =-

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Последен напън:

  • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
  • Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
:OTL
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\ctl3dv2.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\ntldr:KAVICHS
:files
dir /s /a "C:\8f1faac2df4bafcb014484efad6630ed" /c
:commands
[emptytemp]
След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл - OTL fix log. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

здравейте отново,

След два опита при които ОТЛ-то зависва както преди го пуснах в Сеив Мод

ето и резултата:

All processes killed

========== OTL ==========

Unable to delete ADS C:WINDOWSSystem32ctl3dv2.dll:KAVICHS .

Unable to delete ADS C:ntldr:KAVICHS .

========== FILES ==========

< dir /s /a "C:8f1faac2df4bafcb014484efad6630ed" /c >

Volume in drive C has no label.

Volume Serial Number is 10A9-DC13

Directory of C:8f1faac2df4bafcb014484efad6630ed

02/17/2012 04:50 PM <DIR> .

02/17/2012 04:50 PM <DIR> ..

02/17/2012 04:50 PM 788 $shtdwn$.req

01/27/2012 12:27 AM 3,650,706 mrt.exe._p

01/27/2012 12:13 AM 92,976 mrtstub.exe

3 File(s) 3,744,470 bytes

Total Files Listed:

3 File(s) 3,744,470 bytes

2 Dir(s) 126,844,305,408 bytes free

C:Documents and SettingsPlamenkaDesktopcmd.bat deleted successfully.

C:Documents and SettingsPlamenkaDesktopcmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Plamenka

->Temp folder emptied: 335644 bytes

->Temporary Internet Files folder emptied: 30964474 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 734 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32dllcache .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 483 bytes

%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 1056 bytes

%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 1289041 bytes

Total Files Cleaned = 31.00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 04182012_104103

FilesFolders moved on Reboot...

Registry entries deleted on Reboot...

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Отворете virustotal и с бутона Browse намерете файла:

C:ntldr (за този файл трябва да покажете скритите файлове)

My Computer => Tools => Folder Options => View => Hidden files and folders => слагате радиобутона пред Show Hidden FIles and Folders

My Computer => Tools => Folder Options => View => Hide protected operating system files(recommended) => премахнете отметката

Натиснете бутона SEND.

Ако файла вече е анализирам, моля натиснете Reanalyse.

Повторете стъпките за този файл:

C:WINDOWSSystem32ctl3dv2.dll

Публикувайте резултатите от проверката за този файл в следващяи си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

SHA256: 644335c778eed2c2acb701657fb337cef93bde486650878d3c6ebc2ac4d4a447 SHA1: cb8c794dbe38d7bbe79e992823678e493370e975 MD5: c1b29b4e6eea9510610db2ec4d6db160 File size: 244.2 KB ( 250048 bytes ) File name: C:ntldr File type: DOS EXE Detection ratio: 1 / 42 Analysis date: 2012-04-20 10:32:31 UTC ( 3 минути ago ) More details Antivirus Result Update AhnLab-V3 - 20120420 AntiVir - 20120420 Antiy-AVL - 20120420 Avast - 20120420 AVG - 20120420 BitDefender - 20120420 ByteHero - 20120417 CAT-QuickHeal - 20120420 ClamAV - 20120419 Commtouch - 20120420 Comodo - 20120420 DrWeb - 20120420 Emsisoft - 20120420 eSafe - 20120419 eTrust-Vet - 20120420 F-Prot - 20120420 F-Secure - 20120420 Fortinet - 20120420 GData - 20120420 Ikarus - 20120420 Jiangmin - 20120420 K7AntiVirus - 20120418 Kaspersky - 20120420 McAfee - 20120420 McAfee-GW-Edition Heuristic.BehavesLike.Exploit.CodeExec.O 20120420 Microsoft - 20120420 NOD32 - 20120420 Norman - 20120420 nProtect - 20120420 Panda - 20120420 PCTools - 20120420 Rising - 20120420 Sophos - 20120420 SUPERAntiSpyware - 20120402 Symantec - 20120420 TheHacker - 20120420 TrendMicro - 20120420 TrendMicro-HouseCall - 20120420 VBA32 - 20120419 VIPRE - 20120420 ViRobot - 20120420 VirusBuster - 20120420 SHA256: 3387135a5075439b9238d6c486b047d4dba8d9a6d1dad6bb74050347c70616db SHA1: 17155dedec7d8cd7aa305e204c489c6bc3060cf7 MD5: 637d88e7a1bedc4457c80dbc8ba9f135 File size: 26.6 KB ( 27200 bytes ) File name: C:WINDOWSsystem32ctl3dv2.dll File type: Win16 EXE Detection ratio: 0 / 42 Analysis date: 2012-04-20 10:43:13 UTC ( 2 минути ago ) More details Antivirus Result Update AhnLab-V3 - 20120420 AntiVir - 20120420 Antiy-AVL - 20120420 Avast - 20120420 AVG - 20120420 BitDefender - 20120420 ByteHero - 20120417 CAT-QuickHeal - 20120420 ClamAV - 20120419 Commtouch - 20120420 Comodo - 20120420 DrWeb - 20120420 Emsisoft - 20120420 eSafe - 20120419 eTrust-Vet - 20120420 F-Prot - 20120420 F-Secure - 20120420 Fortinet - 20120420 GData - 20120420 Ikarus - 20120420 Jiangmin - 20120420 K7AntiVirus - 20120418 Kaspersky - 20120420 McAfee - 20120420 McAfee-GW-Edition - 20120420 Microsoft - 20120420 NOD32 - 20120420 Norman - 20120420 nProtect - 20120420 Panda - 20120420 PCTools - 20120420 Rising - 20120420 Sophos - 20120420 SUPERAntiSpyware - 20120402 Symantec - 20120420 TheHacker - 20120420 TrendMicro - 20120420 TrendMicro-HouseCall - 20120420 VBA32 - 20120419 VIPRE - 20120420 ViRobot - 20120420 VirusBuster - 20120420

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не искам да ми копирате резултатите... Може ли да ми дадете линковете към самите резултати от проверката ? :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Така. Мисля че може да пропуснем последните стъпки. Упоритите ADS потоци не искат да се премахнат заради проблеми с правата на линкнатите два обекта. Можем да: - Пробваме да взема права над тези обекти и да премахнем ADS потоците. - Да не се занимаваме с тях - безредни са - размера е под минималния за създаване на изпълним код. - Създадени са от Kaspersky 5 - стартите версии създаваха такива потоци. Безопасни са, но malware по-принцип може да се възползва от тях и затова в новите версии на Kaspersky няма такива потоци. Можем да пробваме да почистим остатъците от Kaspersky и да видим дали това ще помогне (с някой инструмент за деинсталация). Така или иначе компютъра вече е чист. Някакви други проблеми преди финалните ми съвети. :)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

За сега няма други проблеми. :) Ако ми препоръчате деинсталатор бих пробвал да почистя остатаците от Kaspersky 5. Благодаря за помоща!

Редактирано от i5o (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

По едно време ми се намираха някакви конкретни деинсталатори за версия 5, но сега нещо не ги намирам...

Все пак почистете остатъците с тези:

kavremover.exe (трябва да въведете кода показан при стартиране на инструмента. Оставете да премахне всички познати продукти).

KAV_REGISTRY_CLEANER (разархивирайте в папка по избор и стартирайте exe-то).

KisKav6Remove.zip (разархивирайте в папка по избор и старайте exe-то).

Рестартирайте след почистването.

За ADS потоците се сетих, че от Kaspersky имат инструмент и за тях.

Изтеглете този инструмент - Klstreamremover.zip

Разархивирайте го в C:

След това от Start => Run => напишете командата - C:Klstreamremover.exe –r

Натиснете Enter и рестартирайте.

После отговорете как е минало и ще дам финалните си съвети.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте, Извинявам се за дългото време преди отговора ми. Пуснах всички инструменти и почистването премина без проблеми. Очаквам вашите съвети. Благодаря.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте, Ами то няма какво повече да се прави, но все пак ще ми е любопитно дали stream-овете са били успешно премахнати. И да не са, не е голям проблем, но ако ви се занимава пуснете нова проверка с OTL и публикувайте резултатите... Ако пък искате да приключваме ще пиша как да деинсталирате използваните от нас неща.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

OTL logfile created on: 5/17/2012 3:54:26 PM - Run 3

OTL by OldTimer - Version 3.2.39.2 Folder = C:Documents and SettingsPlamenkaDesktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000402 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.42 Mb Total Physical Memory | 243.78 Mb Available Physical Memory | 48.52% Memory free

1.20 Gb Paging File | 0.84 Gb Available in Paging File | 70.30% Paging File free

Paging file location(s): C:pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 139.03 Gb Total Space | 114.59 Gb Free Space | 82.42% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 8.20 Gb Free Space | 82.01% Space Free | Partition Type: NTFS

Drive I: | 16.94 Gb Total Space | 1.24 Gb Free Space | 7.33% Space Free | Partition Type: NTFS

Drive T: | 16.94 Gb Total Space | 1.24 Gb Free Space | 7.33% Space Free | Partition Type: NTFS

Drive W: | 16.94 Gb Total Space | 1.24 Gb Free Space | 7.33% Space Free | Partition Type: NTFS

Computer Name: PLAMENKARAINOVA | User Name: Plamenka | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/10 14:21:44 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsPlamenkaDesktopOTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe

PRC - [2012/03/07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:Program FilesAVAST SoftwareAvastAvastUI.exe

PRC - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:Program FilesAVAST SoftwareAvastAvastSvc.exe

PRC - [2010/12/16 17:19:34 | 002,402,512 | ---- | M] (IObit) -- C:Program FilesIObitAdvanced SystemCare 3AWC.exe

PRC - [2008/04/14 03:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe

PRC - [2007/01/05 06:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe

PRC - [2006/04/24 21:42:06 | 000,888,832 | ---- | M] () -- C:WINDOWSSMINSTScheduler.exe

PRC - [2006/01/05 14:34:56 | 000,061,440 | ---- | M] (Siemens AG) -- C:Program FilesSiemensCard APIbinsiecacst.exe

PRC - [2003/09/12 23:55:10 | 000,234,496 | ---- | M] (DOSPRN) -- C:Program FilesDosprnDOSprn.exe

PRC - [2003/05/13 04:58:00 | 000,475,136 | R--- | M] (Datakey, Inc.) -- C:WINDOWSsystem32dkcktkn.exe

