Jump to content

syneok

Потребител
 Виж профила  Виж тяхната активност

  • Брой теми

    30

  • Регистрация

  • Последно посещение

syneok's Achievements

Новобранец

Новобранец (1/14)

0

Репутация в общността

  1. syneok
    Ето следващото сканиране с Malwarebytes Anti-Malware Malwarebytes Anti-Malware.txt
  2. syneok
    Ако може да ме посъветвате какво мога да направя, че да се стартира нормално.
  3. syneok
    OK! Машината се държи добре, но имам и един друг проблем. След рестарт се стартира за около 10 минути, което е много дразнещо.
  4. syneok
    Ето последните сканирания AdwCleanerS0.txt JRT.txt
  5. syneok
    Извинявам се, но използвам лаптопа си за работа и по време на сканирането ми влезе клиент и трябваше да отворя браузъра си. Затова пуснах да сканира втори път и публикувах втория файл. Продължавам с инструкциите.
  6. syneok
    При деинсталирането на VideoDownloadConverter Internet Explorer Toolbar и Тool Maker се появиха следните прозорци: След сканирането ми създаде следният файл, който прикачам: Fixlog.txt
  7. syneok
    Ето фаловете от новото сканиране Addition.txt FRST.txt
  8. syneok
    Благодаря ви много!!!
  9. syneok
    Тук прикрепям файла Аuddition. Не успях да го прикрепя на предният пост. Тези гадинки ми пречат. Блокират страницата. Ще опитам пак Addition.txt
  10. syneok
    Здравейте! Аз също имам проблем със зловреден код и Ви моля за помощ, понеже съм ползвал и друг път услугите Ви, знам че ще се справите. При мен се получава следното: Когато отварям страници на браузъра си, ми изкачат нежелани реклами, банери, пренасочват се страниците които отварям към съвсем различни сайтове, изкачат ми прозорци с реклами и т.н. Съгласно инструкциите, които прочетох тук , публикувам резултатите от сканирането с FRST и Malwarebytes Anti-Malware. Ето резултатите: Сканиране с Malwarebytes Anti-Malware www.malwarebytes.org Update, 22.04.2015 09:00, SYSTEM, PC, Scheduler, Malware Database, 2015.4.21.6, 2015.4.22.1, Protection, 22.04.2015 09:00, SYSTEM, PC, Protection, Refresh, Starting, Protection, 22.04.2015 09:00, SYSTEM, PC, Protection, Malicious Website Protection, Stopping, Protection, 22.04.2015 09:00, SYSTEM, PC, Protection, Malicious Website Protection, Stopped, Protection, 22.04.2015 09:07, SYSTEM, PC, Protection, Malware Protection, Starting, Protection, 22.04.2015 09:07, SYSTEM, PC, Protection, Malware Protection, Started, Protection, 22.04.2015 09:07, SYSTEM, PC, Protection, Malicious Website Protection, Starting, Protection, 22.04.2015 09:09, SYSTEM, PC, Protection, Malicious Website Protection, Started, Detection, 22.04.2015 10:38, SYSTEM, PC, Protection, Malicious Website Protection, IP, 52.10.219.161, bestwebnutfunblack.org, 51482, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, Detection, 22.04.2015 10:38, SYSTEM, PC, Protection, Malicious Website Protection, IP, 52.10.219.161, bestwebnutfunblack.org, 51482, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, Detection, 22.04.2015 10:38, SYSTEM, PC, Protection, Malicious Website Protection, IP, 52.10.219.161, bestwebnutfunblack.org, 51483, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, Detection, 22.04.2015 10:38, SYSTEM, PC, Protection, Malicious Website Protection, IP, 52.10.219.161, bestwebnutfunblack.org, 51486, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, Detection, 22.04.2015 10:39, SYSTEM, PC, Protection, Malicious Website Protection, IP, 52.10.219.161, bestwebnutfunblack.org, 51566, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, Detection, 22.04.2015 10:40, SYSTEM, PC, Protection, Malicious Website Protection, IP, 52.10.219.161, bestwebnutfunblack.org, 51622, Outbound, C:\Program Files\Google\Chrome\Application\chrome.exe, Protection, 22.04.2015 10:41, SYSTEM, PC, Protection, Malicious Website Protection, Stopping, Protection, 22.04.2015 10:41, SYSTEM, PC, Protection, Malicious Website Protection, Stopped, Protection, 22.04.2015 10:41, SYSTEM, PC, Protection, Malware Protection, Stopping, Protection, 22.04.2015 10:41, SYSTEM, PC, Protection, Malware Protection, Stopped, Update, 22.04.2015 11:59, SYSTEM, PC, Manual, Remediation Database, 2015.3.9.1, 2015.4.21.1, Update, 22.04.2015 11:59, SYSTEM, PC, Manual, Rootkit Database, 2015.2.25.1, 2015.4.21.1, Protection, 22.04.2015 11:59, SYSTEM, PC, Protection, Malware Protection, Starting, Protection, 22.04.2015 11:59, SYSTEM, PC, Protection, Malware Protection, Started, Protection, 22.04.2015 11:59, SYSTEM, PC, Protection, Malicious Website Protection, Starting, Update, 22.04.2015 11:59, SYSTEM, PC, Manual, Malware Database, 2015.3.9.5, 2015.4.22.1, Protection, 22.04.2015 11:59, SYSTEM, PC, Protection, Refresh, Starting, Protection, 22.04.2015 11:59, SYSTEM, PC, Protection, Malicious Website Protection, Started, Protection, 22.04.2015 11:59, SYSTEM, PC, Protection, Malicious Website Protection, Stopping, Protection, 22.04.2015 11:59, SYSTEM, PC, Protection, Malicious Website Protection, Stopped, Protection, 22.04.2015 12:00, SYSTEM, PC, Protection, Refresh, Success, Protection, 22.04.2015 12:00, SYSTEM, PC, Protection, Malicious Website Protection, Starting, Protection, 22.04.2015 12:00, SYSTEM, PC, Protection, Malicious Website Protection, Started, Detection, 22.04.2015 12:04, SYSTEM, PC, Protection, Защита