Премини към съдържанието
От 1-ви септември 2021 г., вход във форумите ще е възможен само с имейл адрес вместо потребителско име. Ако не помните имейла с който сте се регистрирали, вижте го в настройките на профила си. ×
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Съмнение за инфектирана система


Препоръчан отговор


Здравейте ! Имам няколко проблема със Windows'а първия е че при всеки старт ми се появяват тези грешки:

7765533x.jpg

Второ не мога да си променя темата от Персонализиране показва ми тая грешка:

7763856Q.jpg

Ето логовете от FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014
Ran by Asr (administrator) on OKTAY-PC on 06-12-2014 13:16:34
Running from C:\Users\Asr\Downloads
Loaded Profile: Asr (Available profiles: Asr)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Английски (Съединени щати)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Vimicro) C:\Windows\VM305_STI.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Facebook Inc.) C:\Users\Asr\AppData\Local\Facebook\Update\FacebookUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(GlavSoft LLC.) E:\Програми\PC Server\tvnserver.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(globalUpdate) C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5075104 2014-02-24] (ESET)
HKLM\...\Run: [bigDog305] => C:\Windows\VM305_STI.EXE [61440 2005-08-05] (Vimicro)
HKLM\...\Run: [uSB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
HKLM\...\Run: [unlockerAssistant] => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
HKLM\...\Run: [tvncontrol] => "E:\D>3D4<8\PC Server\tvnserver.exe" -controlservice -slave
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11930696 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [avgnt] => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\Run: [RGSC] => D:\Games\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\Run: [northbridge] => C:\Intel\northbridge.exe [2337471 2013-12-20] ()
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe ",EntryPoint -m l
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\Run: [Newgen] => C:\SkinPack\Newgen\Newgen.exe
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\Run: [Google Update] => "C:\Users\Asr\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\Run: [Facebook Update] => C:\Users\Asr\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-02] (Facebook Inc.)
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\Run: [NoIPDUCv4] => "E:\D>3D4<8\No-IP\DUC40.exe" /minimize
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\MountPoints2: {5930e241-e8a1-11e3-a81d-bc5ff4bcce8d} - G:\Install.exe
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\MountPoints2: {e6604917-40a8-11e3-832c-f403674c6319} - G:\ASRSetup.exe
AppInit_DLLs: c:\progra~1\gs_boo~1\assist~1.dll => c:\progra~1\gs_boo~1\assist~1.dll File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\Asr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\smdmf\x64\sysapcrt.dll
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA8B1AED36FF7CE01
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1404929625&from=amt&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S651512615126
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM - (No Name) - {31264a33-a653-46c4-af49-1232c59a7da5} -  No File
URLSearchHook: HKU\S-1-5-21-4210664396-1758802160-2935120067-1000 - (No Name) - {31264a33-a653-46c4-af49-1232c59a7da5} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1404929625&from=amt&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S651512615126
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?sid=498&aid=121&itype=n&ver=13114&tm=407&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4210664396-1758802160-2935120067-1000 -> DefaultScope {02CBE1FC-CB5A-4EB3-A42C-75AF25FA9915} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210664396-1758802160-2935120067-1000 -> {02CBE1FC-CB5A-4EB3-A42C-75AF25FA9915} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210664396-1758802160-2935120067-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4210664396-1758802160-2935120067-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1404929625&from=amt&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S651512615126&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210664396-1758802160-2935120067-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL =
BHO: No Name -> {31264a33-a653-46c4-af49-1232c59a7da5} ->  No File
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\Asr\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File
BHO: lookinglink -> {84dfb3ca-9212-4fba-bf3a-a66c4a02a48f} -> C:\Program Files\lookinglink\lookinglinkBHO.dll No File
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - SiteFinder - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll No File
Toolbar: HKLM - No Name - {31264a33-a653-46c4-af49-1232c59a7da5} -  No File
Toolbar: HKU\S-1-5-21-4210664396-1758802160-2935120067-1000 -> No Name - {51DB4E76-C083-48CD-BF88-BD8DABCD15A4} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Asr\AppData\Roaming\Mozilla\Firefox\Profiles\3hxv8rwv.default
FF Homepage: https://www.google.bg/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @nullsoft.com/winampDetector;version=1 -> E:\Winamp Detect\npwachk.dll No File
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-4210664396-1758802160-2935120067-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Asr\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-4210664396-1758802160-2935120067-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Asr\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-4210664396-1758802160-2935120067-1000: @talk.google.com/O1DPlugin -> C:\Users\Asr\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-4210664396-1758802160-2935120067-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Asr\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-4210664396-1758802160-2935120067-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Asr\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-4210664396-1758802160-2935120067-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Asr\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4210664396-1758802160-2935120067-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Asr\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Asr\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Asr\AppData\Roaming\Mozilla\Firefox\Profiles\3hxv8rwv.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\911bg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pe-bg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: YouTube mp3 - C:\Users\Asr\AppData\Roaming\Mozilla\Firefox\Profiles\3hxv8rwv.default\Extensions\[email protected] [2014-10-18]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-02]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Asr\AppData\Local\Flvto Plugin for Firefox\flvto_1.7.0.xpi
FF Extension: No Name - C:\Users\Asr\AppData\Local\Flvto Plugin for Firefox\flvto_1.7.0.xpi [2013-10-01]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Asr\AppData\Roaming\Mozilla\Firefox\Profiles\x3blg523.default-1394314725043\extensions\[email protected]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-09-05]
FF HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\Asr\AppData\Local\Flvto Plugin for Firefox\flvto_1.7.0.xpi