PRC - [2003/05/13 04:52:00 | 000,143,360 | R--- | M] (Datakey, Inc.) -- C:Program FilesDatakeyCrypt32dkMonitor.exe

PRC - [2003/05/13 04:48:00 | 000,245,760 | R--- | M] (Datakey, Inc.) -- C:Program FilesDatakeyCrypt32dkAutoReg.exe

PRC - [2003/05/13 04:37:00 | 000,102,400 | R--- | M] (Datakey, Inc.) -- C:WINDOWSsystem32dklog.exe

PRC - [2000/12/30 13:39:58 | 000,151,552 | ---- | M] () -- C:WINDOWSDatecsFlex2K.exe

PRC - [2000/09/13 11:51:58 | 000,192,512 | ---- | M] (The Webshots Corporation) -- C:Program FilesWebshotsWebshotsTray.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/16 22:46:16 | 001,759,232 | ---- | M] () -- C:Program FilesAVAST SoftwareAvastdefs12051601algo.dll

MOD - [2010/01/22 15:13:30 | 000,323,160 | ---- | M] () -- C:Program FilesIObitAdvanced SystemCare 3winSkinD7R.bpl

MOD - [2010/01/22 15:13:16 | 000,045,656 | ---- | M] () -- C:Program FilesIObitAdvanced SystemCare 3CoolTrayIcon_D6plus.bpl

MOD - [2010/01/22 15:11:36 | 000,150,616 | ---- | M] () -- C:Program FilesIObitAdvanced SystemCare 3STFix.dll

MOD - [2010/01/22 15:11:30 | 000,057,432 | ---- | M] () -- C:Program FilesIObitAdvanced SystemCare 3NtfsData.dll

MOD - [2006/04/24 21:42:06 | 000,888,832 | ---- | M] () -- C:WINDOWSSMINSTScheduler.exe

MOD - [2002/12/09 09:38:28 | 000,094,274 | ---- | M] () -- C:WINDOWSsystem32HPBHEALR.DLL

MOD - [2000/12/30 13:39:58 | 000,151,552 | ---- | M] () -- C:WINDOWSDatecsFlex2K.exe

MOD - [2000/12/13 01:55:40 | 000,028,672 | ---- | M] () -- C:WINDOWSsystem32newdll.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%System32hidserv.dll -- (HidServ)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe -- (MBAMService)

SRV - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:Program FilesAVAST SoftwareAvastAvastSvc.exe -- (avast! Antivirus)

SRV - [2007/01/05 06:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe -- (IviRegMgr)

SRV - [2003/05/13 04:58:00 | 000,475,136 | R--- | M] (Datakey, Inc.) [Auto | Running] -- C:WINDOWSsystem32dkcktkn.exe -- (DkTknSrv)

SRV - [2003/05/13 04:37:00 | 000,102,400 | R--- | M] (Datakey, Inc.) [Auto | Running] -- C:WINDOWSsystem32dklog.exe -- (DkLogger)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32DRIVERSSCR33x.sys -- (SCR33x USB Smart Card Reader)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:WINDOWSsystem32driversmbam.sys -- (MBAMProtector)

DRV - [2012/03/07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:WINDOWSSystem32driversaswSnx.sys -- (aswSnx)

DRV - [2012/03/07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WINDOWSSystem32driversaswSP.sys -- (aswSP)

DRV - [2012/03/07 02:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WINDOWSSystem32driversaswRdr.sys -- (AswRdr)

DRV - [2012/03/07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WINDOWSSystem32driversaswTdi.sys -- (aswTdi)

DRV - [2012/03/07 02:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:WINDOWSSystem32driversaswmon2.sys -- (aswMon2)

DRV - [2012/03/07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:WINDOWSSystem32driversaswFsBlk.sys -- (aswFsBlk)

DRV - [2012/03/07 01:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:WINDOWSSystem32driversaavmker4.sys -- (Aavmker4)

DRV - [2007/01/30 21:57:50 | 004,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversRtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/11/07 05:35:00 | 000,047,488 | R--- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversSCR3XX2K.sys -- (SCR3xx USB Smart Card Reader)

DRV - [2004/10/25 01:04:00 | 000,007,796 | R--- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversStc2Dfu.sys -- (STC2DFU)

DRV - [2004/08/22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:WINDOWSsystem32driversd347prt.sys -- (d347prt)

DRV - [2004/08/22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:WINDOWSsystem32driversd347bus.sys -- (d347bus)

DRV - [2004/08/03 20:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswVchNTxx.sys -- (iAimFP4)

DRV - [2004/08/03 20:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswSiINTxx.sys -- (iAimFP3)

DRV - [2004/08/03 20:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswATV10nt.sys -- (iAimTV5)

DRV - [2004/08/03 20:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswCh7xxNT.sys -- (iAimTV4)

DRV - [2004/08/03 20:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswATV06nt.sys -- (iAimTV6)

DRV - [2004/08/03 20:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswATV04nt.sys -- (iAimTV3)

DRV - [2004/08/03 20:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswATV02NT.sys -- (iAimTV1)

DRV - [2004/08/03 20:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswATV01nt.sys -- (iAimTV0)

DRV - [2004/08/03 20:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV09NT.sys -- (iAimFP7)

DRV - [2004/08/03 20:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV07nt.sys -- (iAimFP5)

DRV - [2004/08/03 20:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV08NT.sys -- (iAimFP6)

DRV - [2004/08/03 20:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversi81xnt5.sys -- (i81x)

DRV - [2004/08/03 20:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV01nt.sys -- (iAimFP0)

DRV - [2004/08/03 20:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV02NT.sys -- (iAimFP1)

DRV - [2004/08/03 20:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverswADV05NT.sys -- (iAimFP2)

DRV - [2002/04/04 09:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32driverssymmpi.sys -- (Symmpi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.bg/

IE - HKCU..SearchScopes,DefaultScope = {C1D0976E-4F98-4B91-8B6A-1A76D5FCCC7C}

IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU..SearchScopes{C1D0976E-4F98-4B91-8B6A-1A76D5FCCC7C}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight4.1.10111.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program FilesAdobeReader 9.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - Extension: YouTube = C:Documents and SettingsPlamenkaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2_0

CHR - Extension: Google u0422u044Au0440u0441u0435u043Du0435 = C:Documents and SettingsPlamenkaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.14_0

CHR - Extension: avast! WebRep = C:Documents and SettingsPlamenkaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsicmlaeflemplmjndnaapfdbbnpncnbda7.0.1426_0

CHR - Extension: Gmail = C:Documents and SettingsPlamenkaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia6.1.3_0

O1 HOSTS File: ([2012/04/07 18:01:52 | 000,000,027 | ---- | M]) - C:WINDOWSsystem32driversetchosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll (AVAST Software)

O3 - HKLM..Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll (AVAST Software)

O4 - HKLM..Run: [avast] C:Program FilesAVAST SoftwareAvastavastUI.exe (AVAST Software)

O4 - HKLM..Run: [DkAutoReg.exe] C:Program FilesDatakeyCrypt32dkAutoReg.exe (Datakey, Inc.)

O4 - HKLM..Run: [DkMonitor.exe] C:Program FilesDatakeyCrypt32dkMonitor.exe (Datakey, Inc.)

O4 - HKLM..Run: [DkStartup] C:Program FilesDatakeyCrypt32DkStartup.exe (Datakey, Inc.)

O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRecguard.exe ()

O4 - HKLM..Run: [Reminder] C:WINDOWSCREATORRemind_XP.exe ()

O4 - HKLM..Run: [scheduler] C:WINDOWSSMINSTScheduler.exe ()

O4 - HKLM..Run: [setRefresh] C:Program FilesCompaqSetRefreshSetRefresh.exe (Hewlett-Packard Company)

O4 - HKCU..Run: [Advanced SystemCare 3] C:Program FilesIObitAdvanced SystemCare 3AWC.exe (IObit)

O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupFlexType 2K.lnk = C:WINDOWSDatecsFlex2K.exe ()

O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupHiPath SIcurity Card API.lnk = C:Program FilesSiemensCard APIbinsiecacst.exe (Siemens AG)

O4 - Startup: C:Documents and SettingsPlamenkaStart MenuProgramsStartupDOSprn.lnk = C:Program FilesDosprnDOSprn.exe (DOSPRN)

O4 - Startup: C:Documents and SettingsPlamenkaStart MenuProgramsStartupWebshots.lnk = C:Program FilesWebshotsWebshotsTray.exe (The Webshots Corporation)

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerInfodelivery present

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoResolveSearch = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binnpjpi160_01.dll (Sun Microsystems, Inc.)

O16 - DPF: {167248DA-0F88-4DE1-B4B1-45176751026D} https://bs.b-trust.org/wl-dl/bs/js/renew/CertManX.cab (CertManX Control)

O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://srl.nssi.bg/ExtUsers/viewer/activeXViewer/activexviewer.cab (Crystal Report Viewer Control 9)

O16 - DPF: {4DB62416-BC86-4439-B5BA-366948F47C8D} https://bs.b-trust.org/wl-dl/bs/js/sign/SCManagerX.cab (SCManagerX Control)

O16 - DPF: {500A3316-5B0E-4253-BBE5-CE3F11A1AE71} https://inetdec.nra.bg/dds/InetVAT5Frm.cab (InetVAT5Form Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {97EA2A5E-A821-48A1-B0F9-DEDB5E0E62A2} https://inetdec.nra.bg/cabs/SignCOM.cab (SignedFile Object)

O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} https://www.extri.bg/capicom.cab (Settings Class)

O16 - DPF: {C186F386-6FC6-414C-AB53-975FB0EB15C1} http://v.netlogstatic.com/v5.00/2995//s/e/Aurigma/ImageUploaderPHP/PhotoUploader.cab (Photo Uploader Control)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{02B9B549-6E76-4467-94AD-2664E3FE96D2}: NameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WINDOWSexplorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) - C:WINDOWSsystem32userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:Documents and SettingsPlamenkaLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O24 - Desktop BackupWallPaper: C:Documents and SettingsPlamenkaLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = ComFile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 08:55:34 | 000,000,000 | ---D | C] -- C:Documents and SettingsPlamenkaDesktopНова папка

[2012/04/20 08:23:37 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32mucltui.dll

[2012/04/20 08:23:37 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32mucltui.dll.mui

[2012/04/19 08:54:58 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersStart MenuProgramsMicrosoft Silverlight

