Може ли лаптопа ми сам да си произвежда вируси?

[Night_Raven]

Изтегли последната версия на Kaspersky Virus Removal Tool от тази страница, стратирай го и изчакай да се саморазархивира и инсталира.

Постави отметка на I accept the license agreement и кликни бутон Start.

Кликни бутона със зъбното колело вдясно и постави отметки на всички дялове на твърдия диск.

След това кликни бутон Actions вляво, вдясно избери Select action и махни двете отметки.

Кликни Automatic Scan вляво и кликни бутон Start scanning.

Ако случайно попита за някакво действие по време на сканирането, избери Skip.

След като приключи да сканира кликни бутона с хартиения лист (до бутона за настройките), вляво избери Detected Threats, кликни бутон Save и запази файла на удобно място. Копирай съдържанието на този коментар в следващия си коментар или (ако е доста текст) го прикачи.

Затвори Kaspersky Virus Removal Tool, това ще го деинсталира.

[B-boy/StyLe/]

Прегледах логовете и мисля, че тук става въпрос за полиморфен вирус Sality. 

 

 

Мне...става въпрос за KillAV.DR (Win32/AutoRun.Agent.UA worm).

[stani_mir]

             Дано този път да съм се справил добре. Тъй като нямаше име сложих такова, което да разпознавам лесно.

 

сканиране на вируси.txt

[Night_Raven]

Компютърът използва ли се в мрежа? Споделяш ли файлове и/или принтери от/на него?

[stani_mir]

Status: Detected   (events: 76)

28.2.2014 г. 11:46:56 ч. Detected adware not-a-virus:AdWare.Win32.Agent.ahgx C:\Documents and Settings\Administrator\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Medium

28.2.2014 г. 11:53:48 ч. Detected adware not-a-virus:AdWare.Win32.Agent.ahgx C:\Documents and Settings\Administrator\Local Settings\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Medium

28.2.2014 г. 11:55:03 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Documents\My Music\Music.scr High

28.2.2014 г. 11:55:07 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Documents\Documents.exe High

28.2.2014 г. 11:55:09 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Music.scr High

28.2.2014 г. 11:55:16 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Documents\My Pictures\Pictures.exe High

28.2.2014 г. 11:55:22 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Pictures.exe High

28.2.2014 г. 11:55:23 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Documents\My Videos\Videos.pif High

28.2.2014 г. 11:55:30 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Documents\My Videos\Sample Videos\Videos.pif High

28.2.2014 г. 11:55:35 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Favorites\Favorites.bat High

28.2.2014 г. 11:56:27 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Documents\Documents.exe High

28.2.2014 г. 11:56:30 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Public.exe High

28.2.2014 г. 11:56:32 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Documents\My Music\Music.scr High

28.2.2014 г. 11:56:39 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Documents\My Music\Sample Music\Music.scr High

28.2.2014 г. 11:56:47 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Documents\My Pictures\Pictures.exe High

28.2.2014 г. 11:56:48 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Documents\My Pictures\Sample Pictures\Pictures.exe High

28.2.2014 г. 11:56:49 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Documents\My Videos\Videos.pif High

28.2.2014 г. 11:56:56 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Favorites\Favorites.bat High

28.2.2014 г. 11:56:58 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Documents\My Videos\Sample Videos\Videos.pif High

28.2.2014 г. 11:56:59 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Downloads\Downloads.exe High

28.2.2014 г. 11:57:02 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Libraries\Libraries.pif High

28.2.2014 г. 11:57:06 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Music\Sample Music\Music.scr High

28.2.2014 г. 11:57:09 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Music\Music.scr High

28.2.2014 г. 11:57:11 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Pictures\Pictures.exe High

28.2.2014 г. 11:57:15 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Pictures\Sample Pictures\Pictures.exe High

28.2.2014 г. 11:57:17 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Recorded TV\Recorded TV.exe High

28.2.2014 г. 11:57:19 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Recorded TV\Sample Media\Media.bat High

28.2.2014 г. 11:57:24 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Videos\Videos.pif High

28.2.2014 г. 11:57:29 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Videos\Sample Videos\Videos.pif High

