РЕШЕН Не мога да сваля антивирусна ?!?!

vachy_kn · Януари 30, 2014

Сега ти препоръчвам да разчистиш малко ненужния софтуер. Влез в контролния панел и деинсталирай следните приложения:
- NVIDIA ForceWare Network Access Manager;
- Driver Detective;
- KMP Media Toolbar;
- WinZip Driver Updater;
- KMP Service;
- Carambis Driver Updater;
- LiveSupport;
- McAfee Security Scan Plus;
- Surftastic;
- Softonic for Windows;
- GS-Supporter.

След като ги деинсталираш, рестартирай, ако ти бъде поискан рестарт.

След това изпълни следното...

Изтегли AdwCleaner и го запази на работния плот. Стартирай го и кликни бутон Scan. Изчакай да се сканира, след което кликни бутон Clean. Потвърди с OK на всички прозорци, което ще доведе до рестарт на системата. След рестарта ще се отвори текстов файл. Моля, копирай съдържанието му тук.

# AdwCleaner v3.018 - Report created 30/01/2014 at 12:51:42

# Updated 28/01/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Valentin - VALKATA-6620512

# Running from : C:\Documents and Settings\Valentin\Desktop\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork

Folder Deleted : C:\Program Files\AskPartnerNetwork

Folder Deleted : C:\Program Files\Apps Hat

Folder Deleted : C:\Documents and Settings\Valentin\Local Settings\Application Data\torch

Folder Deleted : C:\Documents and Settings\Valentin\Local Settings\Application Data\Apps Hat

Folder Deleted : C:\Documents and Settings\Valentin\Application Data\optimizer pro

File Deleted : C:\Documents and Settings\Valentin\Desktop\Optimizer Pro.lnk

File Deleted : C:\WINDOWS\Tasks\Apps Hat-chromeinstaller.job

File Deleted : C:\WINDOWS\Tasks\Apps Hat-codedownloader.job

File Deleted : C:\WINDOWS\Tasks\Apps Hat-enabler.job

File Deleted : C:\WINDOWS\Tasks\Apps Hat-firefoxinstaller.job

File Deleted : C:\WINDOWS\Tasks\Apps Hat-updater.job

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\Valentin\Start Menu\Programs\AppsHat\Uninstall.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466856659}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKCU\Software\AskPartnerNetwork

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Somoto

Key Deleted : HKCU\Software\Webplayer

Key Deleted : HKCU\Software\Apps Hat

Key Deleted : HKLM\Software\AskPartnerNetwork

Key Deleted : HKLM\Software\Apps Hat

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

-\\ Google Chrome v32.0.1700.102

[ File : C:\Documents and Settings\Valentin\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

Deleted : icon_url

Deleted : search_url

Deleted : keyword

*************************

AdwCleaner[R0].txt - [3053 octets] - [30/01/2014 12:50:20]

AdwCleaner[s0].txt - [2965 octets] - [30/01/2014 12:51:42]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3025 octets] ##########

Night_Raven · Януари 30, 2014

Сега вече положението трябва да е по-добре.

Има ли все още някакви проблеми/оплаквания? Изготви ми отново дневници от FRST, за да видя дали има някакви останки за премахване.

vachy_kn · Януари 31, 2014

Сега вече положението трябва да е по-добре.

Има ли все още някакви проблеми/оплаквания? Изготви ми отново дневници от FRST, за да видя дали има някакви останки за премахване.

Ами маалко по добре е.Но компа пак си зацепва доста,когато пусна клип във вбокс или ютубе направо не може да се гледа накъсва постоянно (не е от интернета) сега свалих аваст и ще я пусна да сканира нз какво да правя вече...Ето ти дневниците от ФРСТ

Addition.txt

FRST.txt

Night_Raven · Януари 31, 2014

Изтегли HAMeb_check, запази го на работния плот и го стартирай. Ще се отвори текстов файл с резултатите. Копирай съдържанието тук.

vachy_kn · Февруари 1, 2014

C:\Documents and Settings\Valentin\Desktop\HAMeb_check.exe

01.02.2014 Ј. at 10:54:18,92

Account active No

Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys

kernel: MBR read successfully

user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters

ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

Night_Raven · Февруари 2, 2014

Отвори модула за деинсталация на програми в контролния панел. Там потърси отново и премахни GS-Supporter и GS-Enabler. Също така деинсталирай и Mobogenie, ако не знаеш какво е и не го използваш.

След това изпълни отново следното.

След това изпълни следното:

- изтегли прикрепения файл fixlist.txt и го запази в същата папка, където се намира FRST/FRST64 (това трябва да е работния плот, ако си следвал точно инструкциите в предишния коментар);

- стартирай FRST/FRST64;

- кликни бутон Fix и изчакай инструмента да извърши поправките;

- ако случайно има нужда от рестарт, се съгласи и остави системата да се рестартира нормално, след което остави инструментът да си довърши работата;

- когато всичко приключи, в същата папка ще се създаде Fixlog.txt, копирай съдържанието му в или го прикрепи към следващия си коментар.

Ако всичко е наред след този дневник, ще сме почти накрая.

Fixlist.txt

vachy_kn · Февруари 2, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2014 03

Ran by Valentin at 2014-02-02 13:12:23 Run:1

Running from C:\Documents and Settings\Valentin\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

MountPoints2: {9902e34e-89b4-11e3-80f2-002215bb1b5f} - F:\zkmaltgozh.bat

CHR DefaultSearchURL: http://websearch.toolksearchbook.info/?l=1&q={searchTerms}&pid=1925&r=2014/01/24&hid=7681195583601598804&lg=EN&cc=BG&unqvl=46

CHR Extension: (Flash Saving) - C:\Documents and Settings\Valentin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbemabjbfhjcccahjioenmkgimjbbkd [2014-01-24]

CHR Extension: (greatasAver) - C:\Documents and Settings\Valentin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igohhfdccdkmbbcelcndidigpkchhckl [2014-01-24]

CHR Extension: (greatasAver) - C:\Documents and Settings\Valentin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfionklchdegfdbcechclmjgjdfafgel [2014-01-24]

CHR Extension: (SNT) - C:\Documents and Settings\Valentin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\omicblbfnpcnnjhhcjghnhocodindnej [2014-01-24]

2014-01-27 22:55 - 2014-01-27 22:55 - 00000000 ____D C:\Program Files\PC Drivers HeadQuarters

2014-01-25 21:42 - 2014-01-25 21:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee

2014-01-24 16:57 - 2014-01-26 21:37 - 00000000 ____D C:\Program Files\Surftastic

2014-01-24 16:52 - 2014-01-27 11:57 - 00000000 ____D C:\Program Files\GS-Enabler

2014-01-24 16:51 - 2014-01-29 15:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\greatsaveer

2014-01-24 16:51 - 2014-01-26 21:36 - 00000000 ____D C:\Program Files\greatsaveer

2014-01-24 16:51 - 2014-01-24 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\d10e2a6e89411d37

2014-01-24 16:51 - 2014-01-24 16:51 - 00000000 ____D C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Torch

2014-01-24 16:51 - 2014-01-24 16:51 - 00000000 ____D C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google

2014-01-24 16:51 - 2014-01-24 16:51 - 00000000 ____D C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo

2014-01-24 16:51 - 2014-01-24 16:51 - 00000000 ____D C:\Documents and Settings\SUPPORT_388945a0

2014-01-24 16:50 - 2014-01-24 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\InstallMate

2014-01-29 15:15 - 2014-01-24 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\greatsaveer

2014-01-27 22:55 - 2014-01-27 22:55 - 00000000 ____D C:\Program Files\PC Drivers HeadQuarters

2014-01-27 11:57 - 2014-01-24 16:52 - 00000000 ____D C:\Program Files\GS-Enabler

2014-01-26 21:37 - 2014-01-24 16:57 - 00000000 ____D C:\Program Files\Surftastic

2014-01-26 21:36 - 2014-01-24 16:51 - 00000000 ____D C:\Program Files\greatsaveer

2014-01-25 21:42 - 2014-01-25 21:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee

2014-01-24 16:53 - 2014-01-24 16:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\InstallMate

*****************

CHR DefaultSearchURL: http://websearch.toolksearchbook.info/?l=1&q={searchTerms}&pid=1925&r=2014/01/24&hid=7681195583601598804&lg=EN&cc=BG&unqvl=46 ==> The Chrome "Settings" can be used to fix the entry.