[2012/04/19 08:54:52 | 000,000,000 | ---D | C] -- C:Program FilesMicrosoft Silverlight

========== Files - Modified Within 30 Days ==========

[2012/05/17 15:50:02 | 000,001,946 | ---- | M] () -- C:WINDOWSwebshots.ini

[2012/05/17 15:11:01 | 000,000,890 | ---- | M] () -- C:WINDOWS asksGoogleUpdateTaskMachineUA.job

[2012/05/17 14:26:20 | 000,000,428 | -H-- | M] () -- C:WINDOWS asksUser_Feed_Synchronization-{6482A737-AA76-49D9-B493-A348479543DB}.job

[2012/05/17 12:24:45 | 000,001,158 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl

[2012/05/17 12:24:18 | 000,000,886 | ---- | M] () -- C:WINDOWS asksGoogleUpdateTaskMachineCore.job

[2012/05/17 12:23:52 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat

[2012/05/17 12:23:51 | 526,897,152 | -HS- | M] () -- C:hiberfil.sys

[2012/05/17 08:28:55 | 000,001,813 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopGoogle Chrome.lnk

[2012/05/17 08:12:05 | 003,932,214 | ---- | M] () -- C:WINDOWSwebshots.bmp

[2012/05/15 16:03:40 | 000,471,628 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat

[2012/05/15 16:03:40 | 000,083,692 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat

[2012/05/15 14:24:14 | 000,002,425 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopДекларации Обр.1 и 6.lnk

[2012/04/26 08:38:26 | 000,000,680 | ---- | M] () -- C:Documents and SettingsPlamenkaStart MenuProgramsStartupWebshots.lnk

[2012/04/26 08:33:39 | 000,278,944 | ---- | M] () -- C:WINDOWSSystem32FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/04/26 16:52:52 | 000,016,448 | ---- | C] () -- C:KLStreamRemover.exe

[2012/04/18 10:43:40 | 526,897,152 | -HS- | C] () -- C:hiberfil.sys

[2012/04/05 11:40:26 | 000,256,000 | ---- | C] () -- C:WINDOWSPEV.exe

[2012/04/05 11:40:26 | 000,208,896 | ---- | C] () -- C:WINDOWSMBR.exe

[2012/04/05 11:40:26 | 000,098,816 | ---- | C] () -- C:WINDOWSsed.exe

[2012/04/05 11:40:26 | 000,080,412 | ---- | C] () -- C:WINDOWSgrep.exe

[2012/04/05 11:40:26 | 000,068,096 | ---- | C] () -- C:WINDOWSzip.exe

[2012/02/17 09:23:28 | 000,003,072 | ---- | C] () -- C:WINDOWSSystem32iacenc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:WINDOWSSystem32ctl3dv2.dll:KAVICHS

@Alternate Data Stream - 100 bytes -> C:ntldr:KAVICHS

< End of report >

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход


  • Горещи теми в момента

  • Подобни теми

    • от Katrin4i
      Здравейте, мисля че компютърът ми има някакъв вирус. На два пъти ми се случи да опитам да инсталирам нещо и не става, а днес се опитах да деинсталирам Malwarebites и пак не става. След сканиране с Windows Defender Antiwirus  откри нещо, което се казва ""Misleading:Win32/Corenore"
      Моля ви за съдействие, не бих могла да се справя сама, благодаря!
       
    • от beemer
      Здравейте, както съм споделил тук, имам съмнение за заразен компютър, като опитвайки се да инсталирам Malwarebytes не успявам да го отворя по никакъв начин, което ме навява още по-силно на съмнението, че съм барнал вирус.
      Прикачвам репорт файловете.
      Ще помоля за вашето съдействие.
       
      Addition.txt
      FRST.txt
    • от porata
      Добър ден. Мисля че съм се заразил от някъде с доста неприятни вируси
      Днес забелязах че след рестарт на машината първото нещо което стартира след като се пусне лин-а е някакъв произволен сайт в този случай сайт с няккакви реклами..
      Както и самата машина някак си започна да забива и насича 
      Ети логовете



