Премини към съдържанието

Препоръчан отговор


Здравейте. 

Днес май че хванах вирусчето. Имам лицензна антивирусна програма Kaspersky Antivirus, но тя само констатира вируса за съжаление.
Предварително искам да Ви благодаря за съдействието. 

Ето го и файла, за който споменавате в инструкцията:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by User (administrator) on USER-PC on 12-05-2015 18:05:23
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Английски (Съединени щати)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Stardock) D:\ObjectDoc\Stardock\ObjectDockPlus2\ObjectDock.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft) D:\ObjectDoc\Stardock\ObjectDockPlus2\ObjectDockTray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\klwtblfs.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-26] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-21-163587475-4030815376-4219351760-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-01-26] (AMD)
HKU\S-1-5-21-163587475-4030815376-4219351760-1000\...\Run: [HydraVisionMDEngine] => C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe [569344 2011-01-26] (AMD)
HKU\S-1-5-21-163587475-4030815376-4219351760-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-163587475-4030815376-4219351760-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [2498048 2012-07-02] ()
HKU\S-1-5-21-163587475-4030815376-4219351760-1000\...\Run: [3C315CB7C05A2A2BFAEAFA05AE1603CA95A938F0._service_run] => C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe [812872 2015-04-28] (Google Inc.)
HKU\S-1-5-21-163587475-4030815376-4219351760-1000\...\Run: [spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-12] (Spotify Ltd)
HKU\S-1-5-21-163587475-4030815376-4219351760-1000\...\MountPoints2: {6b4c5538-3e02-11e3-b75a-00801e12ef17} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-163587475-4030815376-4219351760-1000\...\MountPoints2: {ffe7ca56-281c-11e2-a8a3-00801e12ef17} - G:\LGAutoRun.exe
HKU\S-1-5-21-163587475-4030815376-4219351760-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Irida.sCr [6807736 2012-10-14] ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2011-10-03]
ShortcutTarget: Stardock ObjectDock.lnk -> D:\ObjectDoc\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-163587475-4030815376-4219351760-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
URLSearchHook: HKU\S-1-5-21-163587475-4030815376-4219351760-1000 - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} -  No File
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1066435
SearchScopes: HKU\S-1-5-21-163587475-4030815376-4219351760-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=ds&ts=1431430991&z=c1f9bf9223466ed059545f1gfzdc8g5zac1gce5cdz&from=amt&uid=ST3300631AS_5NF16LNDXXXX5NF16LND&q={searchTerms}
SearchScopes: HKU\S-1-5-21-163587475-4030815376-4219351760-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=ds&ts=1431430991&z=c1f9bf9223466ed059545f1gfzdc8g5zac1gce5cdz&from=amt&uid=ST3300631AS_5NF16LNDXXXX5NF16LND&q={searchTerms}
SearchScopes: HKU\S-1-5-21-163587475-4030815376-4219351760-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1066435
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-01-05] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-19] (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-163587475-4030815376-4219351760-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8E560B1F-87F7-454B-9950-892AEF39D3FA}: [NameServer] 8.26.56.26,156.154.70.22
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\94ahy7d0.default
FF SearchEngineOrder.1: Ask.com
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "94.26.73.61"
FF NetworkProxy: "ftp_port", 1080
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "94.26.73.61"
FF NetworkProxy: "socks_port", 1080
FF NetworkProxy: "ssl", "94.26.73.61"
FF NetworkProxy: "ssl_port", 1080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-07-19] (Sun Microsystems, Inc.)
FF Plugin: @kaspersky.com/content_blocker -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-01-05] ()
FF Plugin: @kaspersky.com/virtual_keyboard -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-163587475-4030815376-4219351760-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-163587475-4030815376-4219351760-1000: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-163587475-4030815376-4219351760-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-163587475-4030815376-4219351760-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\911bg.xml [2015-01-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml [2015-01-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pe-bg.xml [2015-01-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml [2015-01-17]
FF Extension: Fast Start - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\94ahy7d0.default\Extensions\searchffv2@gmail.com [2015-05-12]
FF Extension: Google Translator for Firefox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\94ahy7d0.default\Extensions\translator@zoli.bod.xpi [2014-09-17]
FF Extension: Flagfox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\94ahy7d0.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-09]
FF Extension: Video DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\94ahy7d0.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-15]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\94ahy7d0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-02-18]
FF Extension: Download Statusbar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\94ahy7d0.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012-03-26]
FF Extension: Web2PDF converter - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\94ahy7d0.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi [2012-03-26]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-01-05]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-05]
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2015-01-05]
FF HKLM\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\94ahy7d0.default\extensions\searchffv2@gmail.com
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\94ahy7d0.default\extensions\sweetsearch@gmail.com [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.bg/
CHR StartupUrls: Default -> "hxxp://google.bg/"
CHR DefaultSearchKeyword: Default -> oursurfing
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-12]
CHR Extension: (Chrome Remote Desktop) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-10-15]
CHR Extension: (Bookmark Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-07]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-26]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-26]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-26]
CHR Extension: (Kaspersky Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-12-26]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-26]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-26]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-12-26]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-26]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-26]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-26]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
StartMenuInternet: Google Chrome - Chrome.exe
 
Opera: 
=======
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 chromoting; C:\Program Files\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe [56648 2015-03-08] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [583640 2010-08-05] (PC Tools)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Amfilter; C:\Windows\System32\DRIVERS\Amfilter.sys [8704 2007-01-24] (A4Tech Co.,Ltd.) [File not signed]
S3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbprt.sys [14336 2007-04-05] (A4Tech Co.,Ltd.) [File not signed]
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R2 hwpsgt; C:\Windows\System32\DRIVERS\hwpsgt.sys [137344 2012-04-12] () [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135264 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112136 2015-01-05] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [34400 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [644808 2015-01-05] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24672 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145888 2014-03-26] (Kaspersky Lab ZAO)
R2 lemsgt; C:\Windows\System32\DRIVERS\lemsgt.sys [9472 2012-04-12] () [File not signed]
U0 mixw; C:\Windows\System32\drivers\fuicnwjs.sys [52440 2015-05-12] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
S3 SNP325; C:\Windows\System32\DRIVERS\snp325.sys [10343168 2007-05-07] (Sonix Co. Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2011-05-06] () [File not signed]
U3 arauczfg; C:\Windows\system32\Drivers\arauczfg.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S1 ArcSec; system32\drivers\ArcSec.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-12 18:05 - 2015-05-12 18:10 - 00024343 _____ () C:\Users\User\Desktop\FRST.txt
2015-05-12 18:05 - 2015-05-12 18:05 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\fuicnwjs.sys
2015-05-12 18:05 - 2015-05-12 18:05 - 00015431 _____ () C:\Users\User\Desktop\Malware.txt
2015-05-12 18:05 - 2015-05-12 18:05 - 00000000 ____D () C:\FRST
2015-05-12 18:02 - 2015-05-12 18:02 - 01141248 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-05-12 14:54 - 2015-05-12 14:54 - 00262144 _____ () C:\Windows\system32\config\elam
2015-05-12 14:42 - 2015-05-12 16:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\cpuminer
2015-05-12 14:27 - 2015-05-12 15:35 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2015-05-12 14:27 - 2015-05-12 14:27 - 00001799 _____ () C:\Users\User\Desktop\Spotify.lnk
2015-05-12 14:27 - 2015-05-12 14:27 - 00001785 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-05-12 14:26 - 2015-05-12 16:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2015-05-12 13:38 - 2015-05-12 13:38 - 00000165 ____H () C:\Users\User\Desktop\~$New translation for brother (corrected HB).xlsx
2015-05-12 13:03 - 2015-05-12 13:15 - 00019103 _____ () C:\Users\User\Desktop\New translation for brother (corrected HB).xlsx
2015-05-12 12:49 - 2015-05-12 12:49 - 00000000 ___SD () C:\Users\User\Documents\Мои източници на данни
2015-05-09 18:58 - 2015-05-09 18:58 - 00015845 _____ () C:\Users\User\Desktop\New translation for brother.xlsx
2015-05-09 17:54 - 2015-05-09 17:54 - 00063293 _____ () C:\Users\User\Desktop\Карлово - оферта.xlsx
2015-04-29 15:49 - 2015-04-29 15:49 - 06196576 _____ (Tim Kosse) C:\Users\User\Downloads\FileZilla_3.10.3_win32-setup.exe
2015-04-29 13:13 - 2015-04-29 13:13 - 00012800 ___SH () C:\Users\User\Documents\Thumbs.db
2015-04-24 13:16 - 2015-05-12 15:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-24 13:12 - 2015-04-24 13:12 - 00011142 _____ () C:\Users\User\Desktop\Отчет за пътуването 20-23 април 2015.xlsx
2015-04-24 13:11 - 2015-04-24 13:11 - 00000283 _____ () C:\Users\User\Desktop\Отчет за пътуването 20-23 април 2015.txt
2015-04-17 11:33 - 2015-04-17 17:33 - 17549488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-04-17 11:16 - 2015-04-17 11:19 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-17 11:16 - 2015-04-17 11:16 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 23:10 - 2015-04-02 02:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-16 23:10 - 2015-03-23 06:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-16 23:10 - 2015-03-23 06:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-16 23:10 - 2015-03-23 06:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-16 23:10 - 2015-03-23 06:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-16 23:10 - 2015-03-23 06:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-16 23:10 - 2015-03-23 06:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-16 23:10 - 2015-03-23 06:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-16 23:10 - 2015-03-23 05:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-16 23:10 - 2015-03-17 08:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-16 23:10 - 2015-03-17 08:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 23:10 - 2015-03-17 08:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-16 23:10 - 2015-03-17 08:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-16 23:10 - 2015-03-17 07:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 23:10 - 2015-03-17 07:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-16 23:10 - 2015-03-17 07:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-16 23:10 - 2015-03-17 07:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-16 23:10 - 2015-03-17 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-16 23:10 - 2015-03-17 07:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-16 23:10 - 2015-03-17 07:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-16 23:10 - 2015-03-17 07:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-16 23:10 - 2015-03-17 07:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-16 23:10 - 2015-03-17 07:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-16 23:10 - 2015-03-17 07:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-16 23:10 - 2015-03-17 07:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-16 23:10 - 2015-03-17 07:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-16 23:10 - 2015-03-17 07:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-16 23:10 - 2015-03-17 07:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-16 23:10 - 2015-03-17 07:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-16 23:10 - 2015-03-17 07:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-16 23:10 - 2015-03-17 07:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-16 23:10 - 2015-03-17 07:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-16 23:10 - 2015-03-17 07:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-16 23:10 - 2015-03-17 07:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-16 23:10 - 2015-03-17 07:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-16 23:10 - 2015-03-17 07:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-16 23:10 - 2015-03-13 06:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-16 23:10 - 2015-03-13 06:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-16 23:10 - 2015-03-13 06:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-16 23:10 - 2015-03-13 06:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-16 23:10 - 2015-03-13 06:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-16 23:10 - 2015-03-13 06:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-16 23:10 - 2015-03-13 06:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-16 23:10 - 2015-03-13 06:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-16 23:10 - 2015-03-13 06:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-16 23:10 - 2015-03-13 06:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-16 23:10 - 2015-03-13 06:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-16 23:10 - 2015-03-13 06:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-16 23:10 - 2015-03-13 06:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-16 23:10 - 2015-03-13 06:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-16 23:10 - 2015-03-13 06:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-16 23:10 - 2015-03-13 06:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-16 23:10 - 2015-03-13 06:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-16 23:10 - 2015-03-13 06:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-16 23:10 - 2015-03-13 05:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-16 23:10 - 2015-03-13 05:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-16 23:10 - 2015-03-13 05:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-16 23:10 - 2015-03-13 05:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-16 23:10 - 2015-03-13 05:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-16 23:10 - 2015-03-13 05:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-16 23:10 - 2015-03-13 05:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-16 23:10 - 2015-03-13 05:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-16 23:10 - 2015-03-13 05:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-16 23:10 - 2015-03-13 05:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-16 23:10 - 2015-03-13 05:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-16 23:10 - 2015-03-13 05:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-16 23:10 - 2015-03-05 07:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 23:10 - 2015-03-04 07:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 23:10 - 2015-03-04 07:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 23:10 - 2015-01-28 02:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-16 23:09 - 2015-03-25 06:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-16 23:09 - 2015-03-25 06:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-16 23:09 - 2015-03-25 06:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-16 23:09 - 2015-03-25 06:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-16 23:09 - 2015-03-25 06:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-16 23:09 - 2015-03-25 06:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-16 23:09 - 2015-03-25 06:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-16 23:09 - 2015-03-25 06:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-16 23:09 - 2015-03-25 06:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-16 23:09 - 2015-03-25 06:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-16 23:09 - 2015-03-25 06:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-16 23:09 - 2015-03-10 06:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 23:09 - 2015-03-10 06:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-16 23:09 - 2015-02-25 06:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-12 18:06 - 2011-05-05 20:46 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-163587475-4030815376-4219351760-1000UA.job
2015-05-12 18:05 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\Speech
2015-05-12 17:51 - 2011-08-30 16:12 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-12 17:51 - 2011-05-08 11:46 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-163587475-4030815376-4219351760-1003UA.job
2015-05-12 17:33 - 2012-07-18 07:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-12 17:32 - 2011-05-05 14:16 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-12 17:18 - 2012-03-25 09:36 - 00000986 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-12 17:14 - 2014-12-30 01:27 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-12 17:12 - 2009-07-14 07:34 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-12 17:12 - 2009-07-14 07:34 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-12 17:07 - 2011-05-05 14:10 - 01175154 _____ () C:\Windows\WindowsUpdate.log
2015-05-12 17:04 - 2015-03-22 02:00 - 00004222 _____ () C:\Windows\setupact.log
2015-05-12 17:04 - 2013-11-03 15:40 - 00000000 ____D () C:\Users\User\.rainlendar2
2015-05-12 17:04 - 2012-03-25 09:36 - 00000982 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-12 17:04 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-12 16:44 - 2013-06-06 14:24 - 01227264 ___SH () C:\Users\User\Desktop\Thumbs.db
2015-05-12 16:42 - 2011-05-10 17:13 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-12 15:06 - 2011-05-05 20:45 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-163587475-4030815376-4219351760-1000Core.job
2015-05-12 15:03 - 2011-05-05 14:12 - 00001413 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-12 14:54 - 2015-03-25 12:17 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 29.lnk
2015-05-12 14:54 - 2015-03-25 12:17 - 00001069 _____ () C:\Users\Public\Desktop\Opera 29.lnk
2015-05-12 14:54 - 2011-05-06 13:03 - 00001787 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-05-12 14:54 - 2011-05-06 13:03 - 00001775 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-05-12 14:54 - 2011-05-05 15:10 - 00001383 _____ () C:\Users\User\Desktop\Internet Explorer.lnk
2015-05-12 14:46 - 2015-03-22 11:22 - 00005506 _____ () C:\Windows\PFRO.log
2015-05-12 14:44 - 2015-03-09 12:15 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-05-12 12:57 - 2014-11-22 22:04 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-05-12 12:57 - 2014-11-22 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2015-05-12 12:29 - 2011-11-16 18:38 - 00000000 ____D () C:\Users\User\Desktop\Xing
2015-05-12 11:51 - 2011-05-08 11:46 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-163587475-4030815376-4219351760-1003Core.job
2015-05-12 11:45 - 2013-11-27 22:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\ViberPC
2015-05-12 11:45 - 2013-10-22 20:56 - 00000000 ____D () C:\Users\User\AppData\Local\Viber
2015-05-08 10:36 - 2011-05-10 16:34 - 00000000 ____D () C:\Users\User\Documents\CV
2015-05-05 20:44 - 2011-05-12 09:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileZilla
2015-05-05 20:36 - 2012-04-05 20:01 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-05-05 20:36 - 2011-05-12 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-04-28 23:08 - 2011-05-06 13:03 - 00000000 ____D () C:\Program Files\Opera
2015-04-25 09:50 - 2012-04-25 09:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-21 15:06 - 2011-05-05 20:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2015-04-17 23:06 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 13:18 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\rescache
2015-04-17 12:04 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-17 11:16 - 2014-04-30 11:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-17 11:16 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-04-17 00:35 - 2013-08-15 00:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-17 00:33 - 2012-07-18 07:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-17 00:33 - 2011-05-13 17:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-17 00:27 - 2015-02-12 01:16 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2015-04-17 00:26 - 2011-05-07 13:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-17 00:26 - 2011-05-05 14:48 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-16 23:01 - 2012-03-25 09:36 - 00000000 ____D () C:\Program Files\Google
 
==================== Files in the root of some directories =======
 
2011-05-15 19:38 - 2011-05-15 19:39 - 0000335 _____ () C:\Users\User\AppData\Roaming\Drives Monitor_Settings.ini
2012-04-12 23:30 - 2012-04-12 23:30 - 0022328 _____ () C:\Users\User\AppData\Roaming\PnkBstrK.sys
2011-05-15 19:41 - 2011-05-15 19:42 - 0000057 _____ () C:\Users\User\AppData\Roaming\Диск активност_Settings.ini
2011-08-31 12:34 - 2015-03-10 01:05 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-15 19:23 - 2011-06-16 17:29 - 0007666 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2011-05-14 10:36 - 2014-08-18 10:00 - 0001667 _____ () C:\Users\User\AppData\Local\Temp1.html
2014-01-04 18:05 - 2014-08-18 10:03 - 0005384 _____ () C:\Users\User\AppData\Local\Temp5.html
2011-11-07 20:26 - 2012-04-08 16:17 - 0005872 _____ () C:\Users\User\AppData\Local\Temp6.html
2011-05-14 10:36 - 2011-05-15 08:16 - 0010358 _____ () C:\Users\User\AppData\Local\Temp8.html
2011-06-16 10:57 - 2011-06-16 10:57 - 0017408 _____ () C:\Users\User\AppData\Local\WebpageIcons.db
2015-03-26 20:40 - 2015-03-26 21:11 - 0642316 _____ () C:\ProgramData\AndyDrivers.zip
2011-05-05 21:15 - 2011-05-05 21:15 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\cdn.exe
C:\Users\User\AppData\Local\Temp\InitBDE.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-05 21:44
 
==================== End Of Log ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте!

Бихте ли копирали информацията от Kaspersky? Дори screenshot, би ни помогнал.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Благодаря ви!

Изтеглете fixlist.txt и го запазете в папката от която стартирахте FRST.exe.

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

 

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

fixlist.txt

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

не съм много сигурен дали не направих процедурата 2 пъти. Дано не съм, че най-вероятно няма да ни е помогнало това. 

Fixlog.txt


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Моля, генерирайте нов лог файл от FRST.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Благодаря Ви за съдействието, Днес колегите Ви от Касперски се занимаваха доста време. Мисля че отстраниха проблемите.

Никак не Ви е лесна работата, момчета.

 

Благодаря Ви още веднъж и дано имате по-малко работа :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Благодаря ви, че ме уведомихте!

Хубава вечер и успех!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.