Проблем със зловреден код - рекламни банери и др. подобни

syneok · Април 23, 2015

Здравейте!

Аз също имам проблем със зловреден код и Ви моля за помощ, понеже съм ползвал и друг път услугите Ви, знам че ще се справите.

При мен се получава следното:

Когато отварям страници на браузъра си, ми изкачат нежелани реклами, банери, пренасочват се страниците които отварям към съвсем различни сайтове, изкачат ми прозорци с реклами и т.н.

Съгласно инструкциите, които прочетох тук , публикувам резултатите от сканирането с FRST и Malwarebytes Anti-Malware.

Ето резултатите:

Сканиране с Malwarebytes Anti-Malware

www.malwarebytes.org

Update, 22.04.2015 09:00, SYSTEM, PC, Scheduler, Malware Database, 2015.4.21.6, 2015.4.22.1,

Protection, 22.04.2015 09:00, SYSTEM, PC, Protection, Refresh, Starting,

Protection, 22.04.2015 09:00, SYSTEM, PC, Protection, Malicious Website Protection, Stopping,

Protection, 22.04.2015 09:00, SYSTEM, PC, Protection, Malicious Website Protection, Stopped,

Protection, 22.04.2015 09:07, SYSTEM, PC, Protection, Malware Protection, Starting,

Protection, 22.04.2015 09:07, SYSTEM, PC, Protection, Malware Protection, Started,

Protection, 22.04.2015 09:07, SYSTEM, PC, Protection, Malicious Website Protection, Starting,

Protection, 22.04.2015 09:09, SYSTEM, PC, Protection, Malicious Website Protection, Started,

Detection, 22.04.2015 10:38, SYSTEM, PC, Protection, Malicious Website Protection, IP, 52.10.219.161, bestwebnutfunblack.org, 51482, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe,

Detection, 22.04.2015 10:38, SYSTEM, PC, Protection, Malicious Website Protection, IP, 52.10.219.161, bestwebnutfunblack.org, 51483, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe,

Detection, 22.04.2015 10:38, SYSTEM, PC, Protection, Malicious Website Protection, IP, 52.10.219.161, bestwebnutfunblack.org, 51486, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe,

Detection, 22.04.2015 10:39, SYSTEM, PC, Protection, Malicious Website Protection, IP, 52.10.219.161, bestwebnutfunblack.org, 51566, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe,

Detection, 22.04.2015 10:40, SYSTEM, PC, Protection, Malicious Website Protection, IP, 52.10.219.161, bestwebnutfunblack.org, 51622, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe,

Protection, 22.04.2015 10:41, SYSTEM, PC, Protection, Malicious Website Protection, Stopping,

Protection, 22.04.2015 10:41, SYSTEM, PC, Protection, Malicious Website Protection, Stopped,

Protection, 22.04.2015 10:41, SYSTEM, PC, Protection, Malware Protection, Stopping,

Protection, 22.04.2015 10:41, SYSTEM, PC, Protection, Malware Protection, Stopped,

Update, 22.04.2015 11:59, SYSTEM, PC, Manual, Remediation Database, 2015.3.9.1, 2015.4.21.1,

Update, 22.04.2015 11:59, SYSTEM, PC, Manual, Rootkit Database, 2015.2.25.1, 2015.4.21.1,

Protection, 22.04.2015 11:59, SYSTEM, PC, Protection, Malware Protection, Starting,

Protection, 22.04.2015 11:59, SYSTEM, PC, Protection, Malware Protection, Started,

Protection, 22.04.2015 11:59, SYSTEM, PC, Protection, Malicious Website Protection, Starting,

Update, 22.04.2015 11:59, SYSTEM, PC, Manual, Malware Database, 2015.3.9.5, 2015.4.22.1,

Protection, 22.04.2015 11:59, SYSTEM, PC, Protection, Refresh, Starting,

Protection, 22.04.2015 11:59, SYSTEM, PC, Protection, Malicious Website Protection, Started,

Protection, 22.04.2015 11:59, SYSTEM, PC, Protection, Malicious Website Protection, Stopping,

Protection, 22.04.2015 11:59, SYSTEM, PC, Protection, Malicious Website Protection, Stopped,

Protection, 22.04.2015 12:00, SYSTEM, PC, Protection, Refresh, Success,

Protection, 22.04.2015 12:00, SYSTEM, PC, Protection, Malicious Website Protection, Starting,

Protection, 22.04.2015 12:00, SYSTEM, PC, Protection, Malicious Website Protection, Started,

Detection, 22.04.2015 12:04, SYSTEM, PC, Protection, Защита от злонамерен софтуер, Файл, Trojan.Agent.PECB, E:\Malwarebytes Anti-Malware Premium v2.1.6.1022 Final\Keygen.exe, Карантина, [1287026dd6b4e155c3c94141df217a86]

Detection, 22.04.2015 12:05, SYSTEM, PC, Protection, Malicious Website Protection, IP, 128.127.109.67, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe,

Detection, 22.04.2015 12:05, SYSTEM, PC, Protection, Защита от злонамерен софтуер, Файл, Trojan.Agent.PECB, E:\Malwarebytes Anti-Malware Premium v2.1.6.1022 Final\Keygen\Keygen.exe, Карантина, [b2e70c635c2ef73f34585e2415ebca36]

Detection, 22.04.2015 12:06, SYSTEM, PC, Protection, Malicious Website Protection, IP, 198.50.185.208, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe,

Detection, 22.04.2015 12:06, SYSTEM, PC, Protection, Malicious Website Protection, IP, 91.214.203.85, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe,

