Chirurgia endoscopică a hipofizei
"Standardul de aur" în chirurgia hipofizară îl reprezintă endoscopia transnazală transsfenoidală. Echipa NeuroHope este antrenată în unul din cele mai mari centre de chirurgie a hipofizei din Europa, Spitalul Foch din Paris, centrul în care a fost introdus pentru prima dată endoscopul în chirurgia transnazală a hipofizei, de către neurochirurgul francez Guiot. Pe lângă tumorile cu origine hipofizară, prin tehnicile endoscopice transnazale pot fi abordate numeroase alte patologii neurochirurgicale. www.neurohope.ro |
Devirusare sistem
Last Updated: Jul 25 2017 08:25, Started by
aLexCM
, Jul 24 2017 20:11
·
0
- Please log in to reply
#1
aLexCM
Posted 24 July 2017 - 20:11
aLexCM
- Grup: Members
- Posts: 1,079
- Înscris: 26.01.2014
Active Member
Salut.
De la o vreme a inceput sa mearga laptopul tot mai greu. Se blocheaza browser-ul (folosesc Firefox) in diferite momente si mi se deschid pagini web aiurea atunci cand intru pe anumite site-uri (chiar daca am ad-block activat). Vreau sa verific daca am virusi, keyloggere sau altceva in sistem. Am urmat toti pasii de aici. 1. System restore era deja dezactivat pentru partitia D si pentru inca un folder numit System Reserved si am mai dezactivat eu partitia C. Dupa ce termin cu tot procesul asta de devirusare, ar trebui sa le activez pe toate trei? 2, 3 si 4: Am rulat Adwcleaner, JRT si CCleaner. 5. Am scanat apoi cu Malwarebytes. Tin sa mentionez ca pasii 1-4 i-am efectuat si sambata trecuta insa am avut o pana de curent si nu am putut avea acces la net pana astazi. S-a luat curentul in timp ce rulam Malwarebytes si azi am refacut tot procesul. Am luat-o de la inceput (pasii 1-4), iar apoi Malwarebytes. Cel din urma nu a gasit nimic, insa am facut totusi si un test FRST chiar daca in tutorial spunea sa nu mai fac. Daca considerati ca nu mai e nevoie si de FRST, puteti sterge topicul. Log FRST:
Spoiler
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017 Ran by Wind 8 (administrator) on MSI (24-07-2017 18:26:17) Running from C:\Users\Wind 8\Downloads Loaded Profiles: Wind 8 & UpdatusUser (Available Profiles: Wind 8 & UpdatusUser) Platform: Windows 8 Pro (X64) Language: Engleză (Statele Unite) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe () C:\Windows\KMSServerService\KMS Server Service.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Oracle Corporation) C:\oraclexe\app\oracle\product\11.2.0\server\bin\oracle.exe (Oracle Corporation) C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Syntek America Inc.) C:\Windows\System32\StkCSrv.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (Conexant Systems, Inc.) C:\Windows\System32\Drivers\XAudio64.exe (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-20] (AVAST Software) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3518903731-844604064-1818365472-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd) HKU\S-1-5-21-3518903731-844604064-1818365472-1001\...\Policies\Explorer: [] HKU\S-1-5-21-3518903731-844604064-1818365472-1001\...\MountPoints2: {8554607f-29e1-11e3-be66-806e6f6e6963} - "E:\DLC1\DLC1Menu.exe" HKU\S-1-5-21-3518903731-844604064-1818365472-1001\...\MountPoints2: {95f904cd-4c52-11e3-be7a-10bf48465cf7} - "G:\Launcher.exe" HKU\S-1-5-21-3518903731-844604064-1818365472-1003\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.) HKU\S-1-5-21-3518903731-844604064-1818365472-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29502592 2016-07-14] (Skype Technologies S.A.) HKU\S-1-5-21-3518903731-844604064-1818365472-1003\...\Run: [Google Update] => C:\Users\Wind 8\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.) HKU\S-1-5-21-3518903731-844604064-1818365472-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-3518903731-844604064-1818365472-1003\...\MountPoints2: {0e3dd048-6b5e-11e3-be99-806e6f6e6963} - "E:\AsInsWiz.exe" HKU\S-1-5-21-3518903731-844604064-1818365472-1003\...