Премини към съдържанието
От 1-ви септември 2021 г., вход във форумите ще е възможен само с имейл адрес вместо потребителско име. Ако не помните имейла с който сте се регистрирали, вижте го в настройките на профила си. ×
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Toshiba Qosmio бъгва всеки път при стартиране на браузъра!


Препоръчан отговор


Здравейте, ето го моят проблем, притежавам Toshiba Qosmio X 305-Q701,закупен от САЩ. Проблемът, е че лаптопът забива всеки път когато стартирам който и да е Browser, екранът става черен и звукът забива ако е имало пуснат звук разбира се. Няма клавишна комбинация, която да ми помогне след това, само задържане на Power бутона и включване на системата отново. В режим на Safe mode няма никакви проблеми. Лека вечер от мен, благодаря предварително 

Линк към коментара
Сподели в други сайтове

153772-albums14-picture187t.gif Моля следвайте стъпките на темата Системата ми е инфектирана - Какво да правя сега? за да анализираме системата и да видим за какво става въпрос..!Благодаря..! :)

Линк към коментара
Сподели в други сайтове

Здравейте, ще следвам стъпките но бих искал да попитам дали ще е проблем ако правя всички стъпки в Safe Mode, понеже не мога да ползвам Интернет в нормален режим? Благодаря :)

Линк към коментара
Сподели в други сайтове

153772-albums14-picture187t.gif Моля следвайте стъпките на темата Системата ми е инфектирана - Какво да правя сега? за да анализираме системата и да видим за какво става въпрос..!Благодаря..! :)

Здравейте, ето и съдържанието на First.txt ( не е в Safe Mode,както бях питал в предния пост в нормален режим е сканирането)