Detection, 22.04.2015 12:06, SYSTEM, PC, Protection, Malicious Website Protection, IP, 41.233.123.203, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe,

Detection, 22.04.2015 12:07, SYSTEM, PC, Protection, Malicious Website Protection, IP, 31.184.236.39, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe,

Scan, 22.04.2015 12:10, SYSTEM, PC, Manual, Начало: 22.04.2015 12:09, Продължителност: 0 мин. 55 сек., Сканиране за заплахи, Отменено, 0 открита злонамерени програми, 0 открити нежелани програми,

Detection, 22.04.2015 12:17, SYSTEM, PC, Protection, Malicious Website Protection, IP, 91.188.50.239, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe,

Detection, 22.04.2015 12:35, SYSTEM, PC, Protection, Malicious Website Protection, IP, 95.84.156.119, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe,

Protection, 22.04.2015 12:43, SYSTEM, PC, Protection, Malware Protection, Starting,

Protection, 22.04.2015 12:43, SYSTEM, PC, Protection, Malware Protection, Started,

Protection, 22.04.2015 12:43, SYSTEM, PC, Protection, Malicious Website Protection, Starting,

Protection, 22.04.2015 12:45, SYSTEM, PC, Protection, Malicious Website Protection, Started,

Scan, 22.04.2015 13:19, SYSTEM, PC, Manual, Начало: 22.04.2015 12:46, Продължителност: 32 мин. 6 сек., Сканиране за заплахи, Завършено, 3 открита злонамерени програми, 0 открити нежелани програми,

Protection, 22.04.2015 13:25, SYSTEM, PC, Protection, Malware Protection, Starting,

Protection, 22.04.2015 13:25, SYSTEM, PC, Protection, Malware Protection, Started,

Protection, 22.04.2015 13:25, SYSTEM, PC, Protection, Malicious Website Protection, Starting,

Protection, 22.04.2015 13:26, SYSTEM, PC, Protection, Malicious Website Protection, Started,

Update, 22.04.2015 13:38, SYSTEM, PC, Scheduler, Malware Database, 2015.4.22.1, 2015.4.22.2,

Protection, 22.04.2015 13:38, SYSTEM, PC, Protection, Refresh, Starting,

Protection, 22.04.2015 13:38, SYSTEM, PC, Protection, Malicious Website Protection, Stopping,

Protection, 22.04.2015 13:38, SYSTEM, PC, Protection, Malicious Website Protection, Stopped,

Protection, 22.04.2015 13:38, SYSTEM, PC, Protection, Refresh, Success,

Protection, 22.04.2015 13:38, SYSTEM, PC, Protection, Malicious Website Protection, Starting,

Protection, 22.04.2015 13:38, SYSTEM, PC, Protection, Malicious Website Protection, Started,

(end)

Сканиране с FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015

Ran by Янев (administrator) on PC on 22-04-2015 13:47:22

Running from C:\Users\Янев\Desktop

Loaded Profiles: Янев (Available profiles: Янев)

Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Английски (Съединени щати)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgfws9.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe

(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) E:\Malwarebytes Anti-Malware Premium v2.1.6.1022 Final\Instal\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) E:\Malwarebytes Anti-Malware Premium v2.1.6.1022 Final\Instal\Malwarebytes Anti-Malware\mbamservice.exe

() C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe

(Malwarebytes Corporation) E:\Malwarebytes Anti-Malware Premium v2.1.6.1022 Final\Instal\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe

(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgemc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

() C:\Windows\System32\MF26PUPO.EXE

() C:\Windows\System32\MF2GDIPO.EXE

(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgtray.exe

() D:\PROGRAMS\SAGEM\MFPrintServer.exe

() D:\PROGRAMS\SAGEM\MFServices.exe

() C:\Users\Янев\AppData\Local\Viber\Viber.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

() D:\DRIVERS\FlexType XP + kg\INSTAL\FlexType 2K\FType2K.exe

() C:\Program Files\JivoSite\JivoSite.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Intel Corporation) C:\Program Files\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

(Intel Corporation) C:\Program Files\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe

() C:\Program Files\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2079792 2014-12-10] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [MFPrintServer_Pro_LM] => D:\PROGRAMS\SAGEM\MFPrintServer.exe [73728 2007-08-12] ()

HKLM\...\Run: [MFServices_Pro_LM] => D:\PROGRAMS\SAGEM\MFServices.exe [360448 2007-08-12] ()

HKLM\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll [2013-12-06] (Intel Corporation)

HKU\S-1-5-21-2037160362-3931605130-208122874-1000\...\Run: [Viber] => C:\Users\Янев\AppData\Local\Viber\Viber.exe [936456 2014-03-05] ()

HKU\S-1-5-21-2037160362-3931605130-208122874-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [31346784 2015-02-26] (Skype Technologies S.A.)

HKU\S-1-5-21-2037160362-3931605130-208122874-1000\...\MountPoints2: {6a378340-c71e-11e3-a905-1867b081b8fc} - H:\Setup.exe

HKU\S-1-5-21-2037160362-3931605130-208122874-1000\...\MountPoints2: {70f6400c-453f-11e4-9672-1867b081b8fc} - I:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-2037160362-3931605130-208122874-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MARINE~1.SCR [1855488 2003-04-14] ()

AppInit_DLLs: avgrsstx.dll => C:\Windows\system32\avgrsstx.dll [12536 2014-04-18] (AVG Technologies CZ, s.r.o.)

AppInit_DLLs: , c:\windows\jaksta\ac\x86\jaudcap.dll => c:\windows\jaksta\ac\x86\jaudcap.dll [264480 2014-05-06] (Jaksta Technologies Pty Ltd)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FlexType 2K.lnk [2014-04-18]

ShortcutTarget: FlexType 2K.lnk -> D:\DRIVERS\FlexType XP + kg\INSTAL\FlexType 2K\FType2K.exe ()

Startup: C:\Users\Янев\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JivoSite.lnk [2014-05-19]

ShortcutTarget: JivoSite.lnk -> C:\Program Files\JivoSite\JivoSite.exe ()

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =

SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =

SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> {1010ABAC-265C-45EE-A7BC-1790AFB08608} URL =

SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =

SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> {530BFF27-0912-41CC-AB51-7F660A5DA862} URL =

SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> {83123FBA-B6A6-45F2-88DD-1B6479775E1D} URL =

SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> {904AD6D8-F7E7-4F3B-8FAF-7A3D22477134} URL =

SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =

SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)

BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> D:\PROGRAMS\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)

BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG9\avgssie.dll [2014-04-18] (AVG Technologies CZ, s.r.o.)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-03-21] (Oracle Corporation)

BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-03-12] (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-03-21] (Oracle Corporation)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)

Toolbar: HKLM - No Name - {7774D21F-E37C-4875-846D-5AFC2488D6CD} - No File

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll [2014-04-18] (AVG Technologies CZ, s.r.o.)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:

========

FF ProfilePath: C:\Users\Янев\AppData\Roaming\Mozilla\Firefox\Profiles\66gpfaas.default

FF DefaultSearchEngine: Bing

FF DefaultSearchEngine,S: WebSearch

FF SearchEngineOrder.1: WebSearch

FF SearchEngineOrder.1,S: WebSearch

FF SearchEngineOrder.3: Bing

FF SelectedSearchEngine: Bing

FF SelectedSearchEngine,S: WebSearch

FF Homepage: https://bill.itgbg.com/cgi-bin/cabin.cgi?unique_id=1428386597

FF Keyword.URL: hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()

FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation)

FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation)

FF Plugin: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-03-21] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-03-21] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-15] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-15] (Google Inc.)

FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll No File

FF Plugin: Adobe Reader -> D:\PROGRAMS\Adobe Rider\Instal\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Янев\AppData\Roaming\Mozilla\Firefox\Profiles\66gpfaas.default\searchplugins\bing-.xml [2015-04-07]

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\911bg.xml [2014-07-30]

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml [2014-07-30]

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pe-bg.xml [2014-07-30]

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml [2014-07-30]

FF Extension: No Name - C:\Users\Янев\AppData\Roaming\Mozilla\Firefox\Profiles\66gpfaas.default\Extensions\bingsearch.full@microsoft.com [2015-04-06]

FF Extension: DeleteAd - C:\Users\Янев\AppData\Roaming\Mozilla\Firefox\Profiles\66gpfaas.default\Extensions\nwdjwudhamxzhzhyhn@zyydgvksbeve.org [2015-04-15]

FF Extension: BitComet Video Downloader - C:\Users\Янев\AppData\Roaming\Mozilla\Firefox\Profiles\66gpfaas.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2014-04-22]

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-08]

FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

Chrome:

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\Янев\AppData\Local\Google\Chrome\User Data\Default

CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [Not Found]

CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-05-16]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKU\S-1-5-21-2037160362-3931605130-208122874-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx

Opera:

=======

OPR Extension: (Ge-Force) - C:\Users\Янев\AppData\Roaming\Opera Software\Opera Stable\Extensions\jhongheibdpfhdpfccheljfcabgliidh [2015-04-05]

OPR Extension: (Sense) - C:\Users\Янев\AppData\Roaming\Opera Software\Opera Stable\Extensions\knlpigpfaognbholppaembpfphilacie [2015-04-05]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [591840 2013-02-13] (Intel Corporation)

R2 avg9emc; C:\Program Files\AVG\AVG9\avgemc.exe [921952 2014-04-18] (AVG Technologies CZ, s.r.o.)

R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2014-04-18] (AVG Technologies CZ, s.r.o.)

R2 avgfws9; C:\Program Files\AVG\AVG9\avgfws9.exe [2331544 2014-04-18] (AVG Technologies CZ, s.r.o.)

S2 AVGIDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [5897808 2014-04-18] (AVG Technologies CZ, s.r.o.)

R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104240 2012-09-12] (Intel® Corporation)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-12-18] (Intel Corporation)

R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]

R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]

R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]

S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-04-28] (Macrovision Europe Ltd.) [File not signed]

R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-05-07] (Freemake) [File not signed]

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-03-20] (Intel Corporation)

R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-03-20] (Intel Corporation)

R2 MBAMScheduler; E:\Malwarebytes Anti-Malware Premium v2.1.6.1022 Final\Instal\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)

R2 MBAMService; E:\Malwarebytes Anti-Malware Premium v2.1.6.1022 Final\Instal\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

R2 mi-raysat_3dsmax2010_32; C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [86016 2009-03-12] () [File not signed]

R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [242928 2013-02-08] ()

S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation)

S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-03-12] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2531056 2013-02-08] (Intel® Corporation)

S2 038d2b55; "C:\Windows\system32\rundll32.exe" "c:\Program Files\ToolMaker\ToolMaker.dll",serv

S3 BITCOMET_HELPER_SERVICE; D:\DRIVERS\BitComet\tools\BitCometService.exe -service [X]

S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [112608 2013-05-21] (Windows ® Win 7 DDK provider)

S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [112608 2013-05-21] (Windows ® Win 7 DDK provider)

R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3236864 2013-09-24] (Qualcomm Atheros Communications, Inc.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [24856 2014-04-18] (AVG Technologies CZ, s.r.o.)

R3 AVGIDSDriverw7x; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [122448 2014-04-18] (AVG Technologies CZ, s.r.o. )

R0 AVGIDSErHrw7x; C:\Windows\System32\Drivers\AVGIDSwx.sys [25168 2014-04-18] (AVG Technologies CZ, s.r.o. )

R3 AVGIDSFilterw7x; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [30288 2014-04-18] (AVG Technologies CZ, s.r.o. )

R3 AVGIDSShimw7x; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [20560 2014-04-18] (AVG Technologies CZ, s.r.o. )

R1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [226016 2014-04-19] (AVG Technologies CZ, s.r.o.)

R1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2014-04-18] (AVG Technologies CZ, s.r.o.)

R0 AvgRkx86; C:\Windows\System32\Drivers\avgrkx86.sys [52872 2014-04-18] (AVG Technologies CZ, s.r.o.)

R1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2014-04-18] (AVG Technologies CZ, s.r.o.)

R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [506664 2014-01-08] (Qualcomm Atheros)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-04-18] (Disc Soft Ltd)

S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [339272 2013-11-25] (ELAN Microelectronics Corp.)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)

R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [490344 2013-12-18] (Intel Corporation)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [24424 2013-12-18] (Intel Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-22] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)

S3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-12] (Intel Corporation)

R3 MF2ACT; C:\Windows\System32\Drivers\MF2ACT.sys [10368 2007-03-20] (OEM)

R1 mf2nt; C:\Windows\system32\drivers\mf2nt.sys [61820 2007-08-11] () [File not signed]

S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [9472 2009-07-24] (Primax Ltd)

R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)

S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [249288 2012-06-29] (Microsoft Corporation)

S0 sptd; C:\Windows\System32\Drivers\sptd.sys [664064 2014-04-18] (Duplex Secure Ltd.) [File not signed]

R3 XMLDIUSB; C:\Windows\System32\Drivers\XMLDIUSB.sys [31879 2007-01-08] (OEM)

S3 ETDSMBus; system32\DRIVERS\ETDSMBus.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 13:47 - 2015-04-22 13:48 - 00025233 _____ () C:\Users\Янев\Desktop\FRST.txt

2015-04-22 13:00 - 2015-04-22 13:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2015-04-22 11:59 - 2015-04-22 13:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-04-22 11:59 - 2015-04-22 11:59 - 00001046 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-04-22 11:59 - 2015-04-22 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-04-22 11:58 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-04-22 11:58 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-04-22 11:58 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-04-22 11:52 - 2015-04-22 11:54 - 00000000 ____D () C:\Users\Янев\Desktop\ZASTRAHOVKA

2015-04-22 10:39 - 2015-04-22 13:47 - 00000000 ____D () C:\FRST

2015-04-22 10:39 - 2015-04-22 10:39 - 01139200 _____ (Farbar) C:\Users\Янев\Desktop\FRST.exe

2015-04-16 09:54 - 2015-04-16 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Likno Web Button Maker

2015-04-15 15:59 - 2015-04-15 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-04-15 13:35 - 2015-04-22 13:23 - 00000000 ____D () C:\Program Files\ToolMaker

2015-04-15 10:46 - 2015-04-15 13:35 - 00000000 ____D () C:\ProgramData\c28d20c000006cab

2015-04-15 10:12 - 2015-04-15 10:45 - 00000000 ____D () C:\Program Files\Dislike Button

2015-04-15 10:12 - 2015-04-15 10:12 - 00000079 _____ () C:\Program Files\prefs.js

2015-04-15 10:11 - 2015-04-15 11:14 - 00000000 ____D () C:\Program Files\SoaveLouts

2015-04-15 09:59 - 2015-04-15 09:59 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-04-15 09:59 - 2015-04-15 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-04-15 09:58 - 2015-04-22 13:22 - 00001164 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-15 09:58 - 2015-04-22 13:03 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-04-14 22:56 - 2015-04-14 22:56 - 02217984 _____ () C:\Users\Янев\Downloads\5CAC.tmp

2015-04-14 20:43 - 2015-04-14 22:58 - 00000000 ____D () C:\AdwCleaner

2015-04-11 11:35 - 2015-04-22 09:10 - 00000020 _____ () C:\Users\Янев\AppData\Roaming\appdataFr3.bin

2015-04-07 12:46 - 2015-04-07 12:46 - 00007935 _____ () C:\Users\Янев\Downloads\favicomatic (1).zip

2015-04-07 12:45 - 2015-04-07 12:45 - 00007935 _____ () C:\Users\Янев\Downloads\favicomatic.zip

2015-04-06 08:37 - 2015-04-06 08:37 - 00000000 ____D () C:\Users\Янев\Tracing

2015-04-05 20:26 - 2015-04-05 20:26 - 00000680 _____ () C:\Users\Янев\Downloads\2BBE5FD6682C32AC09F8D856D319EA3D3EDBBF5B (1).torrent

2015-04-05 20:24 - 2015-04-05 20:24 - 00000680 _____ () C:\Users\Янев\Downloads\2BBE5FD6682C32AC09F8D856D319EA3D3EDBBF5B.torrent

2015-04-05 19:11 - 2015-04-15 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllWebMenus PRO

2015-04-05 19:11 - 2015-04-05 19:11 - 00001008 _____ () C:\Users\Public\Desktop\AllWebMenus 5 PRO.lnk

2015-04-05 18:58 - 2015-04-07 08:53 - 00000000 ____D () C:\ProgramData\{022cfc95-f387-79da-022c-cfc95f38f257}

2015-04-05 18:54 - 2015-04-07 08:53 - 00000000 ____D () C:\ProgramData\{76f0ab44-4f6d-82e2-76f0-0ab444f6ad11}

2015-04-05 18:36 - 2015-04-08 12:21 - 00000000 ____D () C:\Program Files\VK Switcher

2015-04-05 18:34 - 2015-04-15 10:12 - 00000000 ____D () C:\ProgramData\4902375531840523889

2015-04-05 18:32 - 2015-04-07 08:53 - 00000000 ____D () C:\ProgramData\{eb418a14-a568-2920-eb41-18a14a562852}

2015-04-05 13:26 - 2015-04-05 15:44 - 00000000 ____D () C:\Users\џҐў

2015-04-05 13:26 - 2015-04-05 13:26 - 00000000 ____D () C:\Users\Янев\AppData\Local\CrashRpt

2015-04-05 11:49 - 2015-04-05 15:43 - 00000000 ____D () C:\Program Files\We Love Deals

2015-04-05 11:46 - 2015-04-05 15:43 - 00000000 ____D () C:\ProgramData\{d3032ddb-b9c6-2a87-d303-32ddbb9cb76e}

2015-04-04 14:56 - 2015-04-04 14:56 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\Opera Software

2015-04-04 14:56 - 2015-04-04 14:56 - 00000000 ____D () C:\Users\Янев\AppData\Local\Opera Software

2015-04-04 14:54 - 2015-04-05 15:43 - 00000000 ____D () C:\Program Files\Opera

2015-04-04 13:54 - 2015-04-04 13:54 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\Thinstall

2015-04-04 13:54 - 2015-04-04 13:54 - 00000000 ____D () C:\Users\Янев\AppData\Local\Thinstall

2015-04-04 13:49 - 2015-04-05 19:11 - 00000000 ____D () C:\Program Files\AllWebMenus5

2015-04-02 09:31 - 2015-04-02 09:31 - 00048374 _____ () C:\Users\Янев\Desktop\myMenu.awm

2015-04-02 09:22 - 2015-04-16 09:44 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\Likno Software

2015-04-02 09:20 - 2004-03-09 00:00 - 00152848 ____N (Microsoft Corporation) C:\Windows\system32\comdlg32.ocx

2015-04-02 09:19 - 2005-02-21 11:34 - 02011136 ____N (Codejock Software) C:\Windows\system32\XTP9510Lib.dll

2015-04-02 09:19 - 2002-10-24 17:08 - 00443392 ____N (LEAD Technologies, Inc.) C:\Windows\system32\ltkrn13n.dll

2015-04-02 09:19 - 2002-10-22 13:53 - 00393216 ____N (LEAD Technologies, Inc.) C:\Windows\system32\LFCMP13n.DLL

2015-04-02 09:19 - 2002-10-21 15:39 - 00181248 ____N (LEAD Technologies, Inc.) C:\Windows\system32\Lfpng13n.dll

2015-04-02 09:19 - 2002-10-21 15:31 - 01013760 ____N (LEAD Technologies, Inc.) C:\Windows\system32\Ltwvc13n.dll

2015-04-02 09:19 - 2002-10-21 15:03 - 00035328 ____N (LEAD Technologies, Inc.) C:\Windows\system32\lfgif13n.dll

2015-04-02 09:19 - 2002-10-21 15:02 - 00030208 ____N (LEAD Technologies, Inc.) C:\Windows\system32\lfbmp13n.dll

2015-04-02 09:19 - 2002-10-21 15:01 - 00446464 ____N (LEAD Technologies, Inc.) C:\Windows\system32\ltimg13n.dll

2015-04-02 09:19 - 2002-10-21 15:01 - 00205824 ____N (LEAD Technologies, Inc.) C:\Windows\system32\ltefx13n.dll

2015-04-02 09:19 - 2002-10-21 15:00 - 00139776 ____N (LEAD Technologies, Inc.) C:\Windows\system32\ltfil13n.DLL

2015-04-02 09:19 - 2002-10-21 14:53 - 00265728 ____N (LEAD Technologies, Inc.) C:\Windows\system32\LTDIS13n.dll

2015-04-02 09:18 - 2007-11-08 09:19 - 00129024 ____N (Microsoft Corporation) C:\Windows\system32\msstdfmt.dll

2015-04-02 09:16 - 2015-04-05 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Likno Web Tabs Builder

2015-04-02 09:15 - 2015-04-02 09:19 - 00024420 _____ () C:\Windows\system32\LiknoGridControl.tlb

2015-04-02 09:15 - 2013-05-27 15:53 - 00242184 ____N () C:\Windows\system32\LiknoGridControl.dll

2015-04-02 09:15 - 1998-06-24 10:55 - 00164144 ____N (Microsoft Corporation) C:\Windows\system32\comct232.ocx

2015-04-02 09:14 - 2008-01-18 13:10 - 01097728 ____N (Woodbury Associates Limited) C:\Windows\system32\UniBox210.ocx

2015-04-02 09:14 - 2008-01-18 13:10 - 00364544 ____N (Woodbury Associates Limited) C:\Windows\system32\UniGrid210.ocx

2015-04-02 09:14 - 2008-01-18 13:10 - 00212992 ____N (Woodbury Associates Limited) C:\Windows\system32\UniBoxVB12.ocx

2015-04-02 09:14 - 2008-01-18 13:09 - 00880640 ____N (Woodbury Associates Limited) C:\Windows\system32\UniBox10.ocx

2015-04-02 09:14 - 2007-09-14 10:06 - 00380928 ____N (Woodbury Associates Limited) C:\Windows\system32\UniFlexGrid10.ocx

2015-04-02 09:14 - 2007-09-14 10:06 - 00139264 ____N (Woodbury Associates Limited) C:\Windows\system32\uniflexsup.dll

2015-04-02 09:14 - 2002-03-13 17:46 - 00053248 ____N () C:\Windows\system32\ZLIB.DLL

2015-04-02 09:14 - 2000-05-22 17:58 - 00608448 ____N (Microsoft Corporation) C:\Windows\system32\comctl32.ocx

2015-04-02 09:13 - 2015-04-16 09:54 - 00000000 ____D () C:\ProgramData\InstallMate

2015-04-02 09:13 - 2015-04-05 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Likno Software

2015-04-02 09:13 - 2015-04-05 15:43 - 00000000 ____D () C:\Program Files\Likno Software

2015-03-30 13:04 - 2015-03-30 13:04 - 00000000 ____D () C:\Users\Янев\AndroidStudioProjects

2015-03-28 22:54 - 2015-03-28 22:54 - 00000000 ____D () C:\Проекти

2015-03-28 22:17 - 2015-03-30 13:05 - 00000000 ____D () C:\Users\Янев\.gradle

2015-03-26 22:14 - 2015-03-26 22:14 - 00004185 _____ () C:\Users\Янев\AppData\Roaming\SXL

2015-03-24 20:58 - 2015-04-10 10:31 - 00000144 _____ () C:\Users\Янев\Documents\SimController.log

2015-03-24 20:58 - 2015-03-24 20:58 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\SimController

2015-03-24 10:45 - 2015-03-24 10:45 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\JetBrains

2015-03-24 10:43 - 2015-03-30 11:09 - 00000000 ____D () C:\Users\Янев\.AndroidStudio

2015-03-24 10:41 - 2015-03-24 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio

2015-03-24 10:31 - 2015-03-31 08:34 - 00000000 ____D () C:\Users\Янев\AppData\Local\Android

2015-03-24 10:28 - 2015-03-30 13:28 - 00000000 ____D () C:\Program Files\Android

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 13:47 - 2014-05-12 12:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-04-22 13:47 - 2014-04-18 20:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2015-04-22 13:32 - 2009-07-14 07:34 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-04-22 13:32 - 2009-07-14 07:34 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-04-22 13:28 - 2014-04-18 16:28 - 01891079 _____ () C:\Windows\WindowsUpdate.log

2015-04-22 13:27 - 2014-04-28 12:39 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\ViberPC

2015-04-22 13:27 - 2014-04-19 08:34 - 00000427 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2015-04-22 13:25 - 2014-04-29 12:24 - 00000000 ____D () C:\Users\Янев\AppData\Local\Viber

2015-04-22 13:25 - 2014-04-28 12:32 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\Skype

2015-04-22 13:23 - 2009-07-14 07:33 - 04509896 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-04-22 13:22 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-22 13:22 - 2009-07-14 07:39 - 00055195 _____ () C:\Windows\setupact.log

2015-04-22 13:21 - 2010-11-21 00:48 - 00156772 _____ () C:\Windows\PFRO.log

2015-04-22 13:21 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\tracing

2015-04-22 12:40 - 2014-05-02 11:20 - 00000000 ____D () C:\Windows\Minidump

2015-04-22 12:38 - 2014-05-02 11:19 - 340928784 _____ () C:\Windows\MEMORY.DMP

2015-04-22 12:33 - 2014-04-29 15:58 - 00000000 ____D () C:\Users\Янев\Desktop\ПРОГРАМИ

2015-04-22 11:52 - 2014-06-24 09:33 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\Canon

2015-04-22 09:13 - 2014-04-18 19:35 - 00000000 ____D () C:\Windows\system32\Drivers\Avg

2015-04-21 18:14 - 2015-02-03 13:28 - 00011024 _____ () C:\Users\Янев\Desktop\ВАУЧЕРИ ТАБЛИЦА.xlsx

2015-04-21 08:39 - 2014-04-22 20:04 - 00000000 ____D () C:\Users\Янев\AppData\Local\Adobe

2015-04-20 09:52 - 2014-04-18 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Datecs Applications

2015-04-20 08:39 - 2014-04-28 09:11 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR

2015-04-17 09:32 - 2014-11-27 10:45 - 00000224 _____ () C:\Users\Янев\Desktop\Нов текстов документ (2).txt

2015-04-16 08:49 - 2010-11-21 00:01 - 00876526 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-04-15 10:49 - 2014-05-12 12:44 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-04-15 10:49 - 2014-05-12 12:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-04-15 10:47 - 2014-05-02 11:12 - 00000000 ____D () C:\Program Files\DSPRobotics

2015-04-15 09:59 - 2014-04-18 20:30 - 00000000 ____D () C:\Program Files\Google

2015-04-15 09:30 - 2014-04-18 16:35 - 00000000 ____D () C:\Users\Янев

2015-04-15 09:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\wfp

2015-04-15 09:28 - 2014-11-28 18:29 - 00000000 ____D () C:\ProgramData\Tbccint

2015-04-15 09:28 - 2014-11-28 18:24 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft

2015-04-15 09:28 - 2014-08-18 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GenSoft

2015-04-15 09:28 - 2014-05-02 12:25 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\simplitec

2015-04-15 09:28 - 2014-05-02 12:12 - 00000000 ____D () C:\ProgramData\simplitec

2015-04-15 09:28 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\registration

2015-04-15 09:28 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\AppCompat

2015-04-15 09:27 - 2014-04-18 21:37 - 00000000 __RHD () C:\MSOCache

2015-04-14 10:04 - 2014-05-22 09:07 - 00000000 ____D () C:\Windows\system32\appmgmt

2015-04-11 11:35 - 2014-05-02 09:42 - 00000041 _____ () C:\Windows\crw.ini

2015-04-11 11:35 - 2009-07-14 05:04 - 00001235 _____ () C:\Windows\win.ini

2015-04-08 08:45 - 2009-07-14 07:53 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-04-07 12:45 - 2014-05-16 18:02 - 00000000 ____D () C:\Users\Янев\AppData\Local\WinZip

2015-04-07 12:45 - 2014-05-16 18:02 - 00000000 ____D () C:\ProgramData\WinZip

2015-04-06 08:35 - 2014-04-28 12:32 - 00000000 ___RD () C:\Program Files\Skype

2015-04-06 08:35 - 2014-04-28 12:32 - 00000000 ____D () C:\ProgramData\Skype

2015-04-05 15:44 - 2014-05-16 18:02 - 00000000 ____D () C:\Program Files\WinZip

2015-04-05 15:43 - 2015-03-18 14:21 - 00000000 ____D () C:\Users\Янев\Desktop\Туроператор Юнион Ивкони в София_files

2015-04-05 15:43 - 2014-05-16 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip

2015-04-05 15:43 - 2010-11-21 03:46 - 00000000 ___RD () C:\Users\Public\Recorded TV

2015-04-05 15:42 - 2009-07-14 05:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2015-04-04 11:12 - 2014-10-30 10:30 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\Likno

2015-04-03 11:17 - 2015-03-20 17:25 - 00000000 ____D () C:\Users\Янев\Documents\Unnamed Site 2

2015-04-01 10:01 - 2014-04-18 22:06 - 00000000 ____D () C:\ProgramData\KMSAutoS

2015-03-30 10:42 - 2014-04-18 16:43 - 00000000 ____D () C:\Program Files\Intel

2015-03-25 20:27 - 2014-04-29 15:55 - 00000000 ____D () C:\Users\Янев\Documents\Visual Studio 2008

2015-03-25 20:26 - 2014-04-18 21:38 - 00000000 ____D () C:\ProgramData\Microsoft Help

==================== Files in the root of some directories =======

2015-04-15 10:12 - 2015-04-15 10:12 - 0000079 _____ () C:\Program Files\prefs.js

2015-04-11 11:35 - 2015-04-22 09:10 - 0000020 _____ () C:\Users\Янев\AppData\Roaming\appdataFr3.bin

2015-03-26 22:14 - 2015-03-26 22:14 - 0004185 _____ () C:\Users\Янев\AppData\Roaming\SXL

2014-07-11 07:14 - 2014-07-11 07:14 - 0007598 _____ () C:\Users\Янев\AppData\Local\Resmon.ResmonCfg

2014-04-18 18:51 - 2014-04-18 18:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:

====================

C:\Users\Янев\AppData\Local\Temp\AcDeltree.exe

C:\Users\Янев\AppData\Local\Temp\AllWebMenusSetup.exe

C:\Users\Янев\AppData\Local\Temp\AYCTPnYqOuHpOWubwjpO.DLL

C:\Users\Янев\AppData\Local\Temp\cEpLHckkxbkPwPvojIlq.DLL

C:\Users\Янев\AppData\Local\Temp\dEFjGivjQFFhSelGRSLi.DLL

C:\Users\Янев\AppData\Local\Temp\dsp_ipp.dll

C:\Users\Янев\AppData\Local\Temp\EhSgWdUZSNVlGhuAhHZs.DLL

C:\Users\Янев\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.0.exe

C:\Users\Янев\AppData\Local\Temp\InitBDE.exe

C:\Users\Янев\AppData\Local\Temp\jSfeZBczZHmgBgbImMKK.DLL

C:\Users\Янев\AppData\Local\Temp\KubJZfMgtkGESfLVbdMZ.DLL

C:\Users\Янев\AppData\Local\Temp\LiknoDropDownMenuTrees.exe

C:\Users\Янев\AppData\Local\Temp\LiknoWebAccordionBuilderSetup.exe

C:\Users\Янев\AppData\Local\Temp\LiknoWebButtonMakerSetup.exe

C:\Users\Янев\AppData\Local\Temp\LiknoWebModalWindowsBuilderSetup.exe

C:\Users\Янев\AppData\Local\Temp\LiknoWebScrollerBuilderSetup.exe

C:\Users\Янев\AppData\Local\Temp\LiknoWebTabsBuilderSetup.exe

C:\Users\Янев\AppData\Local\Temp\LiknoWebTooltipsBuilderSetup.exe

C:\Users\Янев\AppData\Local\Temp\mgxoschk.dll

C:\Users\Янев\AppData\Local\Temp\ose00000.exe

C:\Users\Янев\AppData\Local\Temp\qFLziOkeTmXhPaJfdIFl.DLL

C:\Users\Янев\AppData\Local\Temp\sfhfoaCPVqOFLBwFdcbP.DLL

C:\Users\Янев\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Янев\AppData\Local\Temp\sMlRDJcsGsdClKJOpOXJ.DLL

C:\Users\Янев\AppData\Local\Temp\uZnusiIojsYEZMjueGQA.DLL

C:\Users\Янев\AppData\Local\Temp\vTynJYkIDsUrKDIBTpUm.DLL

C:\Users\Янев\AppData\Local\Temp\_isB98F.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-14 17:16

==================== End Of Log ============================

syneok · Април 23, 2015

Тук прикрепям файла Аuddition.

Не успях да го прикрепя на предният пост. Тези гадинки ми пречат. Блокират страницата. Ще опитам пак

Addition.txt

B-boy/StyLe/ · Април 23, 2015

Здравейте,

Лошото е, че гадината е обновила браузъра ви до версия за разработчици, където всички защитни механизми за свалени и дори да го почистим след време гадината пак ще си инсталира зловредните добавки.

CHR dev: Chrome dev build detected!

Затова...решението е пълно деинсталиране на браузъра с GeekUninstaller или Revo Uninstaller и след това инсталирането на последната стабилна версия на браузъра.

Преди да го деинсталирате е добре да си запазите всички пароли и отметки ако имате такива.

Експортиране на отметки от Chrome:
В горния десен ъгъл на прозореца на браузъра кликнете върху менюто на Chrome.

Изберете Отметки > Диспечер на отметките.

Кликнете върху менюто „Организиране“ в диспечера.

Сега изберете Export bookmarks to HTML file.
Тук са даден инструкции след това как да ги импортнете обратно след преинсталацията на браузъра:
http://www.wikihow.com/Export-Bookmarks-from-Chrome

За паролите вижте дали следния инструмент сработва:
http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Изтеглете програмата GeekUninstaller и я запазете на десктопа.
Разархивирайте я и стартирайте файла geek.exe http://i.imgur.com/IxXO5oO.jpg
От списъка намерете Google Chrome (примера е за Mozilla Firefox, но това е просто за показно).
Кликнете с десен бутон върху програмата и изберете Uninstall

http://i.imgur.com/XhV2QLa.png

След края на инсталацията ще се отвори прозорец подканващ ви да премахнете всички остатъци от програмата (ако има такива, ако няма този прозорец няма да се появи):

Пример за Mozilla браузъра:

Натиснете бутона Finish за да изтриете останките от програмата.

След това продължете направете нова проверка с FRST (като се уверите, че има отметка пред Addition.txt преди да натиснете бутона SCAN).

След това публикувайте новите лог файлове за да изчистим остатъците от адуера.

Поздрави!

syneok · Април 23, 2015

Благодаря ви много!!!

B-boy/StyLe/ · Април 23, 2015

Не сме готови?

След това публикувайте новите лог файлове за да изчистим остатъците от адуера.

Имам предвид да сканирате отново с FRST като сложите отметка пред Addition.txt преди да натиснете бутона SCAN и след това да публикувате новите лог файлове в следващия си коментар.

Поздрави!

syneok · Април 24, 2015

Ето фаловете от новото сканиране

Addition.txt

FRST.txt

B-boy/StyLe/ · Април 24, 2015

Здравейте,

Моля деинсталирайте следните програми от Control Panel-a:

ToolMaker

VideoDownloadConverter Internet Explorer Toolbar

youtubeadblocker

След това изтеглете http://www.lersus.de/img/icons/tutorial/edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

Поздрави!

syneok · Април 25, 2015

При деинсталирането на VideoDownloadConverter Internet Explorer Toolbar и Тool Maker се появиха следните прозорци:

След сканирането ми създаде следният файл, който прикачам:

Fixlog.txt

B-boy/StyLe/ · Април 25, 2015

Няма проблеми. Пробвайте да ги махнете с GeekUninstaller. Ако не стане с опцията Uninstall, използвайте Force Removal.

След това продължете с другите инструкции.

Поздрави!

B-boy/StyLe/ · Април 25, 2015

Защо сте стартирали фикса два пъти...

Run:2

Сега в лога е нормално да се виждат като "not found", защото са били изтрити при първото пускане на програмата. Не четете инструкциите внимателно...

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

Както и да е...да проверим за остатъци:

СТЪПКА 1

Изтеглете и стартирайтe http://i.imgur.com/6sv1DN9.jpgAdwCleaner.exe.
Натиснете бутона Scan.
AdwCleaner ще започне да проверява компютъра.
След като проверката приключи натиснете бутона Clean.
Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
Ще се появи автоматично лог файл с името (AdwCleaner[s0].txt) в C:\Adwcleaner
Публикувайте съдържанието му в следващия си коментар.

СТЪПКА 2

Моля изтеглете http://www.bleepstatic.com/download/product-logos/2012/10/25/icon1351185104.png Junkware Removal Tool на вашия десктоп.

Спрете временно работата на защитните програми.
Стартирайте инструмента JRT.exe
Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
Моля копирайте съдържанието на лог файла в следващия си пост.

syneok · Април 25, 2015

Извинявам се, но използвам лаптопа си за работа и по време на сканирането ми влезе клиент и трябваше да отворя браузъра си. Затова пуснах да сканира втори път и публикувах втория файл. Продължавам с инструкциите.

syneok · Април 25, 2015

Ето последните сканирания

AdwCleanerS0.txt

JRT.txt

B-boy/StyLe/ · Април 25, 2015

Как е сега положението?

Обновете Malwarebytes Anti-Malware и направете Threat Scan и след това публикувайте лог файла (но искам Scan Log-a, не Protection Log-a) този път.

Поздрави!

syneok · Април 25, 2015

OK!

Машината се държи добре, но имам и един друг проблем. След рестарт се стартира за около 10 минути, което е много дразнещо.

syneok · Април 25, 2015

Ако може да ме посъветвате какво мога да направя, че да се стартира нормално.

Проблем със зловреден код - рекламни банери и др. подобни

Препоръчан пост

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Join the conversation