Премини към съдържанието

Препоръчан отговор


Здравейте, днес се сблъсквам с голям проблем.. лаптоп Pavilion G6 който се ползва по час два на ден за Фейсбук и vbox работи изключително бавно особенно като се има в предвид четириядреният процесор, четирите гигабайта рам и заети 30 гигабайта от 300 гигабайтовия хард диск. Доста често Firefox спира да отговаря и минават две три минути докато почне да реагира. Понякога се затруднява дори от изкарване на менюто при десен клик. Изтеглих CCleaner първото сканира трая около 5 минути и реших че е така защото е първо пускане а от месеци не е пускана подобна програма, но реших да го пусна и втори път, е и втория път сканирането и почистването отне близо 5 минути. Операционната система е 64 битова 7-ца. Лаптопа се ползва само на зарядно защото батерията е полу-умряла. За друго важно което трябва да споменя не се сещам в момента ако съм изпуснал нещо - питайте.

Ето и логовете от Farbar:

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 01


Ran by User (administrator) on USER-PC on 15-07-2014 15:18:48
Running from C:UsersUserDownloads
Platform: Windows 7 Ultimate Service Pack 3 (X64) OS Language: Български (България)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:WindowsSystem32atiesrxx.exe
(AMD) C:WindowsSystem32atieclxx.exe
(Advanced Micro Devices, Inc.) C:WindowsSystem32atibtmon.exe
(Microsoft Corporation) C:WindowsSystem32wlanext.exe
(Avira GmbH) C:Program Files (x86)AviraAntiVir Desktopsched.exe
(Advanced Micro Devices, Inc.) C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe
(Avira GmbH) C:Program Files (x86)AviraAntiVir Desktopavguard.exe
(Atheros) C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe
(Atheros Commnucations) C:Program Files (x86)Bluetooth SuiteAdminService.exe
(Avira GmbH) C:Program Files (x86)AviraAntiVir Desktopavshadow.exe
(Atheros Communications) C:Program Files (x86)Bluetooth SuiteBtvStack.exe
(Atheros Commnucations) C:Program Files (x86)Bluetooth SuiteAthBtTray.exe
(Google Inc.) C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
(Microsoft Corporation) C:Program Files (x86)SkypeToolbarsAutoUpdateSkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:Program Files (x86)SkypeToolbarsPNRSvcSkypeC2CPNRSvc.exe
() C:ProgramDataDatacardServiceHWDeviceService64.exe
(Realsil Microelectronics Inc.) C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe
(Skype Technologies S.A.) C:Program Files (x86)SkypePhoneSkype.exe
(Sun Microsystems, Inc.) C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
(VER_COMPANY_NAME) C:Program Files (x86)Retrogamer_2zbar1.bin2zbrmon.exe
(Avira GmbH) C:Program Files (x86)AviraAntiVir Desktopavgnt.exe
(Huawei Technologies Co., Ltd.) C:ProgramDataDatacardServiceDCSHelper.exe
(COMPANYVERS_NAME) C:Program Files (x86)Retrogamer_2zbar1.bin2zbarsvc.exe
() C:ProgramDataVIVACOM 3G USB ModemOnlineUpdateouc.exe
(Microsoft Corporation) C:WindowsSystem32UI0Detect.exe
(Advanced Micro Devices Inc.) C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe
(ATI Technologies Inc.) C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe
(Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe
(Hewlett-Packard Company) C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSA_Service.exe
(Sun Microsystems, Inc.) C:Program Files (x86)Common FilesJavaJava Updatejucheck.exe
(Valve Corporation) C:Program Files (x86)SteamSteam.exe
(Mozilla Corporation) C:Program Files (x86)Mozilla Firefoxfirefox.exe


==================== Registry (Whitelisted) ==================

HKLM...Run: [synTPEnh] => C:Program FilesSynapticsSynTPSynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM...Run: [AtherosBtStack] => C:Program Files (x86)Bluetooth SuiteBtvStack.exe [627360 2011-05-09] (Atheros Communications)
HKLM...Run: [AthBtTray] => C:Program Files (x86)Bluetooth SuiteAthBtTray.exe [379552 2011-05-09] (Atheros Commnucations)
HKLM-x32...Run: [] => [X]
HKLM-x32...Run: [sunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32...Run: [startCCC] => c:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe [336384 2011-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32...Run: [Retrogamer_2z Browser Plugin Loader] => C:Program Files (x86)Retrogamer_2zbar1.bin2zbrmon.exe [30096 2011-11-19] (VER_COMPANY_NAME)
HKLM-x32...Run: [avgnt] => C:Program Files (x86)AviraAntiVir Desktopavgnt.exe [281768 2011-04-21] (Avira GmbH)
HKLM-x32...Run: [Adobe Reader Speed Launcher] => C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM-x32...Run: [Adobe ARM] => C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKUS-1-5-21-3101043893-4234789736-1310052087-1000...Run: [swg] => C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [39408 2012-06-04] (Google Inc.)
HKUS-1-5-21-3101043893-4234789736-1310052087-1000...Run: [RGSC] => C:Program Files (x86)Rockstar GamesRockstar Games Social ClubRGSCLauncher.exe /silent
HKUS-1-5-21-3101043893-4234789736-1310052087-1000...Run: [EA Core] => "C:Program Files (x86)Electronic ArtsEADMCore.exe" -silent
HKUS-1-5-21-3101043893-4234789736-1310052087-1000...Run: [skype] => C:Program Files (x86)SkypePhoneSkype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKUS-1-5-21-3101043893-4234789736-1310052087-1000...MountPoints2: I - I:AutoRun.exe
HKUS-1-5-21-3101043893-4234789736-1310052087-1000...MountPoints2: J - J:AutoRun.exe
HKUS-1-5-21-3101043893-4234789736-1310052087-1000...MountPoints2: {89fcd7e5-2ba0-11e1-a757-d0df9a4ce1b4} - G:Autorun.exe
HKUS-1-5-21-3101043893-4234789736-1310052087-1000...MountPoints2: {8b44d035-00b6-11e1-841a-d0df9a4ce1b4} - I:AutoRun.exe
HKUS-1-5-21-3101043893-4234789736-1310052087-1000...MountPoints2: {8e217f7d-f31d-11e0-8416-806e6f6e6963} - F:VIVACOM_Net-WiFiModem.exe
HKUS-1-5-21-3101043893-4234789736-1310052087-1000...MountPoints2: {fed56586-f425-11e0-9bfb-d0df9a4ce1b4} - G:AutoRun.exe
HKUS-1-5-21-3101043893-4234789736-1310052087-1000...MountPoints2: {fed56596-f425-11e0-9bfb-d0df9a4ce1b4} - I:AutoRun.exe
HKUS-1-5-21-3101043893-4234789736-1310052087-1000...MountPoints2: {fed56749-f425-11e0-9bfb-d0df9a4ce1b4} - J:AutoRun.exe

==================== Internet (Whitelisted) ====================

URLSearchHook: HKCU - (No Name) - {1c583e40-0629-4bb9-ab68-1cf539f2f782} - C:Program Files (x86)Retrogamer_2zbar1.bin2zSrcAs.dll (MindSpark)
StartMenuInternet: IEXPLORE.EXE - C:Program Files (x86)Internet Exploreriexplore.exe
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Assistant BHO -> {6ffed9d8-942f-4384-aa29-d3bd083a346a} -> C:Program Files (x86)Retrogamer_2zbar1.bin2zSrcAs.dll (MindSpark)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:Program Files (x86)Bluetooth SuiteIEPlugIn.dll (Atheros Commnucations)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:Program Files (x86)SkypeToolbarsInternet ExplorerSkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Toolbar BHO -> {fc1e426b-fa76-428f-b680-86ef1edb13c1} -> C:Program Files (x86)Retrogamer_2zbar1.bin2zbar.dll (MindSpark)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Retrogamer - {54ba686e-738f-42fe-badd-d8cb7cfbc07e} - C:Program Files (x86)Retrogamer_2zbar1.bin2zbar.dll (MindSpark)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorer x64skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:Program Files (x86)Common FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
Handler-x32: httpoledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:Program Files (x86)Common FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
Handler-x32: https0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:Program Files (x86)Common FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
Handler-x32: httpsoledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:Program Files (x86)Common FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:Program Files (x86)Common FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
Handler-x32: msdaippoledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:Program Files (x86)Common FilesSYSTEMOLE DBmsdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet ExplorerSkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
TcpipParameters: [DhcpNameServer] 80.80.128.161 80.80.128.193