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01

Ran by kaligola (administrator) on KALIGOLA-PC on 10-09-2014 01:30:56
Running from C:\Users\kaligola\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Fork Ltd.) C:\Program Files\Prey\platform\windows\cronsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(BitTorrent Inc.) C:\Users\kaligola\AppData\Roaming\BitTorrent\BitTorrent.exe
(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\kaligola\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Alarm Me\AlarmMe.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files\csmk\nvsvc16.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AlarmMe] => C:\Program Files (x86)\Alarm Me\AlarmMe.exe [2102272 2009-02-26] ()
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)
HKLM-x32\...\Run: [browserPlugInHelper] => C:\Program Files (x86)\Wondershare\AllMyTube\BrowserPlugInHelper.exe [411064 2012-12-13] (Wondershare Software)
HKLM-x32\...\Run: [nvsvc16] => C:\Program Files\csmk\nvsvc16.exe [56320 2011-04-13] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [bitTorrent] => C:\Users\kaligola\AppData\Roaming\BitTorrent\BitTorrent.exe [1267032 2014-07-02] (BitTorrent Inc.)
HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [Google Update] => C:\Users\kaligola\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-07] (Google Inc.)
HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [GoogleChromeAutoLaunch_7E1EF083174FC3FBF01580323A705D67] => C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)
HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\MountPoints2: F - F:\cdstart.exe
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-12] (Adobe Systems, Inc.)
Startup: C:\Users\kaligola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\kaligola\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD8AFC85D6816CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Wondershare AllMyTube -> {1373BA72-5012-496e-9F72-7A426DCF78BB} -> C:\Program Files (x86)\Wondershare\AllMyTube\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.23.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default
FF Homepage: hxxp://mail.bg/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @inhatch.com,version=0.7.5 -> C:\Program Files (x86)\InhatchTeam\Inhatch\npinhatch.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\kaligola\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\kaligola\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\kaligola\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml
FF Extension: Bulgarian Dictionary - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2011-03-29]
FF Extension: United States English Spellchecker - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2014-09-08]
FF Extension: DownloadHelper - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: Personas Plus - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2014-09-08]
FF Extension: ImTranslator - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-09-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-10-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-30]
FF HKLM-x32\...\Firefox\Extensions: [{829AD732-F3DB-4011-81C4-135F2FB05D8E}] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt
FF Extension: Wondershare AllMyTube - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt [2013-01-12]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{829AD732-F3DB-4011-81C4-135F2FB05D8E}] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.bg/"
CHR DefaultSearchKeyword: Default -> isearch.avg.com
CHR DefaultSearchProvider: Default -> AVG Secure Search
CHR DefaultSearchURL: Default -> https://isearch.avg.com/search?cid={34D11457-92FB-4847-B53A-9C21C6A8D60E}&mid=23e5976ec92047d08e3a59ab28147ab9-47df855eabc489a3c1ac6de06f2d3d5111ea9936&lang=en&ds=qw011&pr=sa&d=2012-07-26 16:01:41&v=12.1.0.21&sap=dsp&q={searchTerms}
CHR Profile: C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-07]
CHR Extension: (SiteTalk Social Shopping) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpolifdmdmcbcipolocmkpmjmcoegad [2013-04-29]
CHR Extension: (Wondershare AllMyTube) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij [2013-01-12]
CHR Extension: (Apple Shooter) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm [2011-12-07]
CHR Extension: (Alarm Clock Radio) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi [2011-12-07]
CHR Extension: (HDPlus-V1.9) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpnehokodklgijkcakcfmccgpanipfp [2014-07-17]
CHR Extension: (Angry Birds) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllkkflncainlmehooebdaodggehpknh [2011-12-12]
CHR Extension: (Google Wallet) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [ifllmjhoijmmhobcnjdhelmboobmenij] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRChromePlugin.crx [2013-01-12]
CHR StartMenuInternet: Google Chrome - C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CronService; C:\Program Files\Prey\platform\windows\cronsvc.exe [23552 2014-01-27] (Fork Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () [File not signed]
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2011-03-08] (Realtek Semiconductor.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 01:30 - 2014-09-10 01:31 - 00019317 _____ () C:\Users\kaligola\Downloads\FRST.txt
2014-09-10 01:30 - 2014-09-10 01:30 - 00000000 ____D () C:\FRST
2014-09-10 01:29 - 2014-09-10 01:29 - 02105344 _____ (Farbar) C:\Users\kaligola\Downloads\FRST64.exe
2014-09-07 23:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-07 23:28 - 2014-09-07 23:30 - 00000000 ____D () C:\AdwCleaner
2014-09-07 23:28 - 2014-09-07 23:28 - 01370467 _____ () C:\Users\kaligola\Downloads\adwcleaner_3.309.exe
2014-09-07 22:24 - 2014-09-10 01:24 - 00000616 _____ () C:\Windows\setupact.log
2014-09-07 22:24 - 2014-09-07 22:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-07 22:15 - 2014-09-07 22:15 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-06 09:26 - 2014-09-09 15:40 - 00000000 ____D () C:\Users\kaligola\Desktop\New folder
2014-08-29 19:52 - 2014-08-23 05:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 19:52 - 2014-08-23 04:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 19:52 - 2014-08-23 03:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 18:53 - 2014-07-01 01:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-21 18:53 - 2014-07-01 01:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-21 18:53 - 2014-06-06 09:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-21 18:53 - 2014-06-06 09:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-21 18:53 - 2014-03-10 00:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-21 18:53 - 2014-03-10 00:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-21 18:53 - 2014-03-10 00:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-21 18:53 - 2014-03-10 00:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-20 20:07 - 2014-07-16 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-20 20:07 - 2014-07-16 05:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-20 20:06 - 2014-08-01 02:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-20 20:06 - 2014-07-25 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-20 20:06 - 2014-07-25 16:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-20 20:06 - 2014-07-25 16:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-20 20:06 - 2014-07-25 16:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-20 20:06 - 2014-07-25 15:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-20 20:06 - 2014-07-25 15:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-20 20:06 - 2014-07-25 15:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-20 20:06 - 2014-07-25 15:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-20 20:06 - 2014-07-25 15:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-20 20:06 - 2014-07-25 14:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-20 20:06 - 2014-07-25 14:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-20 20:06 - 2014-07-25 14:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-20 20:06 - 2014-07-25 14:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-20 20:06 - 2014-07-25 14:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-20 20:06 - 2014-07-25 13:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-20 20:06 - 2014-06-25 05:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-20 20:06 - 2014-06-25 04:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-20 20:06 - 2014-06-16 05:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-20 20:06 - 2014-06-03 13:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-20 20:06 - 2014-06-03 13:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-20 20:06 - 2014-06-03 13:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-20 20:06 - 2014-06-03 13:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-20 20:06 - 2014-06-03 12:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-20 20:06 - 2014-06-03 12:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-20 20:06 - 2014-06-03 12:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-20 20:05 - 2014-08-07 05:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-20 20:05 - 2014-08-07 05:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-20 20:05 - 2014-08-01 02:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-20 20:05 - 2014-07-25 17:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-20 20:05 - 2014-07-25 17:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-20 20:05 - 2014-07-25 16:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-20 20:05 - 2014-07-25 16:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-20 20:05 - 2014-07-25 16:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-20 20:05 - 2014-07-25 16:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-20 20:05 - 2014-07-25 16:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-20 20:05 - 2014-07-25 16:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-20 20:05 - 2014-07-25 16:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-20 20:05 - 2014-07-25 16:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-20 20:05 - 2014-07-25 16:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-20 20:05 - 2014-07-25 15:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-20 20:05 - 2014-07-25 15:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-20 20:05 - 2014-07-25 15:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-20 20:05 - 2014-07-25 15:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-20 20:05 - 2014-07-25 15:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-20 20:05 - 2014-07-25 15:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-20 20:05 - 2014-07-25 15:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-20 20:05 - 2014-07-25 15:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-20 20:05 - 2014-07-25 15:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-20 20:05 - 2014-07-25 15:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-20 20:05 - 2014-07-25 15:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-20 20:05 - 2014-07-25 15:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-20 20:05 - 2014-07-25 15:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-20 20:05 - 2014-07-25 15:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-20 20:05 - 2014-07-25 14:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-20 20:05 - 2014-07-25 14:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-20 20:05 - 2014-07-25 14:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-20 20:05 - 2014-07-25 14:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-20 20:05 - 2014-07-25 14:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-20 20:05 - 2014-07-25 14:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-20 20:05 - 2014-07-25 14:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-20 20:05 - 2014-07-25 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-20 20:05 - 2014-07-25 14:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-20 20:05 - 2014-07-25 13:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-20 20:05 - 2014-07-25 13:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-20 20:05 - 2014-07-25 13:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-20 20:05 - 2014-07-25 13:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-20 20:05 - 2014-07-25 13:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-20 20:05 - 2014-07-14 05:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-20 20:05 - 2014-07-14 04:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 01:31 - 2014-09-10 01:30 - 00019317 _____ () C:\Users\kaligola\Downloads\FRST.txt
2014-09-10 01:30 - 2014-09-10 01:30 - 00000000 ____D () C:\FRST
2014-09-10 01:30 - 2012-04-17 00:48 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\BitTorrent
2014-09-10 01:30 - 2011-03-16 23:23 - 19147776 ___SH () C:\Users\kaligola\Desktop\Thumbs.db
2014-09-10 01:29 - 2014-09-10 01:29 - 02105344 _____ (Farbar) C:\Users\kaligola\Downloads\FRST64.exe
2014-09-10 01:27 - 2011-01-05 05:33 - 01070528 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 01:27 - 2011-01-04 20:06 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{206A648D-8121-4F5A-ACD5-251A124B9C77}
2014-09-10 01:25 - 2013-11-01 22:11 - 00000000 ___RD () C:\Users\kaligola\Dropbox
2014-09-10 01:25 - 2013-11-01 22:07 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Dropbox
2014-09-10 01:25 - 2012-01-20 18:38 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-09-10 01:25 - 2011-02-20 14:30 - 00643841 _____ () C:\Windows\AutoKMS.log
2014-09-10 01:25 - 2011-02-19 23:04 - 00000206 _____ () C:\Windows\Tasks\AutoKMS.job
2014-09-10 01:24 - 2014-09-07 22:24 - 00000616 _____ () C:\Windows\setupact.log
2014-09-10 01:24 - 2011-03-16 18:22 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-10 01:24 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 22:49 - 2011-01-04 21:17 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Skype
2014-09-09 16:13 - 2012-11-29 00:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 15:54 - 2011-12-07 16:22 - 00001020 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1790302233-785394025-1556043580-1000UA.job
2014-09-09 15:40 - 2014-09-06 09:26 - 00000000 ____D () C:\Users\kaligola\Desktop\New folder
2014-09-09 15:38 - 2009-07-14 07:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 15:38 - 2009-07-14 07:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-07 23:35 - 2011-01-04 21:00 - 00162486 _____ () C:\Windows\PFRO.log
2014-09-07 23:32 - 2014-07-14 12:23 - 00001462 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-7.job
2014-09-07 23:30 - 2014-09-07 23:28 - 00000000 ____D () C:\AdwCleaner
2014-09-07 23:28 - 2014-09-07 23:28 - 01370467 _____ () C:\Users\kaligola\Downloads\adwcleaner_3.309.exe
2014-09-07 22:55 - 2014-07-14 12:23 - 00003798 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-11.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00002206 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-4.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00001532 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-6.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00001532 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-1.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00001446 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5_user.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00001428 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00001336 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-2.job
2014-09-07 22:55 - 2014-07-14 12:22 - 00002428 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-3.job
2014-09-07 22:55 - 2014-07-14 12:22 - 00000910 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-09-07 22:52 - 2011-01-04 19:53 - 00000000 ____D () C:\Program Files\ESET
2014-09-07 22:24 - 2014-09-07 22:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-07 22:24 - 2012-04-27 21:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-07 22:22 - 2011-01-04 23:42 - 00000000 ____D () C:\Windows\Minidump
2014-09-07 22:15 - 2014-09-07 22:15 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-07 22:15 - 2012-10-30 23:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-07 22:15 - 2011-03-26 23:04 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-07 22:15 - 2011-01-04 20:08 - 00000000 ____D () C:\Users\kaligola\AppData\Local\Mozilla
2014-09-07 22:11 - 2011-11-18 00:35 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2014-09-07 22:07 - 2011-05-26 21:03 - 00000000 ____D () C:\Program Files (x86)\InhatchTeam
2014-09-07 22:06 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\Help
2014-09-07 22:05 - 2013-11-12 00:17 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-09-06 18:28 - 2014-07-14 12:23 - 00000914 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-09-06 16:54 - 2011-12-07 16:22 - 00000968 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1790302233-785394025-1556043580-1000Core.job
2014-08-30 20:07 - 2013-04-19 18:23 - 00001388 _____ () C:\Windows\SysWOW64\bash.exe.stackdump
2014-08-30 09:27 - 2009-07-14 07:45 - 00406480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 05:07 - 2014-08-29 19:52 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 04:45 - 2014-08-29 19:52 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 03:59 - 2014-08-29 19:52 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 21:07 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache
2014-08-21 19:35 - 2011-01-04 21:16 - 00000000 ____D () C:\ProgramData\Skype
2014-08-21 19:32 - 2011-01-04 19:46 - 00000000 ___RD () C:\Users\kaligola\Virtual Machines
2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-21 19:05 - 2013-08-10 12:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-21 19:01 - 2011-01-05 00:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-21 18:59 - 2011-01-05 18:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-21 18:52 - 2014-04-23 10:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-20 19:54 - 2013-11-01 22:11 - 00001029 _____ () C:\Users\kaligola\Desktop\Dropbox.lnk
2014-08-20 19:54 - 2013-11-01 22:09 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
Some content of TEMP:
====================
C:\Users\kaligola\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfgaub_.dll
C:\Users\kaligola\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 09:57
 