\MountPoints2: {8554607f-29e1-11e3-be66-806e6f6e6963} - "E:\DLC1\DLC1Menu.exe" HKU\S-1-5-21-3518903731-844604064-1818365472-1003\...\MountPoints2: {95f904cd-4c52-11e3-be7a-10bf48465cf7} - "G:\setup.exe" BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{012B90B8-B561-4000-A1C3-73DE4ABB2BC3}: [DhcpNameServer] 95.77.94.88 78.96.7.88 Tcpip\..\Interfaces\{050DA177-121F-41F5-9775-ED3E1DB30C52}: [DhcpNameServer] 95.77.94.88 78.96.7.88 Tcpip\..\Interfaces\{1AD70F21-4C19-4B5F-B657-BD5AAC1FD1E0}: [DhcpNameServer] 95.77.94.88 78.96.7.88 Tcpip\..\Interfaces\{1C60D306-228D-46D1-92AF-19616A917AB2}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{54B63FD1-3D3E-444A-9C47-1E1B85C8676F}: [DhcpNameServer] 95.77.94.88 78.96.7.88 Tcpip\..\Interfaces\{6C30929F-5300-48E4-8C69-5A5E4D459F90}: [DhcpNameServer] 95.77.94.88 78.96.7.88 Tcpip\..\Interfaces\{6D068D09-9685-41F1-A4E2-282971321CBC}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{90926316-EC0E-457B-B460-C410DEA28C81}: [DhcpNameServer] 95.77.94.88 78.96.7.88 Tcpip\..\Interfaces\{925F65A7-37D6-4936-B84A-DD5A036D1070}: [DhcpNameServer] 95.77.94.88 78.96.7.88 Tcpip\..\Interfaces\{9574030B-2401-43A8-9F06-10C20894D8FD}: [DhcpNameServer] 95.77.94.88 78.96.7.88 Tcpip\..\Interfaces\{9D22896A-FD13-495B-B96D-98CE0C74F696}: [DhcpNameServer] 95.77.94.88 78.96.7.88 Tcpip\..\Interfaces\{9D4D18CF-3E18-4E85-A8B9-A5CF0CE4A720}: [DhcpNameServer] 95.77.94.88 78.96.7.88 Tcpip\..\Interfaces\{B732B5C2-0348-4F61-BF9A-68EB3B6CE88C}: [DhcpNameServer] 95.77.94.88 78.96.7.88 Tcpip\..\Interfaces\{C21E68B5-60D1-4F63-A142-70292B5C48D7}: [DhcpNameServer] 95.77.94.88 78.96.7.88 Tcpip\..\Interfaces\{E8ABF31F-CF05-4C05-8583-4311AAFB76BF}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.ro HKU\S-1-5-21-3518903731-844604064-1818365472-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/ HKU\S-1-5-21-3518903731-844604064-1818365472-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/ HKU\S-1-5-21-3518903731-844604064-1818365472-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-3518903731-844604064-1818365472-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.cool-tv.ro/ SearchScopes: HKU\S-1-5-21-3518903731-844604064-1818365472-1001 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = SearchScopes: HKU\S-1-5-21-3518903731-844604064-1818365472-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-3518903731-844604064-1818365472-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-3518903731-844604064-1818365472-1003 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File Toolbar: HKU\S-1-5-21-3518903731-844604064-1818365472-1003 -> No Name - {77D0B2EA-9FB1-491C-BD40-04E2232BDD22} - No File StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: 761gnbbm.default-1445684523218 FF ProfilePath: C:\Users\Wind 8\AppData\Roaming\Mozilla\Firefox\Profiles\kzka15y9.default-1432386122039 [2016-11-09] FF ProfilePath: C:\Users\Wind 8\AppData\Roaming\Mozilla\Firefox\Profiles\761gnbbm.default-1445684523218 [2017-07-24] FF NewTab: Mozilla\Firefox\Profiles\761gnbbm.default-1445684523218 -> hxxps://ro.search.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10300_FYD_161109__ysff FF DefaultSearchEngine: Mozilla\Firefox\Profiles\761gnbbm.default-1445684523218 -> Yahoo® FF SelectedSearchEngine: Mozilla\Firefox\Profiles\761gnbbm.default-1445684523218 -> Yahoo® FF Homepage: Mozilla\Firefox\Profiles\761gnbbm.default-1445684523218 -> www.google.ro FF Extension: (***** Plus) - C:\Users\Wind 8\AppData\Roaming\Mozilla\Firefox\Profiles\761gnbbm.default-1445684523218\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-07-11] FF ProfilePath: C:\Users\Wind 8\AppData\Roaming\Mozilla\Firefox\Profiles\xtcvy2r8.Utilizator implicit [2017-07-24] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-02-11] () FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-30] (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-11] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll [2012-08-08] (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [No File] FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN) FF Plugin HKU\S-1-5-21-3518903731-844604064-1818365472-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Wind 8\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin HKU\S-1-5-21-3518903731-844604064-1818365472-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Wind 8\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWudxax0QU9mw3fR_sWOLcTwgSGuTFFgn19rPQiEX8bPCHWrNrpFa1_G_ZLvllzx6TUKAAMo-DsLD2VXmbkSdX7V07uz1JnTlWLT19Z9gYZI2zTtbMLW56g34u4A5o5i-46_47F_tdGvUH2eZ4IJOr3glCFw,, CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWudxax0QU9mw3fR_sWOLcTwgSGuTFFgn19rPQiEX8bPCHWrNrpFa1_G_ZLvllzx6TUKAAMo-DsLD2VXmX3mw0-3jhp67lpVC_lpRuTHjL4PM_T1tHMXsPj3zXRAjiEgVjnFOvl7rSES-XsIh3lbpsUWI6aQ,,&q={searchTerms} CHR DefaultSearchKeyword: Default -> feed.sonic-search.com CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms} CHR Profile: C:\Users\Wind 8\AppData\Local\Google\Chrome\User Data\Default [2017-07-24] CHR Extension: (Plăți prin Magazinul web Chrome) - C:\Users\Wind 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-19] CHR Extension: (Chrome Media Router) - C:\Users\Wind 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-19] Opera: ======= StartMenuInternet: (HKLM) OperaStable - Opera.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-20] (AVAST Software s.r.o.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-20] (AVAST Software) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 KMSServerService; C:\Windows\KMSServerService\KMS Server Service.exe [294912 2013-03-31] () [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3611808 2015-07-22] (INCA Internet Co., Ltd.) S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe [45568 2014-05-29] () [File not signed] S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe [81408 2014-05-29] (Oracle Corporation) [File not signed] R2 OracleServiceXE; c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [147110912 2014-05-30] (Oracle Corporation) [File not signed] S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [83968 2014-05-29] (Oracle Corporation) [File not signed] R2 OracleXETNSListener; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [522240 2014-05-29] (Oracle Corporation) [File not signed] S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-23] (IDT, Inc.) [File not signed] R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [24576 2007-04-19] (Syntek America Inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-17] (TuneUp Software) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-05-15] (Microsoft Corporation) S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-07-20] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-07-20] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-07-20] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-07-20] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-11] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-11] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146696 2017-07-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-11] (AVAST Software) R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-11] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-11] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-11] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-11] (AVAST Software) R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-11] (AVAST Software) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-06-28] (ASUS Corporation) S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-11-13] (Disc Soft Ltd) S3 EMSCR; C:\Windows\System32\drivers\EMS7SK.sys [88064 2007-08-16] (ENE Technology Inc.) S3 ESDCR; C:\Windows\System32\drivers\ESD7SK.sys [59392 2007-08-16] (ENE Technology Inc.) S3 ESMCR; C:\Windows\System32\drivers\ESM7SK.sys [78848 2007-08-16] (ENE Technology Inc.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] () S3 FETNDIS; C:\Windows\system32\DRIVERS\fetn63a.sys [56832 2012-06-02] (VIA Technologies, Inc. ) S3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [85280 2009-09-09] (O2Micro) S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [53793 2006-06-28] (Compuware Corporation) [File not signed] R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-26] (REALiX™) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-07-24] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-07-24] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-07-24] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-24] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-07-24] (Malwarebytes) S3 MTsensor; C:\Windows\system32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] () S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [277648 2012-09-20] (Realtek Semiconductor Corp.) S3 rtbth; C:\Windows\System32\drivers\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.) S3 RTL8023x64; C:\Windows\system32\DRIVERS\Rtnic64.sys [51712 2012-06-02] (Realtek Semiconductor Corporation ) S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1498368 2007-06-06] (Syntek) S3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-08-02] (Windows ® Win 7 DDK provider) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-08-29] (TuneUp Software) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35232 2013-05-15] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [230904 2013-05-15] (Microsoft Corporation) S3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [287232 2012-06-02] (Marvell) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-24 18:26 - 2017-07-24 18:27 - 00020760 _____ C:\Users\Wind 8\Downloads\FRST.txt 2017-07-24 18:26 - 2017-07-24 18:26 - 00000000 ____D C:\FRST 2017-07-24 18:25 - 2017-07-24 18:25 - 02382336 _____ (Farbar) C:\Users\Wind 8\Downloads\FRST64.exe 2017-07-24 18:21 - 2017-07-24 18:21 - 00001514 _____ C:\Users\Wind 8\Desktop\malware.txt 2017-07-24 18:09 - 2017-07-24 18:11 - 00093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-07-24 18:09 - 2017-07-24 18:09 - 00253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-07-24 18:09 - 2017-07-24 18:09 - 00188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-07-24 18:09 - 2017-07-24 18:09 - 00101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-07-24 18:09 - 2017-07-24 18:09 - 00045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-07-24 18:09 - 2017-07-24 18:09 - 00001833 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-07-24 18:09 - 2017-07-24 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-07-24 18:09 - 2017-07-24 18:09 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-07-24 18:09 - 2017-07-24 18:09 - 00000000 ____D C:\Program Files\Malwarebytes 2017-07-24 18:09 - 2017-06-27 12:06 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-07-24 18:08 - 2017-07-24 18:08 - 00000000 ____D C:\ProgramData\SWCUTemp 2017-07-24 18:07 - 2017-07-24 18:07 - 65033984 _____ (Malwarebytes ) C:\Users\Wind 8\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251(3).exe 2017-07-24 18:00 - 2017-07-24 18:00 - 00002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-07-24 18:00 - 2017-07-24 18:00 - 00000000 ____D C:\Program Files\CCleaner 2017-07-24 17:59 - 2017-07-24 17:59 - 00001862 _____ C:\Users\Wind 8\Desktop\JRT.txt 2017-07-22 13:05 - 2017-07-22 13:05 - 65033984 _____ (Malwarebytes ) C:\Users\Wind 8\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251(2).exe 2017-07-22 12:16 - 2017-07-22 12:17 - 121721304 _____ (Kaspersky Lab ZAO) C:\Users\Wind 8\Downloads\KVRT.exe 2017-07-22 12:16 - 2017-07-22 12:16 - 65033984 _____ (Malwarebytes ) C:\Users\Wind 8\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251(1).exe 2017-07-22 12:15 - 2017-07-22 12:15 - 07190384 _____ (Piriform Ltd) C:\Users\Wind 8\Downloads\ccsetup532_slim.exe 2017-07-22 12:14 - 2017-07-22 12:14 - 08162248 _____ (Malwarebytes) C:\Users\Wind 8\Downloads\adwcleaner_7.0.0.0.exe 2017-07-22 12:14 - 2017-07-22 12:14 - 01790024 _____ (Malwarebytes) C:\Users\Wind 8\Downloads\JRT.exe 2017-07-21 15:10 - 2017-07-21 15:10 - 00388608 _____ (Trend Micro Inc.) C:\Users\Wind 8\Downloads\HijackThis.exe 2017-07-21 13:27 - 2017-07-22 12:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2017-07-21 13:27 - 2017-07-22 12:21 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2017-07-21 13:27 - 2017-07-21 13:27 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2017-07-21 13:26 - 2017-07-21 13:26 - 51725936 _____ (Safer-Networking Ltd. ) C:\Users\Wind 8\Downloads\spybotsd-2.6.46.exe 2017-07-21 12:01 - 2017-07-21 12:02 - 65033984 _____ (Malwarebytes ) C:\Users\Wind 8\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe 2017-07-20 14:22 - 2017-07-20 14:22 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-07-11 19:05 - 2017-07-20 14:23 - 00003882 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1462714476 2017-07-11 18:53 - 2017-07-11 18:53 - 00000000 ____D C:\Users\Wind 8\AppData\Local\GHISLER 2017-07-11 18:52 - 2017-07-11 18:56 - 00000000 ____D C:\Users\Wind 8\AppData\Roaming\GHISLER 2017-07-11 18:52 - 2016-12-14 09:00 - 00000545 _____ C:\Windows\UC.PIF 2017-07-11 18:52 - 2016-12-14 09:00 - 00000545 _____ C:\Windows\RAR.PIF 2017-07-11 18:52 - 2016-12-14 09:00 - 00000545 _____ C:\Windows\PKZIP.PIF 2017-07-11 18:52 - 2016-12-14 09:00 - 00000545 _____ C:\Windows\PKUNZIP.PIF 2017-07-11 18:52 - 2016-12-14 09:00 - 00000545 _____ C:\Windows\LHA.PIF 2017-07-11 18:52 - 2016-12-14 09:00 - 00000545 _____ C:\Windows\ARJ.PIF ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-24 18:22 - 2016-11-25 17:32 - 00000000 ____D C:\Users\Wind 8\AppData\LocalLow\Mozilla 2017-07-24 18:03 - 2013-09-30 22:14 - 00000000 ____D C:\Users\Wind 8\AppData\Roaming\uTorrent 2017-07-24 17:58 - 2017-03-03 14:10 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2017-07-24 17:49 - 2012-07-26 10:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-07-24 17:48 - 2012-07-26 08:37 - 00000000 ____D C:\Windows\Inf 2017-07-24 10:38 - 2014-07-26 14:44 - 00000000 ____D C:\Users\Wind 8\AppData\Roaming\HpUpdate 2017-07-22 12:56 - 2014-05-17 20:38 - 00000000 ____D C:\Users\Wind 8\AppData\Roaming\Media Player Classic 2017-07-22 12:56 - 2014-02-03 13:08 - 00000000 ____D C:\Users\Wind 8\AppData\Roaming\PhotoScape 2017-07-22 12:56 - 2013-12-25 16:48 - 00000000 ____D C:\Program Files (x86)\Steam 2017-07-22 12:56 - 2013-09-30 21:53 - 00000000 ____D C:\Users\Wind 8\AppData\Roaming\DAEMON Tools Lite 2017-07-22 12:53 - 2013-11-28 22:23 - 00000000 ____D C:\Users\Wind 8\AppData\Local\CrashDumps 2017-07-22 12:53 - 2013-11-13 13:18 - 00000000 ____D C:\Windows\Minidump 2017-07-22 12:53 - 2013-10-01 05:03 - 00000000 ____D C:\Windows\Panther 2017-07-22 12:48 - 2013-09-30 22:13 - 00000000 ____D C:\Users\Wind 8\AppData\Roaming\Skype 2017-07-22 12:39 - 2014-12-26 15:05 - 00000000 ____D C:\ProgramData\IObit 2017-07-21 17:16 - 2016-07-26 12:46 - 00000000 ____D C:\Users\Wind 8\Desktop\POZE, MEME-URI AND SHIT 2017-07-21 14:22 - 2016-08-25 14:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-07-21 12:28 - 2012-07-26 08:26 - 00524288 ___SH C:\Windows\system32\config\BBI 2017-07-21 12:20 - 2013-11-13 14:22 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2017-07-21 12:20 - 2013-09-30 22:19 - 00002457 _____ C:\Users\Wind 8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-07-21 12:20 - 2013-09-30 22:07 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-07-21 12:20 - 2013-09-30 18:16 - 00001430 _____ C:\Users\Wind 8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-07-21 11:12 - 2013-09-30 18:15 - 00000000 ____D C:\Users\Wind 8 2017-07-20 14:23 - 2016-05-08 16:34 - 00001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2017-07-20 14:23 - 2013-09-30 22:22 - 00146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2017-07-20 14:22 - 2017-03-03 14:10 - 00343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys 2017-07-20 14:22 - 2017-03-03 14:10 - 00320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2017-07-20 14:22 - 2017-03-03 14:10 - 00198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys 2017-07-20 14:22 - 2017-03-03 14:10 - 00057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys 2017-07-20 14:22 - 2013-09-30 22:22 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150054979465603 2017-07-17 23:24 - 2017-03-26 14:56 - 00000000 ____D C:\Users\Wind 8\Documents\FIFA 13 2017-07-12 23:02 - 2014-02-02 21:49 - 00000000 ____D C:\Users\Wind 8\AppData\Roaming\CodeBlocks 2017-07-11 22:52 - 2012-07-26 11:12 - 00000000 ___HD C:\Program Files\WindowsApps 2017-07-11 22:52 - 2012-07-26 11:12 - 00000000 ____D C:\Windows\AUInstallAgent 2017-07-11 18:28 - 2013-09-30 22:22 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2017-07-11 18:27 - 2014-04-20 15:47 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-07-11 18:27 - 2013-12-23 16:29 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2017-07-11 18:27 - 2013-09-30 22:22 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2017-07-11 18:27 - 2013-09-30 22:22 - 00360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.149978691228106 2017-07-11 18:27 - 2013-09-30 22:22 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-07-11 18:27 - 2013-09-30 22:22 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-07-11 18:27 - 2013-09-30 22:20 - 00000000 ____D C:\ProgramData\AVAST Software 2017-07-11 18:26 - 2016-05-08 10:11 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2017-07-11 18:26 - 2013-09-30 22:22 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys ==================== Files in the root of some directories ======= 2016-11-09 11:12 - 2016-11-09 11:17 - 0004608 _____ () C:\Users\Wind 8\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-26 14:41 - 2014-07-26 14:41 - 0000057 _____ () C:\ProgramData\Ament.ini ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-07-20 10:35 ==================== End of FRST.txt ============================ Multumesc! Edited by Adm, 13 October 2017 - 22:54. |
#2
MhG_51
Posted 25 July 2017 - 06:00
MhG_51
- Grup: Moderators
- Posts: 3,319
- Înscris: 04.05.2009
:)
Buna.
Ruleaza ZHPCleaner. http://www.softpedia...HPCleaner.shtml Ataseaza FRST.txt si Addition.txt in urmatorul raspuns. |
#3
aLexCM
Posted 25 July 2017 - 08:06
aLexCM
- Grup: Members
- Posts: 1,079
- Înscris: 26.01.2014
Active Member
Am rulat ZHPCleaner insa mi-a dat eroare la sfarsit. Iar cand era pe la 86% mi-a afisat un mesaj de genul "Have our installed this server?" (si imi dadea o adresa ip cred). Mi-a aparut un fisier pe desktop de la ZhpCleaner si o sa-l atasez. Am facut iar FRST
ZHP: ZHPCleaner.txt 7.03K 4 downloads LOG FRST: FRST.txt 31.21K 2 downloads si addition: Addition.txt 47.86K 2 downloads Edited by aLexCM, 25 July 2017 - 08:06. |
#4
sommne
Posted 25 July 2017 - 08:25
sommne
- Grup: Members
- Posts: 342
- Înscris: 31.07.2012
Member
Dacă le-ai încerat deja pe toate și nu ai găsit nimic, asta înseamnă, cel mai probabil, că nu ai nimic dăunător în PC.
Aici ai un tutorial pentru addon-uri, verifică dacă nu cumva ai vreun toolbar care a sosit în același timp cu un alt program : https://support.mozi...a-suplimentelor Ceea ce ai menționat tu mai sus, par a fi ferestre pop-up & reclame. Instalează-ți addon-urile Ad Block Plus și Strict Pop-up Blocker. |
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
Reply to quoted posts Clear
- Change Theme
- English
- Mark Community Read
- Termene & conditii
- Confidentialitate
- Consimtamant
- Cookies
- Help
© 2001-2024 Softpedia. All rights reserved. Softpedia® and the Softpedia logo are registered trademarks of SoftNews Net SRL.
Ora implicita a Forumului Softpedia este ora standard a Romaniei (GMT+2). Mai multe informatii →
⚠ Postarile afisate pe Forumul Softpedia reprezinta o opinie subiectiva a membrilor care le-au publicat si nu a SoftNews Net SRL.