РЕШЕН Проблем с Intel.exe

ares85ares · Септември 5, 2013

От няколко дни се появява това съобщение:

Мисля, че е гадина. Сканирах с MBAM,давам лог и от Hijackthis

От Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 20:13:37 ч., on 5.9.2013 г.
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\VM302Snap.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
D:\hamachi\hamachi-2-ui.exe
C:\Program Files\Clownfish\Clownfish.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Intel\intel.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.helpmefindyour.info/?pid=878&r=2013/04/10&hid=2955225978&lg=EN&cc=BG
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
R3 - URLSearchHook: (no name) - {0b7430e9-e659-4555-ac67-be3340aaa519} - (no file)
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
R3 - URLSearchHook: (no name) - {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [bigDogPath] C:\Windows\VM302Snap.exe Vimicro USB PC Camera (ZC0302)
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Clownfish] "C:\Program Files\Clownfish\Clownfish.exe"
O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [northbridge] C:\Intel\northbridge.exe
O8 - Extra context menu item: &Експортиране към Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Изпрати към OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Изпрати към OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [iNTERNATIONAL] International
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BrowserDefendert - Unknown owner - C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (file missing)
O23 - Service: GridspotService - Gridspot - C:\Program Files\Gridspot\GridspotService.exe
O23 - Service: Услуга Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Услуга на Google Актуализация (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\hamachi\hamachi-2.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files\Hi-Rez Studios\HiPatchService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files\Common Files\Steam\SteamService.exe" /RunAsService (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\Windows\system32\UAService7.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

От МВАМ

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Версия на базата от данни: v2013.09.05.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Asen :: ASEN-PC [администратор]

5.9.2013 г. 20:49:43 ч.
mbam-log-2013-09-05 (20-49-43).txt

Тип сканиране: Бързо сканиране
Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUM
Изключени опции за сканиране: P2P
Сканирани обекти: 230825
Изминало време: 10 минута(и), 38 секунда(и)

Открити процеси в паметта: 1
C:\Intel\intel.exe (PUP.BitCoinMiner) -> 4208 -> Ще бъде изтрит при рестартиране.

Открити модули в паметта: 0
(Не бяха открити зловредни обекти)

Открити ключове в системния регистър: 1
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Поставен под карантина и изтрит успешно.

Открити стойности в системния регистър: 0
(Не бяха открити зловредни обекти)

Открити информационни обекти в системния регистър: 0
(Не бяха открити зловредни обекти)

Открити папки: 0
(Не бяха открити зловредни обекти)

Открити файлове: 1
C:\Intel\intel.exe (PUP.BitCoinMiner) -> Ще бъде изтрит при рестартиране.

При рестартиране съобщението отново се появи

dan40o · Септември 5, 2013

HiJackThis е стар инструмент и вече не се използва. Затова по-добре направете сканиране с DDS.

ares85ares · Септември 7, 2013

Ето логовоте от DDS

attach.txt

dds.txt

B-boy/StyLe/ · Септември 7, 2013

Здравейте,

Intel.exe е добре познатия Bitcoin Miner, който докладвам на MBAM и вече се засича. Нека обаче да премахнем неговите асоциации + стартиращия се с Windows запис.

СТЪПКА 1

Изтеглете OTL.exe и го запазете на десктопа.
Стартирайте файла http://billy-oneal.com/forums/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png с двукратен клик на мишката (ако е необходимо, потвърдете през UAC).
Направете следните настройки:
Сложете отметка пред Scan All Users
Под менюто File Age изберете 90 days
Под менюто Standard Registry променете на ALL
Сложете отметки пред LOP и Purity Check