28.2.2014 г. 12:00:35 ч. Detected Trojan program Packed.Win32.Krap.iu C:\Documents and Settings\stanimirkata\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\17015b13-5cfefdf3//PE-Crypt.XorPE High

28.2.2014 г. 12:12:05 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\ProgramData\Documents\My Music\Music.scr High

28.2.2014 г. 12:12:08 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\ProgramData\Documents\Documents.exe High

28.2.2014 г. 12:12:10 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\ProgramData\Documents\My Music\Sample Music\Music.scr High

28.2.2014 г. 12:12:14 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\ProgramData\Documents\My Pictures\Pictures.exe High

28.2.2014 г. 12:12:15 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\ProgramData\Documents\My Pictures\Sample Pictures\Pictures.exe High

28.2.2014 г. 12:12:19 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\ProgramData\Documents\My Videos\Videos.pif High

28.2.2014 г. 12:12:23 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\ProgramData\Documents\My Videos\Sample Videos\Videos.pif High

28.2.2014 г. 12:12:24 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\ProgramData\Favorites\Favorites.bat High

28.2.2014 г. 12:12:34 ч. Detected Trojan program Trojan.Win32.Genome.sowp C:\TDSSKiller_Quarantine\25.02.2014_20.21.17\tdlfs0000\tsk0005.dta High

28.2.2014 г. 12:12:34 ч. Detected Trojan program Trojan-Downloader.Win32.Agent.exgl C:\TDSSKiller_Quarantine\25.02.2014_20.21.17\tdlfs0000\tsk0003.dta//UPX High

28.2.2014 г. 12:12:34 ч. Detected Trojan program Backdoor.Win64.TDSS.a C:\TDSSKiller_Quarantine\25.02.2014_20.21.17\tdlfs0000\tsk0008.dta High

28.2.2014 г. 12:12:35 ч. Detected Trojan program Trojan-Downloader.Win32.Agent.exgl C:\TDSSKiller_Quarantine\25.02.2014_20.21.17\tdlfs0001\tsk0003.dta//UPX High

28.2.2014 г. 12:12:35 ч. Detected Trojan program Trojan.Win32.Genome.sowp C:\TDSSKiller_Quarantine\25.02.2014_20.21.17\tdlfs0001\tsk0005.dta High

28.2.2014 г. 12:12:35 ч. Detected Trojan program Backdoor.Win64.TDSS.a C:\TDSSKiller_Quarantine\25.02.2014_20.21.17\tdlfs0001\tsk0008.dta High

28.2.2014 г. 12:12:35 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\TDSSKiller_Quarantine\25.02.2014_20.21.17\tdlfs0000\tsk0009.dta High

28.2.2014 г. 12:12:35 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\TDSSKiller_Quarantine\25.02.2014_20.21.17\tdlfs0001\tsk0009.dta High

28.2.2014 г. 12:15:32 ч. Detected adware not-a-virus:AdWare.Win32.Agent.ahgx C:\Users\Administrator\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Medium

28.2.2014 г. 12:20:58 ч. Detected adware not-a-virus:AdWare.Win32.Agent.ahgx C:\Users\Administrator\Local Settings\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Medium

28.2.2014 г. 12:22:06 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\All Users\Documents\My Music\Music.scr High

28.2.2014 г. 12:22:08 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\All Users\Documents\Documents.exe High

28.2.2014 г. 12:22:09 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\All Users\Documents\My Music\Sample Music\Music.scr High

28.2.2014 г. 12:22:14 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\All Users\Documents\My Pictures\Pictures.exe High

28.2.2014 г. 12:22:18 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\All Users\Documents\My Videos\Videos.pif High

28.2.2014 г. 12:22:19 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\All Users\Documents\My Pictures\Sample Pictures\Pictures.exe High

28.2.2014 г. 12:22:23 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\All Users\Documents\My Videos\Sample Videos\Videos.pif High

28.2.2014 г. 12:22:25 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\All Users\Favorites\Favorites.bat High

28.2.2014 г. 12:22:48 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Documents\Documents.exe High

28.2.2014 г. 12:22:51 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Documents\My Music\Music.scr High

28.2.2014 г. 12:22:53 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Public.exe High

28.2.2014 г. 12:22:56 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Documents\My Music\Sample Music\Music.scr High

28.2.2014 г. 12:23:01 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Documents\My Pictures\Pictures.exe High

28.2.2014 г. 12:23:05 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Documents\My Videos\Videos.pif High

28.2.2014 г. 12:23:06 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Documents\My Pictures\Sample Pictures\Pictures.exe High

28.2.2014 г. 12:23:12 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Downloads\Downloads.exe High

28.2.2014 г. 12:23:12 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Documents\My Videos\Sample Videos\Videos.pif High

28.2.2014 г. 12:23:18 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Libraries\Libraries.pif High

28.2.2014 г. 12:23:18 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Favorites\Favorites.bat High

28.2.2014 г. 12:23:24 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Music\Sample Music\Music.scr High

28.2.2014 г. 12:23:25 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Music\Music.scr High

28.2.2014 г. 12:23:30 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Pictures\Pictures.exe High

28.2.2014 г. 12:23:31 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Pictures\Sample Pictures\Pictures.exe High

28.2.2014 г. 12:23:37 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Recorded TV\Sample Media\Media.bat High

28.2.2014 г. 12:23:39 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Recorded TV\Recorded TV.exe High

28.2.2014 г. 12:23:40 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Videos\Videos.pif High

28.2.2014 г. 12:23:44 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Videos\Sample Videos\Videos.pif High

28.2.2014 г. 12:25:57 ч. Detected Trojan program Packed.Win32.Krap.iu C:\Users\stanimirkata\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\17015b13-5cfefdf3//PE-Crypt.XorPE High

Копютъра не е в мрежа. Не ползвам флашки и принтери. Споделям файлове по фейсбук.

[ba4o_kiro]

Мне...става въпрос за KillAV.DR (Win32/AutoRun.Agent.UA worm).

Аз съм доста объркан.

Според тази енциклопедия вируса Win32/AutoRun.Agent.UA worm трябва да се намира във папка %Temp%,

 А до тук всички логове сочат към  C:\Users.

[Night_Raven]

Изтегли Windows Worms Doors Cleaner и запази я на работния плот. Стартирай я като администратор. Кликни всички бутони, вляво от които има червен кръг с бял кръст. Ако ти се поиска някакво потвърждение, кликай Yes.

 

След това изключи System Restore функцията: кликни с десния бутон върху Computer и избери Properties, вляво кликни върху System Protection, после бутон Configure..., избери Turn off system protection и потвърди с OK на всички прозорци.

 

След това отвори Старт менюто, долу в полето за търсене напиши services.msc, след което кликни върху открития резултат. В списъка с услуги намери услугата Server, кликни два пъти върху нея, от падащото меню избери Disabled и потвърди с OK.

 

След това кликни с десния бутон върху мрежовата икона долу до часовника и избери Open Network and Sharing Center, вляво кликни Change adapter settings, десен клик върху мрежовата връзка -> Properties, там махни отметките на Client for Microsoft Networks и File and Printer Sharing for Microsoft Networks и потвърди с OK.

 

След това рестартирай компютъра, отново сканирай с Malwarebytes Anti-Malware и дай резултатите.

[ba4o_kiro]

Аз съм доста объркан.

Според тази енциклопедия вируса Win32/AutoRun.Agent.UA worm трябва да се намира във папка %Temp%,

 А до тук всички логове сочат към  C:\Users.

Имах предвид, този сайт:

http://www.eset.com/us/threat-center/encyclopedia/threats/win32autorunagentup/

[B-boy/StyLe/]

Имах предвид, този сайт:

http://www.eset.com/us/threat-center/encyclopedia/threats/win32autorunagentup/

 

Ами не...дал си линк за друга зараза - Win32/AutoRun.Agent.UP, не за Win32/AutoRun.Agent.UA

[stani_mir]

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Версия на базата от данни: v2014.02.24.04

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 11.0.9600.16518

Administrator :: STANIMIRKATA-PC [администратор]

 

Защита: включена

 

1.3.2014 г. 08:26:50 ч.

mbam-log-2014-03-01 (08-26-50).txt

 

Тип сканиране: Бързо сканиране

Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | 

 

PUM

Изключени опции за сканиране: P2P

Сканирани обекти: 284950

Изминало време: 12 минута(и), 34 секунда(и)

 

Открити процеси в паметта: 0

(Не бяха открити зловредни обекти)

 

Открити модули в паметта: 0

(Не бяха открити зловредни обекти)

 

Открити ключове в системния регистър: 0

(Не бяха открити зловредни обекти)

1.3.2014 г. 08:26:50 ч.

mbam-log-2014-03-01 (08-26-50).txt

 

Тип сканиране: Бързо сканиране

Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | 

 

PUM

Изключени опции за сканиране: P2P

Сканирани обекти: 284950

Изминало време: 12 минута(и), 34 секунда(и)

 

Открити процеси в паметта: 0

(Не бяха открити зловредни обекти)

 

Открити модули в паметта: 0

(Не бяха открити зловредни обекти)

 

Открити ключове в системния регистър: 0

(Не бяха открити зловредни обекти)

 

Открити стойности в системния регистър: 0

(Не бяха открити зловредни обекти)

 

Открити информационни обекти в системния регистър: 0

(Не бяха открити зловредни обекти)

 

Открити папки: 0

(Не бяха открити зловредни обекти)

 

Открити файлове: 8

C:\Users\Public\Documents\Documents.exe (Trojan.Chydo) -> Поставен под карантина и изтрит успешно.

C:\Users\Public\Downloads\Downloads.exe (Trojan.Chydo) -> Поставен под карантина и изтрит успешно.

C:\Users\Public\Favorites\Favorites.bat (Trojan.Chydo) -> Поставен под карантина и изтрит успешно.

C:\Users\Public\Libraries\Libraries.pif (Trojan.Chydo) -> Поставен под карантина и изтрит успешно.

C:\Users\Public\Music\Music.scr (Trojan.Chydo) -> Поставен под карантина и изтрит успешно.

C:\Users\Public\Pictures\Pictures.exe (Trojan.Chydo) -> Поставен под карантина и изтрит успешно.

C:\Users\Public\Recorded TV\Recorded TV.exe (Trojan.Chydo) -> Поставен под карантина и изтрит успешно.

C:\Users\Public\Videos\Videos.pif (Trojan.Chydo) -> Поставен под карантина и изтрит успешно.

 

(край)

[Night_Raven]

Добре, отново са премахнати файловете. По-късно ще проверим дали ще се върнат.

 

През това време ще премахнем други неща. Моля, деинсталирай следните продукти:

- FastAgain PC Booster;

- jv16 PowerTools;

- Internet Explorer Toolbar 4.6 by SweetPacks.

Това са ненужни и безполезни програми. Първите две може и да твърдят, че оптимизират и ускоряват системата, но това са лъжи.

 

След като ги деинсталираш изпълни следното...

 

Изтегли AdwCleaner и го запази на работния плот. Стартирай го и кликни бутон Scan. Изчакай да се сканира, след което кликни бутон Clean. Потвърди с OK на всички прозорци, което ще доведе до рестарт на системата. След рестарта ще се отвори текстов файл. Моля, копирай съдържанието му тук.

 

След това отново изготви дневници от FRST, както беше направил още в началото. Ако не си спомняш как, погледни отново т.2 от този коментар.

