Зловреден код в системния регистър или?

nesanica · Януари 21, 2014

Здравейте! Тъй като компютърът ми в последно време въпреки преинсталацията е адски бавен, реших да пусна Malwarebytes и да видим какво ще стане. Не съм премахнала нищо, ще изчакам вашето мнение. Ето резултатът:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Версия на базата от данни: v2014.01.21.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

PC :: PC-D11C18289D74 [администратор]

1/21/2014 12:11:08

MBAM-log-2014-01-21 (12-22-31).txt

Тип сканиране: Бързо сканиране

Изключени опции за сканиране: P2P

Сканирани обекти: 196357

Изминало време: 10 минута(и), 16 секунда(и)

Открити процеси в паметта: 0

(Не бяха открити зловредни обекти)

Открити модули в паметта: 0

(Не бяха открити зловредни обекти)

Открити ключове в системния регистър: 9

HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Не беше предприето действие.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Babylon.A) -> Не беше предприето действие.

HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Не беше предприето действие.

HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Не беше предприето действие.

HKCU\SOFTWARE\BI (PUP.Optional.FilesFrog.A) -> Не беше предприето действие.

HKCU\Software\BabSolution\Redir (PUP.Optional.Babylon.A) -> Не беше предприето действие.

HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Не беше предприето действие.

HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Не беше предприето действие.

HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Не беше предприето действие.

Открити стойности в системния регистър: 2

HKCU\Software\BI|ui_path_filesfrog (PUP.Optional.FilesFrog.A) -> Данни: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker -> Не беше предприето действие.

HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Данни: 0H1L1J1L1S1R1N -> Не беше предприето действие.

Открити информационни обекти в системния регистър: 1

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Лош: (http://www2.delta-search.com/?babsrc=HP_ss&mntrId=846000E04D448BB9&affID=124036&tt=280813_ctrl2&tsp=4991) Добър: (http://www.google.com) -> Не беше предприето действие.

Открити папки: 5

C:\Documents and Settings\PC\Application Data\Babylon (PUP.Optional.Babylon.A) -> Не беше предприето действие.

C:\Documents and Settings\PC\Application Data\OpenCandy (PUP.Optional.OpenCandy) -> Не беше предприето действие.

C:\Documents and Settings\PC\Application Data\OpenCandy\2AA602FA7B3C438D90A1D67887DFE3B2 (PUP.Optional.OpenCandy) -> Не беше предприето действие.

C:\Documents and Settings\PC\Application Data\OpenCandy\A21C4C418BD8446981F7FA43A2F3D4CD (PUP.Optional.OpenCandy) -> Не беше предприето действие.

C:\Documents and Settings\PC\Application Data\OpenCandy\E44886BBA6484414957AD5F97E6F9DFB (PUP.Optional.OpenCandy) -> Не беше предприето действие.

Открити файлове: 20

C:\Documents and Settings\PC\Local Settings\Temp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Не беше предприето действие.

C:\Documents and Settings\PC\Local Settings\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto.A) -> Не беше предприето действие.

C:\Documents and Settings\PC\Local Settings\Temp\ICReinstall_KingsoftOfficeSetup.exe (PUP.Optional.Installcore) -> Не беше предприето действие.

C:\Documents and Settings\PC\Local Settings\Temp\appshat-distribution.exe (PUP.Optional.Somoto.A) -> Не беше предприето действие.

C:\Documents and Settings\PC\Local Settings\Temp\PIPInstaller_PTV_.exe (PUP.Optional.Spigot.A) -> Не беше предприето действие.

C:\Documents and Settings\PC\Local Settings\Temp\DeltaTB.exe (PUP.Optional.DeltaTB) -> Не беше предприето действие.

C:\Documents and Settings\PC\Local Settings\Temp\LemurLeap_sm.exe (PUP.Optional.LemurLeap.A) -> Не беше предприето действие.

C:\Documents and Settings\PC\Local Settings\Temp\DA362FD7-BAB0-7891-9FC5-400F09EE31C5\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Не беше предприето действие.