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: Default -> "https://www.google.bg/?gws_rd=ssl"
CHR Profile: C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Диск) - C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-16]
CHR Extension: (YouTube) - C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-16]
CHR Extension: (Google Търсене) - C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-16]
CHR Extension: (GoSAvve) - C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgnkdlkndlpnkgdkhmmooieecgbhjipf [2014-09-23]
CHR Extension: (Tiësto) - C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh [2014-11-26]
CHR Extension: (Моята тема за Chrome) - C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-07-09]
CHR Extension: (Gmail) - C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-16]
CHR HKLM\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Users\Asr\AppData\Local\Temp\swlfiles\smileyswelovetoolbar.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - No Path
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1343408 2014-02-24] (ESET)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2014-11-06] (NVIDIA Corporation)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-08] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-08] (globalUpdate) [File not signed]
S2 hlsm; E:\Програми\HLSM\hlsm.exe [1019392 2011-05-13] (Rulzy Studio) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18182984 2014-11-06] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-17] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [203848 2013-02-19] (Realtek Semiconductor)
R2 tvnserver; E:\Програми\PC Server\tvnserver.exe [1690096 2013-07-19] (GlavSoft LLC.)
S2 5ba659a8; "C:\Windows\system32\rundll32.exe" "c:\progra~1\gs_boo~1\AssistantSvc.dll",service
S2 Update lookinglink; "C:\Program Files\lookinglink\updatelookinglink.exe" [X]
S2 Util lookinglink; "C:\Program Files\lookinglink\bin\utillookinglink.exe" [X]
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2014-06-16] (Phoenix Technologies) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-05-31] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d6232.sys [368392 2013-02-26] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 ei2c; C:\Windows\system32\drivers\ei2c.sys [18224 2014-12-02] (Nicomsoft Ltd.)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [122376 2013-09-17] (ESET)
S3 hid3331; C:\Windows\System32\drivers\hid3331.sys [41336 2008-05-19] ( )
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [40936 2013-03-14] ()
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [17032 2012-12-21] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [359560 2012-12-21] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [792712 2012-12-21] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-01-11] (Intel Corporation)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [18224 2014-12-02] (Nicomsoft Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18760 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [33096 2014-10-03] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-05-30] (Duplex Secure Ltd.)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [180672 2011-02-18] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 ZSMC0305; C:\Windows\System32\Drivers\usbVM305.sys [391688 2006-05-08] (Vimicro Corporation)
U3 a10b3qyr; C:\Windows\system32\Drivers\a10b3qyr.sys [0 ] (Microsoft Corporation)
S3 AxtuDrv; \??\C:\Windows\system32\Drivers\AxtuDrv.sys [X]
S3 h643331; system32\drivers\h643331.sys [X]
S2 NEWDRIVER; \??\C:\Windows\system32\WinVDEdrv6.sys [X]
S3 OSFMount; \??\D:\Games\Counter-Strike Global Offensive\image\x86\OSFMount.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XFDriver; \??\C:\Program Files\Xfire2\XFDriver.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-06 13:16 - 2014-12-06 13:16 - 00025403 _____ () C:\Users\Asr\Downloads\FRST.txt
2014-12-06 13:16 - 2014-12-06 13:16 - 00000000 ____D () C:\FRST
2014-12-06 13:14 - 2014-12-06 13:14 - 01110016 _____ (Farbar) C:\Users\Asr\Downloads\FRST.exe
2014-12-05 17:10 - 2013-04-23 02:13 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-12-05 16:50 - 2014-12-05 16:50 - 00112208 _____ () C:\Users\Asr\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-05 15:49 - 2014-12-05 16:01 - 00005456 _____ () C:\Personalization_Panel_Undo.log
2014-12-05 14:32 - 2014-12-05 14:28 - 00001035 _____ () C:\Users\Oktay-PC\Desktop\Adobe Photoshop CC 2014 (32 Bit).lnk
2014-12-04 20:26 - 2014-12-04 20:26 - 00002057 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Update Management Tool.lnk
2014-12-04 20:15 - 2014-12-05 14:28 - 00001035 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014 (32 Bit).lnk
2014-12-04 20:12 - 2014-12-05 14:26 - 00001511 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2014-12-04 15:16 - 2014-12-04 15:16 - 00000000 ____D () C:\Windows\Sun
2014-12-02 19:12 - 2014-12-02 19:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-02 16:36 - 2014-12-02 16:36 - 00018224 _____ (Nicomsoft Ltd.) C:\Windows\system32\Drivers\mi2c.sys
2014-12-02 16:33 - 2014-12-02 16:33 - 00018224 _____ (Nicomsoft Ltd.) C:\Windows\system32\Drivers\ei2c.sys
2014-12-02 16:26 - 2014-12-02 16:38 - 00000000 ____D () C:\Program Files\i-Menu
2014-12-02 16:26 - 2014-12-02 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screen+
2014-12-02 16:26 - 2014-12-02 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Menu
2014-12-02 16:26 - 2014-12-02 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Saver
2014-12-02 16:26 - 2014-12-02 16:26 - 00000000 ____D () C:\Program Files\Screen+
2014-12-02 16:26 - 2014-12-02 16:26 - 00000000 ____D () C:\Program Files\e-Saver
2014-11-28 21:13 - 2014-11-28 21:13 - 00000000 ____D () C:\Users\Asr\AppData\Local\Dataram_Corporation
2014-11-25 17:08 - 2014-11-12 22:50 - 00615624 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-11-25 17:07 - 2014-11-13 02:14 - 24557896 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-11-25 17:07 - 2014-11-13 02:14 - 17258696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-25 17:07 - 2014-11-13 02:14 - 11397744 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-25 17:07 - 2014-11-13 02:14 - 11336432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-25 17:07 - 2014-11-13 02:14 - 10911040 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-25 17:07 - 2014-11-13 02:14 - 04013376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-25 17:07 - 2014-11-13 02:14 - 01042064 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234475.dll
2014-11-25 17:07 - 2014-11-13 02:14 - 00923976 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2014-11-25 17:07 - 2014-11-13 02:14 - 00906440 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234475.dll
2014-11-25 17:07 - 2014-11-13 02:14 - 00899728 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2014-11-25 17:07 - 2014-11-13 02:14 - 00416912 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI.dll
2014-11-25 17:07 - 2014-11-13 02:14 - 00347336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-25 17:07 - 2014-11-13 02:14 - 00303600 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim32.dll
2014-11-25 17:07 - 2014-11-13 02:14 - 00156840 _____ (NVIDIA Corporation) C:\Windows\system32\nvinit.dll
2014-11-25 17:02 - 2014-11-25 17:02 - 00001316 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-11-25 17:01 - 2014-11-25 17:02 - 00000000 ____D () C:\Users\Asr\AppData\Local\NVIDIA
2014-11-25 17:01 - 2014-11-06 19:13 - 02197680 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2014-11-25 17:01 - 2014-11-06 19:13 - 01291280 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2014-11-20 22:55 - 2014-11-20 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-20 22:55 - 2014-11-20 22:55 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-20 22:55 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-20 22:55 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-20 22:55 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-20 22:55 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-20 22:54 - 2014-11-20 22:55 - 00004286 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log
2014-11-20 22:14 - 2014-11-20 22:14 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-11-20 22:13 - 2014-12-05 16:38 - 00000000 ___HD () C:\W7P_Backups
2014-11-18 20:42 - 2014-11-11 04:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:42 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-16 17:18 - 2014-11-16 17:18 - 00000982 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d001b088a9465d.job
2014-11-16 13:48 - 2014-11-16 13:48 - 00000000 __SHD () C:\Users\Asr\AppData\Local\EmieBrowserModeList
2014-11-14 16:41 - 2014-11-14 16:41 - 00000000 ____D () C:\ProgramData\KONAMI
2014-11-13 19:03 - 2014-11-07 21:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 19:03 - 2014-11-06 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 19:03 - 2014-11-06 05:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 19:03 - 2014-11-06 05:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 19:03 - 2014-11-06 05:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 19:03 - 2014-11-06 05:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 19:03 - 2014-11-06 05:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 19:03 - 2014-11-06 05:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 19:03 - 2014-11-06 05:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 19:03 - 2014-11-06 05:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 19:03 - 2014-11-06 05:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 19:03 - 2014-11-06 05:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 19:03 - 2014-11-06 04:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 19:03 - 2014-11-06 04:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 19:03 - 2014-11-06 04:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 19:03 - 2014-11-06 04:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 19:03 - 2014-11-06 04:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 19:03 - 2014-11-06 04:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 19:03 - 2014-11-06 04:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 19:03 - 2014-11-06 04:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 19:03 - 2014-11-06 04:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 19:03 - 2014-11-06 04:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 19:03 - 2014-11-06 04:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 19:03 - 2014-11-06 04:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 19:03 - 2014-11-06 04:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 19:03 - 2014-11-06 04:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 19:03 - 2014-11-06 04:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 19:03 - 2014-11-06 03:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 19:03 - 2014-11-06 03:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 19:03 - 2014-11-06 03:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 18:24 - 2014-09-19 11:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 18:24 - 2014-09-19 11:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 18:24 - 2014-09-19 11:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 18:24 - 2014-09-19 11:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 18:24 - 2014-09-19 11:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 18:24 - 2014-09-19 11:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 18:21 - 2014-10-18 03:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 18:21 - 2014-10-14 03:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 18:21 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 18:20 - 2014-10-03 03:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 18:20 - 2014-10-03 03:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 18:20 - 2014-10-03 03:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 18:20 - 2014-10-03 03:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 18:20 - 2014-10-03 03:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 18:20 - 2014-08-21 08:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 18:20 - 2014-08-21 08:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 18:19 - 2014-11-05 19:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 18:19 - 2014-11-05 19:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 18:19 - 2014-11-05 19:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 18:19 - 2014-10-10 02:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 18:18 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 18:18 - 2014-10-14 03:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 18:18 - 2014-10-14 03:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 18:18 - 2014-10-14 03:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 18:18 - 2014-10-14 03:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 18:18 - 2014-10-14 03:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 15:24 - 2014-11-12 15:24 - 00000000 ____D () C:\Users\Asr\AppData\Roaming\NVIDIA
2014-11-12 15:02 - 2014-11-12 15:02 - 00000000 ____D () C:\Program Files\NVIDIA GeForce Experience
2014-11-12 15:02 - 2014-10-03 21:23 - 00033096 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-11-12 15:02 - 2014-10-03 21:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap32v.dll
2014-11-10 20:36 - 2014-12-06 13:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-10 20:36 - 2014-11-12 23:43 - 04463432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-10 20:36 - 2014-11-12 23:43 - 03073680 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2014-11-10 20:36 - 2014-11-12 23:43 - 02554184 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-10 20:36 - 2014-11-12 23:43 - 00672064 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-10 20:36 - 2014-11-12 23:43 - 00376128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-10 20:36 - 2014-11-12 23:43 - 00061584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-10 20:36 - 2014-11-10 23:54 - 04100776 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-10 20:35 - 2014-11-13 02:14 - 00060744 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-11-10 20:34 - 2014-11-13 02:14 - 18514616 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2014-11-10 20:34 - 2014-11-13 02:14 - 16884632 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2014-11-10 20:34 - 2014-11-13 02:14 - 02874456 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2014-11-10 20:34 - 2014-11-13 02:14 - 00871648 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshim.dll
2014-11-10 20:34 - 2014-11-13 02:14 - 00022200 _____ () C:\Windows\system32\nvinfo.pb
2014-11-10 20:34 - 2014-11-06 23:00 - 00906048 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco3220103.dll
2014-11-10 20:34 - 2014-11-06 23:00 - 00162592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys
2014-11-10 20:34 - 2014-11-06 23:00 - 00028448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll
2014-11-10 20:34 - 2014-11-04 02:05 - 01043264 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234465.dll
2014-11-10 20:34 - 2014-11-04 02:05 - 00907592 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234465.dll
2014-11-08 20:42 - 2014-11-08 20:52 - 00000000 ____D () C:\BF3_PC_Server_R38
2014-11-08 18:45 - 2014-12-05 22:17 - 00348928 _____ () C:\Windows\system32\PnkBstrB.exe
2014-11-08 18:45 - 2014-12-05 22:17 - 00139944 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-11-08 18:45 - 2014-12-05 19:54 - 00348928 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-11-08 18:45 - 2014-11-17 21:31 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-11-08 18:44 - 2014-11-08 18:44 - 00000000 ____D () C:\ProgramData\EA Core
2014-11-07 20:54 - 2014-11-08 19:41 - 00000000 ____D () C:\Users\Asr\AppData\Local\Bigworld12