==================== End Of Log ============================Addition.txt

153772-albums14-picture187t.gif Моля следвайте стъпките на темата Системата ми е инфектирана - Какво да правя сега? за да анализираме системата и да видим за какво става въпрос..!Благодаря..! :)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by kaligola (administrator) on KALIGOLA-PC on 10-09-2014 01:30:56
Running from C:\Users\kaligola\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Fork Ltd.) C:\Program Files\Prey\platform\windows\cronsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(BitTorrent Inc.) C:\Users\kaligola\AppData\Roaming\BitTorrent\BitTorrent.exe
(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\kaligola\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Alarm Me\AlarmMe.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files\csmk\nvsvc16.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AlarmMe] => C:\Program Files (x86)\Alarm Me\AlarmMe.exe [2102272 2009-02-26] ()
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)
HKLM-x32\...\Run: [browserPlugInHelper] => C:\Program Files (x86)\Wondershare\AllMyTube\BrowserPlugInHelper.exe [411064 2012-12-13] (Wondershare Software)
HKLM-x32\...\Run: [nvsvc16] => C:\Program Files\csmk\nvsvc16.exe [56320 2011-04-13] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [bitTorrent] => C:\Users\kaligola\AppData\Roaming\BitTorrent\BitTorrent.exe [1267032 2014-07-02] (BitTorrent Inc.)
HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [Google Update] => C:\Users\kaligola\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-07] (Google Inc.)
HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [GoogleChromeAutoLaunch_7E1EF083174FC3FBF01580323A705D67] => C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)
HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\MountPoints2: F - F:\cdstart.exe
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-12] (Adobe Systems, Inc.)
Startup: C:\Users\kaligola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\kaligola\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD8AFC85D6816CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Wondershare AllMyTube -> {1373BA72-5012-496e-9F72-7A426DCF78BB} -> C:\Program Files (x86)\Wondershare\AllMyTube\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.23.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default
FF Homepage: hxxp://mail.bg/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @inhatch.com,version=0.7.5 -> C:\Program Files (x86)\InhatchTeam\Inhatch\npinhatch.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\kaligola\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\kaligola\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\kaligola\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml
FF Extension: Bulgarian Dictionary - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2011-03-29]
FF Extension: United States English Spellchecker - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2014-09-08]
FF Extension: DownloadHelper - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: Personas Plus - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2014-09-08]
FF Extension: ImTranslator - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-09-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-10-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-30]
FF HKLM-x32\...\Firefox\Extensions: [{829AD732-F3DB-4011-81C4-135F2FB05D8E}] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt
FF Extension: Wondershare AllMyTube - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt [2013-01-12]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{829AD732-F3DB-4011-81C4-135F2FB05D8E}] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.bg/"
CHR DefaultSearchKeyword: Default -> isearch.avg.com
CHR DefaultSearchProvider: Default -> AVG Secure Search
CHR DefaultSearchURL: Default -> https://isearch.avg.com/search?cid={34D11457-92FB-4847-B53A-9C21C6A8D60E}&mid=23e5976ec92047d08e3a59ab28147ab9-47df855eabc489a3c1ac6de06f2d3d5111ea9936&lang=en&ds=qw011&pr=sa&d=2012-07-26 16:01:41&v=12.1.0.21&sap=dsp&q={searchTerms}
CHR Profile: C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-07]
CHR Extension: (SiteTalk Social Shopping) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpolifdmdmcbcipolocmkpmjmcoegad [2013-04-29]
CHR Extension: (Wondershare AllMyTube) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij [2013-01-12]
CHR Extension: (Apple Shooter) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm [2011-12-07]
CHR Extension: (Alarm Clock Radio) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi [2011-12-07]
CHR Extension: (HDPlus-V1.9) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpnehokodklgijkcakcfmccgpanipfp [2014-07-17]
CHR Extension: (Angry Birds) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllkkflncainlmehooebdaodggehpknh [2011-12-12]
CHR Extension: (Google Wallet) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [ifllmjhoijmmhobcnjdhelmboobmenij] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRChromePlugin.crx [2013-01-12]
CHR StartMenuInternet: Google Chrome - C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CronService; C:\Program Files\Prey\platform\windows\cronsvc.exe [23552 2014-01-27] (Fork Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () [File not signed]
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2011-03-08] (Realtek Semiconductor.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 01:30 - 2014-09-10 01:31 - 00019317 _____ () C:\Users\kaligola\Downloads\FRST.txt
2014-09-10 01:30 - 2014-09-10 01:30 - 00000000 ____D () C:\FRST
2014-09-10 01:29 - 2014-09-10 01:29 - 02105344 _____ (Farbar) C:\Users\kaligola\Downloads\FRST64.exe
2014-09-07 23:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-07 23:28 - 2014-09-07 23:30 - 00000000 ____D () C:\AdwCleaner
2014-09-07 23:28 - 2014-09-07 23:28 - 01370467 _____ () C:\Users\kaligola\Downloads\adwcleaner_3.309.exe
2014-09-07 22:24 - 2014-09-10 01:24 - 00000616 _____ () C:\Windows\setupact.log
2014-09-07 22:24 - 2014-09-07 22:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-07 22:15 - 2014-09-07 22:15 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-06 09:26 - 2014-09-09 15:40 - 00000000 ____D () C:\Users\kaligola\Desktop\New folder
2014-08-29 19:52 - 2014-08-23 05:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 19:52 - 2014-08-23 04:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 19:52 - 2014-08-23 03:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 18:53 - 2014-07-01 01:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-21 18:53 - 2014-07-01 01:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-21 18:53 - 2014-06-06 09:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-21 18:53 - 2014-06-06 09:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-21 18:53 - 2014-03-10 00:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-21 18:53 - 2014-03-10 00:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-21 18:53 - 2014-03-10 00:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-21 18:53 - 2014-03-10 00:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-20 20:07 - 2014-07-16 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-20 20:07 - 2014-07-16 05:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-20 20:06 - 2014-08-01 02:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-20 20:06 - 2014-07-25 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-20 20:06 - 2014-07-25 16:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-20 20:06 - 2014-07-25 16:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-20 20:06 - 2014-07-25 16:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-20 20:06 - 2014-07-25 15:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-20 20:06 - 2014-07-25 15:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-20 20:06 - 2014-07-25 15:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-20 20:06 - 2014-07-25 15:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-20 20:06 - 2014-07-25 15:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-20 20:06 - 2014-07-25 14:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-20 20:06 - 2014-07-25 14:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-20 20:06 - 2014-07-25 14:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-20 20:06 - 2014-07-25 14:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-20 20:06 - 2014-07-25 14:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-20 20:06 - 2014-07-25 13:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-20 20:06 - 2014-06-25 05:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-20 20:06 - 2014-06-25 04:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-20 20:06 - 2014-06-16 05:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-20 20:06 - 2014-06-03 13:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-20 20:06 - 2014-06-03 13:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-20 20:06 - 2014-06-03 13:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-20 20:06 - 2014-06-03 13:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-20 20:06 - 2014-06-03 12:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-20 20:06 - 2014-06-03 12:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-20 20:06 - 2014-06-03 12:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-20 20:05 - 2014-08-07 05:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-20 20:05 - 2014-08-07 05:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-20 20:05 - 2014-08-01 02:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-20 20:05 - 2014-07-25 17:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-20 20:05 - 2014-07-25 17:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-20 20:05 - 2014-07-25 16:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-20 20:05 - 2014-07-25 16:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-20 20:05 - 2014-07-25 16:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-20 20:05 - 2014-07-25 16:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-20 20:05 - 2014-07-25 16:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-20 20:05 - 2014-07-25 16:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-20 20:05 - 2014-07-25 16:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-20 20:05 - 2014-07-25 16:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-20 20:05 - 2014-07-25 16:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-20 20:05 - 2014-07-25 15:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-20 20:05 - 2014-07-25 15:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-20 20:05 - 2014-07-25 15:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-20 20:05 - 2014-07-25 15:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-20 20:05 - 2014-07-25 15:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-20 20:05 - 2014-07-25 15:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-20 20:05 - 2014-07-25 15:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-20 20:05 - 2014-07-25 15:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-20 20:05 - 2014-07-25 15:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-20 20:05 - 2014-07-25 15:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-20 20:05 - 2014-07-25 15:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-20 20:05 - 2014-07-25 15:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-20 20:05 - 2014-07-25 15:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-20 20:05 - 2014-07-25 15:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-20 20:05 - 2014-07-25 14:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-20 20:05 - 2014-07-25 14:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-20 20:05 - 2014-07-25 14:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-20 20:05 - 2014-07-25 14:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-20 20:05 - 2014-07-25 14:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-20 20:05 - 2014-07-25 14:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-20 20:05 - 2014-07-25 14:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-20 20:05 - 2014-07-25 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-20 20:05 - 2014-07-25 14:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-20 20:05 - 2014-07-25 13:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-20 20:05 - 2014-07-25 13:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-20 20:05 - 2014-07-25 13:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-20 20:05 - 2014-07-25 13:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-20 20:05 - 2014-07-25 13:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-20 20:05 - 2014-07-14 05:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-20 20:05 - 2014-07-14 04:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 01:31 - 2014-09-10 01:30 - 00019317 _____ () C:\Users\kaligola\Downloads\FRST.txt
2014-09-10 01:30 - 2014-09-10 01:30 - 00000000 ____D () C:\FRST
2014-09-10 01:30 - 2012-04-17 00:48 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\BitTorrent
2014-09-10 01:30 - 2011-03-16 23:23 - 19147776 ___SH () C:\Users\kaligola\Desktop\Thumbs.db
2014-09-10 01:29 - 2014-09-10 01:29 - 02105344 _____ (Farbar) C:\Users\kaligola\Downloads\FRST64.exe
2014-09-10 01:27 - 2011-01-05 05:33 - 01070528 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 01:27 - 2011-01-04 20:06 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{206A648D-8121-4F5A-ACD5-251A124B9C77}
2014-09-10 01:25 - 2013-11-01 22:11 - 00000000 ___RD () C:\Users\kaligola\Dropbox
2014-09-10 01:25 - 2013-11-01 22:07 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Dropbox
2014-09-10 01:25 - 2012-01-20 18:38 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-09-10 01:25 - 2011-02-20 14:30 - 00643841 _____ () C:\Windows\AutoKMS.log
2014-09-10 01:25 - 2011-02-19 23:04 - 00000206 _____ () C:\Windows\Tasks\AutoKMS.job
2014-09-10 01:24 - 2014-09-07 22:24 - 00000616 _____ () C:\Windows\setupact.log
2014-09-10 01:24 - 2011-03-16 18:22 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-10 01:24 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 22:49 - 2011-01-04 21:17 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Skype
2014-09-09 16:13 - 2012-11-29 00:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 15:54 - 2011-12-07 16:22 - 00001020 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1790302233-785394025-1556043580-1000UA.job
2014-09-09 15:40 - 2014-09-06 09:26 - 00000000 ____D () C:\Users\kaligola\Desktop\New folder
2014-09-09 15:38 - 2009-07-14 07:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 15:38 - 2009-07-14 07:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-07 23:35 - 2011-01-04 21:00 - 00162486 _____ () C:\Windows\PFRO.log
2014-09-07 23:32 - 2014-07-14 12:23 - 00001462 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-7.job
2014-09-07 23:30 - 2014-09-07 23:28 - 00000000 ____D () C:\AdwCleaner
2014-09-07 23:28 - 2014-09-07 23:28 - 01370467 _____ () C:\Users\kaligola\Downloads\adwcleaner_3.309.exe
2014-09-07 22:55 - 2014-07-14 12:23 - 00003798 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-11.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00002206 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-4.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00001532 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-6.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00001532 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-1.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00001446 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5_user.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00001428 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00001336 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-2.job
2014-09-07 22:55 - 2014-07-14 12:22 - 00002428 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-3.job
2014-09-07 22:55 - 2014-07-14 12:22 - 00000910 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-09-07 22:52 - 2011-01-04 19:53 - 00000000 ____D () C:\Program Files\ESET
2014-09-07 22:24 - 2014-09-07 22:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-07 22:24 - 2012-04-27 21:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-07 22:22 - 2011-01-04 23:42 - 00000000 ____D () C:\Windows\Minidump
2014-09-07 22:15 - 2014-09-07 22:15 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-07 22:15 - 2012-10-30 23:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-07 22:15 - 2011-03-26 23:04 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-07 22:15 - 2011-01-04 20:08 - 00000000 ____D () C:\Users\kaligola\AppData\Local\Mozilla
2014-09-07 22:11 - 2011-11-18 00:35 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2014-09-07 22:07 - 2011-05-26 21:03 - 00000000 ____D () C:\Program Files (x86)\InhatchTeam
2014-09-07 22:06 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\Help
2014-09-07 22:05 - 2013-11-12 00:17 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-09-06 18:28 - 2014-07-14 12:23 - 00000914 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-09-06 16:54 - 2011-12-07 16:22 - 00000968 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1790302233-785394025-1556043580-1000Core.job
2014-08-30 20:07 - 2013-04-19 18:23 - 00001388 _____ () C:\Windows\SysWOW64\bash.exe.stackdump
2014-08-30 09:27 - 2009-07-14 07:45 - 00406480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 05:07 - 2014-08-29 19:52 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 04:45 - 2014-08-29 19:52 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 03:59 - 2014-08-29 19:52 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 21:07 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache
2014-08-21 19:35 - 2011-01-04 21:16 - 00000000 ____D () C:\ProgramData\Skype
2014-08-21 19:32 - 2011-01-04 19:46 - 00000000 ___RD () C:\Users\kaligola\Virtual Machines
2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-21 19:05 - 2013-08-10 12:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-21 19:01 - 2011-01-05 00:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-21 18:59 - 2011-01-05 18:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-21 18:52 - 2014-04-23 10:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-20 19:54 - 2013-11-01 22:11 - 00001029 _____ () C:\Users\kaligola\Desktop\Dropbox.lnk
2014-08-20 19:54 - 2013-11-01 22:09 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
Some content of TEMP:
====================
C:\Users\kaligola\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfgaub_.dll
C:\Users\kaligola\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 09:57
 
==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by kaligola (administrator) on KALIGOLA-PC on 10-09-2014 01:30:56
Running from C:\Users\kaligola\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Fork Ltd.) C:\Program Files\Prey\platform\windows\cronsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(BitTorrent Inc.) C:\Users\kaligola\AppData\Roaming\BitTorrent\BitTorrent.exe
(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\kaligola\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Alarm Me\AlarmMe.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files\csmk\nvsvc16.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AlarmMe] => C:\Program Files (x86)\Alarm Me\AlarmMe.exe [2102272 2009-02-26] ()
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)
HKLM-x32\...\Run: [browserPlugInHelper] => C:\Program Files (x86)\Wondershare\AllMyTube\BrowserPlugInHelper.exe [411064 2012-12-13] (Wondershare Software)
HKLM-x32\...\Run: [nvsvc16] => C:\Program Files\csmk\nvsvc16.exe [56320 2011-04-13] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [bitTorrent] => C:\Users\kaligola\AppData\Roaming\BitTorrent\BitTorrent.exe [1267032 2014-07-02] (BitTorrent Inc.)
HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [Google Update] => C:\Users\kaligola\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-07] (Google Inc.)
HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\Run: [GoogleChromeAutoLaunch_7E1EF083174FC3FBF01580323A705D67] => C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)
HKU\S-1-5-21-1790302233-785394025-1556043580-1000\...\MountPoints2: F - F:\cdstart.exe
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-12] (Adobe Systems, Inc.)
Startup: C:\Users\kaligola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\kaligola\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD8AFC85D6816CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Wondershare AllMyTube -> {1373BA72-5012-496e-9F72-7A426DCF78BB} -> C:\Program Files (x86)\Wondershare\AllMyTube\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.23.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default
FF Homepage: hxxp://mail.bg/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @inhatch.com,version=0.7.5 -> C:\Program Files (x86)\InhatchTeam\Inhatch\npinhatch.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\kaligola\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\kaligola\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\kaligola\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml
FF Extension: Bulgarian Dictionary - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2011-03-29]
FF Extension: United States English Spellchecker - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2014-09-08]
FF Extension: DownloadHelper - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: Personas Plus - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\[email protected] [2014-09-08]
FF Extension: ImTranslator - C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-09-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-10-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-30]
FF HKLM-x32\...\Firefox\Extensions: [{829AD732-F3DB-4011-81C4-135F2FB05D8E}] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt
FF Extension: Wondershare AllMyTube - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt [2013-01-12]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{829AD732-F3DB-4011-81C4-135F2FB05D8E}] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.bg/"
CHR DefaultSearchKeyword: Default -> isearch.avg.com
CHR DefaultSearchProvider: Default -> AVG Secure Search
CHR DefaultSearchURL: Default -> https://isearch.avg.com/search?cid={34D11457-92FB-4847-B53A-9C21C6A8D60E}&mid=23e5976ec92047d08e3a59ab28147ab9-47df855eabc489a3c1ac6de06f2d3d5111ea9936&lang=en&ds=qw011&pr=sa&d=2012-07-26 16:01:41&v=12.1.0.21&sap=dsp&q={searchTerms}
CHR Profile: C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-07]
CHR Extension: (SiteTalk Social Shopping) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpolifdmdmcbcipolocmkpmjmcoegad [2013-04-29]
CHR Extension: (Wondershare AllMyTube) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij [2013-01-12]
CHR Extension: (Apple Shooter) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm [2011-12-07]
CHR Extension: (Alarm Clock Radio) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi [2011-12-07]
CHR Extension: (HDPlus-V1.9) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpnehokodklgijkcakcfmccgpanipfp [2014-07-17]
CHR Extension: (Angry Birds) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllkkflncainlmehooebdaodggehpknh [2011-12-12]
CHR Extension: (Google Wallet) - C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [ifllmjhoijmmhobcnjdhelmboobmenij] - C:\Program Files (x86)\Wondershare\AllMyTube\SVRChromePlugin.crx [2013-01-12]
CHR StartMenuInternet: Google Chrome - C:\Users\kaligola\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CronService; C:\Program Files\Prey\platform\windows\cronsvc.exe [23552 2014-01-27] (Fork Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () [File not signed]
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2011-03-08] (Realtek Semiconductor.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 01:30 - 2014-09-10 01:31 - 00019317 _____ () C:\Users\kaligola\Downloads\FRST.txt
2014-09-10 01:30 - 2014-09-10 01:30 - 00000000 ____D () C:\FRST
2014-09-10 01:29 - 2014-09-10 01:29 - 02105344 _____ (Farbar) C:\Users\kaligola\Downloads\FRST64.exe
2014-09-07 23:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-07 23:28 - 2014-09-07 23:30 - 00000000 ____D () C:\AdwCleaner
2014-09-07 23:28 - 2014-09-07 23:28 - 01370467 _____ () C:\Users\kaligola\Downloads\adwcleaner_3.309.exe
2014-09-07 22:24 - 2014-09-10 01:24 - 00000616 _____ () C:\Windows\setupact.log
2014-09-07 22:24 - 2014-09-07 22:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-07 22:15 - 2014-09-07 22:15 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-06 09:26 - 2014-09-09 15:40 - 00000000 ____D () C:\Users\kaligola\Desktop\New folder
2014-08-29 19:52 - 2014-08-23 05:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 19:52 - 2014-08-23 04:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 19:52 - 2014-08-23 03:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 18:53 - 2014-07-01 01:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-21 18:53 - 2014-07-01 01:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-21 18:53 - 2014-06-06 09:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-21 18:53 - 2014-06-06 09:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-21 18:53 - 2014-03-10 00:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-21 18:53 - 2014-03-10 00:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-21 18:53 - 2014-03-10 00:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-21 18:53 - 2014-03-10 00:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-20 20:07 - 2014-07-16 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-20 20:07 - 2014-07-16 05:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-20 20:06 - 2014-08-01 02:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-20 20:06 - 2014-07-25 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-20 20:06 - 2014-07-25 16:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-20 20:06 - 2014-07-25 16:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-20 20:06 - 2014-07-25 16:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-20 20:06 - 2014-07-25 15:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-20 20:06 - 2014-07-25 15:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-20 20:06 - 2014-07-25 15:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-20 20:06 - 2014-07-25 15:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-20 20:06 - 2014-07-25 15:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-20 20:06 - 2014-07-25 14:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-20 20:06 - 2014-07-25 14:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-20 20:06 - 2014-07-25 14:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-20 20:06 - 2014-07-25 14:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-20 20:06 - 2014-07-25 14:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-20 20:06 - 2014-07-25 13:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-20 20:06 - 2014-06-25 05:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-20 20:06 - 2014-06-25 04:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-20 20:06 - 2014-06-16 05:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-20 20:06 - 2014-06-03 13:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-20 20:06 - 2014-06-03 13:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-20 20:06 - 2014-06-03 13:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-20 20:06 - 2014-06-03 13:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-20 20:06 - 2014-06-03 12:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-20 20:06 - 2014-06-03 12:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-20 20:06 - 2014-06-03 12:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-20 20:05 - 2014-08-07 05:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-20 20:05 - 2014-08-07 05:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-20 20:05 - 2014-08-01 02:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-20 20:05 - 2014-07-25 17:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-20 20:05 - 2014-07-25 17:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-20 20:05 - 2014-07-25 16:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-20 20:05 - 2014-07-25 16:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-20 20:05 - 2014-07-25 16:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-20 20:05 - 2014-07-25 16:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-20 20:05 - 2014-07-25 16:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-20 20:05 - 2014-07-25 16:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-20 20:05 - 2014-07-25 16:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-20 20:05 - 2014-07-25 16:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-20 20:05 - 2014-07-25 16:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-20 20:05 - 2014-07-25 15:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-20 20:05 - 2014-07-25 15:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-20 20:05 - 2014-07-25 15:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-20 20:05 - 2014-07-25 15:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-20 20:05 - 2014-07-25 15:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-20 20:05 - 2014-07-25 15:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-20 20:05 - 2014-07-25 15:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-20 20:05 - 2014-07-25 15:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-20 20:05 - 2014-07-25 15:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-20 20:05 - 2014-07-25 15:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-20 20:05 - 2014-07-25 15:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-20 20:05 - 2014-07-25 15:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-20 20:05 - 2014-07-25 15:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-20 20:05 - 2014-07-25 15:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-20 20:05 - 2014-07-25 14:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-20 20:05 - 2014-07-25 14:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-20 20:05 - 2014-07-25 14:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-20 20:05 - 2014-07-25 14:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-20 20:05 - 2014-07-25 14:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-20 20:05 - 2014-07-25 14:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-20 20:05 - 2014-07-25 14:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-20 20:05 - 2014-07-25 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-20 20:05 - 2014-07-25 14:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-20 20:05 - 2014-07-25 13:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-20 20:05 - 2014-07-25 13:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-20 20:05 - 2014-07-25 13:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-20 20:05 - 2014-07-25 13:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-20 20:05 - 2014-07-25 13:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-20 20:05 - 2014-07-14 05:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-20 20:05 - 2014-07-14 04:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 01:31 - 2014-09-10 01:30 - 00019317 _____ () C:\Users\kaligola\Downloads\FRST.txt
2014-09-10 01:30 - 2014-09-10 01:30 - 00000000 ____D () C:\FRST
2014-09-10 01:30 - 2012-04-17 00:48 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\BitTorrent
2014-09-10 01:30 - 2011-03-16 23:23 - 19147776 ___SH () C:\Users\kaligola\Desktop\Thumbs.db
2014-09-10 01:29 - 2014-09-10 01:29 - 02105344 _____ (Farbar) C:\Users\kaligola\Downloads\FRST64.exe
2014-09-10 01:27 - 2011-01-05 05:33 - 01070528 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 01:27 - 2011-01-04 20:06 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{206A648D-8121-4F5A-ACD5-251A124B9C77}
2014-09-10 01:25 - 2013-11-01 22:11 - 00000000 ___RD () C:\Users\kaligola\Dropbox
2014-09-10 01:25 - 2013-11-01 22:07 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Dropbox
2014-09-10 01:25 - 2012-01-20 18:38 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-09-10 01:25 - 2011-02-20 14:30 - 00643841 _____ () C:\Windows\AutoKMS.log
2014-09-10 01:25 - 2011-02-19 23:04 - 00000206 _____ () C:\Windows\Tasks\AutoKMS.job
2014-09-10 01:24 - 2014-09-07 22:24 - 00000616 _____ () C:\Windows\setupact.log
2014-09-10 01:24 - 2011-03-16 18:22 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-10 01:24 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-09 22:49 - 2011-01-04 21:17 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Skype
2014-09-09 16:13 - 2012-11-29 00:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 15:54 - 2011-12-07 16:22 - 00001020 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1790302233-785394025-1556043580-1000UA.job
2014-09-09 15:40 - 2014-09-06 09:26 - 00000000 ____D () C:\Users\kaligola\Desktop\New folder
2014-09-09 15:38 - 2009-07-14 07:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 15:38 - 2009-07-14 07:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-07 23:35 - 2011-01-04 21:00 - 00162486 _____ () C:\Windows\PFRO.log
2014-09-07 23:32 - 2014-07-14 12:23 - 00001462 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-7.job
2014-09-07 23:30 - 2014-09-07 23:28 - 00000000 ____D () C:\AdwCleaner
2014-09-07 23:28 - 2014-09-07 23:28 - 01370467 _____ () C:\Users\kaligola\Downloads\adwcleaner_3.309.exe
2014-09-07 22:55 - 2014-07-14 12:23 - 00003798 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-11.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00002206 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-4.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00001532 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-6.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00001532 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-1.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00001446 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5_user.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00001428 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5.job
2014-09-07 22:55 - 2014-07-14 12:23 - 00001336 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-2.job
2014-09-07 22:55 - 2014-07-14 12:22 - 00002428 _____ () C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-3.job
2014-09-07 22:55 - 2014-07-14 12:22 - 00000910 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-09-07 22:52 - 2011-01-04 19:53 - 00000000 ____D () C:\Program Files\ESET
2014-09-07 22:24 - 2014-09-07 22:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-07 22:24 - 2012-04-27 21:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-07 22:22 - 2011-01-04 23:42 - 00000000 ____D () C:\Windows\Minidump
2014-09-07 22:15 - 2014-09-07 22:15 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-07 22:15 - 2012-10-30 23:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-07 22:15 - 2011-03-26 23:04 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-07 22:15 - 2011-01-04 20:08 - 00000000 ____D () C:\Users\kaligola\AppData\Local\Mozilla
2014-09-07 22:11 - 2011-11-18 00:35 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2014-09-07 22:07 - 2011-05-26 21:03 - 00000000 ____D () C:\Program Files (x86)\InhatchTeam
2014-09-07 22:06 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\Help
2014-09-07 22:05 - 2013-11-12 00:17 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-09-06 18:28 - 2014-07-14 12:23 - 00000914 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-09-06 16:54 - 2011-12-07 16:22 - 00000968 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1790302233-785394025-1556043580-1000Core.job
2014-08-30 20:07 - 2013-04-19 18:23 - 00001388 _____ () C:\Windows\SysWOW64\bash.exe.stackdump
2014-08-30 09:27 - 2009-07-14 07:45 - 00406480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 05:07 - 2014-08-29 19:52 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 04:45 - 2014-08-29 19:52 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 03:59 - 2014-08-29 19:52 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 21:07 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache
2014-08-21 19:35 - 2011-01-04 21:16 - 00000000 ____D () C:\ProgramData\Skype
2014-08-21 19:32 - 2011-01-04 19:46 - 00000000 ___RD () C:\Users\kaligola\Virtual Machines
2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-08-21 19:28 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-21 19:05 - 2013-08-10 12:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-21 19:01 - 2011-01-05 00:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-21 18:59 - 2011-01-05 18:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-21 18:52 - 2014-04-23 10:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-20 19:54 - 2013-11-01 22:11 - 00001029 _____ () C:\Users\kaligola\Desktop\Dropbox.lnk
2014-08-20 19:54 - 2013-11-01 22:09 - 00000000 ____D () C:\Users\kaligola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
Some content of TEMP:
====================
C:\Users\kaligola\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfgaub_.dll
C:\Users\kaligola\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 09:57
 
==================== End Of Log ============================

153772-albums14-picture187t.gif Моля следвайте стъпките на темата Системата ми е инфектирана - Какво да правя сега? за да анализираме системата и да видим за какво става въпрос..!Благодаря..! :)

Понеже не съм сигурен, че съм копирал правилно съдържанието на FIRST.txt, ще го прикача към този отговор, дано не е проблем :)

FRST.txt


Линк към коментара
Сподели в други сайтове

Здравейте..!
 
icon13.gif Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система
 
 
GUZVCQN.jpg  Моля, изтеглете Malwarebytes Anti -Malware и го запомнете на вашия работен плот .
  Кликнете два пъти върху mbam-setup-consumer-2.0.0.1хххх.exe и следвайте инструкциите, за да инсталирате програмата .

 

 

  • В секцията Settings = > Detection and Protection => Detection Options, се поставя отметка в квадратчето 'Scan for rootkits'.

 

  • MBAMsettings.JPG

 

  • В главния прозорец на програмата , щракнете върху 'Update Now'
  • След актуализацията завърши, кликнете на бутона " 'Scan Now  " .
  • Ако има налична актуализация , щракнете върху бутона Update Now button .
  • Ще стартира Threat Scan.
  • Когато сканирането приключи, ако има някакви открити зарази , щракнете върху Apply Actions за да се позволи на Mbam да почисти засеченото. .

 

MBAMReboot.JPG

  •   След рестарта ,стартирайте Mbam още веднъж.
  •   Кликнете на History tab > Application Logs .
  •   Кликнете два пъти върху реда , който показва датата и часа на сканирането или View Detailed Log .
  •   Кликнете върху " Copy да Clipboard "
  • MBAMLog.JPG

 

  •   Поставете  съдържанието на клипборда в следващия си  отговор.
Линк към коментара
Сподели в други сайтове

Здравейте :), прикачам файлът според инструкциите. Благодаря :)


Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11.9.2014 г.
Scan Time: 01:08:36 ч.
Logfile: Mbamexportlog.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.10.10
Rootkit Database: v2014.09.10.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: kaligola
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355661
Time Elapsed: 19 min, 23 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Keylogger, C:\Program Files\csmk\nvsvc16.exe, 3512, Delete-on-Reboot, [31cfa844e39845f1e53e3f19ed13f010]
 
Modules: 9
PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 
PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 
PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 
PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 
PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 
PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 
PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 
PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 
PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 
 
Registry Keys: 1
PUP.Optional.HDPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HDPlus-V1.9, Quarantined, [2ed24e9edc9fbd79aa32a4c0b54fa858], 
 
Registry Values: 1
PUP.Keylogger, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nvsvc16, C:\Program Files\csmk\nvsvc16.exe, Quarantined, [31cfa844e39845f1e53e3f19ed13f010]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
Fake.Dropped.Malware, C:\Program Files (x86)\Sysmnt, Quarantined, [39c7a745c2b9ca6cc36dad17c042b749], 
 
Files: 21
PUP.Keylogger, C:\Program Files\csmk\MyHook.dll, Delete-on-Reboot, [a15f5c90a8d333030322a8b0a55bc23e], 
PUP.Keylogger, C:\Program Files\csmk\nvsvc16.exe, Delete-on-Reboot, [31cfa844e39845f1e53e3f19ed13f010], 
PUP.Keylogger, C:\Program Files\csmk\Myss.exe, Quarantined, [4fb147a51b60cf67091be771ea16b947], 
Trojan.Agent.CK, C:\Program Files\ESET\TNod-1.4.1-Final-r2-Portable.rar, Quarantined, [7b85fbf117649f9719162adf3fc6b34d], 
Riskware.Keygen, C:\Windows\AutoKMS.exe, Quarantined, [5aa68864fd7eb680fc0f6455c33d23dd], 
Worm.Sohanad, C:\Windows\SysWOW64\ijl11pro.DLL, Quarantined, [0bf5bd2fe794df571ea0c1bafc07cb35], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-1.job, Quarantined, [f20e6785b6c564d295b2dc88b94b827e], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-11.job, Quarantined, [0ff166866d0e65d11136f37111f3649c], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-2.job, Quarantined, [ec14be2e4e2d87af49fe2e36c44030d0], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-3.job, Quarantined, [ee12ac404833de58ae99283c4bb92ed2], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-4.job, Quarantined, [38c8af3de398e84e7dca1153ec18fb05], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5.job, Quarantined, [1ae66d7ffb8085b1c384baaae222b64a], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5_user.job, Quarantined, [7f81b7355c1f3501b493b9ab14f031cf], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-6.job, Quarantined, [43bd57952c4f7abc83c4550fd92b22de], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-7.job, Quarantined, [ad5383697dfef4423d0a80e44cb825db], 
Fake.Dropped.Malware, C:\Program Files (x86)\Sysmnt\faq.url, Quarantined, [39c7a745c2b9ca6cc36dad17c042b749], 
Fake.Dropped.Malware, C:\Program Files (x86)\Sysmnt\help.chm, Quarantined, [39c7a745c2b9ca6cc36dad17c042b749], 
Fake.Dropped.Malware, C:\Program Files (x86)\Sysmnt\license.txt, Quarantined, [39c7a745c2b9ca6cc36dad17c042b749], 
Fake.Dropped.Malware, C:\Program Files (x86)\Sysmnt\unins000.dat, Quarantined, [39c7a745c2b9ca6cc36dad17c042b749], 
Fake.Dropped.Malware, C:\Program Files (x86)\Sysmnt\unins000.exe, Quarantined, [39c7a745c2b9ca6cc36dad17c042b749], 
Fake.Dropped.Malware, C:\Program Files (x86)\Sysmnt\website.url, Quarantined, [39c7a745c2b9ca6cc36dad17c042b749], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Fixlog.txt

Линк към коментара
Сподели в други сайтове

Здравейте..!Има ли промяна след процедурите до тук..?
 
2lsf8k9.pngМоля, изтеглете и стартирайте програмата AdwCleaner(by Xplode):

    • Затворете всички стартирани програми и браузъри
    • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
    • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
    • Маркирайте Clean
    • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
    • Моля, да публикувате съдържанието на този лог в отговора си
    • Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

 
thisisujrt.gif Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

    mqdefault.jpg

 

 

Повторете сканирането с Farbar Recovery Scan Tool

 

qrazy508-240x140.jpg
 

 

  • Моля изтеглете Farbar Recovery Scan Tool и го запазете на десктопа.
  • Стартирайте файла FRST.exe.
  • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
  • Сложете всички отметки.
  • Натиснете бутона SCAN.
  • Ще се създадат два лог файл с името - FRST.txt и Addition.txt на десктопа.
  • Файлът FRST.txt копирайте в следващия си пост. Addition.txt прикачете в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).
Линк към коментара
Сподели в други сайтове

 

Здравейте..!Има ли промяна след процедурите до тук..?

 

2lsf8k9.pngМоля, изтеглете и стартирайте програмата AdwCleaner(by Xplode):

    • Затворете всички стартирани програми и браузъри
    • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
    • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
    • Маркирайте Clean
    • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
    • Моля, да публикувате съдържанието на този лог в отговора си
    • Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

 

thisisujrt.gif Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

    mqdefault.jpg

 

 

Повторете сканирането с Farbar Recovery Scan Tool

 

qrazy508-240x140.jpg

 

 

  • Моля изтеглете Farbar Recovery Scan Tool и го запазете на десктопа.
  • Стартирайте файла FRST.exe.
  • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
  • Сложете всички отметки.
  • Натиснете бутона SCAN.
  • Ще се създадат два лог файл с името - FRST.txt и Addition.txt на десктопа.
  • Файлът FRST.txt копирайте в следващия си пост. Addition.txt прикачете в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

 

Здравейте, първо искам да благодаря за всичко, което правите, за да решим проблема. Понеже попитахте дали има резултат, засега пак е така, пак бъгва всеки път щом стартирам браузър, но е задължително да е веднага. Сега в момента пиша този отговор и все още не е бъгнало, но  преди малко дори не можах да видя новите инструкции - бъгна докато напиша www.kaldata.com :(

 

Здравейте..!Има ли промяна след процедурите до тук..?

 

2lsf8k9.pngМоля, изтеглете и стартирайте програмата AdwCleaner(by Xplode):

    • Затворете всички стартирани програми и браузъри
    • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
    • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
    • Маркирайте Clean
    • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
    • Моля, да публикувате съдържанието на този лог в отговора си
    • Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

 

thisisujrt.gif Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

    mqdefault.jpg

 

 

Повторете сканирането с Farbar Recovery Scan Tool

 

qrazy508-240x140.jpg

 

 

  • Моля изтеглете Farbar Recovery Scan Tool и го запазете на десктопа.
  • Стартирайте файла FRST.exe.
  • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
  • Сложете всички отметки.
  • Натиснете бутона SCAN.
  • Ще се създадат два лог файл с името - FRST.txt и Addition.txt на десктопа.
  • Файлът FRST.txt копирайте в следващия си пост. Addition.txt прикачете в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

 

# AdwCleaner v3.309 - Report created 12/09/2014 at 00:50:32
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : kaligola - KALIGOLA-PC
# Running from : C:\Users\kaligola\Downloads\adwcleaner_3.309.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v32.0 (x86 bg)
 
[ File : C:\Users\kaligola\AppData\Roaming\Mozilla\Firefox\Profiles\kk65alrp.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\kaligola\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxps://isearch.avg.com/search?cid={34D11457-92FB-4847-B53A-9C21C6A8D60E}&mid=23e5976ec92047d08e3a59ab28147ab9-47df855eabc489a3c1ac6de06f2d3d5111ea9936&lang=en&ds=qw011&pr=sa&d=2012-07-26 16:01:41&v=12.1.0.21&sap=dsp&q={searchTerms}
Deleted [search Provider] : hxxps://isearch.avg.com/search?cid={34D11457-92FB-4847-B53A-9C21C6A8D60E}&mid=23e5976ec92047d08e3a59ab28147ab9-47df855eabc489a3c1ac6de06f2d3d5111ea9936&lang=en&ds=qw011&pr=sa&d=2012-07-26 16:01:41&v=12.1.0.21&sap=dsp&q={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [13320 octets] - [07/09/2014 23:28:40]
AdwCleaner[R1].txt - [1909 octets] - [10/09/2014 02:05:11]
AdwCleaner[R2].txt - [1183 octets] - [12/09/2014 00:49:10]
AdwCleaner[s0].txt - [13601 octets] - [07/09/2014 23:29:52]
AdwCleaner[s1].txt - [1989 octets] - [10/09/2014 02:10:57]
AdwCleaner[s2].txt - [1697 octets] - [12/09/2014 00:50:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1757 octets] ##########

Току що бъгна пак и сега пиша и прикачвам другите файлове в Safe Mode :(

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by kaligola on ЇҐв 12.09.2014 Ј. at  0:54:59,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1373BA72-5012-496E-9F72-7A426DCF78BB}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\kaligola\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\kaligola\AppData\Roaming\thinstall"
Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{066A61F2-BFEB-4ED6-96D5-DFEFE5988C2B}
Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{0983CDFE-E8C2-4A2C-9DCA-737274277CF2}
Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{168FE49B-95FD-447A-808C-68B70E7F25E2}
Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{16E87C93-A95B-4928-A8A7-37E5722D7190}
Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{19030838-865D-4E17-8483-13EA84797843}
Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{32DABE37-6F08-4F7F-9977-810B3FF512A3}
Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{53E8B2B0-CB46-4E9E-BEC0-2BB98C88C992}
Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{5D1A88B2-BA7C-4E8D-9716-DFF85B5357FA}
Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{64B30A5B-714B-4E0A-A204-5BAB266CFAFF}
Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{6896D310-B9FB-4DF7-9030-2FBB6964E38B}
Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{739038F1-28D9-4B6E-9521-08692F1321AB}
Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{85971F7B-A43E-42F8-8EC6-F76F8DF1F715}
Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{88AD9743-F127-4719-B20B-4DEE323A27D4}
Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{A6CC1440-6537-4B99-BF92-DE0D6B3AF53A}
Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{BD57EEB3-9295-48C3-9CEE-57ED0CD0590F}
Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{E4A16C98-F6A1-47FB-8B66-4AF3EECDA114}
Successfully deleted: [Empty Folder] C:\Users\kaligola\appdata\local\{F9D944C8-2108-4683-B1C2-65846BD1C112}
 
