Премини към съдържанието
От 1-ви септември 2021 г., вход във форумите ще е възможен само с имейл адрес вместо потребителско име. Ако не помните имейла с който сте се регистрирали, вижте го в настройките на профила си. ×
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Вируси в системата ми.Моля за помощ.


Препоръчан отговор


Купих си лаптопа преди около 4 години от тогава до сега съм с антивирусната на аваст . До сега никога не съм имал проблеми с нея както и с лаптопа ми като цяло, но това беше до преди месец . Преди месец антивирусната ме уведомяваше, че има вирус в компютъра ми и по точно беше някакъв троянец, сканирах компютъра и да имах 13 заразени файла. Изчистих ги и всичко беше по старо му няколко дни, но след това стана още по зле през 2/3 минути антивирусната започна да ме уведомява че имам заразени файлове, засечени мауери и какво ли още не. Сканирах отново компютъра, но този път нито един заразен файл, а антивирусната продължаваше постоянно да ме информира, а като сканирам нищо и не знам как да махна тези вируси. За толкова години тази антивирусна не ми е правила никакви проблеми, дайте съвет какво да правя и на някой от вас случвало ли се е ? Благодарско предварително :)

Линк към коментара
Сподели в други сайтове

Съвета веднага ти го давам. Посети тази тема и спазвай стъпките там, за да могат колегите от HJT Team да ти помогнат

Линк към коментара
Сподели в други сайтове

welcome.gif Здравейте и добре дошли във  форума..! :)
 



2.3 Заглавието на темата трябва да е ясно и точно, да не е съставено единствено от главни букви и да описва максимално съдържанието на самата тема. Теми със заглавия от една дума или от рода на "Помощ!", "Имам проблем", "Спешно" и т.н. се изтриват без предупреждение.

 
Моля, коригирайте си заглавието на темата..! Благодаря ..! :)
 
Та на въпроса...За да анализираме системата ви и да се опитаме да разберем какъв е проблема  е нужно да прочетете темата Системата ми е инфектирана - Какво да правя сега?  Да направите необходимите сканирания и дневниците FRST.txt да копирате в следващия си пост, а Addition.txt  да прикачите в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