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-06 13:12 - 2013-10-29 16:47 - 02040994 _____ () C:\Windows\WindowsUpdate.log
2014-12-06 13:11 - 2013-11-08 14:00 - 00136710 _____ () C:\Users\Asr\Network_Meter_Data.js
2014-12-06 13:11 - 2013-11-08 13:37 - 00050711 _____ () C:\Users\Asr\IP_Log_Data.js
2014-12-06 13:11 - 2013-10-29 17:06 - 00000000 ____D () C:\Users\Asr\AppData\Roaming\Skype
2014-12-06 13:10 - 2013-10-29 18:01 - 00070489 _____ () C:\Windows\setupact.log
2014-12-06 13:10 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-06 00:53 - 2013-10-29 17:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-05 22:17 - 2013-11-13 15:45 - 00348928 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-12-05 18:26 - 2013-10-31 20:17 - 00000000 ____D () C:\Users\Oktay-PC
2014-12-05 18:22 - 2014-08-19 12:02 - 00000000 ____D () C:\Users\Asr\AppData\Local\Adobe
2014-12-05 17:55 - 2009-07-14 06:34 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-05 17:55 - 2009-07-14 06:34 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-05 16:46 - 2013-10-29 18:01 - 03851944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-05 16:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Cursors
2014-12-05 16:34 - 2013-10-29 18:01 - 00245878 _____ () C:\Windows\PFRO.log
2014-12-05 16:01 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-12-05 16:00 - 2013-12-01 00:26 - 00000000 ____D () C:\Users\Asr\AppData\Roaming\vlc
2014-12-05 14:47 - 2014-02-05 19:53 - 00000000 ____D () C:\Users\Asr\AppData\Local\CrashDumps
2014-12-05 14:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-05 14:11 - 2014-06-19 23:55 - 00000000 ____D () C:\Windows\pss
2014-12-04 20:13 - 2014-05-24 19:56 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-04 20:13 - 2013-11-02 18:25 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-04 20:12 - 2014-05-24 19:58 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-04 20:06 - 2013-10-29 17:05 - 00000000 ____D () C:\Users\Asr\AppData\Roaming\uTorrent
2014-12-03 14:09 - 2014-07-09 22:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-02 17:58 - 2009-07-14 04:04 - 00000832 _____ () C:\Windows\win.ini
2014-11-27 19:59 - 2010-11-20 23:01 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-27 15:11 - 2014-08-15 23:04 - 00000000 ____D () C:\BF3_PC_Server_R38_1149977
2014-11-26 19:53 - 2013-10-29 17:06 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-26 19:53 - 2013-10-29 17:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-26 14:47 - 2014-02-11 21:57 - 00000000 ____D () C:\ProgramData\Freemake
2014-11-26 14:47 - 2014-02-11 21:57 - 00000000 ____D () C:\Program Files\Freemake
2014-11-26 14:46 - 2013-12-08 18:57 - 00000000 ____D () C:\Users\Asr\AppData\Roaming\HLSW
2014-11-25 17:08 - 2013-10-29 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-25 17:08 - 2013-10-29 16:55 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-25 17:02 - 2014-06-16 16:59 - 00000000 ____D () C:\Users\Asr\AppData\Local\NVIDIA Corporation
2014-11-25 17:02 - 2013-10-29 16:58 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-25 16:43 - 2013-11-01 21:26 - 00007599 _____ () C:\Users\Asr\AppData\Local\Resmon.ResmonCfg
2014-11-20 23:51 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Resources
2014-11-20 22:55 - 2014-06-16 17:00 - 00000000 ____D () C:\Program Files\Java
2014-11-20 22:55 - 2014-06-09 20:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-19 19:43 - 2014-05-15 18:21 - 00000000 ____D () C:\Users\Asr\AppData\Roaming\FileZilla
2014-11-16 17:18 - 2014-10-26 22:08 - 00000982 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cff1589c1d7995.job
2014-11-14 15:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-14 15:07 - 2014-05-06 21:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 22:53 - 2013-10-29 17:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 22:51 - 2013-10-29 17:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 22:49 - 2013-10-29 17:33 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 20:57 - 2013-12-30 22:31 - 00000000 ____D () C:\ProgramData\firebird
2014-11-13 18:46 - 2014-05-15 18:21 - 00001957 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-11-13 18:46 - 2014-05-15 18:21 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-11-12 14:40 - 2013-10-29 16:54 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-12 14:40 - 2013-10-29 16:54 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-11-08 18:44 - 2014-02-14 14:06 - 00000000 ____D () C:\ProgramData\Electronic Arts

Files to move or delete:
====================
C:\Users\Asr\IP_Log_Data.js
C:\Users\Asr\Network_Meter_Data.js
C:\Users\Asr\uninst.exe


Some content of TEMP:
====================
C:\Users\Asr\AppData\Local\Temp\bitool.dll
C:\Users\Asr\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Asr\AppData\Local\Temp\nvStInst.exe
C:\Users\Asr\AppData\Local\Temp\SRLDetectionLibrary5018258283771789719.dll
C:\Users\Oktay-PC\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 15:31

==================== End Of Log ============================

Addition.txt

Линк към коментара
Сподели в други сайтове

Здравейте,

 

Първата грешка се дължи на BitcoinMiner и ще я оправим.

 

Докато прегледам логовете деинсталирайте следните програми от Control Panel-a:

 

GS_Sustainer 1.80

Supporter 1.80

WindowsMangerProtect20.0.0.502

YTD Video Downloader 4.7.2

 

 

Втората грешка по-скоро е дело на пробването на различни пакети за трансформиране на Windows.
 

 

UxStyle Core Beta
SkinPack

UltraUXThemePatcher 2.4

 

Там ще видим какво може да се направи...може би ще пуснем sfc на по-късен етап.

 

 

 

Изтеглете edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

Това е засега. :)

Линк към коментара
Сподели в други сайтове

Засега двете грешки при старт се махнаха.

 

Докато прегледам логовете деинсталирайте следните програми от Control Panel-a:

 

GS_Sustainer 1.80

Supporter 1.80

WindowsMangerProtect20.0.0.502

YTD Video Downloader 4.7.2

 

Само

WindowsMangerProtect20.0.0.502  и  YTD Video Downloader 4.7.2 ги деинсталирах другите два не стават ето:

7765780m.jpg

Натиснах Fix рестартирах и ето лога:
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-12-2014
Ran by Asr at 2014-12-06 15:37:47 Run:1
Running from C:\Users\Asr\Downloads
Loaded Profile: Asr (Available profiles: Asr)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\Mobogenie
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\Run: [northbridge] => C:\Intel\northbridge.exe [2337471 2013-12-20] ()
C:\Intel
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe ",EntryPoint -m l
AppInit_DLLs: c:\progra~1\gs_boo~1\assist~1.dll => c:\progra~1\gs_boo~1\assist~1.dll File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\smdmf\x64\sysapcrt.dll
c:\program files\settings manager
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKLM - (No Name) - {31264a33-a653-46c4-af49-1232c59a7da5} -  No File
URLSearchHook: HKU\S-1-5-21-4210664396-1758802160-2935120067-1000 - (No Name) - {31264a33-a653-46c4-af49-1232c59a7da5} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.websse...C1S651512615126
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-s...p={searchTerms}
SearchScopes: HKU\S-1-5-21-4210664396-1758802160-2935120067-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.websse...q={searchTerms}
BHO: No Name -> {31264a33-a653-46c4-af49-1232c59a7da5} ->  No File
BHO: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\Asr\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File
BHO: lookinglink -> {84dfb3ca-9212-4fba-bf3a-a66c4a02a48f} -> C:\Program Files\lookinglink\lookinglinkBHO.dll No File
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
Toolbar: HKLM - SiteFinder - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll No File
Toolbar: HKLM - No Name - {31264a33-a653-46c4-af49-1232c59a7da5} -  No File
CHR Extension: (GoSAvve) - C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgnkdlkndlpnkgdkhmmooieecgbhjipf [2014-09-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Users\Asr\AppData\Local\Temp\swlfiles\smileyswelovetoolbar.crx [Not Found]
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-08] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-08] (globalUpdate) [File not signed]
C:\Program Files\globalUpdate
S2 5ba659a8; "C:\Windows\system32\rundll32.exe" "c:\progra~1\gs_boo~1\AssistantSvc.dll",service
c:\progra~1\gs_boo~1
S2 Update lookinglink; "C:\Program Files\lookinglink\updatelookinglink.exe" [X]
C:\Program Files\lookinglink
S2 Util lookinglink; "C:\Program Files\lookinglink\bin\utillookinglink.exe" [X]
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X]
C:\ProgramData\WindowsMangerProtect
Task: C:\Windows\Tasks\ef9eb1df-f680-4256-a623-cf0a11590988-1.job => C:\Program Files\Apps Hat\Apps Hat-codedownloader.exe <==== ATTENTION
C:\Program Files\Apps Hat
Task: C:\Windows\Tasks\ef9eb1df-f680-4256-a623-cf0a11590988-11.job => C:\Program Files\Apps Hat\ef9eb1df-f680-4256-a623-cf0a11590988-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\ef9eb1df-f680-4256-a623-cf0a11590988-2.job => C:\Program Files\Apps Hat\ef9eb1df-f680-4256-a623-cf0a11590988-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\ef9eb1df-f680-4256-a623-cf0a11590988-4.job => C:\Program Files\Apps Hat\ef9eb1df-f680-4256-a623-cf0a11590988-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\ef9eb1df-f680-4256-a623-cf0a11590988-5.job => C:\Program Files\Apps Hat\ef9eb1df-f680-4256-a623-cf0a11590988-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\ef9eb1df-f680-4256-a623-cf0a11590988-5_user.job => C:\Program Files\Apps Hat\ef9eb1df-f680-4256-a623-cf0a11590988-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\ef9eb1df-f680-4256-a623-cf0a11590988-6.job => C:\Program Files\Apps Hat\ef9eb1df-f680-4256-a623-cf0a11590988-6.exeЯ/oajfUt='Apps Hat' /HoKGjS=48559 /zxWKZ='000820' /xMZWy='0' /cVeKJEGiu='appshatmadness' /Cowdx=481EA3C0B7DC440AB84AEB7D42024DFAIE /MsXwEpv=38a100e75779f638806cf63d275c7296 /cKSybHp=1_34_07_29 /zJuUSvjZ=1.34.7.29 /xUCGVWLUT=1407494653 /CQsucK=http://stats.infostatsserv.com/zvqeM=http://errors.infostatsserv.com /pPVuJTt=http://js.infostatsserv.com /PYMYitdyx=ff /QjnAG /anzsNYz=Apps Hat /KUbhI6e5c52f1-53e9-43b3-9161-b1f145944516.dll /hJhVUOy77f283b4-9b86-42c2-adae-1267a53edb3b.dll /pRPyKjef9eb1df-f680-4256-a623-cf0a11590988-64.exe <==== ATTENTION
Task: C:\Windows\Tasks\ef9eb1df-f680-4256-a623-cf0a11590988-7.job => C:\Program Files\Apps Hat\ef9eb1df-f680-4256-a623-cf0a11590988-7.exeш/BjAXFvM /oajfUt='Apps Hat' /HoKGjS=48559 /zxWKZ='000820' /xMZWy='0' /cVeKJEGiu='appshatmadness' /Cowdx=481EA3C0B7DC440AB84AEB7D42024DFAIE /MsXwEpv=38a100e75779f638806cf63d275c7296 /cKSybHp=1_34_07_29 /zJuUSvjZ=1.34.7.29 /xUCGVWLUT=1407494653 /CQsucK=http://stats.infostatsserv.com/zvqeM=http://errors.infostatsserv.com /pPVuJTt=http://js.infostatsserv.com /PYMYitdyx=ff /QjnAG /anzsNYz=Apps Hat /KUbhI6e5c52f1-53e9-43b3-9161-b1f145944516.dll /hJhVUOy77f283b4-9b86-42c2-adae-1267a53edb3b.dll /pRPyKjef9eb1df-f680-4256-a623-cf0a11590988-64.exe <==== ATTENTION
Task: C:\Windows\Tasks\f24b2dce-41e7-4f2f-9616-69f779c4b08d-4.job => C:\Program Files\Apps Hat\f24b2dce-41e7-4f2f-9616-69f779c4b08d-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\LaunchSignup.job => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files\MyPC Backup
Task: C:\Windows\Tasks\Math Problem Solver CPU.job => C:\Users\Asr\AppData\Local\Math Problem Solver\cpu\Solve.exe
C:\Users\Asr\AppData\Local\Math Problem Solver
Task: C:\Windows\Tasks\Registry Optimizer.job => C:\Program Files\WinZip Registry Optimizer\Winzipro.exe
C:\Program Files\WinZip Registry Optimizer
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3
emptytemp:
end
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully.
"C:\Program Files\Mobogenie" => File/Directory not found.
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\Microsoft\Windows\CurrentVersion\Run\\northbridge => value deleted successfully.
C:\Intel => Moved successfully.
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => value deleted successfully.
"c:\progra~1\gs_boo~1\assist~1.dll" => Value Data removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully.
"c:\program files\settings manager" => File/Directory not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{31264a33-a653-46c4-af49-1232c59a7da5} => value deleted successfully.
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{31264a33-a653-46c4-af49-1232c59a7da5} => value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}" => Key not found.
"HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31264a33-a653-46c4-af49-1232c59a7da5}" => Key deleted successfully.
"HKCR\CLSID\{31264a33-a653-46c4-af49-1232c59a7da5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}" => Key deleted successfully.
"HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84dfb3ca-9212-4fba-bf3a-a66c4a02a48f}" => Key deleted successfully.
"HKCR\CLSID\{84dfb3ca-9212-4fba-bf3a-a66c4a02a48f}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key deleted successfully.
"HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} => value deleted successfully.
"HKCR\CLSID\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{31264a33-a653-46c4-af49-1232c59a7da5} => value deleted successfully.
"HKCR\CLSID\{31264a33-a653-46c4-af49-1232c59a7da5}" => Key not found.
C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgnkdlkndlpnkgdkhmmooieecgbhjipf => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl" => Key deleted successfully.
globalUpdate => Service deleted successfully.
globalUpdatem => Service deleted successfully.
C:\Program Files\globalUpdate => Moved successfully.
5ba659a8 => Service deleted successfully.
"c:\progra~1\gs_boo~1" => File/Directory not found.
Update lookinglink => Service deleted successfully.
"C:\Program Files\lookinglink" => File/Directory not found.
Util lookinglink => Service deleted successfully.
WindowsMangerProtect => Service deleted successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
C:\Windows\Tasks\ef9eb1df-f680-4256-a623-cf0a11590988-1.job => Moved successfully.
"C:\Program Files\Apps Hat" => File/Directory not found.
C:\Windows\Tasks\ef9eb1df-f680-4256-a623-cf0a11590988-11.job => Moved successfully.
C:\Windows\Tasks\ef9eb1df-f680-4256-a623-cf0a11590988-2.job => Moved successfully.
C:\Windows\Tasks\ef9eb1df-f680-4256-a623-cf0a11590988-4.job => Moved successfully.
C:\Windows\Tasks\ef9eb1df-f680-4256-a623-cf0a11590988-5.job => Moved successfully.
C:\Windows\Tasks\ef9eb1df-f680-4256-a623-cf0a11590988-5_user.job => Moved successfully.
C:\Windows\Tasks\ef9eb1df-f680-4256-a623-cf0a11590988-6.job => Moved successfully.
C:\Windows\Tasks\ef9eb1df-f680-4256-a623-cf0a11590988-7.job => Moved successfully.
C:\Windows\Tasks\f24b2dce-41e7-4f2f-9616-69f779c4b08d-4.job => Moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\LaunchSignup.job => Moved successfully.
"C:\Program Files\MyPC Backup" => File/Directory not found.
C:\Windows\Tasks\Math Problem Solver CPU.job => Moved successfully.
"C:\Users\Asr\AppData\Local\Math Problem Solver" => File/Directory not found.
C:\Windows\Tasks\Registry Optimizer.job => Moved successfully.
"C:\Program Files\WinZip Registry Optimizer" => File/Directory not found.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
C:\ProgramData\TEMP => ":FB6A21E3" ADS removed successfully.
EmptyTemp: => Removed 3 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====
Линк към коментара
Сподели в други сайтове

