Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

hhumpff

Съмнения за вирус или шпиониране

Препоръчан отговор


Здравейте!

Имам съмнения че системата е заразена или се шпионира.

Симптомите са следните:

При зареждане на Windows 7 и влизане в акаунта, излиза следното съобщение "The module "C:\Windows\System32\config\system...\loader_u.dll" failed to load.

Windows Defender не може да се стартира. Грешка "0х80070424"

Windows Update не може да се стартира. "Услугата не се изпълнява".

При поставяне на флашки в USB портовете не се виждат, а искат формат.

Невъзможност да се инсталира антивирусен софтуер.

Изчезване на връзките с принтера и скенера. Този симптом е "от време на време"

 

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

Липсва главния лог файл - FRST.txt

 

Моля копирайте съдържанието му в следващия си коментар! ;)

 

Иначе да, според Addition.txt, който сте прикачили системата ви е силно заразена...

 

След като публикувате другия лог файла, ще започнем с лечението.

 

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by GALIA (administrator) on GALIA-HP on 12-03-2015 09:58:25
Running from C:\Users\GALIA\Desktop
Loaded Profiles: GALIA (Available profiles: GALIA & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Български (България)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
() C:\Program Files (x86)\NVIDIA Corporation\Updates\NvdUpd.exe
() C:\Windows\Installer\{E228A891-DA19-3EFE-5EF5-D63C3E510E11}\syshost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\Program Files (x86)\charismathics\smart security interface 4.7\CSPregtool.exe
() C:\Users\GALIA\AppData\Roaming\svchost.exe
() C:\Users\GALIA\AppData\Roaming\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
() C:\Users\GALIA\AppData\Roaming\Umup\cyit.exe
(The Eraser Project         ) C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Idsoft\58547.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-07-13] ()
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12277248 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => regsvr32.exe C:\Windows\system32\config\systemprofile\AppData\Local\Owsics\loader_u.dll
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2011-01-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [925960 2012-08-06] (ABBYY.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [idsoft] => C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Idsoft\58547.exe [264280 2015-02-25] (The Eraser Project         )
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-957754236-1365624671-4150339817-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-957754236-1365624671-4150339817-1001\...\Run: [idsoft] => C:\Users\GALIA\AppData\Local\Idsoft\18310913.exe [264280 2015-02-24] (The Eraser Project         )
HKU\S-1-5-21-957754236-1365624671-4150339817-1001\...\Run: [Owsics] => regsvr32.exe C:\Users\GALIA\AppData\Local\Owsics\loader_u.dll <===== ATTENTION
HKU\S-1-5-21-957754236-1365624671-4150339817-1001\...\Run: [{FC6A7C41-9376-E349-BD29-2E1F952260F6}] => C:\Users\GALIA\AppData\Roaming\Umup\cyit.exe [182861 2012-07-15] ()
HKU\S-1-5-21-957754236-1365624671-4150339817-1001\...\Run: [] => regsvr32.exe C:\Windows\system32\config\systemprofile\AppData\Local\Owsics\loader_u.dll
HKU\S-1-5-21-957754236-1365624671-4150339817-1001\...\Run: [Client Server Runtime Process] => C:\Windows\system32\csrss.exe [7680 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-957754236-1365624671-4150339817-1001\...\Run: [Host-process Windows (Rundll32.exe)] => C:\Users\GALIA\AppData\Roaming\rundll32.exe [7680 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-957754236-1365624671-4150339817-1001\...\Run: [service Host Process for Windows] => C:\Users\GALIA\AppData\Roaming\svchost.exe [114762 2015-02-25] ()
HKU\S-1-5-21-957754236-1365624671-4150339817-1001\...\Run: [Ehrtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\GALIA\AppData\Local\Idsoft\New.dll
HKU\S-1-5-21-957754236-1365624671-4150339817-1001\...\MountPoints2: {51538e56-9a8e-11e2-a9bc-2c41389e8165} - F:\cdbrowser.exe
HKU\S-1-5-21-957754236-1365624671-4150339817-1001\...\MountPoints2: {d30f8c99-8242-11e2-980e-2c41389e8165} - F:\autorun.exe
HKU\S-1-5-21-957754236-1365624671-4150339817-1001\...\Winlogon: [shell] C:\Users\GALIA\AppData\Roaming\template.xml [89937 2015-01-28] (Laplink Software, Inc.) <==== ATTENTION
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\smart security registration status.lnk
ShortcutTarget: smart security registration status.lnk -> C:\Program Files (x86)\charismathics\smart security interface 4.7\CSPregtool.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-957754236-1365624671-4150339817-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
HKU\S-1-5-21-957754236-1365624671-4150339817-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {20058B1E-95C6-4354-9831-01708050C8DA} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {20058B1E-95C6-4354-9831-01708050C8DA} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-957754236-1365624671-4150339817-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-957754236-1365624671-4150339817-1001 -> {20058B1E-95C6-4354-9831-01708050C8DA} URL =
SearchScopes: HKU\S-1-5-21-957754236-1365624671-4150339817-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: PDF-XChange Viewer IE-Plugin -> {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} -> C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll [2009-03-02] (Tracker Software Products Ltd.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-05-09] (Hewlett-Packard)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30] (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-957754236-1365624671-4150339817-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {167248DA-0F88-4DE1-B4B1-45176751026D} https://aixbs.b-trust.org/wl-dl/bs/client_test2/js/renew/CertManX.cab
DPF: HKLM-x32 {4DB62416-BC86-4439-B5BA-366948F47C8D} https://aixbs.b-trust.org/wl-dl/bs/client_test2/js/sign/SCManagerX.cab
DPF: HKLM-x32 {500A3316-5B0E-4253-BBE5-CE3F11A1AE71} https://inetdec.nra.bg/dds/InetVAT5Frm.cab
DPF: HKLM-x32 {745395C8-D0E1-4227-8586-624CA9A10A8D} http://www.burgasbeach.bg/addons/jquery/cam1/AMC.cab
DPF: HKLM-x32 {97EA2A5E-A821-48A1-B0F9-DEDB5E0E62A2} https://inetdec.nra.bg/cabs/SignCOM.cab
DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} https://aixbs.b-trust.org/wl-dl/bs/client_test2/js/sign/capicom.dll
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} http://84.54.135.77/activex/AMC.cab
DPF: HKLM-x32 {F4FD133B-5AB6-441F-BBFE-966AFF032D10} https://inetdec.nra.bg/dds/InetVAT5Frm.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\..\Interfaces\{AF7C25B3-92D4-4C5B-895E-B6A64EF973F5}: [NameServer] 212.39.90.42