Линк към коментара
Сподели в други сайтове

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014
Ran by Daniela (administrator) on DANIELA-PC on 21-09-2014 10:09:36
Running from C:\Users\Daniela\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Български (България)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
() C:\Program Files (x86)\HomeTab\WBrokerHandler.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\HomeTab\WSearchDefender.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [30208 2005-12-07] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [49152 2006-05-18] ()
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2011-12-12] (PC Tools)
HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [unlockerAssistant] => "E:\Нова папка\Unlocker\UnlockerAssistant.exe" -H
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "E:\hamachi-2-ui.exe" --auto-start
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1332179869-1056899932-3864764390-1000\...\Run: [GoogleChromeAutoLaunch_3DE63956E2201FD427025F5C0956CFCB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)
HKU\S-1-5-21-1332179869-1056899932-3864764390-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [969104 2012-12-13] (BitTorrent, Inc.)
HKU\S-1-5-21-1332179869-1056899932-3864764390-1000\...\Run: [speedItupFree] => "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
HKU\S-1-5-21-1332179869-1056899932-3864764390-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1332179869-1056899932-3864764390-1000\...\MountPoints2: {7c92020e-1821-11e1-acc2-1c75083e0ce8} - G:\Autorun.exe
HKU\S-1-5-21-1332179869-1056899932-3864764390-1000\...\Winlogon: [shell] "C:\ProgramData\Windows Services\wservice.exe",explorer.exe <==== ATTENTION 
AppInit_DLLs-x32: c:\progra~2\sw-boo~1\assist~1.dll => "c:\progra~2\sw-boo~1\assist~1.dll" File Not Found
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1409317299&from=adks&uid=ST9500325AS_6VEGBS27XXXX6VEGBS27
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1409317299&from=adks&uid=ST9500325AS_6VEGBS27XXXX6VEGBS27
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1409317299&from=adks&uid=ST9500325AS_6VEGBS27XXXX6VEGBS27
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
URLSearchHook: HKLM-x32 - Default Value = {3B81079D-2AC9-425f-A494-A1C7D93AFA3C}
URLSearchHook: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - GagetBox - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
URLSearchHook: HKCU - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1409317299&from=adks&uid=ST9500325AS_6VEGBS27XXXX6VEGBS27&q={searchTerms}
SearchScopes: HKLM-x32 - %SearchDefender_IESearchEngineGuid% URL = http://search.gboxapp.com/?q={searchTerms}
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - %SearchDefender_IESearchEngineGuid% URL = http://search.gboxapp.com/?q={searchTerms}
SearchScopes: HKCU - {0170B447-E7C0-48D8-92E9-047C0A3847AD} URL = http://search.softonic.com/MON00006/tb_v1?q={searchTerms}&SearchSource=4&cc=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=119294&babsrc=SP_ss_gin2g&mntrId=98FD1C659D75299F
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = 
SearchScopes: HKCU - {C66E5937-5DBA-4D6E-ACC9-C96D77588AC2} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8ljT4hdv&i=26
BHO: Complitly -> {0FB6A909-6086-458F-BD92-1F8EE10042A0} -> C:\Users\Daniela\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
BHO: Apps Hat -> {11111111-1111-1111-1111-110411851159} -> C:\Program Files (x86)\Apps Hat\Apps Hat-bho64.dll No File
BHO: prIcechOOp -> {1f37861d-6083-4d42-b07c-fbae43d94104} -> C:\Program Files (x86)\prIcechOOp\LdG8Oi0EVxoqOJ.x64.dll No File
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: HomeTab -> {9fdfb66c-713b-4201-83a6-5b78ae227b41} -> C:\Program Files\HomeTab\IE\HomeTab.dll (Simply Tech LTD.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: YoutubeAaDBluOOcke -> {d9c2f5c2-ac9d-40c2-b87c-fb54a624adc4} -> C:\Program Files (x86)\YoutubeAaDBluOOcke\oOiJM0TNeOsk0Q.x64.dll ()
BHO-x32: MyWebSearch Search Assistant BHO -> {00A6FAF1-072E-44cf-8957-5838F569A31D} -> C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL No File
BHO-x32: Yahoo! Toolbar Helper -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll No File
BHO-x32: mwsBar BHO -> {07B18EA1-A523-4961-B6BB-170DE4475CCA} -> C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll No File
BHO-x32: Complitly -> {0FB6A909-6086-458F-BD92-1F8EE10042A0} -> C:\Users\Daniela\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
BHO-x32: QuickStores-Toolbar -> {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Apps Hat -> {11111111-1111-1111-1111-110411851159} -> C:\Program Files (x86)\Apps Hat\Apps Hat-bho.dll No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll No File
BHO-x32: prIcechOOp -> {1f37861d-6083-4d42-b07c-fbae43d94104} -> C:\Program Files (x86)\prIcechOOp\LdG8Oi0EVxoqOJ.dll No File
BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll No File
BHO-x32: TBSB01620 Class -> {58124A0B-DC32-4180-9BFF-E0E21AE34026} -> C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
BHO-x32: uTorrentControl2 Toolbar -> {687578b9-7132-4a7a-80e4-30ee31099e03} -> C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: Incredibar.com Helper Object -> {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} -> C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll No File
BHO-x32: TheBflix Class -> {817987DC-F550-4F3C-8F71-524D9618D158} -> C:\ProgramData\TheBflix\bhoclass.dll No File
BHO-x32: CertifiedToolbar -> {8d3ec233-b92d-4187-a506-284127cfba2d} -> C:\Users\Daniela\AppData\Roaming\CertifiedToolbar\CertifiedToolbar.dll (Simplytech Ltd.)
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: HomeTab -> {9fdfb66c-713b-4201-83a6-5b78ae227b41} -> C:\Program Files (x86)\HomeTab\IE\HomeTab.dll (Simply Tech LTD.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
BHO-x32: YoutubeAaDBluOOcke -> {d9c2f5c2-ac9d-40c2-b87c-fb54a624adc4} -> C:\Program Files (x86)\YoutubeAaDBluOOcke\oOiJM0TNeOsk0Q.dll ()
BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO-x32: SMTTB2009 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\DealBulldog Toolbar Toolbar\tbcore3.dll ()
BHO-x32: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files (x86)\Yontoo\YontooIEClient.dll No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - HomeTab - {9fdfb66c-713b-4201-83a6-5b78ae227b41} - C:\Program Files\HomeTab\IE\HomeTab.dll (Simply Tech LTD.)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - DealBulldog Toolbar Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar Toolbar\tbcore3.dll ()
Toolbar: HKLM-x32 - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - GagetBox - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM-x32 - CertifiedToolbar - {8d3ec233-b92d-4187-a506-284127cfba2d} - C:\Users\Daniela\AppData\Roaming\CertifiedToolbar\CertifiedToolbar.dll (Simplytech Ltd.)
Toolbar: HKLM-x32 - HomeTab - {9fdfb66c-713b-4201-83a6-5b78ae227b41} - C:\Program Files (x86)\HomeTab\IE\HomeTab.dll (Simply Tech LTD.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll No File
Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {338B4DFE-2E2C-4338-9E41-E176D497299E} -  No File
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Web Search
FF SearchEngineOrder.1: Web Search
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Web Search
FF Homepage: about:home
FF Keyword.URL: hxxp://search.certified-toolbar.com?si=62606&tid=6533&ver=6.7&ts=1363721054992.000008&tguid=62606-6533-1377170197378-6933173D000EF9AADE22D705CE526BF9&st=chrome&q=
FF SearchEngineOrder.user_pref("browser.search.order.1S", "WebSearch");: user_pref("browser.search.order.1S", "WebSearch");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
FF Plugin-x32: @mywebsearch.com/Plugin -> C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\searchplugins\BabylonMngr.xml
FF SearchPlugin: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\searchplugins\GadgetBox.xml
FF SearchPlugin: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\searchplugins\search.xml
FF SearchPlugin: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\webssearches.xml
FF Extension: Apps Hat - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\[email protected]0afdf81a4.com [2014-05-17]
FF Extension: Bcool - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\[email protected] [2012-05-06]
FF Extension: Fast Start - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\[email protected] [2014-08-29]
FF Extension: Babylon - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\[email protected] [2011-11-26]
FF Extension: softonic.com - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\[email protected] [2012-06-14]
FF Extension: GadgetBox - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\[email protected] [2012-12-13]
FF Extension: TheBflix - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\[email protected] [2012-03-04]
FF Extension: My Web Search - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\[email protected] [2012-03-13]
FF Extension: Yontoo - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\[email protected] [2013-03-18]
FF Extension: No Name - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\staged [2014-09-05]
FF Extension: Complitly - Speed up your search with your personal search suggestions tool - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} [2013-03-19]
FF Extension: uTorrentControl2 Community Toolbar - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2014-05-17]
FF Extension: DealBulldog Toolbar Toolbar - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} [2012-07-09]
FF Extension: HomeTab - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\{9c72a7f0-9ced-4876-80b8-2cebdc068f07} [2014-09-14]
FF Extension: IMinent Toolbar - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012-08-10]
FF Extension: CertifiedToolbar - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\{dac70ad0-e58c-4d0b-9ac7-eee894ffb0fa} [2013-03-19]
FF Extension: GoPhotoIt - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\[email protected] [2012-07-31]
FF Extension: OneClickDownloader - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\[email protected] [2014-05-17]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF Extension: My Web Search - C:\Program Files (x86)\MyWebSearch\bar\1.bin [2012-03-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Iminent\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-10-12]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\extensions\[email protected]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://start.hometab.com/?1=1__PARAM__
CHR StartupUrls: Default -> "about:newtab?source=home", "hxxp://istart.webssearches.com/?type=hp&ts=1409317299&from=adks&uid=ST9500325AS_6VEGBS27XXXX6VEGBS27", "hxxp://websearch.flyandsearch.info/?pid=724&r=2014/09/05&hid=14138264460903633756&lg=EN&cc=BG"
CHR DefaultSearchKeyword: Default -> search.certified-toolbar.com_
CHR DefaultSearchProvider: Default -> Web Search
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoecfpbnohmjikjhpijcnonhhhlh [2013-09-16]
CHR Extension: (Google Документи) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-05]
CHR Extension: (Google Диск) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-05]
CHR Extension: (YouTube) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-05]
CHR Extension: (NewTab Connect Tab) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coljhboelhlkbgaaolcngflenaggpeao [2014-09-14]
CHR Extension: (Google Търсене) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-05]
CHR Extension: (Babylon Toolbar) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2013-09-16]
CHR Extension: (Complitly plugin for chrome) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda [2013-09-16]
CHR Extension: (Social Face) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehohhddamheegbbkabfgegbaeminghlb [2014-09-05]
CHR Extension: (Web Search) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcljdicbcnmfhekdcaobgbpjjifniemh [2014-09-14]
CHR Extension: (CertifiedToolbar) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjancchhkabckonnimkjhcjhnaopfob [2013-09-16]
CHR Extension: (avast! WebRep) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-09-16]
CHR Extension: (TheBflix) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\joifgdlkhokekeaenpkaehbnjhncglbh [2013-09-16]
CHR Extension: (NewTab Connect Homepage) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmedakdfngfmagjlndeckcbfcmidlbio [2014-09-14]
CHR Extension: (Bcool) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\kooahbpakahlhmhmcnndhooponcckcdm [2013-09-16]
CHR Extension: (priceChuopp) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndokkanodobajmfgoaphheihkkgopjkk [2014-09-05]
CHR Extension: (Google Wallet) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (uTorrentControl2) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2013-09-16]
CHR Extension: (Quick start) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-08-29]
CHR Extension: (GoPhoto.it) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2013-09-16]
CHR Extension: (Gmail) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-05]
CHR Extension: (priceChuopp) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndokkanodobajmfgoaphheihkkgopjkk\3.9 [2014-09-05]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Daniela\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKLM-x32\...\Chrome\Extension: [aaaapoecfpbnohmjikjhpijcnonhhhlh] - C:\Users\Daniela\AppData\Local\APN\GoogleCRXs\aaaapoecfpbnohmjikjhpijcnonhhhlh_7.17.0.0.crx [2012-11-14]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Daniela\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-06-27]
CHR HKLM-x32\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx [2013-03-19]
CHR HKLM-x32\...\Chrome\Extension: [fnjancchhkabckonnimkjhcjhnaopfob] - C:\Program Files (x86)\CertifiedToolbar\chrome\CertifiedToolbar.crx [2013-03-19]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2011-10-12]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2011-10-12]
CHR HKLM-x32\...\Chrome\Extension: [joifgdlkhokekeaenpkaehbnjhncglbh] - C:\ProgramData\TheBflix\joifgdlkhokekeaenpkaehbnjhncglbh.crx [2012-02-28]
CHR HKLM-x32\...\Chrome\Extension: [kooahbpakahlhmhmcnndhooponcckcdm] - C:\ProgramData\Bcool\kooahbpakahlhmhmcnndhooponcckcdm.crx [2012-05-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Daniela\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-08-29]
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx [2012-07-31]
CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files (x86)\1ClickDownload\oneclickdownloader10.crx [2012-07-31]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-08-29] (Cherished Technololgy LIMITED)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [204576 2014-06-18] (Microsoft)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [167936 2005-08-08] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-01-24] (SolidWorks) [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-08-29] (Fuyu LIMITED) [File not signed]
S4 Yontoo Desktop Updater; C:\Users\Daniela\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-14] (Yontoo LLC)
S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]
S2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [X]
S2 d0e87c27; "C:\Windows\system32\rundll32.exe" "c:\progra~2\sw-boo~1\AssistantSvc.dll",service
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Hamachi2Svc; E:\hamachi-2.exe -s [X]
S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [31344 2012-12-13] (Connectify)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-11-26] (DT Soft Ltd)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2012-04-16] (Windows ® Win 7 DDK provider)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 10:08 - 2014-09-21 10:09 - 00035679 _____ () C:\Users\Daniela\Downloads\Addition.txt
2014-09-21 10:06 - 2014-09-21 10:10 - 00040058 _____ () C:\Users\Daniela\Downloads\FRST.txt
2014-09-21 10:06 - 2014-09-21 10:09 - 00000000 ____D () C:\FRST
2014-09-21 10:04 - 2014-09-21 10:05 - 02105856 _____ (Farbar) C:\Users\Daniela\Downloads\FRST64.exe
2014-09-16 08:23 - 2014-09-16 08:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-05 16:50 - 2014-09-06 19:40 - 00000000 ____D () C:\Users\Daniela\Documents\NFS Most Wanted
2014-09-05 16:46 - 2014-09-05 16:46 - 00004923 _____ () C:\Users\Daniela\Downloads\Need_For_Speed__Most_Wanted_Crack-Fully_Worki
2014-09-05 16:46 - 2014-09-05 16:46 - 00003209 _____ () C:\Users\Daniela\Downloads\[kickass.to]need.for.speed.most.wanted.patch.for.windows.7.64.bit.torrent
2014-09-05 16:41 - 2014-09-06 22:17 - 00000000 ____D () C:\ProgramData\YoutubeAaDBluOOcke
2014-09-05 16:41 - 2014-09-05 16:42 - 00000000 ____D () C:\ProgramData\KeepAppIt Software
2014-09-05 16:40 - 2014-09-06 22:17 - 00000000 ____D () C:\ProgramData\prIcechOOp
2014-09-05 16:40 - 2014-09-05 16:41 - 00000000 ____D () C:\ProgramData\5534d603321f79eb
2014-09-05 16:40 - 2014-09-05 16:41 - 00000000 ____D () C:\Program Files (x86)\YoutubeAaDBluOOcke
2014-09-05 16:40 - 2014-09-05 16:40 - 00000426 __RSH () C:\ProgramData\ntuser.pol
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Guest
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Torch
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Comodo
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Chromatic Browser
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Administrator
2014-09-05 16:30 - 2014-09-05 16:30 - 00004923 _____ () C:\Users\Daniela\Downloads\Need_For_Speed__Most_Wanted_Crack-Fully_Working__.3427700.TPB.torrent
2014-09-05 15:49 - 2014-09-05 15:49 - 00011611 _____ () C:\Users\Daniela\Downloads\Need For Speed Most Wanted PC DVD.torrent
2014-09-04 13:34 - 2014-09-05 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA Vice City - Burn
2014-09-04 13:34 - 2014-09-04 13:34 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GTA Vice City - Burn
2014-09-04 12:54 - 2014-09-04 12:54 - 00000000 ____D () C:\Windows\GTA Vice City - Burn
2014-09-04 12:33 - 2014-09-04 12:33 - 00060342 _____ () C:\Users\Daniela\Downloads\GTA Vice City - Burn.torrent
2014-09-03 07:04 - 2014-09-03 07:04 - 00321536 _____ () C:\Users\Daniela\Downloads\kvota-3-za-rabotni-mesta-v-obshtinskite-administracii (1).xls
2014-09-02 16:15 - 2014-09-02 16:15 - 00273920 _____ () C:\Users\Daniela\Downloads\kvota-1-za-rabotni-mesta-v-centralnite-vedomstva.xls
2014-09-02 16:15 - 2014-09-02 16:15 - 00108032 _____ () C:\Users\Daniela\Downloads\kvota-2-za-rabotni-mesta-v-oblastnite-administracii.xls
2014-09-02 16:14 - 2014-09-02 16:14 - 00321536 _____ () C:\Users\Daniela\Downloads\kvota-3-za-rabotni-mesta-v-obshtinskite-administracii.xls
2014-09-02 14:32 - 2014-09-02 14:32 - 00001043 _____ () C:\Windows\NLSDownlevelMapping.log
2014-09-02 14:13 - 2014-09-02 14:13 - 00054191 _____ () C:\Users\Daniela\Downloads\City Car Driving v2.2.7 + Car Pack + Crack.torrent
2014-08-29 20:25 - 2014-08-29 20:25 - 00000000 ____D () C:\ProgramData\PC Optimizer Pro
2014-08-29 19:55 - 2014-08-29 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Display Offer
2014-08-29 19:55 - 2014-08-29 19:55 - 00000000 ____D () C:\Program Files (x86)\Display Offer
2014-08-29 16:04 - 2014-08-29 16:04 - 00004034 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-08-29 16:03 - 2014-09-01 10:22 - 00000000 ____D () C:\Program Files (x86)\SpeedItup Free
2014-08-29 16:03 - 2014-08-29 16:03 - 00000040 _____ () C:\ProgramData\spds90.txt
2014-08-29 16:02 - 2014-08-29 16:02 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-08-29 16:02 - 2014-08-29 16:02 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-08-26 15:35 - 2014-08-26 15:35 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\Softland
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 10:10 - 2014-09-21 10:06 - 00040058 _____ () C:\Users\Daniela\Downloads\FRST.txt
2014-09-21 10:09 - 2014-09-21 10:08 - 00035679 _____ () C:\Users\Daniela\Downloads\Addition.txt
2014-09-21 10:09 - 2014-09-21 10:06 - 00000000 ____D () C:\FRST
2014-09-21 10:05 - 2014-09-21 10:04 - 02105856 _____ (Farbar) C:\Users\Daniela\Downloads\FRST64.exe
2014-09-21 09:56 - 2011-10-12 09:52 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{72ADF9CF-5EA5-4B41-92E6-2774748BC0D3}
2014-09-21 09:36 - 2012-10-19 14:03 - 00000000 ____D () C:\Users\Daniela\Documents\Euro Truck Simulator 2
2014-09-21 09:27 - 2011-10-11 18:41 - 01997322 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 09:21 - 2012-10-07 11:26 - 00001000 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-21 09:09 - 2011-10-12 09:46 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\Skype
2014-09-21 09:08 - 2011-10-12 09:44 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\uTorrent
2014-09-21 08:55 - 2009-07-14 07:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-21 08:55 - 2009-07-14 07:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 08:47 - 2014-05-10 21:24 - 00026523 _____ () C:\Windows\setupact.log
2014-09-21 08:47 - 2012-10-07 11:26 - 00000996 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-21 08:47 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-20 20:35 - 2012-08-15 23:55 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-19 20:52 - 2014-08-16 23:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-09-19 20:50 - 2011-12-23 21:36 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-19 19:53 - 2009-07-14 08:13 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-16 08:23 - 2014-09-16 08:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 08:23 - 2014-08-16 08:59 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-16 08:23 - 2012-08-07 13:14 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-16 08:23 - 2011-10-12 09:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-16 08:23 - 2011-10-12 09:45 - 00000000 ____D () C:\ProgramData\Skype
2014-09-14 20:18 - 2013-08-22 14:16 - 00000000 ____D () C:\Program Files (x86)\HomeTab
2014-09-14 17:46 - 2013-12-09 21:18 - 00000000 ____D () C:\Windows\System32\Tasks\SystemSockets
2014-09-14 17:46 - 2013-08-22 14:16 - 00000000 ____D () C:\Windows\System32\Tasks\Browser Updater
2014-09-14 17:46 - 2013-03-19 22:24 - 00000000 ____D () C:\Windows\System32\Tasks\ProtectedSearch
2014-09-14 17:45 - 2014-02-05 17:24 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-14 17:45 - 2011-10-11 18:45 - 00001431 _____ () C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-14 17:45 - 2011-10-11 18:45 - 00001397 _____ () C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-11 22:36 - 2013-03-19 22:24 - 00034368 _____ () C:\Windows\Launcher.exe
2014-09-07 01:22 - 2012-07-29 22:16 - 00000000 ____D () C:\Program Files (x86)\FilesFrog Update Checker
2014-09-06 22:17 - 2014-09-05 16:41 - 00000000 ____D () C:\ProgramData\YoutubeAaDBluOOcke
2014-09-06 22:17 - 2014-09-05 16:40 - 00000000 ____D () C:\ProgramData\prIcechOOp
2014-09-06 22:17 - 2014-01-02 16:19 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\newnext.me
2014-09-06 22:17 - 2014-01-02 16:19 - 00000000 ____D () C:\Users\Daniela\AppData\Local\genienext
2014-09-06 19:40 - 2014-09-05 16:50 - 00000000 ____D () C:\Users\Daniela\Documents\NFS Most Wanted
2014-09-06 09:29 - 2014-05-11 11:42 - 00005414 _____ () C:\Windows\PFRO.log
2014-09-06 09:29 - 2013-07-06 14:19 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-05 16:46 - 2014-09-05 16:46 - 00004923 _____ () C:\Users\Daniela\Downloads\Need_For_Speed__Most_Wanted_Crack-Fully_Worki
2014-09-05 16:46 - 2014-09-05 16:46 - 00003209 _____ () C:\Users\Daniela\Downloads\[kickass.to]need.for.speed.most.wanted.patch.for.windows.7.64.bit.torrent
2014-09-05 16:42 - 2014-09-05 16:41 - 00000000 ____D () C:\ProgramData\KeepAppIt Software
2014-09-05 16:42 - 2012-02-28 19:44 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-05 16:41 - 2014-09-05 16:40 - 00000000 ____D () C:\ProgramData\5534d603321f79eb
2014-09-05 16:41 - 2014-09-05 16:40 - 00000000 ____D () C:\Program Files (x86)\YoutubeAaDBluOOcke
2014-09-05 16:40 - 2014-09-05 16:40 - 00000426 __RSH () C:\ProgramData\ntuser.pol
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Guest
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Torch
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Comodo
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Chromatic Browser
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Administrator
2014-09-05 16:40 - 2012-02-15 18:49 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Google
2014-09-05 16:40 - 2009-07-14 06:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-05 16:40 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-05 16:39 - 2014-01-02 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
2014-09-05 16:37 - 2013-12-11 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2014-09-05 16:33 - 2014-07-04 21:22 - 00026596 _____ () C:\Windows\DirectX.log
2014-09-05 16:30 - 2014-09-05 16:30 - 00004923 _____ () C:\Users\Daniela\Downloads\Need_For_Speed__Most_Wanted_Crack-Fully_Working__.3427700.TPB.torrent
2014-09-05 16:30 - 2011-11-26 14:52 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\DAEMON Tools Lite
2014-09-05 15:51 - 2014-09-04 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA Vice City - Burn
2014-09-05 15:49 - 2014-09-05 15:49 - 00011611 _____ () C:\Users\Daniela\Downloads\Need For Speed Most Wanted PC DVD.torrent
2014-09-04 13:34 - 2014-09-04 13:34 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GTA Vice City - Burn
2014-09-04 12:54 - 2014-09-04 12:54 - 00000000 ____D () C:\Windows\GTA Vice City - Burn
2014-09-04 12:33 - 2014-09-04 12:33 - 00060342 _____ () C:\Users\Daniela\Downloads\GTA Vice City - Burn.torrent
2014-09-03 17:44 - 2014-08-17 00:14 - 00000000 _____ () C:\Users\Daniela\AppData\Roaming\FileOut.cns
2014-09-03 17:44 - 2014-08-17 00:14 - 00000000 _____ () C:\Users\Daniela\AppData\Roaming\FileIn.cns
2014-09-03 07:04 - 2014-09-03 07:04 - 00321536 _____ () C:\Users\Daniela\Downloads\kvota-3-za-rabotni-mesta-v-obshtinskite-administracii (1).xls
2014-09-02 16:15 - 2014-09-02 16:15 - 00273920 _____ () C:\Users\Daniela\Downloads\kvota-1-za-rabotni-mesta-v-centralnite-vedomstva.xls
2014-09-02 16:15 - 2014-09-02 16:15 - 00108032 _____ () C:\Users\Daniela\Downloads\kvota-2-za-rabotni-mesta-v-oblastnite-administracii.xls
2014-09-02 16:14 - 2014-09-02 16:14 - 00321536 _____ () C:\Users\Daniela\Downloads\kvota-3-za-rabotni-mesta-v-obshtinskite-administracii.xls
2014-09-02 14:32 - 2014-09-02 14:32 - 00001043 _____ () C:\Windows\NLSDownlevelMapping.log
2014-09-02 14:30 - 2012-11-25 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forward Development
2014-09-02 14:13 - 2014-09-02 14:13 - 00054191 _____ () C:\Users\Daniela\Downloads\City Car Driving v2.2.7 + Car Pack + Crack.torrent
2014-09-01 10:22 - 2014-08-29 16:03 - 00000000 ____D () C:\Program Files (x86)\SpeedItup Free
2014-08-31 11:03 - 2014-02-01 15:39 - 00000000 ____D () C:\Program Files (x86)\Direct Video Downloader
2014-08-29 20:25 - 2014-08-29 20:25 - 00000000 ____D () C:\ProgramData\PC Optimizer Pro
2014-08-29 19:55 - 2014-08-29 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Display Offer
2014-08-29 19:55 - 2014-08-29 19:55 - 00000000 ____D () C:\Program Files (x86)\Display Offer
2014-08-29 16:20 - 2013-03-19 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Search
2014-08-29 16:05 - 2012-10-23 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2014-08-29 16:04 - 2014-08-29 16:04 - 00004034 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-08-29 16:03 - 2014-08-29 16:03 - 00000040 _____ () C:\ProgramData\spds90.txt
2014-08-29 16:02 - 2014-08-29 16:02 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-08-29 16:02 - 2014-08-29 16:02 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-08-28 22:43 - 2013-07-29 20:23 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-26 15:43 - 2014-08-16 09:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-26 15:36 - 2011-10-12 09:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-26 15:35 - 2014-08-26 15:35 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\Softland
 