Под http://store.picbg.net/pubpic/0A/C1/c814d031472c0ac1.png с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
dir /s /a "C:\Intel" /c
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\temp\*.exe
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Local\*.
%USERPROFILE%\AppData\Local\temp\*.exe
%USERPROFILE%\AppData\Roaming\*.*
%USERPROFILE%\AppData\Roaming\*.
%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates\*.*
%USERPROFILE%\AppData\Local\Microsoft\*.*
%USERPROFILE%\AppData\Roaming\Microsoft\*.*
%windir%\AppPatch\*.*
%Public%\Documents\Fonts\*.exe
%Public%\Documents\Config\*.exe
%Public%\Documents\*.*
%ProgramData%\*.*
%ProgramData%\*.
%CommonProgramFiles%\*.*
%CommonProgramFiles%\ComObjects*.exe
%commonprogramfiles(x86)%\*.*
%ProgramFiles%\*.*
%ProgramFiles%\*.
%ProgramFiles(x86)%\*.*
%ProgramFiles(x86)%\*.
%programdata%\Microsoft\Windows\DRM\*.tmp
%programdata%\Microsoft\DRM\*.tmp
%systemroot%\system32\config\systemprofile\AppData\Local\*.*
%systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
%windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
%windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb
%windir%\temp\*.exe
%windir%\*.
%windir%\ShellNew\*.*
%windir%\installer\*.
%windir%\system32\*.
%windir%\sysnative\*.
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\syswow64\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\syswow64\drivers\*.sys /90
%systemroot%\syswow64\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%SYSTEMDRIVE%\*. /rp /s
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC\*.ini
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
%SystemRoot%\assembly\GAC_MSIL\*.ini
wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s
HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s
HKEY_CLASSES_ROOT\Directory\Shellex\CopyHookHandlers\MSCopy /s
HKEY_CURRENT_USER\Software\MSOLoad /s
HKEY_CURRENT_USER\Software\Microsoft\Direct3D /s
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication /s
type C:\WINDOWS\system.ini >> test.txt /c
bcdedit /enum all /v >C:\boot.txt /c
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
consrv.dll
services.exe
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
igdkmd64.sys
imapi.sys
fastfat.sys
atapi.sys
iaStor.sys
serial.sys
volsnap.sys
disk.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
csc.sys
tcpip.sys
kbdclass.sys
kbdhid.sys
mouclass.sys
mouhid.sys
spldr.sys
dfsc.sys
hlp.dat
str.sys
crexv.ocx
intel.exe
/md5stop

Натиснете маркираният в синьо бутон: Run Scan.
Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

СТЪПКА 2

Забелязах, че имате и някои потенциално нежелани приложения и затова да ги премахнам и тях...

Деинсталирайте от Control Panel-a следните тулбари:

DAEMON Tools Toolbar
uTorrentControl2 Toolbar

След това:

http://static.allmyapps.com/data/apps/17/2/17204/0957bdf64f785ad0601670e563cca39d_adwcleaner.png
Моля изтеглете AdwCleaner от Xplode и го запазете на вашия десктоп.

Кликнете с двукратен клик на мишката върху AdwCleaner.exe за да стартирате инструмента.(За потребителите на Vista/Windows 7/8 изберете с десен бутон върху иконата на инструмента и натиснете Run as administrator.
Натиснете бутона Scan.
Проверката ще започне...бъдете търпеливи докато тя завърши.
След като проверката приключи, натиснете бутона Report...Ще се отвори текстов лог файл с името (AdwCleaner[R0].txt).
Прикачете съдържанието на лог файла в следващия си коментар.
Копия с логовете от дейността на инструмена ще бъдат съхранени в папката C:\AdwCleaner, която ще бъде създадена след стартирането на инструмента.

ares85ares · Септември 7, 2013

Ето логовете

OTL.Txt

Extras.Txt

AdwCleanerR0.txt

B-boy/StyLe/ · Септември 7, 2013

СТЪПКА 1

Стартирайтe AdwCleaner.exe отново.

Натиснете бутона Scan.
AdwCleaner ще започне да проверява компютъра, както преди.
След като проверката приключи...този път натиснете бутона Clean тъй като няма неща които да не са за триене от лога.
Натиснете OK на диалоговия прозорец, който ще се появи подканвайки Ви да затворите всички активни приложения.
Натиснете OK отново за да позволите наAdwCleaner да рестартира компютъра и да довърши почистващия процес.
След рестарта ще се появи автоматично лог файл с името (AdwCleaner[s0].txt).
Прикачете съдържанието му в следващия си коментар
Копие на лог файла можеш да намериш и в папката C:\AdwCleaner.

СТЪПКА 2

Ще я постна след малко като анализирам логовете.

ares85ares · Септември 7, 2013

Ето го

AdwCleanerS0.txt

B-boy/StyLe/ · Септември 7, 2013

Стартирайте файла http://billy-oneal.com/forums/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png с двукратен клик на мишката.
Под http://store.picbg.net/pubpic/0A/C1/c814d031472c0ac1.png с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):
:OTL
SRV - File not found [Auto | Stopped] -- C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Asen\AppData\Local\Temp\mbr.sys -- (mbr)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2938
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.helpmefindyour.info/?pid=878&r=2013/04/10&hid=2955225978&lg=EN&cc=BG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2938
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2938
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.helpmefindyour.info/?l=1&q={searchTerms}&pid=878&r=2013/04/10&hid=2955225978&lg=EN&cc=BG
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={3E23F5B6-EA94-11E0-B589-001F8100011C}
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2938
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=2938
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2938
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\URLSearchHook: {0b7430e9-e659-4555-ac67-be3340aaa519} - No CLSID value found
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\URLSearchHook: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - No CLSID value found
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\SearchScopes\{057ACA0B-1216-48E3-99B7-6FB952B116A1}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q={searchTerms}
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=9834001F8100011C&affID=119776&tt=150813_ctrl1&tsp=4978
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PTV2&o=15851&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=H3&apn_dtid=YYYYYYYYBG&apn_uid=1AD6D80B-00A5-4E37-B1A8-7C373EB4D42C&apn_sauid=4532F79F-CDB0-4664-BA46-873F3231918C
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.mystart.com/search_w.php?fr=chr-vmn&type=mydietingplan1_0msch&q={searchTerms}
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\SearchScopes\{5D3FAD58-9A59-4463-B75C-BC3E64BFA070}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2670199
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={05A81725-81D4-4FE4-8CA6-E922627EE102}&mid=e9381560a7f647d0ad69d156c7e4e8ef-a2d1099bd16fd2f446b95ded9e6f7709b261107c&lang=en&ds=ft011&pr=sa&d=2012-03-19 19:49:11&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.helpmefindyour.info/?l=1&q={searchTerms}&pid=878&r=2013/04/10&hid=2955225978&lg=EN&cc=BG
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\SearchScopes\{D27B3226-3DE8-46E5-AE40-F9C96E1FAF19}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1708250
IE - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={3E23F5B6-EA94-11E0-B589-001F8100011C}
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: "Free Lunch Design TB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://websearch.helpmefindyour.info/?pid=878&r=2013/04/10&hid=2955225978&lg=EN&cc=BG&l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=766371&ilc=12"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "http://www1.delta-search.com/?babsrc=HP_ss&mntrId=9834001F8100011C&affID=119776&tt=150813_ctrl1&tsp=4978"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0
FF - prefs.js..extensions.enabledAddons: ffxtlbra%40softonic.com:1.5.0
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
[2013.07.21 23:02:52 | 000,000,000 | ---D | M] (brothersoft afc Community Toolbar) -- C:\Users\Asen\AppData\Roaming\mozilla\Firefox\Profiles\zsgy2pct.default\extensions\{0b7430e9-e659-4555-ac67-be3340aaa519}
[2013.07.21 23:03:00 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Asen\AppData\Roaming\mozilla\Firefox\Profiles\zsgy2pct.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012.05.19 22:17:24 | 000,000,000 | ---D | M] (wxDfast) -- C:\Users\Asen\AppData\Roaming\mozilla\Firefox\Profiles\zsgy2pct.default\extensions\4fa25fdfa8dd8@4fa25fdfa8dd9.info
[2013.08.18 10:20:47 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Asen\AppData\Roaming\mozilla\Firefox\Profiles\zsgy2pct.default\extensions\ffxtlbr@delta.com
[2012.05.12 21:44:23 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Asen\AppData\Roaming\mozilla\Firefox\Profiles\zsgy2pct.default\extensions\ffxtlbra@softonic.com
[2013.08.08 15:07:04 | 000,249,988 | ---- | M] () (No name found) -- C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\extensions\gophoto@gophoto.it.xpi
[2013.05.02 11:28:53 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\extensions\plugin@yontoo.com.xpi
[2013.06.30 11:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\extensions\trtv3@trtv.com.xpi
[2012.10.20 07:29:35 | 000,002,536 | ---- | M] () -- C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\searchplugins\browsemngr.xml
[2013.01.09 02:08:26 | 000,000,943 | ---- | M] () -- C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\searchplugins\conduit.xml
[2011.10.27 15:06:18 | 000,002,520 | ---- | M] () -- C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\searchplugins\SearchResults.xml
[2012.05.12 21:44:14 | 000,002,060 | ---- | M] () -- C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\searchplugins\softonic.xml
[2011.09.29 15:24:37 | 000,003,915 | ---- | M] () -- C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\searchplugins\SweetIM Search.xml
[2013.05.02 11:29:16 | 000,007,838 | ---- | M] () -- C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\searchplugins\WebSearch.xml
CHR - homepage: http://websearch.helpmefindyour.info/?pid=878&r=2013/04/10&hid=2955225978&lg=EN&cc=BG