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll [2014-05-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll [2014-05-09] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Extension: B-Trust Smart Card Certificate - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-04-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-11-05]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-04-20]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.bg/
CHR StartupUrls: Default -> "hxxp://www.google.bg/"
CHR Profile: C:\Users\GALIA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\GALIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-23]
CHR Extension: (Google Drive) - C:\Users\GALIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-23]
CHR Extension: (YouTube) - C:\Users\GALIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-23]
CHR Extension: (Google Search) - C:\Users\GALIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-23]
CHR Extension: (Skype Click to Call) - C:\Users\GALIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-23]
CHR Extension: (Google Wallet) - C:\Users\GALIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\GALIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "8e2212b6e882e9df" service could not be unlocked. <===== ATTENTION

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-08-18] (ABBYY)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [485712 2011-05-19] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464440 2011-05-10] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPFSService; c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320512 2011-05-09] (Hewlett-Packard) [File not signed]
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-07-13] () [File not signed]
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
R2 NvUpdSrv; C:\Program Files (x86)\NVIDIA Corporation\Updates\NvdUpd.exe [94208 2015-03-10] () [File not signed]
R2 syshost32; C:\Windows\Installer\{E228A891-DA19-3EFE-5EF5-D63C3E510E11}\syshost.exe [91136 2015-02-23] () [File not signed]
U3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 8e2212b6e882e9df; C:\Windows\System32\Drivers\8e2212b6e882e9df.sys [76216 2015-02-23] () <===== ATTENTION Necurs Rootkit?
S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [62592 2014-05-14] (Advanced Card Systems Ltd.) [File not signed]
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-11-05] () [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-21] () [File not signed]
S3 arc; C:\Windows\system32\drivers\arc.sys [87632 2009-07-14] () [File not signed]
S3 arcsas; C:\Windows\system32\drivers\arcsas.sys [97856 2009-07-14] () [File not signed]
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] () [File not signed]
S3 atapi; C:\Windows\system32\drivers\atapi.sys [24128 2009-07-14] () [File not signed]
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] () [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] () [File not signed]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] () [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] ()
R1 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [45056 2009-07-14] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-23] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] () [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] () [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-14] () [File not signed]
R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-21] () [File not signed]
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-14] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] () [File not signed]
S3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [17664 2009-07-14] () [File not signed]
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] () [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [458824 2015-01-15] () [File not signed]
S3 Compbatt; C:\Windows\system32\drivers\compbatt.sys [21584 2009-07-14] () [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-21] () [File not signed]
S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [24144 2009-07-14] () [File not signed]
R1 CSC; C:\Windows\System32\drivers\csc.sys [514560 2010-11-21] () [File not signed]
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2011-05-10] () [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-21] () [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] () [File not signed]
R0 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-14] () [File not signed]
S3 dmvsc; C:\Windows\system32\drivers\dmvsc.sys [71168 2010-11-21] () [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-14] () [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-01] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [985536 2014-06-16] () [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] () [File not signed]
S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [530496 2009-07-14] () [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] () [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] () [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] () [File not signed]
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-14] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () [File not signed]
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-14] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-21] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () [File not signed]
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] () [File not signed]
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [65088 2009-07-14] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] () [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-21] () [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-21] () [File not signed]
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-14] () [File not signed]
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-14] () [File not signed]
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-14] () [File not signed]
R3 HidUsb; C:\Windows\system32\drivers\hidusb.sys [30208 2010-11-21] () [File not signed]
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-21] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-21] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-21] () [File not signed]
S3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-14] () [File not signed]
R0 iaStor; C:\Windows\System32\drivers\iaStor.sys [568600 2011-11-30] () [File not signed]
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-11-05] () [File not signed]
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [14745600 2012-03-19] () [File not signed]
S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [44112 2009-07-14] () [File not signed]
S3 Impcd; C:\Windows\system32\drivers\Impcd.sys [158976 2010-02-27] () [File not signed]
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [3074664 2011-09-20] () [File not signed]
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-21] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-21] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () [File not signed]
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [273792 2010-11-21] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] () [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-21] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2015-01-15] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155072 2015-01-15] () [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () [File not signed]
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [114752 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [106560 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [65600 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [115776 2009-07-14] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () [File not signed]
S3 megasas; C:\Windows\system32\drivers\megasas.sys [35392 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [284736 2009-07-14] () [File not signed]
R3 MEIx64; C:\Windows\system32\drivers\HECIx64.sys [56344 2010-10-19] () [File not signed]
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91080 2011-07-13] ()
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158280 2011-07-13] () [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] () [File not signed]
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-21] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [141312 2014-12-19] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-11-05] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-11-05] () [File not signed]
S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-21] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-21] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-21] ()
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-21] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-21] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] () [File not signed]
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1656680 2013-04-12] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-11-05] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-11-05] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 OxPPort; C:\Windows\system32\drivers\OxPPort.sys [98304 2008-07-31] () [File not signed]
S3 OxSer; C:\Windows\system32\drivers\OxSer.sys [98352 2009-09-16] () [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] () [File not signed]
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-11-05] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-21] () [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] () [File not signed]
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-21] () [File not signed]
R3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165888 2010-11-21] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [212480 2014-07-17] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [676968 2012-02-16] () [File not signed]
S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [6656 2010-11-21] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-21] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] ()
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] () [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-11-05] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-11-05] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-11-05] () [File not signed]
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-14] () [File not signed]
R0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [46464 2010-11-21] () [File not signed]
S3 storvsc; C:\Windows\system32\drivers\storvsc.sys [34688 2010-11-21] () [File not signed]
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2014-04-05] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-21] () [File not signed]
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-21] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2014-07-17] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [57856 2012-08-23] () [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-21] () [File not signed]
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-14] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-21] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] () [File not signed]
S3 UmPass; C:\Windows\System32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2013-07-03] () [File not signed]
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-11-05] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed]
S3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [19968 2013-02-12] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-21] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed]
S3 vmbus; C:\Windows\system32\drivers\vmbus.sys [199552 2010-11-21] () [File not signed]
S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [21760 2010-11-21] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [296320 2011-11-05] () [File not signed]
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] () [File not signed]
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [File not signed]
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-26] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUSB.sys [41984 2010-11-21] () [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed]
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-12-31 12:10 - 2015-12-31 12:10 - 00001027 _____ () C:\Users\GALIA\Desktop\PayDocs.LNK
2015-12-31 12:10 - 2015-12-31 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PayDocs
2015-12-31 12:09 - 2015-12-31 12:09 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2015-12-31 12:09 - 2015-12-31 12:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2015-12-31 12:09 - 2015-12-31 12:09 - 00000000 ____D () C:\Users\GALIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PayDocs
2015-12-31 12:09 - 2015-03-10 16:37 - 00000000 ____D () C:\Program Files (x86)\PayDocs
2015-03-12 09:58 - 2015-03-12 09:58 - 00042457 _____ () C:\Users\GALIA\Desktop\FRST.txt
2015-03-12 09:58 - 2015-03-12 09:58 - 00000000 ____D () C:\FRST
2015-03-12 09:57 - 2015-03-12 09:57 - 02095616 _____ (Farbar) C:\Users\GALIA\Desktop\FRST64.exe
2015-03-12 09:50 - 2015-03-12 09:50 - 00003840 _____ () C:\Users\GALIA\Desktop\windefend.reg
2015-03-12 09:16 - 2015-03-12 09:16 - 00000000 ____D () C:\Users\GALIA\Tracing
2015-03-12 08:51 - 2015-03-12 08:51 - 00000000 ____D () C:\Users\GALIA\AppData\Roaming\Symantec
2015-03-11 15:44 - 2015-03-11 15:56 - 00000000 ____D () C:\ProgramData\ESET
2015-03-11 15:44 - 2015-03-11 15:56 - 00000000 ____D () C:\Program Files\ESET
2015-03-11 15:42 - 2015-03-11 15:42 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-11 15:41 - 2015-03-11 15:41 - 00000000 ____D () C:\Моите документи
2015-03-11 15:32 - 2015-03-11 15:32 - 00001284 _____ () C:\Windows\pmsuunst.log
2015-03-11 15:32 - 2015-03-11 15:32 - 00001240 _____ () C:\Windows\fsdgunst.log
2015-03-11 15:32 - 2015-03-11 15:32 - 00000724 _____ () C:\Windows\daasunin.LOG
2015-03-11 15:31 - 2015-03-11 15:32 - 00003525 _____ () C:\Windows\FSAUA_UN.LOG
2015-03-11 15:31 - 2015-03-11 15:32 - 00001564 _____ () C:\Windows\FSASWUNI.LOG
2015-03-11 15:30 - 2015-03-11 15:30 - 00001534 _____ () C:\Windows\FSPSUNI.LOG
2015-03-11 15:30 - 2015-03-11 15:30 - 00000915 _____ () C:\Windows\FSGEMINST.LOG
2015-03-11 15:29 - 2015-03-11 15:32 - 00640410 _____ () C:\Windows\FSUNINST.log
2015-03-11 13:13 - 2015-03-11 13:13 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2015-03-11 13:13 - 2015-03-11 13:13 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2015-03-11 13:13 - 2015-03-11 13:13 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieBrowserModeList
2015-03-11 13:08 - 2015-03-11 13:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Idsoft
2015-03-11 13:07 - 2015-03-11 13:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2015-03-11 13:06 - 2015-03-11 13:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Owsics
2015-03-11 13:04 - 2015-03-11 13:04 - 00000000 ____D () C:\Program Files\Advanced Card Systems Ltd
2015-03-11 12:46 - 2015-03-11 12:46 - 01192375 _____ () C:\Windows\unins000.exe
2015-03-11 12:46 - 2015-03-11 12:46 - 00109763 _____ () C:\Windows\unins000.dat
2015-03-11 12:46 - 2015-03-11 12:46 - 00002297 _____ () C:\Users\Public\Desktop\smart security interface utility.lnk
2015-03-11 12:46 - 2015-03-11 12:46 - 00001047 _____ () C:\Users\Public\Desktop\B-Trust Info.lnk
2015-03-11 12:46 - 2015-03-11 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\charismathics
2015-03-11 12:46 - 2015-03-11 12:46 - 00000000 ____D () C:\Program Files (x86)\charismathics
2015-03-11 12:46 - 2015-03-11 12:46 - 00000000 ____D () C:\Program Files (x86)\B-Trust
2015-03-10 10:58 - 2015-03-10 10:58 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-09 10:04 - 2015-03-09 10:04 - 00000006 _____ () C:\Windows\SysWOW64\reboot.txt
2015-03-09 09:53 - 2015-03-09 09:53 - 00175736 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-03-09 09:35 - 2015-03-09 09:39 - 00000191 _____ () C:\ProgramData\hpzinstall.log
2015-03-09 09:22 - 2015-03-09 09:22 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-03-06 13:50 - 2015-03-06 13:54 - 00000000 ____D () C:\Users\GALIA\Documents\Dogovor za Transport na lokomotiv - RT COMMERCE
2015-03-05 13:32 - 2015-03-06 11:18 - 00000000 ____D () C:\Users\GALIA\Documents\Земеделски Производител
2015-03-05 11:54 - 2015-03-05 11:54 - 00001009 _____ () C:\Users\Public\Desktop\UltraISO.lnk
2015-03-05 11:54 - 2015-03-05 11:54 - 00000000 ____D () C:\Users\GALIA\Documents\My ISO Files
2015-03-05 11:54 - 2015-03-05 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2015-03-05 11:54 - 2015-03-05 11:54 - 00000000 ____D () C:\Program Files (x86)\UltraISO
2015-03-05 11:35 - 2015-03-09 10:30 - 00000000 ____D () C:\Users\GALIA\AppData\Local\Ahead
2015-03-05 11:35 - 2015-03-05 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition
2015-03-05 11:34 - 2015-03-05 11:38 - 00000000 ____D () C:\Users\GALIA\AppData\Roaming\Ahead
2015-03-05 11:33 - 2015-03-05 11:33 - 00000000 ____D () C:\ProgramData\Nero
2015-03-05 11:33 - 2015-03-05 11:33 - 00000000 ____D () C:\Program Files (x86)\Nero
2015-03-05 11:31 - 2015-03-05 11:31 - 00026851 _____ () C:\Windows\DirectX.log
2015-03-05 11:31 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-03-05 11:31 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-03-05 11:24 - 2000-06-26 11:45 - 00106496 _____ (Pegasus Software) C:\Windows\SysWOW64\TwnLib20.dll
2015-03-05 11:23 - 2015-03-05 11:27 - 00000000 ____D () C:\Program Files (x86)\Ahead
2015-02-25 09:05 - 2015-02-25 09:04 - 00114762 __RSH () C:\Windows\SysWOW64\csrss.exe
2015-02-25 09:05 - 2015-02-25 09:04 - 00114762 __RSH () C:\Users\GALIA\AppData\Roaming\svchost.exe
2015-02-25 09:05 - 2015-02-25 09:04 - 00114762 __RSH () C:\Users\GALIA\AppData\Roaming\rundll32.exe
2015-02-24 14:06 - 2015-03-09 09:43 - 00000000 ____D () C:\Users\GALIA\AppData\Local\Idsoft
2015-02-24 14:06 - 2015-02-27 10:43 - 00000224 _____ () C:\Users\GALIA\AppData\Roaming\template.css
2015-02-24 14:06 - 2015-02-26 11:01 - 00000216 _____ () C:\Users\GALIA\AppData\Roaming\template.log
2015-02-24 14:06 - 2015-02-24 14:20 - 00000000 ____D () C:\Users\GALIA\AppData\Roaming\Ivbe
2015-02-24 14:06 - 2015-02-24 14:06 - 00117768 _____ () C:\Users\GALIA\AppData\Roaming\6201c0e68e604f.xml
2015-02-24 14:06 - 2015-02-24 14:06 - 00000000 ____D () C:\Users\GALIA\AppData\Roaming\Umup
2015-02-24 14:06 - 2015-02-24 14:06 - 00000000 ____D () C:\Users\GALIA\AppData\Local\Owsics
2015-02-23 09:26 - 2015-02-23 09:26 - 00076216 _____ () C:\Windows\system32\Drivers\8e2212b6e882e9df.sys
2015-02-18 13:42 - 2015-02-18 13:44 - 00000000 ____D () C:\Users\GALIA\Documents\Фактури за локомотив РУМЪНИЯ
2015-02-11 09:36 - 2015-01-10 08:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 09:36 - 2015-01-10 08:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:36 - 2015-01-10 08:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 09:36 - 2015-01-10 08:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:36 - 2015-01-10 08:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 09:36 - 2015-01-10 08:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 09:36 - 2015-01-10 08:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 09:36 - 2015-01-10 08:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 09:36 - 2015-01-10 08:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 09:36 - 2015-01-10 08:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 09:36 - 2015-01-10 08:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 09:36 - 2015-01-10 08:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 09:36 - 2015-01-10 08:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 09:36 - 2015-01-10 08:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 09:35 - 2015-01-14 07:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:35 - 2015-01-14 07:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 09:35 - 2015-01-12 05:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:35 - 2015-01-12 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 09:35 - 2015-01-12 04:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 09:35 - 2015-01-12 04:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 09:35 - 2015-01-12 04:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 09:35 - 2015-01-12 04:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 09:35 - 2015-01-12 04:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 09:35 - 2015-01-12 04:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 09:35 - 2015-01-12 04:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 09:35 - 2015-01-12 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 09:35 - 2015-01-12 04:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 09:35 - 2015-01-12 04:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 09:35 - 2015-01-12 04:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 09:35 - 2015-01-12 04:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:35 - 2015-01-12 04:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 09:35 - 2015-01-12 04:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 09:35 - 2015-01-12 03:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 09:35 - 2015-01-12 03:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 09:35 - 2015-01-12 03:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 09:35 - 2015-01-12 03:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 09:35 - 2015-01-12 03:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:35 - 2015-01-12 03:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:35 - 2015-01-12 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:35 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 09:35 - 2015-01-12 03:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 09:35 - 2015-01-12 03:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 09:35 - 2015-01-12 03:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 09:35 - 2015-01-12 03:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 09:35 - 2015-01-12 03:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 09:35 - 2015-01-12 03:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 09:35 - 2015-01-12 03:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:35 - 2015-01-12 03:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:35 - 2015-01-12 02:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 09:35 - 2015-01-12 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 09:34 - 2015-01-12 05:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:34 - 2015-01-12 04:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:34 - 2015-01-12 04:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:34 - 2015-01-12 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:34 - 2015-01-12 04:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:34 - 2015-01-12 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:34 - 2015-01-12 04:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:34 - 2015-01-12 04:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 09:34 - 2015-01-12 04:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 09:34 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:34 - 2015-01-12 04:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 09:34 - 2015-01-12 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 09:34 - 2015-01-12 04:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:34 - 2015-01-12 03:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 09:34 - 2015-01-12 03:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:34 - 2015-01-12 03:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 09:34 - 2015-01-12 03:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 09:34 - 2015-01-12 03:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:34 - 2015-01-12 03:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 09:34 - 2015-01-12 03:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 09:31 - 2015-01-15 10:14 - 00155072 _____ () C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:31 - 2015-01-15 10:14 - 00095680 _____ () C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 09:31 - 2015-01-15 10:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:31 - 2015-01-15 10:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 09:31 - 2015-01-15 10:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 09:31 - 2015-01-15 10:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 09:31 - 2015-01-15 10:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 09:31 - 2015-01-15 10:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 09:31 - 2015-01-15 10:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:31 - 2015-01-15 10:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 09:31 - 2015-01-15 10:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:31 - 2015-01-15 09:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 09:31 - 2015-01-15 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 09:31 - 2015-01-15 09:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 09:31 - 2015-01-15 09:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 09:31 - 2015-01-15 09:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 09:31 - 2015-01-15 09:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 09:31 - 2015-01-15 06:22 - 00458824 _____ () C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:30 - 2015-01-14 08:09 - 05554112 _____ () C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:30 - 2015-01-14 08:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 09:30 - 2015-01-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 09:30 - 2015-01-14 08:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 09:30 - 2015-01-14 07:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 09:30 - 2015-01-14 07:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 09:30 - 2015-01-14 07:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 09:30 - 2015-01-13 05:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:30 - 2015-01-13 04:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 09:30 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:30 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 09:28 - 2015-01-09 04:03 - 03201536 _____ () C:\Windows\system32\win32k.sys
2015-02-10 13:43 - 2015-02-20 10:48 - 00000000 ____D () C:\Users\GALIA\Documents\ProAudio

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 09:58 - 2009-07-14 06:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-12 09:58 - 2009-07-14 06:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 09:54 - 2012-04-19 11:08 - 01426032 _____ () C:\Windows\WindowsUpdate.log
2015-03-12 09:53 - 2012-09-21 07:57 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 09:53 - 2012-04-21 10:11 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-03-12 09:53 - 2012-04-21 10:11 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2015-03-12 09:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-12 09:52 - 2009-07-14 06:51 - 00075163 _____ () C:\Windows\setupact.log
2015-03-12 09:51 - 2013-04-02 09:50 - 00000000 ____D () C:\Users\GALIA\Documents\Файлове на Outlook
2015-03-12 09:44 - 2014-04-07 08:09 - 00000000 ____D () C:\Users\GALIA\AppData\Roaming\Skype
2015-03-12 09:26 - 2012-09-21 07:57 - 00000998 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-12 09:16 - 2012-04-21 12:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-12 09:16 - 2012-04-21 12:06 - 00000000 ____D () C:\ProgramData\Skype
2015-03-12 09:16 - 2012-04-19 11:10 - 00000000 ____D () C:\Users\GALIA
2015-03-12 08:53 - 2010-11-21 05:47 - 01109688 _____ () C:\Windows\PFRO.log
2015-03-11 15:42 - 2011-11-05 09:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
2015-03-11 15:40 - 2012-04-19 13:30 - 00000000 ____D () C:\Program Files (x86)\F-Secure
2015-03-11 15:34 - 2013-05-18 08:19 - 00000000 ____D () C:\Program Files (x86)\Axis Communications
2015-03-11 15:32 - 2012-04-19 13:30 - 65407614 _____ () C:\Windows\FSISU.log
2015-03-11 15:32 - 2012-04-19 13:30 - 00491350 _____ () C:\Windows\FSDEPH.log
2015-03-11 15:32 - 2012-04-19 13:30 - 00009986 _____ () C:\Windows\FSGKIAIN.log
2015-03-11 15:32 - 2012-04-19 13:30 - 00004321 _____ () C:\Windows\FSLDIN.LOG
2015-03-11 15:32 - 2012-04-19 13:30 - 00000727 _____ () C:\Windows\FSGUIINS.LOG
2015-03-11 15:32 - 2012-04-19 13:30 - 00000643 _____ () C:\Windows\fstnbins.LOG
2015-03-11 15:32 - 2012-04-19 13:30 - 00000584 _____ () C:\Windows\HELPINST.LOG
2015-03-11 15:31 - 2012-04-19 13:30 - 00024026 _____ () C:\Windows\fsavunin.log
2015-03-11 15:31 - 2012-04-19 13:30 - 00000000 ____D () C:\ProgramData\F-Secure
2015-03-11 15:30 - 2012-04-20 12:12 - 00000615 _____ () C:\Windows\FSAVES_inst.log
2015-03-11 15:30 - 2012-04-19 13:30 - 00032994 _____ () C:\Windows\fwesinst.log
2015-03-11 15:30 - 2012-04-19 13:30 - 00024206 _____ () C:\Windows\fwinst.log
2015-03-11 15:30 - 2012-04-19 13:30 - 00006457 _____ () C:\Windows\fsdevconinst.log
2015-03-11 15:22 - 2013-04-22 08:34 - 00000095 _____ () C:\Windows\winamp.ini
2015-03-11 15:15 - 2014-01-24 13:06 - 00000000 ____D () C:\Users\GALIA\AppData\Roaming\BitTorrent
2015-03-11 15:15 - 2013-04-30 09:26 - 00000000 ____D () C:\Users\GALIA\Documents\УНИТРАНСКОМ
2015-03-11 13:26 - 2009-07-14 07:13 - 00794218 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-11 13:25 - 2013-07-12 14:54 - 00000000 ____D () C:\Users\GALIA\Desktop\Унитранском
2015-03-11 13:09 - 2013-04-03 13:39 - 00003998 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0D8C6FB3-03C1-47BD-A864-1DDA47C3555E}
2015-03-11 13:06 - 2013-04-03 13:39 - 00001399 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-11 12:48 - 2012-09-25 08:16 - 00000000 ____D () C:\Users\GALIA\AppData\Local\CrashDumps
2015-03-11 12:46 - 2013-04-23 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B-Trust
2015-03-11 12:46 - 2013-04-22 14:24 - 00180186 _____ () C:\Windows\certutil.log
2015-03-11 12:38 - 2011-11-05 09:17 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2015-03-11 12:36 - 2014-05-10 09:14 - 00000000 ____D () C:\Program Files (x86)\QIP
2015-03-11 12:36 - 2013-04-23 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cv cryptovision
2015-03-11 12:36 - 2013-04-23 09:19 - 00000000 ____D () C:\Program Files (x86)\cv cryptovision
2015-03-11 12:33 - 2014-01-24 13:03 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-03-11 12:29 - 2013-04-23 09:19 - 00000000 ____D () C:\Program Files\DIFX
2015-03-10 16:02 - 2014-07-17 09:33 - 00000000 ____D () C:\Users\GALIA\Desktop\ПРОДАЖБА НА НИТРАТ - ЮЛИ 2014
2015-03-09 11:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2015-03-09 11:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-03-09 10:04 - 2011-11-05 09:11 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-03-09 09:57 - 2009-07-14 04:34 - 00000513 _____ () C:\Windows\win.ini
2015-03-09 09:53 - 2011-11-05 09:23 - 00000000 ____D () C:\Program Files\Symantec
2015-03-09 09:02 - 2012-05-02 11:05 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGALIA
2015-03-09 09:02 - 2012-05-02 11:05 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForGALIA.job
2015-03-09 08:57 - 2012-04-21 09:38 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-03-06 14:28 - 2013-04-05 09:19 - 00000000 ____D () C:\Users\GALIA\Documents\Fakturi deyan
2015-03-06 13:33 - 2013-04-08 10:46 - 00000000 ____D () C:\Users\GALIA\Documents\Dokumetni na rymynski
2015-03-05 11:54 - 2013-04-08 10:47 - 00000000 ____D () C:\Users\GALIA\Documents\Programi
2015-03-05 11:29 - 2013-05-15 08:57 - 00000000 ____D () C:\Temp
2015-02-25 13:59 - 2014-11-24 12:31 - 00000000 ____D () C:\Users\GALIA\Documents\ASTRA BIOPLANT
2015-02-13 15:42 - 2014-10-02 12:35 - 00000000 ____D () C:\Users\GALIA\Documents\Olio
2015-02-12 15:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 09:35 - 2009-07-14 06:45 - 00410704 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 09:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-02-11 15:59 - 2015-01-28 09:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 15:53 - 2012-04-20 12:09 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-02-24 14:06 - 2015-02-24 14:06 - 0117768 _____ () C:\Users\GALIA\AppData\Roaming\6201c0e68e604f.xml
2014-01-24 12:58 - 2014-01-24 12:58 - 0000000 _____ () C:\Users\GALIA\AppData\Roaming\bitlord_log.txt
2015-02-25 09:05 - 2015-02-25 09:04 - 0114762 __RSH () C:\Users\GALIA\AppData\Roaming\rundll32.exe
2015-02-25 09:05 - 2015-02-25 09:04 - 0114762 __RSH () C:\Users\GALIA\AppData\Roaming\svchost.exe
2015-02-24 14:06 - 2015-02-27 10:43 - 0000224 _____ () C:\Users\GALIA\AppData\Roaming\template.css
2015-02-24 14:06 - 2015-02-26 11:01 - 0000216 _____ () C:\Users\GALIA\AppData\Roaming\template.log
2015-01-28 10:35 - 2015-01-28 10:35 - 0089937 _____ (Laplink Software, Inc.) C:\Users\GALIA\AppData\Roaming\template.xml
2014-01-24 13:01 - 2014-01-24 13:01 - 0000218 _____ () C:\Users\GALIA\AppData\Local\recently-used.xbel
2015-03-09 09:35 - 2015-03-09 09:39 - 0000191 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\pdfiutil.exe
C:\Users\Administrator\AppData\Local\Temp\uninstall.exe
C:\Users\GALIA\AppData\Local\Temp\18341739.exe
C:\Users\GALIA\AppData\Local\Temp\18342909.exe
C:\Users\GALIA\AppData\Local\Temp\277790.exe
C:\Users\GALIA\AppData\Local\Temp\279116.exe
C:\Users\GALIA\AppData\Local\Temp\361469.exe
C:\Users\GALIA\AppData\Local\Temp\369098.exe
C:\Users\GALIA\AppData\Local\Temp\3F42.exe
C:\Users\GALIA\AppData\Local\Temp\476583.exe
C:\Users\GALIA\AppData\Local\Temp\480108.exe
C:\Users\GALIA\AppData\Local\Temp\B253.exe
C:\Users\GALIA\AppData\Local\Temp\bitool.dll
C:\Users\GALIA\AppData\Local\Temp\certutil.exe
C:\Users\GALIA\AppData\Local\Temp\E0B1.exe
C:\Users\GALIA\AppData\Local\Temp\ExPromo.exe
C:\Users\GALIA\AppData\Local\Temp\F662.exe
C:\Users\GALIA\AppData\Local\Temp\hpzscr01.exe
C:\Users\GALIA\AppData\Local\Temp\InitBDE.exe
C:\Users\GALIA\AppData\Local\Temp\InstHelper.exe
C:\Users\GALIA\AppData\Local\Temp\jpcsc.dll
C:\Users\GALIA\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\GALIA\AppData\Local\Temp\ose00000.exe
C:\Users\GALIA\AppData\Local\Temp\pkcs11wrapper.dll
C:\Users\GALIA\AppData\Local\Temp\pkcs11wrapper1014158130601399133.dll
C:\Users\GALIA\AppData\Local\Temp\pkcs11wrapper2644266899048177537.dll
C:\Users\GALIA\AppData\Local\Temp\pkcs11wrapper3443902982264404421.dll
C:\Users\GALIA\AppData\Local\Temp\pkcs11wrapper3800053409440100062.dll
C:\Users\GALIA\AppData\Local\Temp\pkcs11wrapper4054633075456955646.dll
C:\Users\GALIA\AppData\Local\Temp\pkcs11wrapper4096138739382520878.dll
C:\Users\GALIA\AppData\Local\Temp\pkcs11wrapper4197609917709903541.dll
C:\Users\GALIA\AppData\Local\Temp\pkcs11wrapper4631781602996231142.dll
C:\Users\GALIA\AppData\Local\Temp\pkcs11wrapper4824273168506613218.dll
C:\Users\GALIA\AppData\Local\Temp\pkcs11wrapper5062206538291720060.dll
C:\Users\GALIA\AppData\Local\Temp\pkcs11wrapper652115139808384821.dll
C:\Users\GALIA\AppData\Local\Temp\pkcs11wrapper6774307685596658730.dll
C:\Users\GALIA\AppData\Local\Temp\pkcs11wrapper6852123523426901590.dll
C:\Users\GALIA\AppData\Local\Temp\pkcs11wrapper8500296738971640843.dll
C:\Users\GALIA\AppData\Local\Temp\SkypeSetup.exe
C:\Users\GALIA\AppData\Local\Temp\sp64126.exe
C:\Users\GALIA\AppData\Local\Temp\UninstallHPSA.exe

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\comsxva2.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2011-11-05 08:59] - [2011-11-05 08:59] - 0296320 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!

 

testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!

LastRegBack: 2015-03-05 12:54

==================== End Of Log ============================

 

 

Смятах да я пусна като втори пост, но забравих, че чакам администраторски надзор.

Извинете ме!

 

 

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да, видях това и одобрих темата ви. Новата мярка бе приета за да не могат новорегистрирани потребители да извършват нарушения.

Само че се налага да отивам на работа. Ще мога да прегледам лога и да създам скрипт за почистването след 22.00 часа. Дотогава е добра идея да не ползвате машината свързана към интернет.

Също така не пускайте никакви инструменти за почистване и разни скенери на своя глава. Това само ще затрудни моята работа.

 

Поздрави и до скоро! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Вече използвах почистване на диска на Windows. За това ще направя един нов скан и ще прикача двата файла към този пост. Благодаря предварително.

Тъй като инсталацията е много стара се чудя дали да не запиша каквото мога на един хард и да направя нова инсталация?

Addition.txt

FRST.txt


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

На този етап няма смисъл, защото би трябвало да успеем да го почистим напълно и без преинсталация.

Ако не успеем винаги можете да преинсталирате като последна възможност. Но засега няма смисъл да прибързваме.

До после. ;)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Така...нека да започнем така за да премахним рууткита от volsnap.sys.

 

Моля изтеглете последната версия на TDSSKiller оттук и я запазете на вашия декстоп.

Стартирайте TDSSKiller.exe за да стартирате приложението. След това кликнете върху бутона Change parameters.
Сложете отметка през Loaded Modules.

Sbf88.png
Необходим е рестарт за осъществяване на промените. Направете го!
TDSSKiller ще стартира автоматично след рестарта. Важно е да се отбележи, че вашия компютър може да изглежда по-бавен, на моменти неизползваем и с по-ниска производителност. Това е нормално и ще трае само един рестарт. Дайте му достатъчно време да зареди приложенията стартиращи с Операционната Система във фонов режим.
След това натиснете Change parameters в TDSSKiller отново.
Сложете всички отметки (този път рестарт не се изисква).
Натиснете бутона Start Scan.
Проверката не би трябвало да отмене повече от 5 minutes.
Ако подозрителен обект бъде засечен, действието по подразбиране ще бъде Skip, кликнете върху Continue.
Ако зловредни обекти бъдат намерени, тогава от падащото меню ще имате три възможности.
Бъдете сигурни, че избраното действие е Cure и натиснете върху Continue > Рестартирайте за да бъде завършена поправката.

Забележка: Ако Cure бутона не е наличен от възможностите, тогава моля изберете Skip бутона, не избирайте Delete освен ако не сте инструктирани затова.
Лог файл ще бъде създаден в свободната директория на дял C:\ . Потърсете за лог с името "TDSSKiller.[Version]_[Date]_[Time]_log.txt" и копирайте съдържанието му в следващия си пост.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Първо искам да Ви благодаря, че се отзовахте и сте готови за помощ. Тъй като обаче не исках да се предавам и аз продължих да се боря с проблемите. Вчера след последния пост до Вас, и за да не чакам само "неволята", наруших Вашите указания и инсталирах тази програмка: "Malwarebytes Anti-Malware Premium v2.0.4.1028 Final". Тя откри доста зловреден софтуер и след като го постави под карантина успях да подкарам Windows Defender и Windows Update. След ъпдейт и нова проверка, не се откриха "зловредни" а само две подозрителни, които обаче според мен са ОК. След това вече успешно успях да инсталирам НОД32, които направи скан и също откри някой проблеми. Днес сутринта получих отговора Ви и инсталирах tdsskiller който откри същите две подозрителни програмки(едната е към инструментите на HP). Надявам се, че системата е "излекувана", но все пак прикачвам репортите от двата инструмента които предоставихте, за да хвърлите едно око. Надявам се че не сте ядосан заради опитите да се оправя някак си сам, но по този начин (с четене) човек се учи, а иначе на готово е само временно решение.

Моля, да погледнете и да споделите какво е положението с логовете. Снимката е съобщението което се показва при зареждане на акаунта.

ПП: Остават съмненията в мен че мрежата ни се следи от една конкурентна фирма, за която се оказа се поддържа от бившия и системен админ., но не знам как мога да проверя това.

Благодаря!

TDSSKiller.3.0.0.44_13.03.2015_12.11.42_log.txt

FRST.txt

Addition.txt

post-65-0-84175100-1426244938_thumb.jpg

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Това си е ваше право, но аз изрично предупредих и помолих да не стартирате нищо на своя глава, което ви е не спазихте. Отделно не мисля, че сте чакали дълго, защото все пак успях да пиша към 17.00 вчера, а не към 22.00 вечерта, както бях писал преди.

Неволята помага, но в случая на тази сфера се искат години работа и опит и не става с 2-3 програми, както повечето си мислят, че проблема ще се реши.

Тук си има методика, която не беше спазена и аз повече няма смисъл да се занимавам с този случай. Отделно сте използвали и Premium версията на Malwarebytes (а не пробната версия), което си е нарушение на 2.10 от правилата на форума...И за капак не сте публикували нито един лог от използваните от вас програми...както казах всяко едно действие от ваша страна променя коренно положението в системата.

Няма смисъл да хабя повече време, нерви и енергия след като не мога да бъда сигурен, че препоръките ми ще бъдат спазени и този път. Желая ви успех с решението на проблема си.

 

Преди някой да се нахвърли и да каже, че този коментар е от яд, че видиш ли потребителя се е оправил сам, ще спомена, че в логовете все още мога да видя доста зарази...

 

 

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.


  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от klass
      Здравейте! Опитвам да се запиша за платено почистване ми излиза това -
      "Съжаляваме, възникна проблем
      Нещо се обърка. Моля опитайте отново Код на грешка EX1406"
       
      Накратко искам платено почистване на компютъра ако е възможно.
      Проблема е следния:  В един момент Мозила Файерфокс ми съобщава, че не мога да използвам отметките, защото се използвали от друга програма.
      Рестартирах компютъра и на влизане уиндоус ми казва че няма връзка с интернет и да позвам други опции да вляза.
      Само дето нямам спомен как съм се регистрирал за майкрософтски акаунт, нито име нито имеил.
      На единия диск имам GRUB от който избирам Линукс или уиндоус да заредя, през който влизам в Линукс Минт. И от там пиша сега.
      Само че каквото и да сваля за проверка е за уиндоус и не мога да го стартирам в Линукса.
      Има ли начин през Линукса да се почисти компютъра или да го преинсталирам?
      Благодаря за вниманието, и извинявайте ако не е това начина за контакт.
       
      Това е компютъра: System: Host: xaxa-desktop Kernel: 4.15.0-62-generic x86_64 bits: 64 gcc: 7.4.0 Desktop: Cinnamon 3.8.9 (Gtk 3.22.30-1ubuntu4) dm: lightdm Distro: Linux Mint 19 Tara Machine: Device: desktop Mobo: ASRock model: Z370 Pro4 serial: N/A UEFI: American Megatrends v: P3.20 date: 09/06/2018 CPU: 6 core Intel Core i7-8700 (-MT-MCP-) arch: Skylake rev.10 cache: 12288 KB flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 38304 clock speeds: min/max: 800/4600 MHz 1: 1210 MHz 2: 938 MHz 3: 1064 MHz 4: 1624 MHz 5: 1582 MHz 6: 1650 MHz 7: 1004 MHz 8: 1016 MHz 9: 1097 MHz 10: 1018 MHz 11: 969 MHz 12: 804 MHz Graphics: Card: NVIDIA GP104 [GeForce GTX 1080] bus-ID: 01:00.0 chip-ID: 10de:1b80 Display Server: x11 (X.Org 1.19.6 ) drivers: nvidia (unloaded: modesetting,fbdev,vesa,nouveau) Resolution: [email protected] OpenGL: renderer: GeForce GTX 1080/PCIe/SSE2 version: 4.6.0 NVIDIA 390.116 Direct Render: Yes Audio: Card-1 NVIDIA GP104 High Def. Audio Controller driver: snd_hda_intel bus-ID: 01:00.1 chip-ID: 10de:10f0 Card-2 Intel 200 Series PCH HD Audio driver: snd_hda_intel bus-ID: 00:1f.3 chip-ID: 8086:a2f0 Sound: Advanced Linux Sound Architecture v: k4.15.0-62-generic Network: Card: Intel Ethernet Connection (2) I219-V driver: e1000e v: 3.2.6-k bus-ID: 00:1f.6 chip-ID: 8086:15b8 IF: eno1 state: up speed: 1000 Mbps duplex: full mac: <filter> Drives: HDD Total Size: 8513.7GB (0.4% used) ID-1: /dev/sda model: ADATA_SU800 size: 512.1GB serial: <filter> ID-2: /dev/sdb model: ST4000VN008 size: 4000.8GB serial: <filter> ID-3: /dev/sdc model: ST4000VN008 size: 4000.8GB serial: <filter> Partition: ID-1: / size: 1.1T used: 32G (4%) fs: ext4 dev: /dev/sdc1 RAID: System: supported: N/A No RAID devices: /proc/mdstat, md_mod kernel module present Unused Devices: none Sensors: System Temperatures: cpu: 33.0C mobo: N/A gpu: 0.0:42C Fan Speeds (in rpm): cpu: N/A Repos: Active apt sources in file: /etc/apt/sources.list.d/official-package-repositories.list deb http: //packages.linuxmint.com tara main upstream import backport deb http: //archive.ubuntu.com/ubuntu bionic main restricted universe multiverse deb http: //archive.ubuntu.com/ubuntu bionic-updates main restricted universe multiverse deb http: //archive.ubuntu.com/ubuntu bionic-backports main restricted universe multiverse deb http: //security.ubuntu.com/ubuntu/ bionic-security main restricted universe multiverse deb http: //archive.canonical.com/ubuntu/ bionic partner Info: Processes: 255 Uptime: 1:05 Memory: 3446.9/15974.9MB Init: systemd v: 237 runlevel: 5 Gcc sys: 7.4.0 Client: Unknown python3.6 client inxi: 2.3.56  
    • от Alpine Trail
      Здравейте!От известно време имам забавяне  и забиване на системата и затова вчера и днес пуснах няколко сканирвания с две различни версии на Eset-a.С най-новата версия откри 4 инфектирани файла.С другата при първото сканирване включих и дял D и също 4.При второто без дял D,3 такива.Чудя се дали трябва да се трият тези файлове.Това са логовете.
      Eset Online Scanner-07.09.2019.txt Eset Online Scanner-08.09.2019.txt
    • от pyrpyl
      Здравейте, повече от  година изполвам емuлатора за Android под Windows MEmu Play. Седмица след автоматичното му обновяване до версия 6.2.3 антивируса ми - Avira започна почти постоянно да ми изкарва прозорец за засечен Malwarе. Почти година не съм инсталирал нищо ново и за това мисля че гадините са се промъкнали с ъпдейта. Моля за помощ. Предварително  Ви благодаря.


    • от hjhj
      Здравейте.
      Имам един компютър който е доставен преди години от фирма свързана със софтуер за управление на дадена апаратура.
      Вчера не искаше да тръгне.  При пускането на машината започва да зарежда в началото както трябва докато стигне до момента в който трябва да покаже  десктопа. Но вместо десктоп, показваше съобщение,че Windows не е легален и трябва да го активирам. Имаше две възможности YES или NO, но която и да избера нищо не се променяше. Съобщението се показваше отново и не ме да вляза. След няколко многократни опита по някакъв начин влязох в системата, но тя работеше много бавно. Каквото и да отворя водеше до затормозяване на компа. Сега даже през Хром не успях да сваля Farbar, даваше, ми че е вирус. Успях с много зор да го сваля през Мозила. Сканирах и с Касперски вчера.
      FRST.txt Addition.txt report.txt
    • от Duclos
      Здравейте,
      преди ден антивирусната ми програма непрекъснато даваше известия за троянец, който се опитва да се свърже - "Website Blocked Due to Trojan". При сканиране обаче, не се откриваше нищо. При днешното пускане на компютъра забелязах, че работи изключи бавно, непрекъснато забива и т.н. Пробвах да сканирам - антивирусната отказа да стартира. Когато цъкна рестарт всeки път излиза съобщение "Preparing to configure your computer", и отново лаптопът работи видимо затруднено.
      Нямам диск за операционна система, по-долу съм прикачил файловете от сканирането с Farbar.
       
      FRST.txt Addition.txt
  • Дарение

×
×
  • Добави ново...