FireFox:
========
FF ProfilePath: C:UsersUserAppDataRoamingMozillaFirefoxProfilesm360zmty.default
FF SearchEngineOrder.3: Bing
FF Homepage: https://www.google.bg/
FF Plugin: @adobe.com/FlashPlayer - C:Windowssystem32MacromedFlashNPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - C:Windowssystem32WatnpWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:WindowsSysWOW64MacromedFlashNPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:WindowsSysWOW64AdobeDirectornp32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:WindowsSysWOW64npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinplugin2npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:Windowssystem32WatnpWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Retrogamer_2z.com/Plugin - C:Program Files (x86)Retrogamer_2zbar1.binNP2zStub.dll (MindSpark)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:Program Files (x86)GoogleUpdate1.3.24.15npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:Program Files (x86)GoogleUpdate1.3.24.15npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:Program Files (x86)VideoLANVLCnpvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:Program Files (x86)AdobeReader 9.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @onlive.com/OnLiveGameClientDetector,version=1.0.0 - C:Program Files (x86)OnLivePluginnpolgdet.dll No File
FF Plugin ProgramFiles/Appdata: C:Program Files (x86)mozilla firefoxpluginsnppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:Program Files (x86)mozilla firefoxpluginsnpwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchplugins911bg.xml
FF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginsdiribg.xml
FF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginspe-bg.xml
FF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginsportalbgdict.xml
FF Extension: Retrogamer - C:UsersUserAppDataRoamingMozillaFirefoxProfilesm360zmty.defaultExtensions2zffxtbr@Retrogamer_2z.com [2011-11-19]
FF Extension: UploadScreenshot.com Capture - C:UsersUserAppDataRoamingMozillaFirefoxProfilesm360zmty.defaultExtensionsuss-button@uploadscreenshot.com.xpi [2012-08-27]
FF Extension: Adblock Plus - C:UsersUserAppDataRoamingMozillaFirefoxProfilesm360zmty.defaultExtensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-26]
FF Extension: Skype Click to Call - C:Program Files (x86)Mozilla Firefoxbrowserextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-10]
FF HKLM-x32...FirefoxExtensions: [2zffxtbr@Retrogamer_2z.com] - C:Program Files (x86)Retrogamer_2zbar1.bin
FF Extension: Retrogamer - C:Program Files (x86)Retrogamer_2zbar1.bin [2011-11-19]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR DefaultSearchKeyword: search.babylon.com
CHR DefaultSearchProvider: Search the web (Babylon)
CHR DefaultSearchURL: http://isearch.babylon.com/?q={searchTerms}&affID=119776&tt=110413_noprt&babsrc=SP_ss_gr2&mntrId=8C45F2DF9A4C7224
CHR DefaultNewTabURL:
CHR Extension: (Ask Toolbar) - C:UsersUserAppDataLocalGoogleChromeUser DataDefaultExtensionsaaaankekocooibmfeajjcdfdodmjkibg [2013-04-11]
CHR Extension: (Google Документи) - C:UsersUserAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2014-02-18]
CHR Extension: (Skype Click to Call) - C:UsersUserAppDataLocalGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-11]
CHR Extension: (Google Wallet) - C:UsersUserAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2014-03-14]
CHR HKLM-x32...ChromeExtension: [aaaankekocooibmfeajjcdfdodmjkibg] - C:UsersUserAppDataLocalAPNGoogleCRXsaaaankekocooibmfeajjcdfdodmjkibg_7.15.4.0.crx [2012-06-27]
CHR HKLM-x32...ChromeExtension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:Program Files (x86)SkypeToolbarsChromeExtensionskype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32...ChromeExtension: [mbcjjdjanpccmehilicphhmeobiljcpk] - C:Program Files (x86)FTDownloader.comFTDownloader10.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; c:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:Program Files (x86)AviraAntiVir Desktopsched.exe [136360 2011-04-21] (Avira GmbH)
R2 AntiVirService; C:Program Files (x86)AviraAntiVir Desktopavguard.exe [269480 2011-10-10] (Avira GmbH)
R2 Atheros Bt&Wlan Coex Agent; C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe [146592 2011-05-09] (Atheros) [File not signed]
R2 AtherosSvc; C:Program Files (x86)Bluetooth Suiteadminservice.exe [80032 2011-05-09] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:Program Files (x86)SkypeToolbarsAutoUpdateSkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:Program Files (x86)SkypeToolbarsPNRSvcSkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 HP Support Assistant Service; C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HWDeviceService64.exe; C:ProgramDataDatacardServiceHWDeviceService64.exe [346976 2011-03-14] ()
R2 Retrogamer_2zService; C:Program Files (x86)Retrogamer_2zbar1.bin2zbarsvc.exe [42504 2011-11-19] (COMPANYVERS_NAME)
S2 VIVACOM 3G USB Modem. RunOuc; C:Program Files (x86)VIVACOM 3G USB ModemUpdateDogouc.exe [246112 2011-10-17] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:WindowsSystem32DRIVERSavgntflt.sys [88288 2011-10-10] (Avira GmbH)
R1 avipbb; C:WindowsSystem32DRIVERSavipbb.sys [123784 2011-10-10] (Avira GmbH)
R1 dtsoftbus01; C:WindowsSystem32DRIVERSdtsoftbus01.sys [270912 2011-12-25] (DT Soft Ltd)
S3 glynnxxGE; C:UsersWindowsglynnharr.sys [161396 2011-07-08] () [File not signed]
S3 Serial; C:Windowssystem32driversserial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S0 sfdrv01; C:WindowsSystem32driverssfdrv01.sys [75640 2006-07-05] (Protection Technology (StarForce))
R0 sfvfs02; C:WindowsSystem32driverssfvfs02.sys [106360 2007-01-12] (Protection Technology (StarForce))
S3 ALSysIO; ??C:UsersUserAppDataLocalTempALSysIO64.sys [X]
S3 androidusb; System32Driversssadadb.sys [X]
S3 ssadbus; system32DRIVERSssadbus.sys [X]
S3 ssadmdfl; system32DRIVERSssadmdfl.sys [X]
S3 ssadmdm; system32DRIVERSssadmdm.sys [X]
S3 ssadserd; system32DRIVERSssadserd.sys [X]
S3 VGPU; System32driversrdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-15 15:18 - 2014-07-15 15:19 - 00018156 _____ () C:UsersUserDownloadsFRST.txt
2014-07-15 15:12 - 2014-07-15 15:18 - 00000000 ____D () C:FRST
2014-07-15 15:11 - 2014-07-15 15:12 - 02086912 _____ (Farbar) C:UsersUserDownloadsFRST64.exe
2014-07-15 15:11 - 2014-07-15 15:11 - 01076736 _____ (Farbar) C:UsersUserDownloadsFRST.exe
2014-07-15 13:54 - 2014-07-15 13:55 - 04812672 _____ (Piriform Ltd) C:UsersUserDownloadsccsetup415.exe
2014-07-15 12:53 - 2014-07-15 13:17 - 00000000 ____D () C:Program Files (x86)Steam
2014-07-15 12:53 - 2014-07-15 12:53 - 01141680 _____ () C:UsersUserDownloadsSteamSetup.exe
2014-07-15 12:53 - 2014-07-15 12:53 - 00000967 _____ () C:UsersPublicDesktopSteam.lnk
2014-07-15 12:53 - 2014-07-15 12:53 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsSteam
2014-06-21 21:16 - 2014-06-21 21:33 - 00000000 ____D () C:UsersUserDesktopsvatba 18.05.2014
2014-06-18 22:54 - 2014-06-18 22:54 - 00033517 _____ () C:UsersUserDownloadsTwo.and.a.Half.Men.Season.06.480p.WEB-DL.XviD.BGAUDiO.torrent
2014-06-15 22:53 - 2014-06-15 22:53 - 00015724 _____ () C:UsersUserDownloads21.Jump.Street.2012.HDRip.XviD.BGAUDiO-SiSO.torrent