CHR - Extension: Torntv 3 = C:\Users\Asen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj\3.0_0\
CHR - Extension: uTorrentControl2 = C:\Users\Asen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.5.0.1_0\
CHR - Extension: GoPhoto.it = C:\Users\Asen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.6_0\
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\Toolbar\WebBrowser: (no name) - {0B7430E9-E659-4555-AC67-BE3340AAA519} - No CLSID value found.
O3 - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-377520848-1481442156-2034584207-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-377520848-1481442156-2034584207-1000..\Run: [northbridge] C:\Intel\northbridge.exe ()
O8 - Extra context menu item: &Експортиране към Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
MsConfig - StartUpReg: northbridge - hkey= - key= - C:\Intel\northbridge.exe ()
[2013.09.03 11:38:57 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2013.09.02 22:20:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013.09.02 22:20:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013.08.18 10:20:38 | 000,000,000 | ---D | C] -- C:\Users\Asen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013.08.18 10:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013.08.18 10:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.08.18 10:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Gophoto.it
[2013.08.18 10:18:34 | 000,000,000 | ---D | C] -- C:\Users\Asen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[2013.08.18 10:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\TornTV.com
[2013.06.26 15:37:12 | 000,000,000 | ---D | C] -- C:\Intel
[2013.06.28 01:50:07 | 000,000,000 | ---D | C] -- C:\Users\Asen\AppData\Roaming\InstallDir
[2013.05.02 11:42:07 | 000,000,000 | ---D | M] -- C:\Users\Asen\AppData\Local\Conduit
[2012.05.24 22:57:25 | 000,000,000 | ---D | M] -- C:\Users\Asen\AppData\Local\CRE
[2012.10.27 19:58:54 | 000,000,000 | ---D | M] -- C:\Users\Asen\AppData\Local\DownTango
[2013.09.04 22:03:56 | 000,027,411 | ---- | M] () -- C:\Users\Asen\AppData\Local\temp\i4jdel0.exe
[2013.07.31 12:40:26 | 031,954,536 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Asen\AppData\Local\temp\SkypeSetup.exe
[2012.10.20 07:29:00 | 000,000,000 | ---D | M] -- C:\Users\Asen\AppData\Roaming\YourFileDownloader
[2012.05.05 15:41:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2013.09.02 23:44:45 | 000,000,000 | ---D | M] -- C:\ProgramData\BetterSoft
[2011.10.27 20:44:35 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2013.09.02 23:46:18 | 000,000,000 | ---D | M] -- C:\ProgramData\BrowserDefender
[2013.09.02 23:44:45 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2013.09.02 22:34:39 | 000,000,000 | ---D | M] -- C:\Program Files\BrowseToSave
[2012.05.24 22:57:18 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2011.01.15 10:21:07 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Toolbar
[2013.08.18 10:20:30 | 000,000,000 | ---D | M] -- C:\Program Files\Delta
[2013.08.18 10:18:59 | 000,000,000 | ---D | M] -- C:\Program Files\Gophoto.it
[2013.04.10 21:50:58 | 000,000,000 | ---D | M] -- C:\Program Files\Optimizer Pro
[2012.10.20 07:31:06 | 000,000,000 | ---D | M] -- C:\Program Files\Red Sky
[2013.08.18 10:19:36 | 000,000,000 | ---D | M] -- C:\Program Files\TornTV.com
[2012.05.24 22:57:17 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrentControl2
[2013.09.02 22:54:44 | 000,000,000 | ---D | M] -- C:\Program Files\WebSearch
[2011.10.27 15:06:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows iLivid Toolbar
[2012.06.24 17:32:08 | 000,000,000 | ---D | M] -- C:\Program Files\Yontoo
:files
dir /s /a "C:\Users\Asen\AppData\Local\Intel" /c
c:\program files\dll-files.com fixer
c:\program files\protected search
c:\users\asen\appdata\local\temp\sweetimreinstall
c:\program files\yourfiledownloader
c:\users\asen\appdata\local\temp\fj_downloader.exe
d:\sweetimsetup.exe
netsh winsock reset catalog /c
ipconfig /flushdns /c
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A0135F4D-73FE-4DC1-BA12-698237853D29}"=-
"{13440EA1-CC0E-4311-8854-6339AFF816D6}"=-
"{241B7108-5FE5-46AE-8271-1E8205E7AEBD}"=-
"{3436826C-F637-404C-A66F-E46BE168483D}"=-
"{39E3BA31-1B6F-40C3-9D8E-DA4F4B8DC7F4}"=-
"{733853D6-897F-494A-B85A-04C6B5E8B771}"=-
"{764473F4-A0DE-4A1F-84CE-3A4625AFA653}"=-
"{7804D8A9-8741-484F-BEE6-7D7163076133}"=-
"{84DF5A9B-74EC-458D-92CE-10EC9464817B}"=-
"{8CC93161-585A-4BB6-B656-049F9CD337D4}"=-
"{946792A8-16D1-4E1B-8EEB-FBE63DD64193}"=-
"{A3C6418D-BFA5-4D77-9517-3B8CF3905A72}"=-
"{AF497C9F-BE69-4CB8-89F3-8DAC663298BD}"=-
"{C0002609-8887-4D90-9D22-EAC1961BDB15}"=-
"{D6257FB8-9A76-4CE8-B2A7-E331B57A184E}"=-
"{FC2D6B5A-1481-4229-9F4F-CCC3549903C5}"=-
"TCP Query User{2368FAD2-2BA4-45ED-ABCC-E614C5F3B2FD}C:\Program Files\TornTV.com\torntv downloader.exe"=-
"TCP Query User{C9545A03-7BFD-46C2-ACFB-57271723E77D}C:\users\asen\appdata\local\temp\fj_downloader.exe"=-
"UDP Query User{5BDFC594-6FE4-49B1-94B7-FF3144B31A92}C:\Program Files\TornTV.com\torntv downloader.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TornTV]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_48c708f2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowseToSave 1.74]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_b0285714]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Assistant WebSearch 1.74]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar]
:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix
Windows ще се рестартира и ще се създаде лог файл - OTL fix log. Публикувайте съдържанието му с Copy/Paste в следващия.

ares85ares · Септември 7, 2013

Само да кажа, че при последния рестарт съобщението не се появи.

All processes killed
Error: Unable to interpret <Quote> in the current context!
========== OTL ==========
Error: No service named BrowserDefendert was found to stop!
Service\Driver key BrowserDefendert not found.
File C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe not found.
Error: No service named mbr was found to stop!
Service\Driver key mbr not found.
File C:\Users\Asen\AppData\Local\Temp\mbr.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Bar| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-377520848-1481442156-2034584207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-377520848-1481442156-2034584207-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-377520848-1481442156-2034584207-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!
HKU\S-1-5-21-377520848-1481442156-2034584207-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-377520848-1481442156-2034584207-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0b7430e9-e659-4555-ac67-be3340aaa519} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b7430e9-e659-4555-ac67-be3340aaa519}\ not found.
Registry value HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{51a86bb3-6602-4c85-92a5-130ee4864f13} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51a86bb3-6602-4c85-92a5-130ee4864f13}\ not found.
Registry value HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a5ae8924-4036-420f-b7f6-a47e4b8f692e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}\ not found.
HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\SearchScopes\{057ACA0B-1216-48E3-99B7-6FB952B116A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057ACA0B-1216-48E3-99B7-6FB952B116A1}\ not found.
Registry key HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5D3FAD58-9A59-4463-B75C-BC3E64BFA070}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D3FAD58-9A59-4463-B75C-BC3E64BFA070}\ not found.
Registry key HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D27B3226-3DE8-46E5-AE40-F9C96E1FAF19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27B3226-3DE8-46E5-AE40-F9C96E1FAF19}\ not found.
Registry key HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "WebSearch" removed from browser.search.defaultenginename
Prefs.js: S", "WebSearch" removed from browser.search.defaultenginename,S
Prefs.js: "Free Lunch Design TB Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://websearch.hel...EN&cc=BG&l=1&q=" removed from browser.search.defaulturl
Prefs.js: "WebSearch" removed from browser.search.order.1
Prefs.js: S", "WebSearch" removed from browser.search.order.1,S
Prefs.js: "chr-greentree_ff&type=766371&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "" removed from browser.search.selectedEngine
Prefs.js: S", "WebSearch" removed from browser.search.selectedEngine,S
Prefs.js: "http://www1.delta-se..._ctrl1&tsp=4978" removed from browser.startup.homepage
Prefs.js: ffxtlbr%40delta.com:1.5.0 removed from extensions.enabledAddons
Prefs.js: ffxtlbra%40softonic.com:1.5.0 removed from extensions.enabledAddons
Prefs.js: plugin%40yontoo.com:1.20.02 removed from extensions.enabledAddons
Folder C:\Users\Asen\AppData\Roaming\mozilla\Firefox\Profiles\zsgy2pct.default\extensions\{0b7430e9-e659-4555-ac67-be3340aaa519}\ not found.
Folder C:\Users\Asen\AppData\Roaming\mozilla\Firefox\Profiles\zsgy2pct.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
C:\Users\Asen\AppData\Roaming\mozilla\Firefox\Profiles\zsgy2pct.default\extensions\4fa25fdfa8dd8@4fa25fdfa8dd9.info\content folder moved successfully.
C:\Users\Asen\AppData\Roaming\mozilla\Firefox\Profiles\zsgy2pct.default\extensions\4fa25fdfa8dd8@4fa25fdfa8dd9.info folder moved successfully.
Folder C:\Users\Asen\AppData\Roaming\mozilla\Firefox\Profiles\zsgy2pct.default\extensions\ffxtlbr@delta.com\ not found.
Folder C:\Users\Asen\AppData\Roaming\mozilla\Firefox\Profiles\zsgy2pct.default\extensions\ffxtlbra@softonic.com\ not found.
File C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\extensions\gophoto@gophoto.it.xpi not found.
File C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\extensions\plugin@yontoo.com.xpi not found.
C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\extensions\trtv3@trtv.com.xpi moved successfully.
File C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\searchplugins\browsemngr.xml not found.
File C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\searchplugins\conduit.xml not found.
File C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\searchplugins\SearchResults.xml not found.
File C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\searchplugins\softonic.xml not found.
File C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\searchplugins\SweetIM Search.xml not found.
File C:\Users\Asen\AppData\Roaming\mozilla\firefox\profiles\zsgy2pct.default\searchplugins\WebSearch.xml not found.
Use Chrome's Settings page to change the HomePage.
File C:\Users\Asen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj\3.0_0 not found.
File C:\Users\Asen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.5.0.1_0 not found.
File C:\Users\Asen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.6_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
File C:\Program Files\Yontoo\YontooIEClient.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B7430E9-E659-4555-AC67-BE3340AAA519} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B7430E9-E659-4555-AC67-BE3340AAA519}\ not found.
Registry value HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
File C:\Program Files\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-377520848-1481442156-2034584207-1000\Software\Microsoft\Windows\CurrentVersion\Run\\northbridge deleted successfully.
C:\Intel\northbridge.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Експортиране към Microsoft Excel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\northbridge\ deleted successfully.
C:\Windows\System32\AI_RecycleBin\{FABAC815-5E55-4304-9CB8-D8511C15822C} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{EFF6506C-A063-496C-9785-B3E14A2A9F85} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{EF8AEC6B-AE3D-49CE-AC1B-5CA975A34DEC} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{E507BE8A-3F7D-4335-BC92-6D58D1D6FA85} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{E4EB6AEA-01BB-465F-A7EA-AECC6F2AE7AC} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{E35B1E49-8FCD-4767-8632-76BECF609C82} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{D9E3B38B-4E60-43E2-80BB-7F7EED059256} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{D7D63EB8-FE92-4ED9-9CEF-2D163C3E066E} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{D74BFE26-4BB9-466F-947E-1AAF67691E97} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{CAFCE8B3-99CB-46FD-82E5-ADA25DC26690} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{CA6385F0-AE4A-45AA-ACEA-CC8026682506} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{C9E816C9-34E7-4CDE-A830-4AEC9F1FDD92} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{C98DEA1E-60AF-4FBA-9D92-9AC4DAD87D79} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{C90FDAF1-8BCB-4A8D-9570-2AA050AA67BF} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{C5B5A0D8-24B5-4421-B103-E751D8548CE8} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{AF16FD43-4F81-47A8-AC31-EB2227E2739D} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{A4E91D65-569C-47BF-96D7-79BC8D5D5464} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{991B2BE6-E33C-45F2-A2DA-C82E01100017} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{8A38E292-FD9C-4E20-A7A2-38FD62E3624C} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{886C5363-6A1B-4F9E-94A9-FA50149E138B} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{843C49C1-C757-439F-84A0-2F27D0D9A694} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{6B21A1A6-3CD1-4DA1-96F0-FDE88C4D8F69} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{688DC426-D56A-42B5-9C20-C83C873F8F79} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{677F8BD3-1607-473D-AF53-1FAFEEEAB5F7} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{46B93954-4D40-4863-96C8-09FCF05A0B1A} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{4003F02D-4D73-4F38-8079-4942C2689FF4} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{3ED43CC5-53CC-4530-988A-0F84F2DE614D} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{3A9C27F4-72AF-4FB7-A853-346CB2572F07} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{37F178E0-E832-4516-BE79-50733C6250C8} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{322E1D72-809C-4574-B67C-A0FD86813335} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{246A722E-2D98-4F20-ACE6-9231ADB1EABE} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{13E32520-10AF-4030-ADF7-4C7E5D5FDE05} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{107ADE50-7BE3-41B1-B7A2-461008695E27} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{083FF9B4-C8D4-4EA1-90EC-39F43022D54F} folder moved successfully.
C:\Windows\System32\AI_RecycleBin\{0404DA91-473D-4CC7-8383-BFA84007E1CE} folder moved successfully.
C:\Windows\System32\AI_RecycleBin folder moved successfully.
C:\Windows\System32\searchplugins folder moved successfully.
C:\Windows\System32\Extensions folder moved successfully.
Folder C:\Users\Asen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender\ not found.
Folder C:\Program Files\Delta\ not found.
Folder C:\ProgramData\BrowserDefender\ not found.
Folder C:\Program Files\Gophoto.it\ not found.
Folder C:\Users\Asen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com\ not found.
Folder C:\Program Files\TornTV.com\ not found.
C:\Intel folder moved successfully.
C:\Users\Asen\AppData\Roaming\InstallDir folder moved successfully.
Folder C:\Users\Asen\AppData\Local\Conduit\ not found.
Folder C:\Users\Asen\AppData\Local\CRE\ not found.
Folder C:\Users\Asen\AppData\Local\DownTango\ not found.
C:\Users\Asen\AppData\Local\temp\i4jdel0.exe moved successfully.
C:\Users\Asen\AppData\Local\temp\SkypeSetup.exe moved successfully.
Folder C:\Users\Asen\AppData\Roaming\YourFileDownloader\ not found.
Folder C:\ProgramData\Babylon\ not found.
Folder C:\ProgramData\BetterSoft\ not found.
Folder C:\ProgramData\boost_interprocess\ not found.
Folder C:\ProgramData\BrowserDefender\ not found.
C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\BB3DA80EF703F4AF folder moved successfully.
C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632} folder moved successfully.
C:\ProgramData\InstallMate\285A5584\cfg folder moved successfully.
C:\ProgramData\InstallMate\285A5584 folder moved successfully.
C:\ProgramData\InstallMate folder moved successfully.
C:\Program Files\BrowseToSave folder moved successfully.
Folder C:\Program Files\Conduit\ not found.
Folder C:\Program Files\DAEMON Tools Toolbar\ not found.
Folder C:\Program Files\Delta\ not found.
Folder C:\Program Files\Gophoto.it\ not found.
Folder C:\Program Files\Optimizer Pro\ not found.
Folder C:\Program Files\Red Sky\ not found.
Folder C:\Program Files\TornTV.com\ not found.
Folder C:\Program Files\uTorrentControl2\ not found.
Folder C:\Program Files\WebSearch\ not found.
Folder C:\Program Files\Windows iLivid Toolbar\ not found.
Folder C:\Program Files\Yontoo\ not found.
========== FILES ==========
< dir /s /a "C:\Users\Asen\AppData\Local\Intel" /c >
Volume in drive C is System Reserved
Volume Serial Number is 9834-7CCC
Directory of C:\Users\Asen\AppData\Local\Intel
27.06.2012 Ј. 23:46 <DIR> .
27.06.2012 Ј. 23:46 <DIR> ..
27.06.2012 Ј. 23:46 <DIR> IntelAppUpSDK
0 File(s) 0 bytes
Directory of C:\Users\Asen\AppData\Local\Intel\IntelAppUpSDK
27.06.2012 Ј. 23:46 <DIR> .
27.06.2012 Ј. 23:46 <DIR> ..
27.06.2012 Ј. 23:46 <DIR> Log
0 File(s) 0 bytes
Directory of C:\Users\Asen\AppData\Local\Intel\IntelAppUpSDK\Log
27.06.2012 Ј. 23:46 <DIR> .
27.06.2012 Ј. 23:46 <DIR> ..
17.01.2013 Ј. 18:43 117 FruitNinja.log
1 File(s) 117 bytes
Total Files Listed:
1 File(s) 117 bytes
8 Dir(s) 48я362я209я280 bytes free
C:\Users\Asen\Desktop\cmd.bat deleted successfully.
C:\Users\Asen\Desktop\cmd.txt deleted successfully.
File\Folder c:\program files\dll-files.com fixer not found.
File\Folder c:\program files\protected search not found.
File\Folder c:\users\asen\appdata\local\temp\sweetimreinstall not found.
File\Folder c:\program files\yourfiledownloader not found.
File\Folder c:\users\asen\appdata\local\temp\fj_downloader.exe not found.
File\Folder d:\sweetimsetup.exe not found.
< netsh winsock reset catalog /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Asen\Desktop\cmd.bat deleted successfully.
C:\Users\Asen\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Asen\Desktop\cmd.bat deleted successfully.
C:\Users\Asen\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A0135F4D-73FE-4DC1-BA12-698237853D29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0135F4D-73FE-4DC1-BA12-698237853D29}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13440EA1-CC0E-4311-8854-6339AFF816D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13440EA1-CC0E-4311-8854-6339AFF816D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{241B7108-5FE5-46AE-8271-1E8205E7AEBD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{241B7108-5FE5-46AE-8271-1E8205E7AEBD}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3436826C-F637-404C-A66F-E46BE168483D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3436826C-F637-404C-A66F-E46BE168483D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{39E3BA31-1B6F-40C3-9D8E-DA4F4B8DC7F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39E3BA31-1B6F-40C3-9D8E-DA4F4B8DC7F4}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{733853D6-897F-494A-B85A-04C6B5E8B771} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{733853D6-897F-494A-B85A-04C6B5E8B771}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{764473F4-A0DE-4A1F-84CE-3A4625AFA653} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{764473F4-A0DE-4A1F-84CE-3A4625AFA653}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7804D8A9-8741-484F-BEE6-7D7163076133} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7804D8A9-8741-484F-BEE6-7D7163076133}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{84DF5A9B-74EC-458D-92CE-10EC9464817B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84DF5A9B-74EC-458D-92CE-10EC9464817B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8CC93161-585A-4BB6-B656-049F9CD337D4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CC93161-585A-4BB6-B656-049F9CD337D4}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{946792A8-16D1-4E1B-8EEB-FBE63DD64193} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{946792A8-16D1-4E1B-8EEB-FBE63DD64193}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A3C6418D-BFA5-4D77-9517-3B8CF3905A72} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3C6418D-BFA5-4D77-9517-3B8CF3905A72}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF497C9F-BE69-4CB8-89F3-8DAC663298BD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF497C9F-BE69-4CB8-89F3-8DAC663298BD}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0002609-8887-4D90-9D22-EAC1961BDB15} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C0002609-8887-4D90-9D22-EAC1961BDB15}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6257FB8-9A76-4CE8-B2A7-E331B57A184E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6257FB8-9A76-4CE8-B2A7-E331B57A184E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC2D6B5A-1481-4229-9F4F-CCC3549903C5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2D6B5A-1481-4229-9F4F-CCC3549903C5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2368FAD2-2BA4-45ED-ABCC-E614C5F3B2FD}C:\Program Files\TornTV.com\torntv downloader.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C9545A03-7BFD-46C2-ACFB-57271723E77D}C:\users\asen\appdata\local\temp\fj_downloader.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5BDFC594-6FE4-49B1-94B7-FF3144B31A92}C:\Program Files\TornTV.com\torntv downloader.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TornTV\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_48c708f2\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowseToSave 1.74\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_b0285714\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Assistant WebSearch 1.74\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Asen
->Temp folder emptied: 31932492 bytes
->Temporary Internet Files folder emptied: 337266110 bytes
->Java cache emptied: 29047 bytes
->FireFox cache emptied: 225907657 bytes
->Google Chrome cache emptied: 160793467 bytes
->Opera cache emptied: 55276780 bytes
->Flash cache emptied: 190887 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hedev
->Temp folder emptied: 43164427 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3238240 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79666613 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 260036 bytes

Total Files Cleaned = 894,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 09072013_180008

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

B-boy/StyLe/ · Септември 7, 2013

Нормално...мисля че го премахнахме...

Бихте ли архивирали папката C:\_OTL\MovedFies => след това качете архива на този адрес => http://file.bg/

Публикувайте линк за download в следващия си коментар.

Също така:

СТЪПКА 1

http://cdn.alternativeto.net/i/dc4913bf-6d59-4a3b-b48b-b9c7f50756e9_28252.png Изтеглете Malwarebytes' Anti-Malware

Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.
Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.
Ако има намерени обновявания, тя ще ги изтегли и инсталира.
Стартирайте програмата и изберете "Perform Quick Scan", след това кликнете на Scan.
Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.
Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
Уверете се, че на всички редове има отметки (ако няма на някои обекти ги поставете ръчно), и кликнете на Remove Selected.
Когато всичко бъде премахнато, в Notepad ще бъде отворен лог.
Прикачете този лог в следващия си коментар в темата.

Забележка: Ако MalwareBytes'Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поискада рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

СТЪПКА 2

http://imageshack.us/a/img841/7292/thisisujrt.gif Моля изтеглете Junkware Removal Tool на вашия десктоп.
Спрете временно работата на защитните програми.
Стартирайте инструмента JRT.exe
Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
Моля копирайте съдържанието на лог файла в следващия си пост.

СТЪПКА 3

Добре е да направите и следното => Изтеглете и стартирайте инструмента на Symantec - Noscript.exe => изберете Disable (това ще попречи на някои зарази да се разпространяват)...Ако се наложи да пуснете после някакъв vbs, js или друг скрипт просто отново чрез инструмента изберете Enabled.

ares85ares · Септември 7, 2013

Линк:

Лог:

mbam-log-2013-09-07 (18-42-01).txt

и

JRT.txt

Много, много, много благодаря за помощта!!!

Редактиран Септември 7, 2013 от B-boy/StyLe/
Премахнат опасен линк! :)

B-boy/StyLe/ · Септември 7, 2013

Супер...изглежда чисто вече:

Обновете всички старти приложения, ако има засечени такива с помощта на PatchMyPC

А за да почистим използваните от нас инструменти:

Изтегли OTC.exe и го стартирай. Натиснете бутона CleanUp!.
Рестартирай компютъра, ако те попита!

Изтегли Delfix.exe и го стартирай. Сложи отметка пред Remove disinfection tools (трябва да има такава по-подразбиране, но все пак да си кажа) => натисни бутона Run

Инструмента ще се самоизтрие след като приключи своята задача!

Ако има инструменти, папки или логове от използваните от нас неща и те не са се изтрили при горе-споменатите процедури, ги изтрий ръчно.

Ако няма повече въпроси и проблеми, маркирам случая като РЕШЕН.

Поздрави и безопасно сърфиране! http://www.kaldata.com/forums/public/style_emoticons/default/bye1.gif

ares85ares · Септември 7, 2013

Отново много благодаря!!! :cap:

РЕШЕН Проблем с Intel.exe

Препоръчан пост

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Join the conversation