Some content of TEMP:
====================
C:\Users\Daniela\AppData\Local\Temp\AutoRun.exe
C:\Users\Daniela\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Daniela\AppData\Local\Temp\bdfilters.dll
C:\Users\Daniela\AppData\Local\Temp\CloudBackup1412.exe
C:\Users\Daniela\AppData\Local\Temp\CloudBackup189.exe
C:\Users\Daniela\AppData\Local\Temp\DeltaTB.exe
C:\Users\Daniela\AppData\Local\Temp\EBU47D9.EXE
C:\Users\Daniela\AppData\Local\Temp\EBU4E5E.DLL
C:\Users\Daniela\AppData\Local\Temp\PCOptimizerProSetup_CMN_1.exe
C:\Users\Daniela\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Daniela\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Daniela\AppData\Local\Temp\sfextra.dll
C:\Users\Daniela\AppData\Local\Temp\tbu16FD.exe
C:\Users\Daniela\AppData\Local\Temp\tbu3024.exe
C:\Users\Daniela\AppData\Local\Temp\tbu6838.exe
C:\Users\Daniela\AppData\Local\Temp\tbu8075.exe
C:\Users\Daniela\AppData\Local\Temp\tbuCEF5.exe
C:\Users\Daniela\AppData\Local\Temp\tbuE82C.exe
C:\Users\Daniela\AppData\Local\Temp\Uninstall.exe
C:\Users\Daniela\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Daniela\AppData\Local\Temp\ycomp_setup_cclean.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-16 00:28
 
