Премини към съдържанието
От 1-ви септември 2021 г., вход във форумите ще е възможен само с имейл адрес вместо потребителско име. Ако не помните имейла с който сте се регистрирали, вижте го в настройките на профила си. ×
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Бавен компютър, постоянно изкачащи реклами


Препоръчан отговор


Здравейте! От известно време компютърът ми стана по-бавен, а щом отворя какъвто и да е сайт ме побъркват с поне десет реклами - мигащи, скачащи плюс изкачащи прозорци.  :computer8:Публикувам FRST файла и прикачвам Addition и моля за помощ.  :rolleyes:  

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by home (administrator) on HOME-PC on 22-10-2014 15:09:28
Running from C:\Users\home\Downloads
Loaded Profiles: home & UpdatusUser (Available profiles: home & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Български (България)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\di4VeriBrowse\K9VeriBrowseTX175.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(www.BitComet.com) D:\INSTALL\BitComet\BitComet.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(www.BitComet.com) D:\INSTALL\BitComet\tools\BitCometService.exe
(Facebook Inc.) C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Users\home\AppData\Local\UpdateChecker\UpdateCheckerApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\home\AppData\Local\Viber\Viber.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(VerbAce Research) C:\Program Files (x86)\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
(Dropbox, Inc.) C:\Users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(globalUpdate) C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-09-15] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2721576 2011-09-15] (ELAN Microelectronics Corp.)
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1930440090-2118232510-1044211289-1000\...\Run: [bitComet] => D:\INSTALL\BitComet\BitComet.exe [20529920 2013-02-19] (www.BitComet.com)
HKU\S-1-5-21-1930440090-2118232510-1044211289-1000\...\Run: [Facebook Update] => C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-11-18] (Facebook Inc.)
HKU\S-1-5-21-1930440090-2118232510-1044211289-1000\...\Run: [sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [468192 2014-09-01] (Sony)
HKU\S-1-5-21-1930440090-2118232510-1044211289-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\home\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-1930440090-2118232510-1044211289-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-1930440090-2118232510-1044211289-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1930440090-2118232510-1044211289-1000\...\Run: [updateChecker] => C:\Users\home\AppData\Local\UpdateChecker\UpdateCheckerApp.exe [7168 2014-02-17] ()
HKU\S-1-5-21-1930440090-2118232510-1044211289-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1930440090-2118232510-1044211289-1000\...\Run: [Viber] => C:\Users\home\AppData\Local\Viber\Viber.exe [936656 2014-09-02] ()
HKU\S-1-5-21-1930440090-2118232510-1044211289-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1930440090-2118232510-1044211289-1000\...\MountPoints2: {1efcf83b-affc-11e1-9862-806e6f6e6963} - F:\SecSWMgrGuide.exe
HKU\S-1-5-21-1930440090-2118232510-1044211289-1000\...\MountPoints2: {3586d9f6-4c1e-11e2-ac23-dca971432e60} - G:\Startme.exe
HKU\S-1-5-21-1930440090-2118232510-1044211289-1000\...\MountPoints2: {df308a60-ebfd-11e3-8b48-dca971432e60} - H:\Setup.exe
HKU\S-1-5-21-1930440090-2118232510-1044211289-1001\...\MountPoints2: {1efcf83b-affc-11e1-9862-806e6f6e6963} - F:\SecSWMgrGuide.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-09-15] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll => "c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll" File Not Found
AppInit_DLLs-x32:  c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [193128 2011-09-15] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VerbAce-Pro Startup Agent.lnk
ShortcutTarget: VerbAce-Pro Startup Agent.lnk -> C:\Program Files (x86)\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe (VerbAce Research)
Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Изрязване на екран и стартиране на OneNote 2010.lnk
ShortcutTarget: Изрязване на екран и стартиране на OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:14085;https=127.0.0.1:14085
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x721A50F71F44CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKLM-x32 - SiteFinder - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1405885259&from=pjr&uid=WDCXWD5000BPVT-35HXZT1_WD-WXA1A91L0150L0150
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 - Yandex URL = http://yandex.ru/yandsearch?clid=47356&text={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://yandex.ru/yandsearch?clid=133923&text={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: VeriBrowse -> {0355220D-708C-1505-178D-6F6026C068B8} -> C:\Program Files (x86)\di4VeriBrowse\175.dll ()
BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} ->  No File
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> D:\INSTALL\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - SiteFinder - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{45888567-AFA8-446E-B12B-3BC6A05FB4B7}: [NameServer] 78.90.139.1,89.190.192.247
 