C:\Documents and Settings\PC\Local Settings\Temp\DA362FD7-BAB0-7891-9FC5-400F09EE31C5\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Не беше предприето действие.

C:\Documents and Settings\PC\Local Settings\Temp\DA362FD7-BAB0-7891-9FC5-400F09EE31C5\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Не беше предприето действие.

C:\Documents and Settings\PC\Local Settings\Temp\DA362FD7-BAB0-7891-9FC5-400F09EE31C5\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Не беше предприето действие.

C:\Documents and Settings\PC\Local Settings\Temp\DA362FD7-BAB0-7891-9FC5-400F09EE31C5\Latest\enhancedNT.dll (PUP.Optional.Delta.A) -> Не беше предприето действие.

C:\Documents and Settings\PC\Local Settings\Temp\DA362FD7-BAB0-7891-9FC5-400F09EE31C5\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Не беше предприето действие.

C:\Documents and Settings\PC\Local Settings\Temp\DA362FD7-BAB0-7891-9FC5-400F09EE31C5\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Не беше предприето действие.

C:\Documents and Settings\PC\Local Settings\Temp\DA362FD7-BAB0-7891-9FC5-400F09EE31C5\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Не беше предприето действие.

C:\Documents and Settings\PC\Local Settings\Temp\LemurLeap\LemurLeap_Setup.exe (PUP.Optional.LemurLeap.A) -> Не беше предприето действие.

C:\Documents and Settings\PC\Application Data\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Не беше предприето действие.

C:\Documents and Settings\PC\Application Data\OpenCandy\2AA602FA7B3C438D90A1D67887DFE3B2\TuneUpUtilities2013-2200319_en-US.exe (PUP.Optional.OpenCandy) -> Не беше предприето действие.

C:\Documents and Settings\PC\Application Data\OpenCandy\A21C4C418BD8446981F7FA43A2F3D4CD\version51030bc4470a0.exe (PUP.Optional.OpenCandy) -> Не беше предприето действие.

C:\Documents and Settings\PC\Application Data\OpenCandy\E44886BBA6484414957AD5F97E6F9DFB\PasswordBoxCHSTORE_p1v0.exe (PUP.Optional.OpenCandy) -> Не беше предприето действие.

(край)

Night_Raven · Януари 21, 2014

Като за начало премахни откритите обекти в Malwarebytes Anti-Malware. Също така изпълни и другите инструкции в тази тема. Т.е. липсва дневникът от FRST.

nesanica · Януари 22, 2014

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(LULU Software Limited) C:\Program Files\Soda PDF 5\HelperService.exe

(LULU Software Limited) C:\Program Files\Soda PDF 5\ConversionService.exe

(Microsoft Corporation) C:\Program Files\Zune\ZuneBusEnum.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe

(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(BitTorrent Inc.) C:\Documents and Settings\PC\Application Data\uTorrent\uTorrent.exe

() C:\WINDOWS\Datecs\Flex2K.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20065936 2012-06-06] (Realtek Semiconductor Corp.)

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)

HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2014-01-04] (APN)

HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [Zune Launcher] - c:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)

HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKCU\...\Run: [uTorrent] - C:\Documents and Settings\PC\Application Data\uTorrent\uTorrent.exe [888152 2013-08-28] (BitTorrent Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk

ShortcutTarget: FlexType 2K.lnk -> C:\WINDOWS\Datecs\Flex2K.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x065FC08BF3A3CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=846000E04D448BB9&affID=124036&tt=280813_ctrl2&tsp=4991

BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: KMP Media Toolbar - {4B4D5056-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\KMPV7\Passport.dll (APN LLC.)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Documents and Settings\PC\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll No File

BHO: Soda PDF 5 IE Helper - {C737F472-1193-4281-BF53-A00B67AB3E19} - C:\Program Files\Soda PDF 5\PDFIEHelper.dll (LULU Software Limited)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - KMP Media Toolbar - {4B4D5056-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\KMPV7\Passport.dll (APN LLC.)

Toolbar: HKLM - Soda PDF 5 IE Toolbar - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - C:\Program Files\Soda PDF 5\PDFIEPlugin.dll (LULU Software Limited)

Toolbar: HKCU - KMP Media Toolbar - {4B4D5056-3700-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\KMPV7\Passport.dll (APN LLC.)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 16 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Tcpip\Parameters: [DhcpNameServer] 88.87.0.2 88.87.10.2

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll ()

FF HKLM\...\Firefox\Extensions: [FFSodaPDF5Converter@sodapdf.com] - C:\Program Files\Soda PDF 5\FFSoda5Ext

FF Extension: Soda PDF 5 Converter For Firefox - C:\Program Files\Soda PDF 5\FFSoda5Ext [2013-09-03]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:

=======

CHR HomePage: hxxp://www.google.mk/

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)

CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))

CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

CHR Extension: (Angry Birds) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-09-02]

CHR Extension: (Google ) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-29]

CHR Extension: (Google ) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-29]

CHR Extension: (YouTube) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-29]

CHR Extension: (Google ) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-29]

CHR Extension: (Word \u0422\u044A\u0440\u0441\u0435\u043D\u0435) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ggckablhhmjagmokplgnbamljajnhanm [2013-09-02]

CHR Extension: (Caroline Gardner) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hlajhhigpcohfpjjmnbifacfbdoponci [2013-09-02]

CHR Extension: (Tetris) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdhicelaffdlcajmemnjfccipcemjlki [2013-09-02]

CHR Extension: (Google Wallet) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]

CHR Extension: (Gmail) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-29]

CHR HKLM\...\Chrome\Extension: [bcjagnifjocnddgeknajocbkkhlgibem] - C:\Program Files\Surf Canyon\surfcanyon.crx [2013-08-29]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)

R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-01-04] (APN LLC.)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-02] (Oracle Corporation)

S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 Soda PDF 5 Helper Service; C:\Program Files\Soda PDF 5\HelperService.exe [1097544 2013-06-12] (LULU Software Limited)

R2 Soda PDF 5 Service; C:\Program Files\Soda PDF 5\ConversionService.exe [794440 2013-06-12] (LULU Software Limited)

R2 ZuneBusEnum; c:\Program Files\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)

S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)

S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

R2 zumbus; C:\Windows\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation)

S4 IntelIde; No ImagePath

U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-22 11:22 - 2014-01-22 11:23 - 00014166 _____ C:\Documents and Settings\PC\Desktop\FRST.txt

2014-01-22 11:22 - 2014-01-22 11:22 - 00000000 ____D C:\FRST

2014-01-22 11:21 - 2014-01-22 11:21 - 01221632 _____ (Farbar) C:\Documents and Settings\PC\Desktop\FRST.exe

2014-01-21 12:30 - 2014-01-22 09:42 - 00000000 ____D C:\Documents and Settings\PC\Desktop\Originals

2014-01-21 12:21 - 2014-01-21 12:30 - 02296854 _____ C:\Documents and Settings\PC\Desktop\ВИРУС 1.bmp

2014-01-21 12:09 - 2014-01-21 12:09 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2014-01-21 12:09 - 2014-01-21 12:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

2014-01-21 12:09 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-01-21 12:05 - 2014-01-21 12:05 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\PC\Desktop\Malwarebytes Anti-Malware 1.75.0.1300.exe

2014-01-20 16:46 - 2014-01-20 17:03 - 21749814 _____ C:\Documents and Settings\PC\Desktop\kokokokolo.bmp

2014-01-20 15:52 - 2014-01-20 16:21 - 21749814 _____ C:\Documents and Settings\PC\Desktop\без име.bmp

2014-01-16 18:49 - 2014-01-16 18:49 - 00000000 ____D C:\Documents and Settings\PC\My Documents\Soda PDF 5 Files

2014-01-16 03:01 - 2014-01-16 03:01 - 00005918 _____ C:\WINDOWS\KB2914368.log

2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

2014-01-14 19:56 - 2012-10-17 22:41 - 1265862252 _____ C:\Емисија за Тоше.avi

2014-01-02 19:01 - 2014-01-02 19:01 - 00000000 ____D C:\WINDOWS\Sun

2014-01-02 19:01 - 2014-01-02 19:01 - 00000000 ____D C:\Program Files\eLecta Live 8.0