от злонамерен софтуер, Файл, Trojan.Agent.PECB, E:\Malwarebytes Anti-Malware Premium v2.1.6.1022 Final\Keygen.exe, Карантина, [1287026dd6b4e155c3c94141df217a86] Detection, 22.04.2015 12:05, SYSTEM, PC, Protection, Malicious Website Protection, IP, 128.127.109.67, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe, Detection, 22.04.2015 12:05, SYSTEM, PC, Protection, Malicious Website Protection, IP, 128.127.109.67, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe, Detection, 22.04.2015 12:05, SYSTEM, PC, Protection, Защита от злонамерен софтуер, Файл, Trojan.Agent.PECB, E:\Malwarebytes Anti-Malware Premium v2.1.6.1022 Final\Keygen\Keygen.exe, Карантина, [b2e70c635c2ef73f34585e2415ebca36] Detection, 22.04.2015 12:06, SYSTEM, PC, Protection, Malicious Website Protection, IP, 198.50.185.208, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe, Detection, 22.04.2015 12:06, SYSTEM, PC, Protection, Malicious Website Protection, IP, 198.50.185.208, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe, Detection, 22.04.2015 12:06, SYSTEM, PC, Protection, Malicious Website Protection, IP, 91.214.203.85, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe, Detection, 22.04.2015 12:06, SYSTEM, PC, Protection, Malicious Website Protection, IP, 91.214.203.85, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe, Detection, 22.04.2015 12:06, SYSTEM, PC, Protection, Malicious Website Protection, IP, 41.233.123.203, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe, Detection, 22.04.2015 12:06, SYSTEM, PC, Protection, Malicious Website Protection, IP, 41.233.123.203, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe, Detection, 22.04.2015 12:07, SYSTEM, PC, Protection, Malicious Website Protection, IP, 31.184.236.39, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe, Detection, 22.04.2015 12:07, SYSTEM, PC, Protection, Malicious Website Protection, IP, 31.184.236.39, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe, Scan, 22.04.2015 12:10, SYSTEM, PC, Manual, Начало: 22.04.2015 12:09, Продължителност: 0 мин. 55 сек., Сканиране за заплахи, Отменено, 0 открита злонамерени програми, 0 открити нежелани програми, Detection, 22.04.2015 12:17, SYSTEM, PC, Protection, Malicious Website Protection, IP, 91.188.50.239, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe, Detection, 22.04.2015 12:17, SYSTEM, PC, Protection, Malicious Website Protection, IP, 91.188.50.239, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe, Detection, 22.04.2015 12:35, SYSTEM, PC, Protection, Malicious Website Protection, IP, 95.84.156.119, 22277, Outbound, D:\PROGRAMS\BitComet\BitComet.exe, Protection, 22.04.2015 12:43, SYSTEM, PC, Protection, Malware Protection, Starting, Protection, 22.04.2015 12:43, SYSTEM, PC, Protection, Malware Protection, Started, Protection, 22.04.2015 12:43, SYSTEM, PC, Protection, Malicious Website Protection, Starting, Protection, 22.04.2015 12:45, SYSTEM, PC, Protection, Malicious Website Protection, Started, Scan, 22.04.2015 13:19, SYSTEM, PC, Manual, Начало: 22.04.2015 12:46, Продължителност: 32 мин. 6 сек., Сканиране за заплахи, Завършено, 3 открита злонамерени програми, 0 открити нежелани програми, Protection, 22.04.2015 13:25, SYSTEM, PC, Protection, Malware Protection, Starting, Protection, 22.04.2015 13:25, SYSTEM, PC, Protection, Malware Protection, Started, Protection, 22.04.2015 13:25, SYSTEM, PC, Protection, Malicious Website Protection, Starting, Protection, 22.04.2015 13:26, SYSTEM, PC, Protection, Malicious Website Protection, Started, Update, 22.04.2015 13:38, SYSTEM, PC, Scheduler, Malware Database, 2015.4.22.1, 2015.4.22.2, Protection, 22.04.2015 13:38, SYSTEM, PC, Protection, Refresh, Starting, Protection, 22.04.2015 13:38, SYSTEM, PC, Protection, Malicious Website Protection, Stopping, Protection, 22.04.2015 13:38, SYSTEM, PC, Protection, Malicious Website Protection, Stopped, Protection, 22.04.2015 13:38, SYSTEM, PC, Protection, Refresh, Success, Protection, 22.04.2015 13:38, SYSTEM, PC, Protection, Malicious Website Protection, Starting, Protection, 22.04.2015 13:38, SYSTEM, PC, Protection, Malicious Website Protection, Started, (end) Сканиране с FRST Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015 Ran by Янев (administrator) on PC on 22-04-2015 13:47:22 Running from C:\Users\Янев\Desktop Loaded Profiles: Янев (Available profiles: Янев) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Английски (Съединени щати) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgfws9.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) E:\Malwarebytes Anti-Malware Premium v2.1.6.1022 Final\Instal\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) E:\Malwarebytes Anti-Malware Premium v2.1.6.1022 Final\Instal\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe (Malwarebytes Corporation) E:\Malwarebytes Anti-Malware Premium v2.1.6.1022 Final\Instal\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe () C:\Windows\System32\MF26PUPO.EXE () C:\Windows\System32\MF2GDIPO.EXE (Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgtray.exe () D:\PROGRAMS\SAGEM\MFPrintServer.exe () D:\PROGRAMS\SAGEM\MFServices.exe () C:\Users\Янев\AppData\Local\Viber\Viber.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe () D:\DRIVERS\FlexType XP + kg\INSTAL\FlexType 2K\FType2K.exe () C:\Program Files\JivoSite\JivoSite.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Intel Corporation) C:\Program Files\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe (Intel Corporation) C:\Program Files\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe () C:\Program Files\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2079792 2014-12-10] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [MFPrintServer_Pro_LM] => D:\PROGRAMS\SAGEM\MFPrintServer.exe [73728 2007-08-12] () HKLM\...\Run: [MFServices_Pro_LM] => D:\PROGRAMS\SAGEM\MFServices.exe [360448 2007-08-12] () HKLM\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll [2013-12-06] (Intel Corporation) HKU\S-1-5-21-2037160362-3931605130-208122874-1000\...\Run: [Viber] => C:\Users\Янев\AppData\Local\Viber\Viber.exe [936456 2014-03-05] () HKU\S-1-5-21-2037160362-3931605130-208122874-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [31346784 2015-02-26] (Skype Technologies S.A.) HKU\S-1-5-21-2037160362-3931605130-208122874-1000\...\MountPoints2: {6a378340-c71e-11e3-a905-1867b081b8fc} - H:\Setup.exe HKU\S-1-5-21-2037160362-3931605130-208122874-1000\...\MountPoints2: {70f6400c-453f-11e4-9672-1867b081b8fc} - I:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-2037160362-3931605130-208122874-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MARINE~1.SCR [1855488 2003-04-14] () AppInit_DLLs: avgrsstx.dll => C:\Windows\system32\avgrsstx.dll [12536 2014-04-18] (AVG Technologies CZ, s.r.o.) AppInit_DLLs: , c:\windows\jaksta\ac\x86\jaudcap.dll => c:\windows\jaksta\ac\x86\jaudcap.dll [264480 2014-05-06] (Jaksta Technologies Pty Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FlexType 2K.lnk [2014-04-18] ShortcutTarget: FlexType 2K.lnk -> D:\DRIVERS\FlexType XP + kg\INSTAL\FlexType 2K\FType2K.exe () Startup: C:\Users\Янев\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JivoSite.lnk [2014-05-19] ShortcutTarget: JivoSite.lnk -> C:\Program Files\JivoSite\JivoSite.exe () CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> {1010ABAC-265C-45EE-A7BC-1790AFB08608} URL = SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> {530BFF27-0912-41CC-AB51-7F660A5DA862} URL = SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> {83123FBA-B6A6-45F2-88DD-1B6479775E1D} URL = SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> {904AD6D8-F7E7-4F3B-8FAF-7A3D22477134} URL = SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKU\S-1-5-21-2037160362-3931605130-208122874-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation) BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> D:\PROGRAMS\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet) BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG9\avgssie.dll [2014-04-18] (AVG Technologies CZ, s.r.o.) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-03-21] (Oracle Corporation) BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-03-12] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-03-21] (Oracle Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) Toolbar: HKLM - No Name - {7774D21F-E37C-4875-846D-5AFC2488D6CD} - No File Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll [2014-04-18] (AVG Technologies CZ, s.r.o.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Янев\AppData\Roaming\Mozilla\Firefox\Profiles\66gpfaas.default FF DefaultSearchEngine: Bing FF DefaultSearchEngine,S: WebSearch FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.1,S: WebSearch FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF SelectedSearchEngine,S: WebSearch FF Homepage: https://bill.itgbg.com/cgi-bin/cabin.cgi?unique_id=1428386597 FF Keyword.URL: hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] () FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation) FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation) FF Plugin: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-03-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-03-21] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-15] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-15] (Google Inc.) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll No File FF Plugin: Adobe Reader -> D:\PROGRAMS\Adobe Rider\Instal\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Янев\AppData\Roaming\Mozilla\Firefox\Profiles\66gpfaas.default\searchplugins\bing-.xml [2015-04-07] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\911bg.xml [2014-07-30] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml [2014-07-30] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pe-bg.xml [2014-07-30] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml [2014-07-30] FF Extension: No Name - C:\Users\Янев\AppData\Roaming\Mozilla\Firefox\Profiles\66gpfaas.default\Extensions\bingsearch.full@microsoft.com [2015-04-06] FF Extension: DeleteAd - C:\Users\Янев\AppData\Roaming\Mozilla\Firefox\Profiles\66gpfaas.default\Extensions\nwdjwudhamxzhzhyhn@zyydgvksbeve.org [2015-04-15] FF Extension: BitComet Video Downloader - C:\Users\Янев\AppData\Roaming\Mozilla\Firefox\Profiles\66gpfaas.