, скопируйте текст из C:\ComboFix.txt и вставьте
ComboFix 13-08-09.02 - User 11.08.2013 0:58:55.1.4 - x64
Microsoft Windows 7 Максимальная 6.1.7601.1.1251.7.1049.18.2807.1424 [GMT 8:00]
Running from: C:\Users\User\Desktop\ComboFix.exe
AV: NANO AntiVirus *Disabled/Updated* {6042C874-D09C-FAB4-B62E-5E03234AF460}
SP: NANO AntiVirus *Disabled/Updated* {DB232990-F6A6-F53A-8C9E-657158CDBEDD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\ProgramData\xml2281.tmp
C:\ProgramData\xml2649.tmp
C:\ProgramData\xml4A98.tmp
C:\ProgramData\xml4DC5.tmp
C:\ProgramData\xml58DB.tmp
C:\ProgramData\xml5F13.tmp
C:\ProgramData\xml6107.tmp
C:\ProgramData\xml63B7.tmp
C:\ProgramData\xml86CC.tmp
C:\ProgramData\xml88D0.tmp
C:\ProgramData\xmlA7A9.tmp
C:\ProgramData\xmlAC0E.tmp
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\chrome.manifest
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\loader.xul
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\install.rdf
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\webalta-search.xml
C:\Windows\SysWow64\operaprefs_fixed.ini
((((((((((((((((((((((((( Files Created from 2013-07-10 to 2013-08-10 )))))))))))))))))))))))))))))))
2013-08-10 17:07:06 . 2013-08-10 17:07:06 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2013-08-10 17:07:06 . 2013-08-10 17:07:06 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-08-10 15:50:23 . 2013-08-10 15:50:29 -------- d-----w- C:\SecurityCheck
2013-08-10 06:25:29 . 2013-08-10 06:26:31 98 ----a-w- C:\Windows\DeleteOnReboot.bat
2013-08-10 04:34:35 . 2013-08-10 04:34:35 13312 ----a-w- C:\Windows\SysWow64\drivers\vdeynjq1.sys
2013-08-10 01:01:43 . 2013-08-10 16:10:43 -------- d-----w- C:\Program Files\trend micro
2013-08-10 01:01:42 . 2013-08-10 16:11:00 -------- d-----w- C:\rsit
2013-08-09 07:55:59 . 2013-08-09 07:55:59 -------- d-----w- C:\Users\User\AppData\Roaming\Unity
2013-08-09 07:54:11 . 2013-08-09 12:27:06 -------- d-----w- C:\Users\User\AppData\Local\Unity
2013-07-29 09:02:50 . 2013-07-29 09:03:42 -------- d-----w- C:\ProgramData\HP Photo Creations
2013-07-29 09:02:50 . 2013-07-29 09:02:53 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2013-07-29 09:02:40 . 2013-07-29 09:02:40 -------- d-----w- C:\Users\User\AppData\Roaming\HpUpdate
2013-07-29 09:02:32 . 2013-07-29 09:03:33 -------- d-----w- C:\ProgramData\HP
2013-07-29 09:01:52 . 2013-07-29 09:02:44 -------- d-----w- C:\Program Files (x86)\HP
2013-07-29 09:01:20 . 2013-07-29 09:01:20 -------- d-----w- C:\Program Files\HP
2013-07-29 09:00:06 . 2013-07-29 09:00:06 -------- d-----w- C:\Users\User\AppData\Local\HP
2013-07-24 17:44:22 . 2013-07-24 18:11:40 -------- d-----w- C:\Users\User\AppData\Local\Xpom
2013-07-24 16:56:14 . 2013-07-24 16:56:22 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-18 00:04:24 . 2013-08-10 04:35:12 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7B0091DB-F018-4A25-A86D-5D036F3E66FF}\offreg.dll
2013-07-17 13:03:56 . 2013-07-29 06:42:30 -------- d-----w- C:\Program Files (x86)\Документы ПУ 5
2013-07-15 11:34:00 . 2013-07-15 11:34:00 -------- d-----w- C:\Users\User\AppData\Local\ticno
2013-07-15 11:11:48 . 2013-07-15 11:11:48 -------- d-----w- C:\Users\User\AppData\Local\Breakpad
2013-07-15 11:11:37 . 2013-07-15 11:11:48 -------- d-----w- C:\Users\User\AppData\Roaming\Ticno
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-06-12 07:39:37 . 2012-05-05 05:48:41 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 07:39:37 . 2012-05-05 05:48:41 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2011-03-04 09:40:45 8192 --sha-w- C:\Windows\SysWOW64\srvany.exe