FireFox:
========
FF ProfilePath: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=0.7.1 -> "C:\Program Files (x86)\VideoLAN\VLC\mozilla\npvlc.dll" No File
FF Plugin-x32: @videolan.org/vlc,version=1.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\home\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF user.js: detected! => C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll (LizardTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\searchplugins\browsemngr.xml
FF SearchPlugin: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\searchplugins\buenosearch.xml
FF SearchPlugin: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\searchplugins\yandex.ru-233437.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: Avira Browser Safety - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\Extensions\[email protected] [2014-10-14]
FF Extension: BitComet Video Downloader - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2013-04-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\extensions\[email protected]
FF HKCU\...\Firefox\Extensions: [{CF162B0D-2D4A-684B-E0ED-746C8BEB4628}] - C:\Program Files (x86)\di4VeriBrowse\175.xpi
FF Extension: No Name - C:\Program Files (x86)\di4VeriBrowse\175.xpi [2014-07-20]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1405885259&from=pjr&uid=WDCXWD5000BPVT-35HXZT1_WD-WXA1A91L0150L0150"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Документи) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-12]
CHR Extension: (Google Диск) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-12]
CHR Extension: (YouTube) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-12]
CHR Extension: (Adblock Plus) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-22]
CHR Extension: (Google Търсене) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-12]
CHR Extension: (Avira Browser Safety) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-09]
CHR Extension: (VideoFileDownload) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kincjchfokkeneeofpeefomkikfkiedl [2013-08-16]
CHR Extension: (Skype Click to Call) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-09]
CHR Extension: (Google Wallet) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Gmail) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-12]
CHR HKLM-x32\...\Chrome\Extension: [fdjkhamgopgokjmllcmpkiijndjeidcl] - C:\Users\home\AppData\Local\Temp\twsfiles\trustedshopper.crx [2014-02-25]
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn10.crx [2014-02-25]
CHR HKLM-x32\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files (x86)\OApps\chromeaddon.crx [2012-07-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-07-20]
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx [2014-07-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R3 BITCOMET_HELPER_SERVICE; D:\INSTALL\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-20] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-20] (globalUpdate) [File not signed]
R2 VeriBrowse; C:\Program Files (x86)\di4VeriBrowse\K9VeriBrowseTX175.exe [159232 2014-07-20] () [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-20] (Fuyu LIMITED)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 mcdevice; C:\Windows\System32\DRIVERS\mcdevice.sys [334400 2011-05-19] (ShiningMorning Inc.)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-22 15:09 - 2014-10-22 15:10 - 00026842 _____ () C:\Users\home\Downloads\FRST.txt
2014-10-22 15:09 - 2014-10-22 15:09 - 00000000 ____D () C:\FRST
2014-10-22 15:08 - 2014-10-22 15:08 - 02110976 _____ (Farbar) C:\Users\home\Downloads\FRST64.exe
2014-10-22 00:41 - 2014-10-22 00:41 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfed77b6378c9d.job
2014-10-21 19:36 - 2014-10-21 19:36 - 00000000 ____D () C:\Users\home\Desktop\Civilizacion
2014-10-18 00:45 - 2014-10-19 00:35 - 02317692 _____ () C:\Users\home\Desktop\المعلقات.pptx
2014-10-18 00:45 - 2014-10-18 00:45 - 00000165 ____H () C:\Users\home\Desktop\~$المعلقات.pptx
2014-10-17 14:15 - 2014-10-17 14:15 - 00212480 _____ () C:\Users\home\Downloads\background-ppt-template-001.ppt
2014-10-17 14:14 - 2014-10-17 14:14 - 00512000 _____ () C:\Users\home\Downloads\background-ppt-template-035.ppt
2014-10-17 14:01 - 2014-10-17 14:01 - 00841418 _____ () C:\Users\home\Desktop\300003.pptx
2014-10-16 09:08 - 2014-10-10 05:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 09:08 - 2014-10-10 05:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 09:08 - 2014-10-10 05:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 09:08 - 2014-10-07 05:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 09:08 - 2014-10-07 05:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 09:08 - 2014-09-29 03:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 09:08 - 2014-09-26 01:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 09:08 - 2014-09-26 01:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 09:08 - 2014-09-26 01:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 09:08 - 2014-09-26 01:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 09:08 - 2014-09-26 01:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 09:08 - 2014-09-26 01:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 09:08 - 2014-09-26 01:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 09:08 - 2014-09-19 05:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 09:08 - 2014-09-19 04:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 09:08 - 2014-09-19 04:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 09:08 - 2014-09-19 04:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 09:08 - 2014-09-19 04:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 09:08 - 2014-09-19 04:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 09:08 - 2014-09-19 04:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 09:08 - 2014-09-19 04:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 09:08 - 2014-09-19 04:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 09:08 - 2014-09-19 04:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 09:08 - 2014-09-19 04:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 09:08 - 2014-09-19 04:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 09:08 - 2014-09-19 04:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 09:08 - 2014-09-19 04:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 09:08 - 2014-09-19 04:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 09:08 - 2014-09-19 04:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 09:08 - 2014-09-19 04:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 09:08 - 2014-09-19 04:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 09:08 - 2014-09-19 04:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 09:08 - 2014-09-19 04:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 09:08 - 2014-09-19 04:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 09:08 - 2014-09-19 04:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 09:08 - 2014-09-19 04:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 09:08 - 2014-09-19 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 09:08 - 2014-09-19 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 09:08 - 2014-09-19 04:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 09:08 - 2014-09-19 03:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 09:08 - 2014-09-19 03:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 09:08 - 2014-09-19 03:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 09:08 - 2014-09-19 03:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 09:08 - 2014-09-19 03:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 09:08 - 2014-09-19 03:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 09:08 - 2014-09-19 03:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 09:08 - 2014-09-19 03:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 09:08 - 2014-09-19 03:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 09:08 - 2014-09-19 03:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 09:08 - 2014-09-19 03:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 09:08 - 2014-09-19 03:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 09:08 - 2014-09-19 03:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 09:08 - 2014-09-19 03:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 09:08 - 2014-09-19 03:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 09:08 - 2014-09-19 03:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 09:08 - 2014-09-19 03:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 09:08 - 2014-09-19 02:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 09:08 - 2014-09-19 02:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 09:08 - 2014-09-19 02:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 09:08 - 2014-09-19 02:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 09:08 - 2014-07-09 05:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-16 09:08 - 2014-07-09 05:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-16 09:08 - 2014-07-09 05:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-16 09:08 - 2014-07-09 05:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-16 09:08 - 2014-07-09 05:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-16 09:08 - 2014-07-09 04:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-16 09:08 - 2014-07-09 04:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-16 09:08 - 2014-07-09 04:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-16 09:08 - 2014-07-09 04:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-16 09:08 - 2014-07-09 04:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-16 09:08 - 2014-07-09 01:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-16 09:08 - 2014-07-09 01:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-16 09:08 - 2014-06-19 01:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 09:08 - 2014-06-19 01:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 09:08 - 2014-06-19 01:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 09:08 - 2014-06-19 01:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 09:08 - 2014-06-19 01:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 09:08 - 2014-06-19 01:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 09:06 - 2014-09-18 05:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 09:06 - 2014-09-18 04:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 09:06 - 2014-09-13 04:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 09:06 - 2014-09-13 04:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 09:06 - 2014-09-04 08:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 09:06 - 2014-09-04 08:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 09:06 - 2014-07-17 05:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 09:06 - 2014-07-17 05:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 09:06 - 2014-07-17 05:07 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 09:06 - 2014-07-17 05:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 09:06 - 2014-07-17 05:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 09:06 - 2014-07-17 05:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 09:06 - 2014-07-17 05:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 09:06 - 2014-07-17 05:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 09:06 - 2014-07-17 05:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 09:06 - 2014-07-17 04:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 09:06 - 2014-07-17 04:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 09:06 - 2014-07-17 04:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 09:06 - 2014-07-17 04:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 09:06 - 2014-07-17 04:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 09:06 - 2014-07-17 04:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 09:06 - 2014-07-17 04:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 09:06 - 2014-07-17 04:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 21:26 - 2014-10-20 01:39 - 00000000 ____D () C:\Users\home\AppData\Roaming\ViberPC
2014-10-15 21:26 - 2014-10-15 21:26 - 00001064 _____ () C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2014-10-15 21:26 - 2014-10-15 21:26 - 00001056 _____ () C:\Users\home\Desktop\Viber.lnk
2014-10-15 21:25 - 2014-10-20 01:38 - 00000000 ____D () C:\Users\home\AppData\Local\Viber
2014-10-15 21:25 - 2014-10-15 21:25 - 01296016 _____ (Viber Media Inc) C:\Users\home\Downloads\ViberSetup.exe
2014-10-15 21:21 - 2014-10-15 21:21 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-15 21:21 - 2014-10-15 21:21 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-15 21:21 - 2014-10-15 21:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-15 21:20 - 2014-10-15 21:20 - 00244432 _____ () C:\Users\home\Downloads\Firefox Setup Stub 33.0.exe
2014-10-15 21:01 - 2014-10-15 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-15 19:40 - 2014-10-18 22:29 - 00000000 ____D () C:\Users\home\Desktop\Презентация
2014-10-15 00:02 - 2014-10-15 21:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-14 18:21 - 2014-10-14 18:21 - 00078872 _____ () C:\Users\home\Downloads\al-kalbi.zip
2014-10-13 22:59 - 2014-09-25 05:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-13 22:59 - 2014-09-25 04:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-07 00:14 - 2014-10-07 00:14 - 00000000 ____D () C:\Users\home\Desktop\Kuhnia.V.Parize.2014
2014-10-04 12:29 - 2014-10-13 23:03 - 00000000 ____D () C:\Users\home\Desktop\Арабски III курс
2014-09-23 20:34 - 2014-09-10 01:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 20:34 - 2014-09-10 00:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-22 15:10 - 2012-06-06 19:27 - 00000000 ____D () C:\Users\home\AppData\Roaming\Skype
2014-10-22 15:07 - 2009-07-14 07:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 15:07 - 2009-07-14 07:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 14:05 - 2012-06-06 20:25 - 01915508 _____ () C:\Windows\WindowsUpdate.log
2014-10-22 01:47 - 2014-01-31 20:22 - 00000000 ____D () C:\Users\home\Documents\Файлове на Outlook
2014-10-22 00:41 - 2014-06-18 16:14 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8af74cfc67c1.job
2014-10-21 19:43 - 2009-07-14 08:13 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-21 19:25 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-20 18:22 - 2012-10-27 16:39 - 00000000 ____D () C:\Users\home\AppData\Roaming\vlc
2014-10-20 17:54 - 2013-01-26 00:12 - 00002403 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-20 17:53 - 2013-10-08 18:08 - 00000000 ____D () C:\Users\home\AppData\Roaming\dvdcss
2014-10-20 01:39 - 2013-10-07 01:19 - 00000000 ___RD () C:\Users\home\Dropbox
2014-10-20 01:39 - 2013-10-07 01:17 - 00000000 ____D () C:\Users\home\AppData\Roaming\Dropbox
2014-10-20 01:38 - 2013-12-21 00:35 - 00000000 ____D () C:\Users\home\AppData\Roaming\newnext.me
2014-10-20 01:35 - 2009-07-14 07:51 - 00120353 _____ () C:\Windows\setupact.log
2014-10-17 03:32 - 2009-07-14 07:45 - 00412248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 03:31 - 2010-11-21 06:47 - 00308130 _____ () C:\Windows\PFRO.log
2014-10-17 03:29 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 03:29 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2014-10-17 03:29 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-10-17 02:18 - 2012-12-01 03:42 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2014-10-15 21:01 - 2014-03-13 10:42 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-15 21:01 - 2013-02-06 12:16 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-15 21:01 - 2012-06-06 19:27 - 00000000 ____D () C:\ProgramData\Skype
2014-10-14 18:28 - 2014-09-09 23:45 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-14 18:28 - 2014-09-02 10:19 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-14 18:28 - 2013-09-08 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-14 18:28 - 2013-09-08 16:53 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-14 17:35 - 2013-09-09 09:38 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 17:35 - 2013-09-08 16:53 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 17:35 - 2013-09-08 16:53 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-13 18:26 - 2012-06-06 22:44 - 00558634 _____ () C:\Windows\DPINST.LOG
2014-10-13 18:24 - 2014-08-29 08:49 - 00002026 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-10-13 18:24 - 2013-01-22 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-10-13 18:24 - 2012-06-06 22:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-09 00:37 - 2013-10-06 16:46 - 00000000 ____D () C:\Users\home\Desktop\Арабски II курс
 
Some content of TEMP:
====================
C:\Users\home\AppData\Local\Temp\avgnt.exe
C:\Users\home\AppData\Local\Temp\BackupSetup.exe
C:\Users\home\AppData\Local\Temp\BASSMOD.DLL
C:\Users\home\AppData\Local\Temp\BitE3F8.tmp.exe
C:\Users\home\AppData\Local\Temp\BuenoSearchTB.exe
C:\Users\home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8ijrju.dll
C:\Users\home\AppData\Local\Temp\InstallAX.exe
C:\Users\home\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\home\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\home\AppData\Local\Temp\KMP_3.3.0.33.exe
C:\Users\home\AppData\Local\Temp\KMP_3.4.0.59.exe
C:\Users\home\AppData\Local\Temp\KMP_3.5.0.77.exe
C:\Users\home\AppData\Local\Temp\KMP_3.6.0.87.exe
C:\Users\home\AppData\Local\Temp\KMP_3.8.0.122.exe
C:\Users\home\AppData\Local\Temp\KMP_3.9.0.124.exe
C:\Users\home\AppData\Local\Temp\KMP_3.9.0.126.exe
C:\Users\home\AppData\Local\Temp\KMP_3.9.0.128.exe
C:\Users\home\AppData\Local\Temp\NEventMessages.dll
C:\Users\home\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\home\AppData\Local\Temp\SimBundD.exe
C:\Users\home\AppData\Local\Temp\SkypeSetup.exe
C:\Users\home\AppData\Local\Temp\vcredist_x64.exe
C:\Users\home\AppData\Local\Temp\vlc-2.0.2-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-09-08 21:05
 
==================== End Of Log ============================
 
П.П. Вече изтрих файловете, посочени с Attention, въпреки това websearches продължава да се появява в браузърите.

Addition.txt

Линк към коментара
Сподели в други сайтове

 

П.П. Вече изтрих файловете, посочени с Attention, въпреки това websearches продължава да се появява в браузърите.

 

Здравейте..! То така ако се получаваше...щеше да бъде много лесно..! ;)

Това ваше действие преди да сканирате с Farbar Recovery Scan Tool или след това..?

Ако ми следите логиката е редно да повторите проверката с Farbar Recovery Scan Tool съгласно инструкцията и повече да не проявявате самоинициатива...!Поздрави..! :)

 

FRST.gif Сканиране с Farbar Recovery Scan Tool

Повторете сканирането с Farbar Recovery Scan Tool

Линк към коментара
Сподели в други сайтове

Здравейте..! То така ако се получаваше...щеше да бъде много лесно..! ;)

Това ваше действие преди да сканирате с Farbar Recovery Scan Tool или след това..?

Ако ми следите логиката е редно да повторите проверката с Farbar Recovery Scan Tool съгласно инструкцията и повече да не проявявате самоинициатива...!Поздрави..! :)

 

FRST.gif Сканиране с Farbar Recovery Scan Tool

Повторете сканирането с Farbar Recovery Scan Tool

 

След сканирането.. Извинявам се :huh: мислех, че ще олесня нещата. Повече няма да проявявам самоинициативи. :)  Прилагам файловете от повторното сканиране. И благодаря за бързия отговор.

FRST.txt

Addition.txt

Линк към коментара
Сподели в други сайтове

Ще пиша по късно ..Сега съм на работа и не е удобно..!Между другото това прокси познато ли ви е:

 

 

ProxyServer: http=127.0.0.1:14306;https=127.0.0.1:14306

Линк към коментара
Сподели в други сайтове

Не мога да ви отговоря за проксито, тъй като нямам такива познания и нямам идея за какво иде реч.  Извинете моето невежество. :doh:


Линк към коментара
Сподели в други сайтове

FRST.gif Фикс с Farbar Recovery Scan Tool

 

icon13.gif Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt

Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

 

 

adwcleaner_new.png Сканиране с AdwCleaner
 
Моля, изтеглете и стартирайте програмата AdwCleaner (by Xplode):

  • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте Clean
  • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
  • Моля, да публикувате съдържанието на този лог в отговора си
  • Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

 

 

 

JRTbythisisu.png Сканиране с Junkware Removal Tool

 

Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

 

xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg  Дневници

 

В следващия си отговор, моля да включите следните дневници:

 

  • FixLog.txt
  • AdwCleaner[s0].txt
  • JRT.txt
Линк към коментара
Сподели в други сайтове

Има малък проблем. :D След като пуснах фикса и се рестартира, ми даде плоблем с интернета и по-точно с прокси сървъра. "The configured proxy server is not responding."

Линк към коментара
Сподели в други сайтове

Аз като питам...значи има нужда..?  Вие да не използвате прокси за връзка с интернет...? Май попитах по горе дали ви е познато проксито..? Сега имате ли достъп до интернет..?

 

Освен това:

 

 

xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg  Дневници

 

В следващия си отговор, моля да включите следните дневници:

 

  • FixLog.txt
  • AdwCleaner[s0].txt
  • JRT.txt

 

 

Ще видя ли тези дневници..?

Линк към коментара
Сподели в други сайтове

Извинявам се, казах че не съм наясно. В момента нямам достъп до интернет от въпросния компютър, затова и не мога да изтегля програмите и да кача дневниците. 

Линк към коментара
Сподели в други сайтове

Ах ах ах...! Сега ще напиша скрипт и ще го изпълните като изтеглите файла и го запомняте на флашка. С нея го прехвърляте на проблемния компютър...и там го ипълнявате съгласно инструкцията..:

 

icon13.gif Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt

Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

Линк към коментара
Сподели в други сайтове

Такааа..! :)

 

FRST.gif Фикс с Farbar Recovery Scan Tool

 

icon13.gif Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt

Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

 

adwcleaner_new.png Сканиране с AdwCleaner
 
Моля, изтеглете и стартирайте програмата AdwCleaner (by Xplode):

  • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте Clean
  • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
  • Моля, да публикувате съдържанието на този лог в отговора си
  • Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

 

 

 

JRTbythisisu.png Сканиране с Junkware Removal Tool

 

Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

 

xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg  Дневници

 

В следващия си отговор, моля да включите следните дневници:

  • FixLog.txt
  • AdwCleaner[s0].txt
  • JRT.txt
Линк към коментара
Сподели в други сайтове

51a5bf3d99e8a-ComboFixlogo16.png Сканиране с ComboFix

 

i_arrow-r.gif Изтеглете ComboFix combofix.gif от тук и го запазете на десктопа си.
How to use ComboFix
icon_exclaim.gif Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.
Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to disable your security applications by amateur
icon_arrow.gif Стартирайте Combo-Fix.com combofix.gif и следвайте инструкциите.
Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:ComboFix.txt в следващия Ви коментар в тази тема.
i_exclaim.gif Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

Линк към коментара
Сподели в други сайтове

ComboFix 14-10-21.01 - home 10.2014 г.  22:51:33.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1026.18.4010.2164 [GMT 3:00]
Running from: c:\users\home\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\intellidownload\gunzip.exe
c:\users\home\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\DPINST.LOG
c:\windows\PFRO.log
c:\windows\SysWow64\embedded
c:\windows\SysWow64\embedded\License.txt
c:\windows\SysWow64\embedded\regsvr.exe
c:\windows\SysWow64\embedded\uninstall.exe
c:\windows\SysWow64\embedded\WizardImage.bmp
c:\windows\SysWow64\embedded\WizardSmallImage.bmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-22 to 2014-10-22  )))))))))))))))))))))))))))))))
.
.
2014-10-22 19:08 . 2014-10-22 19:08    --------    d-----w-    c:\windows\ERUNT
2014-10-22 18:36 . 2014-10-22 19:08    --------    d-----w-    C:\AdwCleaner
2014-10-22 12:09 . 2014-10-22 18:51    --------    d-----w-    C:\FRST
2014-10-16 06:06 . 2014-09-18 02:00    3241472    ----a-w-    c:\windows\system32\msi.dll
2014-10-15 18:26 . 2014-10-22 19:03    --------    d-----w-    c:\users\home\AppData\Roaming\ViberPC
2014-10-15 18:25 . 2014-10-22 19:01    --------    d-----w-    c:\users\home\AppData\Local\Viber
2014-10-15 18:21 . 2014-10-15 18:21    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2014-10-15 18:01 . 2014-10-15 18:01    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-10-13 19:59 . 2014-09-25 02:08    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-10-13 19:59 . 2014-09-25 01:40    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-09-23 17:34 . 2014-09-09 22:11    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-23 17:34 . 2014-09-09 21:47    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-14 14:35 . 2013-09-09 06:38    43064    ----a-w-    c:\windows\system32\drivers\avnetflt.sys
2014-10-14 14:35 . 2013-09-08 13:53    131608    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2014-10-14 14:35 . 2013-09-08 13:53    119272    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2014-08-23 02:07 . 2014-08-29 05:58    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-29 05:58    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-01 11:53 . 2014-09-10 07:08    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-10 07:08    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
2014-07-24 23:35 . 2014-07-24 23:35    875688    ----a-w-    c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 20:47 . 2014-07-24 20:47    869544    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet"="d:\install\BitComet\BitComet.exe" [2013-02-19 20529920]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2014-09-01 468192]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2014-02-14 1564992]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22065760]
"Viber"="c:\users\home\AppData\Local\Viber\Viber.exe" [2014-09-02 936656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-10-14 703736]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-02-14 311616]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-09-23 165168]
.
c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
Изрязване на екран и стартиране на OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-3-29 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VerbAce-Pro Startup Agent.lnk - c:\program files (x86)\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe AutoRun [2013-3-19 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mcdevice;mcdevice;c:\windows\system32\DRIVERS\mcdevice.sys;c:\windows\SYSNATIVE\DRIVERS\mcdevice.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Услуга на технологиите за активиране на Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;d:\install\BitComet\tools\BitCometService.exe;d:\install\BitComet\tools\BitCometService.exe [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-20 14:51    1089352    ----a-w-    c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-22 09:42]
.
2013-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1930440090-2118232510-1044211289-1000Core.job
- c:\users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-18 16:44]
.
2013-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1930440090-2118232510-1044211289-1000UA.job
- c:\users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-18 16:44]
.
2014-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf8af74cfc67c1.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 21:11]
.
2014-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cfed77b6378c9d.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 21:11]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 21:11]
.
2014-07-20 c:\windows\Tasks\VeriBrowse Update.job
- c:\program files (x86)\di4VeriBrowse\o6VeriBrowsee58.exe [2014-07-20 19:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 07:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 07:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 07:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 07:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 07:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 07:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-15 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-15 418584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-15 12558440]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:14368;https=127.0.0.1:14368
IE: &Експортиране към Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: &Изпрати към OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: &С&валяне &с BitComet - d:\install\BitComet\BitComet.exe/AddLink.htm
IE: &С&валяне на всички с BitComet - d:\install\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{45888567-AFA8-446E-B12B-3BC6A05FB4B7}: NameServer = 78.90.139.1,89.190.192.247
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-AEnglish Dictionary_is1 - d:\aediction\unins000.exe
AddRemove-vfd-ob - c:\program files (x86)\OApps\vfd-ob_uninstall.exe
AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
c:\users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-10-22  23:06:08 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-22 20:06
.
Pre-Run: 27 434 692 608 bytes free
Post-Run: 27 021 000 704 bytes free
.
- - End Of File - - A6ADBB3A726710E292DF67B9F4351B48
 

Спрях Real-time scanning, но все пак ComboFIx ми показваше, че не е спрян. Не знам дали е оказало някакво влияние.

Линк към коментара
Сподели в други сайтове

Добро утро..! Дневникът вече изглежда наред..!Какво е моментното състояние на системата ви..? Наблюдавате ли проблема с рекламите..?


+

 

GUZVCQN.jpg  Моля, изтеглете Malwarebytes Anti -Malware и го запомнете на вашия работен плот .
  Кликнете два пъти върху mbam-setup-consumer-2.0.0.1хххх.exe и следвайте инструкциите, за да инсталирате програмата .

  • В секцията Settings = > Detection and Protection => Detection Options, се поставя отметка в квадратчето 'Scan for rootkits'.

 

MBAMsettings.JPG

  • В главния прозорец на програмата , щракнете върху 'Update Now'
  • След актуализацията завърши, кликнете на бутона " 'Scan Now  " .
  • Ако има налична актуализация , щракнете върху бутона Update Now button .
  • Ще стартира Threat Scan.
  • Когато сканирането приключи, ако има някакви открити зарази , щракнете върху Apply Actions за да се позволи на Mbam да почисти засеченото. .

MBAMReboot.JPG

  •   След рестарта ,стартирайте Mbam още веднъж.
  •   Кликнете на History tab > Application Logs .
  •   Кликнете два пъти върху реда , който показва датата и часа на сканирането или View Detailed Log .
  •   Кликнете върху " Copy да Clipboard "

 

MBAMLog.JPG

 

  •   Поставете  съдържанието на клипборда в следващия си  отговор.

 

 

i_arrow-r.gif Изтеглете програмата: ESET Online Scanner

 

  • Стартирайте esetsmartinstaller_enu.exe 7c9e83b53227ef3d.jpg
  • Сложете отметка на YES, I accept the Terms of Use и изберете Start:

 

04ed1c15c0abe843.jpg

 

  • Скенерът ще започне да изтегля компонентите, които са му необходими:

 

3b734079c5ccd713.jpg

 

 

  • Уверете се, че Enable detection of potentially unwanted applications е избран.

 

Уверете се, че е премахната отметката от:

 

  • Remove found threats

Уверете се че са маркирани следните позиции:

  • Scan Archives

Кликнете върху Advanced Settings и маркирайте следните опции:

  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

Накрая изберете Start

 

2.JPG

 

Скенерът ще започне да изтегля последните дефиниции и ще започне сканиране на вашия компютър.
Моля, бъдете търпеливи, тъй като това може да отнеме известно време.

  • След, като сканирането завърши кликнете на List of found threats.
  • Щракнете върху Export, и запишете файла на вашия работен плот с  име  ESETScan. Копирайте съдържанието на този доклад, в следващия си отговор.
  • Изберете бутона Back.
  • Изберете бутона Finish.
Линк към коментара
Сподели в други сайтове

Рекламите изчезнаха и бързината се подобри. Ето и сканиранията:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23.10.2014 г.
Scan Time: 20:42:31 ч.
Logfile: mbam log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.23.06
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: home

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365100
Time Elapsed: 25 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 8
PUP.Optional.Revizer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\8069A870-60E0-C522-1193-603D4BE324F7, Quarantined, [d7ea110699e348ee30d8321f1ee27888],
PUP.Optional.HDPlus.A, HKLM\SOFTWARE\WOW6432NODE\HDtubeV1.6, Quarantined, [f1d0cc4bc7b570c62f31dd567c8710f0],
PUP.Optional.TrustedShopper.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fdjkhamgopgokjmllcmpkiijndjeidcl, Quarantined, [2b96e82fcfad4ee8b1e8325e31d3a65a],
PUP.Optional.GenericAddon.A, HKU\S-1-5-21-1930440090-2118232510-1044211289-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\GenericAddon, Delete-on-Reboot, [2b9620f7017b0e2876bd54d138cbb64a],
PUP.Optional.HDPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HDtubeV1.6, Quarantined, [bf021ff8a0dce3531c138e7a48bb8d73],
PUP.Optional.VeriBrowse.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{D531A561-8803-47D1-C782-84B828A115A8}, Quarantined, [20a10c0b324a8fa761705ead8d7635cb],
PUP.Optional.VeriBrowse.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EB400E71-DE5D-1AF5-B3F5-42B9EF64E6E2}, Quarantined, [20a10c0b324a8fa761705ead8d7635cb],
PUP.Optional.VeriBrowse.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D531A561-8803-47D1-C782-84B828A115A8}, Quarantined, [20a10c0b324a8fa761705ead8d7635cb],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 6
PUP.Optional.SmileysWeLove.A, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\jetpack\[email protected], Quarantined, [457c8d8a621a46f076670cfaf0135ea2],
PUP.Optional.SmileysWeLove.A, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\jetpack\[email protected]\simple-storage, Quarantined, [457c8d8a621a46f076670cfaf0135ea2],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6, Quarantined, [bf021ff8a0dce3531c138e7a48bb8d73],
PUP.Optional.VeriBrowse.A, C:\Program Files (x86)\di4VeriBrowse, Quarantined, [20a10c0b324a8fa761705ead8d7635cb],
PUP.Optional.TrustedShopper.A, C:\Users\home\AppData\LocalLow\trustedshopper, Quarantined, [4d740f08a3d976c0b1dd1bf74fb4b848],
PUP.Optional.TrustedShopper.A, C:\Users\home\AppData\Roaming\trustedshopper, Quarantined, [6f520512017bcf67a5eabe54d42f9b65],

Files: 49
PUP.Optional.Revizer, C:\Program Files (x86)\di4VeriBrowse\o6VeriBrowsee58.exe, Quarantined, [705161b68eeeeb4b12f68ec3a25ef30d],
PUP.Optional.Revizer, C:\Program Files (x86)\di4VeriBrowse\Uninstall.exe, Quarantined, [d7ea110699e348ee30d8321f1ee27888],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HDtubeV1.6\utils.exe, Quarantined, [843d69ae2359270fc051db65d030f709],
PUP.Optional.OpenCandy, C:\Users\home\Downloads\KMPlayer_3.7.0.113-aoc-jd.exe, Quarantined, [15acdc3bb4c86bcbce68c789b5508f71],
RiskWare.Tool.CK, C:\Windows\KMSEmulator.exe, Quarantined, [d8e9a3749be1b87ed5aacc6bb74b9a66],
PUP.Optional.VeriBrowse.A, C:\Windows\Tasks\VeriBrowse Update.job, Quarantined, [437ea86f255723134cabce6e956e1be5],
PUP.Optional.SmileysWeLove.A, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\jetpack\[email protected]\simple-storage\store.json, Quarantined, [457c8d8a621a46f076670cfaf0135ea2],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6\1293297481.mxaddon, Quarantined, [bf021ff8a0dce3531c138e7a48bb8d73],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6\21063e51-655b-4f3a-b8d3-15b053d8d567.crx, Quarantined, [bf021ff8a0dce3531c138e7a48bb8d73],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6\21063e51-655b-4f3a-b8d3-15b053d8d567.xpi, Quarantined, [bf021ff8a0dce3531c138e7a48bb8d73],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6\92a01de0-996d-4df9-ad72-57db477f0bef.crx, Quarantined, [bf021ff8a0dce3531c138e7a48bb8d73],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6\9cca707b-e081-4d91-8248-81ed6d2566ed.crx, Quarantined, [bf021ff8a0dce3531c138e7a48bb8d73],
PUP.Optional.HDPlus.A, C:\Program Files (x86)\HDtubeV1.6\Uninstall.exe, Quarantined, [bf021ff8a0dce3531c138e7a48bb8d73],
PUP.Optional.VeriBrowse.A, C:\Program Files (x86)\di4VeriBrowse\175.dat, Quarantined, [20a10c0b324a8fa761705ead8d7635cb],
PUP.Optional.VeriBrowse.A, C:\Program Files (x86)\di4VeriBrowse\175.dll, Quarantined, [20a10c0b324a8fa761705ead8d7635cb],
PUP.Optional.VeriBrowse.A, C:\Program Files (x86)\di4VeriBrowse\175.xpi, Quarantined, [20a10c0b324a8fa761705ead8d7635cb],
PUP.Optional.VeriBrowse.A, C:\Program Files (x86)\di4VeriBrowse\a.db, Quarantined, [20a10c0b324a8fa761705ead8d7635cb],
PUP.Optional.VeriBrowse.A, C:\Program Files (x86)\di4VeriBrowse\b.db, Quarantined, [20a10c0b324a8fa761705ead8d7635cb],
PUP.Optional.VeriBrowse.A, C:\Program Files (x86)\di4VeriBrowse\K9VeriBrowseTX175.bin, Quarantined, [20a10c0b324a8fa761705ead8d7635cb],
PUP.Optional.VeriBrowse.A, C:\Program Files (x86)\di4VeriBrowse\K9VeriBrowseTX175.exe, Quarantined, [20a10c0b324a8fa761705ead8d7635cb],
PUP.Optional.VeriBrowse.A, C:\Program Files (x86)\di4VeriBrowse\Sqlite3.dll, Quarantined, [20a10c0b324a8fa761705ead8d7635cb],
PUP.Optional.TrustedShopper.A, C:\Users\home\AppData\LocalLow\trustedshopper\channel.json, Quarantined, [4d740f08a3d976c0b1dd1bf74fb4b848],
PUP.Optional.TrustedShopper.A, C:\Users\home\AppData\LocalLow\trustedshopper\proxy.json, Quarantined, [4d740f08a3d976c0b1dd1bf74fb4b848],
PUP.Optional.TrustedShopper.A, C:\Users\home\AppData\Roaming\trustedshopper\channel.json, Quarantined, [6f520512017bcf67a5eabe54d42f9b65],
PUP.Optional.TrustedShopper.A, C:\Users\home\AppData\Roaming\trustedshopper\proxy.json, Quarantined, [6f520512017bcf67a5eabe54d42f9b65],
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.admin", false);), Replaced,[259c41d619638caa86f26bf5db2ae51b]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (ferences

/* Do not edit this file.
 *
 * If yo), Replaced,[f0d16aadfe7e87afa6d25f01ce3709f7]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (rences

/* Do not edit this file.
 *
 * If you make changes to this file while t), Replaced,[a819080f156721152c4cbda35fa6916f]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (e.
 *
 * If you make changes to this file while the ), Replaced,[c6fbb067047887af5721065abb4a59a7]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (ces

/* Do not edit this file.
 *
 * If you ), Replaced,[a71a2becd5a781b5caaece92a4612dd3]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (eferences

/* Do not edit this file.
 *
 * I), Replaced,[794839de5329191d245484dc48bde21e]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (eferences

/* Do not edit this file.
 *
 * If ), Replaced,[744d42d5de9e54e26315105042c3966a]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (erences

/* Do not edit this file.
 *
 * If you), Replaced,[c8f920f7700c86b082f6bea2bb4ada26]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (rences

/* Do not edit this file.
 *
 * If you mak), Replaced,[6c55997ea1dbc472d1a76af6689d6799]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (ces

/* Do not edit this file.
 *
 * If you make changes to this file while), Replaced,[3988e43325579f9780f80759fa0b36ca]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (s file.
 *
 * If you make changes to this file while the application is r), Replaced,[843df423fc8083b31464fc6427de5ca4]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: ( this file.
 *
 * If you make changes to this file w), Replaced,[be03bd5aa7d5f046a8d0a2bef015d729]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (ces

/* Do not edit this file.
 *
 * If you make), Replaced,[962ba96eb5c7a3935622f26e7b8a31cf]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (ences

/* Do not edit this file.
 *
 * If you make changes to ), Replaced,[a9180314acd063d3ea8ebda345c0d030]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: ( not edit this file.
 *
 * If you make changes t), Replaced,[c5fc65b2d4a8b680f68247194eb75aa6]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (erences

/* Do not edit this file.
 *
 * If you make ), Replaced,[b908987f304cdd5922561c44d0354db3]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (

/* Do not edit this file.
 *
 * If you make changes t), Replaced,[6c551cfbf08cdd59a9cf540cc3423cc4]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (
/* Do not edit this file.
 *
 * If you make ch), Replaced,[38891ef9770594a26810e878828313ed]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (erences

/* Do not edit this file.
 *
 * I), Replaced,[cdf4ed2a215b8aacd2a680e0f5104ab6]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (Preferences

/* Do not edit this file.
 *
 * If ), Replaced,[457c5eb9e597f442c0b876ea897c46ba]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (ences

/* Do not edit this file.
 *
 * If you m), Replaced,[f0d1b166a6d6ba7c81f798c818edf709]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (rences

/* Do not edit this file.
 *
 * If you ma), Replaced,[5e6368af7b0154e27efadc84f015b050]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (nces

/* Do not edit this file.
 *
 * If you make changes ), Replaced,[5d64cf484a3215217800e57ba95c7f81]
PUP.Optional.BuenoSearch, C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\prefs.js, Good: (), Bad: (* Do not edit this file.
 *
 * If you make changes t), Replaced,[29986ea91c60ac8a1761312f23e28d73]

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

ESET Scan

 

C:\AdwCleaner\Quarantine\C\ProgramData\Ask\APN-Stub\PTV\APNIC.dll.vir    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\genienext\nengine.dll.vir    Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie2.1.35.zip.vir    Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\DaemonProcess.exe.vir    Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\Mobogenie.exe.vir    a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\MUServer.apk.vir    a variant of Android/Mobserv.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\nengine.dll.vir    Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\UpdateMoboGenie.exe.vir    a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\home\AppData\Roaming\newnext.me\nengine.dll.vir    Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\home\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir    Win32/Systweak.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir    a variant of Win64/Systweak.A potentially unwanted application
C:\Downloads\Office 2010 Toolkit and EZ-Activator 2.0.1 Final\Office 2010 Toolkit.exe    a variant of MSIL/HackKMS.A potentially unsafe application
C:\FRST\Quarantine\C\Program Files (x86)\di4VeriBrowse\K9VeriBrowseTX175.dll.xBAD    a variant of Win32/AdWare.AddLyrics.BB application
C:\FRST\Quarantine\C\Users\home\AppData\Local\Temp\BackupSetup.exe.xBAD    MSIL/MyPCBackup.A potentially unwanted application
C:\FRST\Quarantine\C\Users\home\AppData\Local\Temp\BuenoSearchTB.exe.xBAD    a variant of Win32/Toolbar.Babylon.AD potentially unwanted application
C:\FRST\Quarantine\C\Users\home\AppData\Local\Temp\KMP_3.3.0.33.exe.xBAD    Win32/SoftonicDownloader.D potentially unwanted application
C:\FRST\Quarantine\C\Users\home\AppData\Local\Temp\KMP_3.4.0.59.exe.xBAD    Win32/SoftonicDownloader.E potentially unwanted application
C:\FRST\Quarantine\C\Users\home\AppData\Local\Temp\KMP_3.5.0.77.exe.xBAD    Win32/SoftonicDownloader.E potentially unwanted application
C:\FRST\Quarantine\C\Users\home\AppData\Local\Temp\KMP_3.6.0.87.exe.xBAD    Win32/SoftonicDownloader.E potentially unwanted application
C:\FRST\Quarantine\C\Users\home\AppData\Local\Temp\KMP_3.8.0.122.exe.xBAD    a variant of Win32/SoftonicDownloader.F potentially unwanted application
C:\FRST\Quarantine\C\Users\home\AppData\Local\Temp\KMP_3.9.0.124.exe.xBAD    Win32/SoftonicDownloader.G potentially unwanted application
C:\FRST\Quarantine\C\Users\home\AppData\Local\Temp\KMP_3.9.0.126.exe.xBAD    a variant of Win32/SoftonicDownloader.G potentially unwanted application
C:\FRST\Quarantine\C\Users\home\AppData\Local\Temp\KMP_3.9.0.128.exe.xBAD    a variant of Win32/SoftonicDownloader.G potentially unwanted application
C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\home\Downloads\cbsidlm-cbsi145-Magic_Camera-ORG-10553616.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Windows\Installer\162d2cf3.msi    a variant of Win32/Systweak.L potentially unwanted application
D:\INSTALL\Windows Loader\Windows Loader\Windows Loader.exe    Win32/HackTool.WinActivator.I potentially unsafe application
 

Линк към коментара
Сподели в други сайтове

Добър вечер..!

 

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

 

KILLALL::
ClearJavaCache::

File::
C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe   
C:\Users\home\Downloads\cbsidlm-cbsi145-Magic_Camera-ORG-10553616.exe   
C:\Windows\Installer\162d2cf3.msi   

 
 
 След съхранението преместете  CFScript.txt на иконата на ComboFix.exe

CFScriptB-4.gif

Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

Линк към коментара
Сподели в други сайтове

Добра да е! Ето и новия лог:

ComboFix 14-10-21.01 - home 10.2014 г.  19:31:02.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1026.18.4010.2401 [GMT 3:00]
Running from: c:\users\home\Desktop\ComboFix.exe
Command switches used :: c:\users\home\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"
"c:\users\home\Downloads\cbsidlm-cbsi145-Magic_Camera-ORG-10553616.exe"
"c:\windows\Installer\162d2cf3.msi"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe
c:\users\home\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\home\Downloads\cbsidlm-cbsi145-Magic_Camera-ORG-10553616.exe
c:\windows\Installer\162d2cf3.msi
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-24 to 2014-10-24  )))))))))))))))))))))))))))))))
.
.
2014-10-24 16:43 . 2014-10-24 16:43    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-10-24 16:43 . 2014-10-24 16:43    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-23 19:25 . 2014-10-23 19:25    --------    d-----w-    c:\program files (x86)\ESET
2014-10-23 17:38 . 2014-10-24 16:49    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-23 17:38 . 2014-10-23 17:38    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-23 17:38 . 2014-10-23 17:38    --------    d-----w-    c:\programdata\Malwarebytes
2014-10-23 17:38 . 2014-10-01 08:11    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-23 17:38 . 2014-10-01 08:11    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-23 17:38 . 2014-10-01 08:11    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-10-22 19:08 . 2014-10-22 19:08    --------    d-----w-    c:\windows\ERUNT
2014-10-22 18:36 . 2014-10-22 19:08    --------    d-----w-    C:\AdwCleaner
2014-10-22 12:09 . 2014-10-22 18:51    --------    d-----w-    C:\FRST
2014-10-16 06:06 . 2014-09-18 02:00    3241472    ----a-w-    c:\windows\system32\msi.dll
2014-10-15 18:26 . 2014-10-24 16:48    --------    d-----w-    c:\users\home\AppData\Roaming\ViberPC
2014-10-15 18:25 . 2014-10-24 16:46    --------    d-----w-    c:\users\home\AppData\Local\Viber
2014-10-15 18:21 . 2014-10-15 18:21    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2014-10-15 18:01 . 2014-10-15 18:01    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-10-13 19:59 . 2014-09-25 02:08    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-10-13 19:59 . 2014-09-25 01:40    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-14 14:35 . 2013-09-09 06:38    43064    ----a-w-    c:\windows\system32\drivers\avnetflt.sys
2014-10-14 14:35 . 2013-09-08 13:53    131608    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2014-10-14 14:35 . 2013-09-08 13:53    119272    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2014-09-09 22:11 . 2014-09-23 17:34    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-23 17:34    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-08-23 02:07 . 2014-08-29 05:58    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-29 05:58    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-01 11:53 . 2014-09-10 07:08    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-10 07:08    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet"="d:\install\BitComet\BitComet.exe" [2013-02-19 20529920]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2014-09-01 468192]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2014-02-14 1564992]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22065760]
"Viber"="c:\users\home\AppData\Local\Viber\Viber.exe" [2014-09-02 936656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-10-14 703736]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-02-14 311616]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-09-23 165168]
.
c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
Изрязване на екран и стартиране на OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-3-29 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VerbAce-Pro Startup Agent.lnk - c:\program files (x86)\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe AutoRun [2013-3-19 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mcdevice;mcdevice;c:\windows\system32\DRIVERS\mcdevice.sys;c:\windows\SYSNATIVE\DRIVERS\mcdevice.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Услуга на технологиите за активиране на Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;d:\install\BitComet\tools\BitCometService.exe;d:\install\BitComet\tools\BitCometService.exe [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-20 14:51    1089352    ----a-w-    c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-22 09:42]
.
2013-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1930440090-2118232510-1044211289-1000Core.job
- c:\users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-18 16:44]
.
2013-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1930440090-2118232510-1044211289-1000UA.job
- c:\users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-18 16:44]
.
2014-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf8af74cfc67c1.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 21:11]
.
2014-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cfed77b6378c9d.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 21:11]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 21:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\home\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 07:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 07:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 07:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 07:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 07:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 07:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-15 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-15 418584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-15 12558440]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:14368;https=127.0.0.1:14368
IE: &Експортиране към Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: &Изпрати към OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: &С&валяне &с BitComet - d:\install\BitComet\BitComet.exe/AddLink.htm
IE: &С&валяне на всички с BitComet - d:\install\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{45888567-AFA8-446E-B12B-3BC6A05FB4B7}: NameServer = 78.90.139.1,89.190.192.247
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AEnglish Dictionary_is1 - d:\aediction\unins000.exe
AddRemove-vfd-ob - c:\program files (x86)\OApps\vfd-ob_uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
c:\users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-10-24  20:06:14 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-24 17:06
ComboFix2.txt  2014-10-22 20:06
.
Pre-Run: 26 145 423 360 bytes free
Post-Run: 25 743 794 176 bytes free
.
- - End Of File - - 53234A642B482CC34DB202E90AFDFF6A
 

Линк към коментара
Сподели в други сайтове

Ами това е от мен..!Дневника е чист..!Ако нямате други въпроси да се ориентираме към приключване..всъщност още една проверка за да видя последно как са нещата:

 

icon1348768721.jpg  Изтеглете Security Check (автор: screen317) от тук

  • Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
  • Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.
  • Копирайте съдържанието на checkup.txt с Копирай (Copy) и с Постави (Paste) го поставете в следващия си коментар.

 

+

 

Моля, изтеглете ZOEK (by Smeenk) и да го запишете на вашия работен плот
Временно деактивирайте вашата антивирусна и антишпионска защита - инструкции тук

  • Щракнете с десния бутон върху тази икона  51a612a8b27e2-Zoek.pngи изберете RunAsAdmin.jpg Run as Administrator, за да стартирате инструмента.
  • Изчакайте търпеливо, докато  се появи  главната конзола (може да отнеме минута или две).

52b6de58f1952-Zoek_Startpagina_5.0.0.0.P

  • В главния прозорец, моля поставете в следния скрипт:

 

createsrpoint;
autoclean;
emptyalltemp;


  • Уверете се, че  опцията Scan All Users е маркирана.
  • Натиснете Run Script и изчакайте. Сканирането може да отнеме няколко минути.
  • Когато сканирането приключи, ще се отвори лог файл с име zoek-results.
  • Ако е необходимо рестартиране, той ще се отвори след това.
  • Копирайте съдържанието му в следващия си отговор.
Линк към коментара
Сподели в други сайтове

Това са новите сканирания. Искам да питам само дали да деинсталирам всички софтуери или е хубаво да запазя някой?

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 51  
 Java version out of Date!
  Adobe Flash Player 13.0.0.214 Flash Player out of Date!  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (33.0)
 Google Chrome 37.0.2062.124  
 Google Chrome 38.0.2125.104  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 

Zoek.exe v5.0.0.0 Updated 24-10-2014
Tool run by home on бкЎ 25.10.2014 Ј. at 12:41:30,30.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\home\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

25.10.2014 г. 12:42:24 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default

user.js not found
---- Lines buenosearch removed from prefs.js ----
user_pref("extensions.buenosearch.admin", false);
user_pref("extensions.buenosearch.aflt", "babsst");
user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
user_pref("extensions.buenosearch.autoRvrt", "false");
user_pref("extensions.buenosearch.bbDpng", "9");
user_pref("extensions.buenosearch.cntry", "BG");
user_pref("extensions.buenosearch.dfltLng", "en");
user_pref("extensions.buenosearch.excTlbr", false);
user_pref("extensions.buenosearch.ffxUnstlRst", true);
user_pref("extensions.buenosearch.hdrMd5", "7F8D80852BE7D21838DAC948FAF6BC94");
user_pref("extensions.buenosearch.id", "12ce2201000000000000dca971432e5d");
user_pref("extensions.buenosearch.instlDay", "16229");
user_pref("extensions.buenosearch.instlRef", "sst");
user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.71:56:13");
user_pref("extensions.buenosearch.newTab", false);
user_pref("extensions.buenosearch.prdct", "buenosearch");
user_pref("extensions.buenosearch.prtnrId", "buenosearch");
user_pref("extensions.buenosearch.rvrt", "false");
user_pref("extensions.buenosearch.sg", "azb");
user_pref("extensions.buenosearch.smplGrp", "none");
user_pref("extensions.buenosearch.tlbrId", "base");
user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
user_pref("extensions.buenosearch.vrsnTs", "1.8.28.71:56:13");
user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
---- Lines outobox removed from prefs.js ----
user_pref("extensions.outobox.aul", "1388230633206");
user_pref("extensions.outobox.irl", true);
user_pref("extensions.outobox.is", "cbslugp11");
user_pref("extensions.outobox.ug", "C9694F40-49B6-4BCA-9860-1AAFBB6CC963");
---- Lines quick_start removed from prefs.js ----
user_pref("extensions.quick_start.enable_search1", false);
user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
---- FireFox user.js and prefs.js backups ----

prefs_25.10.2014Ј._1254_.backup

==== Deleting Files \ Folders ======================

C:\Users\home\.android deleted
C:\PROGRA~2\TorrentSearch deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\home\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted
C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\jetpack deleted
C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default\extensions\[email protected] deleted
"C:\PROGRA~2\VerbAce Research\VerbAce-Pro\HookDll.dll" deleted
"C:\PROGRA~2\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe" deleted
"C:\PROGRA~2\VerbAce Research" not deleted
"C:\PROGRA~2\VerbAce Research\VerbAce-Pro" not deleted

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{CF162B0D-2D4A-684B-E0ED-746C8BEB4628}"="C:\Program Files (x86)\di4VeriBrowse\175.xpi" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default
- BitComet - %ProfilePath%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h9cciybf.default
3CD19649B2C3023D65E67C056457A2BC    - C:\Users\home\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -    Facebook Video Calling Plugin
A58DE0A570148AF5FF3512B2A340D09F    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll -    Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]


==== Chromium Startpages ======================

C:\Users\home\AppData\Local\Bromium\User Data\Default\Preferences
{"homepage_is_newtabpage":false,"homepage":"http://www.yandex.ru/?clid=133922","session":{"urls_to_restore_on_startup":["http://www.yandex.ru/?clid=133922"]},"browser":{"show_home_button":true},"pinned_tabs":[{"url":"http://www.yandex.ru/?clid=1790392"},{"url":"http://mail.yandex.ru/?clid=1790392"}]}

C:\Users\home\AppData\Local\Chromium\User Data\Default\Preferences
"homepage": "http://www.buenosearch.com/?babsrc=HP_ss_nch_chromium&mntrId=12CEDCA971432E5D&affID=128492&tsp=5272",

C:\Users\home\AppData\Local\Comodo\Dragon\User Data\Default\Preferences
{"homepage_is_newtabpage":false,"homepage":"http://www.yandex.ru/?clid=133922","session":{"urls_to_restore_on_startup":["http://www.yandex.ru/?clid=133922"]},"browser":{"show_home_button":true}}

C:\Users\home\AppData\Local\Xpom\User Data\Default\Preferences
{"homepage_is_newtabpage":false,"homepage":"http://www.yandex.ru/?clid=133922","session":{"urls_to_restore_on_startup":["http://www.yandex.ru/?clid=133922"]},"browser":{"show_home_button":true}}

C:\Users\home\AppData\Local\Yandex\Internet\User Data\Default\Preferences
{"homepage_is_newtabpage":false,"homepage":"http://www.yandex.ru/?clid=133922","session":{"urls_to_restore_on_startup":["http://www.yandex.ru/?clid=133922"]},"browser":{"show_home_button":true},"pinned_tabs":[{"url":"http://www.yandex.ru/?clid=1790392"},{"url":"http://mail.yandex.ru/?clid=1790392"}]}


==== Chromium Fix ======================

C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.webssearches.com_0.localstorage deleted successfully
C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.webssearches.com_0.localstorage deleted successfully
C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_flliilndjeohchalpbbcdekjklbdgfkk_0.localstorage deleted successfully
C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1930440090-2118232510-1044211289-1000\Software\Mozilla\Firefox\Extensions\{CF162B0D-2D4A-684B-E0ED-746C8BEB4628} deleted successfully
HKEY_USERS\S-1-5-21-1930440090-2118232510-1044211289-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Mozilla\Firefox\Extensions\{CF162B0D-2D4A-684B-E0ED-746C8BEB4628} deleted successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:14368;https=127.0.0.1:14368"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vfd-ob deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\home\AppData\Local\Mozilla\Firefox\Profiles\h9cciybf.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=351 folders=84 16253873 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\home\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\home\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\VerbAce Research"  not found
"C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on бкЎ 25.10.2014 Ј. at 12:59:09,82 ======================
 

Линк към коментара
Сподели в други сайтове

Приключваме ..имате ли все още проблеми..?
 
Деинсталирайте ComboFix така:

  • Натиснете Start ==> Run ==> въведете командата Combofix /Uninstall ==> OK

CF.jpg
 
Моля, следвайте инструкциите, за да деинсталирате ComboFix. Ще получите съобщение, в което се казва ComboFix е деинсталиран успешно.
 
 
icon_arrow.gif Изтеглете следния файл и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи публикувайте лог файла - fixlog.txt, който ще се създаде след работата. Той трябва да изтрие карантинната папка на инструмента разположена в C:FRSTQuarantine.
 
 
icon_arrow.gif Изтеглете DelFix и го стартирайте. Сложете отметка пред Remove disinfection tools и след това натиснете бутона Run
Инструмента ще се самоизтрие след като приключи своята задача!
 
1_tmb_68929169_delfix.gif.jpg
 
 
icon_exclaim.gif Деинсталирайте adwcleaner.exe

  • Моля, затворете всички отворени програми и интернет браузъри.
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Кликнете върху Uninstall .
  • Щракнете върху Yes за да деинсталирате Adwcleaner
  •  

icon_arrow.gif Деинсталирайте ESET Online Scaner.

  • Start => Run, въведете control appwiz.cpl в полето.След това натиснете ENTER.
  • Изберете ESET Online Scanner от списъка с приложения, а след това маркирайте Remove. Aко бъдете подканени рестартирайте компютъра си.

 

icon_arrow.gif Препоръчвам програмата Malwarebytes' Anti-Malware да остане на вашия компютър и периодично да сканирате системата си с нея (поне един -два пъти в седмицата),като не забравяйте да обновите дефинициите и преди всяко сканиране..!Напомням че това не е антивирусна програма а едно изключително добро допълнение към нея..!
 
 
vxyzw0.gif Java не е актуална а по-старите версии съдържат уязвимости. Нужно е да обновете до най-новата версия:
Изтеглете най-новата версия от тук: Free Java Download
Важно е да се отстранят по-стари версии на Java, тъй като тя не прави това автоматично и старите версии все още ви оставя уязвими.
Отидете на Start > Control Panel > отворете Uninstall a program
Намерете в списъка  всички предишни инсталирани версии на Java. (J2SE Runtime Environment).Във вашия случай:Java™ 7 Update 51. Изберете всяка поотделно и я деинсталирайте като щракнете върху Uninstall.След като старите версии са премахнати, моля инсталирайте най-новата версия.
 
 
vxyzw0.gif 
1.Деинсталирайте и старите версии на Adobe Flash Player....вижте тази статия : Uninstall Flash Player
2. Затворете всички стартирани приложения, включително  Internet Explorer или други браузъри, както и приложения (като AOL Instant Messenger, Yahoo Messenger, MSN Messenger).
3. Кликнете два пъти върху файла, който сте изтеглили, за да деинсталирате Flash.
4. Ако е деинсталиран успешно, отидете на този сайт: Downloads . Инсталирайте Adobe Flash Player , и изберете Приемам и инсталиратне сега. Това ще инсталира най-новата версия на Flash за вашия браузър (обърнете внимание: Flash плъгини за IE и Firefox, трябва да бъдат монтирани отделно).

Забележка: Препоръчвам ви да махнете незадължителните отметки и да избегнете да  инсталирате (Free McAfee Security Scan или Free Toolbar Google).

 

 

vxyzw0.gifИзползвайте програмите PatchMyPC или Secunia Personal Software Inspector за да инсталирайте всички ъпдейти и последни версии на софтуер, които инструментите ви предложат.

 

 

Хубаво е да направите и една дефрагментация на диска с помоща на:

  • Не се препоръчва дефрагментация на SSD Твърд диск

    Изтеглете MyDefrag и я инсталирайте.
     
    Изберете System Disk Monthly => Посочете системния и recovery дяловете и натиснете Run
     
    t23MhLW.png
     
    Може да отнеме доста време...след като приключи ще изпише Finished и можете да затворите програмата от X-са
     
    How+do+I+consolidate+free+space+using+My
     
    След това рестартирайте системата.

 

Предлагам ви да използвате тази много добра малка програма, която автоматично ще премахва всички нежелани допълнения  по време на инсталирането на софтуера. Това помага за предотвратяване на инсталиране на зловреден код.
 
Кликнете тук за да изтеглите програмата и я инсталирайте..!

 

xunchecky1_zps667e512d.jpg.pagespeed.ic.

xunchecky2_zpsca4e7d0d.jpg.pagespeed.ic.

 

 

Ако има инструменти, папки или логове от използваните от нас неща и те не са се изтрили при горе-споменатите процедури, ги изтрийте ръчно.
 
Ако нямате други въпроси маркирам случая за "Решен"...! Пожелавам лек ден и безопасен интернет..! :)

Линк към коментара
Сподели в други сайтове

Имам проблем с постоянно изкачащи реклами

 

 

Вие няма ли да прочетете най-накрая правилата на подраздела..? Това на какъв език да се напише..:

 

 

Създайте своя собствена тема в подфорума Премахване на зловреден софтуер - HiJackThis логове, използвайки бутона Нова Тема.

Линк към коментара
Сподели в други сайтове

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Подобни теми

    • от CaptainJord
      Здравейте, от известно време системата ми не работи както обикновенно. Много често процесора е към 100%, както и другите статистики. Също така, докато съм пуснал някоя игра получавам рязки спадове на FPS, което не е нормално за компютъра ми. Имам стабилна конфигурация GTX 1050 TI 4gb I5 6600k. Теглих какви ли не програми за сканиране на malware - намираха доста зловредни файлове, но уж ги чистят, а пак продължава проблема...
       

       
      Addition.txt FRST.txt

    • от FrankyF
      Здравейте, на скоро ми излезе един попъп :

      И понеже нямах антивирусна преди това исках да направя профилактична проверка.
      Прикачвам FRST & Adition.
      Adition - https://dox.abv.bg/download?id=ec814d8d64# - Линк за сваляне
      ckfiles - https://dox.abv.bg/download?id=e280a29d87# - Линк за сваляне
      FRST - https://dox.abv.bg/download?id=bb2866b435# - Линк за сваляне
      Днес като стартирах PC  видях за около части от секундата 4 терминала които се отвориха и затвориха.
       
      Благодаря предварително.
      Поздрави
    • от blazarow09
      От скоро ползвам машината и след като я закупих(нова) Windows defender беше спрян по подразбиране и на негово място имаше Norton Security, като аз прецених да го оставя, въпреки, че винаги съм ползвал Windows Defender. Преди седмица-две, след сканиране на системата ми излязоха няколко зловредни файла и антивирусната започна да спрами за някакви BitCoin Miners, аз мислех, че съм ги зачистил, но явно все още има останали зловредни файлове и днес ми се наложи да отворя Device Manager-a, като получих това съобщение.
       
      Не усещам разлика в performance-a на самата машина, но искам да съм сигурен, че всичко е наред и няма файлове, които могат да ми навредят за в бъдеще.

      Прикачвам логовете от Farbar и се надявам да ми помогнете. Благодаря предварително!
      Addition.txt FRST.txt
    • от Yanichka
      Здравейте. Имам проблеми с лаптопа ми от известно време - много е бавен, пренатоварва се и CPU-то работи на по-малко от  50%.. Бях посъветвана първо да проверя за вируси и нежелани софтуери, преди да предприема други мерки. Лаптопът е DELL Latitude E5540, Intel inside core i7 vPro. Да кажем, че  е средно на около 6 годинки :)) Коя антивирусна програма бихте ми препоръчали? Ако имате нужда от още информация за лаптопа, само пишете ;))  Благодаря предварително
  • Дарение

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване