Премини към съдържанието
15 години Kaldata.com – време е да почерпим! Прочети още... ×

Препоръчан отговор


Здравейте! Преди няколко дни хванах някакъв adware. На голяма част от сайтовете, които посещавам започна да ми се появява квадратно прозорче в долния ляв ъгъл на монитора, като при всяко зареждане е някаква различна "реклама". post-344165-0-80376400-1385652128_thumb. 

Инсталирах си Adblock Plus и той ги блокира, но повечето сайтове започнаха да забиват. Пробвах с AdwCleaner и десетки анти-вирусни, но никоя не открива проблем :( В add-ons няма нищо, нито в uninstal or change program, нито пък в processes на Windows task manager. Около 5-6 пъти от неделя насам се случи да ми се появи син екран и компютъра ми се рестартира сам. След рестартирането ми се появява прозорец с надпис: "Windows has recovered from an unexpected shutdown". Не знам дали това има връзка с adware-а. Как мога да разкарам този adware (мисля, че се казва AdChoises)? Моля за помощ!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..!Моля, прочетете внимателно темата Системата ми е инфектирана - Какво да правя сега? . Подгответе дневници с програмата DDS (точка 5) и ги публикувайте в следващия си пост..! :)

  • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..!Моля, прочетете внимателно темата Системата ми е инфектирана - Какво да правя сега? . Подгответе дневници с програмата DDS (точка 5) и ги публикувайте в следващия си пост..! :)

Ето ги дневниците!

 

DDS:

 

DDS (Ver_2011-09-30.01) - NTFS_x86

Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.45.2

Run by BOBID at 19:12:43 on 2013-11-28

Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2046.700 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe

C:Windowssystem32atiesrxx.exe

C:WindowsSystem32spoolsv.exe

C:Windowssystem32atieclxx.exe

C:Program FilesCommon FilesAdobeARM1.0armsvc.exe

C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Windowssystem32taskhost.exe

C:Program FilesBonjourmDNSResponder.exe

C:Program FilesCanonIJPLMIJPLMSVC.EXE

C:Windowssystem32IProsetMonitor.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

c:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe

C:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe

C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe

C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe

C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe

C:Program FilesWinampwinampa.exe

C:Program FilesLanCLlanclP.exe

C:WindowsVM303_STI.EXE

C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe

C:Windowssystem32SearchIndexer.exe

C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe

C:Program FilesCanonMyPrinterBJMYPRT.EXE

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Program FilesCommon FilesJavaJava Updatejusched.exe

C:Program FilesDAEMON Tools LiteDTLite.exe

C:Program FilesMcAfee Security Scan3.8.130SSScheduler.exe

C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe

C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesAdblock Plus for IEAdblockPlusEngine.exe

C:Windowssystem32MacromedFlashFlashUtil32_11_9_900_152_ActiveX.exe

C:Program FilesuTorrentuTorrent.exe

C:Windowssystem32conhost.exe

C:Windowssystem32wbemwmiprvse.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32svchost.exe -k RPCSS

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32svchost.exe -k NetworkService

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Windowssystem32svchost.exe -k imgsvc

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.bg/

uSearch Bar = Preserve

mStart Page = hxxp://www.google.com

BHO: MHTBPos00 Class: {0C37B053-FD68-456a-82E1-D788EE342E6F} -

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:program filesmcafee security scan3.8.130McAfeeMSS_IE.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesjavajre7binssv.dll

BHO: CMySite Class: {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre7binjp2ssv.dll

BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:program filesadblock plus for ieAdblockPlus32.dll

TB: VideoDownloadConverter: {48586425-6bb7-4f51-8dc6-38c88e3ebb58} -

uRun: [DAEMON Tools Lite] "c:program filesdaemon tools liteDTLite.exe" -autorun

mRun: [iAStorIcon] c:program filesintelintel® rapid storage technologyIAStorIcon.exe

mRun: [startCCC] "c:program filesati technologiesati.acecore-staticCLIStart.exe" MSRun

mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe"

mRun: [AdobeAAMUpdater-1.0] "c:program filescommon filesadobeoobepdappuwaUpdaterStartupUtility.exe"

mRun: [switchBoard] c:program filescommon filesadobeswitchboardSwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "c:program filescommon filesadobecs5.5servicemanagerCS5.5ServiceManager.exe" -launchedbylogin

mRun: [WinampAgent] "c:program fileswinampwinampa.exe"

mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime

mRun: [lancl] c:program fileslancllanclP.exe

mRun: [bigDog303] c:windowsVM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"

mRun: [CanonSolutionMenu] c:program filescanonsolutionmenuCNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:program filescanonmyprinterBJMyPrt.exe /logon

mRun: [APSDaemon] "c:program filescommon filesappleapple application supportAPSDaemon.exe"

mRun: [sunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"

StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupmcafee~1.lnk - c:program filesmcafee security scan3.8.130SSScheduler.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: SynchronousUserGroupPolicy = dword:0

mPolicies-System: SynchronousMachineGroupPolicy = dword:0

mPolicies-WindowsSystem: AllowBlockingAppsAtShutdown = dword:1

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:program filesmicrosoft officeoffice12ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: Interfaces{27C40857-6252-4703-8ED9-397E4094732C} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll

Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:usersbobidappdataroamingmozillafirefoxprofiles96xkwtb9.default-1385334207447

FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/

FF - plugin: c:program filesadobereader 10.0readerairnppdf32.dll

FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll

FF - plugin: c:program filesgoogleupdate1.3.21.165npGoogleUpdate3.dll

FF - plugin: c:program filesjavajre7bindtpluginnpdeployJava1.dll

FF - plugin: c:program filesjavajre7binplugin2npjp2.dll

FF - plugin: c:program filesmcafee security scan3.8.130npMcAfeeMSS.dll

FF - plugin: c:program filesmicrosoft silverlight4.0.60531.0npctrlui.dll

FF - plugin: c:usersbobidappdatalocalmicrosoftinternet explorerdownloaded program filesnpsoe.dll

FF - plugin: c:usersbobidappdatalocallowunitywebplayerloadernpUnity3D32.dll

FF - plugin: c:windowssystem32adobedirectornp32dsw_1167637.dll

FF - plugin: c:windowssystem32macromedflashNPSWF32_11_9_900_152.dll

.

============= SERVICES / DRIVERS ===============

.

R0 gfibto;gfibto;c:windowssystem32driversgfibto.sys [2013-11-24 13560]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32driversdtsoftbus01.sys [2011-11-23 232512]

R1 MpFilter;Microsoft Malware Protection Driver;c:windowssystem32driversMpFilter.sys [2011-4-18 165648]

R1 MpKsl4fead68a;MpKsl4fead68a;c:programdatamicrosoftmicrosoft antimalwaredefinition updates{f0ff1597-a850-4551-bfd9-83fbc0373bdb}MpKsl4fead68a.sys [2013-11-28 40392]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:program filescommon filesadobearm1.0armsvc.exe [2013-5-10 65640]

R2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2011-7-28 176128]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:program filesintelintel® rapid storage technologyIAStorDataMgrSvc.exe [2011-9-9 13592]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:windowssystem32IPROSetMonitor.exe [2011-9-9 112800]

R3 amdkmdag;amdkmdag;c:windowssystem32driversatikmdag.sys [2011-7-29 8396800]

R3 amdkmdap;amdkmdap;c:windowssystem32driversatikmpag.sys [2011-7-28 247296]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW73.sys [2011-6-7 211984]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:windowssystem32driversMpNWMon.sys [2011-4-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:windowssystem32driversNisDrvWFP.sys [2011-4-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:program filesmicrosoft security clientantimalwareNisSrv.exe [2011-4-27 208944]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Услуга на Google Актуализация (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2011-11-1 136176]

S2 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2013-9-5 171680]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2013-11-17 257416]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:windowssystem32driversb57nd60x.sys [2009-7-14 229888]

S3 cpudrv;cpudrv;c:program filessystemrequirementslabcpudrv.sys [2009-12-18 11336]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:program fileslavalyseverest corporate editionkerneld.wnt [2011-9-9 27760]

S3 gupdatem;Услуга на Google Актуализация (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2011-11-1 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:program filesmcafee security scan3.8.130McCHSvc.exe [2013-9-6 235216]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:windowssystem32driversMijXfilt.sys [2013-9-8 99400]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:program filesmozilla maintenance servicemaintenanceservice.exe [2012-6-7 119408]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:windowssystem32driversScreamingBAudio.sys [2009-12-1 34384]

S3 SwitchBoard;Adobe SwitchBoard;c:program filescommon filesadobeswitchboardSwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32watWatAdminSvc.exe [2011-9-9 1343400]

.

=============== Created Last 30 ================

.

2013-11-28 17:01:34   40392   ----a-w- c:programdatamicrosoftmicrosoft antimalwaredefinition updates{f0ff1597-a850-4551-bfd9-83fbc0373bdb}MpKsl4fead68a.sys

2013-11-28 10:50:51   7772552   ----a-w- c:programdatamicrosoftmicrosoft antimalwaredefinition updates{f0ff1597-a850-4551-bfd9-83fbc0373bdb}mpengine.dll

2013-11-26 00:18:16   -------- d-----w- c:usersbobidappdatalocalCrashDumps

2013-11-25 23:56:44   -------- d-----w- c:program filesWhoCrashed

2013-11-25 00:07:57   -------- d-----w- c:program filesEnigma Software Group

2013-11-25 00:06:51   -------- d-----w- c:windows220FB0354744483A9A0B41DF77061583.TMP

2013-11-24 21:41:02   872392 ----a-w- c:program filesmozilla firefoxuninstallhelper.exe

2013-11-24 20:29:19   -------- d-----w- c:programdataHitmanPro

2013-11-24 20:25:41   -------- d-----w- c:program filesAdblock Plus for IE

2013-11-24 20:25:39   -------- d-----w- c:programdataPackage Cache

2013-11-24 20:12:02   -------- d-----w- C:AdwCleaner

2013-11-24 19:17:00   -------- d-----w- c:programdataArovax

2013-11-24 19:07:00   -------- d-----w- c:usersbobidappdataroamingSecureSearch

2013-11-24 19:06:35   -------- d-----w- c:program filesLavasoft

2013-11-24 19:05:45   -------- d-----w- c:usersbobidappdataroamingLavasoftStatistics

2013-11-24 19:05:38   44424   ----a-w- c:windowssystem32sbbd.exe

2013-11-24 19:05:38   13560   ----a-w- c:windowssystem32driversgfibto.sys

2013-11-24 19:05:37   -------- d-----w- c:usersbobidappdataroamingAd-Aware Antivirus

2013-11-24 18:50:03   -------- d-----w- c:programdataOracle

2013-11-24 18:49:13   94632   ----a-w- c:windowssystem32WindowsAccessBridge.dll

2013-11-17 21:25:21   71048   ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2013-11-17 21:25:21   692616 ----a-w- c:windowssystem32FlashPlayerApp.exe

2013-11-16 00:31:29   6128760   ----a-w- c:program filesmozilla firefoxextensions{82af8dca-6de9-405d-bd5e-43525bdad38a}componentsSkypeFfComponent.dll

2013-11-16 00:31:29   6128760   ----a-w- c:program filesmozilla firefoxbrowserextensions{82af8dca-6de9-405d-bd5e-43525bdad38a}componentsSkypeFfComponent.dll

2013-11-16 00:31:29   28272   ----a-w- c:program filesmozilla firefoxplugin-hang-ui.exe

2013-11-16 00:31:29   272496 ----a-w- c:program filesmozilla firefoxbrowsercomponentsbrowsercomps.dll

2013-11-16 00:31:29   187456 ----a-w- c:program filesmozilla firefoxpluginsnppdf32.dll

.

==================== Find3M  ====================

.

2013-11-19 10:21:30   230048 ------w- c:windowssystem32MpSigStub.exe

2013-10-15 08:28:33   29725   ----a-w- c:windowssystem32driverssmssvm.sys

2013-10-15 08:28:32   50637   ----a-w- c:windowssystem32DLLA794.tmp

2013-10-05 14:40:12   773800 ----a-w- c:windowssystem32msvcr100.dll

2013-10-05 14:40:12   421032 ----a-w- c:windowssystem32msvcp100.dll

2012-07-31 13:13:48   172464 ----a-w- c:program files4zres.dll

.

============= FINISH: 19:12:53,49 ===============

 

 

 

attach:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-09-30.01)

.

Microsoft Windows 7 Ultimate

Boot Device: DeviceHarddiskVolume1

Install Date: 9.9.2011 г. 14:25:02

System Uptime: 28.11.2013 г. 16:58:33 (3 hours ago)

.

Motherboard: Dell Inc. |  | 0G254H

Processor: Pentium® Dual-Core  CPU   E5700  @ 3.00GHz | CPU | 2990/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 100 GiB total, 50,378 GiB free.

D: is FIXED (NTFS) - 416 GiB total, 210,479 GiB free.

E: is FIXED (NTFS) - 416 GiB total, 282,906 GiB free.

F: is CDROM ()

G: is FIXED (NTFS) - 298 GiB total, 77,375 GiB free.

H: is CDROM (CDFS)

I: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP773: 25.11.2013 г. 13:27:03 - Windows Update

RP774: 26.11.2013 г. 14:13:23 - Windows Update

RP775: 28.11.2013 г. 12:49:46 - Windows Update

.

==== Installed Programs ======================

.

µTorrent

2007 Microsoft Office Suite Service Pack 2 (SP2)

A4 TECH USB PC Camera H

ACDSee Pro 4

Adblock Plus for IE

Adblock Plus for IE (32-bit)

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS5.1

Adobe Reader X (10.1.7)

Adobe Shockwave Player 11.6

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Media Foundation Decoders

Angry Birds

Angry Birds RePack

Angry Birds Star Wars

Angry Birds Star Wars II

Angry Birds: Rio RePack

Angry Birds: Space RePack

Angry Birds: Star Wars RePack

Any Video Converter 3.5.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bad Piggies RePack

Bonjour

Canon MP Navigator EX 2.0

Canon MP540 series MP Drivers

Canon MP540 series User Registration

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

ccc-utility

CCC Help English

Corel Graphics - Windows Shell Extension

CorelDRAW Graphics Suite X5

CorelDRAW Graphics Suite X5 - Capture

CorelDRAW Graphics Suite X5 - Common

CorelDRAW Graphics Suite X5 - Connect

CorelDRAW Graphics Suite X5 - Custom Data

CorelDRAW Graphics Suite X5 - Draw

CorelDRAW Graphics Suite X5 - EN

CorelDRAW Graphics Suite X5 - Filters

CorelDRAW Graphics Suite X5 - FontNav

CorelDRAW Graphics Suite X5 - IPM

CorelDRAW Graphics Suite X5 - PHOTO-PAINT

CorelDRAW Graphics Suite X5 - Photozoom Plugin

CorelDRAW Graphics Suite X5 - Redist

CorelDRAW Graphics Suite X5 - Setup Files

CorelDRAW Graphics Suite X5 - VBA

CorelDRAW Graphics Suite X5 - VideoBrowser

CorelDRAW Graphics Suite X5 - VSTA

CorelDRAW Graphics Suite X5 - WT

CorelDRAW® Graphics Suite X5

DAEMON Tools Lite

Drumaxx

EVEREST Corporate Edition v5.50

FL Studio 9

Free YouTube to MP3 Converter version 3.11.34.1015

Ghostscript GPL 8.64 (Msi Setup)

GOM Player

Google Earth

Google Update Helper

Hardcore

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

IL Download Manager

Inkjet Printer/Scanner Extended Survey Program

Intel® Control Center

Intel® Network Connections 16.5.2.0

Intel® Rapid Storage Technology

Java 7 Update 45

Java Auto Updater

K-Lite Mega Codec Pack 7.7.0

LAN Client 10012

Last.fm Scrobbler 2.1.30

McAfee Security Scan Plus

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Antimalware

Microsoft Office Access MUI (Bulgarian) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Bulgarian) 2007

Microsoft Office Groove MUI (Bulgarian) 2007

Microsoft Office InfoPath MUI (Bulgarian) 2007

Microsoft Office OneNote MUI (Bulgarian) 2007

Microsoft Office Outlook MUI (Bulgarian) 2007

Microsoft Office PowerPoint MUI (Bulgarian) 2007

Microsoft Office Proof (Bulgarian) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Russian) 2007

Microsoft Office Proofing (Bulgarian) 2007

Microsoft Office Publisher MUI (Bulgarian) 2007

Microsoft Office Shared MUI (Bulgarian) 2007

Microsoft Office Word MUI (Bulgarian) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual Studio Tools for Applications 2.0 - ENU

Microsoft Visual Studio Tools for Applications 2.0 Runtime

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MotioninJoy Gamepad tool 0.7.1001

Mozilla Firefox 25.0.1 (x86 en-US)

Mozilla Maintenance Service

MPEG2 Codec(libmpeg2/mad)

MSVCRT Redists

NVIDIA PhysX

PDF Settings CS5

PoiZone

QuickTime

Sakura

Sawer

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Skype Click to Call

Skype™ 6.9

swMSM

System Requirements Lab for Intel

The KMPlayer (remove only)

Tomb Raider version 5.1

Toxic Biohazard

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Vegas Pro 10.0

Visual Basic for Applications ® Core

Visual Basic for Applications ® Core - English

WhoCrashed 5.00

Winamp

Winamp Detector Plug-in

WinRAR 4.01 (32-битова версия)

.

==== Event Viewer Messages From Past Week ========

.

28.11.2013 г. 16:58:07, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.

28.11.2013 г. 16:19:42, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

28.11.2013 г. 16:10:36, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

28.11.2013 г. 16:08:21, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

28.11.2013 г. 12:52:39, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

28.11.2013 г. 12:52:34, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

28.11.2013 г. 00:36:41, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:  Previous Signature Version: 1.163.638.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITYSYSTEM   Current Engine Version:  Previous Engine Version: 1.1.10100.0   Error code: 0x80072ee2   Error description: The operation timed out

28.11.2013 г. 00:25:13, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x00000000, 0x00000002, 0x00000001, 0x82c5bc53). A dump was saved in: C:WindowsMEMORY.DMP. Report Id: 112813-13634-01.

27.11.2013 г. 22:29:23, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:  Previous Signature Version: 1.163.638.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITYSYSTEM   Current Engine Version:  Previous Engine Version: 1.1.10100.0   Error code: 0x80072ee2   Error description: The operation timed out

27.11.2013 г. 19:40:54, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:  Previous Signature Version: 1.163.638.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITYSYSTEM   Current Engine Version:  Previous Engine Version: 1.1.10100.0   Error code: 0x80072ee2   Error description: The operation timed out

27.11.2013 г. 19:26:17, Error: NetBT [4321]  - The name "WORKGROUP   :1d" could not be registered on the interface with IP address 10.10.17.239. The computer with the IP address 10.10.3.58 did not allow the name to be claimed by this computer.

27.11.2013 г. 15:07:34, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:  Previous Signature Version: 1.163.638.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITYSYSTEM   Current Engine Version:  Previous Engine Version: 1.1.10100.0   Error code: 0x80072ee2   Error description: The operation timed out

27.11.2013 г. 14:38:37, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  and APPID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  to the user IAVOR-PCIAVOR SID (S-1-5-21-2012342892-1899436567-3279090847-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

27.11.2013 г. 11:39:47, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

26.11.2013 г. 21:01:50, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

26.11.2013 г. 20:28:24, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

26.11.2013 г. 14:02:47, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1 (0xe4360000, 0x00000002, 0x00000001, 0x889dc41b). A dump was saved in: C:WindowsMEMORY.DMP. Report Id: 112613-14898-01.

26.11.2013 г. 13:30:35, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

26.11.2013 г. 12:43:24, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x00000000, 0x00000002, 0x00000001, 0x82c58c53). A dump was saved in: C:WindowsMEMORY.DMP. Report Id: 112613-14071-01.

26.11.2013 г. 11:31:57, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

26.11.2013 г. 11:13:41, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

26.11.2013 г. 11:02:01, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

26.11.2013 г. 01:52:26, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

26.11.2013 г. 01:42:38, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x00000000, 0x00000002, 0x00000001, 0x82c86c53). A dump was saved in: C:WindowsMEMORY.DMP. Report Id: 112613-13322-01.

25.11.2013 г. 23:56:23, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

25.11.2013 г. 23:54:30, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

25.11.2013 г. 21:37:36, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

25.11.2013 г. 21:24:07, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

25.11.2013 г. 14:30:49, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

25.11.2013 г. 14:30:07, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x00000000, 0x00000002, 0x00000001, 0x82c48c53). A dump was saved in: C:WindowsMEMORY.DMP. Report Id: 112513-20514-01.

25.11.2013 г. 14:07:50, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

25.11.2013 г. 14:06:55, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

25.11.2013 г. 13:16:43, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

25.11.2013 г. 02:58:43, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

25.11.2013 г. 02:54:58, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

25.11.2013 г. 01:40:58, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

25.11.2013 г. 01:18:19, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

25.11.2013 г. 01:13:55, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

25.11.2013 г. 01:07:04, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

25.11.2013 г. 00:24:10, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

25.11.2013 г. 00:07:05, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

25.11.2013 г. 00:06:53, Error: Service Control Manager [7000]  - The 11845 service failed to start due to the following error:  The system cannot find the file specified.

25.11.2013 г. 00:04:12, Error: Service Control Manager [7034]  - The Ad-Aware Service 11 service terminated unexpectedly.  It has done this 1 time(s).

24.11.2013 г. 23:51:38, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

24.11.2013 г. 23:46:46, Error: Service Control Manager [7000]  - The 11845 service failed to start due to the following error:  The system cannot find the file specified.

24.11.2013 г. 23:26:06, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

24.11.2013 г. 22:59:56, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

24.11.2013 г. 22:42:57, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

24.11.2013 г. 22:42:41, Error: Service Control Manager [7000]  - The 11845 service failed to start due to the following error:  The system cannot find the file specified.

24.11.2013 г. 22:39:02, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

24.11.2013 г. 22:37:06, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

24.11.2013 г. 22:36:51, Error: Service Control Manager [7000]  - The 11845 service failed to start due to the following error:  The system cannot find the file specified.

24.11.2013 г. 22:17:01, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

24.11.2013 г. 22:16:46, Error: Service Control Manager [7000]  - The 11845 service failed to start due to the following error:  The system cannot find the file specified.

24.11.2013 г. 22:13:51, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

24.11.2013 г. 22:13:33, Error: Service Control Manager [7000]  - The 11845 service failed to start due to the following error:  The system cannot find the file specified.

24.11.2013 г. 22:08:28, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

24.11.2013 г. 22:04:09, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

24.11.2013 г. 22:03:28, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

24.11.2013 г. 21:56:50, Error: Service Control Manager [7034]  - The Anvi Cloud System Booster Speed Service service terminated unexpectedly.  It has done this 1 time(s).

24.11.2013 г. 21:38:37, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Behavior Monitoring   Error Code: 0x80004005   Error description: Unspecified error  Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

24.11.2013 г. 21:38:34, Error: Service Control Manager [7000]  - The 11845 service failed to start due to the following error:  The system cannot find the file specified.

24.11.2013 г. 21:15:18, Error: Service Control Manager [7034]  - The Ad-Aware Service 11 service terminated unexpectedly.  It has done this 1 time(s).

24.11.2013 г. 20:52:11, Error: iaStor [9]  - The device, DeviceIdeiaStor0, did not respond within the timeout period.

.

==== End Of File ===========================

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Публикувано изображение Изтеглете Malwarebytes' Anti-Malware или от тук (не забравяйте да обновите програмата с нови дефиниции)
* Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.
* Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.
* Ако има намерени обновявания, тя ще ги изтегли и инсталира.
* Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.
* Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.
* Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата
* Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.
* Когато всичко бъде премахнато, в Notepad ще бъде отворен лог.
Копирайте този лог и го публикувайте в следващия си коментар по темата.
Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран

 

Публикувано изображение

  • [*]Моля изтеглете
Farbar Recovery Scan Tool и го запазете на десктопа. [*]Стартирайте файла FRST.exe. [*]Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение. [*]Сложете всички отметки. [*]Натиснете бутона SCAN. [*]Ще се създадат два лог файл с името - FRST.txt и Addition.txt на десктопа. [*]Файлът FRST.txt копирайте в следващия си пост. Addition.txt прикачете в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Версия на базата от данни: v2013.11.29.02

 

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

BOBID :: BOBID-PC [администратор]

 

29.11.2013 г. 11:40:56 ч.

mbam-log-2013-11-29 (11-40-56).txt

 

Тип сканиране: Пълно сканиране (C:|D:|E:|G:|)

Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUM

Изключени опции за сканиране: P2P

Сканирани обекти: 473102

Изминало време: 2 час(а), 40 минута(и), 6 секунда(и)

 

Открити процеси в паметта: 0

(Не бяха открити зловредни обекти)

 

Открити модули в паметта: 0

(Не бяха открити зловредни обекти)

 

Открити ключове в системния регистър: 0

(Не бяха открити зловредни обекти)

 

Открити стойности в системния регистър: 0

(Не бяха открити зловредни обекти)

 

Открити информационни обекти в системния регистър: 0

(Не бяха открити зловредни обекти)

 

Открити папки: 0

(Не бяха открити зловредни обекти)

 

Открити файлове: 8

 

C:UsersBOBIDAppDataLocalLowSunJavaDeploymentcache6.0363473d024-16f70738 (Trojan.Agent.FSA74) -> Поставен под карантина и изтрит успешно.

 

D:GamesNightSkyUninstall.exe (Malware.Packer.Krunchy) -> Поставен под карантина и изтрит успешно.

 

E:INSTALLACDSee.Pro.v4.0.237.Incl.Keymaker-COREkeygen.exe (RiskWare.Tool.CK) -> Поставен под карантина и изтрит успешно.

 

E:INSTALLBS.Player Pro v2.57 Build 1051 FinalKeygen.rar (Trojan.Agent) -> Поставен под карантина и изтрит успешно.

 

E:INSTALLBS.Player Pro v2.57 Build 1051 FinalKeygenkeygen.exe (Trojan.Agent) -> Поставен под карантина и изтрит успешно.

 

E:INSTALLQuickTime PRO v7.65.17.80Keygen.exe (RiskWare.Tool.CK) -> Поставен под карантина и изтрит успешно.

 

E:INSTALLWinamp 5.62 PROWinamp.5.50_KEYGEN-FFF.exe (RiskWare.Tool.CK) -> Поставен под карантина и изтрит успешно.

 

E:TorrentsNightSky.v1.0.0.full-THETANFOviewer.exe (Malware.Packer.Krunchy) -> Поставен под карантина и изтрит успешно.

 

(край)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-11-2013
Ran by BOBID (administrator) on BOBID-PC on 29-11-2013 14:37:28
Running from C:UsersBOBIDDesktop
Microsoft Windows 7 Ultimate  (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe
(AMD) C:WindowsSystem32atiesrxx.exe
(AMD) C:WindowsSystem32atieclxx.exe
(Apple Inc.) C:Program FilesCommon FilesAppleMobile Device Support

AppleMobileDeviceService.exe
(Apple Inc.) C:Program FilesBonjourmDNSResponder.exe
() C:Program FilesCanonIJPLMijplmsvc.exe
(Intel Corporation) C:WindowsSystem32IPROSetMonitor.exe
(Protexis Inc.) C:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe
(Microsoft Corporation) C:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe
(Malwarebytes Corporation) C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe
(Malwarebytes Corporation) C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
(Malwarebytes Corporation) C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe
(Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe
(Microsoft Corporation) C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
(Advanced Micro Devices Inc.) C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
(Nullsoft, Inc.) C:Program FilesWinampwinampa.exe
() C:Program FilesLanCLlanclP.exe
(Vimicro) C:WindowsVM303_STI.EXE
(Adobe Systems Incorporated) C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe
(CANON INC.) C:Program FilesCanonMyPrinterBJMYPRT.EXE
(ATI Technologies Inc.) C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
(Oracle Corporation) C:Program FilesCommon FilesJavaJava Updatejusched.exe
(DT Soft Ltd) C:Program FilesDAEMON Tools LiteDTLite.exe
(McAfee, Inc.) C:Program FilesMcAfee Security Scan3.8.130SSScheduler.exe
(Microsoft Corporation) C:Program FilesInternet Exploreriexplore.exe
(Microsoft Corporation) C:Program FilesInternet Exploreriexplore.exe
(Eyeo GmbH) C:Program FilesAdblock Plus for IEAdblockPlusEngine.exe
(Adobe Systems Incorporated) C:WindowsSystem32MacromedFlash

FlashUtil32_11_9_900_152_ActiveX.exe
(Microsoft Corporation) C:WindowsMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe
(Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe
(Microsoft Corporation) C:Program FilesInternet Exploreriexplore.exe

==================== Registry (Whitelisted) ==================

HKLM...Run: [iAStorIcon] - C:Program FilesIntelIntel® Rapid Storage Technology

IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM...Run: [startCCC] - C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe

[336384 2011-07-28] (Advanced Micro Devices, Inc.)
HKLM...Run: [GrooveMonitor] - C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe

[31072 2008-10-25] (Microsoft Corporation)
HKLM...Run: [AdobeAAMUpdater-1.0] - C:Program FilesCommon FilesAdobeOOBEPDAppUWA

updaterstartuputility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM...Run: [switchBoard] - C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe

[517096 2010-02-19] (Adobe Systems Incorporated)
HKLM...Run: [AdobeCS5.5ServiceManager] - C:Program FilesCommon FilesAdobe

CS5.5ServiceManagerCS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM...Run: [WinampAgent] - C:Program FilesWinampwinampa.exe [85600 2013-11-26] (Nullsoft,

Inc.)
HKLM...Run: [QuickTime Task] - C:Program FilesQuickTimeQTTask.exe [417792 2009-11-10] (Apple

Inc.)
HKLM...Run: [lancl] - C:Program FilesLanCLlanclP.exe [761344 2005-10-13] ()
HKLM...Run: [bigDog303] - C:WindowsVM303_STI.EXE [61440 2006-01-24] (Vimicro)
HKLM...Run: [Adobe ARM] - C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [958576 2013

-04-04] (Adobe Systems Incorporated)
HKLM...Run: [CanonSolutionMenu] - C:Program FilesCanonSolutionMenuCNSLMAIN.EXE [689488 2008

-03-10] (CANON INC.)
HKLM...Run: [CanonMyPrinter] - C:Program FilesCanonMyPrinterBJMYPRT.EXE [1848648 2008-03-17]

(CANON INC.)
HKLM...Run: [APSDaemon] - C:Program FilesCommon FilesAppleApple Application Support

APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM...Run: [sunJavaUpdateSched] - C:Program FilesCommon FilesJavaJava Updatejusched.exe

[254336 2013-07-02] (Oracle Corporation)
HKCU...Run: [DAEMON Tools Lite] - C:Program FilesDAEMON Tools LiteDTLite.exe [4910912 2011-

08-02] (DT Soft Ltd)
MountPoints2: I - I:Autoplay.exe -auto
MountPoints2: {ed5f8175-db88-11e0-9799-0024e843dbe5} - I:Autoplay.exe -auto
MountPoints2: {fc68541f-15cd-11e1-ab9c-0024e843dbe5} - H:setup.exe

==================== Internet (Whitelisted) ====================

HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://www.msn.com/?

ocid=iehp

HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = bg-BG
HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.bg/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?

orig=ds&q={searchTerms

}
BHO: MHTBPos00 Class - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:Program FilesCelebrity

Toolbartbcore3.dll No File
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:Program FilesMcAfee Security

Scan3.8.130McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program Files

Microsoft OfficeOffice12GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJava

jre7binssv.dll (Oracle Corporation)
BHO: CMySite Class - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:Program FilesCelebrity Toolbar

mhxpcomi.dll No File
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files

Javajre7binjp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:

Program FilesAdblock Plus for IEAdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:Program

FilesVideoDownloadConverter_4zbar1.bin4zbar.dll No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft

OfficeOffice12GrooveSystemServices.dll (Microsoft Corporation)
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:Program FilesCelebrity Toolbar

mhxpcomi.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program FilesSkype

ToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program FilesCommon FilesSkype

Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:Program FilesBonjourmdnsNSP.dll [121704] (Apple Inc.)
Tcpip..Interfaces{27C40857-6252-4703-8ED9-397E4094732C}: [NameServer]

8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,

156.154.71.1

FireFox:
========
FF ProfilePath: C:UsersBOBIDAppDataRoamingMozillaFirefoxProfiles96xkwtb9.default-

1385334207447
FF Homepage: hxxp://www.google.bg/
FF Plugin: @adobe.com/FlashPlayer - C:Windowssystem32MacromedFlashNPSWF32_11_9_900_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:Windowssystem32AdobeDirectornp32dsw_1167637.dll

(Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:Program FilesGoogleGoogle Earthplugin

npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:Program FilesJavajre7bindtplugin

npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:Program FilesJavajre7binplugin2npjp2.dll

(Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:Program FilesMcAfee Security Scan

3.8.130npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:Program FilesMicrosoft Silverlight

4.0.60531.0npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:Program FilesGoogleUpdate

1.3.21.165npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:Program FilesGoogleUpdate

1.3.21.165npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @VideoDownloadConverter_4z.com/Plugin - C:Program FilesVideoDownloadConverter_4zbar

1.binNP4zStub.dll No File
FF Plugin: Adobe Reader - C:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems

Inc.)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 - C:Program FilesOnLive

Pluginnpolgdet.dll No File
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:UsersBOBIDAppDataLocalMicrosoft

Internet ExplorerDownloaded Program Filesnpsoe.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:UsersBOBIDAppDataLocalLowUnity

WebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:Program Filesmozilla firefoxsearchpluginsMyHeritage.xml
FF SearchPlugin: C:Program Filesmozilla firefoxbrowsersearchplugins911bg.xml
FF SearchPlugin: C:Program Filesmozilla firefoxbrowsersearchpluginsdiribg.xml
FF SearchPlugin: C:Program Filesmozilla firefoxbrowsersearchpluginspe-bg.xml
FF SearchPlugin: C:Program Filesmozilla firefoxbrowsersearchpluginsportalbgdict.xml
FF Extension: Adblock Plus - C:UsersBOBIDAppDataRoamingMozillaFirefoxProfiles

96xkwtb9.default-1385334207447Extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:Program FilesMozilla Firefoxextensions{82AF8DCA-6DE9-

405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:Program FilesMozilla Firefoxbrowserextensions

{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

========================== Services (Whitelisted) =================

R2 IJPLMSVC; C:Program FilesCanonIJPLMIJPLMSVC.EXE [103808 2008-01-22] ()
R2 Intel® PROSet Monitoring Service; C:Windowssystem32IProsetMonitor.exe [112800 2011-06-29]

(Intel Corporation)
R2 MBAMScheduler; C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe [418376 2013-04-

04] (Malwarebytes Corporation)
R2 MBAMService; C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe [701512 2013-04-04]

(Malwarebytes Corporation)
S3 McComponentHostService; C:Program FilesMcAfee Security Scan3.8.130McCHSvc.exe [235216 2013

-09-06] (McAfee, Inc.)
R2 MsMpSvc; C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe [11736 2011-04-27]

(Microsoft Corporation)
R3 NisSrv; C:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe [208944 2011-04-27]

(Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 cpudrv; C:Program FilesSystemRequirementsLabcpudrv.sys [11336 2009-12-18] ()
R1 dtsoftbus01; C:WindowsSystem32DRIVERSdtsoftbus01.sys [232512 2011-11-23] (DT Soft Ltd)
R3 e1express; C:WindowsSystem32DRIVERSe1e6232.sys [219352 2009-06-05] (Intel Corporation)
S3 EverestDriver; C:Program FilesLavalysEVEREST Corporate Editionkerneld.wnt [27760 2010-03-

30] ()
R0 gfibto; C:WindowsSystem32driversgfibto.sys [13560 2013-11-24] (GFI Software)
R3 MBAMProtector; C:Windowssystem32driversmbam.sys [22856 2013-04-04] (Malwarebytes

Corporation)
S3 MotioninJoyXFilter; C:WindowsSystem32DRIVERSMijXfilt.sys [99400 2012-05-12] (MotioninJoy)
R1 MpFilter; C:WindowsSystem32DRIVERSMpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
S3 MpNWMon; C:WindowsSystem32DRIVERSMpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
S3 NAL; C:Windowssystem32Driversiqvw32.sys [30368 2011-06-28] (Intel Corporation )
S3 SCREAMINGBDRIVER; C:WindowsSystem32driversScreamingBAudio.sys [34384 2009-12-01] (Screaming

Bee LLC)
R3 vpcbus; C:WindowsSystem32DRIVERSvpchbus.sys [165376 2009-11-22] (Microsoft Corporation)
R1 vpcnfltr; C:WindowsSystem32DRIVERSvpcnfltr.sys [55040 2009-11-22] (Microsoft Corporation)
R3 vpcusb; C:WindowsSystem32DRIVERSvpcusb.sys [78336 2009-11-22] (Microsoft Corporation)
R1 vpcvmm; C:WindowsSystem32driversvpcvmm.sys [293904 2009-11-22] (Microsoft Corporation)
R3 ZSMC303; C:WindowsSystem32DriversusbVM303.sys [391300 2006-02-23] (Vimicro Corporation)

========================== Drivers MD5 =======================

C:WindowsSystem32DRIVERS1394ohci.sys DC43C521A067CA9C6644C9ADA3D7E824
C:WindowsSystem32DRIVERSACPI.sys 741EEE3B1E855D04256A0CB3F95511D7
C:Windowssystem32DRIVERSacpipmi.sys ==> MD5 is legit
C:Windowssystem32DRIVERSadp94xx.sys ==> MD5 is legit
C:Windowssystem32DRIVERSadpahci.sys ==> MD5 is legit
C:Windowssystem32DRIVERSadpu320.sys ==> MD5 is legit
C:Windowssystem32driversafd.sys ==> MD5 is legit
C:Windowssystem32DRIVERSagp440.sys ==> MD5 is legit
C:Windowssystem32DRIVERSdjsvs.sys ==> MD5 is legit
C:Windowssystem32DRIVERSaliide.sys ==> MD5 is legit
C:Windowssystem32DRIVERSamdagp.sys ==> MD5 is legit
C:Windowssystem32DRIVERSamdide.sys ==> MD5 is legit
C:Windowssystem32DRIVERSamdk8.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSatikmdag.sys 68D791D78454684340433E52059EB45E
C:WindowsSystem32DRIVERSatikmpag.sys 96CD7053A516C30E61A05DF9757DA7DE
C:Windowssystem32DRIVERSamdppm.sys ==> MD5 is legit
C:Windowssystem32driversamdsata.sys ==> MD5 is legit
C:Windowssystem32DRIVERSamdsbs.sys ==> MD5 is legit
C:WindowsSystem32driversamdxata.sys ==> MD5 is legit
C:Windowssystem32driversappid.sys ==> MD5 is legit
C:Windowssystem32DRIVERSarc.sys ==> MD5 is legit
C:Windowssystem32DRIVERSarcsas.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSasyncmac.sys ==> MD5 is legit
C:Windowssystem32DRIVERSatapi.sys ==> MD5 is legit
C:WindowsSystem32driversAtihdW73.sys 84FAF3D287D56D210F84DB7C1349D43B
C:Windowssystem32DRIVERSbxvbdx.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSb57nd60x.sys ==> MD5 is legit
C:WindowsSystem32DriversBeep.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSblbdrive.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSbowser.sys ==> MD5 is legit
C:Windowssystem32DRIVERSBrFiltLo.sys ==> MD5 is legit
C:Windowssystem32DRIVERSBrFiltUp.sys ==> MD5 is legit
C:WindowsSystem32DriversBrserid.sys ==> MD5 is legit
C:WindowsSystem32DriversBrSerWdm.sys ==> MD5 is legit
C:WindowsSystem32DriversBrUsbMdm.sys ==> MD5 is legit
C:WindowsSystem32DriversBrUsbSer.sys ==> MD5 is legit
C:Windowssystem32DRIVERSbthmodem.sys ==> MD5 is legit
C:WindowsSystem32DRIVERScdfs.sys ==> MD5 is legit
C:WindowsSystem32DRIVERScdrom.sys 00CE90A2121B35BE27425894BAEA268E
C:Windowssystem32DRIVERScirclass.sys ==> MD5 is legit
C:WindowsSystem32CLFS.sys ==> MD5 is legit
C:Windowssystem32DRIVERSCmBatt.sys ==> MD5 is legit
C:Windowssystem32DRIVERScmdide.sys ==> MD5 is legit
C:WindowsSystem32Driverscng.sys ==> MD5 is legit
C:Windowssystem32DRIVERScompbatt.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSCompositeBus.sys ==> MD5 is legit
C:Program FilesSystemRequirementsLabcpudrv.sys D01F685F8B4598D144B0CCE9FF95D8D5
C:Windowssystem32DRIVERScrcdisk.sys ==> MD5 is legit
C:WindowsSystem32driverscsc.sys ==> MD5 is legit
C:WindowsSystem32Driversdfsc.sys ==> MD5 is legit
C:WindowsSystem32driversdiscache.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSdisk.sys ==> MD5 is legit
C:WindowsSystem32driversdrmkaud.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSdtsoftbus01.sys C0C7CECCB6C85994C2BC92D58E52D3F2
C:WindowsSystem32driversdxgkrnl.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSe1e6232.sys 0535BFBEDB9378DDD15BDF9957D57D71
C:Windowssystem32DRIVERSevbdx.sys ==> MD5 is legit
C:Windowssystem32DRIVERSelxstor.sys ==> MD5 is legit
C:Windowssystem32DRIVERSerrdev.sys ==> MD5 is legit
C:Program FilesLavalysEVEREST Corporate Editionkerneld.wnt 898AD7D508F6ADE242D94752E09F4152
C:WindowsSystem32Driversexfat.sys ==> MD5 is legit
C:WindowsSystem32Driversfastfat.sys ==> MD5 is legit
C:Windowssystem32DRIVERSfdc.sys ==> MD5 is legit
C:WindowsSystem32driversfileinfo.sys ==> MD5 is legit
C:WindowsSystem32driversfiletrace.sys ==> MD5 is legit
C:Windowssystem32DRIVERSflpydisk.sys ==> MD5 is legitB
C:WindowsSystem32driversfltmgr.sys ==> MD5 is legit
C:WindowsSystem32driversFsDepends.sys ==> MD5 is legit
C:WindowsSystem32DriversFs_Rec.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSfvevol.sys ==> MD5 is legit
C:Windowssystem32DRIVERSgagp30kx.sys ==> MD5 is legit
C:WindowsSystem32driversgfibto.sys 483924F92E55A5F9423201EC635E2CED
C:Windowssystem32drivershcw85cir.sys ==> MD5 is legit
C:WindowsSystem32driversHdAudio.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSHDAudBus.sys ==> MD5 is legit
C:Windowssystem32DRIVERSHidBatt.sys ==> MD5 is legit
C:Windowssystem32DRIVERShidbth.sys ==> MD5 is legit
C:Windowssystem32DRIVERShidir.sys ==> MD5 is legit
C:WindowsSystem32DRIVERShidusb.sys ==> MD5 is legit
C:Windowssystem32DRIVERSHpSAMD.sys ==> MD5 is legit
C:WindowsSystem32driversHTTP.sys ==> MD5 is legit
C:WindowsSystem32drivershwpolicy.sys ==> MD5 is legit
C:Windowssystem32DRIVERSi8042prt.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSiaStor.sys DB81F413FA4E3F328CAD7B5D59EF3F21
C:WindowsSystem32driversiaStorV.sys ==> MD5 is legit
C:Windowssystem32DRIVERSiirsp.sys ==> MD5 is legit
C:Windowssystem32DRIVERSintelide.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSintelppm.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSipfltdrv.sys ==> MD5 is legit
C:Windowssystem32DRIVERSIPMIDrv.sys ==> MD5 is legit
C:WindowsSystem32driversipnat.sys ==> MD5 is legit
C:WindowsSystem32driversirenum.sys ==> MD5 is legit
C:Windowssystem32DRIVERSisapnp.sys ==> MD5 is legit
C:Windowssystem32DRIVERSmsiscsi.sys D7084BACAF91E339BFCB5C777628EB57
C:WindowsSystem32DRIVERSkbdclass.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSkbdhid.sys ==> MD5 is legit
C:WindowsSystem32Driversksecdd.sys ==> MD5 is legit
C:WindowsSystem32Driversksecpkg.sys EBCC522BF6EE19DDDFA00057E1D52039
C:WindowsSystem32DRIVERSlltdio.sys ==> MD5 is legit
C:Windowssystem32DRIVERSlsi_fc.sys ==> MD5 is legit
C:Windowssystem32DRIVERSlsi_sas.sys ==> MD5 is legit
C:Windowssystem32DRIVERSlsi_sas2.sys ==> MD5 is legit
C:Windowssystem32DRIVERSlsi_scsi.sys ==> MD5 is legit
C:Windowssystem32driversluafv.sys ==> MD5 is legit
C:Windowssystem32driversmbam.sys 4470E3C1E0C3378E4CAB137893C12C3A
C:Windowssystem32DRIVERSmegasas.sys ==> MD5 is legit
C:Windowssystem32DRIVERSMegaSR.sys ==> MD5 is legit
C:WindowsSystem32driversmodem.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSmonitor.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSMijXfilt.sys A77205D70D14D153342D357DE5A4E770
C:WindowsSystem32DRIVERSmouclass.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSmouhid.sys ==> MD5 is legit
C:WindowsSystem32driversmountmgr.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSMpFilter.sys FEE0BADED54222E9F1DAE9541212AAB1
C:Windowssystem32DRIVERSmpio.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSMpNWMon.sys 2C3489660D4A8D514C123C3F0D67DF46
C:WindowsSystem32driversmpsdrv.sys ==> MD5 is legit
C:Windowssystem32driversmrxdav.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSmrxsmb.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSmrxsmb10.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSmrxsmb20.sys ==> MD5 is legit
C:Windowssystem32DRIVERSmsahci.sys CB5D37E91135B0F15CEE64D1F1BA5DE5
C:Windowssystem32DRIVERSmsdsm.sys ==> MD5 is legit
C:WindowsSystem32DriversMsfs.sys ==> MD5 is legit
C:WindowsSystem32driversmshidkmdf.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSmsisadrv.sys ==> MD5 is legit
C:WindowsSystem32driversMSKSSRV.sys ==> MD5 is legit
C:WindowsSystem32driversMSPCLOCK.sys ==> MD5 is legit
C:WindowsSystem32driversMSPQM.sys ==> MD5 is legit
C:WindowsSystem32DriversMsRPC.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSmssmbios.sys ==> MD5 is legit
C:WindowsSystem32driversMSTEE.sys ==> MD5 is legit
C:Windowssystem32DRIVERSMTConfig.sys ==> MD5 is legit
C:WindowsSystem32Driversmup.sys ==> MD5 is legit
C:Windowssystem32Driversiqvw32.sys 35B94FB62C96807183841CA4E0FB44D8
C:WindowsSystem32DRIVERSnwifi.sys ==> MD5 is legit
C:WindowsSystem32driversndis.sys 779E9149D3662ED6BEB58A67E3C775F4
C:WindowsSystem32DRIVERSndiscap.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSndistapi.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSndisuio.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSndiswan.sys ==> MD5 is legit
C:WindowsSystem32DriversNDProxy.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSnetbios.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSnetbt.sys ==> MD5 is legit
C:Windowssystem32DRIVERSnfrd960.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSNisDrvWFP.sys 7B01C6172CFD0B10116175E09200D4B4
C:WindowsSystem32DriversNpfs.sys ==> MD5 is legit
C:WindowsSystem32driversnsiproxy.sys ==> MD5 is legit
C:WindowsSystem32DriversNtfs.sys A7266D82DB9675AFBDED39695B69EDAC
C:WindowsSystem32DriversNull.sys ==> MD5 is legit
C:Windowssystem32driversnvraid.sys ==> MD5 is legit
C:Windowssystem32driversnvstor.sys ==> MD5 is legit
C:Windowssystem32DRIVERSnv_agp.sys ==> MD5 is legit
C:Windowssystem32DRIVERSohci1394.sys ==> MD5 is legit
C:Windowssystem32DRIVERSparport.sys ==> MD5 is legit
C:WindowsSystem32driverspartmgr.sys ==> MD5 is legit
C:Windowssystem32DRIVERSparvdm.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSpci.sys 80A4748A0304715C29093311795AC448
C:Windowssystem32DRIVERSpciide.sys ==> MD5 is legit
C:Windowssystem32DRIVERSpcmcia.sys ==> MD5 is legit
C:WindowsSystem32driverspcw.sys ==> MD5 is legit
C:WindowsSystem32driverspeauth.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSraspptp.sys ==> MD5 is legit
C:Windowssystem32DRIVERSprocessr.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSpacer.sys ==> MD5 is legit
C:WindowsSystem32DriversPxHelp20.sys E42E3433DBB4CFFE8FDD91EAB29AEA8E
C:Windowssystem32DRIVERSql2300.sys ==> MD5 is legit
C:Windowssystem32DRIVERSql40xx.sys ==> MD5 is legit
C:Windowssystem32driversqwavedrv.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSrasacd.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSAgileVpn.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSrasl2tp.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSraspppoe.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSrassstp.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSrdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6
C:WindowsSystem32DRIVERSrdpbus.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSRDPCDD.sys 1E016846895B15A99F9A176A05029075
C:WindowsSystem32driversrdpdr.sys C5FF95883FFEF704D50C40D21CFB3AB5
C:WindowsSystem32driversrdpencdd.sys ==> MD5 is legit
C:WindowsSystem32driversrdprefmp.sys ==> MD5 is legit
C:WindowsSystem32DriversRDPWD.sys 2AC60BD1EE821C8892D46271D6474D07
C:WindowsSystem32driversrdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7
C:WindowsSystem32DRIVERSrspndr.sys ==> MD5 is legit
C:Windowssystem32DRIVERSvms3cap.sys 5423D8437051E89DD34749F242C98648
C:Windowssystem32DRIVERSsbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5
C:WindowsSystem32DRIVERSscfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51
C:WindowsSystem32driversScreamingBAudio.sys A643D6DF1B7546256B11FB5D6B5D1375
C:WindowsSystem32Driverssecdrv.sys ==> MD5 is legit
C:Windowssystem32DRIVERSserenum.sys ==> MD5 is legit
C:Windowssystem32DRIVERSserial.sys ==> MD5 is legit
C:Windowssystem32DRIVERSsermouse.sys ==> MD5 is legit
C:Windowssystem32DRIVERSsffdisk.sys ==> MD5 is legit
C:Windowssystem32DRIVERSsffp_mmc.sys ==> MD5 is legit
C:Windowssystem32DRIVERSsffp_sd.sys A0708BBD07D245C06FF9DE549CA47185
C:Windowssystem32DRIVERSsfloppy.sys ==> MD5 is legit
C:Windowssystem32DRIVERSsisagp.sys ==> MD5 is legit
C:Windowssystem32DRIVERSSiSRaid2.sys ==> MD5 is legit
C:Windowssystem32DRIVERSsisraid4.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSsmb.sys ==> MD5 is legit
C:WindowsSystem32Driversspldr.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSsrv.sys C4A027B8C0BD3FC0699F41FA5E9E0C87
C:WindowsSystem32DRIVERSsrv2.sys 414BB592CAD8A79649D01F9D94318FB3
C:WindowsSystem32DRIVERSsrvnet.sys FF207D67700AA18242AAF985D3E7D8F4
C:Windowssystem32DRIVERSstexstor.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSvmstorfl.sys 957E346CA948668F2496A6CCF6FF82CC
C:Windowssystem32DRIVERSstorvsc.sys D5751969DC3E4B88BF482AC8EC9FE019
C:WindowsSystem32DRIVERSswenum.sys ==> MD5 is legit
C:WindowsSystem32driverstcpip.sys 93C444D118B184452132357C322124CD
C:WindowsSystem32DRIVERStcpip.sys 93C444D118B184452132357C322124CD
C:WindowsSystem32driverstcpipreg.sys E64444523ADD154F86567C469BC0B17F
C:WindowsSystem32driverstdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF
C:WindowsSystem32driverstdtcp.sys 7551E91EA999EE9A8E9C331D5A9C31F3
C:WindowsSystem32DRIVERStdx.sys CB39E896A2A83702D1737BFD402B3542
C:WindowsSystem32DRIVERStermdd.sys C36F41EE20E6999DBF4B0425963268A5
C:WindowsSystem32DRIVERStssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242
C:WindowsSystem32DRIVERStunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00
C:Windowssystem32DRIVERSuagp35.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSudfs.sys 2EFEE45A340E1590E37C2F2BAC16D051
C:Windowssystem32DRIVERSuliagpkx.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSumbus.sys 71BBF3E8078D585ABF27411A8986EB95
C:Windowssystem32DRIVERSumpass.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSusbccgp.sys 5C233AEFB566EE78C1EFBC0493FB066A
C:Windowssystem32DRIVERSusbcir.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSusbehci.sys 5B71019A6ACA0116FD21B368F19C0B91
C:WindowsSystem32DRIVERSusbhub.sys 5823D3965C2A4F6F785ED1A3B403F3B8
C:Windowssystem32driversusbohci.sys E753ED6C49DA13967EBABF9EA616454A
C:WindowsSystem32DRIVERSusbprint.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSusbscan.sys 576096CCBC07E7C4EA4F5E6686D6888F
C:WindowsSystem32DRIVERSUSBSTOR.SYS 1C4287739A93594E57E2A9E6A3ED7353
C:WindowsSystem32DRIVERSusbuhci.sys 6A30928A469CE802600E1EA8C0F2F53F
C:WindowsSystem32DRIVERSvdrvroot.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSvgapnp.sys ==> MD5 is legit
C:WindowsSystem32driversvga.sys ==> MD5 is legit
C:Windowssystem32DRIVERSvhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583
C:Windowssystem32DRIVERSviaagp.sys ==> MD5 is legit
C:Windowssystem32DRIVERSviac7.sys ==> MD5 is legit
C:Windowssystem32DRIVERSviaide.sys ==> MD5 is legit
C:Windowssystem32DRIVERSvmbus.sys 379B349F65F453D2A6E75EA6B7448E49
C:Windowssystem32DRIVERSVMBusHID.sys EC2BBAB4B84D0738C6C83D2234DC36FE
C:WindowsSystem32DRIVERSvolmgr.sys 384E5A2AA49934295171E499F86BA6F3
C:WindowsSystem32driversvolmgrx.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSvolsnap.sys 70F41D1EBDD9EE6ED2FD0FC05AA1FC13
C:WindowsSystem32DRIVERSvpchbus.sys 63EF70B7BFB875436D5983E3C77F0681
C:WindowsSystem32DRIVERSvpcnfltr.sys 2559494DC74877AFCE97C6F75E4B7020
C:WindowsSystem32DRIVERSvpcusb.sys AC0ADAD2AD5A166100CF59FB9A7880B7
C:WindowsSystem32driversvpcvmm.sys 7A806CC4416FE9B1B9C091E31BC638BC
C:Windowssystem32DRIVERSvsmraid.sys ==> MD5 is legit
C:WindowsSystem32driversvwifibus.sys ==> MD5 is legit
C:Windowssystem32DRIVERSwacompen.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSwanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:WindowsSystem32DRIVERSwanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:Windowssystem32DRIVERSwd.sys ==> MD5 is legit
C:WindowsSystem32driversWdf01000.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSwfplwf.sys ==> MD5 is legit
C:WindowsSystem32driverswimmount.sys ==> MD5 is legit
C:WindowsSystem32DRIVERSWinUsb.sys B5BA3CC19D00F2EBA92F1CFBEBB5D650
C:Windowssystem32DRIVERSwmiacpi.sys ==> MD5 is legit
C:Windowssystem32driversws2ifsl.sys ==> MD5 is legit
C:WindowsSystem32driversWudfPf.sys 6F9B6C0C93232CFF47D0F72D6DB1D21E
C:WindowsSystem32DRIVERSWUDFRd.sys F91FF1E51FCA30B3C3981DB7D5924252
C:WindowsSystem32DRIVERSxusb21.sys EE9144207EE0211EB5656BA6808AC4A0
C:WindowsSystem32DriversusbVM303.sys B53430A93FEF17B08AC3A9F245B9720F

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-29 14:37 - 2013-11-29 14:37 - 00029308 _____ C:UsersBOBIDDesktopFRST.txt
2013-11-29 14:35 - 2013-11-29 14:35 - 01092049 _____ (Farbar) C:UsersBOBIDDesktopFRST.exe
2013-11-29 14:35 - 2013-11-29 14:35 - 00000000 ____D C:FRST
2013-11-29 11:37 - 2013-11-29 11:37 - 00001071 _____ C:UsersPublicDesktopMalwarebytes Anti-

Malware.lnk
2013-11-29 11:36 - 2013-11-29 11:37 - 00000000 ____D C:Program FilesMalwarebytes' Anti-Malware
2013-11-29 11:36 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:Windows

system32Driversmbam.sys
2013-11-29 11:34 - 2013-11-29 11:35 - 10284816 _____ (Malwarebytes Corporation

) C:UsersBOBIDDownloadsmbam-setup.exe
2013-11-29 02:27 - 2013-11-29 02:31 - 00000000 ____D C:Program FilesAdvanced Fix 2013
2013-11-29 02:23 - 2013-11-29 02:23 - 06658960 _____ (Advanced Fix, Inc.

) C:UsersBOBIDDownloadsAdvancedFix_Setup.exe
2013-11-29 02:18 - 2013-11-29 02:18 - 00144560 _____ C:WindowsMinidump112913-16489-01.dmp
2013-11-29 00:02 - 2013-11-29 00:02 - 00144560 _____ C:WindowsMinidump112913-16582-01.dmp
2013-11-28 20:23 - 2013-11-28 20:23 - 17443464 _____ (Nullsoft, Inc.) C:UsersBOBIDDownloads

winamp5666_full_all.exe
2013-11-28 19:13 - 2013-11-28 19:13 - 00023512 _____ C:UsersBOBIDDesktopattach.txt
2013-11-28 19:01 - 2013-11-28 19:12 - 00014608 _____ C:UsersBOBIDDesktopdds.txt
2013-11-28 19:00 - 2013-11-28 19:00 - 00492146 ____R (Swearware) C:UsersBOBIDDownloadsdds.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00144560 _____ C:WindowsMinidump112813-13634-01.dmp
2013-11-27 15:01 - 2013-11-27 15:01 - 00002096 _____ C:UsersPublicDesktopAngry Birds Star

Wars.lnk
2013-11-26 14:02 - 2013-11-26 14:02 - 00144560 _____ C:WindowsMinidump112613-14898-01.dmp
2013-11-26 12:43 - 2013-11-26 12:43 - 00144560 _____ C:WindowsMinidump112613-14071-01.dmp
2013-11-26 02:18 - 2013-11-28 02:11 - 00000000 ____D C:UsersBOBIDAppDataLocalCrashDumps
2013-11-26 01:56 - 2013-11-29 02:32 - 00000000 ____D C:Program FilesWhoCrashed
2013-11-26 01:56 - 2013-11-26 01:56 - 02657280 _____ (Resplendence Software Projects Sp.

) C:UsersBOBIDDownloadswhocrashedSetup.exe
2013-11-26 01:56 - 2013-11-26 01:56 - 00000993 _____ C:UsersBOBIDDesktopWhoCrashed.lnk
2013-11-26 01:42 - 2013-11-26 01:42 - 00144560 _____ C:WindowsMinidump112613-13322-01.dmp
2013-11-25 14:30 - 2013-11-29 02:18 - 00000000 ____D C:WindowsMinidump
2013-11-25 14:30 - 2013-11-25 14:30 - 00144560 _____ C:WindowsMinidump112513-20514-01.dmp
2013-11-25 14:29 - 2013-11-29 02:18 - 1658077910 _____ C:WindowsMEMORY.DMP
2013-11-25 02:58 - 2013-11-25 02:58 - 00001417 _____ C:UsersBOBIDAppDataRoamingMicrosoft

WindowsStart MenuProgramsInternet Explorer.lnk
2013-11-25 02:51 - 2013-11-25 02:51 - 18674480 _____ (Microsoft Corporation) C:UsersBOBID

DownloadsIE9-Windows7-x86-bgr.exe
2013-11-25 02:07 - 2013-11-25 02:07 - 00000000 ____D C:Program FilesEnigma Software Group
2013-11-25 02:06 - 2013-11-25 02:43 - 00000000 ____D C:Windows

220FB0354744483A9A0B41DF77061583.TMP
2013-11-24 22:50 - 2013-11-24 22:51 - 00002766 _____ C:WindowsIE11_main.log
2013-11-24 22:43 - 2013-11-25 02:52 - 00004264 _____ C:WindowsIE9_main.log
2013-11-24 22:41 - 2013-11-24 22:41 - 00002976 _____ C:WindowsIE10_main.log
2013-11-24 22:29 - 2013-11-24 22:29 - 00000000 ____D C:ProgramDataHitmanPro
2013-11-24 22:25 - 2013-11-25 03:08 - 00000000 ____D C:Program FilesAdblock Plus for IE
2013-11-24 22:25 - 2013-11-24 22:25 - 04741136 _____ () C:UsersBOBIDDownloadsadblockplusie-

1.1.exe
2013-11-24 22:25 - 2013-11-24 22:25 - 00000000 ____D C:ProgramDataPackage Cache
2013-11-24 22:13 - 2013-11-29 14:28 - 00106952 _____ C:WindowsPFRO.log
2013-11-24 22:13 - 2013-11-29 14:28 - 00002128 _____ C:Windowssetupact.log
2013-11-24 22:13 - 2013-11-24 22:13 - 00000000 _____ C:Windowssetuperr.log
2013-11-24 22:12 - 2013-11-28 16:57 - 00000000 ____D C:AdwCleaner
2013-11-24 22:11 - 2013-11-24 22:11 - 01091882 _____ C:UsersBOBIDDownloadsadwcleaner.exe
2013-11-24 21:17 - 2013-11-24 21:17 - 00000000 ____D C:ProgramDataArovax
2013-11-24 21:15 - 2013-11-24 21:15 - 03599329 _____ (Arovax Software) C:UsersBOBIDDownloads

Arovax AntiSpyware 2.1.153 (kaldata.com).exe
2013-11-24 21:07 - 2013-11-24 21:07 - 00000000 ____D C:UsersBOBIDAppDataRoamingSecureSearch
2013-11-24 21:06 - 2013-11-25 00:04 - 00000000 ____D C:Program FilesLavasoft
2013-11-24 21:05 - 2013-11-24 21:05 - 00044424 _____ (GFI Software) C:Windowssystem32sbbd.exe
2013-11-24 21:05 - 2013-11-24 21:05 - 00013560 _____ (GFI Software) C:Windowssystem32Drivers

gfibto.sys
2013-11-24 21:05 - 2013-11-24 21:05 - 00000000 ____D C:UsersBOBIDAppDataRoaming

LavasoftStatistics
2013-11-24 21:05 - 2013-11-24 21:05 - 00000000 ____D C:UsersBOBIDAppDataRoamingAd-Aware

Antivirus
2013-11-24 21:05 - 2013-11-24 21:05 - 00000000 ____D C:ProgramDataLavasoft
2013-11-24 20:50 - 2013-11-24 20:50 - 00000000 ____D C:ProgramDataOracle
2013-11-24 20:49 - 2013-11-24 20:49 - 00094632 _____ (Oracle Corporation) C:Windows

system32WindowsAccessBridge.dll
2013-11-24 20:49 - 2013-11-24 20:49 - 00000000 ____D C:Program FilesCommon FilesJava
2013-11-24 20:49 - 2013-11-24 20:48 - 00264616 _____ (Oracle Corporation) C:Windows

system32javaws.exe
2013-11-24 20:49 - 2013-11-24 20:48 - 00175016 _____ (Oracle Corporation) C:Windows

system32javaw.exe
2013-11-24 20:49 - 2013-11-24 20:48 - 00174504 _____ (Oracle Corporation) C:Windows

system32java.exe
2013-11-24 17:56 - 2013-11-24 17:56 - 00177156 _____ C:Windowssystem32c_7265108.nls
2013-11-24 02:44 - 2013-11-24 02:44 - 00046876 _____ C:UsersBOBIDDownloads

La_Dolce_Vita__1960_.(subs.sab.bz).rar
2013-11-20 18:12 - 2013-11-20 19:56 - 00016162 _____ C:UsersBOBIDDownloadsММPI-71.xlsx
2013-11-17 23:34 - 2013-11-17 23:34 - 00683008 _____ C:UsersBOBIDDownloads

MicrosoftFixit50542.msi
2013-11-17 23:25 - 2013-11-29 13:43 - 00000830 _____ C:WindowsTasksAdobe Flash Player

Updater.job
2013-11-17 23:25 - 2013-11-18 12:33 - 00692616 _____ (Adobe Systems Incorporated) C:Windows

system32FlashPlayerApp.exe
2013-11-17 23:25 - 2013-11-18 12:33 - 00071048 _____ (Adobe Systems Incorporated) C:Windows

system32FlashPlayerCPLApp.cpl
2013-11-17 23:09 - 2013-11-17 23:09 - 10156344 _____ (Malwarebytes Corporation

) C:UsersBOBIDDownloadsmbam-setup-1.70.0.1100(1).exe
2013-11-16 19:26 - 2013-11-16 19:26 - 00002261 _____ C:UsersPublicDesktopAngry Birds Star Wars

II.lnk
2013-11-16 02:31 - 2013-11-24 23:46 - 00000000 ____D C:Program FilesMozilla Firefox
2013-11-13 23:04 - 2013-11-13 23:04 - 00000092 _____ C:UsersBOBIDDownloadschksum.dat

==================== One Month Modified Files and Folders =======

2013-11-29 14:37 - 2013-11-29 14:37 - 00029308 _____ C:UsersBOBIDDesktopFRST.txt
2013-11-29 14:35 - 2013-11-29 14:35 - 01092049 _____ (Farbar) C:UsersBOBIDDesktopFRST.exe
2013-11-29 14:35 - 2013-11-29 14:35 - 00000000 ____D C:FRST
2013-11-29 14:35 - 2009-07-14 06:34 - 00017168 ____H C:Windowssystem327B296FB0-376B-497e-B012-

9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-29 14:35 - 2009-07-14 06:34 - 00017168 ____H C:Windowssystem327B296FB0-376B-497e-B012-

9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-29 14:33 - 2011-09-09 13:29 - 00781522 _____ C:Windowssystem32PerfStringBackup.INI
2013-11-29 14:31 - 2011-09-09 13:24 - 01737747 _____ C:WindowsWindowsUpdate.log
2013-11-29 14:28 - 2013-11-24 22:13 - 00106952 _____ C:WindowsPFRO.log
2013-11-29 14:28 - 2013-11-24 22:13 - 00002128 _____ C:Windowssetupact.log
2013-11-29 14:28 - 2011-11-01 23:05 - 00000880 _____ C:WindowsTasks

GoogleUpdateTaskMachineCore.job
2013-11-29 14:28 - 2009-07-14 06:53 - 00000006 ____H C:WindowsTasksSA.DAT
2013-11-29 14:28 - 2009-07-14 06:52 - 00000000 ____D C:Windowsaddins
2013-11-29 13:50 - 2011-11-01 23:05 - 00000884 _____ C:WindowsTasks

GoogleUpdateTaskMachineUA.job
2013-11-29 13:43 - 2013-11-17 23:25 - 00000830 _____ C:WindowsTasksAdobe Flash Player

Updater.job
2013-11-29 11:37 - 2013-11-29 11:37 - 00001071 _____ C:UsersPublicDesktopMalwarebytes Anti-

Malware.lnk
2013-11-29 11:37 - 2013-11-29 11:36 - 00000000 ____D C:Program FilesMalwarebytes' Anti-Malware
2013-11-29 11:35 - 2013-11-29 11:34 - 10284816 _____ (Malwarebytes Corporation

) C:UsersBOBIDDownloadsmbam-setup.exe
2013-11-29 02:32 - 2013-11-26 01:56 - 00000000 ____D C:Program FilesWhoCrashed
2013-11-29 02:31 - 2013-11-29 02:27 - 00000000 ____D C:Program FilesAdvanced Fix 2013
2013-11-29 02:23 - 2013-11-29 02:23 - 06658960 _____ (Advanced Fix, Inc.

) C:UsersBOBIDDownloadsAdvancedFix_Setup.exe
2013-11-29 02:18 - 2013-11-29 02:18 - 00144560 _____ C:WindowsMinidump112913-16489-01.dmp
2013-11-29 02:18 - 2013-11-25 14:30 - 00000000 ____D C:WindowsMinidump
2013-11-29 02:18 - 2013-11-25 14:29 - 1658077910 _____ C:WindowsMEMORY.DMP
2013-11-29 02:17 - 2011-09-10 10:48 - 00000000 ____D C:UsersBOBIDAppDataRoaminguTorrent
2013-11-29 00:02 - 2013-11-29 00:02 - 00144560 _____ C:WindowsMinidump112913-16582-01.dmp
2013-11-28 20:47 - 2011-09-14 14:10 - 00000000 ____D C:UsersBOBIDAppDataLocalLast.fm
2013-11-28 20:24 - 2011-09-10 12:05 - 00000941 _____ C:UsersPublicDesktopWinamp.lnk
2013-11-28 20:24 - 2011-09-10 12:05 - 00000000 ____D C:Program FilesWinamp Detect
2013-11-28 20:24 - 2011-09-10 12:04 - 00000000 ____D C:Program FilesWinamp
2013-11-28 20:23 - 2013-11-28 20:23 - 17443464 _____ (Nullsoft, Inc.) C:UsersBOBIDDownloads

winamp5666_full_all.exe
2013-11-28 19:13 - 2013-11-28 19:13 - 00023512 _____ C:UsersBOBIDDesktopattach.txt
2013-11-28 19:12 - 2013-11-28 19:01 - 00014608 _____ C:UsersBOBIDDesktopdds.txt
2013-11-28 19:00 - 2013-11-28 19:00 - 00492146 ____R (Swearware) C:UsersBOBIDDownloadsdds.exe
2013-11-28 16:57 - 2013-11-24 22:12 - 00000000 ____D C:AdwCleaner
2013-11-28 15:46 - 2009-07-14 04:37 - 00000000 ____D C:Windowssystem32NDF
2013-11-28 02:11 - 2013-11-26 02:18 - 00000000 ____D C:UsersBOBIDAppDataLocalCrashDumps
2013-11-28 00:25 - 2013-11-28 00:25 - 00144560 _____ C:WindowsMinidump112813-13634-01.dmp
2013-11-27 15:01 - 2013-11-27 15:01 - 00002096 _____ C:UsersPublicDesktopAngry Birds Star

Wars.lnk
2013-11-27 15:01 - 2013-06-15 21:40 - 00000000 ____D C:UsersBOBIDAppDataRoamingRovio

Entertainment Ltd
2013-11-26 14:02 - 2013-11-26 14:02 - 00144560 _____ C:WindowsMinidump112613-14898-01.dmp
2013-11-26 12:43 - 2013-11-26 12:43 - 00144560 _____ C:WindowsMinidump112613-14071-01.dmp
2013-11-26 01:56 - 2013-11-26 01:56 - 02657280 _____ (Resplendence Software Projects Sp.

) C:UsersBOBIDDownloadswhocrashedSetup.exe
2013-11-26 01:56 - 2013-11-26 01:56 - 00000993 _____ C:UsersBOBIDDesktopWhoCrashed.lnk
2013-11-26 01:42 - 2013-11-26 01:42 - 00144560 _____ C:WindowsMinidump112613-13322-01.dmp
2013-11-25 19:20 - 2011-09-14 13:50 - 00084992 _____ C:UsersBOBIDAppDataLocalDCBC2A71-70D8-

4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-25 14:30 - 2013-11-25 14:30 - 00144560 _____ C:WindowsMinidump112513-20514-01.dmp
2013-11-25 03:08 - 2013-11-24 22:25 - 00000000 ____D C:Program FilesAdblock Plus for IE
2013-11-25 02:58 - 2013-11-25 02:58 - 00001417 _____ C:UsersBOBIDAppDataRoamingMicrosoft

WindowsStart MenuProgramsInternet Explorer.lnk
2013-11-25 02:52 - 2013-11-24 22:43 - 00004264 _____ C:WindowsIE9_main.log
2013-11-25 02:51 - 2013-11-25 02:51 - 18674480 _____ (Microsoft Corporation) C:UsersBOBID

DownloadsIE9-Windows7-x86-bgr.exe
2013-11-25 02:43 - 2013-11-25 02:06 - 00000000 ____D C:Windows

220FB0354744483A9A0B41DF77061583.TMP
2013-11-25 02:07 - 2013-11-25 02:07 - 00000000 ____D C:Program FilesEnigma Software Group
2013-11-25 02:06 - 2011-12-10 20:50 - 00000000 ____D C:Program FilesCommon FilesWise

Installation Wizard
2013-11-25 00:29 - 2011-09-10 12:11 - 00000000 ____D C:Program FilesSony
2013-11-25 00:04 - 2013-11-24 21:06 - 00000000 ____D C:Program FilesLavasoft
2013-11-24 23:48 - 2011-09-25 15:02 - 00000000 ____D C:UsersBOBIDAppDataRoamingSkype
2013-11-24 23:46 - 2013-11-16 02:31 - 00000000 ____D C:Program FilesMozilla Firefox
2013-11-24 23:46 - 2012-06-07 13:30 - 00000000 ____D C:Program FilesMozilla Maintenance Service
2013-11-24 23:41 - 2011-11-02 14:45 - 00001109 _____ C:UsersPublicDesktopMozilla Firefox.lnk
2013-11-24 23:04 - 2011-09-25 15:01 - 00000000 ____D C:UsersBOBIDAppDataLocalGoogle
2013-11-24 23:04 - 2011-09-25 15:01 - 00000000 ____D C:Program FilesGoogle
2013-11-24 22:51 - 2013-11-24 22:50 - 00002766 _____ C:WindowsIE11_main.log
2013-11-24 22:41 - 2013-11-24 22:41 - 00002976 _____ C:WindowsIE10_main.log
2013-11-24 22:36 - 2011-09-10 00:19 - 00000000 ____D C:WindowsPanther
2013-11-24 22:29 - 2013-11-24 22:29 - 00000000 ____D C:ProgramDataHitmanPro
2013-11-24 22:25 - 2013-11-24 22:25 - 04741136 _____ () C:UsersBOBIDDownloadsadblockplusie-

1.1.exe
2013-11-24 22:25 - 2013-11-24 22:25 - 00000000 ____D C:ProgramDataPackage Cache
2013-11-24 22:13 - 2013-11-24 22:13 - 00000000 _____ C:Windowssetuperr.log
2013-11-24 22:11 - 2013-11-24 22:11 - 01091882 _____ C:UsersBOBIDDownloadsadwcleaner.exe
2013-11-24 21:56 - 2013-10-27 15:06 - 00000000 ____D C:UsersBOBIDAppDataRoamingMicrosoft

WindowsStart MenuProgramsAnvisoft
2013-11-24 21:56 - 2013-10-27 15:06 - 00000000 ____D C:Program FilesAnvisoft
2013-11-24 21:17 - 2013-11-24 21:17 - 00000000 ____D C:ProgramDataArovax
2013-11-24 21:15 - 2013-11-24 21:15 - 03599329 _____ (Arovax Software) C:UsersBOBIDDownloads

Arovax AntiSpyware 2.1.153 (kaldata.com).exe
2013-11-24 21:07 - 2013-11-24 21:07 - 00000000 ____D C:UsersBOBIDAppDataRoamingSecureSearch
2013-11-24 21:05 - 2013-11-24 21:05 - 00044424 _____ (GFI Software) C:Windowssystem32sbbd.exe
2013-11-24 21:05 - 2013-11-24 21:05 - 00013560 _____ (GFI Software) C:Windowssystem32Drivers

gfibto.sys
2013-11-24 21:05 - 2013-11-24 21:05 - 00000000 ____D C:UsersBOBIDAppDataRoaming

LavasoftStatistics
2013-11-24 21:05 - 2013-11-24 21:05 - 00000000 ____D C:UsersBOBIDAppDataRoamingAd-Aware

Antivirus
2013-11-24 21:05 - 2013-11-24 21:05 - 00000000 ____D C:ProgramDataLavasoft
2013-11-24 20:50 - 2013-11-24 20:50 - 00000000 ____D C:ProgramDataOracle
2013-11-24 20:49 - 2013-11-24 20:49 - 00094632 _____ (Oracle Corporation) C:Windows

system32WindowsAccessBridge.dll
2013-11-24 20:49 - 2013-11-24 20:49 - 00000000 ____D C:Program FilesCommon FilesJava
2013-11-24 20:48 - 2013-11-24 20:49 - 00264616 _____ (Oracle Corporation) C:Windows

system32javaws.exe
2013-11-24 20:48 - 2013-11-24 20:49 - 00175016 _____ (Oracle Corporation) C:Windows

system32javaw.exe
2013-11-24 20:48 - 2013-11-24 20:49 - 00174504 _____ (Oracle Corporation) C:Windows

system32java.exe
2013-11-24 19:31 - 2009-07-14 04:37 - 00000000 ____D C:WindowsLiveKernelReports
2013-11-24 17:56 - 2013-11-24 17:56 - 00177156 _____ C:Windowssystem32c_7265108.nls
2013-11-24 02:44 - 2013-11-24 02:44 - 00046876 _____ C:UsersBOBIDDownloads

La_Dolce_Vita__1960_.(subs.sab.bz).rar
2013-11-20 19:56 - 2013-11-20 18:12 - 00016162 _____ C:UsersBOBIDDownloadsММPI-71.xlsx
2013-11-19 12:21 - 2011-09-09 14:05 - 00230048 ____N (Microsoft Corporation) C:Windows

system32MpSigStub.exe
2013-11-18 12:33 - 2013-11-17 23:25 - 00692616 _____ (Adobe Systems Incorporated) C:Windows

system32FlashPlayerApp.exe
2013-11-18 12:33 - 2013-11-17 23:25 - 00071048 _____ (Adobe Systems Incorporated) C:Windows

system32FlashPlayerCPLApp.cpl
2013-11-17 23:39 - 2009-07-14 06:53 - 00032618 _____ C:WindowsTasksSCHEDLGU.TXT
2013-11-17 23:34 - 2013-11-17 23:34 - 00683008 _____ C:UsersBOBIDDownloads

MicrosoftFixit50542.msi
2013-11-17 23:25 - 2011-09-10 11:50 - 00000000 ____D C:UsersBOBIDAppDataLocalAdobe
2013-11-17 23:21 - 2009-07-14 09:49 - 00000000 ____D C:WindowsShellNew
2013-11-17 23:09 - 2013-11-17 23:09 - 10156344 _____ (Malwarebytes Corporation

) C:UsersBOBIDDownloadsmbam-setup-1.70.0.1100(1).exe
2013-11-16 19:26 - 2013-11-16 19:26 - 00002261 _____ C:UsersPublicDesktopAngry Birds Star Wars

II.lnk
2013-11-15 15:46 - 2012-03-02 15:41 - 00002012 _____ C:UsersPublicDesktopMcAfee Security Scan

Plus.lnk
2013-11-15 15:46 - 2012-02-21 15:41 - 00000000 ____D C:Program FilesMcAfee Security Scan
2013-11-13 23:04 - 2013-11-13 23:04 - 00000092 _____ C:UsersBOBIDDownloadschksum.dat
2013-11-12 19:01 - 2011-09-10 11:48 - 00000000 ____D C:ProgramDataDAEMON Tools Lite
2013-11-12 14:18 - 2013-09-07 21:09 - 00005224 _____ C:UsersBOBIDDocumentsTombRaider.log
2013-11-02 02:38 - 2012-02-08 17:10 - 00000000 ____D C:ProgramDataCanonIJPLM

ZeroAccess:
C:$Recycle.BinS-1-5-21-2012342892-1899436567-3279090847-1000$8152676321ddc6fc04cf20bc0398834d

Files to move or delete:
====================
C:UsersBOBIDAppDataRoamingsettings.ini
C:UsersBOBIDAppDataRoamingi.ini

Some content of TEMP:
====================
C:UsersBOBIDAppDataLocalTemp39aaf95b-816e-4e78-bc5d-d00232bba1d3.exe
C:UsersBOBIDAppDataLocalTempavgnt.exe
C:UsersBOBIDAppDataLocalTempntdll_dump.dll
C:UsersBOBIDAppDataLocalTempose00000.exe
C:UsersBOBIDAppDataLocalTempQuarantine.exe
C:UsersBOBIDAppDataLocalTempSHSetup.exe
C:UsersBOBIDAppDataLocalTemp_is34C9.exe
C:UsersBOBIDAppDataLocalTemp_is58FB.exe
C:UsersBOBIDAppDataLocalTemp_isA6DC.exe
C:UsersBOBIDAppDataLocalTemp_isBDA7.exe
C:UsersBOBIDAppDataLocalTemp_isDC2F.exe

==================== Bamital & volsnap Check =================

C:Windowsexplorer.exe => MD5 is legit
C:WindowsSystem32winlogon.exe => MD5 is legit
C:WindowsSystem32wininit.exe => MD5 is legit
C:WindowsSystem32svchost.exe => MD5 is legit
C:WindowsSystem32services.exe => MD5 is legit
C:WindowsSystem32User32.dll
[2009-11-22 21:33] - [2009-11-22 21:33] - 0811520 ____A (Microsoft Corporation)

C7B21BEF09EC7249556BEE19F9D314CB

C:WindowsSystem32userinit.exe => MD5 is legit
C:WindowsSystem32Driversvolsnap.sys
[2009-11-22 22:02] - [2009-11-22 22:02] - 0245336 ____A (Microsoft Corporation)

70F41D1EBDD9EE6ED2FD0FC05AA1FC13

==================== BCD ================================

Windows Boot Manager
--------------------
identifier   {bootmgr}
device   partition=DeviceHarddiskVolume1
description Windows Boot Manager
locale   en-US
inherit {globalsettings}
default {current}
resumeobject   {bd470b8b-db31-11e0-bf1a-ce4d81e35234}
displayorder   {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier   {current}
device   partition=C:
path   Windowssystem32winload.exe
description Windows 7
locale   en-US
inherit {bootloadersettings}
recoverysequence   {bd470b8d-db31-11e0-bf1a-ce4d81e35234}
recoveryenabled Yes
osdevice   partition=C:
systemroot   Windows
resumeobject   {bd470b8b-db31-11e0-bf1a-ce4d81e35234}
nx   OptIn

Windows Boot Loader
-------------------
identifier   {bd470b8d-db31-11e0-bf1a-ce4d81e35234}
device   ramdisk=[C:]Recoverybd470b8d-db31-11e0-bf1a-ce4d81e35234Winre.wim,

{bd470b8e-db31-11e0-bf1a-ce4d81e35234}
path   windowssystem32winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice   ramdisk=[C:]Recoverybd470b8d-db31-11e0-bf1a-ce4d81e35234Winre.wim,

{bd470b8e-db31-11e0-bf1a-ce4d81e35234}
systemroot   windows
nx   OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier   {bd470b8b-db31-11e0-bf1a-ce4d81e35234}
device   partition=C:
path   Windowssystem32winresume.exe
description Windows Resume Application
locale   en-US
inherit {resumeloadersettings}
filedevice   partition=C:
filepath   hiberfil.sys
pae Yes
debugoptionenabled   No

Windows Memory Tester
---------------------
identifier   {memdiag}
device   partition=DeviceHarddiskVolume1
path   bootmemtest.exe
description Windows Memory Diagnostic
locale   en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier   {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier   {dbgsettings}
debugtype Serial
debugport 1
baudrate   115200

RAM Defects
-----------
identifier   {badmemory}

Global Settings
---------------
identifier   {globalsettings}
inherit {dbgsettings}
  {emssettings}
  {badmemory}

Boot Loader Settings
--------------------
identifier   {bootloadersettings}
inherit {globalsettings}
  {hypervisorsettings}

Hypervisor Settings
-------------------
identifier   {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate   115200

Resume Loader Settings
----------------------
identifier   {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier   {bd470b8e-db31-11e0-bf1a-ce4d81e35234}
description Ramdisk Options
ramdisksdidevice   partition=C:
ramdisksdipath   Recoverybd470b8d-db31-11e0-bf1a-ce4d81e35234boot.sdi

 

LastRegBack: 2013-11-25 17:19

==================== End Of Log ============================

Addition.txt


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..!
 
Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe =>
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.
 
 
 
Публикувано изображениеМоля, изтеглете и стартирайте програмата AdwCleaner(by Xplode):

  • [*]Затворете всички стартирани програми и браузъри [*]Кликнете два пъти върху
adwcleaner.exe за да стартирате инструмента. [*]Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени. [*]Маркирайте Clean [*]Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта. [*]Моля, да публикувате съдържанието на този лог в отговора си [*]Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

Публикувано изображение


Публикувано изображение Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • [*]Спрете временно работата на защитните програми. [*]Стартирайте инструмента
JRT.exe [*]Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата. [*]Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши. [*]Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt). [*]Моля копирайте съдържанието на лог файла в следващия си пост.

Публикувано изображение

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

# AdwCleaner v3.013 - Report created 01/12/2013 at 12:14:18

# Updated 24/11/2013 by Xplode

# Operating System : Windows 7 Ultimate  (32 bits)

# Username : BOBID - BOBID-PC

# Running from : C:UsersBOBIDDownloadsadwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:ProgramDataSpeedyPC Software

Folder Deleted : C:UsersBOBIDAppDataRoamingDriverCure

Folder Deleted : C:UsersBOBIDAppDataRoamingSpeedyPC Software

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCUSoftwareSpeedyPC Software

Key Deleted : HKLMSoftwareSpeedyPC Software

 

***** [ Browsers ] *****

 

- Internet Explorer v9.0.8112.16421

 

 

- Mozilla Firefox v25.0.1 (en-US)

 

[ File : C:UsersBOBIDAppDataRoamingMozillaFirefoxProfiles96xkwtb9.default-1385334207447prefs.js ]

 

 

*************************

 

AdwCleaner[R0].txt - [1026 octets] - [01/12/2013 12:13:26]

AdwCleaner[s0].txt - [965 octets] - [01/12/2013 12:14:18]

 

########## EOF - C:AdwCleanerAdwCleaner[s0].txt - [1024 octets] ##########

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 7 Ultimate x86

Ran by BOBID on ­Ґ¤ 01.12.2013 Ј. at 12:20:23,56

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] C:Program Files4zres.dll

 

 

 

~~~ Folders

 

 

 

~~~ FireFox

 

Emptied folder: C:UsersBOBIDAppDataRoamingmozillafirefoxprofiles96xkwtb9.default-1385334207447minidumps [19 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on ­Ґ¤ 01.12.2013 Ј. at 12:22:19,65

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

Fixlog.txt

Редактирано от Borislav Dimitrov_316597 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Публикувано изображение Изтеглете ComboFix Публикувано изображение от тук и го запазете на десктопа си
Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.
Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to disable your security applications by amateur
Стартирайте Combo-Fix.com Публикувано изображение и следвайте инструкциите.
Бележка: ComboFix ще се стартира без инсталирана Recovery Console.
Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repai режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

  • [*]Следвайте инструкциите, за да позволите на
ComboFix да изтегли и инсталира Microsoft Windows Recovery Console.В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.
Публикувано изображение
След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:
Публикувано изображение
Изберете Yes, за да продължи сканирането за зловреден софтуер.
Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:ComboFix.txt в следващия Ви коментар в тази тема.
Публикувано изображение Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
icotonev, на 01 Дек 2013 - 2:16 PM, написа:

Публикувано изображение Изтеглете ComboFix Публикувано изображение от тук и го запазете на десктопа си

Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to disable your security applications by amateur

Стартирайте Combo-Fix.com Публикувано изображение и следвайте инструкциите.

Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repai режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

[*]Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console.В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

Публикувано изображение

След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

Публикувано изображение

Изберете Yes, за да продължи сканирането за зловреден софтуер.

Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:ComboFix.txt в следващия Ви коментар в тази тема.

Публикувано изображение Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

 

 

ComboFix 13-11-27.01 - BOBID 12.2013 г.  15:14:57.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2046.774 [GMT 2:00]

Running from: c:usersBOBIDDesktopComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:programdatantuser.dat

c:windowssystem32FlashPlayerApp.exe

c:windowssystem32sysprepcryptbase.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-11-01 to 2013-12-01  )))))))))))))))))))))))))))))))

.

.

2013-12-01 13:21 . 2013-12-01 13:21 -------- d-----w- c:usersDefaultAppDataLocaltemp

2013-12-01 13:12 . 2013-12-01 13:12 40392 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{4CE9489F-F7A0-4FD3-94B2-C645C7F44127}MpKsla9adc612.sys

2013-12-01 12:00 . 2013-12-01 12:59 62576 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{4CE9489F-F7A0-4FD3-94B2-C645C7F44127}offreg.dll

2013-12-01 10:13 . 2013-12-01 10:14 -------- d-----w- C:AdwCleaner

2013-11-30 14:56 . 2013-11-08 01:15 7772552 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{4CE9489F-F7A0-4FD3-94B2-C645C7F44127}mpengine.dll

2013-11-29 12:35 . 2013-11-29 12:35 -------- d-----w- C:FRST

2013-11-29 09:36 . 2013-11-29 09:37 -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2013-11-29 09:36 . 2013-04-04 12:50 22856 ----a-w- c:windowssystem32driversmbam.sys

2013-11-29 00:27 . 2013-11-29 00:31 -------- d-----w- c:program filesAdvanced Fix 2013

2013-11-26 00:18 . 2013-11-28 00:11 -------- d-----w- c:usersBOBIDAppDataLocalCrashDumps

2013-11-25 23:56 . 2013-11-29 18:43 -------- d-----w- c:program filesWhoCrashed

2013-11-25 00:07 . 2013-11-25 00:07 -------- d-----w- c:program filesEnigma Software Group

2013-11-25 00:06 . 2013-11-25 00:43 -------- d-----w- c:windows220FB0354744483A9A0B41DF77061583.TMP

2013-11-24 20:29 . 2013-11-24 20:29 -------- d-----w- c:programdataHitmanPro

2013-11-24 20:25 . 2013-11-25 01:08 -------- d-----w- c:program filesAdblock Plus for IE

2013-11-24 20:25 . 2013-11-24 20:25 -------- d-----w- c:programdataPackage Cache

2013-11-24 19:17 . 2013-11-24 19:17 -------- d-----w- c:programdataArovax

2013-11-24 19:07 . 2013-11-24 19:07 -------- d-----w- c:usersBOBIDAppDataRoamingSecureSearch

2013-11-24 19:06 . 2013-11-24 22:04 -------- d-----w- c:program filesLavasoft

2013-11-24 19:05 . 2013-11-24 19:05 -------- d-----w- c:usersBOBIDAppDataRoamingLavasoftStatistics

2013-11-24 19:05 . 2013-11-24 19:05 -------- d-----w- c:programdataLavasoft

2013-11-24 19:05 . 2013-11-24 19:05 44424 ----a-w- c:windowssystem32sbbd.exe

2013-11-24 19:05 . 2013-11-24 19:05 13560 ----a-w- c:windowssystem32driversgfibto.sys

2013-11-24 19:05 . 2013-11-24 19:05 -------- d-----w- c:usersBOBIDAppDataRoamingAd-Aware Antivirus

2013-11-24 18:50 . 2013-11-24 18:50 -------- d-----w- c:programdataOracle

2013-11-24 18:49 . 2013-11-24 18:49 -------- d-----w- c:program filesCommon FilesJava

2013-11-24 18:49 . 2013-11-24 18:49 94632 ----a-w- c:windowssystem32WindowsAccessBridge.dll

2013-11-17 21:25 . 2013-11-18 10:33 71048 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-19 10:21 . 2011-09-09 12:05 230048 ------w- c:windowssystem32MpSigStub.exe

2013-11-08 01:15 . 2011-09-10 10:06 7772552 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2013-10-15 08:28 . 2013-10-15 08:28 29725 ----a-w- c:windowssystem32driverssmssvm.sys

2013-10-15 08:28 . 2013-10-15 08:28 50637 ----a-w- c:windowssystem32DLLA794.tmp

2013-10-05 14:40 . 2011-06-10 22:58 773800 ----a-w- c:windowssystem32msvcr100.dll

2013-10-05 14:40 . 2011-06-10 22:58 421032 ----a-w- c:windowssystem32msvcp100.dll

2012-07-31 13:13 . 2012-07-31 13:22 172464 ----a-w- c:program files4zres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"DAEMON Tools Lite"="c:program filesDAEMON Tools LiteDTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"IAStorIcon"="c:program filesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe" [2011-05-20 284440]

"StartCCC"="c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2011-07-28 336384]

"GrooveMonitor"="c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe" [2008-10-25 31072]

"AdobeAAMUpdater-1.0"="c:program filesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe" [2011-03-15 499608]

"SwitchBoard"="c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:program filesCommon FilesAdobeCS5.5ServiceManagerCS5.5ServiceManager.exe" [2011-01-12 1523360]

"WinampAgent"="c:program filesWinampwinampa.exe" [2013-11-26 85600]

"QuickTime Task"="c:program filesQuickTimeQTTask.exe" [2009-11-10 417792]

"lancl"="c:program filesLanCLlanclP.exe" [2005-10-13 761344]

"BigDog303"="c:windowsVM303_STI.EXE" [2006-01-24 61440]

"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2013-04-04 958576]

"CanonSolutionMenu"="c:program filesCanonSolutionMenuCNSLMAIN.exe" [2008-03-10 689488]

"CanonMyPrinter"="c:program filesCanonMyPrinterBJMyPrt.exe" [2008-03-17 1848648]

"APSDaemon"="c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe" [2013-01-28 59720]

"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2013-07-02 254336]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

R2 MBAMScheduler;MBAMScheduler;c:program filesMalwarebytes' Anti-Malwarembamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [2013-04-04 701512]

R2 SkypeUpdate;Skype Updater;c:program filesSkypeUpdaterUpdater.exe [2013-09-05 171680]

R3 cpudrv;cpudrv;c:program filesSystemRequirementsLabcpudrv.sys [2009-12-18 11336]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:program filesLavalysEVEREST Corporate Editionkerneld.wnt [2010-03-30 27760]

R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2013-04-04 22856]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:windowssystem32DRIVERSMijXfilt.sys [2012-05-12 99400]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:windowssystem32driversScreamingBAudio.sys [2009-12-01 34384]

R3 SwitchBoard;Adobe SwitchBoard;c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-09-09 1343400]

S0 gfibto;gfibto;c:windowssystem32driversgfibto.sys [2013-11-24 13560]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys [2011-11-23 232512]

S1 MpKsla9adc612;MpKsla9adc612;c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{4CE9489F-F7A0-4FD3-94B2-C645C7F44127}MpKsla9adc612.sys [2013-12-01 40392]

S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2011-07-28 176128]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:program filesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2011-05-20 13592]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:windowssystem32IProsetMonitor.exe [2011-06-29 112800]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW73.sys [2011-06-06 211984]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:windowssystem32DRIVERSMpNWMon.sys [2011-04-18 43392]

S3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [2011-04-27 65024]

S3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [2011-04-27 208944]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLA9ADC612

.

Contents of the 'Scheduled Tasks' folder

.

2013-12-01 c:windowsTasksAdobe Flash Player Updater.job

- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2013-11-17 10:33]

.

2013-12-01 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-01 21:05]

.

2013-12-01 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-01 21:05]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: Interfaces{27C40857-6252-4703-8ED9-397E4094732C}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} -

FF - ProfilePath - c:usersBOBIDAppDataRoamingMozillaFirefoxProfiles96xkwtb9.default-1385334207447

FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/

FF - ExtSQL: 2013-11-16 02:31; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:program filesMozilla Firefoxbrowserextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - ExtSQL: 2013-11-25 01:21; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:usersBOBIDAppDataRoamingMozillaFirefoxProfiles96xkwtb9.default-1385334207447extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

.

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesEverestDriver]

"ImagePath"="??c:program filesLavalysEVEREST Corporate Editionkerneld.wnt"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.032UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.032"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.abrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.abr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.aniUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ani"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.apdUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.apd"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.arwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.arw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bayUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bay"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bmpUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bmp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cr2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cr2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.crwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.crw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cs1UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cs1"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.curUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cur"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dcrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dcr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dcxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dcx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dibUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dib"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.djvUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.djv"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.djvuUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.djvu"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dngUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dng"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.emfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.emf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.epsUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.eps"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.erfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.erf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.fffUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fff"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.fpxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fpx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.gifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.gif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.hdrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.hdr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iclUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.icl"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.icnUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.icn"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iffUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.iff"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ilbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ilbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.intUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.int"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.intaUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.inta"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iw4UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.iw4"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.j2cUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.j2c"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.j2kUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.j2k"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jbrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jbr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jfifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jfif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jp2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jp2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpcUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpc"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpeUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpe"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpegUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpeg"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpgUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpg"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpkUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpk"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.kdcUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.kdc"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.lbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.lbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mefUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mef"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mosUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mos"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mrwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mrw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.nefUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.nef"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.nrwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.nrw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.orfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.orf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pbrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pbr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pcdUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pcd"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pctUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pct"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pcxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pcx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pefUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pef"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pgmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pgm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.picUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pic"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pictUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pict"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pixUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pix"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pngUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.png"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ppmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ppm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.psdUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.psd"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.psp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspbrushUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pspbrush"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspimageUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pspimage"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rafUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.raf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rasUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ras"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rawUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.raw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rgbUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rgb"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rgbaUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rgba"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rleUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rle"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rsbUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rsb"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rw2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rw2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rwlUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rwl"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.sgiUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sgi"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.sr2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sr2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.srfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.srf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.srwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.srw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tgaUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tga"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.thmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.thm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tiffUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tiff"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ttcUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ttc"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ttfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ttf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v40poUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40po"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v40ppUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40pp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v40ppfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40ppf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wbmpUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wbmp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wmfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wmf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xmpUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xmp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xpmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xpm"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

Completion time: 2013-12-01  15:23:06

ComboFix-quarantined-files.txt  2013-12-01 13:23

.

Pre-Run: 52 228 546 560 bytes free

Post-Run: 52 143 067 136 bytes free

.

- - End Of File - - 79AD3CF69B8D8F63319C7FEB80106BD8

A36C5E4F47E84449FF07ED3517B43A31

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:
 

KILLALL::ClearJavaCache::File::c:windowssystem32driverssmssvm.sysc:windowssystem32DLLA794.tmpc:windows220FB0354744483A9A0B41DF77061583.TMPDirLook::c:usersBOBIDAppDataRoamingSecureSearchFolder::c:usersBOBIDAppDataRoamingAd-Aware AntivirusDDS::Trusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.com

След съхранението преместете  CFScript.txt на иконата на ComboFix.exe
Публикувано изображение
Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

 

KILLALL::ClearJavaCache::File::c:windowssystem32driverssmssvm.sysc:windowssystem32DLLA794.tmpc:windows220FB0354744483A9A0B41DF77061583.TMPDirLook::c:usersBOBIDAppDataRoamingSecureSearchFolder::c:usersBOBIDAppDataRoamingAd-Aware AntivirusDDS::Trusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.com

След съхранението преместете  CFScript.txt на иконата на ComboFix.exe

Публикувано изображение

Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

 

 

ComboFix 13-11-27.01 - BOBID 12.2013 г.  19:50:45.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2046.1108 [GMT 2:00]

Running from: c:usersBOBIDDesktopComboFix.exe

Command switches used :: c:usersBOBIDDesktopCFScript.txt

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:windows220FB0354744483A9A0B41DF77061583.TMP"

"c:windowssystem32DLLA794.tmp"

"c:windowssystem32driverssmssvm.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:usersBOBIDAppDataRoamingAd-Aware Antivirus

c:usersBOBIDAppDataRoamingAd-Aware AntivirusLogs20131124T190537.048678PID3596GlamorousInstaller.log

c:usersBOBIDAppDataRoamingAd-Aware AntivirusLogs20131124T190537.048678PID3596GuiFramework.log

c:windowssystem32DLLA794.tmp

c:windowssystem32driverssmssvm.sys

.

.

((((((((((((((((((((((((( Files Created from 2013-11-01 to 2013-12-01  )))))))))))))))))))))))))))))))

.

.

2013-12-01 17:57 . 2013-12-01 17:57   -------- d-----w- c:usersDefaultAppDataLocaltemp

2013-12-01 17:48 . 2013-12-01 17:48   40392   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{4CE9489F-F7A0-4FD3-94B2-C645C7F44127}MpKsl7aa49a89.sys

2013-12-01 17:42 . 2013-12-01 17:58   62576   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{4CE9489F-F7A0-4FD3-94B2-C645C7F44127}offreg.dll

2013-12-01 14:23 . 2013-12-01 14:23   -------- d-----w- c:programdataMcAfee Security Scan

2013-12-01 14:23 . 2013-12-01 14:23   -------- d-----w- c:program filesMcAfee Security Scan

2013-12-01 14:21 . 2013-12-01 14:21   -------- d-----w- c:program filesMcAfeeScanAndRepair

2013-12-01 10:13 . 2013-12-01 10:14   -------- d-----w- C:AdwCleaner

2013-11-30 14:56 . 2013-11-08 01:15   7772552   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{4CE9489F-F7A0-4FD3-94B2-C645C7F44127}mpengine.dll

2013-11-29 12:35 . 2013-11-29 12:35   -------- d-----w- C:FRST

2013-11-29 09:36 . 2013-11-29 09:37   -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2013-11-29 09:36 . 2013-04-04 12:50   22856   ----a-w- c:windowssystem32driversmbam.sys

2013-11-29 00:27 . 2013-11-29 00:31   -------- d-----w- c:program filesAdvanced Fix 2013

2013-11-26 00:18 . 2013-11-28 00:11   -------- d-----w- c:usersBOBIDAppDataLocalCrashDumps

2013-11-25 23:56 . 2013-11-29 18:43   -------- d-----w- c:program filesWhoCrashed

2013-11-25 00:07 . 2013-11-25 00:07   -------- d-----w- c:program filesEnigma Software Group

2013-11-25 00:06 . 2013-11-25 00:43   -------- d-----w- c:windows220FB0354744483A9A0B41DF77061583.TMP

2013-11-24 20:29 . 2013-11-24 20:29   -------- d-----w- c:programdataHitmanPro

2013-11-24 20:25 . 2013-11-25 01:08   -------- d-----w- c:program filesAdblock Plus for IE

2013-11-24 20:25 . 2013-11-24 20:25   -------- d-----w- c:programdataPackage Cache

2013-11-24 19:17 . 2013-11-24 19:17   -------- d-----w- c:programdataArovax

2013-11-24 19:07 . 2013-11-24 19:07   -------- d-----w- c:usersBOBIDAppDataRoamingSecureSearch

2013-11-24 19:06 . 2013-11-24 22:04   -------- d-----w- c:program filesLavasoft

2013-11-24 19:05 . 2013-11-24 19:05   -------- d-----w- c:usersBOBIDAppDataRoamingLavasoftStatistics

2013-11-24 19:05 . 2013-11-24 19:05   -------- d-----w- c:programdataLavasoft

2013-11-24 19:05 . 2013-11-24 19:05   44424   ----a-w- c:windowssystem32sbbd.exe

2013-11-24 19:05 . 2013-11-24 19:05   13560   ----a-w- c:windowssystem32driversgfibto.sys

2013-11-24 18:50 . 2013-11-24 18:50   -------- d-----w- c:programdataOracle

2013-11-24 18:49 . 2013-11-24 18:49   -------- d-----w- c:program filesCommon FilesJava

2013-11-24 18:49 . 2013-11-24 18:49   94632   ----a-w- c:windowssystem32WindowsAccessBridge.dll

2013-11-17 21:25 . 2013-11-18 10:33   71048   ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-19 10:21 . 2011-09-09 12:05   230048 ------w- c:windowssystem32MpSigStub.exe

2013-11-08 01:15 . 2011-09-10 10:06   7772552   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2013-10-05 14:40 . 2011-06-10 22:58   773800 ----a-w- c:windowssystem32msvcr100.dll

2013-10-05 14:40 . 2011-06-10 22:58   421032 ----a-w- c:windowssystem32msvcp100.dll

2012-07-31 13:13 . 2012-07-31 13:22   172464 ----a-w- c:program files4zres.dll

.

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:usersBOBIDAppDataRoamingSecureSearch ----

.

2013-02-06 18:40 . 2013-02-06 18:40   15086   ----a-w- c:usersBOBIDAppDataRoamingSecureSearch{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}.ico

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"DAEMON Tools Lite"="c:program filesDAEMON Tools LiteDTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"IAStorIcon"="c:program filesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe" [2011-05-20 284440]

"StartCCC"="c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2011-07-28 336384]

"GrooveMonitor"="c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe" [2008-10-25 31072]

"AdobeAAMUpdater-1.0"="c:program filesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe" [2011-03-15 499608]

"SwitchBoard"="c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:program filesCommon FilesAdobeCS5.5ServiceManagerCS5.5ServiceManager.exe" [2011-01-12 1523360]

"WinampAgent"="c:program filesWinampwinampa.exe" [2013-11-26 85600]

"QuickTime Task"="c:program filesQuickTimeQTTask.exe" [2009-11-10 417792]

"lancl"="c:program filesLanCLlanclP.exe" [2005-10-13 761344]

"BigDog303"="c:windowsVM303_STI.EXE" [2006-01-24 61440]

"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2013-04-04 958576]

"CanonSolutionMenu"="c:program filesCanonSolutionMenuCNSLMAIN.exe" [2008-03-10 689488]

"CanonMyPrinter"="c:program filesCanonMyPrinterBJMyPrt.exe" [2008-03-17 1848648]

"APSDaemon"="c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe" [2013-01-28 59720]

"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2013-07-02 254336]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

McAfee Security Scan Plus.lnk - c:program filesMcAfee Security Scan3.8.130SSScheduler.exe [2013-9-6 273296]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

R2 SkypeUpdate;Skype Updater;c:program filesSkypeUpdaterUpdater.exe [2013-09-05 171680]

R3 cpudrv;cpudrv;c:program filesSystemRequirementsLabcpudrv.sys [2009-12-18 11336]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:program filesLavalysEVEREST Corporate Editionkerneld.wnt [2010-03-30 27760]

R3 McAfee ScanAndRepair Svc;McAfee ScanAndRepair Svc;c:program filesMcAfeeScanAndRepairMcAfeeScanRepairSvc.exe [2012-01-12 695640]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:program filesMcAfee Security Scan3.8.130McCHSvc.exe [2013-09-06 235216]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:windowssystem32DRIVERSMijXfilt.sys [2012-05-12 99400]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:windowssystem32driversScreamingBAudio.sys [2009-12-01 34384]

R3 SwitchBoard;Adobe SwitchBoard;c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-09-09 1343400]

S0 gfibto;gfibto;c:windowssystem32driversgfibto.sys [2013-11-24 13560]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys [2011-11-23 232512]

S1 MpKsl7aa49a89;MpKsl7aa49a89;c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{4CE9489F-F7A0-4FD3-94B2-C645C7F44127}MpKsl7aa49a89.sys [2013-12-01 40392]

S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2011-07-28 176128]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:program filesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2011-05-20 13592]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:windowssystem32IProsetMonitor.exe [2011-06-29 112800]

S2 MBAMScheduler;MBAMScheduler;c:program filesMalwarebytes' Anti-Malwarembamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [2013-04-04 701512]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW73.sys [2011-06-06 211984]

S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2013-04-04 22856]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:windowssystem32DRIVERSMpNWMon.sys [2011-04-18 43392]

S3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [2011-04-27 65024]

S3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [2011-04-27 208944]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-12-01 c:windowsTasksAdobe Flash Player Updater.job

- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2013-11-17 10:33]

.

2013-12-01 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-01 21:05]

.

2013-12-01 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-01 21:05]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

TCP: Interfaces{27C40857-6252-4703-8ED9-397E4094732C}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} -

FF - ProfilePath - c:usersBOBIDAppDataRoamingMozillaFirefoxProfiles96xkwtb9.default-1385334207447

FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/

FF - ExtSQL: 2013-11-16 02:31; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:program filesMozilla Firefoxbrowserextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - ExtSQL: 2013-11-25 01:21; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:usersBOBIDAppDataRoamingMozillaFirefoxProfiles96xkwtb9.default-1385334207447extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

.

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesEverestDriver]

"ImagePath"="??c:program filesLavalysEVEREST Corporate Editionkerneld.wnt"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.032UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.032"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.abrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.abr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.aniUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ani"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.apdUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.apd"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.arwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.arw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bayUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bay"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bmpUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bmp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cr2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cr2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.crwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.crw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cs1UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cs1"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.curUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cur"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dcrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dcr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dcxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dcx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dibUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dib"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.djvUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.djv"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.djvuUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.djvu"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dngUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dng"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.emfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.emf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.epsUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.eps"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.erfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.erf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.fffUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fff"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.fpxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fpx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.gifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.gif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.hdrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.hdr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iclUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.icl"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.icnUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.icn"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iffUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.iff"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ilbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ilbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.intUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.int"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.intaUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.inta"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iw4UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.iw4"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.j2cUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.j2c"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.j2kUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.j2k"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jbrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jbr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jfifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jfif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jp2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jp2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpcUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpc"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpeUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpe"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpegUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpeg"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpgUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpg"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpkUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpk"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.kdcUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.kdc"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.lbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.lbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mefUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mef"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mosUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mos"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mrwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mrw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.nefUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.nef"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.nrwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.nrw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.orfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.orf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pbrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pbr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pcdUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pcd"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pctUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pct"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pcxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pcx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pefUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pef"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pgmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pgm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.picUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pic"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pictUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pict"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pixUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pix"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pngUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.png"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ppmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ppm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.psdUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.psd"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.psp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspbrushUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pspbrush"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspimageUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pspimage"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rafUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.raf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rasUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ras"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rawUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.raw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rgbUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rgb"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rgbaUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rgba"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rleUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rle"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rsbUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rsb"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rw2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rw2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rwlUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rwl"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.sgiUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sgi"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.sr2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sr2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.srfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.srf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.srwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.srw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tgaUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tga"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.thmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.thm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tiffUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tiff"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ttcUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ttc"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ttfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ttf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v40poUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40po"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v40ppUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40pp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v40ppfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40ppf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wbmpUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wbmp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wmfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wmf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xmpUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xmp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xpmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xpm"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:program filesMicrosoft Security ClientAntimalwareMsMpEng.exe

c:windowssystem32atieclxx.exe

c:program filesCommon FilesAdobeARM1.0armsvc.exe

c:program filesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

c:program filesBonjourmDNSResponder.exe

c:program filesCanonIJPLMIJPLMSVC.EXE

c:windowssystem32taskhost.exe

c:program filesMalwarebytes' Anti-Malwarembamgui.exe

c:program filesCommon FilesProtexisLicense ServicePsiService_2.exe

c:windowssystem32conhost.exe

c:windowssystem32sppsvc.exe

c:program filesWindows Media Playerwmpnetwk.exe

.

**************************************************************************

.

Completion time: 2013-12-01  20:01:46 - machine was rebooted

ComboFix-quarantined-files.txt  2013-12-01 18:01

ComboFix2.txt  2013-12-01 13:23

.

Pre-Run: 52 131 086 336 bytes free

Post-Run: 52 098 633 728 bytes free

.

- - End Of File - - 6286A28F481E8E0B3E9B2951FFF11E79

A36C5E4F47E84449FF07ED3517B43A31

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

2013-12-01 14:23 . 2013-12-01 14:23   -------- d-----w- c:programdataMcAfee Security Scan

2013-12-01 14:23 . 2013-12-01 14:23   -------- d-----w- c:program filesMcAfee Security Scan

2013-12-01 14:21 . 2013-12-01 14:21   -------- d-----w- c:program filesMcAfeeScanAndRepair

 

Тук не сте спазили едно изискване:

 

Не инсталирайте никакъв хардуер или софтуер, както и не правете каквито и да било промени, свързани с вашия компютър. В случай, че волно или неволно това се случи, съобщете в темата си...

 

Не стига че системата ви е пълна със защитен софтуер,и се чудя как да ви изчистя системата ...защото той може да влезе в конфликт помежду си и да предизвика компютъра ви да работи бавно и да е нестабилно..ами вие продължавате да инсталирате друг такъв...!

 

 

Моля, деинсталирате програмата McAfee Security Scan Plus по стандартния начин..!

  За да се уверете, че няма остатъци..:

  Моля, изтеглите MCPR.exe и го запишете на вашия Desktop.

[*]   Затворете всички програми и щракнете двукратно върху MCPR.exe след това кликнете на Run

[*]   Следвайте инструкциите на екрана.

[*]   Когато процедурата приключи, ще се появи съобщение 'CLEANUP SUCCESSFUL'.

[*]   Кликнете върху ''Yes', за да рестартирате компютъра си.

[*]   След това изтрийте MCPR.exe от вашия работен плот.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
icotonev, на 01 Дек 2013 - 9:54 PM, написа:icotonev, на 01 Дек 2013 - 9:54 PM, написа:

 

 

Тук не сте спазили едно изискване:

 

 

Не стига че системата ви е пълна със защитен софтуер,и се чудя как да ви изчистя системата ...защото той може да влезе в конфликт помежду си и да предизвика компютъра ви да работи бавно и да е нестабилно..ами вие продължавате да инсталирате друг такъв...!

 

 

Моля, деинсталирате програмата McAfee Security Scan Plus по стандартния начин..!

  За да се уверете, че няма остатъци..:

  Моля, изтеглите MCPR.exe и го запишете на вашия Desktop.

[*]   Затворете всички програми и щракнете двукратно върху MCPR.exe след това кликнете на Run

[*]   Следвайте инструкциите на екрана.

[*]   Когато процедурата приключи, ще се появи съобщение 'CLEANUP SUCCESSFUL'.

[*]   Кликнете върху ''Yes', за да рестартирате компютъра си.

[*]   След това изтрийте MCPR.exe от вашия работен плот.

 

 

Изтрих я напълно. Няма да инсталирам никакви други програми. Не съобразих. McAfee ми беше инсталирана така или иначе преди това и просто я бях махнал.

 

Компютърът ми действително стана много бавен и започна да се рестартира сам все по-често, а вече започнаха да ми забиват всички сайтове. Появява ми се следното съобщение:post-344165-0-93625800-1385929490_thumb.

Редактирано от Borislav Dimitrov_316597 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..! А какво се случва с първоначалния проблем..? Все  още появява ли се рекламата..?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

 

 

Компютърът ми действително стана много бавен и започна да се рестартира сам все по-често, а вече започнаха да ми забиват всички сайтове. Появява ми се следното съобщение:Публикувано изображениеCapture2.JPG

 

 

А относно това съобщение :

 

http://support.microsoft.com/kb/2665946

http://support.amd.com/en-us/kb-articles/Pages/737-27116RadeonSeries-ATIKMDAGhasstoppedrespondingerrormessages.aspx

 

 

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

 

KILLALL::ClearJavaCache::Folder::c:program filesAdvanced Fix 2013c:program filesEnigma Software Groupc:programdataHitmanProc:programdataArovaxc:usersBOBIDAppDataRoamingSecureSearchc:program filesLavasoftc:usersBOBIDAppDataRoamingLavasoftStatisticsc:programdataLavasoft

След съхранението преместете  CFScript.txt на иконата на ComboFix.exe

Публикувано изображение

Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..! А какво се случва с първоначалния проблем..? Все  още появява ли се рекламата..?

 

 

Да, проблемът все още е налице :/ Рекламата се появява почти във всеки сайт.

 

 

Ето го рапорта:

 

ComboFix 13-12-01.01 - BOBID 12.2013 г.  12:27:31.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2046.1092 [GMT 2:00]

Running from: c:usersBOBIDDesktopComboFix.exe

Command switches used :: c:usersBOBIDDesktopCFScript.txt

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:program filesAdvanced Fix 2013

c:program filesAdvanced Fix 2013Evidence.xml

c:program filesAdvanced Fix 2013JunkFile.xml

c:program filesAdvanced Fix 2013RegBackupDir20131129023025.reg

c:program filesAdvanced Fix 2013Registry.xml

c:program filesAdvanced Fix 2013StatusInfo.DAT

c:program filesEnigma Software Group

c:program filesEnigma Software GroupSpyHuntercos.dat

c:program filesEnigma Software GroupSpyHuntergas.dat

c:program filesEnigma Software GroupSpyHuntergil.dat

c:program filesEnigma Software GroupSpyHunterINSTALL.LOG

c:program filesEnigma Software GroupSpyHunterLogSpyHunter4_20131125_020821.log

c:program filesEnigma Software GroupSpyHuntersafeol.dat

c:program filesEnigma Software GroupSpyHunterscanlog.log

c:program filesEnigma Software GroupSpyHuntersupportlog.txt

c:program filesEnigma Software GroupSpyHunterunkcache.dat

c:program filesLavasoft

c:programdataArovax

c:programdataHitmanPro

c:programdataHitmanProBanner.bin

c:programdataLavasoft

c:programdataLavasoftAd-Aware 11Logs20131124T220328.554246PID904AdAwareUpdater.log

c:usersBOBIDAppDataRoamingSecureSearch

c:usersBOBIDAppDataRoamingSecureSearch{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}.ico

.

.

((((((((((((((((((((((((( Files Created from 2013-11-02 to 2013-12-02  )))))))))))))))))))))))))))))))

.

.

2013-12-02 10:34 . 2013-12-02 10:34   -------- d-----w- c:usersDefaultAppDataLocaltemp

2013-12-02 10:26 . 2013-12-02 10:26   40392   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{50693466-128A-489F-B98A-18D01B17514D}MpKsl040a6859.sys

2013-12-02 10:16 . 2013-12-02 10:35   62576   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{50693466-128A-489F-B98A-18D01B17514D}offreg.dll

2013-12-01 18:34 . 2013-11-08 01:15   7772552   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{50693466-128A-489F-B98A-18D01B17514D}mpengine.dll

2013-12-01 10:13 . 2013-12-01 10:14   -------- d-----w- C:AdwCleaner

2013-11-29 12:35 . 2013-11-29 12:35   -------- d-----w- C:FRST

2013-11-29 09:36 . 2013-11-29 09:37   -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2013-11-29 09:36 . 2013-04-04 12:50   22856   ----a-w- c:windowssystem32driversmbam.sys

2013-11-26 00:18 . 2013-11-28 00:11   -------- d-----w- c:usersBOBIDAppDataLocalCrashDumps

2013-11-25 23:56 . 2013-11-29 18:43   -------- d-----w- c:program filesWhoCrashed

2013-11-25 00:06 . 2013-11-25 00:43   -------- d-----w- c:windows220FB0354744483A9A0B41DF77061583.TMP

2013-11-24 20:25 . 2013-11-25 01:08   -------- d-----w- c:program filesAdblock Plus for IE

2013-11-24 20:25 . 2013-11-24 20:25   -------- d-----w- c:programdataPackage Cache

2013-11-24 19:05 . 2013-11-24 19:05   -------- d-----w- c:usersBOBIDAppDataRoamingLavasoftStatistics

2013-11-24 19:05 . 2013-11-24 19:05   44424   ----a-w- c:windowssystem32sbbd.exe

2013-11-24 19:05 . 2013-11-24 19:05   13560   ----a-w- c:windowssystem32driversgfibto.sys

2013-11-24 18:50 . 2013-11-24 18:50   -------- d-----w- c:programdataOracle

2013-11-24 18:49 . 2013-11-24 18:49   -------- d-----w- c:program filesCommon FilesJava

2013-11-24 18:49 . 2013-11-24 18:49   94632   ----a-w- c:windowssystem32WindowsAccessBridge.dll

2013-11-17 21:25 . 2013-11-18 10:33   71048   ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-19 10:21 . 2011-09-09 12:05   230048 ------w- c:windowssystem32MpSigStub.exe

2013-11-08 01:15 . 2011-09-10 10:06   7772552   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2013-10-05 14:40 . 2011-06-10 22:58   773800 ----a-w- c:windowssystem32msvcr100.dll

2013-10-05 14:40 . 2011-06-10 22:58   421032 ----a-w- c:windowssystem32msvcp100.dll

2012-07-31 13:13 . 2012-07-31 13:22   172464 ----a-w- c:program files4zres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"DAEMON Tools Lite"="c:program filesDAEMON Tools LiteDTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"IAStorIcon"="c:program filesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe" [2011-05-20 284440]

"StartCCC"="c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2011-07-28 336384]

"GrooveMonitor"="c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe" [2008-10-25 31072]

"AdobeAAMUpdater-1.0"="c:program filesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe" [2011-03-15 499608]

"SwitchBoard"="c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:program filesCommon FilesAdobeCS5.5ServiceManagerCS5.5ServiceManager.exe" [2011-01-12 1523360]

"WinampAgent"="c:program filesWinampwinampa.exe" [2013-11-26 85600]

"QuickTime Task"="c:program filesQuickTimeQTTask.exe" [2009-11-10 417792]

"lancl"="c:program filesLanCLlanclP.exe" [2005-10-13 761344]

"BigDog303"="c:windowsVM303_STI.EXE" [2006-01-24 61440]

"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2013-04-04 958576]

"CanonSolutionMenu"="c:program filesCanonSolutionMenuCNSLMAIN.exe" [2008-03-10 689488]

"CanonMyPrinter"="c:program filesCanonMyPrinterBJMyPrt.exe" [2008-03-17 1848648]

"APSDaemon"="c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe" [2013-01-28 59720]

"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2013-07-02 254336]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

R2 SkypeUpdate;Skype Updater;c:program filesSkypeUpdaterUpdater.exe [2013-09-05 171680]

R3 cpudrv;cpudrv;c:program filesSystemRequirementsLabcpudrv.sys [2009-12-18 11336]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:program filesLavalysEVEREST Corporate Editionkerneld.wnt [2010-03-30 27760]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:windowssystem32DRIVERSMijXfilt.sys [2012-05-12 99400]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:windowssystem32driversScreamingBAudio.sys [2009-12-01 34384]

R3 SwitchBoard;Adobe SwitchBoard;c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-09-09 1343400]

S0 gfibto;gfibto;c:windowssystem32driversgfibto.sys [2013-11-24 13560]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys [2011-11-23 232512]

S1 MpKsl040a6859;MpKsl040a6859;c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{50693466-128A-489F-B98A-18D01B17514D}MpKsl040a6859.sys [2013-12-02 40392]

S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2011-07-28 176128]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:program filesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2011-05-20 13592]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:windowssystem32IProsetMonitor.exe [2011-06-29 112800]

S2 MBAMScheduler;MBAMScheduler;c:program filesMalwarebytes' Anti-Malwarembamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [2013-04-04 701512]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW73.sys [2011-06-06 211984]

S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2013-04-04 22856]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:windowssystem32DRIVERSMpNWMon.sys [2011-04-18 43392]

S3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [2011-04-27 65024]

S3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [2011-04-27 208944]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-12-01 c:windowsTasksAdobe Flash Player Updater.job

- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2013-11-17 10:33]

.

2013-12-02 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-01 21:05]

.

2013-12-01 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-01 21:05]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

TCP: Interfaces{27C40857-6252-4703-8ED9-397E4094732C}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} -

FF - ProfilePath - c:usersBOBIDAppDataRoamingMozillaFirefoxProfiles96xkwtb9.default-1385334207447

FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/

FF - ExtSQL: 2013-11-16 02:31; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:program filesMozilla Firefoxbrowserextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - ExtSQL: 2013-11-25 01:21; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:usersBOBIDAppDataRoamingMozillaFirefoxProfiles96xkwtb9.default-1385334207447extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

.

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesEverestDriver]

"ImagePath"="??c:program filesLavalysEVEREST Corporate Editionkerneld.wnt"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.032UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.032"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.abrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.abr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.aniUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ani"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.apdUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.apd"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.arwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.arw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bayUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bay"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bmpUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bmp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cr2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cr2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.crwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.crw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cs1UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cs1"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.curUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cur"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dcrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dcr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dcxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dcx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dibUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dib"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.djvUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.djv"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.djvuUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.djvu"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dngUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dng"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.emfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.emf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.epsUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.eps"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.erfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.erf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.fffUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fff"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.fpxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fpx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.gifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.gif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.hdrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.hdr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iclUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.icl"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.icnUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.icn"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iffUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.iff"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ilbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ilbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.intUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.int"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.intaUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.inta"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iw4UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.iw4"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.j2cUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.j2c"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.j2kUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.j2k"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jbrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jbr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jfifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jfif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jp2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jp2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpcUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpc"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpeUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpe"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpegUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpeg"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpgUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpg"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpkUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpk"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.kdcUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.kdc"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.lbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.lbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mefUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mef"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mosUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mos"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mrwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mrw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.nefUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.nef"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.nrwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.nrw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.orfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.orf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pbrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pbr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pcdUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pcd"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pctUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pct"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pcxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pcx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pefUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pef"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pgmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pgm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.picUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pic"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pictUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pict"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pixUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pix"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pngUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.png"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ppmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ppm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.psdUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.psd"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.psp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspbrushUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pspbrush"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspimageUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pspimage"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rafUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.raf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rasUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ras"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rawUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.raw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rgbUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rgb"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rgbaUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rgba"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rleUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rle"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rsbUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rsb"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rw2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rw2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rwlUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rwl"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.sgiUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sgi"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.sr2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sr2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.srfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.srf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.srwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.srw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tgaUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tga"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.thmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.thm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tiffUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tiff"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ttcUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ttc"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ttfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ttf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v40poUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40po"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v40ppUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40pp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v40ppfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40ppf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wbmpUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wbmp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wmfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wmf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xmpUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xmp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xpmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xpm"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:program filesMicrosoft Security ClientAntimalwareMsMpEng.exe

c:program filesCommon FilesAdobeARM1.0armsvc.exe

c:program filesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

c:windowssystem32atieclxx.exe

c:windowssystem32taskhost.exe

c:program filesBonjourmDNSResponder.exe

c:program filesCanonIJPLMIJPLMSVC.EXE

c:program filesCommon FilesProtexisLicense ServicePsiService_2.exe

c:program filesMalwarebytes' Anti-Malwarembamgui.exe

c:windowssystem32conhost.exe

c:windowssystem32sppsvc.exe

c:program filesWindows Media Playerwmpnetwk.exe

.

**************************************************************************

.

Completion time: 2013-12-02  12:38:55 - machine was rebooted

ComboFix-quarantined-files.txt  2013-12-02 10:38

ComboFix2.txt  2013-12-01 18:01

ComboFix3.txt  2013-12-01 13:23

.

Pre-Run: 53 947 514 880 bytes free

Post-Run: 53 909 069 824 bytes free

.

- - End Of File - - 6985E7D84BA41D7E59AAEA0CA12CB524

A36C5E4F47E84449FF07ED3517B43A31

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Проверете на VirusTotal следния файл: 

c:windowssystem32sbbd.exe

 

Публикувайте линк към резултата в следващия си пост..!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Проверете на VirusTotal следния файл: 

 

Публикувайте линк към резултата в следващия си пост..!

https://www.virustotal.com/bg/file/b864cae06d4db5e3f06e948127d5bbf5220a77c7e2b819ef0faa352a95ff815b/analysis/1385983454/

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:
 

KILLALL::File::c:windowssystem32driversgfibto.sysc:windowssystem32sbbd.exeDriver::gfibtoFolder::c:usersBOBIDAppDataRoamingLavasoftStatisticsDDS::Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} -

След съхранението преместете  CFScript.txt на иконата на ComboFix.exe
Публикувано изображение
Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

 

KILLALL::File::c:windowssystem32driversgfibto.sysc:windowssystem32sbbd.exeDriver::gfibtoFolder::c:usersBOBIDAppDataRoamingLavasoftStatisticsDDS::Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} -

След съхранението преместете  CFScript.txt на иконата на ComboFix.exe

Публикувано изображение

Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

 

 

ComboFix 13-12-01.01 - BOBID 12.2013 г.  17:56:24.4.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2046.1262 [GMT 2:00]

Running from: c:usersBOBIDDesktopComboFix.exe

Command switches used :: c:usersBOBIDDesktopCFScript.txt

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:windowssystem32driversgfibto.sys"

"c:windowssystem32sbbd.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:windowssystem32driversgfibto.sys

c:windowssystem32sbbd.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------Legacy_GFIBTO

-------Service_gfibto

.

.

((((((((((((((((((((((((( Files Created from 2013-11-02 to 2013-12-02  )))))))))))))))))))))))))))))))

.

.

2013-12-02 16:04 . 2013-12-02 16:04   40392   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{50693466-128A-489F-B98A-18D01B17514D}MpKslb8bcbe06.sys

2013-12-02 16:02 . 2013-12-02 16:02   -------- d-----w- c:usersDefaultAppDataLocaltemp

2013-12-02 15:55 . 2013-12-02 15:55   40392   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{50693466-128A-489F-B98A-18D01B17514D}MpKsl09c48366.sys

2013-12-02 10:40 . 2013-12-02 16:03   62576   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{50693466-128A-489F-B98A-18D01B17514D}offreg.dll

2013-12-01 18:34 . 2013-11-08 01:15   7772552   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{50693466-128A-489F-B98A-18D01B17514D}mpengine.dll

2013-12-01 10:13 . 2013-12-01 10:14   -------- d-----w- C:AdwCleaner

2013-11-29 12:35 . 2013-11-29 12:35   -------- d-----w- C:FRST

2013-11-29 09:36 . 2013-11-29 09:37   -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2013-11-29 09:36 . 2013-04-04 12:50   22856   ----a-w- c:windowssystem32driversmbam.sys

2013-11-26 00:18 . 2013-11-28 00:11   -------- d-----w- c:usersBOBIDAppDataLocalCrashDumps

2013-11-25 23:56 . 2013-11-29 18:43   -------- d-----w- c:program filesWhoCrashed

2013-11-25 00:06 . 2013-11-25 00:43   -------- d-----w- c:windows220FB0354744483A9A0B41DF77061583.TMP

2013-11-24 20:25 . 2013-11-25 01:08   -------- d-----w- c:program filesAdblock Plus for IE

2013-11-24 20:25 . 2013-11-24 20:25   -------- d-----w- c:programdataPackage Cache

2013-11-24 19:05 . 2013-11-24 19:05   -------- d-----w- c:usersBOBIDAppDataRoamingLavasoftStatistics

2013-11-24 18:50 . 2013-11-24 18:50   -------- d-----w- c:programdataOracle

2013-11-24 18:49 . 2013-11-24 18:49   -------- d-----w- c:program filesCommon FilesJava

2013-11-24 18:49 . 2013-11-24 18:49   94632   ----a-w- c:windowssystem32WindowsAccessBridge.dll

2013-11-17 21:25 . 2013-11-18 10:33   71048   ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-19 10:21 . 2011-09-09 12:05   230048 ------w- c:windowssystem32MpSigStub.exe

2013-11-08 01:15 . 2011-09-10 10:06   7772552   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2013-10-05 14:40 . 2011-06-10 22:58   773800 ----a-w- c:windowssystem32msvcr100.dll

2013-10-05 14:40 . 2011-06-10 22:58   421032 ----a-w- c:windowssystem32msvcp100.dll

2012-07-31 13:13 . 2012-07-31 13:22   172464 ----a-w- c:program files4zres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"DAEMON Tools Lite"="c:program filesDAEMON Tools LiteDTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"IAStorIcon"="c:program filesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe" [2011-05-20 284440]

"StartCCC"="c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2011-07-28 336384]

"GrooveMonitor"="c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe" [2008-10-25 31072]

"AdobeAAMUpdater-1.0"="c:program filesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe" [2011-03-15 499608]

"SwitchBoard"="c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:program filesCommon FilesAdobeCS5.5ServiceManagerCS5.5ServiceManager.exe" [2011-01-12 1523360]

"WinampAgent"="c:program filesWinampwinampa.exe" [2013-11-26 85600]

"QuickTime Task"="c:program filesQuickTimeQTTask.exe" [2009-11-10 417792]

"lancl"="c:program filesLanCLlanclP.exe" [2005-10-13 761344]

"BigDog303"="c:windowsVM303_STI.EXE" [2006-01-24 61440]

"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2013-04-04 958576]

"CanonSolutionMenu"="c:program filesCanonSolutionMenuCNSLMAIN.exe" [2008-03-10 689488]

"CanonMyPrinter"="c:program filesCanonMyPrinterBJMyPrt.exe" [2008-03-17 1848648]

"APSDaemon"="c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe" [2013-01-28 59720]

"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2013-07-02 254336]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

R2 SkypeUpdate;Skype Updater;c:program filesSkypeUpdaterUpdater.exe [2013-09-05 171680]

R3 cpudrv;cpudrv;c:program filesSystemRequirementsLabcpudrv.sys [2009-12-18 11336]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:program filesLavalysEVEREST Corporate Editionkerneld.wnt [2010-03-30 27760]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:windowssystem32DRIVERSMijXfilt.sys [2012-05-12 99400]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:windowssystem32driversScreamingBAudio.sys [2009-12-01 34384]

R3 SwitchBoard;Adobe SwitchBoard;c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-09-09 1343400]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys [2011-11-23 232512]

S1 MpKsl09c48366;MpKsl09c48366;c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{50693466-128A-489F-B98A-18D01B17514D}MpKsl09c48366.sys [2013-12-02 40392]

S1 MpKslb8bcbe06;MpKslb8bcbe06;c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{50693466-128A-489F-B98A-18D01B17514D}MpKslb8bcbe06.sys [2013-12-02 40392]

S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2011-07-28 176128]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:program filesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2011-05-20 13592]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:windowssystem32IProsetMonitor.exe [2011-06-29 112800]

S2 MBAMScheduler;MBAMScheduler;c:program filesMalwarebytes' Anti-Malwarembamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [2013-04-04 701512]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW73.sys [2011-06-06 211984]

S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2013-04-04 22856]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:windowssystem32DRIVERSMpNWMon.sys [2011-04-18 43392]

S3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [2011-04-27 65024]

S3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [2011-04-27 208944]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLB8BCBE06

.

Contents of the 'Scheduled Tasks' folder

.

2013-12-02 c:windowsTasksAdobe Flash Player Updater.job

- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2013-11-17 10:33]

.

2013-12-02 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-01 21:05]

.

2013-12-02 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-01 21:05]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

TCP: Interfaces{27C40857-6252-4703-8ED9-397E4094732C}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FF - ProfilePath - c:usersBOBIDAppDataRoamingMozillaFirefoxProfiles96xkwtb9.default-1385334207447

FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/

FF - ExtSQL: 2013-11-16 02:31; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:program filesMozilla Firefoxbrowserextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - ExtSQL: 2013-11-25 01:21; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:usersBOBIDAppDataRoamingMozillaFirefoxProfiles96xkwtb9.default-1385334207447extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

.

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesEverestDriver]

"ImagePath"="??c:program filesLavalysEVEREST Corporate Editionkerneld.wnt"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.032UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.032"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.abrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.abr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.aniUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ani"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.apdUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.apd"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.arwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.arw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bayUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bay"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bmpUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bmp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cr2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cr2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.crwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.crw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cs1UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cs1"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.curUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cur"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dcrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dcr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dcxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dcx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dibUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dib"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.djvUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.djv"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.djvuUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.djvu"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dngUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dng"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.emfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.emf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.epsUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.eps"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.erfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.erf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.fffUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fff"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.fpxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fpx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.gifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.gif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.hdrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.hdr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iclUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.icl"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.icnUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.icn"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iffUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.iff"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ilbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ilbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.intUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.int"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.intaUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.inta"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iw4UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.iw4"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.j2cUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.j2c"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.j2kUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.j2k"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jbrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jbr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jfifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jfif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jp2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jp2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpcUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpc"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpeUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpe"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpegUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpeg"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpgUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpg"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpkUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpk"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.kdcUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.kdc"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.lbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.lbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mefUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mef"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mosUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mos"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mrwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mrw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.nefUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.nef"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.nrwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.nrw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.orfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.orf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pbrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pbr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pcdUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pcd"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pctUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pct"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pcxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pcx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pefUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pef"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pgmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pgm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.picUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pic"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pictUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pict"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pixUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pix"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pngUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.png"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ppmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ppm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.psdUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.psd"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.psp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspbrushUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pspbrush"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspimageUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pspimage"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rafUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.raf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rasUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ras"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rawUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.raw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rgbUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rgb"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rgbaUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rgba"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rleUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rle"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rsbUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rsb"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rw2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rw2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rwlUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rwl"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.sgiUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sgi"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.sr2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sr2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.srfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.srf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.srwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.srw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tgaUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tga"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.thmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.thm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tiffUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tiff"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ttcUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ttc"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ttfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ttf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v40poUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40po"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v40ppUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40pp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v40ppfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40ppf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wbmpUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wbmp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wmfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wmf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xmpUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xmp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xpmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xpm"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:program filesMicrosoft Security ClientAntimalwareMsMpEng.exe

c:program filesCommon FilesAdobeARM1.0armsvc.exe

c:program filesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

c:windowssystem32atieclxx.exe

c:windowssystem32taskhost.exe

c:program filesBonjourmDNSResponder.exe

c:program filesCanonIJPLMIJPLMSVC.EXE

c:program filesCommon FilesProtexisLicense ServicePsiService_2.exe

c:program filesMalwarebytes' Anti-Malwarembamgui.exe

c:windowssystem32conhost.exe

c:windowssystem32sppsvc.exe

c:program filesWindows Media Playerwmpnetwk.exe

.

**************************************************************************

.

Completion time: 2013-12-02  18:07:09 - machine was rebooted

ComboFix-quarantined-files.txt  2013-12-02 16:07

ComboFix2.txt  2013-12-02 10:38

ComboFix3.txt  2013-12-01 18:01

ComboFix4.txt  2013-12-01 13:23

.

Pre-Run: 52 113 784 832 bytes free

Post-Run: 51 652 354 048 bytes free

.

- - End Of File - - EE1D1B5A318C6BF06EC225E7903B5A7E

A36C5E4F47E84449FF07ED3517B43A31

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Всичко е чисто..Не се виждат активни зарази..!
 
Контролни сканирания с:
 
Публикувано изображение Стартирайте програмата Malwarebytes' Anti-Malware отново и изберете "Perform quick scan", след това кликнете на Scan.
* Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата
* Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.
* Когато всичко бъде премахнато, в Notepad ще бъде отворен лог.

Копирайте този лог и го публикувайте в следващия си коментар по темата.

 


Публикувано изображение Изтеглете програмата: ESET Online Scanner

  • [*]Стартирайте esetsmartinstaller_enu.exe Публикувано изображение [*]Сложете отметка на
YES, I accept the Terms of Use и изберете Start:

  • [*]Публикувано изображение

  • [*]Скенерът ще започне да изтегля компонентите, които са му необходими:

  • [*]Публикувано изображение

Уверете се, че е премахната отметката от:

  • [*]
Remove found threats

Уверете се че са маркирани следните позиции:

  • [*]
Scan Archives

Кликнете върху Advanced Settings и маркирайте следните опции:

  • [*]
Scan for potentially unwanted applications [*]Scan for potentially unsafe applications [*]Enable Anti-Stealth Technology

Накрая изберете Start
Скенерът ще започне да изтегля последните дефиниции.

  • [*]След, като сканирането завърши изберете
Finish. [*]Отидете в: C:Program FilesESETESET Online Scanner [*]Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си коментар

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Версия на базата от данни: v2013.11.29.02

 

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

BOBID :: BOBID-PC [администратор]

 

3.12.2013 г. 11:42:51 ч.

mbam-log-2013-12-03 (11-42-51).txt

 

Тип сканиране: Бързо сканиране

Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUM

Изключени опции за сканиране: P2P

Сканирани обекти: 208802

Изминало време: 7 минута(и), 13 секунда(и)

 

Открити процеси в паметта: 0

(Не бяха открити зловредни обекти)

 

Открити модули в паметта: 0

(Не бяха открити зловредни обекти)

 

Открити ключове в системния регистър: 0

(Не бяха открити зловредни обекти)

 

Открити стойности в системния регистър: 0

(Не бяха открити зловредни обекти)

 

Открити информационни обекти в системния регистър: 0

(Не бяха открити зловредни обекти)

 

Открити папки: 0

(Не бяха открити зловредни обекти)

 

Открити файлове: 0

(Не бяха открити зловредни обекти)

 

(край)

 

 

 

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=6bd16a99e6ee98488ae66d033f7aaa9c

# engine=16114

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-12-03 12:32:21

# local_time=2013-12-03 02:32:21 (+0200, FLE Standard Time)

# country="Bulgaria"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=5892 16777213 100 100 70502208 82952011 0 0

# scanned=282574

# found=27

# cleaned=0

# scan_time=9263

sh=8CB90CB4140F153BEF5BEEA7D2BF8B1A4698B257 ft=1 fh=b4f82da70f82ecbb vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="C:GamesAngry BirdsbonusAngry Birds +2 Trainerab_plus2_multi_trainer.exe"

sh=754FEC3B6932B60987D9E94FB73E97C5D5A4826D ft=1 fh=48fb64a804c74d37 vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="C:GamesAngry Birds - RiobonusAngry Birds Rio +2 Trainerabr_plus2_trainer.exe"

sh=19A583E808851FAD0E2DA1434DFD84504932425B ft=1 fh=c1af0469fb2b54e2 vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="C:GamesAngry Birds - SpacebonusAngry Birds Space +2 Trainerabs_plus2_trainer.exe"

sh=28C7207A24A8D389CFED39713E06A8F0D736E309 ft=1 fh=37c2d2a84869a020 vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="C:GamesAngry Birds - Star WarsbonusAngry Star Wars +2 Trainerabsw_plus2_trainer.exe"

sh=FFA3E683CD05DEB392D4AC109867FBB5BF2AC594 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:UsersBOBIDAppDataLocalDownloaded Installations{4492DEC1-BDC9-4478-8C54-B5D2E67AF233}ACDSee Pro 4.msi"

sh=50D9778DF3CBDBFACBF574EDEF2D4F97F204FCDD ft=1 fh=ed7a265fa306582f vn="a variant of Win32/RegistryNuke application" ac=I fn="C:UsersBOBIDDownloadsAdvancedFix_Setup.exe"

sh=FFA3E683CD05DEB392D4AC109867FBB5BF2AC594 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:WindowsInstaller1cc2c8.msi"

sh=B001F7D0F1F9A7E61C5499E5C8350F497B5A3E18 ft=1 fh=2a21627c0d99789c vn="Win32/OpenCandy application" ac=I fn="E:INSTALLDAEMON Tools Lite 4.41.3.0173.exe"

sh=2B655133441643A144EBD155E0D2594C3E7DF3DF ft=1 fh=4146f00191504604 vn="Win32/OpenCandy application" ac=I fn="E:INSTALLDTLite4452-0287.exe"

sh=B350B8179B20CC52031DE65C9EB3853A3E15C96F ft=1 fh=0e5f14944e7f82b8 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="E:INSTALLKMPlayer-3.0.0.1440.exe"

sh=BC403B262F0C802F14B4149BCA4CEC3961CD35F3 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BH application" ac=I fn="E:INSTALLAdobe Photoshop CS5.1 v12.10 ExtendedAdobe.Photoshop.CS5.1.iso"

sh=DC3DD5071605FE0810A0EC1D925DD63F5A1210C0 ft=1 fh=f3f46d9c39357a1d vn="a variant of Win32/Keygen.AU application" ac=I fn="E:INSTALLCOREL.CORELDRAW.GRAPHICS.SUITE.X5.WITH.SP3.V15.2.0.686.INCL.KEYGEN.ENGLISH-COREcorel_app_keygen.exe"

sh=3F8D8918D66E38FC8E1F9A752BE5A000F77E27EF ft=1 fh=ee2fffa3ec68e89f vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="E:TorrentsAngry Birds - Anthology [RePack by KloneB@DGuY]Angry Birds - Rio [RePack by KloneB@DGuY]Setup.exe"

sh=AF63140CA2BB266DAF3325EEE5B5FBB00E396896 ft=1 fh=8bcb99e132df1060 vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="E:TorrentsAngry Birds - Anthology [RePack by KloneB@DGuY]Angry Birds - Seasons [RePack by KloneB@DGuY]Setup.exe"

sh=4F2E951C4006865CA228123ECAD520B10C2EB00A ft=1 fh=437b7fd321e0451a vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="E:TorrentsAngry Birds - Anthology [RePack by KloneB@DGuY]Angry Birds - Space [RePack by KloneB@DGuY]Setup.exe"

sh=01A8C8F95F745D059AD82CB83D76D0C29272B4F2 ft=1 fh=529c7ee44a462621 vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="E:TorrentsAngry Birds - Anthology [RePack by KloneB@DGuY]Angry Birds - Star Wars [RePack by KloneB@DGuY]Setup.exe"

sh=521CF612D929C965FF7C50AD2B5132254FEA76B9 ft=1 fh=6756dcc427d564c7 vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="E:TorrentsAngry Birds - Anthology [RePack by KloneB@DGuY]Angry Birds [RePack by KloneB@DGuY]Setup.exe"

sh=A6CC0FF8724E6F4F36D863E6B3E59DDF4CCF511B ft=1 fh=34e91e162952d149 vn="Win32/HackTool.Patcher.AD application" ac=I fn="E:TorrentsAngry Birds CollectionPatchesOffline Patch 1.4.exe"

sh=8CB90CB4140F153BEF5BEEA7D2BF8B1A4698B257 ft=1 fh=b4f82da70f82ecbb vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="E:TorrentsAngry Birds CollectionTrainersAngry BirdsTrainer.exe"

sh=754FEC3B6932B60987D9E94FB73E97C5D5A4826D ft=1 fh=48fb64a804c74d37 vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="E:TorrentsAngry Birds CollectionTrainersAngry Birds RioTrainer.exe"

sh=D1087D2663A02C58C4C763FFE0E264DD713FF11C ft=1 fh=7dba7f74889a3c25 vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="E:TorrentsAngry Birds CollectionTrainersAngry Birds SeasonsTrainer.exe"

sh=19A583E808851FAD0E2DA1434DFD84504932425B ft=1 fh=c1af0469fb2b54e2 vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="E:TorrentsAngry Birds CollectionTrainersAngry Birds SpaceTrainer.exe"

sh=28C7207A24A8D389CFED39713E06A8F0D736E309 ft=1 fh=37c2d2a84869a020 vn="a variant of Win32/HackTool.CheatEngine.AB application" ac=I fn="E:TorrentsAngry Birds CollectionTrainersAngry Birds StarwarsTrainer.exe"

sh=D6F470C92C5B9DA0F07362653CB60FCBC10DA3BB ft=1 fh=2bd66948ab1c005b vn="a variant of Win32/HackTool.Patcher.AD application" ac=I fn="E:TorrentsAngry Birds Star Wars 2 - PC [AmanRamgarhia]Crackangry.birds.all-patch.offline.v1.3.exe.BAK"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BL application" ac=I fn="E:TorrentsBatman.Arkham.Origins-RELOADEDrld-baaror.iso"

sh=0EFCA258D68918479A79B8D1E7FCC844111031E1 ft=1 fh=c55ccc1d3dc33c20 vn="Win32/OpenCandy application" ac=I fn="E:TorrentsFL Studio Producer Edition XXL 9.1FL Studio 9.1.exe"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/TrojanDropper.Agent.QEO trojan" ac=I fn="E:TorrentsTomb Raider [black Box]BB-tr.iso"

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:
 

KILLALL::File::C:UsersBOBIDAppDataLocalDownloaded Installations{4492DEC1-BDC9-4478-8C54-B5D2E67AF233}ACDSee Pro 4.msiC:UsersBOBIDDownloadsAdvancedFix_Setup.exeC:WindowsInstaller1cc2c8.msi

След съхранението преместете  CFScript.txt на иконата на ComboFix.exe
Публикувано изображение
Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

 

KILLALL::File::C:UsersBOBIDAppDataLocalDownloaded Installations{4492DEC1-BDC9-4478-8C54-B5D2E67AF233}ACDSee Pro 4.msiC:UsersBOBIDDownloadsAdvancedFix_Setup.exeC:WindowsInstaller1cc2c8.msi

След съхранението преместете  CFScript.txt на иконата на ComboFix.exe

Публикувано изображение

Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

 

ComboFix 13-12-01.01 - BOBID 12.2013 г.  16:19:04.6.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2046.1059 [GMT 2:00]

Running from: c:usersBOBIDDesktopComboFix.exe

Command switches used :: c:usersBOBIDDesktopCFScript.txt

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:usersBOBIDAppDataLocalDownloaded Installations{4492DEC1-BDC9-4478-8C54-B5D2E67AF233}ACDSee Pro 4.msi"

"c:usersBOBIDDownloadsAdvancedFix_Setup.exe"

"c:windowsInstaller1cc2c8.msi"

.

.

((((((((((((((((((((((((( Files Created from 2013-11-03 to 2013-12-03  )))))))))))))))))))))))))))))))

.

.

2013-12-03 14:27 . 2013-12-03 14:27   40392   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{E1E9549A-4019-420D-B06F-9C24C850ABBF}MpKsl2c7e3aff.sys

2013-12-03 14:26 . 2013-12-03 14:26   -------- d-----w- c:usersDefaultAppDataLocaltemp

2013-12-03 14:17 . 2013-12-03 14:17   40392   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{E1E9549A-4019-420D-B06F-9C24C850ABBF}MpKsl96ffc06a.sys

2013-12-03 14:06 . 2013-12-03 14:27   62576   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{E1E9549A-4019-420D-B06F-9C24C850ABBF}offreg.dll

2013-12-03 09:56 . 2013-12-03 09:56   -------- d-----w- c:program filesESET

2013-12-03 09:52 . 2013-11-08 01:15   7772552   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{E1E9549A-4019-420D-B06F-9C24C850ABBF}mpengine.dll

2013-12-01 10:13 . 2013-12-01 10:14   -------- d-----w- C:AdwCleaner

2013-11-29 12:35 . 2013-11-29 12:35   -------- d-----w- C:FRST

2013-11-29 09:36 . 2013-11-29 09:37   -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2013-11-29 09:36 . 2013-04-04 12:50   22856   ----a-w- c:windowssystem32driversmbam.sys

2013-11-26 00:18 . 2013-11-28 00:11   -------- d-----w- c:usersBOBIDAppDataLocalCrashDumps

2013-11-25 23:56 . 2013-12-03 13:11   -------- d-----w- c:program filesWhoCrashed

2013-11-25 00:06 . 2013-11-25 00:43   -------- d-----w- c:windows220FB0354744483A9A0B41DF77061583.TMP

2013-11-24 20:25 . 2013-11-25 01:08   -------- d-----w- c:program filesAdblock Plus for IE

2013-11-24 20:25 . 2013-11-24 20:25   -------- d-----w- c:programdataPackage Cache

2013-11-24 19:05 . 2013-11-24 19:05   -------- d-----w- c:usersBOBIDAppDataRoamingLavasoftStatistics

2013-11-24 18:50 . 2013-11-24 18:50   -------- d-----w- c:programdataOracle

2013-11-24 18:49 . 2013-11-24 18:49   -------- d-----w- c:program filesCommon FilesJava

2013-11-24 18:49 . 2013-11-24 18:49   94632   ----a-w- c:windowssystem32WindowsAccessBridge.dll

2013-11-17 21:25 . 2013-11-18 10:33   71048   ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-19 10:21 . 2011-09-09 12:05   230048 ------w- c:windowssystem32MpSigStub.exe

2013-11-08 01:15 . 2011-09-10 10:06   7772552   ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2013-10-05 14:40 . 2011-06-10 22:58   773800 ----a-w- c:windowssystem32msvcr100.dll

2013-10-05 14:40 . 2011-06-10 22:58   421032 ----a-w- c:windowssystem32msvcp100.dll

2012-07-31 13:13 . 2012-07-31 13:22   172464 ----a-w- c:program files4zres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"DAEMON Tools Lite"="c:program filesDAEMON Tools LiteDTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"IAStorIcon"="c:program filesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe" [2011-05-20 284440]

"StartCCC"="c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2011-07-28 336384]

"GrooveMonitor"="c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe" [2008-10-25 31072]

"AdobeAAMUpdater-1.0"="c:program filesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe" [2011-03-15 499608]

"SwitchBoard"="c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:program filesCommon FilesAdobeCS5.5ServiceManagerCS5.5ServiceManager.exe" [2011-01-12 1523360]

"WinampAgent"="c:program filesWinampwinampa.exe" [2013-11-26 85600]

"QuickTime Task"="c:program filesQuickTimeQTTask.exe" [2009-11-10 417792]

"lancl"="c:program filesLanCLlanclP.exe" [2005-10-13 761344]

"BigDog303"="c:windowsVM303_STI.EXE" [2006-01-24 61440]

"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2013-04-04 958576]

"CanonSolutionMenu"="c:program filesCanonSolutionMenuCNSLMAIN.exe" [2008-03-10 689488]

"CanonMyPrinter"="c:program filesCanonMyPrinterBJMyPrt.exe" [2008-03-17 1848648]

"APSDaemon"="c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe" [2013-01-28 59720]

"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2013-07-02 254336]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

R2 SkypeUpdate;Skype Updater;c:program filesSkypeUpdaterUpdater.exe [2013-09-05 171680]

R3 cpudrv;cpudrv;c:program filesSystemRequirementsLabcpudrv.sys [2009-12-18 11336]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:program filesLavalysEVEREST Corporate Editionkerneld.wnt [2010-03-30 27760]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:windowssystem32DRIVERSMijXfilt.sys [2012-05-12 99400]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:windowssystem32driversScreamingBAudio.sys [2009-12-01 34384]

R3 SwitchBoard;Adobe SwitchBoard;c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-09-09 1343400]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys [2011-11-23 232512]

S1 MpKsl2c7e3aff;MpKsl2c7e3aff;c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{E1E9549A-4019-420D-B06F-9C24C850ABBF}MpKsl2c7e3aff.sys [2013-12-03 40392]

S1 MpKsl96ffc06a;MpKsl96ffc06a;c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{E1E9549A-4019-420D-B06F-9C24C850ABBF}MpKsl96ffc06a.sys [2013-12-03 40392]

S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2011-07-28 176128]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:program filesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2011-05-20 13592]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:windowssystem32IProsetMonitor.exe [2011-06-29 112800]

S2 MBAMScheduler;MBAMScheduler;c:program filesMalwarebytes' Anti-Malwarembamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [2013-04-04 701512]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW73.sys [2011-06-06 211984]

S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2013-04-04 22856]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:windowssystem32DRIVERSMpNWMon.sys [2011-04-18 43392]

S3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [2011-04-27 65024]

S3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [2011-04-27 208944]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL2C7E3AFF

.

Contents of the 'Scheduled Tasks' folder

.

2013-12-03 c:windowsTasksAdobe Flash Player Updater.job

- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2013-11-17 10:33]

.

2013-12-03 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-01 21:05]

.

2013-12-03 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2011-11-01 21:05]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

TCP: Interfaces{27C40857-6252-4703-8ED9-397E4094732C}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FF - ProfilePath - c:usersBOBIDAppDataRoamingMozillaFirefoxProfiles96xkwtb9.default-1385334207447

FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/

FF - ExtSQL: 2013-11-16 02:31; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:program filesMozilla Firefoxbrowserextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - ExtSQL: 2013-11-25 01:21; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:usersBOBIDAppDataRoamingMozillaFirefoxProfiles96xkwtb9.default-1385334207447extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

.

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesEverestDriver]

"ImagePath"="??c:program filesLavalysEVEREST Corporate Editionkerneld.wnt"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.032UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.032"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.abrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.abr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.aniUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ani"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.apdUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.apd"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.arwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.arw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bayUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bay"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bmpUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bmp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.bwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cr2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cr2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.crwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.crw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cs1UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cs1"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.curUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cur"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dcrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dcr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dcxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dcx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dibUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dib"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.djvUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.djv"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.djvuUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.djvu"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.dngUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dng"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.emfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.emf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.epsUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.eps"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.erfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.erf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.fffUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fff"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.fpxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fpx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.gifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.gif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.hdrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.hdr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iclUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.icl"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.icnUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.icn"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iffUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.iff"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ilbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ilbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.intUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.int"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.intaUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.inta"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iw4UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.iw4"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.j2cUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.j2c"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.j2kUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.j2k"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jbrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jbr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jfifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jfif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jp2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jp2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpcUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpc"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpeUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpe"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpegUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpeg"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpgUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpg"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpkUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpk"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.kdcUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.kdc"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.lbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.lbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mefUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mef"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mosUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mos"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mrwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mrw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.nefUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.nef"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.nrwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.nrw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.orfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.orf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pbrUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pbr"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pcdUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pcd"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pctUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pct"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pcxUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pcx"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pefUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pef"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pgmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pgm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.picUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pic"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pictUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pict"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pixUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pix"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pngUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.png"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ppmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ppm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.psdUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.psd"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.psp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspbrushUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pspbrush"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pspimageUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pspimage"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rafUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.raf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rasUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ras"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rawUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.raw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rgbUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rgb"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rgbaUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rgba"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rleUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rle"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rsbUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rsb"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rw2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rw2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rwlUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rwl"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.sgiUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sgi"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.sr2UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sr2"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.srfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.srf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.srwUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.srw"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tgaUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tga"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.thmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.thm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tiffUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tiff"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ttcUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ttc"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ttfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ttf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v40poUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40po"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v40ppUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40pp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.v40ppfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40ppf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wbmpUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wbmp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wmfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wmf"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xbmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xbm"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xifUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xif"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xmpUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xmp"

.

[HKEY_USERSS-1-5-21-2012342892-1899436567-3279090847-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xpmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xpm"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:program filesMicrosoft Security ClientAntimalwareMsMpEng.exe

c:program filesCommon FilesAdobeARM1.0armsvc.exe

c:program filesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

c:windowssystem32atieclxx.exe

c:windowssystem32taskhost.exe

c:program filesBonjourmDNSResponder.exe

c:program filesCanonIJPLMIJPLMSVC.EXE

c:program filesCommon FilesProtexisLicense ServicePsiService_2.exe

c:program filesMalwarebytes' Anti-Malwarembamgui.exe

c:windowssystem32conhost.exe

c:windowssystem32sppsvc.exe

c:program filesWindows Media Playerwmpnetwk.exe

.

**************************************************************************

.

Completion time: 2013-12-03  16:30:39 - machine was rebooted

ComboFix-quarantined-files.txt  2013-12-03 14:30

ComboFix2.txt  2013-12-03 13:47

ComboFix3.txt  2013-12-02 16:07

ComboFix4.txt  2013-12-02 10:38

ComboFix5.txt  2013-12-03 14:10

.

Pre-Run: 52 910 407 680 bytes free

Post-Run: 52 856 922 112 bytes free

.

- - End Of File - - 0E95C03E050F9C00C55C0D6D9CCA5CAC

A36C5E4F47E84449FF07ED3517B43A31

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Горещи теми в момента

  • Подобни теми

    • от bumblebee
      Здравейте момчета
      днеска си търсех програми за видеообработка и като най-големия тъпак, знаейки, че нещо не е ОК, изтеглих windows movie maker от някакъв си сайт. 
      Та след като дадох open антивирусната ми програма - kaspersky с платен лиценз, изпищя и блокира отварянето и тн. 
      Има ли от какво да се притеснявам, въпреки, че антивирусната е блокирала "това", или трябва да взема някакви други мерки? 
      Поствам снимка, за да видите...

    • от soulflykc
      Здравейте, имам проблем с компютър който ми се явява офисен. Най-често се проявява след обяд след 15ч.  Хард диска не спира да върти и е почти невъзможно да се работи нормално. Имаме си системен админ който не успя да установи от какво се случва и преинсталира уиндоуса който беше Win 7 64 bit professional с win 8.1 64 бит. Това нямаше голям успех тъй като проблема си остава.
      ъпдейтите на уиндоуса са спряни. като пусна таск мениджъра единствено което ми показва че ползва харддиска е MS windows search indexer, system, service host : local /имам предвид над 2 МБ/с /
       
      имам едно приложение /Activity Indicator/ което ми показва най често това съобщение:
       
      Change: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\I70M2HNG\ls.hit.gemius[1].xml
       
      Проблема не се случва всеки ден и не съм намерил логика кога се появява, също така изобщо не ползвам IE.
       
      Ако някой има някаква идея какво да търся или къде да гледам моля да я сподели. Също така каква информация бих могъл да предоставя за анализ. Логове и т.н.
       
      благодаря.
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Дарение

×