==================== One Month Modified Files and Folders =======

2014-07-15 15:19 - 2014-07-15 15:18 - 00018156 _____ () C:UsersUserDownloadsFRST.txt
2014-07-15 15:18 - 2014-07-15 15:12 - 00000000 ____D () C:FRST
2014-07-15 15:12 - 2014-07-15 15:11 - 02086912 _____ (Farbar) C:UsersUserDownloadsFRST64.exe
2014-07-15 15:11 - 2014-07-15 15:11 - 01076736 _____ (Farbar) C:UsersUserDownloadsFRST.exe
2014-07-15 14:59 - 2012-06-04 18:54 - 00000994 _____ () C:WindowsTasksGoogleUpdateTaskMachineUA.job
2014-07-15 14:38 - 2011-11-19 12:48 - 00000000 ____D () C:UsersUserAppDataRoamingMedia Player Classic
2014-07-15 14:38 - 2011-10-10 15:32 - 00000000 ____D () C:UsersUserAppDataRoaminguTorrent
2014-07-15 14:29 - 2012-06-04 18:54 - 00000830 _____ () C:WindowsTasksAdobe Flash Player Updater.job
2014-07-15 14:21 - 2011-10-10 11:58 - 01579394 ____N () C:WindowsWindowsUpdate.log
2014-07-15 14:05 - 2014-06-05 11:57 - 00000000 ____D () C:WindowsMinidump
2014-07-15 13:55 - 2014-07-15 13:54 - 04812672 _____ (Piriform Ltd) C:UsersUserDownloadsccsetup415.exe
2014-07-15 13:55 - 2014-02-09 11:18 - 00000822 _____ () C:UsersPublicDesktopCCleaner.lnk
2014-07-15 13:55 - 2014-02-09 11:18 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsCCleaner
2014-07-15 13:55 - 2014-02-09 11:18 - 00000000 ____D () C:Program FilesCCleaner
2014-07-15 13:38 - 2011-10-28 08:30 - 00000000 ____D () C:UsersUserAppDataRoamingSkype
2014-07-15 13:17 - 2014-07-15 12:53 - 00000000 ____D () C:Program Files (x86)Steam
2014-07-15 12:53 - 2014-07-15 12:53 - 01141680 _____ () C:UsersUserDownloadsSteamSetup.exe
2014-07-15 12:53 - 2014-07-15 12:53 - 00000967 _____ () C:UsersPublicDesktopSteam.lnk
2014-07-15 12:53 - 2014-07-15 12:53 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsSteam
2014-07-15 12:45 - 2009-07-14 07:45 - 00021280 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-15 12:45 - 2009-07-14 07:45 - 00021280 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-15 12:38 - 2012-06-04 18:54 - 00000990 _____ () C:WindowsTasksGoogleUpdateTaskMachineCore.job
2014-07-15 12:38 - 2009-07-14 08:08 - 00000006 ____H () C:WindowsTasksSA.DAT
2014-07-13 14:28 - 2012-06-04 18:54 - 00699056 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerApp.exe
2014-07-13 14:28 - 2012-06-04 18:54 - 00003768 _____ () C:WindowsSystem32TasksAdobe Flash Player Updater
2014-07-13 14:28 - 2011-10-10 15:25 - 00071344 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerCPLApp.cpl
2014-07-09 21:38 - 2011-10-10 15:42 - 00000000 ____D () C:UsersUserDocumentsBluetooth Folder
2014-06-21 21:33 - 2014-06-21 21:16 - 00000000 ____D () C:UsersUserDesktopsvatba 18.05.2014
2014-06-20 21:54 - 2012-06-04 18:54 - 00003990 _____ () C:WindowsSystem32TasksGoogleUpdateTaskMachineUA
2014-06-20 21:54 - 2012-06-04 18:54 - 00003738 _____ () C:WindowsSystem32TasksGoogleUpdateTaskMachineCore
2014-06-18 22:54 - 2014-06-18 22:54 - 00033517 _____ () C:UsersUserDownloadsTwo.and.a.Half.Men.Season.06.480p.WEB-DL.XviD.BGAUDiO.torrent
2014-06-15 22:53 - 2014-06-15 22:53 - 00015724 _____ () C:UsersUserDownloads21.Jump.Street.2012.HDRip.XviD.BGAUDiO-SiSO.torrent

Files to move or delete:
====================
C:UsersWindowsglynnh.dll
C:UsersWindowsglynnharr.exe


==================== Bamital & volsnap Check =================

C:WindowsSystem32winlogon.exe => File is digitally signed
C:WindowsSystem32wininit.exe => File is digitally signed
C:WindowsSysWOW64wininit.exe => File is digitally signed
C:Windowsexplorer.exe => File is digitally signed
C:WindowsSysWOW64explorer.exe => File is digitally signed
C:WindowsSystem32svchost.exe => File is digitally signed
C:WindowsSysWOW64svchost.exe => File is digitally signed
C:WindowsSystem32services.exe => File is digitally signed
C:WindowsSystem32User32.dll => File is digitally signed
C:WindowsSysWOW64User32.dll => File is digitally signed
C:WindowsSystem32userinit.exe => File is digitally signed
C:WindowsSysWOW64userinit.exe => File is digitally signed
C:WindowsSystem32rpcss.dll => File is digitally signed
C:WindowsSystem32Driversvolsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 09:42

==================== End Of Log ============================

и Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2014 01


Ran by User at 2014-07-15 15:21:57
Running from C:UsersUserDownloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AntiVir Desktop (Enabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Enabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

==================== Installed Programs ======================

µTorrent (HKLM-x32...uTorrent) (Version: 2.0.1 - )
50 FREE MP3s +1 Free Audiobook! (HKLM-x32...eMusic Promotion) (Version: 1.0.0.1 - eMusic.com Inc)
7-Zip 9.20 (HKLM-x32...7-Zip) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM-x32...Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32...Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Bulgarian (HKLM-x32...{AC76BA86-7AD7-1026-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32...Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
AMCap (HKLM-x32...AMCap) (Version: 9.20.132.2 - Noлl Danjou)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0705.1115.18310 - AMD) Hidden
AMD Media Foundation Decoders (Version: 1.0.60705.1113 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0705.1115.18310 - ATI) Hidden
Atheros Driver Installation Program (HKLM-x32...{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM...{6153098B-60DB-6A9F-EA0F-B006A96B57D5}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avira AntiVir Personal - Free Antivirus (HKLM-x32...Avira AntiVir Desktop) (Version: 10.2.0.2100 - Avira GmbH)
Bluetooth Win7 Suite (64) (HKLM...{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.80 - Име на компания)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0705.1115.18310 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0705.1115.18310 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0705.1115.18310 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help English (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help French (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help German (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
ccc-utility64 (Version: 2011.0705.1115.18310 - ATI) Hidden
CCleaner (HKLM...CCleaner) (Version: 4.15 - Piriform)
Cheat Engine 6.1 (HKLM-x32...Cheat Engine 6.1_is1) (Version:  - Dark Byte)
Cisco EAP-FAST Module (HKLM-x32...{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32...{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32...{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32...{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
Core Temp 1.0 RC6 (HKLM...{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
DAEMON Tools Lite (HKLM-x32...DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
Driver Genius Professional Edition (HKLM-x32...Driver Genius Professional Edition_is1) (Version: 11.0 - Driver-Soft Inc.)
FlatOut2, версия 1.2 (HKLM-x32...{341E5808-6884-4989-A0AD-34A5D58812CC}_is1) (Version: 1.2 - Zerstoren)
Free Opener (HKLM...{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.4 - EZ Freeware)
GameSpy Arcade (HKLM-x32...GameSpy Arcade) (Version:  - )
Google Chrome (HKLM-x32...Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32...{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Graffiti Studio 2.0 (HKLM-x32...Graffiti Studio 2.0_is1) (Version:  - Less Rain)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Support Assistant (HKLM-x32...{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
Icy Tower v1.3.1 (HKLM-x32...Icy Tower v1.3.1_is1) (Version:  - Free Lunch Design)
Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java 7 Update 5 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32...{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32...KLiteCodecPack_is1) (Version: 7.0.0 - )
Microsoft .NET Framework 4.5 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32...{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32...{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM...{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32...{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32...{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 bg) (HKLM-x32...Mozilla Firefox 30.0 (x86 bg)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32...MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
OMFGZ Infinite Dll Injector (C:Program Files (x86)OMFGZ Infinite Dll Injector) (HKLM-x32...ST6UNST #2) (Version:  - )
OMFGZ Infinite Dll Injector (HKLM-x32...ST6UNST #1) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek)
Realtek PCIE Card Reader (HKLM-x32...{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Retrogamer (HKLM-x32...Retrogamer_2zbar Uninstall) (Version:  - Retrogamer)
SAMSUNG USB Driver for Mobile Phones (HKLM...{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
Singles2 (HKLM-x32...{F4851D03-553C-4ACE-ADBD-CA6BE8451072}) (Version: 2.00.000 - Deep Silver)
Skype Click to Call (HKLM-x32...{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype Launcher (HKLM-x32...{82799854-39DF-4EC3-8778-918CE0C81A3F}_is1) (Version: 1.6.3 - binaerkombinat)
Skype™ 6.16 (HKLM-x32...{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32...SpeedFan) (Version:  - )
Steam (HKLM-x32...Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM...SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
TeamExtreme Minecraft Installer 1.00 (HKLM-x32...TeamExtreme Minecraft Installer 1.00) (Version:  - )
Test Drive Unlimited 2 (HKLM-x32...Test Drive Unlimited 2_is1) (Version:  - Atari)
U2bviews Software (HKLM-x32...{FEAF4197-BC22-467A-994A-B72E74DF57E2}) (Version: 2.0.0 - U2bviews)
VIVACOM 3G USB Modem (HKLM-x32...VIVACOM 3G USB Modem) (Version: 21.005.11.02.738 - Huawei Technologies Co.,Ltd)
VLC media player 2.0.5 (HKLM-x32...VLC media player) (Version: 2.0.5 - VideoLAN)
Winamp (HKLM-x32...Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU...Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinSnap (HKLM-x32...WinSnap) (Version: 4.0.5 - NTWind Software)
Архиватор WinRAR (HKLM...WinRAR archiver) (Version:  - )

==================== Restore Points  =========================

30-06-2014 18:19:58 Планирана контролна точка

==================== Hosts content: ==========================

2009-07-14 05:34 - 2013-07-02 13:32 - 00253320 ____A C:Windowssystem32Driversetchosts
127.0.0.1 www.ntdlzone.com # hosts anti-adware / pups
127.0.0.1 cdn.riceateastcach.us # hosts anti-adware / pups
127.0.0.1 vzapp.iminent.com # hosts anti-adware / pups
127.0.0.1 www.mille-logiciels.com # hosts anti-adware / pups
127.0.0.1 www.my-movie-player.com # hosts anti-adware / pups
127.0.0.1 www.cool-applications.com # hosts anti-adware / pups
127.0.0.1 cdnus.coolflvplayer.com # hosts anti-adware / pups
127.0.0.1 cdneu.coolflvplayer.com # hosts anti-adware / pups
127.0.0.1 tracking.toroadvertising.com # hosts anti-adware / pups
127.0.0.1 www.onlineaway.net # hosts anti-adware / pups
127.0.0.1 www.getyourplayer.com # hosts anti-adware / pups
127.0.0.1 downloadcdn.betterinstaller.com # hosts anti-adware / pups
127.0.0.1 dlp.latestplayerplugin.com # hosts anti-adware / pups
127.0.0.1 www.ooopsvideo.com # hosts anti-adware / pups
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {29D5D165-57BD-421C-B025-7A0B49044AAF} - System32TasksHewlett-PackardHP Support AssistantHP Support Assistant Quick Start => C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {373AAD86-41DC-49FD-8111-4ECD31618899} - System32TasksScheduled Update for Ask Toolbar => C:Program Files (x86)Ask.comUpdateTask.exe <==== ATTENTION
Task: {3866DE98-D79D-4856-A5C0-23B8E50B0D56} - System32TasksAdobe Flash Player Updater => C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2014-07-13] (Adobe Systems Incorporated)
Task: {44C71EDE-0688-4192-B321-EA5CE85A7E1D} - System32Tasks{ABA0730A-5AD6-42A6-8971-4B9FE909DBD8} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain
Task: {4A1C3899-C0D1-4A5F-B23C-77F44D758219} - System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2012-06-04] (Google Inc.)
Task: {5BFC075E-907F-4007-9FD7-BAE40D851963} - System32Tasks{FB679D82-8398-4584-AE69-512CD84EC003} => Firefox.exe http://ui.skype.com/ui/0/5.5.0.124/en/abandoninstall?page=tsPlugin&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {6C4068DE-A09A-4B48-8323-188FC8C3F78D} - System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2012-06-04] (Google Inc.)
Task: {863AC166-C39C-464B-A3AA-C107B11D3F6A} - System32Tasks{3926FCA7-DFDB-45CF-AF67-31EFD7B1C58D} => C:Program Files (x86)SkypePhoneSkype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {9F3FE443-D9DA-4EB2-A142-FD9C932B9D53} - System32Tasks{4D0426D5-9EB8-4DB8-9747-89D20EDC9748} => Firefox.exe http://ui.skype.com/ui/0/6.0.0.126/en/abandoninstall?page=tsMain
Task: {A4EACA0F-26FF-4713-A7DF-1578F6A27A2C} - System32TasksCCleanerSkipUAC => C:Program FilesCCleanerCCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {A9B5CAD4-EB11-4098-82B2-29188D472B50} - System32TasksHewlett-PackardHP Support AssistantUpdate Check => C:ProgramDataHewlett-PackardHP Support FrameworkResourcesUpdater7HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {E9B80B20-E421-424C-AA2D-F3F91F1990B4} - System32TasksEPUpdater => C:UsersUserAppDataRoamingBABSOL~1SharedBabMaint.exe <==== ATTENTION
Task: {FE77FDE8-A6AD-40C9-AE88-A86ACB52A474} - System32Tasks{C975EA2B-5F24-4B53-986A-277C6DFE6A6B} => Firefox.exe http://ui.skype.com/ui/0/6.1.0.129.272/bg/abandoninstall?page=tsProgressBar
Task: C:WindowsTasksAdobe Flash Player Updater.job => C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
Task: C:WindowsTasksGoogleUpdateTaskMachineCore.job => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
Task: C:WindowsTasksGoogleUpdateTaskMachineUA.job => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-10-10 15:20 - 2009-12-01 12:07 - 00166400 _____ () C:Program FilesWinRARrarext.dll
2011-07-05 11:27 - 2011-07-05 11:27 - 00073728 _____ () c:Program FilesATI TechnologiesATI.ACEFuelFuel.Container.Wlan.dll
2011-03-14 18:27 - 2011-03-14 18:27 - 00346976 _____ () C:ProgramDataDatacardServiceHWDeviceService64.exe
2011-10-17 19:14 - 2011-10-17 19:13 - 00246112 _____ () C:ProgramDataVIVACOM 3G USB ModemOnlineUpdateouc.exe
2011-07-05 11:27 - 2011-07-05 11:27 - 00103424 _____ () c:Program FilesATI TechnologiesATI.ACEFuelFuel.Proxy.Native.dll
2011-07-05 11:13 - 2011-07-05 11:13 - 00243712 _____ () C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 13:42 - 2011-06-17 13:42 - 00016384 _____ () c:Program Files (x86)ATI TechnologiesATI.ACEBrandingBranding.dll
2011-10-10 15:21 - 2011-07-20 16:40 - 00355688 _____ () C:Program Files (x86)AviraAntiVir Desktopsqlite3.dll
2011-10-17 19:14 - 2011-10-17 19:13 - 00011362 _____ () C:ProgramDataVIVACOM 3G USB ModemOnlineUpdatemingwm10.dll
2011-10-17 19:14 - 2011-10-17 19:13 - 00043008 _____ () C:ProgramDataVIVACOM 3G USB ModemOnlineUpdatelibgcc_s_dw2-1.dll
2011-10-17 19:14 - 2011-10-17 19:13 - 02415104 _____ () C:ProgramDataVIVACOM 3G USB ModemOnlineUpdateQtCore4.dll
2011-10-17 19:14 - 2011-10-17 19:13 - 01148416 _____ () C:ProgramDataVIVACOM 3G USB ModemOnlineUpdateQtNetwork4.dll
2011-10-17 19:14 - 2011-10-17 19:13 - 00384512 _____ () C:ProgramDataVIVACOM 3G USB ModemOnlineUpdateQueryStrategy.dll
2011-10-17 19:14 - 2011-10-17 19:13 - 00398336 _____ () C:ProgramDataVIVACOM 3G USB ModemOnlineUpdateQtXml4.dll
2014-07-15 12:55 - 2014-07-12 03:53 - 01116672 _____ () C:Program Files (x86)Steamlibavcodec-55.dll
2014-07-15 12:55 - 2014-07-12 03:53 - 00438784 _____ () C:Program Files (x86)Steamlibavutil-53.dll
2014-07-15 12:55 - 2014-07-12 03:53 - 00399360 _____ () C:Program Files (x86)Steamlibavformat-55.dll
2014-07-15 12:55 - 2014-07-12 03:53 - 00331264 _____ () C:Program Files (x86)Steamlibavresample-1.dll
2014-07-15 12:55 - 2014-06-27 01:40 - 00764416 _____ () C:Program Files (x86)SteamSDL2.dll
2014-07-15 12:55 - 2014-07-12 03:53 - 02139328 _____ () C:Program Files (x86)Steamvideo.dll
2014-07-15 12:55 - 2014-04-29 03:37 - 00519168 _____ () C:Program Files (x86)Steamlibswscale-2.dll
2014-07-15 12:55 - 2014-07-12 03:53 - 01116864 _____ () C:Program Files (x86)Steambinchromehtml.DLL
2014-07-15 12:55 - 2014-05-02 02:35 - 20628160 _____ () C:Program Files (x86)Steambinlibcef.dll
2014-06-10 20:02 - 2014-06-10 20:02 - 03852912 _____ () C:Program Files (x86)Mozilla Firefoxmozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Bluetooth периферно устройство
Description: Bluetooth периферно устройство
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth периферно устройство
Description: Bluetooth периферно устройство
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2014 00:39:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2014 02:05:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2014 00:45:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2014 01:43:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2014 01:32:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/11/2014 09:31:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2014 05:05:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2014 11:08:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2014 10:12:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2014 09:38:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/15/2014 03:20:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Windows Error Reporting Service да се свърже.