 
 
~~~ FireFox
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{829ad732-f3db-4011-81c4-135f2fb05d8e}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{829ad732-f3db-4011-81c4-135f2fb05d8e}
Emptied folder: C:\Users\kaligola\AppData\Roaming\mozilla\firefox\profiles\kk65alrp.default\minidumps [176 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\kaligola\appdata\local\Google\Chrome\User Data\Default\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ЇҐв 12.09.2014 Ј. at  1:07:16,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 
FIRST.txt
 
LastRegBack: 2014-09-06 09:57
 
==================== End Of Log ============================

Благодаря Ви отново, дано съм изпълнил правилно инструкциите. Лека вечер от мен, ще чакам следващите инструкции :)

Addition.txt

Линк към коментара
Сподели в други сайтове

icon1337952077.png Моля, изтеглете Farbar Service Scanner и я стартирайте.
 
 

  • Сложете всички отметки и натиснете бутона "Scan".
  • Ще се създаде лог файл с името (FSS.txt) в папката откъдето стартирате инструмента.
  • Прикачете лог файла в следващия си пост.

 
 
Изтеглете SystemLook (32-bit) или SystemLook (64-bit) и запазете програмата на десктопа.

  • Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
  • Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:

    :filefind
    *RivaTuner64*
    
    :folderfind
    *RivaTuner64*
    
    :regfind
    *RivaTuner64*
  • Кликнете на бутона Look, за да започне сканирането.
  • Когато сканирането завърши ще се отвори Notepad с резултата от
  • сканирането. После публикувайте лог файла в следващия си коментар.

 
 
icon1373991893.jpg
Освен това изтеглете Autoruns и

  • Стартирайте програмата;
  • Изберете Options => Filter Options => сложете отметки пред Verify Code Signature и Hide Microsoft Entries;
  • От менюто File -> Refresh;
  • От менюто File -> Save...;
  • Запазете файла някъде с желано от вас име (във формат arn), архивирайте го с програма по желание в zip формат и го прикачете към темата.
     
Линк към коментара
Сподели в други сайтове

 

icon1337952077.png Моля, изтеглете Farbar Service Scanner и я стартирайте.

 

 

  • Сложете всички отметки и натиснете бутона "Scan".
  • Ще се създаде лог файл с името (FSS.txt) в папката откъдето стартирате инструмента.
  • Прикачете лог файла в следващия си пост.

 

 

Изтеглете SystemLook (32-bit) или SystemLook (64-bit) и запазете програмата на десктопа.

  • Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
  • Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:

    :filefind
    *RivaTuner64*
    
    :folderfind
    *RivaTuner64*
    
    :regfind
    *RivaTuner64*
  • Кликнете на бутона Look, за да започне сканирането.
  • Когато сканирането завърши ще се отвори Notepad с резултата от
  • сканирането. После публикувайте лог файла в следващия си коментар.

 

 

icon1373991893.jpg

Освен това изтеглете Autoruns и

  • Стартирайте програмата;
  • Изберете Options => Filter Options => сложете отметки пред Verify Code Signature и Hide Microsoft Entries;
  • От менюто File -> Refresh;
  • От менюто File -> Save...;
  • Запазете файла някъде с желано от вас име (във формат arn), архивирайте го с програма по желание в zip формат и го прикачете към темата.

     

 

Здравейте и благодаря за усилията отново :)

 

SystemLook 30.07.11 by jpshortstuff
Log created at 01:20 on 13/09/2014 by kaligola
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*RivaTuner64*"
No files found.
 
========== folderfind ==========
 
Searching for "*RivaTuner64*"
No folders found.
 
========== regfind ==========
 
Searching for "*RivaTuner64*"
No data found.
 
-= EOF =-

FSS.txt

AutoRuns.zip

Линк към коментара
Сподели в други сайтове

Да, проблемът ви определено не се дължи на зловреден характер..!Ще ви по-късно сега имам лични ангажименти...Поздрави..! :)

Линк към коментара
Сподели в други сайтове

Здравейте..!Прочетете този пост и следвайте начина по който е обяснил колегата, за да си проверите всички драйвери и  е респективно да ги обновите.

Линк към коментара
Сподели в други сайтове

+

 

i_arrow-r.gif Изтеглете ComboFix combofix.gif от тук и го запазете на десктопа си.
How to use ComboFix
icon_exclaim.gif Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.
Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to disable your security applications by amateur
icon_arrow.gif Стартирайте Combo-Fix.com combofix.gif и следвайте инструкциите.
Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:ComboFix.txt в следващия Ви коментар в тази тема.
i_exclaim.gif Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

Линк към коментара
Сподели в други сайтове

Здравейте..!Поради липса на комуникация с автора на темата ,тя се приключва...Ако имате все още нужда от помоща ни....пишете..! :)

Линк към коментара
Сподели в други сайтове

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от stef000
      Здравейте. Тези съобщения (от снимките) се отварят (всеки път) при пускането на services.msc. Системата е инсталирана преди няколко месеца и е използвана предимно за интернет. Не ми е създавала проблеми. Също така сканирах с няколко програми включително Malwarebyates и KVRT и всичко излиза чисто!
       


      Addition.txt FRST.txt
    • от [email protected]
      Днес си пускам компютъра и ми прави впечатление, че зарежда бавно някой страници а други като например калдата изобщо не зарежда, реших че може да е вирус и се опитах да пусна он лайн скенера на ESET, обаче казва, че не може да зареди базата със сигнатурите. Опитах да дръпна някаква антивирусна от нета и навсякъде нямам достъп. Гледам, че и Уиндоус ъпдейтите са недосръпни. Другото което прави впечатление, че Дефендъра е недостъпен, като кликна на Уиндоус сикюрите прозореца е празен. Като го пуснах някакси гледам че сканира офлайн. Какво мога да направя като не мога да сваля антивирусна ? И нещо друго ако Тубата работи нормално и влизам в др. форуми например, няма как да е от нета?
    • от サムライオートバイ
      Последните няколко дни се интересувах малко от chia и как мога да копам/фармя тази нова валута и посещавах редица сайтове свързани с темата и pool фарминга. На няколко пъти ми пропещяваше антивирусната, но не й обръщах внимание. Предполагам че от там съм лепнал някоя зараза. Ако има значение интернета на PC-то идва от стар андроид телефон с операционна система андроид 8 и хотспот. 

      Addition.txt
      Дава ми: За съжаление при качването на този файл възникна неизвестна грешка в сървъра.
      (Error code: -200)    когато се пробвам да кача Frst.txt FRST.txt
    • от The_Nomad
      Здравейте,
      имах неблагоразумието да кликна на един от модерните линкове, дето разпращат във фейса, като мислех че Касперски ще го спре, но съм забравил че е изключен за малко 😁 Отвори се празна страница и седеше бяла. После включих Касперски и кликнах пак, като този път страницата беше блокирана. Съмнява ме, да не са източили пароли от Операта или нещо друго. В стартъпа нямам нови процеси. Прикачам логовете и снимка от Касперски, ще съм благодарен за помощ. (САМО ДА СПОМЕНА ЧЕ ЪПДЕЙТИТЕ НА УИН СА ИЗКЛЮЧЕНИ НАРОЧНО ОТ МЕН)
      FRST.txtAddition.txt

    • от StikiNetBG
      Здравейте,
      Наложи се да преинсталирам Windows-а си тъй като се получиха многожество проблеми. Установих че причината за това е някакъв wrui вирус, които добавя своето файлово разширение към всеки файл. За съжаление след това файловете не се отварят. Или може би са криптирани по някакъв начин.
      https://geeksadvice.com/remove-wrui-ransomware-virus/ - за този вирус става дума. Посочва се че с програмата RESTORO могат да се възстановят файловете.
      Изтеглих RESTORO, но за неговата пълна функционалност се изисква някакъв лицензен ключ.
       
      Въпроса ми е по какъв начин мога да възстановя отново файловете си. Имам много важни документи които са важни за моята работа.
  • Дарение

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване