Премини към съдържанието

Препоръчан отговор


Така значи имам проблем с компютъра от няколко дни стана ми много бавен особено в интернет като отворя 4 5 прозореца в гугъл хром и видеото почва да насича и т.н мисля че проблема е свързан с вируси във компютъра но антивирусната не ги намира бих бил благодарен ако ми помогнете защото все едно съм със стария си компютър..

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Следвай стъпките от тази тема; 

Системата ми е инфектирана - Какво да правя сега?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

FRST съдържанието не мога цялото защото било прекалено дълго

 

 

Здравейте..! Ами прикачете чрез форумната система..както сте направили с другия файл..

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

а да 

FRST.txt


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

 

Avast Internet Security

Webroot AntiVirus with Spy Sweeper

 

ВНИМАНИЕ !

 

На вашия компютър се виждат две антивирусни приложения.Това не се препоръчва защото,те могат да влязат в конфликт помежду си.

Това може да накара  компютъра да работи бавно, операционната система става нестабилна и често крашва.Когато антивирусните програми сканират компютъра ви едновременно използват огромно количество ресурси на компютъра ... и той става бавен.

 

Преди да продължим е необходимо да деинсталирате едната антивирусна програма..!Когато сте готов пишете за да продължим..!

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Това вие си решавате...Аз бих махнал и двете...и след като поочистим системата ..да си сложите една читава безплатна антивирусна програма...Но това най- накрая....!


Готов съм weebroot изтрих

 

Сериозно ли..Някак много бързо ми се струва стана...!

 

 

FRST.gif Сканиране с Farbar Recovery Scan Tool

Повторете сканирането с Farbar Recovery Scan Tool

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

icon13.gif Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt
 
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

 

xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • FixLog.txt
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Има ли промяна след процедурите  до тук..?

 

 

GUZVCQN.jpg  Моля, изтеглете Malwarebytes Anti -Malware и го запомнете на вашия работен плот .
  Кликнете два пъти върху mbam-setup-consumer-2.0.0.1хххх.exe и следвайте инструкциите, за да инсталирате програмата .

  • В секцията Settings = > Detection and Protection => Detection Options, се поставя отметка в квадратчето 'Scan for rootkits'.

MBAMsettings.JPG

  • В главния прозорец на програмата , щракнете върху 'Update Now'
  • След актуализацията завърши, кликнете на бутона " 'Scan Now  " .
  • Ако има налична актуализация , щракнете върху бутона Update Now button .
  • Ще стартира Threat Scan.
  • Когато сканирането приключи, ако има някакви открити зарази , щракнете върху Apply Actions за да се позволи на Mbam да почисти засеченото. .

MBAMReboot.JPG

  •   След рестарта ,стартирайте Mbam още веднъж.
  •   Кликнете на History tab > Application Logs .
  •   Кликнете два пъти върху реда , който показва датата и часа на сканирането или View Detailed Log .
  •   Кликнете върху " Copy да Clipboard "

MBAMLog.JPG

  •   Поставете  съдържанието на клипборда в следващия си  отговор.

 

 

 

Hitman-Pro-Logo.png Сканиране с HitmanPro

 

1.Изтеглете Hitman Pro.
 

  • За 32-битова система - dEMD6.gif.
  • За 64-битова система - Download-button3.gif
    2.Стартирайте програмата.

3.След като сте стартирали програмата като кликнете върху иконата 5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).
4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.
 
Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:
 
6-scanfin-choose.jpg
 
Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:ProgramdataHitmanPro/Logs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

1ва част я направих 


малко  обърках и цъкнах напред и май някой ги изтри и след това се рестартира компютъра 
 
 
 
 
 
 
 
 
 
 
 
 
 
HitmanPro 3.7.9.232
www.hitmanpro.com
 
   Computer name . . . . : SVILEN-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Svilen-PC\Svilen
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)
 
   Scan date . . . . . . : 2014-12-20 12:59:20
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 52s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes
 
   Threats . . . . . . . : 4
   Traces  . . . . . . . : 16
 
   Objects scanned . . . : 1 135 999
   Files scanned . . . . : 13 550
   Remnants scanned  . . : 238 077 files / 884 372 keys
 
Malware _____________________________________________________________________
 
   C:\Users\Svilen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PG8NBM0C\SettingsManagerSetup[1].exe -> Quarantined
      Size . . . . . . . : 8 658 800 bytes
      Age  . . . . . . . : -0.0 days (2014-12-20 13:00:17)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : A7F66235024DE7F192A8F2DD07C61E4666C96BB84CD226DCA46C6B8E283E5B09
      Product  . . . . . : SettingsManager
      Publisher  . . . . : Aztec Media Inc
      Description  . . . : Settings Manager Install
      Version  . . . . . : 5.0.0.13986
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:WebToolbar.Win64.SearchSuite.e
      Fuzzy  . . . . . . : 100.0
      Forensic Cluster
         -44.2s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00017f
         -44.0s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000180
         -43.9s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000181
         -43.8s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000182
         -43.7s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000183
         -43.2s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000184
         -43.0s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000185
         -42.9s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000186
         -42.5s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000187
         -41.7s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000188
         -41.6s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000189
         -41.2s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00018a
         -41.0s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00018b
         -40.8s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00018c
         -40.5s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00018d
         -40.5s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00018e
         -40.2s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00018f
         -39.4s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000190
         -39.0s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000191
         -37.6s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000192
         -37.5s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000193
         -37.1s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000194
         -36.7s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000195
         -34.5s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000196
         -33.3s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000197
         -31.4s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000198
         -29.2s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
         -29.1s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
         -29.1s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
         -29.1s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist
         -29.1s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Safe Browsing Extension Blacklist
         -29.1s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Safe Browsing IP Blacklist
         -28.4s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000199
         -26.0s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00019a
         -21.4s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00019b
         -20.6s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00019c
         -14.4s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00019d
         -13.6s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00019e
         -12.2s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00019f
         -6.2s C:\Users\Svilen\AppData\Local\Temp\AvgRep.xml
         -5.6s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001a0
         -4.0s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001a1
         -3.0s C:\Users\Svilen\AppData\Roaming\RHEng\9450457C7A2D4647AF9587AE767BC7D8\LinkeyStubRevert_p2v0.exe
         -0.7s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001a2
          0.0s C:\Users\Svilen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PG8NBM0C\SettingsManagerSetup[1].exe
          0.8s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001a3
          1.0s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001a4
          1.2s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001a5
          1.3s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001a6
          1.8s C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001a7
 
   C:\Users\Svilen\Downloads\marco-polo-s01e05-english-subtitle (1).exe -> Deleted
      Size . . . . . . . : 1 240 576 bytes
      Age  . . . . . . . : 3.8 days (2014-12-16 18:36:10)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 3DC3D552C0B839DA5C251E9D7704723D394DC1182ADA1D012132E4D74378B5E5
    > Bitdefender  . . . : Gen:Variant.Adware.Mplug.21
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.MultiPlug.oaqh
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -9.0s C:\Users\Svilen\Downloads\marco-polo-s01e05-english-subtitle.exe
          0.0s C:\Users\Svilen\Downloads\marco-polo-s01e05-english-subtitle (1).exe
 
   C:\Users\Svilen\Downloads\marco-polo-s01e05-english-subtitle.exe -> Deleted
      Size . . . . . . . : 1 240 576 bytes
      Age  . . . . . . . : 3.8 days (2014-12-16 18:36:01)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 7F6B771E272FA85351A11BCFE7E2068F3CF9BFB51259B3BBA03C48F15734559B
    > Bitdefender  . . . : Gen:Variant.Adware.Mplug.21
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.MultiPlug.oaqh
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
          0.0s C:\Users\Svilen\Downloads\marco-polo-s01e05-english-subtitle.exe
          9.0s C:\Users\Svilen\Downloads\marco-polo-s01e05-english-subtitle (1).exe
 
   C:\Windows\Installer\MSI21C9.tmp -> PendingDelete
      Size . . . . . . . : 8 658 800 bytes
      Age  . . . . . . . : -0.0 days (2014-12-20 13:00:17)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : A7F66235024DE7F192A8F2DD07C61E4666C96BB84CD226DCA46C6B8E283E5B09
      Product  . . . . . : SettingsManager
      Publisher  . . . . : Aztec Media Inc
      Description  . . . : Settings Manager Install
      Version  . . . . . : 5.0.0.13986
      LanguageID . . . . : 0
    > Kaspersky  . . . . : not-a-virus:WebToolbar.Win64.SearchSuite.e
      Fuzzy  . . . . . . : 113.0
 
 
Suspicious files ____________________________________________________________
 
   C:\Users\Svilen\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
      Size . . . . . . . : 953 886 bytes
      Age  . . . . . . . : 39.9 days (2014-11-10 16:33:23)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\Svilen\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
      Size . . . . . . . : 138 032 bytes
      Age  . . . . . . . : 39.9 days (2014-11-10 16:33:37)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
 
   C:\Users\Svilen\Downloads\FRST64.exe
      Size . . . . . . . : 2 121 216 bytes
      Age  . . . . . . . : 0.7 days (2014-12-19 19:15:17)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 58F871144764E55A788C1B9092D2E517A271ABA9A09F53CB26BB110E90556696
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Windows\mod_frst.exe
      Size . . . . . . . : 430 080 bytes
      Age  . . . . . . . : 0.7 days (2014-12-19 20:07:07)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 1A4F003A36F73127419BE7611A2C5664524EF0D5668AB2993D5D483DCF3491F2
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 26.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.kaldata.com
   C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cookies:diff3.smartadserver.com
   C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
 
 
 

teks.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

ИмаШЕ промяна сякаш но след последните две процедури не знам защо но вече и филмите насичат понякога...

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

ИмаШЕ промяна сякаш но след последните две процедури не знам защо но вече и филмите насичат понякога...

 

 

Я пак...Искам да ми обясните малко по подробно..!

 

 

 

icon1348768721.jpg  Изтеглете Security Check (автор: screen317) от тук

  • Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
  • Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.
  • Копирайте съдържанието на checkup.txt с Копирай (Copy) и с Постави (Paste) го поставете в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Еми имаше промяна до преди да направя последните 2 процедури сякаш но сега и филмите насичат от време на време на хитман про цъкнах напред а не както е показано с игнора защото не го видях проблем ли е това?

ако имате време и желание може с team view да пробваме да го оправим

 
 
 
 
 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25  
 Java version 32-bit out of Date!
 Mozilla Firefox (34.0.5) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast avastui.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 8% 
````````````````````End of Log``````````````````````
Редактирано от kabota (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

51a5bf3d99e8a-ComboFixlogo16.png Сканиране с ComboFix

 

i_arrow-r.gif Изтеглете ComboFix combofix.gif от тук и го запазете на десктопа си.
How to use ComboFix
icon_exclaim.gif Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.
Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to disable your security applications by amateur
icon_arrow.gif Стартирайте Combo-Fix.com combofix.gif и следвайте инструкциите.
Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:ComboFix.txt в следващия Ви коментар в тази тема.
i_exclaim.gif Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

 

 

xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg  Дневници

 

В следващия си отговор, моля да включите следните дневници:

 

  • ComboFix.txt
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
ComboFix 14-12-14.01 - Svilen 12.2014 г.  20:54:18.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1026.18.3967.1684 [GMT 2:00]
Running from: c:\users\Svilen\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\YOuutubEEAAdBloockE
c:\program files (x86)\YOuutubEEAAdBloockE\G5wx8qZTTRVmUs.dat
c:\program files (x86)\YOuutubEEAAdBloockE\G5wx8qZTTRVmUs.exe
c:\program files (x86)\YOuutubEEAAdBloockE\G5wx8qZTTRVmUs.tlb
c:\programdata\Tbccint
c:\programdata\Tbccint\Multi\CT3329621\configutaion.json
c:\programdata\Tbccint\Multi\CT3329621\SetupIcon.ico
c:\programdata\Tbccint\Multi\CT3329621\UninstallerUI.exe
c:\users\Svilen\AppData\Local\Tbccint
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-21 to 2014-12-21  )))))))))))))))))))))))))))))))
.
.
2014-12-21 18:59 . 2014-12-21 18:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-20 11:08 . 2014-12-20 11:08 43664 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-12-20 11:03 . 2014-12-20 11:03 -------- d-----w- c:\users\Svilen\AppData\Local\Opera Software
2014-12-20 11:03 . 2014-12-20 11:03 -------- d-----w- c:\users\Svilen\AppData\Roaming\Opera Software
2014-12-20 11:01 . 2014-12-20 18:14 -------- d-----w- c:\program files (x86)\Opera
2014-12-20 10:57 . 2014-12-20 11:07 -------- d-----w- c:\programdata\HitmanPro
2014-12-20 10:56 . 2014-12-20 10:56 -------- d-----w- c:\users\Svilen\AppData\Roaming\RHEng
2014-12-20 10:55 . 2014-12-20 10:56 -------- d-----w- c:\users\Svilen\AppData\Roaming\rmi
2014-12-19 17:15 . 2014-12-20 10:24 -------- d-----w- C:\FRST
2014-12-19 10:41 . 2014-12-19 10:41 -------- d-----w- c:\program files (x86)\MSSOAP
2014-12-19 10:36 . 2014-12-19 10:36 -------- d-----w- c:\users\Svilen\AppData\Local\ElevatedDiagnostics
2014-12-19 10:33 . 2014-12-19 10:33 -------- d-----w- c:\users\Svilen\AppData\Local\Diagnostics
2014-12-19 10:16 . 2014-12-19 10:16 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-19 10:16 . 2014-12-19 10:16 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-19 10:16 . 2014-12-19 10:16 -------- d-----w- c:\windows\SysWow64\Macromed
2014-12-18 20:04 . 2014-12-18 20:06 -------- d-----w- c:\windows\system32\catroot2
2014-12-18 19:51 . 2014-12-18 19:51 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-12-18 19:47 . 2014-12-18 19:47 -------- d-----w- C:\RegBackup
2014-12-18 19:47 . 2014-12-20 10:35 -------- d-----w- c:\users\Svilen\AppData\Roaming\Malwarebytes
2014-12-18 15:49 . 2014-12-18 15:49 -------- d-----w- c:\users\Svilen\AppData\Local\Mozilla
2014-12-18 15:49 . 2014-12-18 15:49 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-12-18 11:28 . 2014-12-20 10:35 -------- d-----w- c:\programdata\Malwarebytes
2014-12-18 11:12 . 2014-11-22 10:46 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-12-18 11:12 . 2014-11-22 10:46 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-12-17 21:50 . 2014-12-17 21:50 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{43DE0B7D-960B-41D3-B2A6-6013ADF3C841}\offreg.dll
2014-12-17 20:30 . 2014-12-17 20:30 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-12-17 20:30 . 2014-11-10 10:14 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-17 20:30 . 2014-12-17 20:30 449936 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-12-16 16:38 . 2014-12-16 16:38 -------- d-----w- c:\program files (x86)\BuyyNsave
2014-12-16 16:37 . 2014-12-16 16:37 -------- d-----w- c:\programdata\jdldmkneheccicfmjbbbfhpgafjgfppc
2014-12-16 16:33 . 2014-12-21 15:40 -------- d-----w- c:\users\Svilen\AppData\Roaming\vlc
2014-12-16 16:32 . 2014-12-16 16:32 -------- d-----w- c:\program files (x86)\VideoLAN
2014-12-16 16:17 . 2014-12-20 13:48 -------- d-----w- C:\Downloads
2014-12-16 16:16 . 2014-12-21 18:55 -------- d-----w- c:\users\Svilen\AppData\Roaming\BitComet
2014-12-16 16:16 . 2014-12-16 16:16 -------- d-----w- c:\program files (x86)\BitComet
2014-12-08 20:23 . 2014-12-08 20:23 -------- d-----w- c:\users\Svilen\AppData\Roaming\Milestone
2014-12-08 19:36 . 2014-02-10 17:04 430080 ----a-w- c:\windows\mod_frst.exe
2014-12-07 19:15 . 2014-12-07 20:08 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2014-12-07 11:56 . 2014-10-14 09:14 188936 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2014-12-07 11:56 . 2014-10-14 09:14 18440 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2014-12-07 11:56 . 2014-10-14 09:13 60936 ----a-w- c:\windows\system32\drivers\eubakup.sys
2014-12-07 11:56 . 2014-10-14 09:14 48136 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2014-12-07 11:54 . 2014-10-14 08:44 24072 ----a-w- c:\windows\system32\fbnative.exe
2014-12-07 11:53 . 2014-12-07 11:54 -------- d-----w- c:\program files (x86)\EaseUS
2014-12-07 11:53 . 2014-12-07 11:53 -------- d-----w- c:\users\Svilen\AppData\Roaming\TuneUp Software
2014-12-07 11:53 . 2014-12-07 11:53 -------- d-----w- c:\users\Svilen\AppData\Local\TuneUp Software
2014-12-07 11:50 . 2014-12-18 11:36 -------- d-----w- c:\users\Svilen\AppData\Roaming\IHlpr
2014-12-05 07:49 . 2014-12-05 07:50 -------- d-----w- c:\program files\CCleaner
2014-12-05 07:29 . 2014-12-05 07:29 -------- d-sh--w- c:\users\Svilen\AppData\Local\EmieUserList
2014-12-05 07:29 . 2014-12-05 07:29 -------- d-sh--w- c:\users\Svilen\AppData\Local\EmieSiteList
2014-12-05 07:29 . 2014-12-05 07:29 -------- d-sh--w- c:\users\Svilen\AppData\Local\EmieBrowserModeList
2014-12-05 07:19 . 2014-12-05 07:19 -------- d-----w- c:\windows\SysWow64\Wat
2014-12-05 07:19 . 2014-12-05 07:19 -------- d-----w- c:\windows\system32\Wat
2014-12-05 02:44 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-12-05 02:44 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-12-05 02:44 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-12-05 02:44 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-12-05 02:44 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-12-05 02:30 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-12-05 02:18 . 2014-12-05 02:18 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-05 00:43 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-12-05 00:26 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2014-12-05 00:11 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-12-05 00:11 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-12-05 00:11 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-12-05 00:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-12-05 00:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-12-05 00:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-12-05 00:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-12-05 00:07 . 2014-12-05 00:07 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-12-05 00:04 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-12-05 00:04 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2014-12-05 00:04 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2014-12-05 00:02 . 2014-12-05 00:02 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2014-12-04 23:56 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-12-04 23:56 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-12-04 23:56 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-12-04 23:56 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-12-04 23:56 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-12-04 23:56 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-12-04 23:56 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-12-04 23:56 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-12-04 20:58 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2014-12-04 20:58 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2014-12-04 20:45 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2014-12-04 20:42 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2014-12-04 20:41 . 2014-06-18 02:19 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-12-04 20:40 . 2013-06-25 22:55 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-12-04 20:39 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2014-12-04 20:39 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2014-12-04 20:39 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-12-04 20:39 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-12-04 20:39 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-12-04 20:39 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-12-04 20:39 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-12-04 20:39 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2014-12-04 20:39 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-12-04 20:39 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-12-04 20:39 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2014-12-04 20:22 . 2013-08-29 02:13 878080 ----a-w- c:\windows\system32\advapi32.dll
2014-12-04 20:21 . 2014-10-03 02:12 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-12-04 20:20 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-12-04 20:19 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2014-12-04 20:18 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2014-12-04 19:52 . 2014-11-17 00:08 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{43DE0B7D-960B-41D3-B2A6-6013ADF3C841}\mpengine.dll
2014-12-04 19:41 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2014-12-04 19:41 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2014-12-04 19:41 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-12-04 19:27 . 2014-12-04 19:27 -------- d-----w- c:\users\Svilen\AppData\Local\Microsoft Help
2014-12-04 19:27 . 2014-12-05 07:40 -------- d-----w- c:\programdata\Microsoft Help
2014-12-03 09:10 . 2014-12-03 09:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-11-29 19:24 . 2014-11-29 19:24 -------- d-----w- c:\windows\system32\Logs
2014-11-28 16:40 . 2014-11-28 16:40 -------- d-----w- c:\users\Svilen\AppData\Roaming\LolClient
2014-11-27 20:08 . 2014-11-27 20:08 -------- d-----w- c:\programdata\Riot Games
2014-11-27 20:04 . 2014-11-27 20:04 -------- d-----w- C:\Riot Games
2014-11-25 17:30 . 2014-11-27 20:04 -------- d-----w- c:\users\Svilen\AppData\Roaming\Riot Games
2014-11-23 19:12 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2014-11-23 19:12 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2014-11-23 19:12 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-13 00:12 . 2014-11-10 22:03 1291464 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-12-13 00:12 . 2014-11-10 08:55 2210040 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-12-13 00:12 . 2014-11-10 22:03 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-12-13 00:12 . 2014-11-10 08:55 2824504 ----a-w- c:\windows\system32\nvspcap64.dll
2014-12-07 14:25 . 2014-11-10 14:33 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-12-07 14:25 . 2014-11-10 13:42 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-11-26 21:10 . 2014-11-10 13:42 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-11-24 12:04 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-22 10:46 . 2014-11-10 08:54 35472 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-11-22 09:56 . 2014-11-10 10:14 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-12 21:44 . 2014-11-10 13:42 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-11-11 17:53 . 2014-11-11 17:53 29696 ----a-w- c:\windows\system32\drivers\dtscsibus.sys
2014-11-10 20:01 . 2014-11-10 20:01 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-10 10:14 . 2014-11-10 10:14 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-10 10:14 . 2014-11-10 10:14 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-11-10 10:14 . 2014-11-10 10:14 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-10 10:14 . 2014-11-10 10:14 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-10 10:14 . 2014-11-10 10:14 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-11-10 10:14 . 2014-11-10 10:14 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-10 10:14 . 2014-11-10 10:14 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-10 10:14 . 2014-11-10 10:14 43152 ----a-w- c:\windows\avastSS.scr
2014-11-10 10:14 . 2014-11-10 10:14 44640 ----a-w- c:\windows\system32\drivers\aswTap.sys
2014-11-10 09:41 . 2014-11-10 09:30 3190168 ----a-r- c:\windows\SysWow64\pb.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THPanel"="c:\program files (x86)\Thunder Master\THPanel.exe" [2014-05-29 2197800]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-11-27 30524520]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
"DAEMON Tools Ultra Agent"="c:\program files (x86)\DAEMON Tools Ultra\DTAgent.exe" [2014-07-10 3639568]
"BitComet"="c:\program files (x86)\BitComet\BitComet.exe" [2013-12-31 14276784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2013-04-11 134616]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-12 5227112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Услуга на технологиите за активиране на Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 EaseUS Agent;EaseUS Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe;c:\program files (x86)\BitComet\tools\BitCometService.exe [x]
S3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-18 16:00 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 08:29]
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 08:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-10 10:14 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 15:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 15:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 15:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 15:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 15:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 15:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-24 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-24 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-24 444400]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-26 13423688]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-04-30 36352]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
IE: &С&валяне &с BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &С&валяне на всички с BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 212.39.90.42 8.8.8.8
FF - ProfilePath - c:\users\Svilen\AppData\Roaming\Mozilla\Firefox\Profiles\3deoo6j4.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-21  21:01:22
ComboFix-quarantined-files.txt  2014-12-21 19:01
.
Pre-Run: 66 915 569 664 bytes free
Post-Run: 66 833 625 088 bytes free
.
- - End Of File - - 7192161D2DDDD60D8100827F1C278332
A36C5E4F47E84449FF07ED3517B43A31

ComboFix 14-12-14.01 - Svilen 12.2014 г.  20:54:18.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1026.18.3967.1684 [GMT 2:00]
Running from: c:\users\Svilen\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\YOuutubEEAAdBloockE
c:\program files (x86)\YOuutubEEAAdBloockE\G5wx8qZTTRVmUs.dat
c:\program files (x86)\YOuutubEEAAdBloockE\G5wx8qZTTRVmUs.exe
c:\program files (x86)\YOuutubEEAAdBloockE\G5wx8qZTTRVmUs.tlb
c:\programdata\Tbccint
c:\programdata\Tbccint\Multi\CT3329621\configutaion.json
c:\programdata\Tbccint\Multi\CT3329621\SetupIcon.ico
c:\programdata\Tbccint\Multi\CT3329621\UninstallerUI.exe
c:\users\Svilen\AppData\Local\Tbccint
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-21 to 2014-12-21  )))))))))))))))))))))))))))))))
.
.
2014-12-21 18:59 . 2014-12-21 18:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-20 11:08 . 2014-12-20 11:08 43664 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-12-20 11:03 . 2014-12-20 11:03 -------- d-----w- c:\users\Svilen\AppData\Local\Opera Software
2014-12-20 11:03 . 2014-12-20 11:03 -------- d-----w- c:\users\Svilen\AppData\Roaming\Opera Software
2014-12-20 11:01 . 2014-12-20 18:14 -------- d-----w- c:\program files (x86)\Opera
2014-12-20 10:57 . 2014-12-20 11:07 -------- d-----w- c:\programdata\HitmanPro
2014-12-20 10:56 . 2014-12-20 10:56 -------- d-----w- c:\users\Svilen\AppData\Roaming\RHEng
2014-12-20 10:55 . 2014-12-20 10:56 -------- d-----w- c:\users\Svilen\AppData\Roaming\rmi
2014-12-19 17:15 . 2014-12-20 10:24 -------- d-----w- C:\FRST
2014-12-19 10:41 . 2014-12-19 10:41 -------- d-----w- c:\program files (x86)\MSSOAP
2014-12-19 10:36 . 2014-12-19 10:36 -------- d-----w- c:\users\Svilen\AppData\Local\ElevatedDiagnostics
2014-12-19 10:33 . 2014-12-19 10:33 -------- d-----w- c:\users\Svilen\AppData\Local\Diagnostics
2014-12-19 10:16 . 2014-12-19 10:16 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-19 10:16 . 2014-12-19 10:16 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-19 10:16 . 2014-12-19 10:16 -------- d-----w- c:\windows\SysWow64\Macromed
2014-12-18 20:04 . 2014-12-18 20:06 -------- d-----w- c:\windows\system32\catroot2
2014-12-18 19:51 . 2014-12-18 19:51 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-12-18 19:47 . 2014-12-18 19:47 -------- d-----w- C:\RegBackup
2014-12-18 19:47 . 2014-12-20 10:35 -------- d-----w- c:\users\Svilen\AppData\Roaming\Malwarebytes
2014-12-18 15:49 . 2014-12-18 15:49 -------- d-----w- c:\users\Svilen\AppData\Local\Mozilla
2014-12-18 15:49 . 2014-12-18 15:49 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-12-18 11:28 . 2014-12-20 10:35 -------- d-----w- c:\programdata\Malwarebytes
2014-12-18 11:12 . 2014-11-22 10:46 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-12-18 11:12 . 2014-11-22 10:46 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-12-17 21:50 . 2014-12-17 21:50 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{43DE0B7D-960B-41D3-B2A6-6013ADF3C841}\offreg.dll
2014-12-17 20:30 . 2014-12-17 20:30 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-12-17 20:30 . 2014-11-10 10:14 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-17 20:30 . 2014-12-17 20:30 449936 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-12-16 16:38 . 2014-12-16 16:38 -------- d-----w- c:\program files (x86)\BuyyNsave
2014-12-16 16:37 . 2014-12-16 16:37 -------- d-----w- c:\programdata\jdldmkneheccicfmjbbbfhpgafjgfppc
2014-12-16 16:33 . 2014-12-21 15:40 -------- d-----w- c:\users\Svilen\AppData\Roaming\vlc
2014-12-16 16:32 . 2014-12-16 16:32 -------- d-----w- c:\program files (x86)\VideoLAN
2014-12-16 16:17 . 2014-12-20 13:48 -------- d-----w- C:\Downloads
2014-12-16 16:16 . 2014-12-21 18:55 -------- d-----w- c:\users\Svilen\AppData\Roaming\BitComet
2014-12-16 16:16 . 2014-12-16 16:16 -------- d-----w- c:\program files (x86)\BitComet
2014-12-08 20:23 . 2014-12-08 20:23 -------- d-----w- c:\users\Svilen\AppData\Roaming\Milestone
2014-12-08 19:36 . 2014-02-10 17:04 430080 ----a-w- c:\windows\mod_frst.exe
2014-12-07 19:15 . 2014-12-07 20:08 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2014-12-07 11:56 . 2014-10-14 09:14 188936 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2014-12-07 11:56 . 2014-10-14 09:14 18440 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2014-12-07 11:56 . 2014-10-14 09:13 60936 ----a-w- c:\windows\system32\drivers\eubakup.sys
2014-12-07 11:56 . 2014-10-14 09:14 48136 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2014-12-07 11:54 . 2014-10-14 08:44 24072 ----a-w- c:\windows\system32\fbnative.exe
2014-12-07 11:53 . 2014-12-07 11:54 -------- d-----w- c:\program files (x86)\EaseUS
2014-12-07 11:53 . 2014-12-07 11:53 -------- d-----w- c:\users\Svilen\AppData\Roaming\TuneUp Software
2014-12-07 11:53 . 2014-12-07 11:53 -------- d-----w- c:\users\Svilen\AppData\Local\TuneUp Software
2014-12-07 11:50 . 2014-12-18 11:36 -------- d-----w- c:\users\Svilen\AppData\Roaming\IHlpr
2014-12-05 07:49 . 2014-12-05 07:50 -------- d-----w- c:\program files\CCleaner
2014-12-05 07:29 . 2014-12-05 07:29 -------- d-sh--w- c:\users\Svilen\AppData\Local\EmieUserList
2014-12-05 07:29 . 2014-12-05 07:29 -------- d-sh--w- c:\users\Svilen\AppData\Local\EmieSiteList
2014-12-05 07:29 . 2014-12-05 07:29 -------- d-sh--w- c:\users\Svilen\AppData\Local\EmieBrowserModeList
2014-12-05 07:19 . 2014-12-05 07:19 -------- d-----w- c:\windows\SysWow64\Wat
2014-12-05 07:19 . 2014-12-05 07:19 -------- d-----w- c:\windows\system32\Wat
2014-12-05 02:44 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-12-05 02:44 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-12-05 02:44 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-12-05 02:44 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-12-05 02:44 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-12-05 02:30 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-12-05 02:18 . 2014-12-05 02:18 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-05 00:43 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-12-05 00:26 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2014-12-05 00:11 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-12-05 00:11 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-12-05 00:11 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-12-05 00:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-12-05 00:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-12-05 00:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-12-05 00:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-12-05 00:07 . 2014-12-05 00:07 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-12-05 00:04 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-12-05 00:04 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2014-12-05 00:04 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2014-12-05 00:02 . 2014-12-05 00:02 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2014-12-04 23:56 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-12-04 23:56 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-12-04 23:56 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-12-04 23:56 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-12-04 23:56 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-12-04 23:56 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-12-04 23:56 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-12-04 23:56 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-12-04 20:58 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2014-12-04 20:58 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2014-12-04 20:45 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2014-12-04 20:42 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2014-12-04 20:41 . 2014-06-18 02:19 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-12-04 20:40 . 2013-06-25 22:55 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-12-04 20:39 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2014-12-04 20:39 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2014-12-04 20:39 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-12-04 20:39 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-12-04 20:39 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-12-04 20:39 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-12-04 20:39 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-12-04 20:39 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2014-12-04 20:39 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-12-04 20:39 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-12-04 20:39 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2014-12-04 20:22 . 2013-08-29 02:13 878080 ----a-w- c:\windows\system32\advapi32.dll
2014-12-04 20:21 . 2014-10-03 02:12 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-12-04 20:20 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-12-04 20:19 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2014-12-04 20:18 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2014-12-04 19:52 . 2014-11-17 00:08 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{43DE0B7D-960B-41D3-B2A6-6013ADF3C841}\mpengine.dll
2014-12-04 19:41 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2014-12-04 19:41 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2014-12-04 19:41 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-12-04 19:27 . 2014-12-04 19:27 -------- d-----w- c:\users\Svilen\AppData\Local\Microsoft Help
2014-12-04 19:27 . 2014-12-05 07:40 -------- d-----w- c:\programdata\Microsoft Help
2014-12-03 09:10 . 2014-12-03 09:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-11-29 19:24 . 2014-11-29 19:24 -------- d-----w- c:\windows\system32\Logs
2014-11-28 16:40 . 2014-11-28 16:40 -------- d-----w- c:\users\Svilen\AppData\Roaming\LolClient
2014-11-27 20:08 . 2014-11-27 20:08 -------- d-----w- c:\programdata\Riot Games
2014-11-27 20:04 . 2014-11-27 20:04 -------- d-----w- C:\Riot Games
2014-11-25 17:30 . 2014-11-27 20:04 -------- d-----w- c:\users\Svilen\AppData\Roaming\Riot Games
2014-11-23 19:12 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2014-11-23 19:12 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2014-11-23 19:12 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-13 00:12 . 2014-11-10 22:03 1291464 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-12-13 00:12 . 2014-11-10 08:55 2210040 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-12-13 00:12 . 2014-11-10 22:03 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-12-13 00:12 . 2014-11-10 08:55 2824504 ----a-w- c:\windows\system32\nvspcap64.dll
2014-12-07 14:25 . 2014-11-10 14:33 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-12-07 14:25 . 2014-11-10 13:42 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-11-26 21:10 . 2014-11-10 13:42 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-11-24 12:04 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-22 10:46 . 2014-11-10 08:54 35472 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-11-22 09:56 . 2014-11-10 10:14 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-12 21:44 . 2014-11-10 13:42 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-11-11 17:53 . 2014-11-11 17:53 29696 ----a-w- c:\windows\system32\drivers\dtscsibus.sys
2014-11-10 20:01 . 2014-11-10 20:01 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-10 10:14 . 2014-11-10 10:14 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-10 10:14 . 2014-11-10 10:14 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-11-10 10:14 . 2014-11-10 10:14 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-10 10:14 . 2014-11-10 10:14 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-10 10:14 . 2014-11-10 10:14 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-11-10 10:14 . 2014-11-10 10:14 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-10 10:14 . 2014-11-10 10:14 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-10 10:14 . 2014-11-10 10:14 43152 ----a-w- c:\windows\avastSS.scr
2014-11-10 10:14 . 2014-11-10 10:14 44640 ----a-w- c:\windows\system32\drivers\aswTap.sys
2014-11-10 09:41 . 2014-11-10 09:30 3190168 ----a-r- c:\windows\SysWow64\pb.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THPanel"="c:\program files (x86)\Thunder Master\THPanel.exe" [2014-05-29 2197800]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-11-27 30524520]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
"DAEMON Tools Ultra Agent"="c:\program files (x86)\DAEMON Tools Ultra\DTAgent.exe" [2014-07-10 3639568]
"BitComet"="c:\program files (x86)\BitComet\BitComet.exe" [2013-12-31 14276784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2013-04-11 134616]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-12 5227112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Услуга на технологиите за активиране на Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 EaseUS Agent;EaseUS Agent Service;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe;c:\program files (x86)\BitComet\tools\BitCometService.exe [x]
S3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-18 16:00 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 08:29]
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-10 08:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-10 10:14 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 15:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 15:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 15:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 15:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 15:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 15:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-24 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-24 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-24 444400]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-26 13423688]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-04-30 36352]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
IE: &С&валяне &с BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &С&валяне на всички с BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 212.39.90.42 8.8.8.8
FF - ProfilePath - c:\users\Svilen\AppData\Roaming\Mozilla\Firefox\Profiles\3deoo6j4.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-21  21:01:22
ComboFix-quarantined-files.txt  2014-12-21 19:01
.
Pre-Run: 66 915 569 664 bytes free
Post-Run: 66 833 625 088 bytes free
.
- - End Of File - - 7192161D2DDDD60D8100827F1C278332
A36C5E4F47E84449FF07ED3517B43A31
 
Редактирано от kabota (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Активни зарази не се виждат в системата..! Имате ли все още някакви проблеми..?

 

vxyzw0.gif Java не е актуална а по-старите версии съдържат уязвимости. Нужно е да обновете до най-новата версия:
Изтеглете най-новата версия от тук: Free Java Download
Важно е да се отстранят по-стари версии на Java, тъй като тя не прави това автоматично и старите версии все още ви оставя уязвими.
Отидете на Start > Control Panel > отворете Uninstall a program
Намерете в списъка  всички предишни инсталирани версии на Java. (J2SE Runtime Environment).Във вашия случай:Java™ 8 Update 25. Изберете всяка поотделно и я деинсталирайте като щракнете върху Uninstall.След като старите версии са премахнати, моля инсталирайте най-новата версия.

 

Остана да премахнем инструментите които използвахме..:

 

 

Деинсталирайте ComboFix така:

 

  • Натиснете Start ==> Run ==> въведете командата Combofix /Uninstall ==> OK

CF.jpg
 
Моля, следвайте инструкциите, за да деинсталирате ComboFix. Ще получите съобщение, в което се казва ComboFix е деинсталиран успешно.

 

 

icon_arrow.gif Изтеглете следния файл и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи публикувайте лог файла - fixlog.txt, който ще се създаде след работата. Той трябва да изтрие карантинната папка на инструмента разположена в C:FRSTQuarantine.
 
 
icon_arrow.gif Изтеглете DelFix и го стартирайте. Сложете отметка пред Remove disinfection tools и след това натиснете бутона Run
Инструмента ще се самоизтрие след като приключи своята задача!
 
1_tmb_68929169_delfix.gif.jpg
 
 

icon_arrow.gif Препоръчвам програмата Malwarebytes' Anti-Malware да остане на вашия компютър и периодично да сканирате системата си с нея (поне един -два пъти в седмицата),като не забравяйте да обновите дефинициите и преди всяко сканиране..!Напомням че това не е антивирусна програма а едно изключително добро допълнение към нея..!

 

 

vxyzw0.gifИзползвайте програмите PatchMyPC или Secunia Personal Software Inspector за да инсталирайте всички ъпдейти и последни версии на софтуер, които инструментите ви предложат.

 

Предлагам ви да използвате тази много добра малка програма, която автоматично ще премахва всички нежелани допълнения  по време на инсталирането на софтуера. Това помага за предотвратяване на инсталиране на зловреден код.
 
Кликнете тук за да изтеглите програмата и я инсталирайте..!

 

xunchecky1_zps667e512d.jpg.pagespeed.ic.

xunchecky2_zpsca4e7d0d.jpg.pagespeed.ic.

 

 

Ако има инструменти, папки или логове от използваните от нас неща и те не са се изтрили при горе-споменатите процедури, ги изтрийте ръчно.
 

 

Ако нямате други въпроси маркирам случая за "Решен"...! Пожелавам лек ден и безопасен интернет..! :)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Еми за жалост проблема не е решен защото пак видеата ми насичат като тръгна да зареждам друг таб възможно ли е да не е от вирус и ако е тогава от какво е този проблем?Драйвари ?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Еми за жалост проблема не е решен защото пак видеата ми насичат като тръгна да зареждам друг таб възможно ли е да не е от вирус и ако е тогава от какво е този проблем?Драйвари ?

 

 

adwcleaner_new.png Сканиране с AdwCleaner

 

Моля, изтеглете и стартирайте програмата AdwCleaner (by Xplode):

  • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте Clean
  • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
  • Моля, да публикувате съдържанието на този лог в отговора си
  • Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

 

 

JRTbythisisu.png Сканиране с Junkware Removal Tool

 

Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

 

xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg  Дневници

 

В следващия си отговор, моля да включите следните дневници:

  • JRT.txt
  • AdwCleaner[s0].txt

 

За мен проблемът е решен. Активни зарази в системата ви не се виждат. И ако проблемът ви продължава то определено не се дължи на вируси.Весели празници..! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
 
Благодаря все пак но реално проблема не е решен четох за него и в други форуми но никой няма решение бихте ли ме препратили или насочили към някой който разбира ?
 
 
 
 
 
 
 
 
 
# AdwCleaner v4.106 - Създаден отчет 23/12/2014 на 09:26:20
# Актуализиран 21/12/2014 от Xplode
# Database : 2014-12-21.4 [Live]
# Операционна система : Windows 7 Ultimate Service Pack 1 (64 bits)
# Потребителско име : Svilen - SVILEN-PC
# Стартиран от : C:\Users\Svilen\Downloads\adwcleaner_4.106.exe
# Настройка : Почистване
 
***** [ Услуги ] *****
 
Услуа Изтритa : BackupStack
Услуа Изтритa : pcsuservice
 
***** [ Файлове / Папки ] *****
 
Папка Изтритa : C:\ProgramData\apn
Папка Изтритa : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up
Папка Изтритa : C:\Program Files (x86)\MyPC Backup
Папка Изтритa : C:\Program Files (x86)\pc speed up
Папка Изтритa : C:\Program Files (x86)\Tbccint
Папка Изтритa : C:\Users\Svilen\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
Папка Изтритa : C:\Users\Svilen\AppData\Local\SearchProtect
Папка Изтритa : C:\Users\Svilen\AppData\LocalLow\Tbccint
Папка Изтритa : C:\Users\Svilen\AppData\Roaming\VOPackage
Папка Изтритa : C:\Users\Svilen\AppData\Roaming\RHEng
Папка Изтритa : C:\Users\Svilen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Папка Изтритa : C:\Users\Svilen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Папка Изтритa : C:\Users\Svilen\Documents\PCSpeedUp
Папка Изтритa : C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Папка Изтритa : C:\Users\Svilen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Файл Изтритa : C:\END
Файл Изтритa : C:\Users\Svilen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Файл Изтритa : C:\Users\Svilen\Desktop\MyPC Backup.lnk
Файл Изтритa : C:\Users\Svilen\Desktop\PC Speed Up.lnk
Файл Изтритa : C:\Users\Svilen\Desktop\Sync Folder.lnk
 
***** [ задачи ] *****
 
задачa Изтрит : LaunchSignup
задачa Изтрит : PC SpeedUp Service Deactivator
 
***** [ Преки пътища ] *****
 
 
***** [ Системен регистър ] *****
 
Ключ Изтрит : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Ключ Изтрит : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Стойност Изтрит : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [pcspeedup]
Ключ Изтрит : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Ключ Изтрит : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Ключ Изтрит : HKLM\SOFTWARE\Classes\BuyNsave.BuyNsave
Ключ Изтрит : HKLM\SOFTWARE\Classes\BuyNsave.BuyNsave.9
Ключ Изтрит : HKLM\SOFTWARE\Classes\Toolbar.CT3329621
Ключ Изтрит : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Ключ Изтрит : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Ключ Изтрит : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Ключ Изтрит : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Ключ Изтрит : HKLM\SOFTWARE\Classes\CLSID\{62d126f0-b340-47e6-90cc-f32941e3ccea}
Ключ Изтрит : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Ключ Изтрит : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Ключ Изтрит : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Ключ Изтрит : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Ключ Изтрит : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Ключ Изтрит : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Ключ Изтрит : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{62d126f0-b340-47e6-90cc-f32941e3ccea}
Стойност Изтрит : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Стойност Изтрит : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Ключ Изтрит : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Ключ Изтрит : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Ключ Изтрит : [x64] HKLM\SOFTWARE\Classes\CLSID\{62d126f0-b340-47e6-90cc-f32941e3ccea}
Ключ Изтрит : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Стойност Изтрит : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Ключ Изтрит : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FC81D226-9E50-4DBF-998B-78B8A76385A9}
Ключ Изтрит : HKCU\Software\Conduit
Ключ Изтрит : HKCU\Software\Speedchecker Limited
Ключ Изтрит : HKCU\Software\Tbccint
Ключ Изтрит : HKCU\Software\Tbccint_HKLM
Ключ Изтрит : HKCU\Software\AppDataLow\Software\SmartBar
Ключ Изтрит : HKCU\Software\AppDataLow\Software\TbccintSearchScopes
Ключ Изтрит : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Ключ Изтрит : HKLM\SOFTWARE\Conduit
Ключ Изтрит : HKLM\SOFTWARE\Speedchecker Limited
Ключ Изтрит : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Ключ Изтрит : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}
Ключ Изтрит : [x64] HKLM\SOFTWARE\Speedchecker Limited
Ключ Изтрит : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Ключ Изтрит : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1
 
***** [ Браузъри ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Mozilla Firefox v34.0.5 (x86 bg)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
-\\ Opera v0.0.0.0
 
[C:\Users\Svilen\AppData\Roaming\Opera Software\Opera Stable\preferences] - Изтрит [Extension] : aaipilfmheplbcghignccoiiebekkdhe
[C:\Users\Svilen\AppData\Roaming\Opera Software\Opera Stable\preferences] - Изтрит [Extension] : elchiiiejkobdbblfejjkbphbddgmljf
[C:\Users\Svilen\AppData\Roaming\Opera Software\Opera Stable\preferences] - Изтрит [Extension] : ffhfoagmjcnkolneahbpagjcjjaeofbg
[C:\Users\Svilen\AppData\Roaming\Opera Software\Opera Stable\preferences] - Изтрит [Extension] : hjghiofiijcepdnocbgefbdlbckjfheg
[C:\Users\Svilen\AppData\Roaming\Opera Software\Opera Stable\preferences] - Изтрит [Extension] : iklgpchfbohgmghgfagediakopecfmbm
[C:\Users\Svilen\AppData\Roaming\Opera Software\Opera Stable\preferences] - Изтрит [Extension] : kfgaibfbmkjgmimhbbaikfnpkkjkpoan
[C:\Users\Svilen\AppData\Roaming\Opera Software\Opera Stable\preferences] - Изтрит [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn
[C:\Users\Svilen\AppData\Roaming\Opera Software\Opera Stable\preferences] - Изтрит [Extension] : kjpifmjicccpbkfjdkehimhgklfkbanh
[C:\Users\Svilen\AppData\Roaming\Opera Software\Opera Stable\preferences] - Изтрит [Extension] : hoidflomjnnnbiemmkjdjkkialmhbago
[C:\Users\Svilen\AppData\Roaming\Opera Software\Opera Stable\preferences] - Изтрит [Extension] : ekpibplnnkfdcafdpoekhoffegcajene
[C:\Users\Svilen\AppData\Roaming\Opera Software\Opera Stable\preferences] - Изтрит [Extension] : ipljmghelflfikejmgkmlmpjmehfjodc
[C:\Users\Svilen\AppData\Roaming\Opera Software\Opera Stable\preferences] - Изтрит [Extension] : ejddjnilmdncjilbfjgameihlklfpohp
[C:\Users\Svilen\AppData\Roaming\Opera Software\Opera Stable\preferences] - Изтрит [Extension] : eagomcfjiefffhpaejnlpjccikpipdoe
 
*************************
 
AdwCleaner[R0].txt - [7886 octets] - [23/12/2014 09:24:42]
AdwCleaner[s0].txt - [7384 octets] - [23/12/2014 09:26:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7444 octets] ##########
 
 
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x64
Ran by Svilen on ўв 23.12.2014 Ј. at  9:32:14,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ўв 23.12.2014 Ј. at  9:35:18,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Редактирано от kabota (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

.Да опитаме още нещо..:

 

Start => въведете в полето за търсене CMD => кликнете върху файла CMD.exe и изберете Run as administrator => напишете CMD.exe => въведете командата sfc /scannow и натиснете Enter

 

след това копирайте следната команда:

 

findstr /c:"[sR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

 

и натиснете Enter

 

Публикувайте в следващия си пост sfcdetails.txt, който ще се генерира на десктопа ви.


+

 

Да видим и какво е състоянието на диска...

 

Нека да направим една проверка за грешки:

 

Start => въведете в полето за търсене CMD => кликнете върху файла CMD.exe и изберете Run as administrator => напишете CMD.exe => въведете командата:

 

chkdsk c: /x /f /r => натиснете Enter

 

Съгласете се с Y на диалоговия прозорец.Рестартирайте компютъра и би трябвало проверката да започне.След това вижте какви са били резултатите.

 

Рапорта от проверката ще намерите тук:Start => в полето за търсене въведете eventvwr.msc => Аpplications => събитие WinInit Event ID 1001. Kопирайте рапорта в следващия си пост.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Съжалявам но не мога да намеря вторият фаил но иначе изпълних е двете задачи ако може снимка за втория фаил да го намеря?

sfcdetails.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

 Не знам какво да ви посъветвам, защото системата е абсолютно чиста от зловреден софтуер, а софтуерна поддръжка се прави трудно без физически достъп до системата. Има доста неща които могат да се опитат - обновяване на драйверите, премахване на avast за теста,, дефрагментиране на системата, но не с вградения дефрагментатор Аз бих заложил на MyDefrag:

 

Изтеглете MyDefrag и я инсталирайте.
 
Изберете System Disk Monthly => Посочете системния и recovery дяловете и натиснете Run
 
t23MhLW.png
 
Може да отнеме доста време...след като приключи ще изпише Finished и можете да затворите програмата от X-са
 
How+do+I+consolidate+free+space+using+My
 
След това рестартирайте системата.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.