       
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
      Ran by GAMEPC (administrator) on GAMEPC-PC (10-01-2018 17:49:26)
      Running from C:\Users\GAMEPC\Downloads
      Loaded Profiles: GAMEPC (Available Profiles: GAMEPC)
      Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Български (България)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
      (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [AutoKMS] => C:\Windows\AutoKMS.exe [615936 2017-09-08] ()
      HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-17] (Disc Soft Ltd)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Viber] => C:\Users\GAMEPC\AppData\Local\Viber\Viber.exe [34472016 2017-12-12] (Viber Media S.à r.l.)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Discord] => C:\Users\GAMEPC\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [GAMEPC] => explorer.exe hxxp://ozirizsoos.info <==== ATTENTION
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\MountPoints2: {609d2171-c4d2-11e7-a1c0-048d38748987} - E:\Lenovo_Suite.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 87.121.24.12
      Tcpip\..\Interfaces\{F8E6BFBF-08DD-4CEC-8468-25670AF9DFE4}: [DhcpNameServer] 87.121.24.12
      Internet Explorer:
      ==================
      HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-21] (Oracle Corporation)
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-21] (Oracle Corporation)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-21] (Oracle Corporation)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-21] (Oracle Corporation)
      FireFox:
      ========
      FF DefaultProfile: mrpwyf7s.default
      FF ProfilePath: C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default [2018-01-10]
      FF Homepage: Mozilla\Firefox\Profiles\mrpwyf7s.default -> google.bg
      FF Extension: (uBlock Origin) - C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\Extensions\uBlock0@raymondhill.net.xpi [2017-12-26]
      FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-21] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-21] (Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
      FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-21] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-21] (Oracle Corporation)
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-04] (NVIDIA Corporation)
      FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-04] (NVIDIA Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
      Chrome: 
      =======
      CHR StartupUrls: Default -> "hxxp://google.bg/"
      CHR Profile: C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default [2018-01-10]
      CHR Extension: (Презентации) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Документи) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Диск) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-08]
      CHR Extension: (YouTube) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-08]
      CHR Extension: (Таблици) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Документи офлайн) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-08]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-08]
      CHR Extension: (Gmail) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-08]
      CHR Extension: (Chrome Media Router) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-12]
      Opera: 
      =======
      OPR Extension: (uBlock Origin) - C:\Users\GAMEPC\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2017-12-16]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-16] ()
      R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291392 2017-08-17] (Disc Soft Ltd)
      S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526888 2017-12-08] (EasyAntiCheat Ltd)
      R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
      S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
      S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2017-09-08] (Realtek Semiconductor.) [File not signed]
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-06-20] (Microsoft Corporation)
      R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651136 2017-09-08] (Microsoft Corporation) [File not signed]
      R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
      R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2017-09-08] (Advanced Micro Devices Inc.)
      R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-09-11] (Disc Soft Ltd)
      R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-09-11] (Disc Soft Ltd)
      R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-09-08] (REALiX(tm))
      S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2017-09-08] (Qualcomm Atheros Co., Ltd.)
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-16] (NVIDIA Corporation)
      R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-11-16] (NVIDIA Corporation)
      R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-11-16] (NVIDIA Corporation)
      R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [61656 2017-09-08] (Realtek Semiconductor Corporation )
      S3 BEDaisy; \??\C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [X]
      S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-01-10 17:49 - 2018-01-10 17:49 - 000013425 _____ C:\Users\GAMEPC\Downloads\FRST.txt
      2018-01-10 17:48 - 2018-01-10 17:49 - 000000000 ____D C:\FRST
      2018-01-10 17:47 - 2018-01-10 17:47 - 002393088 _____ (Farbar) C:\Users\GAMEPC\Downloads\FRST64.exe
      2018-01-10 16:50 - 2018-01-10 16:50 - 000047308 _____ C:\Users\GAMEPC\Downloads\Malcolm.S05.BGAUDIO.torrent
      2018-01-10 15:52 - 2018-01-09 21:50 - 000000230 ___SH C:\Users\Public\Libraries.ini
      2018-01-08 22:48 - 2018-01-08 22:48 - 000025438 _____ C:\Users\GAMEPC\Downloads\Malcolm in the Middle Season 4 TVRip BGAudio [***].torrent
      2018-01-08 18:01 - 2018-01-08 18:01 - 000000000 ____D C:\Program Files (x86)\VulkanRT
      2018-01-08 18:01 - 2018-01-04 02:01 - 000137528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
      2018-01-08 18:01 - 2017-11-02 22:15 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
      2018-01-08 18:01 - 2017-11-02 22:15 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
      2018-01-08 18:01 - 2017-11-02 22:15 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
      2018-01-08 18:01 - 2017-11-02 22:14 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
      2018-01-08 18:00 - 2018-01-08 18:00 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
      2018-01-08 17:58 - 2018-01-04 03:39 - 040269624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 035278136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 035179080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 027856456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 019796008 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 018730328 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 017303112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
      2018-01-08 17:58 - 2018-01-04 03:39 - 016450056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 015408072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 013430632 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 012842984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 011015584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 010900248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 003902448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 003874728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 003432944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 001975184 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439065.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 001674544 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439065.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 001134952 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 001125688 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 001054512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000988144 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000939504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000885680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000616240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000528312 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000506672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000447424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000226760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
      2018-01-08 17:58 - 2018-01-04 03:39 - 000171896 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000154208 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000149736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000132072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000045600 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
      2018-01-08 17:58 - 2018-01-04 03:39 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
      2018-01-08 17:58 - 2018-01-04 03:39 - 000000669 _____ C:\Windows\system32\nv-vk64.json
      2018-01-06 18:55 - 2018-01-06 18:55 - 000019998 _____ C:\Users\GAMEPC\Downloads\Malcolm in the Middle Season 3 TVRip BGAudio [***].torrent
      2018-01-05 18:31 - 2018-01-05 18:31 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Electronic Arts
      2018-01-05 18:13 - 2018-01-05 18:13 - 000000000 ____D C:\Users\GAMEPC\Documents\PCSX2
      2018-01-05 18:12 - 2018-01-05 18:12 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\PCSX2
      2018-01-05 18:02 - 2018-01-05 18:02 - 000039666 _____ C:\Users\GAMEPC\Downloads\Harry.Potter.and.the.Deathly.Hallows.Part.2-SKIDROW.torrent
      2018-01-05 18:02 - 2018-01-05 18:02 - 000039666 _____ C:\Users\GAMEPC\Downloads\Harry.Potter.and.the.Deathly.Hallows.Part.2-SKIDROW (1).torrent
      2018-01-05 18:02 - 2018-01-05 18:02 - 000006830 _____ C:\Users\GAMEPC\Downloads\Harry.Potter.and.The.Deathly.Hallows.Part.2.Proper.CRACK.ONLY-RELOADED.torrent
      2018-01-05 17:59 - 2018-01-05 17:59 - 000060214 _____ C:\Users\GAMEPC\Downloads\Crash_titans_pc_rus.iso (1).torrent
      2018-01-05 17:58 - 2018-01-05 17:58 - 000060214 _____ C:\Users\GAMEPC\Downloads\Crash_titans_pc_rus.iso.torrent
      2018-01-04 22:15 - 2018-01-04 22:15 - 000024355 _____ C:\Users\GAMEPC\Downloads\Malcolm.In.Тhe.Middle.S02.TVRiP.BGAUDiO-GOMBO.torrent
      2018-01-03 21:18 - 2018-01-03 21:18 - 000016750 _____ C:\Users\GAMEPC\Downloads\Malcolm.In.Тhe.Middle.S01.TVRiP.BGAUDiO-GOMBO.torrent
      2018-01-02 14:13 - 2018-01-02 14:13 - 000014967 _____ C:\Users\GAMEPC\Downloads\The.X.Files.I.Want.to.Believe.2008.DVDRip.XviD.BGAUDiO-SiSO.torrent
      2018-01-02 14:12 - 2018-01-02 14:12 - 000034573 _____ C:\Users\GAMEPC\Downloads\The.X.Files.I.Want.to.Believe.2008.DC.480p.BDRip.XviD.AC3-AsA.torrent
      2018-01-02 14:12 - 2018-01-02 14:12 - 000025883 _____ C:\Users\GAMEPC\Downloads\The.X.Files.I.Want.to.Believe.2008.DirCut.720p.BluRay.DTS.x264_ESiR.(subs.sab.bz).rar
      2018-01-02 13:49 - 2018-01-02 13:49 - 000014977 _____ C:\Users\GAMEPC\Downloads\The.X.Files.1998.BDRip.XviD.Dual.Audio[Bul-Eng]-TBO (1).torrent
      2018-01-02 13:47 - 2018-01-02 13:47 - 000014977 _____ C:\Users\GAMEPC\Downloads\The.X.Files.1998.BDRip.XviD.Dual.Audio[Bul-Eng]-TBO.torrent
      2018-01-02 09:53 - 2018-01-02 09:53 - 000114625 _____ C:\Users\GAMEPC\Downloads\Bright.2017.HDRip.XviD.AC3-EVO.torrent
      2018-01-02 09:53 - 2018-01-02 09:53 - 000039426 _____ C:\Users\GAMEPC\Downloads\bright.2017.1080p.nf.web-dl.dd5.1.h.264-ika(subsunacs.net).rar
      2017-12-28 21:02 - 2017-12-28 21:02 - 000035829 _____ C:\Users\GAMEPC\Downloads\The X Files S01 ep10-12.torrent
      2017-12-28 21:02 - 2017-12-28 21:02 - 000034149 _____ C:\Users\GAMEPC\Downloads\The X Files S01 ep07-09.torrent
      2017-12-28 18:17 - 2017-12-28 18:17 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\TslGame
      2017-12-28 17:03 - 2017-12-28 17:03 - 000000222 _____ C:\Users\GAMEPC\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS.url
      2017-12-28 17:03 - 2017-12-28 17:03 - 000000222 _____ C:\Users\GAMEPC\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS (Test Server).url
      2017-12-27 21:05 - 2017-12-27 21:05 - 000034969 _____ C:\Users\GAMEPC\Downloads\The X Files S01 ep04-06.torrent
      2017-12-27 21:04 - 2017-12-27 21:04 - 000070165 _____ C:\Users\GAMEPC\Downloads\The X Files S01 ep01-03 (1).torrent
      2017-12-27 19:01 - 2017-12-27 19:01 - 000070165 _____ C:\Users\GAMEPC\Downloads\The X Files S01 ep01-03.torrent
      2017-12-27 17:54 - 2017-12-27 17:54 - 000068903 _____ C:\Users\GAMEPC\Downloads\The.X-Files.S10.1080p.BluRay.AVC.x264.MULTi.AC3-STM.torrent
      2017-12-26 18:47 - 2017-12-26 18:47 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\GAMEPC\Downloads\flashplayer28_ka_install.exe
      2017-12-25 18:43 - 2017-12-25 18:43 - 000014387 _____ C:\Users\GAMEPC\Downloads\Scooby.Doo.And.The.Loch.Ness.Monster.2004.DVDRip.XviD.BGAUDIO-RRGroup.torrent
      2017-12-25 18:42 - 2017-12-25 18:42 - 000014469 _____ C:\Users\GAMEPC\Downloads\Scooby.Doo.Pirates.Ahoy.2006.DVDRip.XviD.BGAUDIO-RRGroup.torrent
      2017-12-25 18:41 - 2017-12-25 18:41 - 000016605 _____ C:\Users\GAMEPC\Downloads\Scooby-Doo.and.the.Alien.Invaders(2000)[BGAudio]TVRip.XviD-CoveR.avi.torrent
      2017-12-25 18:40 - 2017-12-25 18:40 - 000015973 _____ C:\Users\GAMEPC\Downloads\Scooby-Doo! and the Monster of Mexico (2003) [BG Audio] TVRip.XviD-CoveR.avi.torrent
      2017-12-25 18:40 - 2017-12-25 18:40 - 000015973 _____ C:\Users\GAMEPC\Downloads\Scooby-Doo! and the Monster of Mexico (2003) [BG Audio] TVRip.XviD-CoveR.avi (1).torrent
      2017-12-24 20:09 - 2017-12-24 20:09 - 000014490 _____ C:\Users\GAMEPC\Downloads\The.Nut.Job.2014.BDRip.XviD.BGaudio-REFLUX.torrent
      2017-12-24 14:27 - 2017-12-24 14:27 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Adobe
      2017-12-23 21:42 - 2017-12-23 21:42 - 001556480 _____ C:\Users\GAMEPC\Downloads\Непотвърдено 653969.crdownload
      2017-12-21 16:16 - 2017-12-16 02:21 - 001990128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438871.dll
      2017-12-21 16:16 - 2017-12-16 02:21 - 001674736 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438871.dll
      2017-12-17 17:07 - 2017-12-17 17:47 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Might & Magic Heroes VI
      2017-12-17 17:07 - 2017-12-17 17:17 - 000000000 ____D C:\Users\GAMEPC\Documents\Might & Magic Heroes VI
      2017-12-17 17:07 - 2017-12-17 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Repack by Fenixx
      2017-12-17 16:27 - 2017-12-17 16:27 - 000038163 _____ C:\Users\GAMEPC\Downloads\Might & Magic.Heroes 6.Gold Edition.v 2.1.1.0 + 4 DLC.(Бука).(2012).Repack.torrent
      2017-12-17 15:54 - 2017-12-17 15:54 - 000003429 _____ C:\Users\GAMEPC\Downloads\DiRT Rally Hotfix v1.0.109.3940 - BAT.torrent
      2017-12-17 15:53 - 2017-12-17 15:53 - 000105021 _____ C:\Users\GAMEPC\Downloads\DiRT.Rally-RELOADED.torrent
      2017-12-16 22:49 - 2017-12-16 22:50 - 004228256 _____ (Husdawg, LLC) C:\Users\GAMEPC\Downloads\Detection.exe
      2017-12-16 16:33 - 2017-12-16 16:33 - 000000000 ____D C:\Users\GAMEPC\Documents\Diablo III
      2017-12-16 13:58 - 2017-12-16 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
      2017-12-16 13:53 - 2017-12-16 15:13 - 000000000 ____D C:\Users\GAMEPC\Documents\StarCraft II
      2017-12-16 13:52 - 2017-12-16 14:34 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
      2017-12-16 13:48 - 2017-12-16 14:38 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Blizzard Entertainment
      2017-12-16 13:47 - 2017-12-16 13:47 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Blizzard
      2017-12-16 13:46 - 2017-12-16 13:47 - 000000000 ____D C:\ProgramData\Battle.net
      2017-12-16 13:46 - 2017-12-16 13:46 - 004215792 _____ (Blizzard Entertainment) C:\Users\GAMEPC\Downloads\StarCraft-II-Setup.exe
      2017-12-14 14:20 - 2017-12-14 14:21 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Viber
      2017-12-11 21:56 - 2018-01-10 16:01 - 000002131 _____ C:\Users\GAMEPC\Desktop\Discord.lnk
      2017-12-11 21:55 - 2018-01-10 16:01 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Discord
      2017-12-11 21:55 - 2017-12-11 21:55 - 054332920 _____ (Discord Inc.) C:\Users\GAMEPC\Downloads\DiscordSetup (1).exe
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-01-10 17:45 - 2009-07-14 07:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
      2018-01-10 17:45 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2018-01-10 17:41 - 2017-12-06 18:25 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\ViberPC
      2018-01-10 17:41 - 2017-09-23 17:42 - 000000000 ____D C:\Program Files (x86)\Steam
      2018-01-10 17:41 - 2017-09-08 13:25 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Skype
      2018-01-10 17:40 - 2017-09-08 13:03 - 000000000 ____D C:\ProgramData\NVIDIA
      2018-01-10 17:39 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2018-01-10 17:32 - 2009-07-14 06:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2018-01-10 17:32 - 2009-07-14 06:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2018-01-10 17:30 - 2017-09-08 12:34 - 000000000 ____D C:\Program Files (x86)\Opera
      2018-01-10 17:16 - 2017-09-10 00:33 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\qBittorrent
      2018-01-10 16:34 - 2017-09-08 12:51 - 000000000 ____D C:\Users\GAMEPC\AppData\LocalLow\Mozilla
      2018-01-10 16:01 - 2017-10-13 15:36 - 000000000 ____D C:\Users\GAMEPC\Documents\ViberDownloads
      2018-01-10 16:01 - 2017-09-09 21:09 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
      2018-01-10 16:01 - 2017-09-09 21:09 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\discord
      2018-01-10 16:01 - 2017-09-08 13:05 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\NVIDIA
      2018-01-10 15:58 - 2017-09-08 12:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2018-01-10 15:58 - 2017-09-08 12:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2018-01-09 21:27 - 2017-09-18 18:14 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2018-01-09 21:27 - 2017-09-18 18:14 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2018-01-09 21:27 - 2017-09-18 18:14 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
      2018-01-09 21:27 - 2017-09-18 18:14 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2018-01-09 21:27 - 2017-09-18 18:14 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2018-01-09 21:27 - 2017-09-18 18:14 - 000000000 ____D C:\Windows\system32\Macromed
      2018-01-09 17:15 - 2017-09-08 12:35 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-01-09 17:15 - 2017-09-08 12:35 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-01-08 18:02 - 2017-09-08 13:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
      2018-01-08 18:02 - 2017-09-08 12:20 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
      2018-01-08 18:02 - 2017-09-08 12:20 - 000000000 ____D C:\Program Files\NVIDIA Corporation
      2018-01-05 18:41 - 2017-09-08 14:54 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\CrashDumps
      2018-01-05 18:28 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      2018-01-04 16:47 - 2017-09-27 00:35 - 000000000 ____D C:\Users\GAMEPC\Documents\Euro Truck Simulator 2
      2018-01-04 03:39 - 2017-09-08 13:02 - 019677112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
      2018-01-04 03:39 - 2017-09-08 13:02 - 004375648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
      2018-01-04 03:39 - 2017-09-08 13:02 - 000492048 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
      2018-01-04 03:39 - 2017-09-08 12:22 - 022573984 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
      2018-01-04 03:39 - 2017-09-08 12:21 - 000045386 _____ C:\Windows\system32\nvinfo.pb
      2018-01-04 03:39 - 2017-09-08 12:19 - 001682288 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
      2018-01-04 02:33 - 2017-09-08 13:03 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
      2018-01-04 01:50 - 2017-09-08 13:03 - 005951336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 002588232 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 001768480 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 000631880 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 000450352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 000123704 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
      2018-01-04 01:50 - 2017-09-08 13:03 - 000081992 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
      2017-12-28 18:18 - 2017-09-08 13:05 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\NVIDIA Corporation
      2017-12-28 18:17 - 2017-09-08 12:20 - 000000000 ____D C:\ProgramData\Package Cache
      2017-12-25 18:46 - 2017-09-10 00:39 - 000000973 _____ C:\Users\GAMEPC\Desktop\PotPlayer 64 bit.lnk
      2017-12-24 21:07 - 2017-09-08 13:03 - 007928821 _____ C:\Windows\system32\nvcoproc.bin
      2017-12-21 16:10 - 2017-09-08 12:35 - 000003864 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1504866897
      2017-12-17 17:48 - 2017-11-29 18:58 - 000000000 ____D C:\ProgramData\Codemasters
      2017-12-17 17:48 - 2017-09-28 19:51 - 000000000 ____D C:\Users\GAMEPC\Documents\My Games
      2017-12-17 17:07 - 2017-11-28 17:35 - 000000000 ____D C:\ProgramData\Orbit
      2017-12-16 21:51 - 2017-09-08 12:51 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Mozilla
      2017-12-15 15:29 - 2017-09-08 12:20 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
      2017-12-11 21:56 - 2017-09-09 21:09 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\SquirrelTemp
      Some files in TEMP:
      ====================
      2017-12-28 18:19 - 2017-12-28 18:19 - 000000180 _____ () C:\Users\GAMEPC\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
      2017-12-28 18:19 - 2018-01-09 18:20 - 000000016 _____ () C:\Users\GAMEPC\AppData\Local\Temp\9cfeec25b194d212cb1a549f559db4ab.dll
      2011-04-29 03:10 - 2011-04-29 03:10 - 002027328 _____ (Electronic Arts, Inc.) C:\Users\GAMEPC\AppData\Local\Temp\installerdll1824963827.dll
      2011-04-29 03:10 - 2011-04-29 03:10 - 002027328 _____ (Electronic Arts, Inc.) C:\Users\GAMEPC\AppData\Local\Temp\installerdll1824966448.dll
      2017-10-21 13:00 - 2017-10-21 13:00 - 001856576 _____ (Oracle Corporation) C:\Users\GAMEPC\AppData\Local\Temp\jre-8u151-windows-au.exe
      2017-11-15 00:12 - 2017-10-27 18:06 - 000760032 _____ (NVIDIA Corporation) C:\Users\GAMEPC\AppData\Local\Temp\nvSCPAPI.dll
      2017-09-08 13:03 - 2017-12-16 00:47 - 000874880 _____ (NVIDIA Corporation) C:\Users\GAMEPC\AppData\Local\Temp\nvSCPAPI64.dll
      2017-11-15 00:09 - 2017-12-16 00:47 - 000371000 _____ (NVIDIA Corporation) C:\Users\GAMEPC\AppData\Local\Temp\nvStInst.exe
      2011-04-29 03:31 - 2011-04-29 03:31 - 034523568 _____ (Electronic Arts, Inc.) C:\Users\GAMEPC\AppData\Local\Temp\Setup.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-01-10 17:08
      ==================== End of FRST.txt ============================











       
      Addition_10-01-2018 17.50.21.txt
    • от Васил Джамбазов
      Както казва заглавието когато влизам в различни страници и трябва да ми излезе това captcha дето проверавя дали съм робот но не ми излиза нищо. Или само си върти или напълно нищо не показва. Пробвал съм със 4 различни браузъри и наквсякъде е същото. Рових в нета сумати време и нищо не ми помага. Де-инсталирах антивирусна, махах всички екстенжъни на браузърите и няма резултат. Мисля че проблема ми е в самия компютър някъде.  
      - Не разполагам с компакт диск за ОС. 
       
       
      Addition.txt
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
      Ran by userr (administrator) on USERR-PC (24-12-2017 01:13:05)
      Running from E:\scoped_dir3952_30355
      Loaded Profiles: userr (Available Profiles: userr)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Bulgarian (Bulgaria)
      Internet Explorer Version 11 (Default browser: Opera)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
      (Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      () C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      () C:\Windows\SysWOW64\PnkBstrA.exe
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
      () C:\Program Files (x86)\qBittorrent\qbittorrent.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Gaijin Entertainment) C:\Users\userr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
      (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
      (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Opera Software) C:\Program Files (x86)\Opera\49.0.2725.64\opera.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
      HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
      HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
      HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-23] (AVAST Software)
      HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
      HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
      HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2014-01-30] (ABBYY Production LLC.)
      HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2016-03-03] ()
      HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "D:\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [15377920 2014-04-29] ()
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\Run: [Gaijin.Net Agent] => C:\Users\userr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2268232 2017-11-01] (Gaijin Entertainment)
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\...\MountPoints2: {87819dae-0c57-11e4-9eea-d050991a0dfa} - G:\setup.exe
      AppInit_DLLs: C:\Users\userr\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => No File
      IFEO\bitguard.exe: [Debugger] tasklist.exe
      IFEO\bprotect.exe: [Debugger] tasklist.exe
      IFEO\bpsvc.exe: [Debugger] tasklist.exe
      IFEO\browserdefender.exe: [Debugger] tasklist.exe
      IFEO\browserprotect.exe: [Debugger] tasklist.exe
      IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
      IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
      IFEO\jumpflip: [Debugger] tasklist.exe
      IFEO\protectedsearch.exe: [Debugger] tasklist.exe
      IFEO\searchinstaller.exe: [Debugger] tasklist.exe
      IFEO\searchprotection.exe: [Debugger] tasklist.exe
      IFEO\searchprotector.exe: [Debugger] tasklist.exe
      IFEO\searchsettings.exe: [Debugger] tasklist.exe
      IFEO\searchsettings64.exe: [Debugger] tasklist.exe
      IFEO\snapdo.exe: [Debugger] tasklist.exe
      IFEO\stinst32.exe: [Debugger] tasklist.exe
      IFEO\stinst64.exe: [Debugger] tasklist.exe
      IFEO\umbrella.exe: [Debugger] tasklist.exe
      IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
      IFEO\volaro: [Debugger] tasklist.exe
      IFEO\vonteera: [Debugger] tasklist.exe
      IFEO\websteroids.exe: [Debugger] tasklist.exe
      IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
      Startup: C:\Users\userr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Изрязване на екран и стартиране на OneNote 2010.lnk [2017-04-19]
      ShortcutTarget: Изрязване на екран и стартиране на OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      AutoConfigURL: [S-1-5-21-845983760-1135253478-3104952537-1000] => hxxp://un-stop.net/wpad.dat?c88dfa84e125e454a786d466e2e3db8a7686672
      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
      Tcpip\..\Interfaces\{5650381A-159B-4673-BC63-260706D9F749}: [DhcpNameServer] 192.168.100.1
      ManualProxies: 0hxxp://un-stop.net/wpad.dat?c88dfa84e125e454a786d466e2e3db8a7686672
      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1431722435&z=60bd0491cc64661fd12a8edg0zcc0g3m0oeo1zbcat&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1431722512&z=0e848d89476fca2279bb4ddg5z8c2g4m8o3o2w1gcq&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&q={searchTerms}
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
      HKU\S-1-5-21-845983760-1135253478-3104952537-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13800&tm=449&src=ds&p={searchTerms}
      SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13800&tm=449&src=ds&p={searchTerms}
      SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX&ts=1431722566&type=default&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-845983760-1135253478-3104952537-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
      BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
      BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-15] (Oracle Corporation)
      BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-12-23] (AVAST Software)
      BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
      BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
      BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-15] (Oracle Corporation)
      BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
      BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-15] (Oracle Corporation)
      BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-12-23] (AVAST Software)
      BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
      BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
      BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-15] (Oracle Corporation)
      StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1431722400&z=cc566e9454f28cf2ca26295g0z7cdgamco6odz3eec&from=smt&uid=TOSHIBAXDT01ACA200_44G39EWGSXX44G39EWGSX
      FireFox:
      ========
      FF ProfilePath: C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default [2017-12-24]
      FF user.js: detected! => C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\user.js [2016-03-15]
      FF Extension: (Avast SafePrice) - C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\Extensions\sp@avast.com.xpi [2017-12-23]
      FF Extension: (Avast Online Security) - C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\Extensions\wrc@avast.com.xpi [2017-12-23]
      FF SearchPlugin: C:\Users\userr\AppData\Roaming\Mozilla\Firefox\Profiles\1cbzl9mj.default\searchplugins\default-search.xml [2014-08-24]
      FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-15] (Oracle Corporation)
      FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-15] (Oracle Corporation)
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-12-05] (Adobe Systems, Inc.)
      FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-15] (Oracle Corporation)
      FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-15] (Oracle Corporation)
      FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
      FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-01] (NVIDIA Corporation)
      FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-01] (NVIDIA Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
      Chrome: 
      =======
      CHR DefaultProfile: Default
      CHR Profile: C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default [2017-12-24]
      CHR Extension: (Assassin's Creed IV Black Flag) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibflpbghgmiinfaefgnldmfajdance [2017-06-01]
      CHR Extension: (Docs) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-19]
      CHR Extension: (YouTube) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-20]
      CHR Extension: (Google Docs Offline) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
      CHR Extension: (Gmail) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-19]
      CHR Extension: (Chrome Media Router) - C:\Users\userr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]
      CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\userr\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [2014-08-24]
      CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
      Opera: 
      =======
      OPR Extension: (Adblock Plus) - C:\Users\userr\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-09-29]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC)
      S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-23] (AVAST Software)
      R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2015-09-25] (Autodesk) [File not signed]
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-23] (AVAST Software)
      S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-01-26] (BitRaider, LLC)
      S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6532664 2016-08-06] (GOG.com)
      S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
      R2 mi-raysat_3dsMax2009_64; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [65536 2008-03-09] () [File not signed]
      S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4121080 2011-06-13] (INCA Internet Co., Ltd.) [File not signed]
      R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
      S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
      R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-04-01] (NVIDIA Corporation)
      R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
      R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-24] ()
      S3 TunngleService; D:\Tunngle\TnglCtrl.exe [809424 2015-10-27] (Tunngle.net GmbH) [File not signed]
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      S2 Ds3Service; "D:\Downloads\SCP DS3 Driver Package\ScpServer\bin\ScpService.exe" [X]
      S3 GalaxyClientService; "C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe" [X]
      S2 Hamachi2Svc; "D:\LogMeIn Hamachi\x64\hamachi-2.exe" -s [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2017-12-23] (AVAST Software)
      S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2017-12-23] (AVAST Software)
      S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2017-12-23] (AVAST Software)
      S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2017-12-23] (AVAST Software)
      S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2017-12-23] (AVAST Software)
      R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2017-12-23] (AVAST Software)
      S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2017-12-23] (AVAST Software)
      R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146664 2017-12-23] (AVAST Software)
      S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2017-12-23] (AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2017-12-23] (AVAST Software)
      S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2017-12-23] (AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457400 2017-12-23] (AVAST Software)
      S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2017-12-23] (AVAST Software)
      S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2017-12-23] (AVAST Software)
      S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2016-06-30] ()
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-07-15] (DT Soft Ltd)
      S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-01-24] ()
      R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2016-06-30] ()
      R3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2014-09-16] (MotioninJoy) [File not signed]
      S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
      R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
      R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-04-01] (NVIDIA Corporation)
      R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
      S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [21888 2006-01-29] (Syncrosoft GmbH) [File not signed]
      R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
      U3 aswbdisk; no ImagePath
      S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
      S3 dump_wmimmc; \??\D:\Phantasy Star Universe\PHANTASY STAR UNIVERSE\GameGuard\dump_wmimmc.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-24 01:12 - 2017-12-24 01:13 - 000000000 ____D C:\FRST
      2017-12-23 12:34 - 2017-12-23 12:34 - 000000000 ____D C:\ProgramData\SWCUTemp
      2017-12-23 03:20 - 2017-12-23 03:20 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-23 03:20 - 2017-12-23 03:20 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-23 03:20 - 2017-12-23 03:20 - 000004474 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
      2017-12-23 03:20 - 2017-12-23 03:20 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-23 02:44 - 2017-12-23 02:44 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
      2017-12-23 02:44 - 2017-12-23 02:44 - 000001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2017-12-23 02:44 - 2017-12-23 02:44 - 000000000 ____D C:\Users\userr\AppData\Roaming\AVAST Software
      2017-12-23 02:44 - 2017-12-23 02:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
      2017-12-23 02:43 - 2017-12-23 02:41 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      2017-12-23 02:43 - 2017-12-23 02:41 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2017-12-23 02:43 - 2017-12-23 02:41 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000149344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
      2017-12-23 02:43 - 2017-12-23 02:39 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
