Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017 Ran by NET1 (08-09-2017 23:33:16) Running from C:\Users\NET1\Desktop\rapports\applications Windows 7 Ultimate (X64) (2012-07-27 06:57:08) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1113787428-1424384801-3093382837-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-1113787428-1424384801-3093382837-501 - Limited - Enabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-1113787428-1424384801-3093382837-1002 - Limited - Enabled) NET1 (S-1-5-21-1113787428-1424384801-3093382837-1000 - Administrator - Enabled) => C:\Users\NET1 Sashka (S-1-5-21-1113787428-1424384801-3093382837-1003 - Limited - Enabled) => C:\Users\Sashka ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: AVG Antivirus (Disabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Antivirus (Disabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-1113787428-1424384801-3093382837-1000\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.) 7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - ) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated) Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader 9.5.5 - Bulgarian (HKLM-x32\...\{AC76BA86-7AD7-1026-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.) AVG (HKLM\...\{BA40B3B4-7707-437E-84FF-8C18BE5AD9B6}) (Version: 1.211.2 - AVG Technologies) Hidden AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.4.3014 - AVG Technologies) AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.7.0.199 - AVG Technologies) BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC) CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2013 - CyberLink Corp.) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd) Détection de l'application Winamp (HKU\S-1-5-21-1113787428-1424384801-3093382837-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) DisplayLink Core Software (HKLM\...\{E1CD90F5-0972-45C7-A450-7ACF9EF6FB28}) (Version: 4.5.13507.0 - DisplayLink Corp.) DocBackupAP (HKLM-x32\...\DocBackupAP) (Version: - ) Elements 12 Organizer (HKLM-x32\...\{9D80A7B7-DC01-485D-AE93-710D559B5C56}) (Version: 12.0 - Adobe Systems Incorporated) Hidden eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden FMW 1 (HKLM\...\{F64508FE-73C8-4C27-9CCA-3799C428B70B}) (Version: 1.223.1 - AVG Technologies) Hidden GLOBUL Connection Manager (HKLM-x32\...\GLOBUL Connection Manager) (Version: 21.005.15.02.250 - Huawei Technologies Co.,Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.10.0 - Intel) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle) Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech) Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301036}) (Version: 7.02.9753 - Nero AG) Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation) OpenOffice.org 3.4.1 (HKLM-x32\...\{7DA1C06F-C913-46C7-8A0F-DA2CBA17EA1D}) (Version: 3.41.9593 - Apache Software Foundation) Photo Mechanic 5 (HKLM-x32\...\{DE924CF0-B8BB-42BA-BDA0-14535F79DF3F}) (Version: 5.0 - Camera Bits, Inc) Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon) PowerDirector (HKLM\...\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}) (Version: 9.00.0000 - CyberLink Corp.) Hidden PSE12 STI Installer (HKLM-x32\...\{11F9A376-342F-4297-82DA-1F6EA8ED4B6B}) (Version: 12.0 - Adobe Systems Incorporated) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.) Qualcomm USB Drivers For Windows (HKLM-x32\...\{D9FB7F91-9687-4B09-894D-072903CADEA4}) (Version: 1.00.25 - QUALCOMM Incorporated) SEDREAP (HKLM-x32\...\SEDREAP) (Version: - ) Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.0.0.08060 - Sony Corporation) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.) Skype Web Plugin (HKLM-x32\...\{CD62BCB9-02D2-443F-AC7A-443377DA5B38}) (Version: 7.31.0.56 - Skype Technologies S.A.) SmartSound Quicktracks 5 (HKLM-x32\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.) Hidden SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.) Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.30 - Bioware/EA) Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM-x32\...\InstallShield_{607398CF-354B-4E21-B1BC-549424BFD04C}) (Version: 2.00.0003 - Texas Instruments Inc.) TIPCI (HKLM-x32\...\{607398CF-354B-4E21-B1BC-549424BFD04C}) (Version: 2.00.0003 - Texas Instruments Inc.) Hidden Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) VAIO Power Management (HKLM-x32\...\{802889F8-6AF5-45A5-9764-CA5B999E50FC}) (Version: 2.5.0.06250 - Sony Corporation) VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.2.0.16270 - Sony Corporation) ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN) VUx64 (HKLM\...\{A0A2BE14-D3FF-41C8-9545-4B130E3FE9A4}) (Version: 1.2.0 - Sony Corporation) Hidden VUx86 (HKLM-x32\...\{D04F1D22-4A47-42C6-A2B9-094A7B844D9B}) (Version: 1.2.0 - Sony Corporation) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.6 - Nullsoft, Inc) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\256CD808BFEEBAFFBD9071CA2C9D2D633E524FC9) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.) Windows Driver Package - Qualcomm (qcusbnet) Net (07/29/2011 1.0.6.5) (HKLM\...\2F53F0A0FCEDAFD3CCCB1439CAAE0738B4BAFBFB) (Version: 07/29/2011 1.0.6.5 - Qualcomm) Windows Driver Package - Qualcomm Incorporated (qcusbser) Modem (07/29/2011 2.0.8.7) (HKLM\...\6BF6A4AE61C76DD6CBA31ACB5852032BA320D4E4) (Version: 07/29/2011 2.0.8.7 - Qualcomm Incorporated) Windows Driver Package - Qualcomm Incorporated (qcusbser) Ports (07/29/2011 2.0.8.7) (HKLM\...\05D0DACD8686BF30FA10AEAD80D777AEDC6B2562) (Version: 07/29/2011 2.0.8.7 - Qualcomm Incorporated) Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation) WinRAR 4.01 (64-битова версия) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov) ContextMenuHandlers1-x32: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.) ContextMenuHandlers1-x32: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-05-14] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers1-x32-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG) ContextMenuHandlers1-x32-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] () ContextMenuHandlers1-x32-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-28] () ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov) ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] () ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-28] () ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2009-07-18] (NVIDIA Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.) ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-05-14] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] () ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-28] () ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0DBE3C95-E818-483B-A9E2-487D29A3A768} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {1DD0AAE6-3B25-486E-B8AB-916CD8A0ED40} - System32\Tasks\{93E04AFC-FF5C-4101-8B84-31F821A96001} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.18.59.106/bg/abandoninstall?page=tsProgressBar Task: {2CF589E0-9EDA-4B17-89BB-D21D3BC7869F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd) Task: {4A2EE873-885B-409D-A114-86993F0496A0} - \{00D4F15A-7480-4CBC-B9B8-20BFDD373142} -> No File <==== ATTENTION Task: {4B8E1884-2CDB-46CD-937A-C3776EE5191C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {6435A999-ABE9-4732-8C2E-61C40B525D15} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2016-04-25] (Sony Corporation) Task: {70672D03-8783-4D57-B0ED-D5574B052462} - System32\Tasks\AdobeAAMUpdater-1.0-NET1-PC-NET1 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated) Task: {8946A4CD-059C-42A3-A78B-14290E72C25D} - System32\Tasks\{D970188C-77E1-4648-B290-BE350B718D07} => C:\Windows\system32\pcalua.exe -a "C:\Users\NET1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K7LN5DEV\RIDMSC-15669200-US.EXE" -d C:\Users\NET1\Desktop Task: {936F5149-BC06-4957-8F6B-B4A75D22D9A5} - System32\Tasks\{8329C2B8-BF2F-402A-AD0A-23C5513783EC} => "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.4.0.102/bg/abandoninstall?page=tsProgressBar Task: {9F9D896E-546F-4D33-962D-6EEE76E46FB3} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {ABB8189B-510C-4662-90E7-C49BB442CCC1} - System32\Tasks\{778873EC-6AC6-487E-8EE4-51C138E5C60D} => "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.10.0.116.259&LastError=12007 Task: {ABD1E9CC-EAFB-4C54-A5A3-EFAD2556880A} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control Task: {BE3486A2-A857-4246-B3D4-5F31359E9691} - System32\Tasks\{E4F3E25E-B35B-461E-B279-B7E3FB8E0675} => C:\Windows\system32\pcalua.exe -a C:\Users\NET1\Downloads\out_xf.exe -d C:\Users\NET1\Downloads Task: {BFD838E9-3B15-4109-A549-B1BA48B2A553} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2016-03-31] (Sony Corporation) Task: {D2AB85AA-4770-4FD1-AF49-885DB34436C2} - System32\Tasks\{12CC3C38-A3A6-45D3-84D2-AF2274011541} => C:\Program Files (x86)\Skype\Phone\Skype.exe Task: {F2D7F7EB-18FA-41F1-B1EB-034CA9FB1DF1} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-05-14] (AVG Technologies CZ, s.r.o.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\NET1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Помощен файл на WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () <==== Cyrillic Shortcut: C:\Users\NET1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ръководство за конзолната версия на RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () <==== Cyrillic ==================== Loaded Modules (Whitelisted) ============== 2012-07-27 16:33 - 2012-07-27 16:32 - 000655712 _____ () C:\ProgramData\GLOBUL Connection Manager\OnlineUpdate\ouc.exe 2011-03-14 17:27 - 2011-03-14 17:27 - 000346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2015-01-04 01:02 - 2015-01-04 01:02 - 000066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-01-04 01:02 - 2015-01-04 01:02 - 000107832 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2013-05-21 01:17 - 2009-04-17 18:01 - 000247152 _____ () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe 2017-09-03 18:32 - 2017-08-23 10:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll 2017-09-03 18:32 - 2017-08-23 10:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll 2016-11-28 16:23 - 2016-11-28 16:22 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll 2017-05-14 13:55 - 2017-05-14 13:55 - 000171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll 2017-05-14 13:56 - 2017-05-14 13:56 - 000999024 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll 2017-05-14 13:56 - 2017-05-14 13:56 - 067717632 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll 2017-05-14 13:56 - 2017-05-14 13:56 - 000178120 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll 2017-05-14 13:56 - 2017-05-14 13:56 - 000224352 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll 2017-05-14 13:56 - 2017-05-14 13:56 - 000685784 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll 2012-07-27 16:33 - 2012-07-27 16:32 - 000011362 _____ () C:\ProgramData\GLOBUL Connection Manager\OnlineUpdate\mingwm10.dll 2012-07-27 16:33 - 2012-07-27 16:32 - 000043008 _____ () C:\ProgramData\GLOBUL Connection Manager\OnlineUpdate\libgcc_s_dw2-1.dll 2012-07-27 16:33 - 2012-07-27 16:32 - 002415104 _____ () C:\ProgramData\GLOBUL Connection Manager\OnlineUpdate\QtCore4.dll 2012-07-27 16:33 - 2012-07-27 16:32 - 001148416 _____ () C:\ProgramData\GLOBUL Connection Manager\OnlineUpdate\QtNetwork4.dll 2012-07-27 16:33 - 2012-07-27 16:32 - 000835072 _____ () C:\ProgramData\GLOBUL Connection Manager\OnlineUpdate\QueryStrategy.dll 2012-07-27 16:33 - 2012-07-27 16:32 - 000398336 _____ () C:\ProgramData\GLOBUL Connection Manager\OnlineUpdate\QtXml4.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1113787428-1424384801-3093382837-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\NET1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{AFDAEDE3-F2FE-4790-B8ED-0F430E4A84B0}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{DA58DDA2-6D92-4D08-A01F-BDB682AEBFC1}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{091DDD6A-550C-4328-92BD-E0911F976C98}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{AEA72919-0023-4BD9-AC4F-2963C6938C7F}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [TCP Query User{1D9BA706-1E7C-4B5E-B768-067AB9178814}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe FirewallRules: [UDP Query User{C4FB5A05-5B37-49FC-9DD1-775A52155929}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe FirewallRules: [TCP Query User{D8A78983-1403-4DCC-9B2B-61D053D2B35A}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe FirewallRules: [UDP Query User{A99E69CF-7DC2-40FB-BF60-EAF9CA893B43}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [TCP Query User{12B58913-ABE9-4203-A0CF-42EE389F3B63}C:\program files (x86)\docbackupjre\j2re1.5.0_22\bin\javaw.exe] => (Allow) C:\program files (x86)\docbackupjre\j2re1.5.0_22\bin\javaw.exe FirewallRules: [UDP Query User{AAF78E35-F0F0-4E6B-A997-3EA67D0733C0}C:\program files (x86)\docbackupjre\j2re1.5.0_22\bin\javaw.exe] => (Allow) C:\program files (x86)\docbackupjre\j2re1.5.0_22\bin\javaw.exe FirewallRules: [{E0894C84-9602-4CEA-B0D5-FB7AA32B7175}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{07A3D418-54BC-47C7-8C9E-922E5D9019BB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{2AD7ECBA-D521-4BDA-AE63-C88E7E3D52FD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{CF8B5751-22B9-42AE-BB1C-F490FB5134CF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [TCP Query User{042B5DF7-8308-490F-AC5E-DB2AD0E0E63D}C:\users\sashka\downloads\sky38i.exe] => (Allow) C:\users\sashka\downloads\sky38i.exe FirewallRules: [UDP Query User{F3CB32C0-19FC-4915-9367-5B4BD780A346}C:\users\sashka\downloads\sky38i.exe] => (Allow) C:\users\sashka\downloads\sky38i.exe FirewallRules: [{2F92FB09-7C0C-40BE-8C7B-5EEF71C3B141}] => (Allow) C:\Users\Sashka\Downloads\Sky38i.exe FirewallRules: [{2AB31C8F-16DC-4B2B-9B8D-DEE9BFAD61DE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Base System Device Description: Base System Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/07/2017 09:44:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: FRST64.exe, version: 20.8.2017.0, time stamp: 0x5998aed0 Faulting module name: FRST64.exe, version: 20.8.2017.0, time stamp: 0x5998aed0 Exception code: 0xc0000005 Fault offset: 0x0000000000026754 Faulting process id: 0xe10 Faulting application start time: 0x01d3281101321156 Faulting application path: C:\Users\NET1\Desktop\rapports\applications\FRST64.exe Faulting module path: C:\Users\NET1\Desktop\rapports\applications\FRST64.exe Report Id: ffcd7762-9404-11e7-a84c-816152e6e6ff Error: (09/02/2017 11:36:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamtray.exe, version: 3.0.0.1169, time stamp: 0x5997224a Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x594d4411 Exception code: 0xc0000005 Fault offset: 0x001a9fd6 Faulting process id: 0x6e4 Faulting application start time: 0x01d324336753f671 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: bc29ea18-9026-11e7-8e0c-f3a65505c7c4 Error: (04/07/2017 06:37:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (04/07/2017 06:37:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (04/07/2017 11:14:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (04/07/2017 11:14:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (04/06/2017 06:52:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (04/06/2017 06:52:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (04/05/2017 05:41:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (04/05/2017 05:41:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. System errors: ============= Error: (09/08/2017 10:59:14 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (09/08/2017 10:56:11 PM) (Source: ipnathlp) (EventID: 30013) (User: ) Description: The DHCP allocator has disabled itself on IP address 192.168.1.81, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope. Error: (09/08/2017 10:56:01 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: The ICS_IPV6 failed to configure IPv6 stack. Error: (09/08/2017 10:52:55 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} Error: (09/08/2017 10:52:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: After starting, the service hung in a start-pending state. Error: (09/08/2017 10:52:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Network Location Awareness service hung on starting. Error: (09/08/2017 10:51:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: dlkmdldr Error: (09/08/2017 10:51:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Internet Connection Sharing (ICS) service hung on starting. Error: (09/08/2017 10:51:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Network Location Awareness service hung on starting. Error: (09/08/2017 10:48:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The GLOBUL Connection Manager. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz Percentage of memory in use: 50% Total physical RAM: 4092.98 MB Available physical RAM: 2026.96 MB Total Virtual: 8184.11 MB Available Virtual: 6111.22 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.56 GB) (Free:41.52 GB) NTFS Drive d: () (Fixed) (Total:368.1 GB) (Free:139.43 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: ECFA3D9E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================