Супер, нека сега да проверим за остатъци:

 

 

СТЪПКА 1

  • Изтеглете и стартирайтe 6sv1DN9.jpgAdwCleaner.exe.
  • Натиснете бутона Scan.
  • AdwCleaner ще започне да проверява компютъра.
  • След като проверката приключи натиснете бутона Clean.
  • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
  • Ще се появи автоматично лог файл с името (AdwCleaner[s0].txt) в C:\Adwcleaner
  • Публикувайте съдържанието му в следващия си коментар.


     
    СТЪПКА 2
     

     
    Моля изтеглете icon1351185104.png Junkware Removal Tool на вашия десктоп.
  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.


     
    СТЪПКА 3


     
    Моля изтеглете Malwarebytes Anti-Malware 2.0.3.1025 Final и я запазете на вашия десктоп.
  • Стартирайте файла mbam-setup-2.0.3.1025.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката.
  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.
  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.


     
    СТЪПКА 4
     

     
    1.Изтеглете Hitman Pro.
    За 32-битова система - dEMD6.gif.
    За 64-битова система - Download-button3.gif


    2.Стартирайте програмата.

    3.След като сте стартирали програмата като кликнете върху иконата 5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).

    4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

    5.Натиснете бутона „Напред“.

    6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

    7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

    8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

    9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.
     
    Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:
     
    6-scanfin-choose.jpg
     
    Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:Programdata\HitmanPro\Logs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.
Линк към коментара
Сподели в други сайтове

СТЪПКА 1

# AdwCleaner v4.104 - Report created 06/12/2014 at 19:41:44
# Updated 05/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Asr -
# Running from : C:\Users\Asr\Downloads\adwcleaner_4.104.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\CostMin
Folder Deleted : C:\ProgramData\Media Get LLC
Folder Deleted : C:\ProgramData\Tbccint
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\ProgramData\GoSAvve
Folder Deleted : C:\ProgramData\5a5876738bdb7066
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Asr\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Asr\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Asr\AppData\Local\genienext
Folder Deleted : C:\Users\Asr\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Asr\AppData\Local\MediaGet2
Folder Deleted : C:\Users\Asr\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Asr\AppData\Local\Orbitum
Folder Deleted : C:\Users\Asr\AppData\Local\Popajar
Folder Deleted : C:\Users\Asr\AppData\Local\Tbccint
Folder Deleted : C:\Users\Asr\AppData\Local\torch
Folder Deleted : C:\Users\Asr\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Asr\AppData\LocalLow\BS_Player_ControlBar_B
Folder Deleted : C:\Users\Asr\AppData\Roaming\defaulttab
Folder Deleted : C:\Users\Asr\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Asr\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Asr\AppData\Roaming\Settings Manager
Folder Deleted : C:\Users\Asr\AppData\Roaming\SimilarSites
Folder Deleted : C:\Users\Asr\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Asr\AppData\Roaming\WebExtend
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjednngjeepbnfmedokekkfdhgeajgnm
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjednngjeepbnfmedokekkfdhgeajgnm
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjednngjeepbnfmedokekkfdhgeajgnm
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgnkdlkndlpnkgdkhmmooieecgbhjipf
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgnkdlkndlpnkgdkhmmooieecgbhjipf
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgnkdlkndlpnkgdkhmmooieecgbhjipf
Folder Deleted : C:\Users\Asr\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjednngjeepbnfmedokekkfdhgeajgnm
Folder Deleted : C:\Users\Asr\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjednngjeepbnfmedokekkfdhgeajgnm
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjednngjeepbnfmedokekkfdhgeajgnm
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjednngjeepbnfmedokekkfdhgeajgnm
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgnkdlkndlpnkgdkhmmooieecgbhjipf
Folder Deleted : C:\Users\Asr\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgnkdlkndlpnkgdkhmmooieecgbhjipf
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgnkdlkndlpnkgdkhmmooieecgbhjipf
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mgnkdlkndlpnkgdkhmmooieecgbhjipf
File Deleted : C:\Users\Asr\daemonprocess.txt
File Deleted : C:\Users\Asr\AppData\Roaming\Mozilla\Firefox\Profiles\3hxv8rwv.default\searchplugins\default-search.xml
File Deleted : C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{5ba659a8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422852259}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522092256}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455855559}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555095556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466856659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566096656}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444854459}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544094456}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31264A33-A653-46C4-AF49-1232C59A7DA5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Media Get LLC
Key Deleted : HKCU\Software\Popajar
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\SmileysWeLove
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tbccint
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\onekit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
Key Deleted : HKCU\Software\AppDataLow\Software\BS_Player_ControlBar_B
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Goobzo
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SmdmF
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\GS_Booster
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F5F003B-C71B-72E3-42B4-DE51AB079EB2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v34.0 (x86 bg)


-\\ Google Chrome v39.0.2171.71

[C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.findwide.com/serp?guid={92757677-F8F9-4D48-AF89-D34717922983}&action=default_search&serpv=22&k={searchTerms}
[C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.findwide.com/serp?guid={92757677-F8F9-4D48-AF89-D34717922983}&action=default_search&serpv=22&k={searchTerms}
[C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1404929625&from=amt&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S651512615126&q={searchTerms}
[C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1404929625&from=amt&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S651512615126&q={searchTerms}
[C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.default-search.net/search?sid=498&aid=121&itype=n&ver=13114&tm=407&src=ds&p={searchTerms}

-\\ Comodo Dragon v

[C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.findwide.com/serp?guid={92757677-F8F9-4D48-AF89-D34717922983}&action=default_search&serpv=22&k={searchTerms}
[C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.findwide.com/serp?guid={92757677-F8F9-4D48-AF89-D34717922983}&action=default_search&serpv=22&k={searchTerms}
[C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1404929625&from=amt&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S651512615126&q={searchTerms}
[C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1404929625&from=amt&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S651512615126&q={searchTerms}
[C:\Users\Asr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.default-search.net/search?sid=498&aid=121&itype=n&ver=13114&tm=407&src=ds&p={searchTerms}

*************************

AdwCleaner[R0].txt - [17791 octets] - [06/12/2014 19:38:46]
AdwCleaner[s0].txt - [18977 octets] - [06/12/2014 19:41:44]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [19038 octets] ##########

 

СТЪПКА 2

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x64
Ran by Asr on ±єЎ 06.12.2014 Ј. at 19:45:10,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511091156}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}



~~~ Files

Successfully deleted: [File] "C:\Users\Asr\desktop\youtube accelerator.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Asr\appdata\local\tempdir"



~~~ FireFox

Emptied folder: C:\Users\Asr\AppData\Roaming\mozilla\firefox\profiles\3hxv8rwv.default\minidumps [200 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ±єЎ 06.12.2014 Ј. at 19:47:36,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

СТЪПКА 3

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6.12.2014 г.
Scan Time: 19:53:43 ч.
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.12.06.08
Rootkit Database: v2014.12.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Asr

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 387105
Time Elapsed: 5 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 13
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [e7904d110c70a88e414804c3df23b34d],
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-4210664396-1758802160-2935120067-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, Quarantined, [9ddaf9655c207eb86de4329722e047b9],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [3d3af7673943999d8dea339cef138f71],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-4210664396-1758802160-2935120067-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [3d3af7673943999d8dea339cef138f71],
PUP.Optional.Lookinglink.A, HKU\S-1-5-21-4210664396-1758802160-2935120067-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{84DFB3CA-9212-4FBA-BF3A-A66C4A02A48F}, Quarantined, [0d6a0d51235922141a41329b49b9b14f],
PUP.Optional.Lookinglink.A, HKU\S-1-5-21-4210664396-1758802160-2935120067-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{84DFB3CA-9212-4FBA-BF3A-A66C4A02A48F}, Quarantined, [0d6a0d51235922141a41329b49b9b14f],
PUP.Optional.AppsHat.A, HKLM\SOFTWARE\Apps Hat, Quarantined, [0f684e1035471422805b496c07fd2ad6],
PUP.Optional.Lookinglink.A, HKLM\SOFTWARE\lookinglink, Quarantined, [6413e37b314bbe78ac0a90248e768977],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DefaultTab, Quarantined, [1661b8a6c7b549ed011162e756adb34d],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [8ee9b8a6522a8aac6753afdb3ac926da],
PUP.Optional.Lookinglink.A, HKU\S-1-5-21-4210664396-1758802160-2935120067-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\lookinglink, Quarantined, [b2c5da84d1ab2a0c476ef4c09d6720e0],
PUP.Optional.AppsHat.A, HKU\S-1-5-21-4210664396-1758802160-2935120067-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Apps Hat, Quarantined, [82f59cc2235960d6b5c3e8976f94916f],
PUP.Optional.FastStart.A, HKU\S-1-5-21-4210664396-1758802160-2935120067-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [a9cedd81ec90b77ffe9798bded169a66],

Registry Values: 1
PUP.Optional.FastStart.A, HKU\S-1-5-21-4210664396-1758802160-2935120067-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, [email protected], Quarantined, [a9cedd81ec90b77ffe9798bded169a66]

Registry Data: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[d0a7401e403cf4425618f86b0005cf31]

Folders: 9
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],

Files: 64
PUP.Optional.DefaultSearch.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml, Quarantined, [7afd1c42512b70c6a2280e6ce0238e72],
PUP.Optional.WebsSearches.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\webssearches.xml, Quarantined, [3b3cf06e8defe650c8be14674db6857b],
Trojan.Agent, C:\ProgramData\steam.exe.tmp, Quarantined, [7cfb134b601c30064779aed33cc7f30d],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\18x18.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\background.html, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\blank.html, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\manifest.json, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\manifest_no_button.json, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\new_tab.html, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\search_box.html, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\injection.css, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\jquery-ui-1.8.16.custom.css, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_flat_0_aaaaaa_40x100.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_flat_75_ffffff_40x100.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_55_fbf9ee_1x400.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_65_ffffff_1x400.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_75_dadada_1x400.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_75_e6e6e6_1x400.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_95_fef1ec_1x400.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_highlight-soft_75_cccccc_1x100.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_222222_256x240.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_2e83ff_256x240.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_454545_256x240.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_888888_256x240.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_cd0a0a_256x240.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\help.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Bing.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Google.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Search here.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Yahoo.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_border_bg.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\bullet_arrow_down.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\bullet_arrow_down_old.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\icon.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search-inner-wrapper.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search-left.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_arrow_top_button.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_arrow_top_button_hovered.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_bg.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_left_before_corner.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_left_corner.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_right_before_corner.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_right_corner.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_left_border_bg.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_left_bottom_border_bg.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_middle_bg.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_right_border_bg.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_right_bottom_border_bg.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_bg.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_left_before_corner.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_left_corner.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_right_before_corner.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_right_corner.png, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\bg.js, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\ConfigManager.js, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\content.js, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\InjectionManager.js, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\jquery-1.7.1.min.js, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\jquery-ui-1.8.16.custom.min.js, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\jquery.guid.js, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\newTab.js, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\ScriptChecker.js, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\ScriptInjector.js, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\SearchBox.js, Quarantined, [92e5520c98e452e46ad3c456cf3435cb],

Physical Sectors: 0
(No malicious items detected)


(end)

 

СТЪПКА 4

 

http://battlezone.web44.net/HitmanPro_20141206_2010.log

http://battlezone.web44.net/HitmanPro_20141206_2011.log


Линк към коментара
Сподели в други сайтове

Почти сме готови:

 

Изтеглете edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

Пишете кои грешки останаха за премахване и можете ли вече да сменяте темата на Windows.

 

 

Поздрави!

Линк към коментара
Сподели в други сайтове

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-12-2014 02
Ran by Asr at 2014-12-06 23:52:57 Run:2
Running from C:\Users\Asr\Downloads
Loaded Profiles: Asr &  (Available profiles: Asr)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
DeleteKey: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}
DeleteKey: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
DeleteKey: HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\TNT2
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPDRIVER_1.37.0.486
Unlock: HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\Microsoft\Internet Explorer\Approved Extensions
Reg: Reg delete "HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\Microsoft\Internet Explorer\Approved Extensions" /v {54739D49-AC03-4C57-9264-C5195596B3A1} /f
DeleteKey: HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
emptytemp:
end   
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A} => Key Deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001} => Key Deleted successfully.
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\TNT2 => Failed to delete key at first attempt (Error: C0000121), see next line.
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\TNT2 => Key Deleted Successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298} => Key Deleted Successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} => Key Deleted Successfully.
HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} => Key Deleted Successfully.
HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} => Key Deleted Successfully.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622 => Failed to delete key at first attempt (Error: C0000121), see next line.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622 => Key Deleted Successfully.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPDRIVER_1.37.0.486 => Failed to delete key at first attempt (Error: C0000121), see next line.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPDRIVER_1.37.0.486 => Key Deleted Successfully.
"HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\Microsoft\Internet Explorer\Approved Extensions" => Key unlocked successfully.

========= Reg delete "HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\Microsoft\Internet Explorer\Approved Extensions" /v {54739D49-AC03-4C57-9264-C5195596B3A1} /f =========

ЋЇҐ° ¶ЁїІ  § ўє°ёЁ і±ЇҐё­®.



========= End of Reg: =========

HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 533.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

Все още не мога да променя темата ,същата грешка.... Иначе не виждам други грешки.

Линк към коментара
Сподели в други сайтове

Деинсталирайте всички програми за смяна на облика на WIndows.

 

След това:

 

Отворете Start Menu-то и в полето за търсене въведете CMD => кликнете с десен бутон върху CMD.exe и изберете Run as administrator.

 

След това с копи/пейст изпълнете една по една командите и след всяка натиснете Enter

 

sfc /scannow

findstr /c:"[sR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

 

Сега трябва да се появи sfcdetails.txt на десктопа. Прикачете файла, който ще се появи на десктопа - sfcdetails.txt в следващия си коментар и пишете дали има промяна.

 

Като цяло сте си инсталирали голяма беля...

 

Поздрави!

Линк към коментара
Сподели в други сайтове

Същата грешка ..


Деинсталирайте всички програми за смяна на облика на WIndows.

 

След това:

 

Отворете Start Menu-то и в полето за търсене въведете CMD => кликнете с десен бутон върху CMD.exe и изберете Run as administrator.

 

След това с копи/пейст изпълнете една по една командите и след всяка натиснете Enter

 

sfc /scannow

findstr /c:"[sR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

 

Сега трябва да се появи sfcdetails.txt на десктопа. Прикачете файла, който ще се появи на десктопа - sfcdetails.txt в следващия си коментар и пишете дали има промяна.

 

Като цяло сте си инсталирали голяма беля...

 

Поздрави!

Нямам програми за смяна на облика на WIndows.

Същата грешка .. Как да се отърва от тая беля ?

sfcdetails.txt

Линк към коментара
Сподели в други сайтове

Мисля, че имате:

 

HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\Run: [Newgen] => C:\SkinPack\Newgen\Newgen.exe

 

А това е въпросния бъгав пакет:

 

http://skinpacks.com/download/windows-7/win8-1-skinpack/

 

Изтеглете edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

Вижте дали след грубото премахване проблема остава.

 

За пълна деинсталация вижте тук:

 

http://skinpacks.com/help-faq/how-to-uninstall-skinpack/

Линк към коментара
Сподели в други сайтове

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-12-2014 02
Ran by Asr at 2014-12-07 01:34:11 Run:3
Running from C:\Users\Asr\Downloads
Loaded Profile: Asr (Available profiles: Asr)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\...\Run: [Newgen] => C:\SkinPack\Newgen\Newgen.exe
C:\SkinPack
end
*****************

HKU\S-1-5-21-4210664396-1758802160-2935120067-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Newgen => value deleted successfully.
"C:\SkinPack" => File/Directory not found.

==== End of Fixlog ====

 

 

Отдавна съм го деинсталирал.

 

Имам някакъв лог файл в C:Personalization_Panel_Undo.txt

 

[2014-12-05 15:49:09] =====================================================
[2014-12-05 15:49:09] Log started.
[2014-12-05 15:49:09] W7Patcher ver: 11.8.7.1 (x86)
[2014-12-05 15:49:09] © 2011, Andrew Bendus aka Mr.dUSHA, Poltava, Ukraine.
[2014-12-05 15:49:09]
[2014-12-05 15:49:09] Source restore tree:   C:\W7P_Backups\Personalization_Panel
[2014-12-05 15:49:09] Destination folder:    [LIVE SYSTEM] C:\
[2014-12-05 15:49:09]
[2014-12-05 15:49:09] Restore started...
[2014-12-05 15:49:09] >> {GA} [ OK ] C:\Windows\System32
[2014-12-05 15:49:11]     {Processing} C:\Windows\System32\slc.dll [ACC]  [ OK ]
[2014-12-05 15:49:11]     {Processing} C:\Windows\System32\themeservice.dll [ACC]  [ OK ]
[2014-12-05 15:49:11]     {Processing} C:\Windows\System32\themeui.dll [ACC]  [ OK ]
[2014-12-05 15:49:11]     {Processing} C:\Windows\System32\uDWM.dll [ACC]  [ OK ]
[2014-12-05 15:49:11]     {Processing} C:\Windows\System32\uxtheme.dll [ACC]  [ OK ]
[2014-12-05 15:49:11] << {RA} [ OK ] C:\Windows\System32
[2014-12-05 15:49:11] Restore completed.
[2014-12-05 15:49:11]
[2014-12-05 15:49:11] Log finished.
[2014-12-05 15:49:11] =====================================================
[2014-12-05 16:01:37] =====================================================
[2014-12-05 16:01:37] Log started.
[2014-12-05 16:01:37] W7Patcher ver: 11.8.7.1 (x86)
[2014-12-05 16:01:37] © 2011, Andrew Bendus aka Mr.dUSHA, Poltava, Ukraine.
[2014-12-05 16:01:37]
[2014-12-05 16:01:37] Source restore tree:   C:\W7P_Backups\Personalization_Panel
[2014-12-05 16:01:37] Destination folder:    [LIVE SYSTEM] C:\
[2014-12-05 16:01:37]
[2014-12-05 16:01:37] Restore started...
[2014-12-05 16:01:37] >> {GA} [ OK ] C:\Windows\System32
[2014-12-05 16:01:39]     {Processing} C:\Windows\System32\sl2.dll [ACC]  [ OK ]
[2014-12-05 16:01:39]     {Processing} C:\Windows\System32\slc.dll [ACC]  [ OK ]
[2014-12-05 16:01:39]     {Processing} C:\Windows\System32\themeservice.dll [ACC]  [ OK ]
[2014-12-05 16:01:39]     {Processing} C:\Windows\System32\themeui.dll [ACC]  [ OK ]
[2014-12-05 16:01:39]     {Processing} C:\Windows\System32\uDWM.dll [ACC]  [ OK ]
[2014-12-05 16:01:39]     {Processing} C:\Windows\System32\uxtheme.dll [ACC]  [ OK ]
[2014-12-05 16:01:39] >> {GA} [ OK ] C:\Windows\System32\ru-RU
[2014-12-05 16:01:39]     {Processing} C:\Windows\System32\ru-RU\uDWM.dll.mui [ACC]  [ OK ]
[2014-12-05 16:01:39] << {RA} [ OK ] C:\Windows\System32\ru-RU
[2014-12-05 16:01:39] << {RA} [ OK ] C:\Windows\System32
[2014-12-05 16:01:39] Restore completed.
[2014-12-05 16:01:39]
[2014-12-05 16:01:39] Log finished.
[2014-12-05 16:01:39] =====================================================
 

Линк към коментара
Сподели в други сайтове

Може да се наложи Repair Install..Тук след подобно пачване на системни файлове се е стигнало до същото:

 

http://www.sevenforums.com/customization/254836-unable-right-click-personalize-gives-unexpected-error-help.html

 

Все пак да пробваме няколко неща преди това (за другия път ще знаете да не инсталирате такива боклуци).

 

  • Отворете следния сайт и изтеглете RKill.exe и ги запазете на вашия десктоп.
  • Стартирате програмата с двоен клик върху файла и изчакайте търпеливо.
  • След приключване на проверката ще се генерира лог файл с извършените процедури.
  • Прикачете лог файла в следващия си пост.
Линк към коментара
Сподели в други сайтове

За Repair Install ще дам инфо по-късно ако се стигне дотам.

 

Изтеглете Process Explorer.

Разархивирайте инструмента и стартирайте файла procexp.exe

От менюто View сложете отметки пред Show Lower Pane, а на Lower Pane View => сложете отметка пред Handles.

От менюто View отидете до "Select Columns" и сложете отметки пред следните елементи:

Description, Company Name, Image Path, Command Line, Autostart Location и натиснете OK.

Намерете и кликнете върху explorer.exe

Отидете до секцията Threads. Разпънете графата така че да се виждат по-възможност всички обекти/нишки.Направете снимка на прозореца.

Докато сте в менюто Threads, кликнете с двукратек клик на мишката върху даден обект и направете снимка на Stack прозореца.

Сега докато сте на процеса, който товари най-много отидете в Process Explorer на File => Save as.

Запазете документа на десктопа с някакво име.

За финал...от Process Explorer => View => отидете до Lower Pane View => и преместете отметката от Handles на DLLs.

Кликнете върху процеса explorer.exe (отново) и отидете в Process Explorer на File => Save as и запазете и този документ с някакво име.

Също така докато сте в Process Explorer => кликнете с десен бутон на мишката върху explorer.exe и изберете Create dump => Create Full Dump... Запазете файла на десктопа.

След това прикачете всички документи в следващия си коментар или ако са прекалено големи ги качете тук .Направените снимки (screenshots) ги качете тук (например или друг удобен за вас хостинг)

Публикувайте линкове към файловете и снимките за да ги разгледамe в следващия си пост.

Линк към коментара
Сподели в други сайтове

Хмм...Отворете Start => въведете CMD.exe и кликнете с десен бутон върху файла и изберете Run as administrator.

 

Въведете командата: dir /a /s C:\w7p_backup >>C:\list.txt и натиснете Enter.

 

Прикачете C:\list.txt файла в следващия си коментар.

Линк към коментара
Сподели в други сайтове

Лошо и неправилно. В нея може би щеше да бъде отговора на проблема с explorer.exe

 

Копирайте следната информация с copy/paste в Notepad:
 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsWindows Error ReportingLocalDumpsExplorer.exe]
"DumpType"=dword:00000002
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsWindows Error ReportingLocalDumpsExplorer.exe]
"DumpFolder"=hex(2):43,00,3a,00,5c,00,43,00,72,00,61,00,73,00,68,00,44,00,75,
00,6d,00,70,00,73,00,00,00

 

Запазете файла с име crash.reg

Стартирайте файла и изберете YES на въпроса от диалоговия прозорец.

Предизвикайте отново грешката и след това отворете папката C:'CrashDumps и вижте дали има създаден нов dmp файл. Ако има, качете го на dox.bg и публикувайте линк към него в следващия си коментар.

 

Също така отворете Start Menu > въведете Event Viewer => натиснете Enter => Отидете до to System и с десен бутон изберете Save all events as => запазете файла на десктопа с име по избор. На диалоговия прозорец "No display information" изберете ОК.

Качете и този файл на dox.bg и публикувайте лог файла в следващия си коментар.

Линк към коментара
Сподели в други сайтове

Да, заради простата форумна система, която пак ми е обезобразила поста.

 

Повторете горните стъпки, но с този рег файл:

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\Explorer.exe]
"DumpType"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\Explorer.exe]
"DumpFolder"=hex(2):43,00,3a,00,5c,00,43,00,72,00,61,00,73,00,68,00,44,00,75,
00,6d,00,70,00,73,00,00,00

 

Сега вече трябва да се появи dmp файл в папката C:\CrashDumps

 

 

Поздрави!

Линк към коментара
Сподели в други сайтове

Няма нужда да я създавате вие...след като стартирате последния reg файл (този поправения от предишния ми коментар...копирате го в notepad, запазвате го като fix.reg, стартирате го и избирате YES), след това вече се опитайте да предизвикате грешката с explorer.exe и вижте дали се появява такъв файл в C:\CrashDumps

Линк към коментара
Сподели в други сайтове

Възможностите почнаха да се изчерпват едно по едно.

 

1. Деинсталирайте временно FileZilla Client 3.9.0.6.

 

2. В Command Prompt въведете следната команда и натиснете Enter

 

sc delete NEWDRIVER

 

Рестартирайте системата и вижте дали проблема остава.

Линк към коментара
Сподели в други сайтове

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от stef000
      Здравейте. Тези съобщения (от снимките) се отварят (всеки път) при пускането на services.msc. Системата е инсталирана преди няколко месеца и е използвана предимно за интернет. Не ми е създавала проблеми. Също така сканирах с няколко програми включително Malwarebyates и KVRT и всичко излиза чисто!
       


      Addition.txt FRST.txt
    • от [email protected]
      Днес си пускам компютъра и ми прави впечатление, че зарежда бавно някой страници а други като например калдата изобщо не зарежда, реших че може да е вирус и се опитах да пусна он лайн скенера на ESET, обаче казва, че не може да зареди базата със сигнатурите. Опитах да дръпна някаква антивирусна от нета и навсякъде нямам достъп. Гледам, че и Уиндоус ъпдейтите са недосръпни. Другото което прави впечатление, че Дефендъра е недостъпен, като кликна на Уиндоус сикюрите прозореца е празен. Като го пуснах някакси гледам че сканира офлайн. Какво мога да направя като не мога да сваля антивирусна ? И нещо друго ако Тубата работи нормално и влизам в др. форуми например, няма как да е от нета?
    • от サムライオートバイ
      Последните няколко дни се интересувах малко от chia и как мога да копам/фармя тази нова валута и посещавах редица сайтове свързани с темата и pool фарминга. На няколко пъти ми пропещяваше антивирусната, но не й обръщах внимание. Предполагам че от там съм лепнал някоя зараза. Ако има значение интернета на PC-то идва от стар андроид телефон с операционна система андроид 8 и хотспот. 

      Addition.txt
      Дава ми: За съжаление при качването на този файл възникна неизвестна грешка в сървъра.
      (Error code: -200)    когато се пробвам да кача Frst.txt FRST.txt
    • от The_Nomad
      Здравейте,
      имах неблагоразумието да кликна на един от модерните линкове, дето разпращат във фейса, като мислех че Касперски ще го спре, но съм забравил че е изключен за малко 😁 Отвори се празна страница и седеше бяла. После включих Касперски и кликнах пак, като този път страницата беше блокирана. Съмнява ме, да не са източили пароли от Операта или нещо друго. В стартъпа нямам нови процеси. Прикачам логовете и снимка от Касперски, ще съм благодарен за помощ. (САМО ДА СПОМЕНА ЧЕ ЪПДЕЙТИТЕ НА УИН СА ИЗКЛЮЧЕНИ НАРОЧНО ОТ МЕН)
      FRST.txtAddition.txt

  • Дарение

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване