Премини към съдържанието

Препоръчан отговор


От някъде лепнах вирус, който добавя разширения след всеки файл, а именно 20150607_135745.jpg.id-0873192877_file2@openmailbox. Има ли лек за това нещо? Антивирусната нищо не засича - ползувам AVG 2015!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-09-2015
Ran by Tihomir (administrator) on TIHOMIR-PC (02-10-2015 08:51:10)
Running from C:\Users\Tihomir\Desktop
Loaded Profiles: Tihomir (Available Profiles: Tihomir)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Английски (Съединени щати)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\srvany.exe
() C:\Windows\KMService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(cv cryptovision GmbH) C:\Program Files\cv cryptovision\cv act sc interface\RegisterTool.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-3556288766-2553312930-3642133351-1000\...\MountPoints2: {062b4721-89e8-11e4-99b3-001966880477} - H:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cv act sc interface RegisterTool.lnk [2015-01-26]
ShortcutTarget: cv act sc interface RegisterTool.lnk -> C:\Program Files\cv cryptovision\cv act sc interface\RegisterTool.exe (cv cryptovision GmbH)
Startup: C:\Users\Tihomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\426.tmp [2015-10-01] (Check Point Software Technologies Ltd.)
Startup: C:\Users\Tihomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F763.tmp [2015-10-01] (Check Point Software Technologies Ltd.)
Startup: C:\Users\Tihomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\recovery.bmp [2015-10-01] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2B07AFAC-A9D7-4B10-99A7-CBB7CDDC3857}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3556288766-2553312930-3642133351-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.bg/
HKU\S-1-5-21-3556288766-2553312930-3642133351-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3556288766-2553312930-3642133351-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
DPF: {167248DA-0F88-4DE1-B4B1-45176751026D} hxxps://aixbs.b-trust.org/wl-dl/bs/client_test2/js/renew/CertManX.cab
DPF: {4DB62416-BC86-4439-B5BA-366948F47C8D} hxxps://aixbs.b-trust.org/wl-dl/bs/client_test2/js/sign/SCManagerX.cab
DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://aixbs.b-trust.org/wl-dl/bs/client_test2/js/sign/capicom.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Tihomir\AppData\Roaming\Mozilla\Firefox\Profiles\krrs2tax.default
FF Homepage: www.google.bg
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @lattice3d.com/XVL Player -> C:\Program Files\Lattice\Player3\npxvlplay.dll [2013-07-23] (Lattice Technology Co.,Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-02-08] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-02-08] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Tihomir\AppData\Roaming\Mozilla\Firefox\Profiles\krrs2tax.default\user.js [2014-03-24]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Tihomir\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Диск) - C:\Users\Tihomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-08]
CHR Extension: (YouTube) - C:\Users\Tihomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-08]
CHR Extension: (Google Търсене) - C:\Users\Tihomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-08]
CHR Extension: (Google Wallet) - C:\Users\Tihomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-08]
CHR Extension: (Gmail) - C:\Users\Tihomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"1ba0a5b97601799b" => service could not be unlocked. <===== ATTENTION

R2 KMService; C:\Windows\system32\srvany.exe [8192 2014-03-08] () [File not signed]
U3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [54144 2014-05-14] (Advanced Card Systems Ltd.)
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-14] () [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-14] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2009-07-14] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [13568 2009-07-14] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [5248 2009-07-14] () [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] () [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-14] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-14] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-14] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [56320 2009-07-14] () [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [108544 2010-11-21] () [File not signed]
S3 circlass; C:\Windows\system32\drivers\circlass.sys [37888 2009-07-14] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] () [File not signed]
S3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [14080 2009-07-14] () [File not signed]
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [15952 2009-07-14] () [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [369568 2009-07-14] () [File not signed]
S3 Compbatt; C:\Windows\system32\drivers\compbatt.sys [19024 2009-07-14] () [File not signed]
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [31232 2010-11-21] () [File not signed]
S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [22096 2009-07-14] () [File not signed]
R1 CSC; C:\Windows\System32\drivers\csc.sys [388096 2010-11-21] () [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-21] () [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-14] () [File not signed]
R0 Disk; C:\Windows\System32\drivers\disk.sys [57424 2009-07-14] () [File not signed]
S3 dmvsc; C:\Windows\system32\drivers\dmvsc.sys [62464 2010-11-21] () [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5120 2009-07-14] () [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2014-03-08] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [728448 2010-11-21] () [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbdx.sys [3100160 2009-07-14] () [File not signed]
S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [453712 2009-07-14] () [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-14] () [File not signed]
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-14] () [File not signed]
S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-14] () [File not signed]
S3 fdc; C:\Windows\system32\drivers\fdc.sys [25088 2009-07-14] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-14] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] () [File not signed]
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [19968 2009-07-14] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-14] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [46160 2009-07-14] () [File not signed]
U0 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [19536 2009-07-14] () [File not signed]
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [194800 2010-11-21] () [File not signed]
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [57936 2009-07-14] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-14] () [File not signed]
R3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [304128 2010-11-21] () [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [108544 2010-11-21] () [File not signed]
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [21504 2009-07-14] () [File not signed]
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [91136 2009-07-14] () [File not signed]
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [37888 2009-07-14] () [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2010-11-21] () [File not signed]
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [67152 2009-07-14] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-21] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14208 2010-11-21] () [File not signed]
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-14] () [File not signed]
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [332160 2010-11-21] () [File not signed]
S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [41040 2009-07-14] () [File not signed]
S3 intelide; C:\Windows\system32\drivers\intelide.sys [15424 2009-07-14] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-21] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] () [File not signed]
R2 irda; C:\Windows\System32\DRIVERS\irda.sys [96768 2009-07-14] () [File not signed]
R3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] () [File not signed]
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] () [File not signed]
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [46656 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [233344 2010-11-21] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [42576 2009-07-14] () [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [28160 2010-11-21] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67456 2010-11-21] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [133200 2009-07-14] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] () [File not signed]
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [95824 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [89168 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [54864 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [96848 2009-07-14] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] () [File not signed]
S3 megasas; C:\Windows\system32\drivers\megasas.sys [30800 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [235584 2009-07-14] () [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [41552 2009-07-14] () [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-21] () [File not signed]
S3 mpio; C:\Windows\system32\drivers\mpio.sys [130432 2010-11-21] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2010-11-21] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2010-11-21] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223232 2010-11-21] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2010-11-21] () [File not signed]
S3 msahci; C:\Windows\system32\drivers\msahci.sys [28032 2010-11-21] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [116096 2010-11-21] () [File not signed]
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13888 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\system32\Drivers\MsRPC.sys [162896 2009-07-14] () [File not signed]
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [28240 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [12288 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] () [File not signed]
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [712576 2010-11-21] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] () [File not signed]
S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-21] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-21] () [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-21] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-21] () [File not signed]
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [44624 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1211264 2010-11-21] ()
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-14] () [File not signed]
R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [10180896 2014-02-08] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [117120 2010-11-21] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [143744 2010-11-21] () [File not signed]
S4 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-27] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [105024 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [79360 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56192 2010-11-21] () [File not signed]
S2 Parvdm; C:\Windows\system32\drivers\parvdm.sys [8704 2009-07-14] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [153984 2010-11-21] () [File not signed]
R0 pciide; C:\Windows\System32\drivers\pciide.sys [12368 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [180288 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] () [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [52224 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] () [File not signed]
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1383488 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [106064 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-21] () [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [18944 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-21] () [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [133632 2010-11-21] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] () [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [15872 2010-11-21] () [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [183808 2010-11-21] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173440 2010-11-21] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] () [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [139776 2009-07-14] () [File not signed]
S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [5632 2010-11-21] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [85376 2010-11-21] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-21] () [File not signed]
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] () [File not signed]
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [17920 2009-07-14] () [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [83456 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-21] () [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13824 2009-07-14] () [File not signed]
S3 sisagp; C:\Windows\system32\drivers\sisagp.sys [52304 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [40016 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [77888 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\system32\Drivers\spldr.sys [17472 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311296 2010-11-21] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [309248 2010-11-21] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114176 2010-11-21] () [File not signed]
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [21072 2009-07-14] () [File not signed]
R0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [40704 2010-11-21] () [File not signed]
S3 storvsc; C:\Windows\system32\drivers\storvsc.sys [28032 2010-11-21] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12240 2009-07-14] () [File not signed]
S3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [77184 2010-11-21] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1290112 2010-11-21] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1290112 2010-11-21] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2010-11-21] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-21] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2010-11-21] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2010-11-21] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [53120 2010-11-21] () [File not signed]
S3 terminpt; C:\Windows\system32\drivers\terminpt.sys [25600 2010-11-21] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2010-11-21] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [52224 2010-11-21] () [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [27264 2010-11-21] () [File not signed]
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [112640 2010-11-21] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-21] () [File not signed]
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [55888 2009-07-14] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-21] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [57424 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2010-11-21] () [File not signed]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [8192 2009-07-14] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [75776 2010-11-21] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2009-07-14] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [42496 2010-11-21] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2010-11-21] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2009-07-14] () [File not signed]
S3 usbprint; C:\Windows\system32\drivers\usbprint.sys [19968 2009-07-14] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2010-11-21] () [File not signed]
R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [24064 2009-07-14] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [32832 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [160128 2010-11-21] () [File not signed]
S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [53328 2009-07-14] () [File not signed]
S3 ViaC7; C:\Windows\system32\drivers\viac7.sys [52736 2009-07-14] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [16976 2009-07-14] () [File not signed]
S3 vmbus; C:\Windows\system32\drivers\vmbus.sys [175360 2010-11-21] () [File not signed]
S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [17920 2010-11-21] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [53120 2010-11-21] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [245632 2010-11-21] () [File not signed]
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [141904 2009-07-14] () [File not signed]
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [19968 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [21632 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-21] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-21] () [File not signed]
S3 Wd; C:\Windows\system32\drivers\wd.sys [19024 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [445008 2009-07-14] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-21] () [File not signed]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-14] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [92672 2010-11-21] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [132224 2010-11-21] () [File not signed]
U5 1ba0a5b97601799b; C:\Windows\System32\Drivers\1ba0a5b97601799b.sys [65664 2014-05-16] () <===== ATTENTION Necurs Rootkit?
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [25168 2009-07-14] () [File not signed]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 08:51 - 2015-10-02 08:51 - 00029300 _____ C:\Users\Tihomir\Desktop\FRST.txt
2015-10-02 08:51 - 2015-10-02 08:51 - 00000000 ____D C:\FRST
2015-10-02 08:50 - 2015-10-02 08:50 - 01696256 _____ (Farbar) C:\Users\Tihomir\Desktop\FRST.exe
2015-10-01 19:13 - 2015-10-01 19:13 - 00401934 _____ C:\Users\Tihomir\AppData\Roaming\recovery.bmp
2015-09-24 15:55 - 2015-10-01 19:06 - 00020516 _____ C:\Users\Tihomir\Desktop\Protokol ot Obshto sabranie.docx.id-0873192877_file2@openmailbox.org
2015-09-04 07:01 - 2015-10-01 19:06 - 00009044 _____ C:\Users\Tihomir\Desktop\Банкова сметка.xlsx.id-0873192877_file2@openmailbox.org

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 08:51 - 2014-03-08 14:09 - 00000986 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-02 08:50 - 2014-03-08 13:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-02 08:44 - 2009-07-14 07:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-02 08:44 - 2009-07-14 07:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-02 08:37 - 2014-03-08 14:35 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-02 08:37 - 2014-03-08 14:09 - 00000982 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-02 08:37 - 2014-03-08 13:45 - 00000000 ____D C:\Users\Tihomir
2015-10-02 08:37 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-02 08:37 - 2009-07-14 07:39 - 00153578 _____ C:\Windows\setupact.log
2015-10-02 08:37 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\wfp
2015-10-02 08:36 - 2015-02-06 21:45 - 00000000 ____D C:\Users\Tihomir\Desktop\Alvesta
2015-10-02 08:36 - 2014-11-25 21:18 - 00000000 ____D C:\Users\Tihomir\Downloads\The.Twilight.Saga.Pack.Part.1-5.720P.BRRIPS.XVID.AC3-MAJESTiC
2015-10-02 08:36 - 2014-03-08 14:58 - 00000000 ____D C:\Users\Tihomir\AppData\Roaming\Winamp
2015-10-02 08:36 - 2014-03-08 14:30 - 00000000 ____D C:\Users\Tihomir\AppData\Roaming\DAEMON Tools Lite
2015-10-02 08:36 - 2014-03-08 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-02 08:36 - 2014-03-08 13:47 - 00000000 ____D C:\Users\Tihomir\AppData\Roaming\uTorrent
2015-10-02 08:36 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\registration
2015-10-01 19:13 - 2014-03-24 19:29 - 00002020 _____ C:\logFileUI.txt.id-0873192877_file2@openmailbox.org
2015-10-01 19:10 - 2014-03-08 15:16 - 00000000 ____D C:\Users\Tihomir\Desktop\Geri
2015-10-01 19:07 - 2015-06-08 06:02 - 00946080 _____ C:\Users\Tihomir\Desktop\20150607_135745.jpg.id-0873192877_file2@openmailbox.org
2015-10-01 19:07 - 2015-03-15 17:54 - 00094068 _____ C:\Users\Tihomir\Downloads\witches_of_east_end_-_02x06(subsunacs.net).rar.id-0873192877_file2@openmailbox.org
2015-10-01 19:07 - 2014-03-08 14:59 - 00000004 _____ C:\Users\Tihomir\daemonprocess.txt.id-0873192877_file2@openmailbox.org
2015-10-01 19:07 - 2014-03-08 13:56 - 01531257 ____H C:\Users\Tihomir\AppData\Local\IconCache.db.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2015-08-29 07:56 - 00016596 _____ C:\Users\Tihomir\Desktop\Weeks.xlsx.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2015-06-27 17:26 - 00224442 _____ C:\Users\Tihomir\Desktop\YTD Otchet 2015.xlsx.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2015-03-24 19:45 - 00056836 _____ C:\Users\Tihomir\Desktop\ПРЕПАРАТ.xls.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2015-03-07 11:05 - 00116740 _____ C:\Users\Tihomir\Desktop\VCHOD 2015.xls.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2015-01-25 13:45 - 01851873 _____ C:\Users\Tihomir\Desktop\pixeur.zip.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-11-25 21:19 - 00130378 _____ C:\Users\Tihomir\Downloads\the.twilight.saga.pack.part.1-5.720p.brrips.xvid.ac3-majestic(subsunacs.net).rar.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-10-30 11:22 - 00095578 _____ C:\Users\Tihomir\Downloads\mavaro.jpg.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-10-07 20:15 - 00000180 ____H C:\Users\Tihomir\Desktop\~$09_2014_OTCHET.xlsx.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 13:32 - 00021924 _____ C:\Users\Tihomir\Downloads\3d hd wallpapers 6.jpg.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 13:26 - 01570557 _____ C:\Users\Tihomir\Downloads\tate.JPG.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 13:21 - 04929068 _____ C:\Users\Tihomir\Downloads\Joe Cocker - Unchain My Heart2.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 13:20 - 05827995 _____ C:\Users\Tihomir\Downloads\JOE COCKER-unchain my heart1.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 13:19 - 08450052 _____ C:\Users\Tihomir\Downloads\Joe Cocker - Unchain My Heart.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 13:13 - 01439519 _____ C:\Users\Tihomir\Downloads\IMGP2067.JPG.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:58 - 01342897 _____ C:\Users\Tihomir\Downloads\DSCF2870.JPG.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:54 - 03387801 _____ C:\Users\Tihomir\Downloads\023-suzi_quatro__chris_norman-stumblin_in.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:53 - 07550341 _____ C:\Users\Tihomir\Downloads\Suzi Quatro & Chris Norman - Stumblin ' In.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:53 - 05642332 _____ C:\Users\Tihomir\Downloads\06.Chris Norman & Suzi Quatro - Stumblin In.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:37 - 08948794 _____ C:\Users\Tihomir\Downloads\01. ERIC CLAPTON - Wonderful Tonight.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:37 - 05336416 _____ C:\Users\Tihomir\Downloads\Eric Clapton - Wonderful Tonight2.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:36 - 07112534 _____ C:\Users\Tihomir\Downloads\ERIC CLAPTON - WONDERFUL TONIGHT.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:36 - 05337184 _____ C:\Users\Tihomir\Downloads\Eric Clapton - Wonderful Tonight1.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:10 - 08937476 _____ C:\Users\Tihomir\Downloads\15 Whitesnake - Ain`t No Love In The Heart Of The City (Live).mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:10 - 07322039 _____ C:\Users\Tihomir\Downloads\Whitesnake - 12 - Aint No Love In The Heart Of The City.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:09 - 15431247 _____ C:\Users\Tihomir\Downloads\06-whitesnake-aint_no_love_in_the_heart_of_the_city-ser.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:07 - 08761874 _____ C:\Users\Tihomir\Downloads\03-whitesnake-aint_no_love_in_the_heart_of_the_city.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-03-08 14:34 - 00000484 _____ C:\Users\Tihomir\Documents\rarreg.key.id-0873192877_file2@openmailbox.org
2015-09-19 00:21 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-14 05:04 - 2009-07-14 07:53 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-10-01 19:13 - 2015-10-01 19:13 - 0401934 _____ () C:\Users\Tihomir\AppData\Roaming\recovery.bmp

Some files in TEMP:
====================
C:\Users\Tihomir\AppData\Local\Temp\461nohh3x3446.jpg.exe
C:\Users\Tihomir\AppData\Local\Temp\7za.exe
C:\Users\Tihomir\AppData\Local\Temp\avgnt.exe
C:\Users\Tihomir\AppData\Local\Temp\Calculator.exe
C:\Users\Tihomir\AppData\Local\Temp\ExPromo.exe
C:\Users\Tihomir\AppData\Local\Temp\ose00000.exe
C:\Users\Tihomir\AppData\Local\Temp\tbuTor.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys
[2010-11-21 00:29] - [2010-11-21 00:29] - 0245632 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\Drivers\volsnap.sys => no Company Name <===== ATTENTION

 

LastRegBack: 2015-10-01 03:59

==================== End of FRST.txt ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Бацилите можем да премахнем, но се съмнявам, че за криптираните файлове има декриптор. Ще проверя.

Ако решите да почистваме направете следното:

Моля изтеглете ESETNecursRemover.exe и го запазете на десктопа.
Стартирайте файла ESETNecursRemover.exe и се съгласете с лицензионното споразумение.
Ако видите съобщението: "Win32/Necurs found in your system" => Изберете Y.
После ще видите това: "Do you want to restart the computer now (required)". => Изберете Y.

Прикачете лога от проверката и след това направете нова проверка с FRST и прикачете новите резултати.

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-09-2015
Ran by Tihomir (administrator) on TIHOMIR-PC (02-10-2015 09:21:38)
Running from C:\Users\Tihomir\Desktop
Loaded Profiles: Tihomir (Available Profiles: Tihomir)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Английски (Съединени щати)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\srvany.exe
() C:\Windows\KMService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(cv cryptovision GmbH) C:\Program Files\cv cryptovision\cv act sc interface\RegisterTool.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-3556288766-2553312930-3642133351-1000\...\MountPoints2: {062b4721-89e8-11e4-99b3-001966880477} - H:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cv act sc interface RegisterTool.lnk [2015-01-26]
ShortcutTarget: cv act sc interface RegisterTool.lnk -> C:\Program Files\cv cryptovision\cv act sc interface\RegisterTool.exe (cv cryptovision GmbH)
Startup: C:\Users\Tihomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\426.tmp [2015-10-01] (Check Point Software Technologies Ltd.)
Startup: C:\Users\Tihomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F763.tmp [2015-10-01] (Check Point Software Technologies Ltd.)
Startup: C:\Users\Tihomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\recovery.bmp [2015-10-01] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2B07AFAC-A9D7-4B10-99A7-CBB7CDDC3857}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3556288766-2553312930-3642133351-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.bg/
HKU\S-1-5-21-3556288766-2553312930-3642133351-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3556288766-2553312930-3642133351-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
DPF: {167248DA-0F88-4DE1-B4B1-45176751026D} hxxps://aixbs.b-trust.org/wl-dl/bs/client_test2/js/renew/CertManX.cab
DPF: {4DB62416-BC86-4439-B5BA-366948F47C8D} hxxps://aixbs.b-trust.org/wl-dl/bs/client_test2/js/sign/SCManagerX.cab
DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://aixbs.b-trust.org/wl-dl/bs/client_test2/js/sign/capicom.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Tihomir\AppData\Roaming\Mozilla\Firefox\Profiles\krrs2tax.default
FF Homepage: www.google.bg
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @lattice3d.com/XVL Player -> C:\Program Files\Lattice\Player3\npxvlplay.dll [2013-07-23] (Lattice Technology Co.,Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-02-08] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-02-08] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Tihomir\AppData\Roaming\Mozilla\Firefox\Profiles\krrs2tax.default\user.js [2014-03-24]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Tihomir\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Диск) - C:\Users\Tihomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-08]
CHR Extension: (YouTube) - C:\Users\Tihomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-08]
CHR Extension: (Google Търсене) - C:\Users\Tihomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-08]
CHR Extension: (Google Wallet) - C:\Users\Tihomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-08]
CHR Extension: (Gmail) - C:\Users\Tihomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 KMService; C:\Windows\system32\srvany.exe [8192 2014-03-08] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [54144 2014-05-14] (Advanced Card Systems Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2014-03-08] (DT Soft Ltd)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation) [File not signed]
S4 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-27] (NVIDIA Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 09:16 - 2015-10-02 09:16 - 00260296 _____ (ESET) C:\Users\Tihomir\Desktop\ESETNecursCleaner.exe
2015-10-02 09:16 - 2015-10-02 09:16 - 00021128 _____ C:\Users\Tihomir\Desktop\ESETNecursCleaner.exe_20151002.091615.2388.zip
2015-10-02 09:16 - 2015-10-02 09:16 - 00004822 _____ C:\Users\Tihomir\Desktop\ESETNecursCleaner.exe_20151002.091615.2388.log
2015-10-02 08:51 - 2015-10-02 09:21 - 00008440 _____ C:\Users\Tihomir\Desktop\FRST.txt
2015-10-02 08:51 - 2015-10-02 09:21 - 00000000 ____D C:\FRST
2015-10-02 08:50 - 2015-10-02 08:50 - 01696256 _____ (Farbar) C:\Users\Tihomir\Desktop\FRST.exe
2015-10-01 19:13 - 2015-10-01 19:13 - 00401934 _____ C:\Users\Tihomir\AppData\Roaming\recovery.bmp
2015-09-24 15:55 - 2015-10-01 19:06 - 00020516 _____ C:\Users\Tihomir\Desktop\Protokol ot Obshto sabranie.docx.id-0873192877_file2@openmailbox.org
2015-09-04 07:01 - 2015-10-01 19:06 - 00009044 _____ C:\Users\Tihomir\Desktop\Банкова сметка.xlsx.id-0873192877_file2@openmailbox.org

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 09:21 - 2014-03-08 13:41 - 00315508 _____ C:\Windows\WindowsUpdate.log
2015-10-02 09:17 - 2014-03-23 20:59 - 00000464 __RSH C:\ProgramData\ntuser.pol
2015-10-02 09:17 - 2014-03-08 14:35 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-02 09:17 - 2014-03-08 14:09 - 00000982 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-02 09:17 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-02 09:17 - 2009-07-14 07:39 - 00153634 _____ C:\Windows\setupact.log
2015-10-02 08:55 - 2009-07-14 07:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-02 08:55 - 2009-07-14 07:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-02 08:52 - 2014-03-08 14:09 - 00000986 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-02 08:50 - 2014-03-08 13:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-02 08:37 - 2014-03-08 13:45 - 00000000 ____D C:\Users\Tihomir
2015-10-02 08:37 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\wfp
2015-10-02 08:36 - 2015-02-06 21:45 - 00000000 ____D C:\Users\Tihomir\Desktop\Alvesta
2015-10-02 08:36 - 2014-11-25 21:18 - 00000000 ____D C:\Users\Tihomir\Downloads\The.Twilight.Saga.Pack.Part.1-5.720P.BRRIPS.XVID.AC3-MAJESTiC
2015-10-02 08:36 - 2014-03-08 14:58 - 00000000 ____D C:\Users\Tihomir\AppData\Roaming\Winamp
2015-10-02 08:36 - 2014-03-08 14:30 - 00000000 ____D C:\Users\Tihomir\AppData\Roaming\DAEMON Tools Lite
2015-10-02 08:36 - 2014-03-08 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-02 08:36 - 2014-03-08 13:47 - 00000000 ____D C:\Users\Tihomir\AppData\Roaming\uTorrent
2015-10-02 08:36 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\registration
2015-10-01 19:13 - 2014-03-24 19:29 - 00002020 _____ C:\logFileUI.txt.id-0873192877_file2@openmailbox.org
2015-10-01 19:10 - 2014-03-08 15:16 - 00000000 ____D C:\Users\Tihomir\Desktop\Geri
2015-10-01 19:07 - 2015-06-08 06:02 - 00946080 _____ C:\Users\Tihomir\Desktop\20150607_135745.jpg.id-0873192877_file2@openmailbox.org
2015-10-01 19:07 - 2015-03-15 17:54 - 00094068 _____ C:\Users\Tihomir\Downloads\witches_of_east_end_-_02x06(subsunacs.net).rar.id-0873192877_file2@openmailbox.org
2015-10-01 19:07 - 2014-03-08 14:59 - 00000004 _____ C:\Users\Tihomir\daemonprocess.txt.id-0873192877_file2@openmailbox.org
2015-10-01 19:07 - 2014-03-08 13:56 - 01531257 ____H C:\Users\Tihomir\AppData\Local\IconCache.db.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2015-08-29 07:56 - 00016596 _____ C:\Users\Tihomir\Desktop\Weeks.xlsx.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2015-06-27 17:26 - 00224442 _____ C:\Users\Tihomir\Desktop\YTD Otchet 2015.xlsx.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2015-03-24 19:45 - 00056836 _____ C:\Users\Tihomir\Desktop\ПРЕПАРАТ.xls.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2015-03-07 11:05 - 00116740 _____ C:\Users\Tihomir\Desktop\VCHOD 2015.xls.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2015-01-25 13:45 - 01851873 _____ C:\Users\Tihomir\Desktop\pixeur.zip.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-11-25 21:19 - 00130378 _____ C:\Users\Tihomir\Downloads\the.twilight.saga.pack.part.1-5.720p.brrips.xvid.ac3-majestic(subsunacs.net).rar.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-10-30 11:22 - 00095578 _____ C:\Users\Tihomir\Downloads\mavaro.jpg.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-10-07 20:15 - 00000180 ____H C:\Users\Tihomir\Desktop\~$09_2014_OTCHET.xlsx.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 13:32 - 00021924 _____ C:\Users\Tihomir\Downloads\3d hd wallpapers 6.jpg.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 13:26 - 01570557 _____ C:\Users\Tihomir\Downloads\tate.JPG.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 13:21 - 04929068 _____ C:\Users\Tihomir\Downloads\Joe Cocker - Unchain My Heart2.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 13:20 - 05827995 _____ C:\Users\Tihomir\Downloads\JOE COCKER-unchain my heart1.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 13:19 - 08450052 _____ C:\Users\Tihomir\Downloads\Joe Cocker - Unchain My Heart.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 13:13 - 01439519 _____ C:\Users\Tihomir\Downloads\IMGP2067.JPG.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:58 - 01342897 _____ C:\Users\Tihomir\Downloads\DSCF2870.JPG.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:54 - 03387801 _____ C:\Users\Tihomir\Downloads\023-suzi_quatro__chris_norman-stumblin_in.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:53 - 07550341 _____ C:\Users\Tihomir\Downloads\Suzi Quatro & Chris Norman - Stumblin ' In.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:53 - 05642332 _____ C:\Users\Tihomir\Downloads\06.Chris Norman & Suzi Quatro - Stumblin In.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:37 - 08948794 _____ C:\Users\Tihomir\Downloads\01. ERIC CLAPTON - Wonderful Tonight.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:37 - 05336416 _____ C:\Users\Tihomir\Downloads\Eric Clapton - Wonderful Tonight2.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:36 - 07112534 _____ C:\Users\Tihomir\Downloads\ERIC CLAPTON - WONDERFUL TONIGHT.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:36 - 05337184 _____ C:\Users\Tihomir\Downloads\Eric Clapton - Wonderful Tonight1.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:10 - 08937476 _____ C:\Users\Tihomir\Downloads\15 Whitesnake - Ain`t No Love In The Heart Of The City (Live).mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:10 - 07322039 _____ C:\Users\Tihomir\Downloads\Whitesnake - 12 - Aint No Love In The Heart Of The City.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:09 - 15431247 _____ C:\Users\Tihomir\Downloads\06-whitesnake-aint_no_love_in_the_heart_of_the_city-ser.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-04-07 12:07 - 08761874 _____ C:\Users\Tihomir\Downloads\03-whitesnake-aint_no_love_in_the_heart_of_the_city.mp3.id-0873192877_file2@openmailbox.org
2015-10-01 19:06 - 2014-03-08 14:34 - 00000484 _____ C:\Users\Tihomir\Documents\rarreg.key.id-0873192877_file2@openmailbox.org
2015-09-19 00:21 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-14 05:04 - 2009-07-14 07:53 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-10-01 19:13 - 2015-10-01 19:13 - 0401934 _____ () C:\Users\Tihomir\AppData\Roaming\recovery.bmp

Some files in TEMP:
====================
C:\Users\Tihomir\AppData\Local\Temp\461nohh3x3446.jpg.exe
C:\Users\Tihomir\AppData\Local\Temp\7za.exe
C:\Users\Tihomir\AppData\Local\Temp\avgnt.exe
C:\Users\Tihomir\AppData\Local\Temp\Calculator.exe
C:\Users\Tihomir\AppData\Local\Temp\ExPromo.exe
C:\Users\Tihomir\AppData\Local\Temp\ose00000.exe
C:\Users\Tihomir\AppData\Local\Temp\tbuTor.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-01 03:59

==================== End of FRST.txt ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Дотук добре, но ще продължим след 16.00, защото в момента съм на работа.

Поздрави!

Може ли да архивирате следните файлове:

C:\Users\Tihomir\AppData\Local\Temp\461nohh3x3446.jpg.exe
C:\Users\Tihomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\recovery.bmp

и да качите архива на адрес => http://dox.abv.bg/files/share

След това ми пратете линка към архива на лично съобщение за да го изтегля.

Поздрави!


  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Дотук добре, но ще продължим след 16.00, защото в момента съм на работа.

Поздрави!

Може ли да архивирате следните файлове:

C:\Users\Tihomir\AppData\Local\Temp\461nohh3x3446.jpg.exe
C:\Users\Tihomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\recovery.bmp

и да качите архива на адрес => http://dox.abv.bg/files/share

След това ми пратете линка към архива на лично съобщение за да го изтегля.

Поздрави!

Не бях споменал преди, но въпросното компютърче е на един приятел! От проведените дискусии с него решихме да се форматира целия хард диск - ще се загуби доста информация, но....

Мерси за помоща!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Макар да разбирам причините, все пак действието е било взето малко прибързано, защото файловете, които поисках може би съдържаха ключа за създаването на декриптор за файловете. Не го бях споменал, защото и вие не бяхте споменали, че ще преинсталирате. Отделно бях казал, че ще проверя дали има декриптор за този проблем. Сега с тези прибързани действия може би лишихте, не само себе си от шанс за спасяването на файловете, но и всички останали потребители с подобен проблем и сега малко или много това действие ще лежи на съвестта ви. Както и да е. Поздрави и лека вечер.

  • Харесва ми 4

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход


×

Информация

Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.