Error: (07/15/2014 02:37:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Windows Error Reporting Service да се свърже.

Error: (07/15/2014 02:37:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Windows Error Reporting Service да се свърже.

Error: (07/15/2014 00:47:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Windows Error Reporting Service да се свърже.

Error: (07/15/2014 00:38:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Неуспешно зареждане на следния драйвер, който се активира с включване на компютъра или стартиране на системата:
sfdrv01

Error: (07/15/2014 00:38:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Услуга VIVACOM 3G USB Modem. OUC не може да бъде стартирана поради следната грешка:
%%1053

Error: (07/15/2014 00:38:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга VIVACOM 3G USB Modem. OUC да се свърже.

Error: (07/15/2014 00:37:56 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Driver sfdrv01.sys has been blocked from loading.

Error: (07/13/2014 02:42:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/13/2014 02:09:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Windows Error Reporting Service да се свърже.


Microsoft Office Sessions:
=========================
Error: (07/15/2014 00:39:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2014 02:05:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2014 00:45:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2014 01:43:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2014 01:32:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/11/2014 09:31:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2014 05:05:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2014 11:08:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2014 10:12:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2014 09:38:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2012-08-27 00:28:27.154
  Description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem32driverssfvfs02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-27 00:28:27.142
  Description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem32driverssfvfs02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-27 00:27:51.041
  Description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem32driverssfvfs02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-27 00:27:51.025
  Description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2WindowsSystem32driverssfvfs02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-26 15:35:55.595
  Description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2UsersWindowsglynnharr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-26 15:35:55.595
  Description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2UsersWindowsglynnharr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-26 15:16:33.284
  Description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2UsersWindowsglynnharr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-26 15:16:33.269
  Description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2UsersWindowsglynnharr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-11 13:48:08.758
  Description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2UsersWindowsglynnharr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-11 13:48:08.742
  Description: Windows is unable to verify the image integrity of the file DeviceHarddiskVolume2UsersWindowsglynnharr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 3834.9 MB
Available physical RAM: 2053.34 MB
Total Pagefile: 7668 MB
Available Pagefile: 5437.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:68.36 GB) (Free:20.95 GB) NTFS
Drive d: (Локален диск) (Fixed) (Total:215.27 GB) (Free:203.44 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive h: (RECOVERY) (Fixed) (Total:14.16 GB) (Free:1.55 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 42DDF839)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=199 MB) - (Type=42)
Partition 3: (Not Active) - (Size=68 GB) - (Type=42)
Partition 4: (Not Active) - (Size=230 GB) - (Type=42)

==================== End Of Log ============================

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..! Публикувано изображение

 

Публикувано изображение Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

 

Деинсталирайте следния софтуер по стандартния начин:

 

 

Retrogamer (HKLM-x32...Retrogamer_2zbar Uninstall) (Version:  - Retrogamer)

 

 

След това:

 

СТЪПКА 1:

 

 

Публикувано изображениеМоля, изтеглете и стартирайте програмата AdwCleaner(by Xplode):

  • [*]Затворете всички стартирани програми и браузъри [*]Кликнете два пъти върху
adwcleaner.exe за да стартирате инструмента. [*]Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени. [*]Маркирайте Clean [*]Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта. [*]Моля, да публикувате съдържанието на този лог в отговора си [*]Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

 

СТЪПКА 2:

 

 

 

Публикувано изображение Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • [*]Спрете временно работата на защитните програми. [*]Стартирайте инструмента
JRT.exe [*]Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата. [*]Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши. [*]Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt). [*]Моля копирайте съдържанието на лог файла в следващия си пост.

Публикувано изображение

 

 

СТЪПКА 3:

 

Публикувано изображение  Моля, изтеглете Malwarebytes Anti -Malware и го запомнете на вашия работен плот .
  Кликнете два пъти върху mbam-setup-consumer-2.0.0.1000.exe и следвайте инструкциите, за да инсталирате програмата .
  В краяна инсатлацията  , трябва да има отметка на следното :

  • [*]Launch Malwarebytes Anti-Malware (Стартиране на Malwarebytes Anti -Malware) [*]14-дневен пробен период  е предварително избран . Можете да премахнете отметката от това, ако желаете, това няма да се ограничи възможностите за сканиране и премахване на програмата.

Щракнете върху Finish.

  • [*]В секцията
Settings = > Detection and Protection => Detection Options, се поставя отметка в квадратчето 'Scan for rootkits'. [*]В главния прозорец на програмата , щракнете върху 'Update Now' [*]След актуализацията завърши, кликнете на бутона " 'Scan Now  " . [*]Ако има налична актуализация , щракнете върху бутона Update Now button . [*]Ще стартира Threat Scan. [*]Когато сканирането приключи, ако има някакви открити зарази , щракнете върху Apply Actions за да се позволи на Mbam да почисти засеченото. . [*]В повечето случаи , ще се изиска рестартиране [*]   След рестарта ,стартирайте Mbam още веднъж. [*]   Кликнете на History tab > Application Logs . [*]   Кликнете два пъти върху реда , който показва датата и часа на сканирането . [*]   Кликнете върху " Copy да Clipboard " [*]   Поставете  съдържанието на клипборда в следващия си  отговор.

 

 

СТЪПКА 4:

 

Публикувано изображениеИзтеглете RogueKiller и го запазете на десктопа.
Забележка: Трябва да изтеглите версия съвместима с вашата система.

  1. [*]
RogueKiller.exe [*]RogueKillerX64.exe

  • [*]Моля,затворете всички стартирани програми [*]Моля, изключете USB или външни дискове от компютъра, преди да стартирате това сканиране [*]Стартирайте
RogueKiller.exe , изчакайте, докато Prescan приключи  и натиснете бутона SCAN. [*]Ще се създаде лог файл на десктопа с името RKreport.txt . [*]Публикувайте лог файла в следващия си пост.

 

 

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте отново..! Доста неща са поизчистени..!

 

 

Публикувано изображение

  • [*]Отворете
следния сайт и изтеглете RKill.exe и ги запазете на вашия десктоп. [*]Стартирате програмата с двоен клик върху файла и изчакайте търпеливо. [*]След приключване на проверката ще се генерира лог файл с извършените процедури. [*]Прикачете лог файла в следващия си пост.

 

 

  • [*]Стартирайте
RogueKiller.exe , изчакайте, докато Prescan приключи. [*]Натиснете таб Hosts и след това бутона Fix Hosts

Публикувано изображение

 

 

След това пишете има ли някаква промяна..!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Лог от RKill

Rkill 2.6.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/Copyright 2008-2014 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.htmlProgram started at: 07/16/2014 10:49:36 PM in x64 mode.Windows Version: Windows 7 Ultimate Service Pack 3Checking for Windows services to stop: * No malware services found to stop.Checking for processes to terminate: * No malware processes found to kill.Checking Registry for malware related settings: * No issues found in the Registry.Resetting .EXE, .COM, & .BAT associations in the Windows Registry.Performing miscellaneous checks: * No issues found.Checking Windows Service Integrity: * No issues found.Searching for Missing Digital Signatures: * No issues found.Checking HOSTS File: * HOSTS file entries found:  127.0.0.1 www.ntdlzone.com # hosts anti-adware / pups  127.0.0.1 cdn.riceateastcach.us # hosts anti-adware / pups  127.0.0.1 vzapp.iminent.com # hosts anti-adware / pups  127.0.0.1 www.mille-logiciels.com # hosts anti-adware / pups  127.0.0.1 www.my-movie-player.com # hosts anti-adware / pups  127.0.0.1 www.cool-applications.com # hosts anti-adware / pups  127.0.0.1 cdnus.coolflvplayer.com # hosts anti-adware / pups  127.0.0.1 cdneu.coolflvplayer.com # hosts anti-adware / pups  127.0.0.1 tracking.toroadvertising.com # hosts anti-adware / pups  127.0.0.1 www.onlineaway.net # hosts anti-adware / pups  127.0.0.1 www.getyourplayer.com # hosts anti-adware / pups  127.0.0.1 downloadcdn.betterinstaller.com # hosts anti-adware / pups  127.0.0.1 dlp.latestplayerplugin.com # hosts anti-adware / pups  127.0.0.1 www.ooopsvideo.com # hosts anti-adware / pups  127.0.0.1 08sr.combineads.info # hosts anti-adware / pups  127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups  127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups  127.0.0.1 2010-fr.com # hosts anti-adware / pups  127.0.0.1 2012-new.biz # hosts anti-adware / pups  127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups  20 out of 4208 HOSTS entries shown.  Please review HOSTS file for further entries.Program finished at: 07/16/2014 10:51:21 PMExecution time: 0 hours(s), 1 minute(s), and 44 seconds(s)

По-късно ще пиша и как се държи лаптопа.


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход


  • Подобни теми

    • от bobivg
      Здравейте, от известно време ми направи впечатление, че след като изгасне монитора (не се ползва компютъра) се увеличават оборотите на вентилатора на процесора. Проблема изчезва веднага след като размърдам мишката. Предположих, че имам някакъв миньор и от предходните теми за подобен проблем качих и сканирах с Malwarebytes, който не откри нищо. Сканирах с free версията (с крака не можах да се оправя).
      Прилагам снимки от Resoursce Monitor и Task Manager. Aко е необходима повече информация казвайте.  
      Предварително благодаря за помощта.
      п.п Шума със сигурност е вентилатора на процесора, защото до скоро нямах видео карта и звученето си го познавам добре.
      п.п. 2  Farbar Recovery Scan Tool  FRST.txt и Addition.txt
       

    • от Emilyr
      Здравейте, не знам дали темата е в правилния раздел, просто съм нова в сайта,  съжалявам ако нещо не е както трябва..  Преди малко получих известие от антивирусната ми система, че е блокиран вирус на име 64win malware-gen.. Който е преместен в "затвора за вируси" Какво трябва да предприема, това опасен вирус ли е... Не разбирам от компютри, и не знам как да постъпя, пък ме е страх и за информацията на лаптопа ми. Моля ви дайте ми съвет какво да направя или не трябва да предприемам действия.. Страх ме е да няма и други вируси, защото отдолу на снимката не се вижда добре, но пише че "може да се спотайват и още други заплахи ".   Ще приложа и снимка на съобщението от антивирусната система.. Благодаря Ви предварително..
      Пс:съжалявам за лошото качество на снимката, но трябваше да намалявам размерите й, защото иначе не можех да я кача..

    • от Studenta
      Здравейте, от доста време насам браузъра ми е заразен с някаква руска търсачка. Пробвал съм да трия браузъра да променям настройките да премахвам всички добавки но без успех. Мисля,че с тоя боклук вървят в с още 2 с нея. Когато съм изгасил браузъра и си играя някоя игра примерно изведнъж ми се отваря някакъв шибан руски сайт asap.ru нещо подобно. 
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
      Ran by ASUS (administrator) on ASUS-PC (30-12-2017 20:36:37)
      Running from C:\Users\ASUS\Downloads
      Loaded Profiles: ASUS & UpdatusUser (Available Profiles: ASUS & UpdatusUser)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
      Internet Explorer Version 9 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
      (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
      (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
      (Microsoft Corporation) C:\Windows\System32\wlanext.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
      () C:\Users\ASUS\AppData\Local\Facebook\Games\FacebookGames.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
      (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
      (Atheros) C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
      () C:\Windows\Microsoft\svchost.exe
      (The CefSharp Authors) C:\Users\ASUS\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-20] (Intel Corporation)
      Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-15] (Sandboxie Holdings, LLC)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [vyrtapcchc] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526" <==== ATTENTION
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [57446848 2017-12-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\MountPoints2: {7e52b7ab-80b8-11e5-abf8-ac220bd789b4} - G:\Install.exe
      AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-07-08] (NVIDIA Corporation)
      AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-07-08] (NVIDIA Corporation)
      Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Games Arcade (BETA).lnk [2016-09-19]
      ShortcutTarget: Facebook Games Arcade (BETA).lnk -> C:\Users\ASUS\AppData\Local\Facebook\Games\FacebookGames.exe ()
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      GroupPolicy\User: Restriction <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 77.76.144.10
      Tcpip\..\Interfaces\{18B97A15-4C37-40AB-8ABC-148924326CD0}: [NameServer] 8.8.8.8,8.8.4.4
      Tcpip\..\Interfaces\{18B97A15-4C37-40AB-8ABC-148924326CD0}: [DhcpNameServer] 77.76.144.10
      Tcpip\..\Interfaces\{7B128963-1D6F-410F-B447-36004838DDB1}: [DhcpNameServer] 10.0.0.13
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BA4B52271-83DE-44E1-91D2-F540224D09C8%7D&gp=811014
      BHO-x32: Searchgo Class -> {598AEFC6-DD3C-4A63-9AC3-53FCF6155931} -> C:\Users\ASUS\AppData\LocalLow\SearchGo\searchgo.dll [2017-12-30] (Searchgo)
      BHO-x32: Поиск@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\ASUS\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-05-26] (Mail.Ru)
      Toolbar: HKLM-x32 - Searchgo - {2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC} - C:\Users\ASUS\AppData\LocalLow\SearchGo\searchgo.dll [2017-12-30] (Searchgo)
      FireFox:
      ========
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-30] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-30] ()
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin HKU\S-1-5-21-3540903787-1263480670-1707380032-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ASUS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
      Chrome: 
      =======
      CHR HomePage: Default -> mail.ru
      CHR StartupUrls: Default -> "hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526"
      CHR NewTab: Default ->  Not-active:"chrome-extension://nagnmfhgkjkplbhplkbicmpkfopmnefp/newtab.html"
      CHR DefaultSearchURL: Default -> hxxp://go-search.ru/search?q={searchTerms}
      CHR DefaultSearchKeyword: Default -> GoSearch
      CHR DefaultSuggestURL: Default -> hxxp://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}
      CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default [2017-12-30]
      CHR Extension: (Презентации) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Документи) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Диск) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-01]
      CHR Extension: (YouTube) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-01]
      CHR Extension: (Chrome Cleaner Pro) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2017-11-12]
      CHR Extension: (Save Tabs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjepfldodmdfmdidhhgamnklbdibndi [2017-11-05]
      CHR Extension: (Таблици) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Документи офлайн) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-01]
      CHR Extension: (Skype) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-30]
      CHR Extension: (Microcosm - New Tab) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nagnmfhgkjkplbhplkbicmpkfopmnefp [2017-11-05]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
      CHR Extension: (Gmail) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-01]
      CHR Extension: (Chrome Media Router) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
      CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-12]
      CHR Extension: (No Name) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-08-25]
      CHR HKLM-x32\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lbjjfiihgfegniolckphpnfaokdkbmdm] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [nagnmfhgkjkplbhplkbicmpkfopmnefp] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-15] (Sandboxie Holdings, LLC)
      R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
      R2 SvcHost Service Host; C:\Windows\Microsoft\svchost.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-11-01] (DT Soft Ltd)
      R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-15] (Sandboxie Holdings, LLC)
      S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
      S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] (Microsoft Corporation)
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-30 20:36 - 2017-12-30 20:37 - 000014515 _____ C:\Users\ASUS\Downloads\FRST.txt
      2017-12-30 20:36 - 2017-12-30 20:36 - 000000000 ____D C:\FRST
      2017-12-30 20:35 - 2017-12-30 20:35 - 002391552 _____ (Farbar) C:\Users\ASUS\Downloads\FRST64.exe
      2017-12-30 19:58 - 2017-12-30 20:04 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
      2017-12-30 19:58 - 2017-12-30 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-30 20:15 - 2016-03-17 20:38 - 000000000 ___RD C:\Users\ASUS\Desktop\Снимки
      2017-12-30 20:05 - 2016-05-26 03:40 - 000000000 ____D C:\Users\ASUS\AppData\LocalLow\SearchGo
      2017-12-30 20:05 - 2016-05-26 03:40 - 000000000 ____D C:\Users\ASUS\AppData\Local\SearchGo
      2017-12-30 20:03 - 2017-07-09 14:45 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-30 20:03 - 2016-05-26 03:39 - 000000000 ____D C:\Users\ASUS\AppData\Local\PowerMonitor
      2017-12-30 20:02 - 2009-07-14 07:13 - 000782154 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-12-30 20:02 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2017-12-30 20:00 - 2015-11-01 19:02 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-30 20:00 - 2015-11-01 19:02 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-30 20:00 - 2015-11-01 19:02 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-30 20:00 - 2015-11-01 19:02 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-30 20:00 - 2015-11-01 19:02 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-30 19:57 - 2017-03-06 20:25 - 000000000 ___RD C:\Program Files (x86)\Skype
      2017-12-30 19:57 - 2015-11-01 18:59 - 000000000 ____D C:\ProgramData\Skype
      2017-12-30 19:55 - 2016-04-06 12:07 - 000001382 _____ C:\Windows\Sandboxie.ini
      2017-12-30 19:54 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-11-30 12:07 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-11-30 12:07 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-11-30 05:25 - 2015-11-01 18:59 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Skype
      ==================== Files in the root of some directories =======
      2016-03-30 13:19 - 2016-03-30 13:19 - 000000036 _____ () C:\Users\ASUS\AppData\Local\housecall.guid.cache
      2016-07-12 22:16 - 2016-07-12 22:16 - 000004096 ____H () C:\Users\ASUS\AppData\Local\keyfile3.drm
      Some files in TEMP:
      ====================
      2017-11-24 23:55 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\113.tmp.exe
      2017-11-25 00:04 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\1214.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\1B95.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\1C50.tmp.exe
      2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\27E4.tmp.exe
      2017-11-12 15:44 - 2017-11-12 11:13 - 000775168 ____N (PhoneLine SOFT Inc) C:\Users\ASUS\AppData\Local\Temp\28DE.tmp.exe
      2017-11-17 01:08 - 2017-11-16 23:36 - 000807912 _____ () C:\Users\ASUS\AppData\Local\Temp\2AE7.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\2B1F.tmp.exe
      2017-11-25 00:04 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\2E2B.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\30E9.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\31B4.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3212.tmp.exe
      2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3443.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\34A1.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3665.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3B45.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C01.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C3F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C4F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3CAC.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3CCB.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\4DCC.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\4EB6.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5403.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5480.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5885.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5D75.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E6F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E7E.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E8E.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5EFB.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\62A3.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\67A2.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\6A8F.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\727B.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7327.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7420.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7568.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7F37.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\8F4E.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\949B.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\9EC8.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A129.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A5BB.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A934.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\AA4D.tmp.exe
      2017-11-27 07:14 - 2017-11-27 01:56 - 000930776 ____N () C:\Users\ASUS\AppData\Local\Temp\B082.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\BF81.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\C184.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\C1D2.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\C838.tmp.exe
      2017-11-18 14:23 - 2017-11-18 13:59 - 000803816 _____ () C:\Users\ASUS\AppData\Local\Temp\CA7F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CD09.tmp.exe
      2017-11-18 14:23 - 2017-11-18 13:59 - 000803816 _____ () C:\Users\ASUS\AppData\Local\Temp\CD7B.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CDD4.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CF4A.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CFD6.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\D275.tmp.exe
      2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\DB8A.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\DFCE.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\E05A.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\E662.tmp.exe
      2017-11-17 01:08 - 2017-11-16 23:36 - 000807912 _____ () C:\Users\ASUS\AppData\Local\Temp\EDF7.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\F512.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\F6D6.tmp.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe
      [2010-11-21 05:24] - [2011-01-16 02:01] - 000389632 _____ (Microsoft Corporation) 81257415084B84F3C0D95C381A8D4C8F
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll
      [2010-11-21 05:24] - [2011-01-16 02:01] - 001008640 _____ (Microsoft Corporation) 0B864E15A0BADFF0E7BB8B59009FDDCF
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-11-19 01:44
      ==================== End of FRST.txt ============================
       

      Addition.txt
    • от Technokom Plovdiv
      Ето събщението, което получава всеки изпратил имейл до нас:
      This message was created automatically by mail delivery software.
      A message that you sent has not yet been delivered to one or more of its recipients after more than 24 hours on the queue on hemus.superhosting.bg.
       
       
      The message identifier is:     1eJa1Z-003lh9-9Y
      The subject of the message is: =?utf-8?B?Rlc6INC80LDQvdC+0LzQtdGC0YrRgA==?=
      The date of the message is:    Tue, 28 Nov 2017 09:09:44 +0200
       
       
      The address to which the message has not yet been delivered is:
       
       
        henryresult111@gmail.com
          (ultimately generated from xxxxxxx@xxxxxxxx.bg)
          host alt4.gmail-smtp-in.l.google.com [74.125.28.27]
          Delay reason: SMTP error from remote mail server after RCPT TO:<henryresult111@gmail.com>:
          452-4.2.2 The email account that you tried to reach is over quota. Please direct
          452-4.2.2 the recipient to
          452 4.2.2  https://support.google.com/mail/?p=OverQuotaTemp h72si2628468pfj.20 - gsmtp
       
       
      No action is required on your part. Delivery attempts will continue for some time, and this warning may be repeated at intervals if the message remains undelivered. Eventually the mail delivery software will give up, and when that happens, the message will be returned to you.
       
      Това съобщение го получават изпращащите мейли към този домейн. Събщенията се получават без проблем. Няма проблем и със сървърното място.
      Не разбирам и каква е връзката с gmail и google след като домейнът е частен. Също нямам никаква идея чий е този имейл: henryresult111@gmail.com
      Възможно ли е да е вирус? Сканирани са всички служебни машини. Имаше разни гадини, които уж обезвредихме, но проблемът не се оправи.
      Сменихме и паролите на всички мейли - нищо.
      Ето информацията от FRST:
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-11-2017
      Ran by pc (administrator) on PC1 (30-11-2017 14:23:09)
      Running from C:\Documents and Settings\pc.PC1\Desktop
      Loaded Profiles: pc (Available Profiles: pc & Administrator & Guest)
      Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
      Internet Explorer Version 8 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
      (HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
      (HP) C:\WINDOWS\system32\HPSIsvc.exe
      (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
      (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
      (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
      (Viber Media S.à r.l.) C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Viber\Viber.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
      (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
      () C:\2017\wsklad.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [16859648 2008-01-09] (Realtek Semiconductor Corp.)
      HKLM\...\Run: [Alcmtr] => C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
      HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-10-31] (AVG Technologies CZ, s.r.o.)
      HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [302744 2017-11-16] (AVG Technologies CZ, s.r.o.)
      HKU\S-1-5-20\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\...\Run: [Viber] => C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.à r.l.)
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\...\MountPoints2: {260473e8-84c9-11e3-a542-001cf0d5a2b8} - G:\SISetup.exe
      HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
      Startup: C:\Documents and Settings\pc.PC1\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2017-11-30]
      ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()
      Startup: C:\Documents and Settings\pc.PC1\Start Menu\Programs\Startup\Skype.lnk [2017-03-06]
      ShortcutTarget: Skype.lnk -> C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\Skype.ico (No File)
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Tcpip\..\Interfaces\{E7E61260-FB73-4F9E-B467-F1870B906C7C}: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-22] (Sun Microsystems, Inc.)
      BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-22] (Sun Microsystems, Inc.)
      DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} hxxp://dl-ak.solidworks.com/nonsecure/edrawings/e2012sp02/12.2.0.110/cab//eModelsStandard.cab
      DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
      DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
      FireFox:
      ========
      FF DefaultProfile: 07ckpc18.default-1412315343695
      FF ProfilePath: C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695 [2017-11-30]
      FF Extension: (YouTube Video and Audio Downloader) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-05-22] [Lagacy]
      FF Extension: (Google Search by Image) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\google@hitachi.com.xpi [2016-05-03] [Lagacy]
      FF Extension: (signTextJS) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\jid1-AXn9cXcB4fD1QQ@jetpack.xpi [2017-06-15] [Lagacy]
      FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
      FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-06-22] [Lagacy] [not signed]
      FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
      FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-27] [Lagacy] [not signed]
      FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
      FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Lagacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-09-04] ()
      FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
      Chrome:
      =======
      CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [282536 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5954792 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-10-31] (AVG Technologies CZ, s.r.o.)
      R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (HP)
      S4 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-06-22] (Sun Microsystems, Inc.)
      S4 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2003-10-22] (HP) [File not signed]
      S4 rcp_service; C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe [558592 2007-11-30] (ReaSoft) [File not signed]
      R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
      S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
      S2 APNMCP; "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
      S2 HP LaserJet Service; "C:\Program Files\hp\HPLaserJetService\HPLaserJetService.exe" [X]
      S0 MBAMService; no ImagePath
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [20624 2012-10-31] (AVAST Software)
      R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [149592 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiskx.sys [135872 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriverx.sys [249232 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidshx.sys [151024 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgblog; C:\WINDOWS\System32\drivers\avgblogx.sys [270344 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbunivx.sys [43992 2017-11-16] (AVG Technologies CZ, s.r.o.)
      S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [35264 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [117368 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [63280 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [775552 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [381184 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [290776 2017-11-16] (AVG Technologies CZ, s.r.o.)
      S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
      S3 dg_ssudbus; C:\WINDOWS\System32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.)
      S3 HP1210FAX; C:\WINDOWS\System32\Drivers\HPM1210FAX.sys [13824 2010-04-28] () [File not signed]
      R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
      R3 m4cxw2k3; C:\WINDOWS\System32\DRIVERS\m4cxw2k3.sys [250752 2007-02-15] (D-Link Corporation)
      S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
      S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
      S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2009-08-03] (VSO Software) [File not signed]
      R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
      S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
      S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-07-13] (Duplex Secure Ltd.)
      S3 ssudmdm; C:\WINDOWS\System32\DRIVERS\ssudmdm.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
      S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [File not signed]
      S2 adfs; no ImagePath
      S3 BOCDRIVE; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys [X]
      S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
      S3 FXDrv32; \??\D:\FXDrv32.sys [X]
      S4 IntelIde; no ImagePath
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-11-30 14:23 - 2017-11-30 14:23 - 000012709 _____ C:\Documents and Settings\pc.PC1\Desktop\FRST.txt
      2017-11-30 14:22 - 2017-11-30 14:23 - 000000000 ____D C:\FRST
      2017-11-30 14:22 - 2017-11-30 14:22 - 001752064 _____ (Farbar) C:\Documents and Settings\pc.PC1\Desktop\FRST.exe
      2017-11-30 10:49 - 2017-11-30 10:49 - 000025377 _____ C:\Documents and Settings\pc.PC1\Local Settings\Application Data\recently-used.xbel
      2017-11-24 14:34 - 2017-11-24 14:34 - 000000000 ____D C:\Program Files\Quester
      2017-11-24 14:34 - 2017-11-24 14:34 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QMailFilter
      2017-11-24 14:32 - 2017-11-24 14:32 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Application Data\CEF
      2017-11-24 14:32 - 2017-11-24 14:32 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Application Data\AVG
      2017-11-24 14:31 - 2017-11-24 14:31 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Application Data\Avg
      2017-11-24 14:21 - 2017-11-24 14:21 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\PCHealth
      2017-11-20 12:24 - 2017-11-20 12:40 - 000065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt
      2017-11-20 12:24 - 2017-11-20 12:24 - 000000000 ____D C:\Documents and Settings\pc.PC1\Doctor Web
      2017-11-20 12:24 - 2017-11-20 12:24 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Doctor Web
      2017-11-16 14:45 - 2017-11-16 14:45 - 000087203 _____ C:\Documents and Settings\pc.PC1\My Documents\Untitled.pdf
      2017-11-16 14:45 - 2017-11-16 14:45 - 000087203 _____ C:\Documents and Settings\pc.PC1\Desktop\Untitled.pdf
      2017-11-16 13:03 - 2017-11-16 13:05 - 000000000 ____D C:\EEK
      2017-11-16 13:02 - 2017-11-16 13:02 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Temp
      2017-11-16 10:11 - 2017-11-16 10:11 - 000001608 _____ C:\Documents and Settings\All Users\Desktop\AVG AntiVirus FREE.lnk
      2017-11-16 10:11 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\AVG
      2017-11-16 10:10 - 2017-11-30 10:10 - 000000288 ____H C:\WINDOWS\Tasks\Antivirus Emergency Update.job
      2017-11-16 10:10 - 2017-11-16 10:10 - 000775552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000381184 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000306448 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
      2017-11-16 10:10 - 2017-11-16 10:10 - 000290776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000249232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000149592 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiskx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
      2017-11-16 10:08 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
      2017-11-16 10:08 - 2017-11-16 10:08 - 000000629 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
      2017-11-16 10:06 - 2017-11-30 11:06 - 000000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
      2017-11-16 10:06 - 2017-11-16 10:08 - 000000000 ____D C:\Program Files\AVG
      2017-11-16 09:51 - 2017-11-16 09:51 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\CEF
      2017-11-16 09:50 - 2017-11-16 11:23 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
      2017-11-16 09:50 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Avg
      2017-11-16 09:50 - 2017-11-16 10:08 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\AvgSetupLog
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-11-30 14:23 - 2013-08-02 12:50 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Temp
      2017-11-30 14:20 - 2015-08-03 07:23 - 000271360 _____ C:\Documents and Settings\pc.PC1\My Documents\Outlook_Archive.pst
      2017-11-30 14:16 - 2016-12-27 11:00 - 000000000 ____D C:\2017
      2017-11-30 10:49 - 2014-01-15 10:08 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\gtk-2.0
      2017-11-30 10:49 - 2013-08-02 12:55 - 000000000 ____D C:\Documents and Settings\pc.PC1\.gimp-2.8
      2017-11-30 07:55 - 2016-08-12 14:25 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\ViberPC
      2017-11-30 07:52 - 2014-03-28 08:20 - 000000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
      2017-11-30 07:52 - 2008-09-12 18:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-11-30 07:52 - 2008-04-14 14:00 - 000011936 _____ C:\WINDOWS\system32\wpa.dbl
      2017-11-29 16:54 - 2013-08-02 12:50 - 000000178 ___SH C:\Documents and Settings\pc.PC1\ntuser.ini
      2017-11-29 16:54 - 2013-08-02 12:50 - 000000000 ____D C:\Documents and Settings\pc.PC1
      2017-11-29 16:54 - 2008-09-12 18:28 - 000032520 _____ C:\WINDOWS\SchedLgU.Txt
      2017-11-28 11:37 - 2011-12-19 11:25 - 000000000 ____D C:\Program Files\The KMPlayer
      2017-11-24 14:40 - 2013-08-02 13:09 - 000211496 _____ C:\Documents and Settings\pc.PC1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2017-11-24 14:37 - 2013-11-01 13:09 - 000000178 ___SH C:\Documents and Settings\Administrator.PC1\ntuser.ini
      2017-11-24 14:36 - 2010-03-25 10:10 - 000979370 _____ C:\WINDOWS\ntbtlog.txt
      2017-11-24 14:35 - 2013-11-01 13:09 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Temp
      2017-11-24 14:28 - 2008-09-12 21:12 - 002469912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2017-11-24 14:25 - 2013-08-02 14:23 - 000065536 _____ C:\WINDOWS\system32\config\ODiag.evt
      2017-11-24 14:15 - 2008-09-13 10:13 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2017-11-24 14:12 - 2008-04-14 14:00 - 000000668 _____ C:\WINDOWS\win.ini
      2017-11-24 11:47 - 2016-08-12 14:25 - 000000000 ____D C:\Documents and Settings\pc.PC1\My Documents\ViberDownloads
      2017-11-22 16:05 - 2013-12-11 14:52 - 000000000 ____D C:\2014
      2017-11-22 16:04 - 2010-12-03 14:28 - 000000000 ____D C:\2011
      2017-11-22 16:03 - 2011-12-09 14:39 - 000000000 ____D C:\2012
      2017-11-22 15:40 - 2013-08-02 13:28 - 000002515 _____ C:\Documents and Settings\pc.PC1\Desktop\Microsoft Office Word 2007.lnk
      2017-11-22 14:28 - 2014-12-29 16:42 - 000000000 ____D C:\2015
      2017-11-22 14:25 - 2015-12-23 11:32 - 000000000 ____D C:\2016
      2017-11-16 10:55 - 2014-10-02 15:34 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\istartsurf
      2017-11-16 10:48 - 2012-12-20 13:57 - 000000000 ____D C:\2013
      2017-11-16 10:38 - 2014-10-02 15:34 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\IePluginServices
      2017-11-16 09:28 - 2010-09-30 15:57 - 000000000 ____D C:\Program Files\ough
      2017-11-16 09:01 - 2013-09-23 15:54 - 002755382 ___SH C:\Documents and Settings\pc.PC1\Desktop\Thumbs.db
      2017-11-10 13:23 - 2013-08-02 13:49 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\Skype
      2017-11-08 15:00 - 2014-03-28 08:20 - 000000210 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
      ==================== Files in the root of some directories =======
      2015-08-17 11:04 - 2015-08-17 11:08 - 000304492 _____ (AYURvmkth8) C:\Documents and Settings\pc.PC1\Application Data\adobe.exe
      2013-10-07 13:55 - 2014-04-09 12:28 - 000000531 _____ () C:\Documents and Settings\pc.PC1\Application Data\burnaware.ini
      2013-08-02 13:31 - 2017-08-18 12:25 - 000036352 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2014-02-27 17:15 - 2014-02-28 09:48 - 000000600 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\PUTTY.RND
      2017-11-30 10:49 - 2017-11-30 10:49 - 000025377 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\recently-used.xbel
      2011-03-11 09:28 - 2011-03-11 09:28 - 000000016 _____ () C:\Documents and Settings\All Users\Application Data\.7486160831680234
      2008-10-31 09:19 - 2008-10-31 09:19 - 000000041 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib
      2008-09-13 13:47 - 2016-04-26 08:08 - 000001669 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
      2014-08-15 11:57 - 2010-03-30 10:12 - 000024772 _____ () C:\Documents and Settings\All Users\Application Data\P1210DEF.css
      2014-08-15 11:57 - 2016-01-22 14:22 - 000015499 _____ () C:\Documents and Settings\All Users\Application Data\P1210OS.HTM
      2014-08-15 11:57 - 2010-03-30 10:12 - 000002944 _____ () C:\Documents and Settings\All Users\Application Data\P1210SIG.GIF
      Some files in TEMP:
      ====================
      2017-10-13 09:08 - 2011-12-29 11:44 - 001275396 _____ (NCH Software) C:\Documents and Settings\pc.PC1\Local Settings\Temp\uninst.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      ==================== End of FRST.txt ============================
      Addition.txt
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.