==================== End Of Log ============================

Ето :D

Addition.txt

Линк към коментара
Сподели в други сайтове

Да,системата ви е заразена и аз ще ви помогна да разчистим зловредния софтуер...!Като за начало деинсталирайте следния софтуер по стандартния метод:
 

1ClickDownloader (HKLM-x32\...\1ClickDownload) (Version: 2.7 Build 26473 - 1ClickDownload)
AppsHat Mobile Apps (HKCU\...\AppsHat Mobile Apps) (Version: 1.0.0.0 - Somoto Ltd.)
Babylon toolbar on IE (HKLM-x32\...\BabylonToolbar) (Version:  - BabylonToolbar)
BabylonObjectInstaller (HKLM-x32\...\{83AA2913-C123-4146-85BD-AD8F93971D39}) (Version: 2.0.0.3 - Babylon Ltd)
CertifiedToolbar 2.4 (HKLM-x32\...\{107c7af4-bcdb-4ba2-87d1-3cb1f7190dba}_is1) (Version: 2.4 - CertifiedToolbar)
Complitly (HKLM-x32\...\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1) (Version:  - Complitly)
DealBulldog Toolbar Toolbar (HKLM-x32\...\DealBulldog Toolbar Toolbar) (Version:  - )
FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version:  - )
GadgetBox (HKLM-x32\...\GadgetBox) (Version: 1.0 - GadgetBox)
GadgetBox Expansion (HKLM\...\{6D345027-25C7-43C1-A12A-6DE5B6D772D1}) (Version: 1.0 - )
GoforFiles (HKCU\...\GoforFiles) (Version: 1.7.1 - http://www.goforfiles.com/)
HomeTab 6.8 (HKLM-x32\...\{f8c77e88-ecbf-40f9-8e8b-fb0da19c6553}_is1) (Version: 6.8 - One Floor App)
IMinent Toolbar (HKLM-x32\...\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}) (Version: 3.26.0 - IMinent)
LiveSupport (HKLM-x32\...\LiveSupport_is1) (Version: 1.2.7.0 - PC Utilities Software Limited)
Mobogenie (HKLM-x32\...\Mobogenie) (Version:  - Mobogenie.com)
My Web Search (Smiley Central) (HKLM-x32\...\MyWebSearch bar Uninstall) (Version:  - My Web Search)
prIcechOOp (HKLM-x32\...\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}) (Version: 4.2.0.1911 - pricechop)
Protected Search 1.1 (HKLM-x32\...\Protected Search_is1) (Version:  - Protected Search)
QuickStores-Toolbar 1.1.0 (HKLM-x32\...\QuickStores-Toolbar_is1) (Version: 1.1.0 - AB-Tools.com)
Search Assistant SoftQuick 1.66 (HKLM-x32\...\SP_a8235b05) (Version:  - )
SW-Booster (HKLM-x32\...\S-848366190) (Version: 3.2.0.1241 - PremiumSoft)
SweetIM for Messenger 3.6 (HKLM-x32\...\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}) (Version: 3.6.0008 - SweetIM Technologies Ltd.)
SweetPacks Toolbar for Internet Explorer 4.5 (HKLM-x32\...\{5B58EF61-85F2-4977-97A5-84C19F926579}) (Version: 4.5.0000 - SweetIM Technologies Ltd.)
SW-Sustainer 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}) (Version:  - Certified Publisher)
TheBflix (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}) (Version:  - TheBflix)
Update Manager for SweetPacks 1.0 (HKLM-x32\...\{FB697452-8CA4-46B4-98B1-165C922A2EF3}) (Version: 1.0.0005 - SweetIM Technologies Ltd.)
WindowsMangerProtect20.0.0.722 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.722 - WindowsProtect LIMITED)
Yontoo 2.05 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 2.05 - Yontoo LLC)

 
 

СТЪПКА 1:

 

2lsf8k9.pngМоля, изтеглете и стартирайте програмата AdwCleaner(by Xplode):
 
 

  • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Щракнете върху бутона Scan и изчакайте процесът да завърши.
  • Отбележете елемента (ите), които искате да запазите.
  • Маркирайте Clean и следвайте инструкциите.
  • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
  • Моля, да публикувате съдържанието на този лог в отговора си
  • Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

 

СТЪПКА 2:

 

 

 
thisisujrt.gif Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.
 