      2017-12-23 02:39 - 2017-12-23 02:39 - 000000000 ____D C:\Program Files\AVAST Software
      2017-12-23 02:30 - 2017-12-23 02:38 - 000000000 ____D C:\Users\userr\AppData\Local\AvgSetupLog
      2017-12-23 02:07 - 2017-12-24 01:10 - 000000000 ____D C:\Users\userr\AppData\LocalLow\Mozilla
      2017-12-23 02:06 - 2017-12-23 02:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-12-23 02:06 - 2017-12-23 02:06 - 000000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-12-10 18:50 - 2017-12-10 19:16 - 000000000 ____D C:\Users\userr\AppData\Roaming\Kodi
      2017-12-10 18:50 - 2017-12-10 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
      2017-12-10 18:49 - 2017-12-10 18:50 - 000000000 ____D C:\Program Files (x86)\Kodi
      2017-12-06 22:46 - 2017-12-06 22:46 - 000000000 ____D C:\Program Files\Common Files\Avast Software
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-24 00:38 - 2014-07-15 18:17 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-23 12:42 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 12:42 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-12-23 12:34 - 2014-07-15 17:50 - 000000000 ____D C:\ProgramData\NVIDIA
      2017-12-23 12:33 - 2014-08-24 19:53 - 000000000 ____D C:\Users\userr\AppData\Roaming\AVG
      2017-12-23 12:33 - 2014-08-24 19:53 - 000000000 ____D C:\Users\userr\AppData\Local\AVG
      2017-12-23 12:33 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-12-23 03:20 - 2014-08-26 10:46 - 000000000 ____D C:\Users\userr\AppData\Local\Adobe
      2017-12-23 03:20 - 2014-07-15 18:17 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-23 03:16 - 2016-01-03 00:01 - 000000000 ____D C:\Users\userr\AppData\Local\CrashDumps
      2017-12-23 02:38 - 2016-05-15 19:06 - 000000000 ____D C:\ProgramData\AVAST Software
      2017-12-23 02:38 - 2014-08-24 19:52 - 000000000 ____D C:\ProgramData\AVG
      2017-12-23 02:07 - 2014-07-15 18:21 - 000000000 ____D C:\Users\userr\AppData\Roaming\Mozilla
      2017-12-23 02:06 - 2014-07-15 18:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-21 04:29 - 2014-10-16 22:00 - 000003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1413489654
      2017-12-21 04:29 - 2014-07-15 18:15 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2017-12-21 04:29 - 2014-07-15 18:15 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2017-12-20 12:42 - 2014-07-15 22:11 - 000000000 ____D C:\Program Files (x86)\Opera
      2017-12-12 02:54 - 2014-07-15 18:15 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-10 19:02 - 2014-07-18 10:15 - 000000000 ____D C:\Program Files (x86)\Winamp
      2017-12-02 15:06 - 2016-02-27 13:58 - 000000000 ____D C:\Users\userr\AppData\Roaming\vlc
      2017-11-30 19:55 - 2009-07-14 07:13 - 000800086 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-11-30 19:55 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      ==================== Files in the root of some directories =======
      2015-06-28 11:25 - 2015-06-28 12:50 - 000003958 _____ () C:\Users\userr\AppData\Roaming\LTspiceIV.ini
      2016-01-01 23:01 - 2016-01-15 22:41 - 000007168 _____ () C:\Users\userr\AppData\Roaming\SQLiteManager3.pref
      2016-03-10 19:19 - 2016-03-10 19:19 - 000003584 _____ () C:\Users\userr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2014-07-23 18:59 - 2016-02-24 12:08 - 000000601 _____ () C:\Users\userr\AppData\Local\DialogChoices.xml
      2016-12-14 12:38 - 2016-12-14 12:38 - 000000600 _____ () C:\Users\userr\AppData\Local\PUTTY.RND
      2015-05-29 13:21 - 2015-05-29 13:21 - 000003992 _____ () C:\Users\userr\AppData\Local\recently-used.xbel
      2016-01-01 23:13 - 2009-09-24 21:36 - 000000486 _____ () C:\Users\userr\AppData\Local\uninstall.html
      Some files in TEMP:
      ====================
      2015-09-25 10:11 - 2014-07-31 18:54 - 000015752 _____ (Autodesk, Inc.) C:\Users\userr\AppData\Local\Temp\AcDeltree.exe
      2016-12-09 15:51 - 2016-12-09 15:51 - 000223744 _____ (Un4seen Developments) C:\Users\userr\AppData\Local\Temp\Bass.dll
      2016-12-09 15:51 - 2016-12-09 15:51 - 000647168 _____ (radio42) C:\Users\userr\AppData\Local\Temp\Bass.Net.dll
      2016-04-16 11:05 - 2016-04-16 11:05 - 000385024 _____ (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\Crysis_Patch_1_2_launcher.exe
      2016-04-22 16:02 - 2016-04-23 19:52 - 000208896 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7340014.dll
      2016-04-22 16:08 - 2016-04-23 19:41 - 000204800 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7370014.dll
      2016-04-23 19:57 - 2016-04-24 10:30 - 000204800 _____ (Sony DADC Austria AG) C:\Users\userr\AppData\Local\Temp\drm_dyndata_7390004.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000027352 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\DseShExt-x64.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000029912 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\DseShExt-x86.dll
      2015-12-15 08:20 - 2015-12-15 08:20 - 000010240 _____ () C:\Users\userr\AppData\Local\Temp\fh2communityupdaterselfupdate.exe
      2016-06-13 18:37 - 2016-06-13 18:37 - 001962752 _____ (Flexera Software LLC) C:\Users\userr\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
      2015-01-29 15:58 - 2006-01-09 06:35 - 000159744 ____R () C:\Users\userr\AppData\Local\Temp\GMfc.dll
      2016-03-21 16:06 - 2016-03-21 16:06 - 001022043 _____ (                                                            ) C:\Users\userr\AppData\Local\Temp\ICReinstall_HDVideoPlayer.exe
      2016-07-28 09:16 - 2016-07-28 09:16 - 000741440 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u101-windows-au.exe
      2016-10-22 10:00 - 2016-10-22 10:00 - 000737856 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u111-windows-au.exe
      2017-01-21 09:41 - 2017-01-21 09:41 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u121-windows-au.exe
      2017-04-25 10:50 - 2017-04-25 10:50 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u131-windows-au.exe
      2017-07-21 08:54 - 2017-07-21 08:54 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u141-windows-au.exe
      2017-11-15 11:43 - 2017-11-15 11:43 - 001856576 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u151-windows-au.exe
      2016-03-27 09:48 - 2016-03-27 09:48 - 000736320 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u77-windows-au.exe
      2016-04-24 10:15 - 2016-04-24 10:15 - 000739904 _____ (Oracle Corporation) C:\Users\userr\AppData\Local\Temp\jre-8u91-windows-au.exe
      2015-01-29 15:58 - 1999-12-17 14:00 - 000995383 ____R (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\Mfc42.dll
      2015-01-29 15:58 - 1999-12-17 14:00 - 000295000 ____R (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\MSVCRT.dll
      2016-03-07 10:20 - 2016-03-07 10:20 - 005495448 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe
      2016-08-16 17:42 - 2016-08-16 17:42 - 006359496 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.23.exe
      2016-01-25 13:38 - 2016-01-25 13:38 - 006350128 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.61.6.exe
      2017-01-02 12:39 - 2017-01-02 12:39 - 006456560 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.63.11.exe
      2017-06-14 10:20 - 2017-06-14 10:20 - 006441096 _____ (Black Tree Gaming                                           ) C:\Users\userr\AppData\Local\Temp\Nexus Mod Manager-0.63.14.exe
      2015-09-01 18:07 - 2016-08-25 22:50 - 000746088 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvSCPAPI.dll
      2015-11-22 12:40 - 2015-11-14 07:54 - 000835776 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvSCPAPI64.dll
      2015-10-13 12:53 - 2015-07-23 02:46 - 000783688 _____ (NVIDIA Corporation) C:\Users\userr\AppData\Local\Temp\nvStInst.exe
      2015-08-04 14:25 - 2015-08-04 14:25 - 000032984 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\SDShelEx-win32.dll
      2015-08-04 14:25 - 2015-08-04 14:25 - 000031960 _____ (AVG Technologies) C:\Users\userr\AppData\Local\Temp\SDShelEx-x64.dll
      2006-01-04 09:04 - 2006-01-04 09:04 - 000098304 ____R () C:\Users\userr\AppData\Local\Temp\Setup.exe
      2016-06-23 10:10 - 2016-07-05 21:28 - 000192512 _____ () C:\Users\userr\AppData\Local\Temp\sfamcc00001.dll
      2015-02-10 19:56 - 2015-02-10 19:56 - 000105984 _____ () C:\Users\userr\AppData\Local\Temp\sfextra.dll
      2016-09-12 19:41 - 2016-09-12 19:42 - 036634172 _____ (Bogdan Ureche                                               ) C:\Users\userr\AppData\Local\Temp\SQLiteExpertPersSetup.exe
      2015-01-29 15:58 - 2006-01-09 18:37 - 000393216 ____R () C:\Users\userr\AppData\Local\Temp\UnivUI.dll
      2015-12-20 20:03 - 2015-12-20 20:03 - 013977352 _____ (Microsoft Corporation) C:\Users\userr\AppData\Local\Temp\vcredist_2015_Update_1_x86.exe
      2016-09-02 18:27 - 2016-09-02 18:28 - 000003584 _____ () C:\Users\userr\AppData\Local\Temp\_j5iljyu.dll
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-19 00:16
      ==================== End of FRST.txt ============================
      FRST.txt
    • от Емилиян Радоев
      Лаптома ми се товарии загрява мисля, че имам вируси в системата
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
      Ran by Emiliyan (administrator) on WISE (20-12-2017 16:03:52)
      Running from C:\Users\Emiliyan\Downloads
      Loaded Profiles: Emiliyan (Available Profiles: Emiliyan)
      Platform: Windows 8 (X64) Language: English (United States)
      Internet Explorer Version 10 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AMD) C:\Windows\System32\atiesrxx.exe
      (AMD) C:\Windows\System32\atieclxx.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
      (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
      (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
      (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
      (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
      (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
      (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
      (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
      (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
      (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [] => [X]
      HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
      HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
      HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
      HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
      HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
      HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
      HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
      HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-12-19] (AVAST Software)
      HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
      HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-22] (Pegatron Corporation)
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-17] (Disc Soft Ltd)
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\Run: [Chromium] => "c:\users\emiliyan\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\MountPoints2: {3200876f-a128-11e7-be97-74e543b067e1} - "E:\stp-fifa17.exe" 
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\...\MountPoints2: {5d49cdaf-cde8-11e7-bea2-74e543b067e1} - "F:\Install.exe" 
      Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Tcpip\..\Interfaces\{4162F2B5-AEAE-42DB-9CD1-CF34657B6E2D}: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Tcpip\..\Interfaces\{72560D0F-2D93-4ECB-9356-DBA41E983165}: [DhcpNameServer] 88.87.0.2 88.87.10.2
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
      HKU\S-1-5-21-3433298263-1705697951-3842491668-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
      SearchScopes: HKU\S-1-5-21-3433298263-1705697951-3842491668-1001 -> DefaultScope {0117524D-8F49-4D9B-B308-983D78D06507} URL = 
      BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
      BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
      Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-05] (Intel Security)
      Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-05] (Intel Security)
      FireFox:
      ========
      FF DefaultProfile: 1dnbjirw.default
      FF ProfilePath: C:\Users\Emiliyan\AppData\Roaming\Mozilla\Firefox\Profiles\1dnbjirw.default [2017-12-20]
      FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
      FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
      FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-07-24] (Nero AG)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
      FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
      Chrome: 
      =======
      CHR Profile: C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default [2017-12-20]
      CHR Extension: (Slides) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
      CHR Extension: (Docs) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
      CHR Extension: (Google Drive) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-21]
      CHR Extension: (YouTube) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-21]
      CHR Extension: (Google Docs Offline) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-21]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-21]
      CHR Extension: (Gmail) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-21]
      CHR Extension: (Chrome Media Router) - C:\Users\Emiliyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-12-19] (AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-12-19] (AVAST Software)
      R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291392 2017-08-17] (Disc Soft Ltd)
      R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
      R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
      R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
      R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-08-03] (McAfee, Inc.)
      R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-08-03] (McAfee, Inc.)
      R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-08-03] (McAfee, Inc.)
      S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
      R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-05-26] (McAfee, Inc.)
      R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-05-26] (McAfee, Inc.)
      R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-05-26] (McAfee, Inc.)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
      S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-12-19] (AVAST Software)
      S1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-12-19] (AVAST Software s.r.o.)
      R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-12-19] (AVAST Software s.r.o.)
      R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-12-19] (AVAST Software s.r.o.)
      R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-12-19] (AVAST Software s.r.o.)
      S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-12-19] (AVAST Software)
      R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-12-19] (AVAST Software)
      R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-12-19] (AVAST Software)
      R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-12-19] (AVAST Software)
      R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-12-19] (AVAST Software)
      R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-12-19] (AVAST Software)
      R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-12-19] (AVAST Software)
      R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-12-19] (AVAST Software)
      R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
      S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [69672 2012-08-03] (McAfee, Inc.)
      S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
      R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-09-24] (Disc Soft Ltd)
      R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-09-24] (Disc Soft Ltd)
      R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [169320 2012-08-03] (McAfee, Inc.)
      R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [300392 2012-08-03] (McAfee, Inc.)
      S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [66736 2012-07-19] (McAfee, Inc.)
      R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [513456 2012-08-03] (McAfee, Inc.)
      R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [752672 2012-08-03] (McAfee, Inc.)
      S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [106112 2012-08-03] (McAfee, Inc.)
      R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [335784 2012-08-03] (McAfee, Inc.)
      R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
      R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
      S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
      S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
      S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-20 16:03 - 2017-12-20 16:04 - 000015501 _____ C:\Users\Emiliyan\Downloads\FRST.txt
      2017-12-20 16:03 - 2017-12-20 16:03 - 002392064 _____ (Farbar) C:\Users\Emiliyan\Downloads\FRST64.exe
      2017-12-20 16:03 - 2017-12-20 16:03 - 000000000 ____D C:\FRST
      2017-12-20 15:51 - 2017-12-20 15:51 - 001931969 _____ C:\Users\Emiliyan\Downloads\ProcessExplorer.zip
      2017-12-19 22:11 - 2017-12-20 00:14 - 000000000 ____D C:\Users\Emiliyan\Downloads\In.Time.2011.BRRip.XviD.BGAudio-SLSS
      2017-12-19 22:10 - 2017-12-19 22:23 - 000000000 ____D C:\Users\Emiliyan\Downloads\We're.the.Millers.2013.BDRip.XviD.BGAUDiO-SLSS
      2017-12-19 19:41 - 2017-12-19 19:42 - 000000000 ____D C:\Users\Emiliyan\Downloads\Spico
      2017-12-19 19:35 - 2017-12-19 19:44 - 000000000 ____D C:\Users\Emiliyan\Downloads\KMSpico 9.2.3
      2017-12-19 19:32 - 2017-12-19 19:32 - 000000000 ____D C:\ProgramData\SWCUTemp
      2017-12-19 19:27 - 2017-12-19 19:27 - 000000000 ____D C:\Users\Emiliyan\Downloads\KMSpico_10.2.0
      2017-12-19 19:12 - 2017-12-20 15:36 - 000000000 ____D C:\Program Files\KMSpico
      2017-12-19 19:12 - 2017-12-19 19:12 - 000003742 _____ C:\WINDOWS\System32\Tasks\Optimize Thumbnail Cache Files
      2017-12-19 19:12 - 2017-12-19 19:12 - 000003272 _____ C:\WINDOWS\System32\Tasks\InstallShield® Update Service Scheduler
      2017-12-19 18:45 - 2017-12-19 18:45 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\AVAST Software
      2017-12-19 18:43 - 2017-12-19 19:11 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
      2017-12-19 18:43 - 2017-12-19 18:43 - 000001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
      2017-12-19 18:43 - 2017-12-19 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
      2017-12-19 18:43 - 2017-12-19 18:43 - 000000000 ____D C:\Program Files\Common Files\Avast Software
      2017-12-19 18:42 - 2017-12-19 18:43 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
      2017-12-19 18:42 - 2017-12-19 18:42 - 000001087 _____ C:\Users\Emiliyan\Desktop\Your Unin-staller!.lnk
      2017-12-19 18:42 - 2017-12-19 18:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
      2017-12-19 18:42 - 2017-12-19 18:42 - 000000000 ____D C:\Program Files (x86)\Your Uninstaller! 7
      2017-12-19 18:42 - 2017-12-19 18:41 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
      2017-12-19 18:42 - 2017-12-19 18:41 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
      2017-12-19 18:42 - 2017-12-19 18:40 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
      2017-12-19 18:41 - 2017-12-20 15:36 - 000000000 ____D C:\Users\Emiliyan\AppData\Local\{F5EAC3B6-D142-AF0E-BCDA-8AE698B2767E}
      2017-12-19 18:41 - 2017-12-19 18:54 - 000000000 ____D C:\ProgramData\TEMP
      2017-12-19 18:41 - 2017-12-19 18:41 - 006822592 _____ (URSoft, Inc. ) C:\Users\Emiliyan\Downloads\your_uninstaller [1].exe
      2017-12-19 18:41 - 2017-12-19 18:41 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
      2017-12-19 18:41 - 2017-12-19 18:41 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\URSoft
      2017-12-19 18:39 - 2017-12-20 15:37 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Opera Software
      2017-12-19 18:39 - 2017-12-20 15:37 - 000000000 ____D C:\Users\Emiliyan\AppData\Local\Opera Software
      2017-12-19 18:39 - 2017-12-19 18:39 - 000000000 ____D C:\Program Files\AVAST Software
      2017-12-19 18:38 - 2017-12-19 18:38 - 007289800 _____ (URSoft, Inc. ) C:\Users\Emiliyan\Downloads\yusetup7.exe
      2017-12-19 18:38 - 2017-12-19 18:38 - 000002657 _____ C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk
      2017-12-19 13:42 - 2017-12-19 13:42 - 000281568 _____ C:\WINDOWS\Minidump\121917-26937-01.dmp
      2017-12-19 13:30 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\DigitalPlayground -  Janice Griffith (50 Ways To Fuck) 12 november 2014 [.mp4]
      2017-12-19 13:28 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\TeensLikeItBig - Elsa Jean, Gia Paige, Gina Valentina (The Cocksuckers Club)
      2017-12-19 13:27 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\Naughty Bookworms - Lexi Diamond
      2017-12-19 13:27 - 2017-12-19 13:27 - 000008240 _____ C:\Users\Emiliyan\Downloads\TeensLikeItBig - Elsa Jean, Gia Paige, Gina Valentina (The Cocksuckers Club).torrent
      2017-12-19 13:26 - 2017-12-19 13:26 - 000017308 _____ C:\Users\Emiliyan\Downloads\Naughty Bookworms - Lexi Diamond.torrent
      2017-12-19 13:26 - 2017-12-19 13:26 - 000013206 _____ C:\Users\Emiliyan\Downloads\DigitalPlayground -  Janice Griffith (50 Ways To Fuck) 12 november 2014 [.mp4].torrent
      2017-12-19 13:22 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\Tiny4K- Elsa Jean - Big Game Tiny Hole
      2017-12-19 13:22 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\KAYLEE HAZE aka Kylie Nicole - Break My Hymen
      2017-12-19 13:22 - 2017-12-19 13:22 - 000019856 _____ C:\Users\Emiliyan\Downloads\Tiny4K- Elsa Jean - Big Game Tiny Hole.torrent
      2017-12-19 13:22 - 2017-12-19 13:22 - 000016441 _____ C:\Users\Emiliyan\Downloads\KAYLEE HAZE aka Kylie Nicole - Break My Hymen.torrent
      2017-12-19 13:18 - 2017-12-19 13:56 - 000000000 ____D C:\Users\Emiliyan\Downloads\RKPrimeReality - Apolonia Lapiedra - Apolonias Blew Movie
      2017-12-19 13:17 - 2017-12-19 13:17 - 000013807 _____ C:\Users\Emiliyan\Downloads\RKPrimeReality - Apolonia Lapiedra - Apolonias Blew Movie.torrent
      2017-12-19 13:15 - 2017-12-19 13:15 - 000019694 _____ C:\Users\Emiliyan\Downloads\TeensLikeItBig - Janice Griffith.torrent
      2017-12-19 13:15 - 2017-12-19 13:15 - 000018341 _____ C:\Users\Emiliyan\Downloads\BangbrosClips - Piper Perri (Pipe Her!! And By Her, We Mean Pipeperr!) NEW February 19 2015 SD MP4s.torrent
      2017-12-19 13:08 - 2017-12-19 13:08 - 000014431 _____ C:\Users\Emiliyan\Downloads\RKPrime - Tiffany Watson (Naughty Trainer).torrent
      2017-12-19 12:57 - 2017-12-19 12:57 - 000016656 _____ C:\Users\Emiliyan\Downloads\Elsa Jean - Bubble Blonde.torrent
      2017-12-19 12:19 - 2017-12-19 12:19 - 018316917 _____ C:\Users\Emiliyan\Downloads\Drift Pack.rar
      2017-12-17 23:39 - 2017-12-17 23:39 - 000000627 _____ C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\arhiv.lnk
      2017-12-14 00:48 - 2017-12-14 00:48 - 000000000 _____ C:\Users\Emiliyan\Desktop\New Text Document (2).txt
      2017-12-12 14:12 - 2017-12-12 14:12 - 000281512 _____ C:\WINDOWS\Minidump\121217-37562-01.dmp
      2017-12-11 20:22 - 2017-12-11 20:22 - 000000000 ____D C:\Mu BattleZone Hard (No Sound)(1)
      2017-12-11 20:01 - 2017-12-11 20:02 - 092586941 _____ C:\Mu BattleZone Hard (No Sound)(1).rar
      2017-12-07 16:14 - 2017-12-07 16:14 - 000000000 ____D C:\Users\Emiliyan\Downloads\1231
      2017-12-07 16:13 - 2017-12-07 16:14 - 092586941 _____ C:\Users\Emiliyan\Downloads\1231.rar
      2017-12-07 13:12 - 2017-12-07 13:12 - 000015260 _____ C:\Users\Emiliyan\Downloads\ReVolt_17.1124a.exe.torrent
      2017-11-24 14:44 - 2017-11-24 14:44 - 016270006 _____ C:\Users\Emiliyan\Downloads\sa-mp-0.3.7-install (1).exe
      2017-11-24 14:38 - 2017-12-18 18:43 - 000000000 ____D C:\Users\Emiliyan\Documents\GTA San Andreas User Files
      2017-11-24 14:38 - 2017-11-24 14:38 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
      2017-11-24 14:38 - 2017-11-24 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
      2017-11-24 14:28 - 2017-11-24 14:28 - 000001914 _____ C:\Users\Public\Desktop\GTA San Andreas.lnk
      2017-11-24 14:28 - 2017-11-24 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
      2017-11-24 14:28 - 2017-11-24 14:28 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
      2017-11-24 14:04 - 2017-11-24 14:04 - 016270006 _____ C:\Users\Emiliyan\Downloads\sa-mp-0.3.7-install.exe
      2017-11-24 14:04 - 2017-11-24 14:04 - 000000000 ____D C:\Users\Emiliyan\Downloads\crack
      2017-11-24 14:03 - 2017-11-24 14:03 - 004811976 _____ C:\Users\Emiliyan\Downloads\crack.rar
      2017-11-24 14:03 - 2017-11-24 14:03 - 000162504 _____ C:\Users\Emiliyan\Downloads\[ArenaBG.com]-Grand Theft Auto (GTA) San Andreas-HOODLUM.torrent
      2017-11-23 17:55 - 2017-12-19 18:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-20 15:51 - 2017-06-22 01:33 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\uTorrent
      2017-12-20 15:46 - 2017-06-22 14:55 - 000000000 ____D C:\Users\Emiliyan\AppData\LocalLow\Mozilla
      2017-12-20 12:14 - 2017-06-22 14:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
      2017-12-19 19:37 - 2012-07-26 09:28 - 000848230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2017-12-19 19:37 - 2012-07-26 07:37 - 000000000 ____D C:\WINDOWS\Inf
      2017-12-19 19:31 - 2017-06-22 00:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
      2017-12-19 19:30 - 2012-07-26 09:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-12-19 19:12 - 2012-08-29 23:53 - 000000000 ____D C:\WINDOWS\System32\Tasks\Toshiba
      2017-12-19 19:10 - 2017-07-07 21:08 - 000000000 ____D C:\Users\Emiliyan\Downloads\simson
      2017-12-19 18:52 - 2012-08-30 09:14 - 000000000 ____D C:\WINDOWS\Panther
      2017-12-19 18:52 - 2012-07-26 10:12 - 000000000 ___HD C:\Program Files\WindowsApps
      2017-12-19 18:52 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\AUInstallAgent
      2017-12-19 18:41 - 2017-09-24 18:24 - 000000000 ____D C:\ProgramData\AVAST Software
      2017-12-19 13:56 - 2017-11-19 22:13 - 000000000 ____D C:\Users\Emiliyan\Downloads1
      2017-12-19 13:42 - 2017-06-22 12:00 - 000000000 ____D C:\WINDOWS\Minidump
      2017-12-19 13:42 - 2017-06-22 11:59 - 715990818 _____ C:\WINDOWS\MEMORY.DMP
      2017-12-18 21:49 - 2017-10-12 12:37 - 000222208 ___SH C:\Users\Emiliyan\Desktop\Thumbs.db
      2017-12-12 22:20 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
      2017-12-12 22:20 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\system32\Macromed
      2017-12-12 14:11 - 2017-06-22 14:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-12 08:49 - 2017-09-21 16:27 - 000002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-12 08:49 - 2017-09-21 16:27 - 000002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-12-11 00:40 - 2017-06-22 14:53 - 000000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-11-24 15:37 - 2017-09-25 19:03 - 000281088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2017-11-24 15:36 - 2012-07-26 07:26 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
      2017-11-24 14:28 - 2012-08-29 23:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
      2017-11-23 17:56 - 2017-06-22 14:55 - 000000000 ____D C:\Users\Emiliyan\AppData\Roaming\Mozilla
      2017-11-23 17:56 - 2017-06-22 14:53 - 000000935 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
      ==================== Files in the root of some directories =======
      2017-06-22 01:24 - 2017-06-22 01:24 - 000007606 _____ () C:\Users\Emiliyan\AppData\Local\Resmon.ResmonCfg
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-12-15 14:17
      ==================== End of FRST.txt ============================
      Addition.txt
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Дарение

×