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2014-04-22] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-08] FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Янев\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [Not Found] CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-05-16] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKU\S-1-5-21-2037160362-3931605130-208122874-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (Ge-Force) - C:\Users\Янев\AppData\Roaming\Opera Software\Opera Stable\Extensions\jhongheibdpfhdpfccheljfcabgliidh [2015-04-05] OPR Extension: (Sense) - C:\Users\Янев\AppData\Roaming\Opera Software\Opera Stable\Extensions\knlpigpfaognbholppaembpfphilacie [2015-04-05] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [591840 2013-02-13] (Intel Corporation) R2 avg9emc; C:\Program Files\AVG\AVG9\avgemc.exe [921952 2014-04-18] (AVG Technologies CZ, s.r.o.) R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2014-04-18] (AVG Technologies CZ, s.r.o.) R2 avgfws9; C:\Program Files\AVG\AVG9\avgfws9.exe [2331544 2014-04-18] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [5897808 2014-04-18] (AVG Technologies CZ, s.r.o.) R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104240 2012-09-12] (Intel® Corporation) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-12-18] (Intel Corporation) R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed] R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-04-28] (Macrovision Europe Ltd.) [File not signed] R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-05-07] (Freemake) [File not signed] R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel® Corporation) R2 Intel® ME Service; C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-03-20] (Intel Corporation) R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-03-20] (Intel Corporation) R2 MBAMScheduler; E:\Malwarebytes Anti-Malware Premium v2.1.6.1022 Final\Instal\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; E:\Malwarebytes Anti-Malware Premium v2.1.6.1022 Final\Instal\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 mi-raysat_3dsmax2010_32; C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [86016 2009-03-12] () [File not signed] R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [242928 2013-02-08] () S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation) S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-03-12] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2531056 2013-02-08] (Intel® Corporation) S2 038d2b55; "C:\Windows\system32\rundll32.exe" "c:\Program Files\ToolMaker\ToolMaker.dll",serv S3 BITCOMET_HELPER_SERVICE; D:\DRIVERS\BitComet\tools\BitCometService.exe -service [X] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [112608 2013-05-21] (Windows ® Win 7 DDK provider) S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [112608 2013-05-21] (Windows ® Win 7 DDK provider) R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3236864 2013-09-24] (Qualcomm Atheros Communications, Inc.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [24856 2014-04-18] (AVG Technologies CZ, s.r.o.) R3 AVGIDSDriverw7x; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [122448 2014-04-18] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSErHrw7x; C:\Windows\System32\Drivers\AVGIDSwx.sys [25168 2014-04-18] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSFilterw7x; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [30288 2014-04-18] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSShimw7x; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [20560 2014-04-18] (AVG Technologies CZ, s.r.o. ) R1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [226016 2014-04-19] (AVG Technologies CZ, s.r.o.) R1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2014-04-18] (AVG Technologies CZ, s.r.o.) R0 AvgRkx86; C:\Windows\System32\Drivers\avgrkx86.sys [52872 2014-04-18] (AVG Technologies CZ, s.r.o.) R1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2014-04-18] (AVG Technologies CZ, s.r.o.) R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [506664 2014-01-08] (Qualcomm Atheros) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-04-18] (Disc Soft Ltd) S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [339272 2013-11-25] (ELAN Microelectronics Corp.) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated) R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [490344 2013-12-18] (Intel Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [24424 2013-12-18] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-22] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) S3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-12] (Intel Corporation) R3 MF2ACT; C:\Windows\System32\Drivers\MF2ACT.sys [10368 2007-03-20] (OEM) R1 mf2nt; C:\Windows\system32\drivers\mf2nt.sys [61820 2007-08-11] () [File not signed] S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [9472 2009-07-24] (Primax Ltd) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [249288 2012-06-29] (Microsoft Corporation) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [664064 2014-04-18] (Duplex Secure Ltd.) [File not signed] R3 XMLDIUSB; C:\Windows\System32\Drivers\XMLDIUSB.sys [31879 2007-01-08] (OEM) S3 ETDSMBus; system32\DRIVERS\ETDSMBus.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-22 13:47 - 2015-04-22 13:48 - 00025233 _____ () C:\Users\Янев\Desktop\FRST.txt 2015-04-22 13:00 - 2015-04-22 13:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-04-22 11:59 - 2015-04-22 13:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-22 11:59 - 2015-04-22 11:59 - 00001046 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-04-22 11:59 - 2015-04-22 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-04-22 11:58 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-22 11:58 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-22 11:58 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-22 11:52 - 2015-04-22 11:54 - 00000000 ____D () C:\Users\Янев\Desktop\ZASTRAHOVKA 2015-04-22 10:39 - 2015-04-22 13:47 - 00000000 ____D () C:\FRST 2015-04-22 10:39 - 2015-04-22 10:39 - 01139200 _____ (Farbar) C:\Users\Янев\Desktop\FRST.exe 2015-04-16 09:54 - 2015-04-16 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Likno Web Button Maker 2015-04-15 15:59 - 2015-04-15 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-15 13:35 - 2015-04-22 13:23 - 00000000 ____D () C:\Program Files\ToolMaker 2015-04-15 10:46 - 2015-04-15 13:35 - 00000000 ____D () C:\ProgramData\c28d20c000006cab 2015-04-15 10:12 - 2015-04-15 10:45 - 00000000 ____D () C:\Program Files\Dislike Button 2015-04-15 10:12 - 2015-04-15 10:12 - 00000079 _____ () C:\Program Files\prefs.js 2015-04-15 10:11 - 2015-04-15 11:14 - 00000000 ____D () C:\Program Files\SoaveLouts 2015-04-15 09:59 - 2015-04-15 09:59 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-04-15 09:59 - 2015-04-15 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-04-15 09:58 - 2015-04-22 13:22 - 00001164 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-15 09:58 - 2015-04-22 13:03 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-14 22:56 - 2015-04-14 22:56 - 02217984 _____ () C:\Users\Янев\Downloads\5CAC.tmp 2015-04-14 20:43 - 2015-04-14 22:58 - 00000000 ____D () C:\AdwCleaner 2015-04-11 11:35 - 2015-04-22 09:10 - 00000020 _____ () C:\Users\Янев\AppData\Roaming\appdataFr3.bin 2015-04-07 12:46 - 2015-04-07 12:46 - 00007935 _____ () C:\Users\Янев\Downloads\favicomatic (1).zip 2015-04-07 12:45 - 2015-04-07 12:45 - 00007935 _____ () C:\Users\Янев\Downloads\favicomatic.zip 2015-04-06 08:37 - 2015-04-06 08:37 - 00000000 ____D () C:\Users\Янев\Tracing 2015-04-05 20:26 - 2015-04-05 20:26 - 00000680 _____ () C:\Users\Янев\Downloads\2BBE5FD6682C32AC09F8D856D319EA3D3EDBBF5B (1).torrent 2015-04-05 20:24 - 2015-04-05 20:24 - 00000680 _____ () C:\Users\Янев\Downloads\2BBE5FD6682C32AC09F8D856D319EA3D3EDBBF5B.torrent 2015-04-05 19:11 - 2015-04-15 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllWebMenus PRO 2015-04-05 19:11 - 2015-04-05 19:11 - 00001008 _____ () C:\Users\Public\Desktop\AllWebMenus 5 PRO.lnk 2015-04-05 18:58 - 2015-04-07 08:53 - 00000000 ____D () C:\ProgramData\{022cfc95-f387-79da-022c-cfc95f38f257} 2015-04-05 18:54 - 2015-04-07 08:53 - 00000000 ____D () C:\ProgramData\{76f0ab44-4f6d-82e2-76f0-0ab444f6ad11} 2015-04-05 18:36 - 2015-04-08 12:21 - 00000000 ____D () C:\Program Files\VK Switcher 2015-04-05 18:34 - 2015-04-15 10:12 - 00000000 ____D () C:\ProgramData\4902375531840523889 2015-04-05 18:32 - 2015-04-07 08:53 - 00000000 ____D () C:\ProgramData\{eb418a14-a568-2920-eb41-18a14a562852} 2015-04-05 13:26 - 2015-04-05 15:44 - 00000000 ____D () C:\Users\џ­Ґў 2015-04-05 13:26 - 2015-04-05 13:26 - 00000000 ____D () C:\Users\Янев\AppData\Local\CrashRpt 2015-04-05 11:49 - 2015-04-05 15:43 - 00000000 ____D () C:\Program Files\We Love Deals 2015-04-05 11:46 - 2015-04-05 15:43 - 00000000 ____D () C:\ProgramData\{d3032ddb-b9c6-2a87-d303-32ddbb9cb76e} 2015-04-04 14:56 - 2015-04-04 14:56 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\Opera Software 2015-04-04 14:56 - 2015-04-04 14:56 - 00000000 ____D () C:\Users\Янев\AppData\Local\Opera Software 2015-04-04 14:54 - 2015-04-05 15:43 - 00000000 ____D () C:\Program Files\Opera 2015-04-04 13:54 - 2015-04-04 13:54 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\Thinstall 2015-04-04 13:54 - 2015-04-04 13:54 - 00000000 ____D () C:\Users\Янев\AppData\Local\Thinstall 2015-04-04 13:49 - 2015-04-05 19:11 - 00000000 ____D () C:\Program Files\AllWebMenus5 2015-04-02 09:31 - 2015-04-02 09:31 - 00048374 _____ () C:\Users\Янев\Desktop\myMenu.awm 2015-04-02 09:22 - 2015-04-16 09:44 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\Likno Software 2015-04-02 09:20 - 2004-03-09 00:00 - 00152848 ____N (Microsoft Corporation) C:\Windows\system32\comdlg32.ocx 2015-04-02 09:19 - 2005-02-21 11:34 - 02011136 ____N (Codejock Software) C:\Windows\system32\XTP9510Lib.dll 2015-04-02 09:19 - 2002-10-24 17:08 - 00443392 ____N (LEAD Technologies, Inc.) C:\Windows\system32\ltkrn13n.dll 2015-04-02 09:19 - 2002-10-22 13:53 - 00393216 ____N (LEAD Technologies, Inc.) C:\Windows\system32\LFCMP13n.DLL 2015-04-02 09:19 - 2002-10-21 15:39 - 00181248 ____N (LEAD Technologies, Inc.) C:\Windows\system32\Lfpng13n.dll 2015-04-02 09:19 - 2002-10-21 15:31 - 01013760 ____N (LEAD Technologies, Inc.) C:\Windows\system32\Ltwvc13n.dll 2015-04-02 09:19 - 2002-10-21 15:03 - 00035328 ____N (LEAD Technologies, Inc.) C:\Windows\system32\lfgif13n.dll 2015-04-02 09:19 - 2002-10-21 15:02 - 00030208 ____N (LEAD Technologies, Inc.) C:\Windows\system32\lfbmp13n.dll 2015-04-02 09:19 - 2002-10-21 15:01 - 00446464 ____N (LEAD Technologies, Inc.) C:\Windows\system32\ltimg13n.dll 2015-04-02 09:19 - 2002-10-21 15:01 - 00205824 ____N (LEAD Technologies, Inc.) C:\Windows\system32\ltefx13n.dll 2015-04-02 09:19 - 2002-10-21 15:00 - 00139776 ____N (LEAD Technologies, Inc.) C:\Windows\system32\ltfil13n.DLL 2015-04-02 09:19 - 2002-10-21 14:53 - 00265728 ____N (LEAD Technologies, Inc.) C:\Windows\system32\LTDIS13n.dll 2015-04-02 09:18 - 2007-11-08 09:19 - 00129024 ____N (Microsoft Corporation) C:\Windows\system32\msstdfmt.dll 2015-04-02 09:16 - 2015-04-05 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Likno Web Tabs Builder 2015-04-02 09:15 - 2015-04-02 09:19 - 00024420 _____ () C:\Windows\system32\LiknoGridControl.tlb 2015-04-02 09:15 - 2013-05-27 15:53 - 00242184 ____N () C:\Windows\system32\LiknoGridControl.dll 2015-04-02 09:15 - 1998-06-24 10:55 - 00164144 ____N (Microsoft Corporation) C:\Windows\system32\comct232.ocx 2015-04-02 09:14 - 2008-01-18 13:10 - 01097728 ____N (Woodbury Associates Limited) C:\Windows\system32\UniBox210.ocx 2015-04-02 09:14 - 2008-01-18 13:10 - 00364544 ____N (Woodbury Associates Limited) C:\Windows\system32\UniGrid210.ocx 2015-04-02 09:14 - 2008-01-18 13:10 - 00212992 ____N (Woodbury Associates Limited) C:\Windows\system32\UniBoxVB12.ocx 2015-04-02 09:14 - 2008-01-18 13:09 - 00880640 ____N (Woodbury Associates Limited) C:\Windows\system32\UniBox10.ocx 2015-04-02 09:14 - 2007-09-14 10:06 - 00380928 ____N (Woodbury Associates Limited) C:\Windows\system32\UniFlexGrid10.ocx 2015-04-02 09:14 - 2007-09-14 10:06 - 00139264 ____N (Woodbury Associates Limited) C:\Windows\system32\uniflexsup.dll 2015-04-02 09:14 - 2002-03-13 17:46 - 00053248 ____N () C:\Windows\system32\ZLIB.DLL 2015-04-02 09:14 - 2000-05-22 17:58 - 00608448 ____N (Microsoft Corporation) C:\Windows\system32\comctl32.ocx 2015-04-02 09:13 - 2015-04-16 09:54 - 00000000 ____D () C:\ProgramData\InstallMate 2015-04-02 09:13 - 2015-04-05 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Likno Software 2015-04-02 09:13 - 2015-04-05 15:43 - 00000000 ____D () C:\Program Files\Likno Software 2015-03-30 13:04 - 2015-03-30 13:04 - 00000000 ____D () C:\Users\Янев\AndroidStudioProjects 2015-03-28 22:54 - 2015-03-28 22:54 - 00000000 ____D () C:\Проекти 2015-03-28 22:17 - 2015-03-30 13:05 - 00000000 ____D () C:\Users\Янев\.gradle 2015-03-26 22:14 - 2015-03-26 22:14 - 00004185 _____ () C:\Users\Янев\AppData\Roaming\SXL 2015-03-24 20:58 - 2015-04-10 10:31 - 00000144 _____ () C:\Users\Янев\Documents\SimController.log 2015-03-24 20:58 - 2015-03-24 20:58 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\SimController 2015-03-24 10:45 - 2015-03-24 10:45 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\JetBrains 2015-03-24 10:43 - 2015-03-30 11:09 - 00000000 ____D () C:\Users\Янев\.AndroidStudio 2015-03-24 10:41 - 2015-03-24 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio 2015-03-24 10:31 - 2015-03-31 08:34 - 00000000 ____D () C:\Users\Янев\AppData\Local\Android 2015-03-24 10:28 - 2015-03-30 13:28 - 00000000 ____D () C:\Program Files\Android ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-22 13:47 - 2014-05-12 12:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-22 13:47 - 2014-04-18 20:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-04-22 13:32 - 2009-07-14 07:34 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-22 13:32 - 2009-07-14 07:34 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-22 13:28 - 2014-04-18 16:28 - 01891079 _____ () C:\Windows\WindowsUpdate.log 2015-04-22 13:27 - 2014-04-28 12:39 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\ViberPC 2015-04-22 13:27 - 2014-04-19 08:34 - 00000427 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2015-04-22 13:25 - 2014-04-29 12:24 - 00000000 ____D () C:\Users\Янев\AppData\Local\Viber 2015-04-22 13:25 - 2014-04-28 12:32 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\Skype 2015-04-22 13:23 - 2009-07-14 07:33 - 04509896 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-22 13:22 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-22 13:22 - 2009-07-14 07:39 - 00055195 _____ () C:\Windows\setupact.log 2015-04-22 13:21 - 2010-11-21 00:48 - 00156772 _____ () C:\Windows\PFRO.log 2015-04-22 13:21 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\tracing 2015-04-22 12:40 - 2014-05-02 11:20 - 00000000 ____D () C:\Windows\Minidump 2015-04-22 12:38 - 2014-05-02 11:19 - 340928784 _____ () C:\Windows\MEMORY.DMP 2015-04-22 12:33 - 2014-04-29 15:58 - 00000000 ____D () C:\Users\Янев\Desktop\ПРОГРАМИ 2015-04-22 11:52 - 2014-06-24 09:33 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\Canon 2015-04-22 09:13 - 2014-04-18 19:35 - 00000000 ____D () C:\Windows\system32\Drivers\Avg 2015-04-21 18:14 - 2015-02-03 13:28 - 00011024 _____ () C:\Users\Янев\Desktop\ВАУЧЕРИ ТАБЛИЦА.xlsx 2015-04-21 08:39 - 2014-04-22 20:04 - 00000000 ____D () C:\Users\Янев\AppData\Local\Adobe 2015-04-20 09:52 - 2014-04-18 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Datecs Applications 2015-04-20 08:39 - 2014-04-28 09:11 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2015-04-17 09:32 - 2014-11-27 10:45 - 00000224 _____ () C:\Users\Янев\Desktop\Нов текстов документ (2).txt 2015-04-16 08:49 - 2010-11-21 00:01 - 00876526 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-15 10:49 - 2014-05-12 12:44 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-04-15 10:49 - 2014-05-12 12:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-04-15 10:47 - 2014-05-02 11:12 - 00000000 ____D () C:\Program Files\DSPRobotics 2015-04-15 09:59 - 2014-04-18 20:30 - 00000000 ____D () C:\Program Files\Google 2015-04-15 09:30 - 2014-04-18 16:35 - 00000000 ____D () C:\Users\Янев 2015-04-15 09:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-04-15 09:28 - 2014-11-28 18:29 - 00000000 ____D () C:\ProgramData\Tbccint 2015-04-15 09:28 - 2014-11-28 18:24 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2015-04-15 09:28 - 2014-08-18 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GenSoft 2015-04-15 09:28 - 2014-05-02 12:25 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\simplitec 2015-04-15 09:28 - 2014-05-02 12:12 - 00000000 ____D () C:\ProgramData\simplitec 2015-04-15 09:28 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\registration 2015-04-15 09:28 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\AppCompat 2015-04-15 09:27 - 2014-04-18 21:37 - 00000000 __RHD () C:\MSOCache 2015-04-14 10:04 - 2014-05-22 09:07 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-04-11 11:35 - 2014-05-02 09:42 - 00000041 _____ () C:\Windows\crw.ini 2015-04-11 11:35 - 2009-07-14 05:04 - 00001235 _____ () C:\Windows\win.ini 2015-04-08 08:45 - 2009-07-14 07:53 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-04-07 12:45 - 2014-05-16 18:02 - 00000000 ____D () C:\Users\Янев\AppData\Local\WinZip 2015-04-07 12:45 - 2014-05-16 18:02 - 00000000 ____D () C:\ProgramData\WinZip 2015-04-06 08:35 - 2014-04-28 12:32 - 00000000 ___RD () C:\Program Files\Skype 2015-04-06 08:35 - 2014-04-28 12:32 - 00000000 ____D () C:\ProgramData\Skype 2015-04-05 15:44 - 2014-05-16 18:02 - 00000000 ____D () C:\Program Files\WinZip 2015-04-05 15:43 - 2015-03-18 14:21 - 00000000 ____D () C:\Users\Янев\Desktop\Туроператор Юнион Ивкони в София_files 2015-04-05 15:43 - 2014-05-16 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2015-04-05 15:43 - 2010-11-21 03:46 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-04-05 15:42 - 2009-07-14 05:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2015-04-04 11:12 - 2014-10-30 10:30 - 00000000 ____D () C:\Users\Янев\AppData\Roaming\Likno 2015-04-03 11:17 - 2015-03-20 17:25 - 00000000 ____D () C:\Users\Янев\Documents\Unnamed Site 2 2015-04-01 10:01 - 2014-04-18 22:06 - 00000000 ____D () C:\ProgramData\KMSAutoS 2015-03-30 10:42 - 2014-04-18 16:43 - 00000000 ____D () C:\Program Files\Intel 2015-03-25 20:27 - 2014-04-29 15:55 - 00000000 ____D () C:\Users\Янев\Documents\Visual Studio 2008 2015-03-25 20:26 - 2014-04-18 21:38 - 00000000 ____D () C:\ProgramData\Microsoft Help ==================== Files in the root of some directories ======= 2015-04-15 10:12 - 2015-04-15 10:12 - 0000079 _____ () C:\Program Files\prefs.js 2015-04-11 11:35 - 2015-04-22 09:10 - 0000020 _____ () C:\Users\Янев\AppData\Roaming\appdataFr3.bin 2015-03-26 22:14 - 2015-03-26 22:14 - 0004185 _____ () C:\Users\Янев\AppData\Roaming\SXL 2014-07-11 07:14 - 2014-07-11 07:14 - 0007598 _____ () C:\Users\Янев\AppData\Local\Resmon.ResmonCfg 2014-04-18 18:51 - 2014-04-18 18:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Янев\AppData\Local\Temp\AcDeltree.exe C:\Users\Янев\AppData\Local\Temp\AllWebMenusSetup.exe C:\Users\Янев\AppData\Local\Temp\AYCTPnYqOuHpOWubwjpO.DLL C:\Users\Янев\AppData\Local\Temp\cEpLHckkxbkPwPvojIlq.DLL C:\Users\Янев\AppData\Local\Temp\dEFjGivjQFFhSelGRSLi.DLL C:\Users\Янев\AppData\Local\Temp\dsp_ipp.dll C:\Users\Янев\AppData\Local\Temp\EhSgWdUZSNVlGhuAhHZs.DLL C:\Users\Янев\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.0.exe C:\Users\Янев\AppData\Local\Temp\InitBDE.exe C:\Users\Янев\AppData\Local\Temp\jSfeZBczZHmgBgbImMKK.DLL C:\Users\Янев\AppData\Local\Temp\KubJZfMgtkGESfLVbdMZ.DLL C:\Users\Янев\AppData\Local\Temp\LiknoDropDownMenuTrees.exe C:\Users\Янев\AppData\Local\Temp\LiknoWebAccordionBuilderSetup.exe C:\Users\Янев\AppData\Local\Temp\LiknoWebButtonMakerSetup.exe C:\Users\Янев\AppData\Local\Temp\LiknoWebModalWindowsBuilderSetup.exe C:\Users\Янев\AppData\Local\Temp\LiknoWebScrollerBuilderSetup.exe C:\Users\Янев\AppData\Local\Temp\LiknoWebTabsBuilderSetup.exe C:\Users\Янев\AppData\Local\Temp\LiknoWebTooltipsBuilderSetup.exe C:\Users\Янев\AppData\Local\Temp\mgxoschk.dll C:\Users\Янев\AppData\Local\Temp\ose00000.exe C:\Users\Янев\AppData\Local\Temp\qFLziOkeTmXhPaJfdIFl.DLL C:\Users\Янев\AppData\Local\Temp\sfhfoaCPVqOFLBwFdcbP.DLL C:\Users\Янев\AppData\Local\Temp\SkypeSetup.exe C:\Users\Янев\AppData\Local\Temp\sMlRDJcsGsdClKJOpOXJ.DLL C:\Users\Янев\AppData\Local\Temp\uZnusiIojsYEZMjueGQA.DLL C:\Users\Янев\AppData\Local\Temp\vTynJYkIDsUrKDIBTpUm.DLL C:\Users\Янев\AppData\Local\Temp\_isB98F.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-14 17:16 ==================== End Of Log ============================
  11. syneok
    Четох от тук от там, до момента в който ме заболя главата. Утре ще направя всичко възможно да прочета статията за поддръжка. И много благодаря за помощта с проблема! (:
  12. syneok
    Изтрих Opera, ъпдейтнах Adobe Flash Player и Adobe reader. Премахнах Norton и McAfee Security Scan. И инсталирах AVG сега я чакам да си изтегли ъповете.
  13. syneok
    Извинявам се за забавянията, но изниква това онова вкъщи... Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 JavaFX 2.1.1 Java 6 Update 35 Java 7 Update 7 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.1.102.55 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 12.0.742.100 Google Chrome 13.0.782.112 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  14. syneok
    Ето го: OTL.Txt
  15. syneok
    Надявам се да е това. Понеже пишеше последния и изпратих другия. Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.12.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 g62 :: G62-PC [administrator] Protection: Enabled 12/10/2012 09:21:33 mbam-log-2012-10-12 (09-21-33).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208720 Time elapsed: 5 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{162CE9F4-217B-4724-8DE1-7B9900BEFC7C} (PUP.BFlix) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 75 C:\Windows\System32\protector.dll (PUP.BProtector) -> No action taken. C:\ProgramData\Adobe\Adobe PDF\Adobe PDF.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Adobe\CIT\CIT.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Adobe\Extension Manager CS5.5\Manager CS5.5.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Adobe\Reader\Reader.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Adobe\SLStore\SLStore.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\ATI\ACE\ACE.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\BitDefender\BitDefender.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\BitDefender\DTrace\DTrace.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Electronic Arts\Electronic Arts.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Electronic Arts\EA Core\EA Core.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Firefly Studios\Stronghold 2\Stronghold 2.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\HeidiSQL\Snippets\Snippets.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Hewlett-Packard\HP Ceement\Ceement.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Hewlett-Packard\HP Setup\Setup.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Hewlett-Packard\System Default Settings - TDC\Default Settings - TDC.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\HP Photo Creations\rlroot\rlroot.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\eHome\eHome.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Search Enhancement Pack\Enhancement Pack.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Windows.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows Defender\Defender.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows NT\Windows NT.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\WLSetup\WLSetup.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\{086A63F0-6B13-4F29-9695-134E7A01E963}.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Origin\Telemetry\Telemetry.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\PassMark\KeyboardTest\KeyboardTest.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Real\Update\Update.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Skype\{D103C4BA-F905-437A-8049-DB24763BBE36}\{D103C4BA-F905-437A-8049-DB24763BBE36}.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\Skype\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\ProgramData\WildTangent\WildTangent.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Adobe\Adobe PDF\Adobe PDF.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Adobe\Adobe QT32 Server\QT32 Server.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Adobe\Color\Color.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Adobe\Extension Manager CS5.5\Manager CS5.5.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Ahead\NeroVision\NeroVision.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\ATI\ACE\ACE.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\BitComet\BitComet.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\BitDefender\BitDefender.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Clones\Clones.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Command & Conquer 3 Tiberium Wars\& Conquer 3 Tiberium Wars.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Hamachi\Hamachi.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\LolClient\LolClient.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\LolClient2\Local Store\Store.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Macromedia\Macromedia.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Media Center Programs\Center Programs.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Microsoft\Document Building Blocks\Building Blocks.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Microsoft\Excel\Excel.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Microsoft\HTML Help\HTML Help.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Microsoft\Network\Network.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Microsoft\Windows\Windows.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Mozilla\Firefox\Firefox.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Registry Mechanic\Mechanic.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Registry Mechanic\CleanReports\CleanReports.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Skype\evaveselinova\evaveselinova.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Skype\eveveselinova\eveveselinova.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Skype\pacito95.#\pacito95.#.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Skype\shared_dynco\shared_dynco.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\SPORE\SPORE.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\SPORE\Preferences\Preferences.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1\StageManager.BD092818F67280F4B42B04877600987F0111B594.1.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\Thinstall\{87A6B43E-0F8F-467B-95A9-84011816C95A}\{87A6B43E-0F8F-467B-95A9-84011816C95A}.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\AppData\Roaming\YourFileDownloader\YourFileDownloader.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\Users.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\Public\Downloads\Downloads.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\MODIFIED\@PROGRAMFILES@\Nero\Nero.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\MODIFIED\@PROGRAMFILES@\Nero\Nero 10\Nero 10.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\MODIFIED\@PROGRAMFILESCOMMON@\Nero\Nero.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\STUBEXE\8.0.1135\8.0.1135.pif (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\STUBEXE\8.0.1135\@PROGRAMFILES@\Nero\Nero.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\SXS\SXS.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\SXS\Microsoft.VC80.ATL@8.0.50727.4053\Microsoft.VC80.ATL@8.0.50727.4053.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\SXS\Microsoft.VC80.CRT@8.0.50727.4053\Microsoft.VC80.CRT@8.0.50727.4053.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\SXS\Microsoft.VC80.MFC@8.0.50727.4053\Microsoft.VC80.MFC@8.0.50727.4053.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\SXS\Microsoft.VC80.MFCLOC@8.0.50727.4053\Microsoft.VC80.MFCLOC@8.0.50727.4053.bat (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Users\g62\Local Settings\Application Data\Xenocode\Sandbox\Nero Burning ROM\10,2,12,100\2010.10.31T09.31\Virtual\SXS\Microsoft.VC80.OpenMP@8.0.50727.4053\Microsoft.VC80.OpenMP@8.0.50727.4053.bat (Worm.AutoRun) -> Quarantined and deleted successfully. (end)
×
×
  • Създай ново...