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

     

 

mqdefault.jpg
 
 

СТЪПКА 3:

 

 

 

Моля, изтеглете ZOEK (by Smeenk) и да го запишете на вашия работен плот
Временно деактивирайте вашата антивирусна и антишпионска защита - инструкции тук

  • Щракнете с десния бутон върху тази икона  51a612a8b27e2-Zoek.pngи изберете RunAsAdmin.jpg Run as Administrator, за да стартирате инструмента.
  • Изчакайте търпеливо, докато  се появи  главната конзола (може да отнеме минута или две).

52b6de58f1952-Zoek_Startpagina_5.0.0.0.P
 

 

  • В главния прозорец, моля поставете в следния скрипт:
createsrpoint;
autoclean;
emptyalltemp;
  • Уверете се, че  опцията Scan All Users е маркирана.
  • Натиснете Run Script и изчакайте. Сканирането може да отнеме няколко минути.
  • Когато сканирането приключи, ще се отвори лог файл с име zoek-results.
  • Ако е необходимо рестартиране, той ще се отвори след това.
  • Копирайте съдържанието му в следващия си отговор.

 


 

СТЪПКА 4:

 

 

Повторете сканирането с Farbar Recovery Scan Tool
 
qrazy508-240x140.jpg
 
 

  • Моля изтеглете Farbar Recovery Scan Tool и го запазете на десктопа.
  • Стартирайте файла FRST.exe.
  • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
  • Сложете всички отметки.
  • Натиснете бутона SCAN.
  • Ще се създадат два лог файл с името - FRST.txt и Addition.txt на десктопа.
  • Файлът FRST.txt копирайте в следващия си пост. Addition.txt прикачете в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

Линк към коментара
Сподели в други сайтове

Да обаче е неактивно ..?

 

Вижте..такива елементарни неща осъждаме....!Моля ви..!

Стартирате програмата => Сканиране => след като програмата си свърши работата => Почистване :)

Линк към коментара
Сподели в други сайтове

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.9 (09.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by Daniela on ­Ґ¤ 21.09.2014 Ј. at 11:52:12,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mywebsearch.skinlauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mywebsearch.skinlauncher.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mywebsearch.skinlaunchersettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mywebsearch.skinlaunchersettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1332179869-1056899932-3864764390-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askfm_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askfm_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askfm_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askfm_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0170B447-E7C0-48D8-92E9-047C0A3847AD}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{026E46D6-54AA-4A65-8640-9D250771C2A5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F2DBB0CB-3D16-42A4-B56A-4B867D210350}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\cloud software ltd"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Daniela\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Daniela\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Daniela\appdata\locallow\apps hat"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ­Ґ¤ 21.09.2014 Ј. at 12:13:57,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Линк към коментара
Сподели в други сайтове

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014
Ran by Daniela (administrator) on DANIELA-PC on 21-09-2014 12:33:49
Running from C:\Users\Daniela\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Български (България)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Farbar) C:\Users\Daniela\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [30208 2005-12-07] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [49152 2006-05-18] ()
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2011-12-12] (PC Tools)
HKLM-x32\...\Run: [unlockerAssistant] => "E:\Нова папка\Unlocker\UnlockerAssistant.exe" -H
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "E:\hamachi-2-ui.exe" --auto-start
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1332179869-1056899932-3864764390-1000\...\Run: [GoogleChromeAutoLaunch_3DE63956E2201FD427025F5C0956CFCB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)
HKU\S-1-5-21-1332179869-1056899932-3864764390-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [969104 2012-12-13] (BitTorrent, Inc.)
HKU\S-1-5-21-1332179869-1056899932-3864764390-1000\...\Run: [speedItupFree] => "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
HKU\S-1-5-21-1332179869-1056899932-3864764390-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1332179869-1056899932-3864764390-1000\...\MountPoints2: {7c92020e-1821-11e1-acc2-1c75083e0ce8} - G:\Autorun.exe
HKU\S-1-5-21-1332179869-1056899932-3864764390-1000\...\Winlogon: [shell] "C:\ProgramData\Windows Services\wservice.exe",explorer.exe <==== ATTENTION 
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
URLSearchHook: HKLM-x32 - Default Value = {3B81079D-2AC9-425f-A494-A1C7D93AFA3C}
URLSearchHook: HKLM-x32 - GagetBox - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll No File
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - %SearchDefender_IESearchEngineGuid% URL = http://search.gboxapp.com/?q={searchTerms}
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - %SearchDefender_IESearchEngineGuid% URL = http://search.gboxapp.com/?q={searchTerms}
SearchScopes: HKCU - {C66E5937-5DBA-4D6E-ACC9-C96D77588AC2} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: YoutubeAaDBluOOcke -> {d9c2f5c2-ac9d-40c2-b87c-fb54a624adc4} -> C:\Program Files (x86)\YoutubeAaDBluOOcke\oOiJM0TNeOsk0Q.x64.dll ()
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll No File
BHO-x32: CertifiedToolbar -> {8d3ec233-b92d-4187-a506-284127cfba2d} -> C:\Users\Daniela\AppData\Roaming\CertifiedToolbar\CertifiedToolbar.dll No File
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: YoutubeAaDBluOOcke -> {d9c2f5c2-ac9d-40c2-b87c-fb54a624adc4} -> C:\Program Files (x86)\YoutubeAaDBluOOcke\oOiJM0TNeOsk0Q.dll ()
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - GagetBox - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll No File
Toolbar: HKLM-x32 - CertifiedToolbar - {8d3ec233-b92d-4187-a506-284127cfba2d} - C:\Users\Daniela\AppData\Roaming\CertifiedToolbar\CertifiedToolbar.dll No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default
FF NewTab: about:newtab
FF SearchEngineOrder.3: Bing 
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Apps Hat - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\[email protected]0afdf81a4.com [2014-05-17]
FF Extension: GadgetBox - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\[email protected] [2012-12-13]
FF Extension: No Name - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\staged [2014-09-05]
FF Extension: HomeTab - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\{9c72a7f0-9ced-4876-80b8-2cebdc068f07} [2014-09-14]
FF Extension: CertifiedToolbar - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\Extensions\{dac70ad0-e58c-4d0b-9ac7-eee894ffb0fa} [2013-03-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-10-12]
FF Extension: No Name - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} [Not Found]
FF Extension: No Name - C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\29ztghzs.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> about:newtab?source=home
CHR StartupUrls: Default -> "about:newtab?source=home", "hxxp://istart.webssearches.com/?type=hp&ts=1409317299&from=adks&uid=ST9500325AS_6VEGBS27XXXX6VEGBS27", "hxxp://websearch.flyandsearch.info/?pid=724&r=2014/09/05&hid=14138264460903633756&lg=EN&cc=BG"
CHR DefaultSearchKeyword: Default -> search.certified-toolbar.com_
CHR DefaultSearchProvider: Default -> Web Search
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Документи) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-05]
CHR Extension: (Google Диск) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-05]
CHR Extension: (YouTube) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-05]
CHR Extension: (Google Търсене) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-05]
CHR Extension: (Social Face) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehohhddamheegbbkabfgegbaeminghlb [2014-09-05]
CHR Extension: (avast! WebRep) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-09-16]
CHR Extension: (Google Wallet) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Gmail) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-05]
CHR HKLM-x32\...\Chrome\Extension: [aaaapoecfpbnohmjikjhpijcnonhhhlh] - C:\Users\Daniela\AppData\Local\APN\GoogleCRXs\aaaapoecfpbnohmjikjhpijcnonhhhlh_7.17.0.0.crx []
CHR HKLM-x32\...\Chrome\Extension: [fnjancchhkabckonnimkjhcjhnaopfob] - C:\Program Files (x86)\CertifiedToolbar\chrome\CertifiedToolbar.crx []
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2011-10-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [204576 2014-06-18] (Microsoft)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [167936 2005-08-08] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-01-24] (SolidWorks) [File not signed]
S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]
S2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Hamachi2Svc; E:\hamachi-2.exe -s [X]
S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [31344 2012-12-13] (Connectify)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-11-26] (DT Soft Ltd)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2012-04-16] (Windows ® Win 7 DDK provider)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\Drivers\aswFsBlk.sys 55142B4F7A7E4C9C151C6000A6BF7809
C:\Windows\System32\Drivers\aswKbd.sys F146F83E8F7AC22BD011D5942E4C155C
C:\Windows\system32\drivers\aswMonFlt.sys AA9FDE3D630160B47DAB21BF8250111C
C:\Windows\System32\Drivers\aswrdr2.sys 2A6675C24DF5159A9506CD13ECE5ABE9
C:\Windows\System32\Drivers\aswSnx.sys 4E38475BDB51A867CCBA7D5DF7FDFC0C
C:\Windows\System32\Drivers\aswSP.sys 9A49D80D65451AF22913AEF772CC3DA9
C:\Windows\System32\Drivers\aswTdi.sys C3EC420451AC5300A22190AE38418FBA
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys E642491F64E58CD5BC8FB8B347DCF65F
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 0D25B6D300BA26A5F2C3B2A8E96B158B
C:\Windows\System32\Drivers\BTHUSB.sys 1F9912F8EC5BFA53432E71E150636A8A
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cnnctfy2.sys 040FF3B09F26926A3792E047DB0F47DD
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 400582B09E0BB557D0EC28A945150EEB
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys 2D18C9E1F23970DE32D78D3B1CDDA0A7
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys F5872A11EB4F6DB170D636CD4E53CA9F
C:\Windows\System32\drivers\IntcHdmi.sys 88A20FA54C73DED4E8DAC764E9130AE9
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\k57nd60a.sys 37E053A2CF8F0082B689ED74106E0CEC
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys FAF015B07E3A2874A790A39B7D2C579F
C:\Windows\System32\DRIVERS\mrxsmb10.sys 08E2345DF129082BCDFFDC1440F9C00D
C:\Windows\System32\DRIVERS\mrxsmb20.sys 108D87409C5812EF47D81E22843E8C9D
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmbx64.sys 88F2F2CB9FAEE2E14BCCF384F4C88061
C:\Windows\System32\drivers\ccdcmbox64.sys 31C1FAC4AE14FB2F8771C59BA3F90BAD
C:\Windows\System32\drivers\npf.sys DE7FCC77F4A503AF4CA6A47D49B3713D
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pccsmcfdx64.sys BC0018C2D29F655188A0ED3FA94FDB24
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\SysWow64\speedfan.sys 0FFE35F0B0CD5A324BBE22F02569AE3B
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 2098B8556D1CEC2ACA9A29CD479E3692
C:\Windows\System32\DRIVERS\srv2.sys D0F73A42040F21F92FD314B42AC5C9E7
C:\Windows\System32\DRIVERS\srvnet.sys 2BA8F3250828CCDB4204ECF2C6F40B6A
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys FBD861E69E1F583BEC906FCD04E4F84E
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbser.sys 4ACEE387FA8FD39F83564FCD2FC234F2
C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys 0FBB0080B287BBCBF5C7076E3D74A35C
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wcmvcam64.sys 8F105ADE434064ADFBBFBE198513B84F
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 12:32 - 2014-09-21 12:33 - 02105856 _____ (Farbar) C:\Users\Daniela\Downloads\FRST64 (1).exe
2014-09-21 12:17 - 2014-09-21 12:17 - 00000002 _____ () C:\runcheck.txt
2014-09-21 12:17 - 2014-09-21 12:17 - 00000000 ____D () C:\zoek_backup
2014-09-21 12:15 - 2014-09-21 12:15 - 04114148 _____ () C:\Users\Daniela\Downloads\zoek.zip
2014-09-21 12:15 - 2014-09-09 07:43 - 01421585 _____ () C:\Users\Daniela\Desktop\zoek.scr
2014-09-21 12:15 - 2014-09-09 07:43 - 01421585 _____ () C:\Users\Daniela\Desktop\zoek.com
2014-09-21 12:13 - 2014-09-21 12:13 - 00002830 _____ () C:\Users\Daniela\Desktop\JRT.txt
2014-09-21 11:49 - 2014-09-21 11:49 - 00000000 ____D () C:\Windows\ERUNT
2014-09-21 11:48 - 2014-09-21 11:48 - 01027006 _____ (Thisisu) C:\Users\Daniela\Downloads\JRT.exe
2014-09-21 11:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-21 11:07 - 2014-09-21 11:38 - 00000000 ____D () C:\AdwCleaner
2014-09-21 11:06 - 2014-09-21 11:06 - 01373475 _____ () C:\Users\Daniela\Downloads\adwcleaner_3.310.exe
2014-09-21 10:08 - 2014-09-21 10:11 - 00035679 _____ () C:\Users\Daniela\Downloads\Addition.txt
2014-09-21 10:06 - 2014-09-21 12:34 - 00034373 _____ () C:\Users\Daniela\Downloads\FRST.txt
2014-09-21 10:06 - 2014-09-21 12:33 - 00000000 ____D () C:\FRST
2014-09-21 10:04 - 2014-09-21 10:05 - 02105856 _____ (Farbar) C:\Users\Daniela\Downloads\FRST64.exe
2014-09-16 08:23 - 2014-09-16 08:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-05 16:50 - 2014-09-06 19:40 - 00000000 ____D () C:\Users\Daniela\Documents\NFS Most Wanted
2014-09-05 16:46 - 2014-09-05 16:46 - 00004923 _____ () C:\Users\Daniela\Downloads\Need_For_Speed__Most_Wanted_Crack-Fully_Worki
2014-09-05 16:46 - 2014-09-05 16:46 - 00003209 _____ () C:\Users\Daniela\Downloads\[kickass.to]need.for.speed.most.wanted.patch.for.windows.7.64.bit.torrent
2014-09-05 16:41 - 2014-09-06 22:17 - 00000000 ____D () C:\ProgramData\YoutubeAaDBluOOcke
2014-09-05 16:41 - 2014-09-05 16:42 - 00000000 ____D () C:\ProgramData\KeepAppIt Software
2014-09-05 16:40 - 2014-09-05 16:41 - 00000000 ____D () C:\ProgramData\5534d603321f79eb
2014-09-05 16:40 - 2014-09-05 16:41 - 00000000 ____D () C:\Program Files (x86)\YoutubeAaDBluOOcke
2014-09-05 16:40 - 2014-09-05 16:40 - 00000426 __RSH () C:\ProgramData\ntuser.pol
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Guest
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Comodo
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Administrator
2014-09-05 16:30 - 2014-09-05 16:30 - 00004923 _____ () C:\Users\Daniela\Downloads\Need_For_Speed__Most_Wanted_Crack-Fully_Working__.3427700.TPB.torrent
2014-09-05 15:49 - 2014-09-05 15:49 - 00011611 _____ () C:\Users\Daniela\Downloads\Need For Speed Most Wanted PC DVD.torrent
2014-09-04 13:34 - 2014-09-05 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA Vice City - Burn
2014-09-04 13:34 - 2014-09-04 13:34 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GTA Vice City - Burn
2014-09-04 12:54 - 2014-09-04 12:54 - 00000000 ____D () C:\Windows\GTA Vice City - Burn
2014-09-04 12:33 - 2014-09-04 12:33 - 00060342 _____ () C:\Users\Daniela\Downloads\GTA Vice City - Burn.torrent
2014-09-03 07:04 - 2014-09-03 07:04 - 00321536 _____ () C:\Users\Daniela\Downloads\kvota-3-za-rabotni-mesta-v-obshtinskite-administracii (1).xls
2014-09-02 16:15 - 2014-09-02 16:15 - 00273920 _____ () C:\Users\Daniela\Downloads\kvota-1-za-rabotni-mesta-v-centralnite-vedomstva.xls
2014-09-02 16:15 - 2014-09-02 16:15 - 00108032 _____ () C:\Users\Daniela\Downloads\kvota-2-za-rabotni-mesta-v-oblastnite-administracii.xls
2014-09-02 16:14 - 2014-09-02 16:14 - 00321536 _____ () C:\Users\Daniela\Downloads\kvota-3-za-rabotni-mesta-v-obshtinskite-administracii.xls
2014-09-02 14:32 - 2014-09-02 14:32 - 00001043 _____ () C:\Windows\NLSDownlevelMapping.log
2014-09-02 14:13 - 2014-09-02 14:13 - 00054191 _____ () C:\Users\Daniela\Downloads\City Car Driving v2.2.7 + Car Pack + Crack.torrent
2014-08-29 19:55 - 2014-08-29 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Display Offer
2014-08-29 19:55 - 2014-08-29 19:55 - 00000000 ____D () C:\Program Files (x86)\Display Offer
2014-08-29 16:03 - 2014-08-29 16:03 - 00000040 _____ () C:\ProgramData\spds90.txt
2014-08-26 15:35 - 2014-08-26 15:35 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\Softland
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 12:34 - 2014-09-21 10:06 - 00034373 _____ () C:\Users\Daniela\Downloads\FRST.txt
2014-09-21 12:33 - 2014-09-21 12:32 - 02105856 _____ (Farbar) C:\Users\Daniela\Downloads\FRST64 (1).exe
2014-09-21 12:33 - 2014-09-21 10:06 - 00000000 ____D () C:\FRST
2014-09-21 12:29 - 2011-10-12 09:52 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{72ADF9CF-5EA5-4B41-92E6-2774748BC0D3}
2014-09-21 12:21 - 2012-10-07 11:26 - 00001000 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-21 12:20 - 2012-09-15 13:54 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-21 12:17 - 2014-09-21 12:17 - 00000002 _____ () C:\runcheck.txt
2014-09-21 12:17 - 2014-09-21 12:17 - 00000000 ____D () C:\zoek_backup
2014-09-21 12:15 - 2014-09-21 12:15 - 04114148 _____ () C:\Users\Daniela\Downloads\zoek.zip
2014-09-21 12:13 - 2014-09-21 12:13 - 00002830 _____ () C:\Users\Daniela\Desktop\JRT.txt
2014-09-21 11:49 - 2014-09-21 11:49 - 00000000 ____D () C:\Windows\ERUNT
2014-09-21 11:49 - 2009-07-14 07:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-21 11:49 - 2009-07-14 07:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 11:48 - 2014-09-21 11:48 - 01027006 _____ (Thisisu) C:\Users\Daniela\Downloads\JRT.exe
2014-09-21 11:48 - 2011-10-12 09:46 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\Skype
2014-09-21 11:48 - 2011-10-12 09:44 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\uTorrent
2014-09-21 11:45 - 2011-10-11 18:41 - 02001120 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 11:41 - 2014-05-11 11:42 - 00013380 _____ () C:\Windows\PFRO.log
2014-09-21 11:41 - 2014-05-10 21:24 - 00026635 _____ () C:\Windows\setupact.log
2014-09-21 11:41 - 2012-10-07 11:26 - 00000996 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-21 11:41 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 11:38 - 2014-09-21 11:07 - 00000000 ____D () C:\AdwCleaner
2014-09-21 11:38 - 2014-02-01 15:40 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2014-09-21 11:36 - 2012-10-19 14:03 - 00000000 ____D () C:\Users\Daniela\Documents\Euro Truck Simulator 2
2014-09-21 11:35 - 2012-08-15 23:55 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-21 11:06 - 2014-09-21 11:06 - 01373475 _____ () C:\Users\Daniela\Downloads\adwcleaner_3.310.exe
2014-09-21 10:11 - 2014-09-21 10:08 - 00035679 _____ () C:\Users\Daniela\Downloads\Addition.txt
2014-09-21 10:05 - 2014-09-21 10:04 - 02105856 _____ (Farbar) C:\Users\Daniela\Downloads\FRST64.exe
2014-09-19 20:52 - 2014-08-16 23:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-09-19 20:50 - 2011-12-23 21:36 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-19 19:53 - 2009-07-14 08:13 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-16 08:23 - 2014-09-16 08:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 08:23 - 2014-08-16 08:59 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-16 08:23 - 2012-08-07 13:14 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-16 08:23 - 2011-10-12 09:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-16 08:23 - 2011-10-12 09:45 - 00000000 ____D () C:\ProgramData\Skype
2014-09-14 17:46 - 2013-12-09 21:18 - 00000000 ____D () C:\Windows\System32\Tasks\SystemSockets
2014-09-14 17:46 - 2013-08-22 14:16 - 00000000 ____D () C:\Windows\System32\Tasks\Browser Updater
2014-09-14 17:46 - 2013-03-19 22:24 - 00000000 ____D () C:\Windows\System32\Tasks\ProtectedSearch
2014-09-14 17:45 - 2014-02-05 17:24 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-14 17:45 - 2011-10-11 18:45 - 00001431 _____ () C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-14 17:45 - 2011-10-11 18:45 - 00001397 _____ () C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-11 22:36 - 2013-03-19 22:24 - 00034368 _____ () C:\Windows\Launcher.exe
2014-09-09 07:43 - 2014-09-21 12:15 - 01421585 _____ () C:\Users\Daniela\Desktop\zoek.scr
2014-09-09 07:43 - 2014-09-21 12:15 - 01421585 _____ () C:\Users\Daniela\Desktop\zoek.com
2014-09-06 22:17 - 2014-09-05 16:41 - 00000000 ____D () C:\ProgramData\YoutubeAaDBluOOcke
2014-09-06 19:40 - 2014-09-05 16:50 - 00000000 ____D () C:\Users\Daniela\Documents\NFS Most Wanted
2014-09-06 09:29 - 2013-07-06 14:19 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-05 16:46 - 2014-09-05 16:46 - 00004923 _____ () C:\Users\Daniela\Downloads\Need_For_Speed__Most_Wanted_Crack-Fully_Worki
2014-09-05 16:46 - 2014-09-05 16:46 - 00003209 _____ () C:\Users\Daniela\Downloads\[kickass.to]need.for.speed.most.wanted.patch.for.windows.7.64.bit.torrent
2014-09-05 16:42 - 2014-09-05 16:41 - 00000000 ____D () C:\ProgramData\KeepAppIt Software
2014-09-05 16:42 - 2012-02-28 19:44 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-05 16:41 - 2014-09-05 16:40 - 00000000 ____D () C:\ProgramData\5534d603321f79eb
2014-09-05 16:41 - 2014-09-05 16:40 - 00000000 ____D () C:\Program Files (x86)\YoutubeAaDBluOOcke
2014-09-05 16:40 - 2014-09-05 16:40 - 00000426 __RSH () C:\ProgramData\ntuser.pol
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Guest
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Comodo
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-05 16:40 - 2014-09-05 16:40 - 00000000 ____D () C:\Users\Administrator
2014-09-05 16:40 - 2012-02-15 18:49 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Google
2014-09-05 16:40 - 2009-07-14 06:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-05 16:40 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-05 16:37 - 2013-12-11 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2014-09-05 16:33 - 2014-07-04 21:22 - 00026596 _____ () C:\Windows\DirectX.log
2014-09-05 16:30 - 2014-09-05 16:30 - 00004923 _____ () C:\Users\Daniela\Downloads\Need_For_Speed__Most_Wanted_Crack-Fully_Working__.3427700.TPB.torrent
2014-09-05 16:30 - 2011-11-26 14:52 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\DAEMON Tools Lite
2014-09-05 15:51 - 2014-09-04 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA Vice City - Burn
2014-09-05 15:49 - 2014-09-05 15:49 - 00011611 _____ () C:\Users\Daniela\Downloads\Need For Speed Most Wanted PC DVD.torrent
2014-09-04 13:34 - 2014-09-04 13:34 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GTA Vice City - Burn
2014-09-04 12:54 - 2014-09-04 12:54 - 00000000 ____D () C:\Windows\GTA Vice City - Burn
2014-09-04 12:33 - 2014-09-04 12:33 - 00060342 _____ () C:\Users\Daniela\Downloads\GTA Vice City - Burn.torrent
2014-09-03 17:44 - 2014-08-17 00:14 - 00000000 _____ () C:\Users\Daniela\AppData\Roaming\FileOut.cns
2014-09-03 17:44 - 2014-08-17 00:14 - 00000000 _____ () C:\Users\Daniela\AppData\Roaming\FileIn.cns
2014-09-03 07:04 - 2014-09-03 07:04 - 00321536 _____ () C:\Users\Daniela\Downloads\kvota-3-za-rabotni-mesta-v-obshtinskite-administracii (1).xls
2014-09-02 16:15 - 2014-09-02 16:15 - 00273920 _____ () C:\Users\Daniela\Downloads\kvota-1-za-rabotni-mesta-v-centralnite-vedomstva.xls
2014-09-02 16:15 - 2014-09-02 16:15 - 00108032 _____ () C:\Users\Daniela\Downloads\kvota-2-za-rabotni-mesta-v-oblastnite-administracii.xls
2014-09-02 16:14 - 2014-09-02 16:14 - 00321536 _____ () C:\Users\Daniela\Downloads\kvota-3-za-rabotni-mesta-v-obshtinskite-administracii.xls
2014-09-02 14:32 - 2014-09-02 14:32 - 00001043 _____ () C:\Windows\NLSDownlevelMapping.log
2014-09-02 14:30 - 2012-11-25 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forward Development
2014-09-02 14:13 - 2014-09-02 14:13 - 00054191 _____ () C:\Users\Daniela\Downloads\City Car Driving v2.2.7 + Car Pack + Crack.torrent
2014-08-31 11:03 - 2014-02-01 15:39 - 00000000 ____D () C:\Program Files (x86)\Direct Video Downloader
2014-08-29 19:55 - 2014-08-29 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Display Offer
2014-08-29 19:55 - 2014-08-29 19:55 - 00000000 ____D () C:\Program Files (x86)\Display Offer
2014-08-29 16:03 - 2014-08-29 16:03 - 00000040 _____ () C:\ProgramData\spds90.txt
2014-08-28 22:43 - 2013-07-29 20:23 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-26 15:43 - 2014-08-16 09:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-26 15:36 - 2011-10-12 09:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-26 15:35 - 2014-08-26 15:35 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\Softland
 
Some content of TEMP:
====================
C:\Users\Daniela\AppData\Local\Temp\7za.exe
C:\Users\Daniela\AppData\Local\Temp\AutoRun.exe
C:\Users\Daniela\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Daniela\AppData\Local\Temp\bdfilters.dll
C:\Users\Daniela\AppData\Local\Temp\CloudBackup1412.exe
C:\Users\Daniela\AppData\Local\Temp\CloudBackup189.exe
C:\Users\Daniela\AppData\Local\Temp\DeltaTB.exe
C:\Users\Daniela\AppData\Local\Temp\EBU47D9.EXE
C:\Users\Daniela\AppData\Local\Temp\EBU4E5E.DLL
C:\Users\Daniela\AppData\Local\Temp\hijackthis.exe
C:\Users\Daniela\AppData\Local\Temp\NirCmd.exe
C:\Users\Daniela\AppData\Local\Temp\PCOptimizerProSetup_CMN_1.exe
C:\Users\Daniela\AppData\Local\Temp\PEVZ.EXE
C:\Users\Daniela\AppData\Local\Temp\Quarantine.exe
C:\Users\Daniela\AppData\Local\Temp\remove.exe
C:\Users\Daniela\AppData\Local\Temp\sed.exe
C:\Users\Daniela\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Daniela\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Daniela\AppData\Local\Temp\sfextra.dll
C:\Users\Daniela\AppData\Local\Temp\shortcut.exe
C:\Users\Daniela\AppData\Local\Temp\swreg.exe
C:\Users\Daniela\AppData\Local\Temp\swxcacls.exe
C:\Users\Daniela\AppData\Local\Temp\tbu16FD.exe
C:\Users\Daniela\AppData\Local\Temp\tbu3024.exe
C:\Users\Daniela\AppData\Local\Temp\tbu6838.exe
C:\Users\Daniela\AppData\Local\Temp\tbu8075.exe
C:\Users\Daniela\AppData\Local\Temp\tbuCEF5.exe
C:\Users\Daniela\AppData\Local\Temp\tbuE82C.exe
C:\Users\Daniela\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Daniela\AppData\Local\Temp\wget.exe
C:\Users\Daniela\AppData\Local\Temp\ycomp_setup_cclean.exe
C:\Users\Daniela\AppData\Local\Temp\zoek-delete.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  bg-BG
inherit                 {globalsettings}
default                 {current}
resumeobject            {57c0b3c7-f427-11e0-b5c5-bb723ae4c13d}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  bg-BG
inherit                 {bootloadersettings}
recoverysequence        {57c0b3c9-f427-11e0-b5c5-bb723ae4c13d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {57c0b3c7-f427-11e0-b5c5-bb723ae4c13d}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {57c0b3c9-f427-11e0-b5c5-bb723ae4c13d}
device                  ramdisk=[C:]\Recovery\57c0b3c9-f427-11e0-b5c5-bb723ae4c13d\Winre.wim,{57c0b3ca-f427-11e0-b5c5-bb723ae4c13d}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\57c0b3c9-f427-11e0-b5c5-bb723ae4c13d\Winre.wim,{57c0b3ca-f427-11e0-b5c5-bb723ae4c13d}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {57c0b3c7-f427-11e0-b5c5-bb723ae4c13d}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  bg-BG
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  bg-BG
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {57c0b3ca-f427-11e0-b5c5-bb723ae4c13d}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\57c0b3c9-f427-11e0-b5c5-bb723ae4c13d\boot.sdi
 
 
 
LastRegBack: 2014-09-16 00:28
 
==================== End Of Log ============================

Addition.txt

Линк към коментара
Сподели в други сайтове

А каква е причината да игнорирате стъпка 3..?

Защо не сте деинсталирали по стандартния начин тези програми:

 

 

CertifiedToolbar 2.4 (HKLM-x32\...\{107c7af4-bcdb-4ba2-87d1-3cb1f7190dba}_is1) (Version: 2.4 - CertifiedToolbar) <==== ATTENTION

GadgetBox Expansion (HKLM\...\{6D345027-25C7-43C1-A12A-6DE5B6D772D1}) (Version: 1.0 - ) <==== ATTENTION

HomeTab 6.8 (HKLM-x32\...\{f8c77e88-ecbf-40f9-8e8b-fb0da19c6553}_is1) (Version: 6.8 - One Floor App) <==== ATTENTION

Линк към коментара
Сподели в други сайтове

icon13.gif Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => [fixlist.txt
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

Линк към коментара
Сподели в други сайтове

  • 2 седмици по-късно...

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Подобни теми

    • от micr0
      Прикачвам логовете от програмата и event лога
      от известно време постоянно ми дава някакви грешки от рода на Unknown hard error и разни 
      Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: Unpacker.exe (3776) consumed 2473353216 bytes, mysqld.exe (5408) consumed 484003840 bytes, and CMSClient.exe (6724) consumed 349949952 bytes.
      файла Unpacker.exe го намерих който всъщност е coin miner https://www.virustotal.com/gui/file/eb9c8d286eb758a7b96edd350e79dd1fc2b5d6429f45b9c49e003075134b50a6/detection
      Благодаря за отделеното време  
       
      Addition.txt error.evtx FRST.txt
    • от Not1ced..
      Дали Bycelebian   е вирус?Щото като включа компа се отваря страница Bycelebian.com
       
    • от Елионора
      Здравейте
      Антивирусната ми откри някаква заплаха, зададох да блокира въпросното нещо, но още няколко такива известия за заплахи ми излезнаха. На всички зададох да премахне или блокира дадената заплаха като на 2 от тях пишеше че е с “Много висока” опасност и когато натиснах да погледна по-подробно ми показа че вида на заплахата е “Троянски кон”. Започнах да търся из лаптопа и намерих едно приложение което не знам как е попаднало там, опитах се няколко пъти да го дейнсталирам, но все още си стои там и не се маха.
      Моля помогнете!




    • от Aneliya Beaton
      Здравейте, 
       
      Имам следния проблем.
      Закупих от eBay версиа на Adobe CS6, която ми я продадоха за лицензирана. Въпросната версия не търси активационен код, а върви само със сериен номер, което ми се видя съмнително, но понеже не претендитам, че знам всичко за активацията на адоб го приех за истина. 
      Свалих инсталационните файлове от тук  http://bit.ly/2HbpqYp ако това има някакво значение.
      След диспут с продавача, заради отказа му да се легитимира, като такъв, издавайки ми фактура, след като единия от серийните номера, които ми продаде не работи и след като инсталирах софтуера на няколко компютъра, започнах да се съмнявам, че софтуера му не е читав. Установих, че компютрите  почнаха да вървят бавно. Като се замислят забравят да спрат... Бавно зареждат самита програми на Адоб, но не само тях.... Като се опитам да включа Task Manager-ра той не се отваря веднага, а седи много дълго време като бяло квадратче на екрана, нещо което не се беше случвало преди. Също днес без предупреждение уиндоуса се бъгна и ми показа син екран.... и не започна да върти процентите, както обикновенно, а си остана на 0 поне 5-6 мин докъто не го резстартирах с копчето......
      Предполагам съм направила някои "подобрения" на системата след качването на Adobe.
       
      Дезинсталирах пакета, но компютъра се държи по същия начин. На другите компютри още седи инсталиран.
      Интересува ме дали е вирус, това което бави машината(те).
      Възможно ли е "пипания" софтуер да рови из машината и да търси пароли и банкови сметки. Ако да, възможно ли е тези му "функции" да останат и след деинсталация?
      Също ако се установи нещо такова, може ли да се докаже времето, (дата, час) когато е качено.
       
      та това ми е проблема.
      Ако тука се установи нещо ще го махна от всички машини (още 6) и ще се наложи да почистя и тях.
       
      Благодаря предварително за помоща.
      Анелия


       
    • от Splendid
      Значи след инсталиране и ползване на Manjaro (сега се върнах на Windows 10) и ползването на Chromium това нещо от скрийншота не мога да го разкарам.
      Само Земана го открива, не вярвам дори да е вирус, Malwarebytes, Hitman Pro, Windows Defender - не го откриват или смятат за нещо зловредно.
      Но все пак, бих желал да го няма.
      Значи върнах настройките на Chrome (Default settings), изтрих всичко - история, сваляния, кукита....
      Това си стои.
      Предложения?

  • Дарение

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване