Здравейте!
Днес при опит за отваряне на Гугъл или Фейсбук с интернет експлорер ми излиза това:
Google.png 19.33К
0 Брой изтегляния И като последвам връзката ми иска данни от кредитна карта.
С Гугъл хром няма проблем. Други сайтове се отварят нормално (от тези с които съм пробвал) само тези не. Сканирах с Malwarebytes Anti-Malware, намери три заплахи, изтри ги и рестартирах, но няма ефект. Ето и логовете:
Malwarebytes Anti-Malware
www.malwarebytes.org
Дата на сканиране: 24.9.2015 г.
Час на сканиране: 17:25 ч.
Дневник: Malwarebytes1.txt
Администратор: Да
Версия: 2.1.8.1057
База от данни за злонамерен софтуер: v2015.09.24.03
База от данни за рууткити: v2015.09.22.01
Лиценз: Безплатен
Защита от злонамерен софтуер: Забранено
Защита от злонамерени страници: Забранено
Самозащита: Забранено
ОС: Windows 7 Service Pack 1
Процесор: x64
Файлова система: NTFS
Потребител: Жельо
Тип сканиране: Сканиране за заплахи
Резултат: Завършено
Сканиране обекти: 392907
Изминало време: 1 ч., 33 мин., 46 сек.
Памет: Разрешено
Начално стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
Рууткити: Разрешено
Дълбоко сканиране за рууткити: Разрешено
Евристика: Разрешено
ПНП: Предупреди
ПНИ: Разрешено
Процеси: 0
(Не бяха открити злонамерени обекти)
Модули: 0
(Не бяха открити злонамерени обекти)
Ключове в системния регистър: 3
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATPopups, Поставен под карантина, [e7cc7fb447447db9d916487da06429d7],
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATUpdaters, Поставен под карантина, [763dac8773185fd7a44b883de91b44bc],
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\Google Analytics Package, Поставен под карантина, [1e952e057912a195757c8a3b43c146ba],
Стойности в системния регистър: 0
(Не бяха открити злонамерени обекти)
Данни в системния регистър: 0
(Не бяха открити злонамерени обекти)
Папки: 0
(Не бяха открити злонамерени обекти)
Файлове: 0
(Не бяха открити злонамерени обекти)
Физически сектори: 0
(Не бяха открити злонамерени обекти)
(end)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by Жельо (administrator) on JAX-LAPTOP (24-09-2015 19:52:16)
Running from C:\Users\Жельо\Desktop
Loaded Profiles: Жельо (Available Profiles: Жельо)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Autodata Limited) C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
() C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\ouc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UnlockerAssistant] => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [IR_SERVER] => C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-05] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\Run: [TOPI.EXE] => C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\Run: [Google Update] => C:\Users\Жельо\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-05-28] (Samsung)
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\Run: [WindowsPhotoViewerstart] => C:\Users\Жельо\AppData\Roaming\Windows Photo Viewer\WindowsPhotoViewerstart.exe [192512 2015-09-24] (Sltone)
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {cdb173f4-4794-11e4-9418-047d7b60ad51} - I:\AutoRun.exe
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {cdb17402-4794-11e4-9418-047d7b60ad51} - H:\AutoRun.exe
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-02] (Avast Software s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2012-07-10]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 192.168.0.1
Tcpip\..\Interfaces\{521254B9-7035-4424-A79B-C73FEF009E56}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6408F382-43EF-45F8-A183-6E98326494E7}: [NameServer] 212.39.90.42 212.39.90.43
Tcpip\..\Interfaces\{A41B8DB8-C9BE-4B37-B8E9-4F4D5D0EDF75}: [DhcpNameServer] 195.175.39.40 195.175.39.39
Tcpip\..\Interfaces\{BBA08E84-E9B5-4B8C-8E2B-BE9854F9D071}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{C1BEB88E-16D3-4CA3-B902-802B99874DED}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{E53FC36D-0D30-463D-BA69-5934D48886C5}: [DhcpNameServer] 192.168.100.1 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-02] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\My Program\BitComet\tools\BitCometBHO_1.5.4.11.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-02] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {CB927D12-4FF7-4A9E-A169-56E4B8A75598} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/x64/ractrl.cab?lmi=1007
DPF: HKLM-x32 {028C3B99-F9B0-4188-8C2C-D71CA84824D5} hxxp://77.71.2.130:7000/program/SonySncCs1011View.cab
DPF: HKLM-x32 {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} hxxps://eu.mydlink.com/8D/activeX//TunnelX.ocx
DPF: HKLM-x32 {6E49B4EF-9FE5-44DF-8D04-445AA94F83DB} hxxp://78.130.205.132:9999/program/SonyNetworkCameraViewer.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://95.87.29.5/WebClient.exe
DPF: HKLM-x32 {9F1C0B35-8230-4176-8B99-5C2485121A4E} hxxp://85.217.132.132/program/SNCActiveXViewer.cab
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://cam1.kassabasystems.com:83/codebase/DVM_IPCam2.ocx
DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://rbweb.corpbank.bg/CSWebBankASP/capicom.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://84.54.135.77/activex/AMC.cab
DPF: HKLM-x32 {EDD8DF0B-A160-45DF-A26E-67C390A57B18} hxxp://95.87.29.4:10106/webrec.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1082
FireFox:
========
FF ProfilePath: C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\agvgq22e.default
FF Homepage: hxxp://www.homepage.bg/?a=dhp
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll [2014-04-16] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll [2014-04-16] ()
FF Plugin-x32: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files\webrec\WEB30\WebPlugin\npmedia.dll [2015-05-16] ()
FF Plugin-x32: @DVR/npmedia,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npmedia.dll [2015-01-30] ()
FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files\webrec\WEB30\WebPlugin\npTimeGrid.dll [2015-05-16] (Unauthorized copy)
FF Plugin-x32: @DVR/npTimeGrid,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npTimeGrid.dll [2015-01-30] (Unauthorized copy)
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: @google.com/sewebplugin -> C:\Windows\system32\npsewebplugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-10-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-10-30] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\My Program\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-678885870-2144746608-4001290835-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Жельо\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-678885870-2144746608-4001290835-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Жельо\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-678885870-2144746608-4001290835-1000: www.mydlink.com/Uplayer -> C:\Users\Жельо\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll [2015-07-09] (D-LINK CORPORATION)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Extension: BitComet Video Downloader - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\agvgq22e.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-23]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.homepage.bg/
CHR Plugin: (Shockwave Flash) - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\45.0.2454.99\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\45.0.2454.99\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\45.0.2454.99\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Java Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Google Update) - C:\Users\Жельо\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (W2MO: Logistics Design, Optimization, WMS, 3D) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\acbokjkdobbboamnnfehlboekicdhcog [2012-08-17]
CHR Extension: (Angry Birds) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-08-17]
CHR Extension: (YouTube) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-17]
CHR Extension: (FARMERAMA) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkfdgnfefjmciocbhnffnbpkjpdleca [2012-08-17]
CHR Extension: (Google Търсене) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-17]
CHR Extension: (Avast Online Security) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-03]
CHR Extension: (Pixorial Photo & Video Sharing) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilbibicalpgnmbjnganinjppjephokai [2012-08-17]
CHR Extension: (Happy Farmer by Fupa) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjdmmbgcdeojkmeablmdjkhplahnmii [2012-08-17]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-17]
CHR Extension: (радио) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaapjbgohfgkalmmjpakodbpomahebn [2012-08-17]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-02]
StartMenuInternet: Google Chrome.MBWLTUWGU5OHAGWKF2LZRQIORY - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2012-07-17] (Autodata Limited) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-02] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-02] (Avast Software)
S3 BITCOMET_HELPER_SERVICE; C:\My Program\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [13080 2009-12-26] (Microsoft Corporation)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [200704 2006-08-11] (InterVideo Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-04] (NVIDIA Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-04] (NVIDIA Corporation)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625816 2012-06-22] (Pandora.TV)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S2 VIVACOM 3G USB Modem. RunOuc; C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [651856 2013-10-26] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [312184 2010-09-21] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-02] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-02] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-02] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-05] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-02] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-02] ()
S3 CM2593; C:\Windows\System32\DRIVERS\CM2593.sys [12848 2008-09-30] () [File not signed]
S3 CM2593; C:\Windows\SysWOW64\DRIVERS\CM2593.sys [10800 2008-09-30] () [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2014-04-30] () [File not signed]
S3 GRemoteBus; C:\Windows\System32\DRIVERS\GRemoteBus64.sys [27336 2009-08-05] (GBM Software)
S3 GRemoteJoy; C:\Windows\System32\DRIVERS\GRemoteJoy64.sys [46792 2009-08-05] (GBM Software)
S3 GWHid; C:\Windows\System32\DRIVERS\GWHid.sys [22576 2008-09-30] (Microsoft Corporation) [File not signed]
S3 GWHid; C:\Windows\SysWOW64\DRIVERS\GWHid.sys [18992 2008-09-30] (Microsoft Corporation) [File not signed]
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [121728 2013-10-23] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [376448 2013-11-01] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MSBDA; C:\Windows\System32\DRIVERS\UTVAD.sys [1410952 2011-07-15] (Gadmei Electronic Technology Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [225256 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-07-10] () [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-04-11] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-02] (Avast Software)
U3 asb63kqm; C:\Windows\System32\Drivers\asb63kqm.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WINIO; \??\C:\Users\Жельо\Desktop\Test na sistemata\Test na sistemata\psc_2.071\winio.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-24 19:52 - 2015-09-24 19:52 - 00031363 _____ C:\Users\Жельо\Desktop\FRST.txt
2015-09-24 19:16 - 2015-09-24 19:17 - 00001699 _____ C:\Users\Жельо\Desktop\Malwarebytes.txt
2015-09-24 19:08 - 2015-09-24 19:52 - 00000000 ____D C:\FRST
2015-09-24 19:07 - 2015-09-24 19:07 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-09-24 19:07 - 2015-09-24 19:07 - 00000000 ____D C:\Windows\system32\vbox
2015-09-24 18:06 - 2015-09-24 18:06 - 02192384 _____ (Farbar) C:\Users\Жельо\Desktop\FRST64.exe
2015-09-24 17:14 - 2015-09-24 17:14 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-24 16:08 - 2015-09-24 19:44 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\Windows Photo Viewer
2015-09-14 16:14 - 2015-09-14 16:15 - 00000000 ____D C:\ProgramData\BSD
2015-09-14 16:14 - 2015-09-14 16:14 - 00000000 ____D C:\ProgramData\TweakBit
2015-09-14 16:03 - 2015-09-14 16:03 - 00000000 ____D C:\Program Files (x86)\CM2593
2015-09-14 16:03 - 2008-09-30 04:18 - 00065072 _____ C:\Windows\system32\Hidhlp.dll
2015-09-14 16:03 - 2008-09-30 04:18 - 00064048 _____ C:\Windows\SysWOW64\Hidhlp.dll
2015-09-14 16:03 - 2008-09-30 04:18 - 00018992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\GWHid.sys
2015-09-14 16:03 - 2008-09-30 04:17 - 00022576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GWHid.sys
2015-09-14 16:03 - 2008-09-30 04:17 - 00012848 _____ C:\Windows\system32\Drivers\CM2593.sys
2015-09-14 16:03 - 2008-09-30 04:17 - 00010800 _____ C:\Windows\SysWOW64\Drivers\CM2593.sys
2015-09-11 10:32 - 2015-09-11 10:32 - 07129308 _____ C:\Users\Жельо\Desktop\Незнайните райски места в България, които трябва да посетите.mht
2015-09-06 16:10 - 2015-09-06 16:10 - 00040803 _____ C:\Users\Жельо\Desktop\Statements.zip
2015-08-27 23:21 - 2015-08-27 23:21 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\Sun
2015-08-27 23:21 - 2015-08-27 23:21 - 00000000 ____D C:\Users\Жельо\.oracle_jre_usage
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-24 19:52 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\tracing
2015-09-24 19:50 - 2014-12-06 19:27 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-24 19:48 - 2012-07-10 13:44 - 01408455 _____ C:\Windows\WindowsUpdate.log
2015-09-24 19:28 - 2012-08-17 08:39 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-678885870-2144746608-4001290835-1000UA.job