C:\Documents and Settings\Valentin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbemabjbfhjcccahjioenmkgimjbbkd => Moved successfully.

C:\Documents and Settings\Valentin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igohhfdccdkmbbcelcndidigpkchhckl => Moved successfully.

C:\Documents and Settings\Valentin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfionklchdegfdbcechclmjgjdfafgel => Moved successfully.

C:\Documents and Settings\Valentin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\omicblbfnpcnnjhhcjghnhocodindnej => Moved successfully.

C:\Program Files\PC Drivers HeadQuarters => Moved successfully.

C:\Documents and Settings\All Users\Application Data\McAfee => Moved successfully.

C:\Program Files\Surftastic => Moved successfully.

"C:\Program Files\GS-Enabler" => File/Directory not found.

C:\Documents and Settings\All Users\Application Data\greatsaveer => Moved successfully.

C:\Program Files\greatsaveer => Moved successfully.

C:\Documents and Settings\All Users\Application Data\d10e2a6e89411d37 => Moved successfully.

C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Torch => Moved successfully.

C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google => Moved successfully.

C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo => Moved successfully.

C:\Documents and Settings\SUPPORT_388945a0 => Moved successfully.

C:\Documents and Settings\All Users\Application Data\InstallMate => Moved successfully.

"C:\Documents and Settings\All Users\Application Data\greatsaveer" => File/Directory not found.

"C:\Program Files\PC Drivers HeadQuarters" => File/Directory not found.

"C:\Program Files\GS-Enabler" => File/Directory not found.

"C:\Program Files\Surftastic" => File/Directory not found.

"C:\Program Files\greatsaveer" => File/Directory not found.

"C:\Documents and Settings\All Users\Application Data\McAfee" => File/Directory not found.

"C:\Documents and Settings\All Users\Application Data\InstallMate" => File/Directory not found.

==== End of Fixlog ====

Night_Raven · Февруари 3, 2014

Лека поправка от моя страна. Ако не си деинсталирал Mobogenie, го направи сега.

След това изпълни (последния надявам се) скрипт...

- изтегли прикрепения файл fixlist.txt и го запази в същата папка, където се намира FRST/FRST64 (това трябва да е работния плот, ако си следвал точно инструкциите в предишния коментар);

- стартирай FRST/FRST64;

- кликни бутон Fix и изчакай инструмента да извърши поправките;

- ако случайно има нужда от рестарт, се съгласи и остави системата да се рестартира нормално, след което остави инструментът да си довърши работата;

- когато всичко приключи, в същата папка ще се създаде Fixlog.txt, копирай съдържанието му в или го прикрепи към следващия си коментар.

След това вече можем да почистим инструментите...

Изтегли OTC и го запази на работния плот. Стартирай го, кликни бутон CleanUp!, потвърди с Yes, изчакай да приключи почистването, след което отново потвърди с Yes, за да се рестартира системата.

Стартирай отново AdwCleaner, кликни бутон Uninstall и потвърди с Yes. Комютърът ще се рестартира.

Ако след това продължаваш да имаш проблем с бавен компютър, опиши кога се бави (в определени ситуации или постоянно е муден). Ще е добра идея да направиш следното: изтегли Process Explorer, разархивирай я в удобна папка и я стартирай като администратор. Следи кои процеси заемат повече. Ако има процеси, които натоварват системата непрекъснато, можеш да направиш снимка и да я публикуваш. Ако има процеси, които товарят компютъра, но не е абсолютно непрекъснато, ги изреди в следващия си коментар.

Fixlist.txt

vachy_kn · Февруари 3, 2014

Мисля че докато съм в интернет наи много се товари и е наи муден. клипчетата продължават да накъсват..по е добре от преди но не е както трябва

Fixlog.txt

Night_Raven · Февруари 3, 2014

Бях забравил да прикрепя нужния fixlist.txt. Моля, повтори операцията отново с FRST.

vachy_kn · Февруари 4, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-02-2014

Ran by Valentin at 2014-02-04 11:26:27 Run:2

Running from C:\Documents and Settings\Valentin\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

CHR Extension: (YoutubeAdblocker) - C:\Documents and Settings\Valentin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbnidillpghgldmkdhmlknhdbdoodokd [2014-01-24]

CHR Extension: (YoutubeAdblocker) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lnkbcjonjkomllbnpianklhhljkeddbj\1.0

2014-01-24 16:54 - 2014-01-29 15:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SNT

2014-01-24 16:53 - 2014-01-27 12:45 - 00000000 ____D C:\Program Files\Mobogenie

2014-01-24 16:53 - 2014-01-24 17:22 - 00000000 ____D C:\Documents and Settings\Valentin\Local Settings\Application Data\Mobogenie

2014-01-24 16:53 - 2014-01-24 16:53 - 00000694 _____ C:\Documents and Settings\Valentin\Desktop\Mobogenie.lnk

2014-01-24 16:53 - 2014-01-24 16:53 - 00000000 ____D C:\Documents and Settings\Valentin\Start Menu\Programs\Mobogenie

2014-01-24 16:53 - 2014-01-24 16:53 - 00000000 ____D C:\Documents and Settings\Valentin\My Documents\Mobogenie

2014-01-24 16:51 - 2014-01-29 15:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\YoutubeAdblocker

2014-01-24 16:54 - 2014-01-29 15:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SNT

CHR Extension: (SNT) - C:\Documents and Settings\Valentin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\omicblbfnpcnnjhhcjghnhocodindnej [2014-01-24]

CHR - Extension: SNT = C:\Users\Gorazd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkejjmekbklppmbibgdobeeill fdlepp\2.1\

*****************

C:\Documents and Settings\Valentin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbnidillpghgldmkdhmlknhdbdoodokd directory not found.

CHR Extension: (YoutubeAdblocker) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lnkbcjonjkomllbnpianklhhljkeddbj\1.0 directory not found.

"C:\Documents and Settings\All Users\Application Data\SNT" => File/Directory not found.

"C:\Program Files\Mobogenie" => File/Directory not found.

"C:\Documents and Settings\Valentin\Local Settings\Application Data\Mobogenie" => File/Directory not found.

"C:\Documents and Settings\Valentin\Desktop\Mobogenie.lnk" => File/Directory not found.

"C:\Documents and Settings\Valentin\Start Menu\Programs\Mobogenie" => File/Directory not found.

"C:\Documents and Settings\Valentin\My Documents\Mobogenie" => File/Directory not found.

"C:\Documents and Settings\All Users\Application Data\YoutubeAdblocker" => File/Directory not found.

"C:\Documents and Settings\All Users\Application Data\SNT" => File/Directory not found.

C:\Documents and Settings\Valentin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\omicblbfnpcnnjhhcjghnhocodindnej directory not found.

==== End of Fixlog ====

Night_Raven · Февруари 4, 2014

Ами, остава да изтриеш отново FRST и създатените от него файлове и папки, и си готов.

За бавния компютър не мога да помогна, докато не предоставиш исканата информация.

klepoa · Февруари 4, 2014

колега ти иси велик ! надявам се колегата да сподели дали е успял

zhelyazkov · Март 21, 2014

Здравейте, Малуера не ми се изтегли.

По долу е текста от фрст, а прикрепено слагам аддишън.тхт

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by joropc (administrator) on JORO on 21-03-2014 17:03:49
Running from C:\Documents and Settings\joropc\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(QIP.ru) C:\Documents and Settings\joropc\Application Data\QipGuard\QipGuard.exe
(QIP) C:\Program Files\QIP 2010\qip.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(QIP.ru) C:\Program Files\QipGuard\QipGuard.exe
(Skype Technologies) C:\Program Files\Skype\Plugin Manager\skypePM.exe
() C:\Documents and Settings\joropc\Local Settings\Temp\wintmck.exe
() C:\Documents and Settings\joropc\Local Settings\Temp\xgqs.exe
() C:\Documents and Settings\joropc\Local Settings\Temp\winylglm.exe
() C:\Documents and Settings\joropc\Local Settings\Temp\winrkna.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Root Co.) C:\AUmenaPro\UmenaPro.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [iMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [331496 2011-01-07] (Sun Microsystems, Inc.)
HKU\S-1-5-21-1659004503-1202660629-1801674531-1003\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [22759720 2008-11-07] (Skype Technologies S.A.)
HKU\S-1-5-21-1659004503-1202660629-1801674531-1003\...\Run: [QIP Internet Guardian] - C:\Documents and Settings\joropc\Application Data\QipGuard\QipGuard.exe [191440 2012-02-23] (QIP.ru)
HKU\S-1-5-21-1659004503-1202660629-1801674531-1003\...\Run: [infium] - C:\Program Files\QIP 2010\qip.exe [7349200 2012-02-23] (QIP)
HKU\S-1-5-21-1659004503-1202660629-1801674531-1003\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1659004503-1202660629-1801674531-1003\...\MountPoints2: {33d851a6-0a18-11e2-aa44-0004761505f8} - E:\Install.exe
HKU\S-1-5-21-1659004503-1202660629-1801674531-1003\...\MountPoints2: {a2580b04-1693-11e2-aa54-0004761505f8} - E:\SETUP.EXE /AUTORUN

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=en_BG
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
URLSearchHook: HKCU - QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\joropc\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
SearchScopes: HKLM - DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {29E38BCE-03C2-45DC-9CF4-D8300F747C7C} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^BG&apn_uid=31dc7754-5c82-408a-bcde-07032b334b2b&apn_sauid=34107D52-075E-43C4-8796-153319D88408
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {FDFA5B79-D60E-4077-A2DA-FCDE87AD4C57} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\joropc\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{D22F3299-1395-434D-A59F-3AE58C967594}: [NameServer]192.168.115.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\joropc\Application Data\Mozilla\Firefox\Profiles\qyjy3w7m.default
FF SearchEngineOrder.1: Ask.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @qq.com/npchrome - C:\Program Files\Common Files\Tencent\Npchrome\npchrome.dll (Tencent)
FF Plugin: @qq.com/npqscall - C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF Plugin: @qq.com/TXSSO - C:\Program Files\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\911bg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pe-bg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml
FF Extension: British English Dictionary (Updated) - C:\Documents and Settings\joropc\Application Data\Mozilla\Firefox\Profiles\qyjy3w7m.default\Extensions\en-gb@flyingtophat.co.uk [2014-03-05]
FF Extension: English (GB) Language Pack - C:\Documents and Settings\joropc\Application Data\Mozilla\Firefox\Profiles\qyjy3w7m.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-03-05]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\joropc\Application Data\Mozilla\Firefox\Profiles\qyjy3w7m.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-01-24]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-02-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2014-01-27]

Chrome:
=======
CHR HomePage: hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=en_BG
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\joropc\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\joropc\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\joropc\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\joropc\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (QQ2013 Chrome Plugin) - C:\Documents and Settings\joropc\Local Settings\Application Data\Google\Chrome\Application\plugins\npactivex.dll (Tencent)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\joropc\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (QQ2013 Firefox Plugin) - C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
CHR Plugin: (QQ2013 Chrome Plugin for Chrome V23.0.1271.64 or latest version) - C:\Program Files\Common Files\Tencent\Npchrome\npchrome.dll (Tencent)
CHR Plugin: (Tencent SSO Platform) - C:\Program Files\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - D:\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java Platform SE 7 U45) - D:\bin\plugin2\npjp2.dll No File
CHR Extension: (YouTube) - C:\Documents and Settings\joropc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Google Търсене) - C:\Documents and Settings\joropc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (CSSViewer) - C:\Documents and Settings\joropc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ggfgijbpiheegefliciemofobhmofgce [2011-11-30]
CHR Extension: (MagicScroll eBook Reader) - C:\Documents and Settings\joropc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2013-01-10]
CHR Extension: (Google Wallet) - C:\Documents and Settings\joropc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Documents and Settings\joropc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]

========================== Services (Whitelisted) =================

R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2014-01-27] (Sun Microsystems, Inc.)
R2 QipGuard; C:\Program Files\QipGuard\QipGuard.exe [191440 2012-02-23] (QIP.ru)