2014-01-02 19:01 - 2014-01-02 19:01 - 00000000 ____D C:\Documents and Settings\PC\Local Settings\Application Data\Sun

2014-01-02 19:01 - 2010-07-19 09:12 - 00394272 _____ C:\WINDOWS\system32\x64v05.dll

2014-01-02 19:01 - 2010-07-19 09:12 - 00283680 _____ C:\WINDOWS\system32\prntjpg.dll

2014-01-02 19:00 - 2014-01-02 19:00 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-01-02 19:00 - 2014-01-02 19:00 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-01-02 19:00 - 2014-01-02 19:00 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-01-02 19:00 - 2014-01-02 19:00 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

2014-01-02 19:00 - 2014-01-02 19:00 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-01-02 19:00 - 2014-01-02 19:00 - 00000000 ____D C:\Program Files\Common Files\Java

2014-01-02 19:00 - 2014-01-02 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java

2014-01-02 19:00 - 2014-01-02 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sun

2014-01-02 18:59 - 2014-01-02 18:59 - 00000000 ____D C:\Program Files\Java

2014-01-02 18:59 - 2014-01-02 18:59 - 00000000 ____D C:\Documents and Settings\PC\Application Data\Sun

==================== One Month Modified Files and Folders =======

2014-01-22 11:23 - 2014-01-22 11:22 - 00014166 _____ C:\Documents and Settings\PC\Desktop\FRST.txt

2014-01-22 11:22 - 2014-01-22 11:22 - 00000000 ____D C:\FRST

2014-01-22 11:22 - 2013-08-28 15:32 - 00000000 ____D C:\Documents and Settings\PC\Application Data\uTorrent

2014-01-22 11:21 - 2014-01-22 11:21 - 01221632 _____ (Farbar) C:\Documents and Settings\PC\Desktop\FRST.exe

2014-01-22 11:18 - 2013-08-28 15:31 - 00000000 ____D C:\Documents and Settings\PC\Application Data\Skype

2014-01-22 11:14 - 2013-08-29 18:59 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-22 09:42 - 2014-01-21 12:30 - 00000000 ____D C:\Documents and Settings\PC\Desktop\Originals

2014-01-22 09:42 - 2013-08-29 20:20 - 00572466 ___SH C:\Documents and Settings\PC\Desktop\Thumbs.db

2014-01-22 09:00 - 2013-08-28 14:55 - 02041254 _____ C:\WINDOWS\WindowsUpdate.log

2014-01-22 03:00 - 2013-09-13 02:07 - 00149388 _____ C:\WINDOWS\KB2686509.log

2014-01-22 03:00 - 2013-09-13 02:07 - 00000038 _____ C:\WINDOWS\faultykeyboard.log

2014-01-22 02:14 - 2013-08-29 18:59 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-21 12:41 - 2013-09-17 22:31 - 00000252 _____ C:\WINDOWS\Tasks\WGASetup.job

2014-01-21 12:38 - 2013-08-28 15:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2014-01-21 12:37 - 2013-09-13 02:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2296011$

2014-01-21 12:37 - 2013-08-28 17:44 - 00000216 _____ C:\WINDOWS\wiadebug.log

2014-01-21 12:37 - 2013-08-28 15:02 - 00032562 _____ C:\WINDOWS\SchedLgU.Txt

2014-01-21 12:37 - 2008-04-14 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

2014-01-21 12:36 - 2013-08-28 15:03 - 00000178 ___SH C:\Documents and Settings\PC\ntuser.ini

2014-01-21 12:36 - 2013-08-28 15:03 - 00000000 ____D C:\Documents and Settings\PC

2014-01-21 12:30 - 2014-01-21 12:21 - 02296854 _____ C:\Documents and Settings\PC\Desktop\ВИРУС 1.bmp

2014-01-21 12:09 - 2014-01-21 12:09 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2014-01-21 12:09 - 2014-01-21 12:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

2014-01-21 12:05 - 2014-01-21 12:05 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\PC\Desktop\Malwarebytes Anti-Malware 1.75.0.1300.exe

2014-01-20 17:37 - 2013-10-12 18:16 - 00000000 ____D C:\4b6f5cc5e23eec7f3e3200a3

2014-01-20 17:03 - 2014-01-20 16:46 - 21749814 _____ C:\Documents and Settings\PC\Desktop\kokokokolo.bmp

2014-01-20 16:21 - 2014-01-20 15:52 - 21749814 _____ C:\Documents and Settings\PC\Desktop\без име.bmp

2014-01-20 16:10 - 2013-08-31 21:17 - 00029696 ____H C:\Documents and Settings\PC\Desktop\photothumb.db

2014-01-16 21:42 - 2013-08-28 17:44 - 00000052 _____ C:\WINDOWS\wiaservc.log

2014-01-16 19:05 - 2013-08-28 17:42 - 00510466 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2014-01-16 18:49 - 2014-01-16 18:49 - 00000000 ____D C:\Documents and Settings\PC\My Documents\Soda PDF 5 Files

2014-01-16 03:04 - 2013-09-17 22:19 - 00000000 ____D C:\WINDOWS\system32\MRT

2014-01-16 03:01 - 2014-01-16 03:01 - 00005918 _____ C:\WINDOWS\KB2914368.log

2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

2014-01-16 03:01 - 2013-09-17 22:18 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-01-16 03:01 - 2013-08-28 17:42 - 00758826 _____ C:\WINDOWS\iis6.log

2014-01-16 03:01 - 2013-08-28 17:42 - 00679249 _____ C:\WINDOWS\FaxSetup.log

2014-01-16 03:01 - 2013-08-28 17:42 - 00375024 _____ C:\WINDOWS\ocgen.log

2014-01-16 03:01 - 2013-08-28 17:42 - 00315471 _____ C:\WINDOWS\tsoc.log

2014-01-16 03:01 - 2013-08-28 17:42 - 00234824 _____ C:\WINDOWS\comsetup.log

2014-01-16 03:01 - 2013-08-28 17:42 - 00210156 _____ C:\WINDOWS\msmqinst.log

2014-01-16 03:01 - 2013-08-28 17:42 - 00140829 _____ C:\WINDOWS\ntdtcsetup.log

2014-01-16 03:01 - 2013-08-28 17:42 - 00119754 _____ C:\WINDOWS\netfxocm.log

2014-01-16 03:01 - 2013-08-28 17:42 - 00047387 _____ C:\WINDOWS\MedCtrOC.log

2014-01-16 03:01 - 2013-08-28 17:42 - 00037821 _____ C:\WINDOWS\ocmsn.log

2014-01-16 03:01 - 2013-08-28 17:42 - 00034840 _____ C:\WINDOWS\tabletoc.log

2014-01-16 03:01 - 2013-08-28 17:42 - 00034243 _____ C:\WINDOWS\msgsocm.log

2014-01-16 03:01 - 2013-08-28 17:42 - 00001374 _____ C:\WINDOWS\imsins.log

2014-01-14 19:53 - 2013-09-08 21:53 - 00000000 ____D C:\Documents and Settings\PC\Application Data\vlc

2014-01-14 18:58 - 2013-08-28 17:41 - 00680885 _____ C:\WINDOWS\setupapi.log

2014-01-14 18:55 - 2013-09-01 16:25 - 00000000 ____D C:\My Recordings

2014-01-13 00:34 - 2013-08-28 14:56 - 00001607 _____ C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk

2014-01-13 00:34 - 2013-08-28 14:56 - 00001507 _____ C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk

2014-01-07 12:47 - 2013-12-20 14:24 - 00000000 ____D C:\Program Files\Mozilla Firefox

2014-01-07 12:47 - 2013-08-28 15:30 - 00000000 ____D C:\Documents and Settings\PC\Application Data\Mozilla