2015-09-24 19:12 - 2009-07-14 07:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-24 19:12 - 2009-07-14 07:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-24 19:03 - 2013-08-09 19:15 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-09-24 19:03 - 2013-04-28 18:02 - 00000686 ____H C:\Windows\Tasks\{F78FF1FF-7F8C-40BF-956E-099D61E0547F}.job
2015-09-24 19:03 - 2012-08-21 12:46 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-24 19:03 - 2009-07-14 07:51 - 00060270 _____ C:\Windows\setupact.log
2015-09-24 19:02 - 2012-07-10 13:59 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-24 19:02 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-24 19:01 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\Speech
2015-09-24 17:07 - 2012-07-17 11:26 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\vlc
2015-09-24 15:28 - 2012-08-17 08:39 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-678885870-2144746608-4001290835-1000Core.job
2015-09-24 10:30 - 2012-08-17 08:40 - 00002364 _____ C:\Users\Жельо\Desktop\Google Chrome.lnk
2015-09-23 19:47 - 2012-08-23 17:41 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-21 21:44 - 2012-10-22 11:38 - 00000000 ____D C:\Users\Жельо\Documents\Euro Truck Simulator 2
2015-09-20 20:39 - 2012-07-10 16:14 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\BitComet
2015-09-19 22:18 - 2012-07-10 21:17 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\Skype
2015-09-18 15:23 - 2012-08-17 08:39 - 00003978 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-678885870-2144746608-4001290835-1000UA
2015-09-18 15:23 - 2012-08-17 08:39 - 00003582 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-678885870-2144746608-4001290835-1000Core
2015-09-16 18:48 - 2015-01-10 19:21 - 00000000 ____D C:\Users\Жельо\Desktop\METRO
2015-09-15 10:13 - 2012-08-17 08:39 - 00000000 ____D C:\Users\Жельо\AppData\Local\Google
2015-09-14 16:14 - 2009-07-14 05:34 - 00000614 _____ C:\Windows\win.ini
2015-09-14 15:59 - 2013-04-08 12:55 - 00000000 ____D C:\Windows\USB Vibration
2015-09-14 15:59 - 2012-07-10 14:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-14 15:45 - 2013-04-08 12:54 - 00000000 ____D C:\Program Files (x86)\USB Vibration
2015-09-14 12:10 - 2009-07-14 08:13 - 00796930 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-11 09:59 - 2009-07-14 08:08 - 00032536 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-28 18:06 - 2012-07-12 12:43 - 00000000 ___RD C:\Users\Жельо\Desktop\GAME
2015-08-28 09:16 - 2012-07-10 17:13 - 00496040 _____ C:\Windows\PFRO.log
2015-08-27 23:22 - 2013-10-20 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-27 23:22 - 2013-10-20 16:55 - 00000000 ____D C:\ProgramData\Oracle
2015-08-27 23:22 - 2013-07-13 15:52 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-27 23:21 - 2014-10-20 11:11 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-27 23:21 - 2012-07-10 13:49 - 00000000 ____D C:\Users\Жельо
2015-08-27 18:40 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\L2Schemas
2015-08-27 18:39 - 2013-05-02 22:04 - 00000000 ____D C:\ProgramData\BrowserProtect
2015-08-27 15:23 - 2014-12-06 19:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
==================== Files in the root of some directories =======
2013-09-01 10:52 - 2013-09-01 10:52 - 0039523 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2012-05-04 10:04 - 2012-05-04 10:04 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2013-09-30 14:38 - 2013-09-30 14:38 - 0000053 _____ () C:\Users\Жельо\AppData\Roaming\Battery Meter_Data.ini
2012-07-17 11:20 - 2014-12-07 08:09 - 0000180 _____ () C:\Users\Жельо\AppData\Roaming\default.rss
2013-08-06 18:10 - 2013-08-06 20:48 - 0000018 _____ () C:\Users\Жельо\AppData\Roaming\Network Meter_Usage.ini
2012-08-22 12:27 - 2012-10-16 14:49 - 0005120 _____ () C:\Users\Жельо\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-10 22:27 - 2014-02-10 22:27 - 0000093 _____ () C:\Users\Жельо\AppData\Local\fusioncache.dat
2015-03-26 14:56 - 2015-03-26 14:56 - 0000054 _____ () C:\Users\Жельо\AppData\Local\oPlayer.ini
2012-07-17 17:18 - 2013-04-28 18:36 - 0007596 _____ () C:\Users\Жельо\AppData\Local\Resmon.ResmonCfg
2012-06-21 12:04 - 2012-06-21 18:07 - 0055545 _____ () C:\ProgramData\Cutevideoconverter.ini
2012-06-21 12:04 - 2011-07-23 13:24 - 0111450 _____ () C:\ProgramData\Cutevideoformat.ini
Files to move or delete:
====================
C:\Users\Жельо\Network_Meter_Data.js
C:\Windows\Tasks\{F78FF1FF-7F8C-40BF-956E-099D61E0547F}.job
Some files in TEMP:
====================
C:\Users\Жельо\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Жельо\AppData\Local\Temp\rkm4eh-r.dll
C:\Users\Жельо\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-21 11:29
==================== End of FRST.txt ============================