==================== Drivers (Whitelisted) ====================

R3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 HPFXBULK; C:\WINDOWS\System32\drivers\hpfxbulk.sys [16288 2007-04-12] (Hewlett Packard)
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [100736 2006-04-24] (NVIDIA Corporation)
S3 nvax; C:\WINDOWS\System32\drivers\nvax.sys [53376 2005-07-26] (NVIDIA Corporation)
S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
S3 nvnforce; C:\WINDOWS\System32\drivers\nvapu.sys [415360 2005-07-26] (NVIDIA Corporation)
R3 amsint32; \??\C:\WINDOWS\system32\drivers\nljion.sys [X]
S4 aswSP; No ImagePath
S3 EverestDriver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-21 17:02 - 2014-03-21 17:03 - 00017747 _____ () C:\Documents and Settings\joropc\Desktop\Addition.txt
2014-03-21 17:01 - 2014-03-21 17:04 - 00016530 _____ () C:\Documents and Settings\joropc\Desktop\FRST.txt
2014-03-21 17:00 - 2014-03-21 17:03 - 00000000 ___DC () C:\FRST
2014-03-21 16:53 - 2014-03-21 16:53 - 01145856 _____ (Farbar) C:\Documents and Settings\joropc\Desktop\FRST.exe
2014-03-21 16:50 - 2014-03-21 16:50 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\joropc\Desktop\OTL.exe
2014-03-21 16:43 - 2014-03-21 16:43 - 00000000 _____ () C:\Documents and Settings\joropc\Desktop\mbam-setup-2.0.0.1000.exe
2014-03-21 16:30 - 2014-03-21 16:43 - 17498112 _____ () C:\Documents and Settings\joropc\Desktop\mbam-setup-2.0.0.1000.exe.part
2014-03-21 15:57 - 2014-03-21 15:57 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\gxudfpae.sys
2014-03-20 10:33 - 2014-03-20 10:33 - 10421993 _____ (Mistral software ) C:\Documents and Settings\joropc\My Documents\setup_MistralLite_3_140_7.exe
2014-03-13 19:55 - 2014-03-13 19:56 - 00012874 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-13 19:55 - 2014-03-13 19:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-13 19:55 - 2014-03-13 19:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 08:38 - 2014-03-13 19:55 - 00011784 _____ () C:\WINDOWS\KB2929961.log
2014-03-12 08:37 - 2014-03-13 19:55 - 00013127 _____ () C:\WINDOWS\KB2930275.log
2014-03-04 09:23 - 2014-03-04 09:30 - 00033280 _____ () C:\Documents and Settings\joropc\Desktop\OnHand432014_2.xls
2014-03-04 09:23 - 2014-03-04 09:23 - 00075776 _____ () C:\Documents and Settings\joropc\Desktop\OnHand432014_1.xls
2014-02-26 11:27 - 2014-02-26 11:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tencent Software
2014-02-26 08:50 - 2014-02-26 08:50 - 00051484 _____ () C:\WINDOWS\ippicd.log

==================== One Month Modified Files and Folders =======

2014-03-21 17:04 - 2014-03-21 17:01 - 00016530 _____ () C:\Documents and Settings\joropc\Desktop\FRST.txt
2014-03-21 17:04 - 2014-01-24 12:22 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-21 17:03 - 2014-03-21 17:02 - 00017747 _____ () C:\Documents and Settings\joropc\Desktop\Addition.txt
2014-03-21 17:03 - 2014-03-21 17:00 - 00000000 ___DC () C:\FRST
2014-03-21 17:01 - 2010-01-18 14:18 - 00240891 _____ () C:\WINDOWS\setupact.log
2014-03-21 16:59 - 2010-01-22 13:03 - 00000000 ____D () C:\Documents and Settings\joropc\Application Data\Skype
2014-03-21 16:53 - 2014-03-21 16:53 - 01145856 _____ (Farbar) C:\Documents and Settings\joropc\Desktop\FRST.exe
2014-03-21 16:52 - 2013-02-28 12:54 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-21 16:50 - 2014-03-21 16:50 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\joropc\Desktop\OTL.exe
2014-03-21 16:43 - 2014-03-21 16:43 - 00000000 _____ () C:\Documents and Settings\joropc\Desktop\mbam-setup-2.0.0.1000.exe
2014-03-21 16:43 - 2014-03-21 16:30 - 17498112 _____ () C:\Documents and Settings\joropc\Desktop\mbam-setup-2.0.0.1000.exe.part
2014-03-21 16:08 - 2014-01-14 10:19 - 00051996 _____ () C:\WINDOWS\cmcubn.log
2014-03-21 16:00 - 2010-01-22 13:12 - 00000000 ____D () C:\Documents and Settings\joropc\Application Data\skypePM
2014-03-21 16:00 - 2010-01-18 12:29 - 01392752 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-21 15:59 - 2010-01-18 14:23 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-03-21 15:59 - 2010-01-18 14:23 - 00000052 ____C () C:\WINDOWS\wiaservc.log
2014-03-21 15:58 - 2014-01-24 12:21 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-21 15:58 - 2010-01-18 12:34 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-21 15:57 - 2014-03-21 15:57 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\gxudfpae.sys
2014-03-21 12:49 - 2008-04-14 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-21 12:48 - 2010-01-18 12:35 - 00000278 __SHC () C:\Documents and Settings\joropc\ntuser.ini
2014-03-21 12:48 - 2010-01-18 12:34 - 00032566 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-20 10:33 - 2014-03-20 10:33 - 10421993 _____ (Mistral software ) C:\Documents and Settings\joropc\My Documents\setup_MistralLite_3_140_7.exe
2014-03-20 10:15 - 2012-06-18 16:03 - 00000000 ____D () C:\Documents and Settings\joropc\Local Settings\Application Data\Deployment
2014-03-18 17:54 - 2010-01-18 12:35 - 00000000 ____D () C:\Documents and Settings\joropc
2014-03-14 12:48 - 2010-01-18 14:18 - 00126912 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-13 19:56 - 2014-03-13 19:55 - 00012874 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-13 19:56 - 2010-01-20 12:29 - 00109516 ____C () C:\WINDOWS\updspapi.log
2014-03-13 19:56 - 2010-01-18 14:21 - 01710236 ____C () C:\WINDOWS\iis6.log
2014-03-13 19:56 - 2010-01-18 14:21 - 01493326 ____C () C:\WINDOWS\FaxSetup.log
2014-03-13 19:56 - 2010-01-18 14:21 - 00744004 ____C () C:\WINDOWS\ocgen.log
2014-03-13 19:56 - 2010-01-18 14:21 - 00694705 ____C () C:\WINDOWS\tsoc.log
2014-03-13 19:56 - 2010-01-18 14:21 - 00511271 ____C () C:\WINDOWS\comsetup.log
2014-03-13 19:56 - 2010-01-18 14:21 - 00473744 ____C () C:\WINDOWS\msmqinst.log
2014-03-13 19:56 - 2010-01-18 14:21 - 00310390 ____C () C:\WINDOWS\ntdtcsetup.log
2014-03-13 19:56 - 2010-01-18 14:21 - 00263209 ____C () C:\WINDOWS\netfxocm.log
2014-03-13 19:56 - 2010-01-18 14:21 - 00104495 ____C () C:\WINDOWS\MedCtrOC.log
2014-03-13 19:56 - 2010-01-18 14:21 - 00083911 ____C () C:\WINDOWS\ocmsn.log
2014-03-13 19:56 - 2010-01-18 14:21 - 00075719 ____C () C:\WINDOWS\msgsocm.log
2014-03-13 19:56 - 2010-01-18 14:21 - 00075270 ____C () C:\WINDOWS\tabletoc.log
2014-03-13 19:56 - 2010-01-18 14:21 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-13 19:55 - 2014-03-13 19:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-13 19:55 - 2014-03-13 19:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-13 19:55 - 2014-03-12 08:38 - 00011784 _____ () C:\WINDOWS\KB2929961.log
2014-03-13 19:55 - 2014-03-12 08:37 - 00013127 _____ () C:\WINDOWS\KB2930275.log
2014-03-13 19:55 - 2010-01-18 14:21 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-13 09:13 - 2014-01-24 11:52 - 00000000 ___DC () C:\AUmenaPro
2014-03-12 17:22 - 2010-01-20 16:24 - 01478144 __SHC () C:\Documents and Settings\joropc\Desktop\Thumbs.db
2014-03-11 14:40 - 2012-02-08 11:57 - 00000000 ____D () C:\Documents and Settings\joropc\Application Data\EditPlus 3
2014-03-04 09:30 - 2014-03-04 09:23 - 00033280 _____ () C:\Documents and Settings\joropc\Desktop\OnHand432014_2.xls
2014-03-04 09:23 - 2014-03-04 09:23 - 00075776 _____ () C:\Documents and Settings\joropc\Desktop\OnHand432014_1.xls
2014-02-26 11:27 - 2014-02-26 11:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tencent Software
2014-02-26 11:27 - 2014-01-28 15:56 - 00000494 _____ () C:\Documents and Settings\All Users\Desktop\Tencent QQ.lnk
2014-02-26 11:26 - 2013-04-15 10:32 - 01073236 ____C () C:\WINDOWS\system32\nvdrsdb1.bin
2014-02-26 11:26 - 2013-04-15 10:32 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-02-26 08:50 - 2014-02-26 08:50 - 00051484 _____ () C:\WINDOWS\ippicd.log
2014-02-24 16:24 - 2008-04-14 14:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-24 16:24 - 2008-04-14 14:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-24 13:46 - 2010-01-20 12:38 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-24 13:46 - 2010-01-18 12:28 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-24 13:46 - 2008-04-14 14:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-24 13:46 - 2008-04-14 14:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-24 13:46 - 2008-04-14 14:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-24 13:46 - 2008-04-14 14:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-24 13:46 - 2008-04-14 14:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-24 13:46 - 2008-04-14 14:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-24 13:46 - 2008-04-14 14:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-24 13:46 - 2008-04-14 14:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-24 13:46 - 2008-04-14 14:00 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-24 13:46 - 2008-04-14 14:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-24 13:46 - 2008-04-14 14:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-24 13:46 - 2008-04-14 14:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-24 13:46 - 2008-04-14 14:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-24 13:46 - 2008-04-14 14:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-24 13:45 - 2012-12-13 08:45 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-24 13:45 - 2010-06-10 09:19 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-24 13:45 - 2010-01-20 12:38 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-24 13:45 - 2010-01-20 12:38 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-24 13:45 - 2010-01-20 12:38 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-24 13:45 - 2010-01-20 12:38 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-24 13:45 - 2010-01-20 12:38 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-24 13:45 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-24 13:45 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-24 13:45 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-24 13:45 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-24 13:45 - 2008-04-14 14:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-24 13:45 - 2008-04-14 14:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-24 13:45 - 2008-04-14 14:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-24 13:45 - 2008-04-14 14:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-24 13:45 - 2008-04-14 14:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-24 13:45 - 2008-04-14 14:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-24 13:45 - 2008-04-14 14:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-24 13:45 - 2008-04-14 14:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-24 13:45 - 2008-04-14 14:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-24 13:45 - 2008-04-14 14:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-24 13:45 - 2008-04-14 14:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-24 13:45 - 2008-04-14 14:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-24 12:54 - 2008-04-14 14:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

Some content of TEMP:
====================
C:\Documents and Settings\joropc\Local Settings\Temp\pkcs11wrapper3094746267549066460.dll
C:\Documents and Settings\joropc\Local Settings\Temp\winrkna.exe
C:\Documents and Settings\joropc\Local Settings\Temp\wintmck.exe
C:\Documents and Settings\joropc\Local Settings\Temp\winylglm.exe
C:\Documents and Settings\joropc\Local Settings\Temp\xgqs.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

Addition.txt

zhelyazkov · Март 21, 2014

Сега вече положението трябва да е по-добре.

Има ли все още някакви проблеми/оплаквания? Изготви ми отново дневници от FRST, за да видя дали има някакви останки за премахване.

РЕШЕН Не мога да сваля антивирусна ?!?!

Препоръчан пост

Link to comment

Сподели другаде

ТОП потребители в тази тема

Популярни дни

ТОП потребители в тази тема

Популярни дни

Публикувани изображения

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Join the conversation