[stani_mir]

 AdwCleaner v3.020 - Report created 02/03/2014 at 12:26:45

# Updated 27/02/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

# Username : Administrator - STANIMIRKATA-PC

# Running from : C:\Users\Administrator\Desktop\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Alawar Stargaze

Folder Deleted : C:\ProgramData\AlawarWrapper

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\SweetIM

Folder Deleted : C:\Users\stanimirkata\AppData\Local\Babylon

Folder Deleted : C:\Users\stanimirkata\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\stanimirkata\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\stanimirkata\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Administrator\AppData\Local\Conduit

Folder Deleted : C:\Users\Administrator\AppData\Local\genienext

Folder Deleted : C:\Users\Administrator\AppData\Local\Mobogenie

Folder Deleted : C:\Users\Administrator\AppData\Local\NativeMessaging

Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Administrator\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\Administrator\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Administrator\AppData\LocalLow\SweetIM

Folder Deleted : C:\Users\Administrator\AppData\Roaming\Systweak

Folder Deleted : C:\Users\Administrator\Documents\Mobogenie

Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6msig1jy.default\SweetPacksToolbarData

Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6msig1jy.default\Extensions\ffxtlbr@searchya.com

Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6msig1jy.default\Extensions\staged

File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6msig1jy.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

File Deleted : C:\END

File Deleted : C:\Users\stanimirkata\AppData\Roaming\Mozilla\Firefox\Profiles\b8f4ijx6.default\searchplugins\Conduit.xml

File Deleted : C:\Users\stanimirkata\AppData\Roaming\Mozilla\Firefox\Profiles\b8f4ijx6.default\searchplugins\daemon-search.xml

File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6msig1jy.default\searchplugins\searchya.xml

File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6msig1jy.default\searchplugins\SweetIm.xml

File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6msig1jy.default\user.js

 

***** [ Shortcuts ] *****

[stani_mir]

Scan резултат на възстановяване на Farbar Scan Tool (Frst) (x86) Version: 03.02.2014 01

Ран от Administrator (администратор) на STANIMIRKATA-PC на 03.02.2014 13:41:04

В ход от C: Users \ Administrator \ Desktop \

Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Език: English (US)

Internet Explorer Version 9

Boot Mode: Normal

 

Единствената официална връзка за изтегляне The за Frst:

Изтегляне на връзката за 32-битова версия: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Изтегляне на връзката за 64-битова версия: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Изтегляне на връзката от всяко място, различно от Bleeping Computer е неразрешената или остаряла.

Вижте настойнически за Frst: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Процеси (в белия списък) =================

 

(Malwarebytes Corporation) C: \ Program Files \ Malwarebytes 'Anti-Malware \ mbamscheduler.exe

(Malwarebytes Corporation) C: \ Program Files \ Malwarebytes 'Anti-Malware \ mbamservice.exe

(Skype Technologies SA) C: \ ProgramData \ Skype \ Toolbars \ Skype C2C Service \ c2c_service.exe

(Malwarebytes Corporation) C: \ Program Files \ Malwarebytes 'Anti-Malware \ mbamgui.exe

(TeamViewer GmbH) C: \ Program Files \ TeamViewer \ Version8 \ TeamViewer_Service.exe

(TOSHIBA Corporation) C: \ Program Files \ Toshiba \ Power Saver \ TosCoSrv.exe

(TOSHIBA Corporation) C: \ Program Files \ Toshiba \ Power Saver \ TPwrMain.exe

(TOSHIBA Corporation) C: \ Program Files \ Toshiba \ SmoothView \ SmoothView.exe

(TOSHIBA Corporation) C: \ Program Files \ Toshiba \ FlashCards \ TCrdMain.exe

(Realtek Semiconductor) C: \ Program Files \ Realtek \ Audio \ HDA \ RtHDVCpl.exe

(Google) C: \ Program Files \ Google \ диск \ googledrivesync.exe

(Skype Technologies SA) C: \ Program Files \ Skype \ Phone \ Skype.exe

(Google Инк.) C: \ Users \ Administrator \ AppData \ Local \ Google \ обновяване \ GoogleUpdate.exe

(Google Инк.) C: \ Users \ Administrator \ AppData \ Local \ Google \ обновяване \ 1.3.22.5 \ GoogleCrashHandler.exe

(Google) C: \ Program Files \ Google \ диск \ googledrivesync.exe

(Intel Corporation) C: \ Windows \ system32 \ igfxext.exe

(Intel Corporation) C: \ Windows \ system32 \ igfxsrvc.exe

(TOSHIBA CORPORATION) C: \ Program Files \ TOSHIBA \ ConfigFree \ CFIWmxSvcs.exe

(TOSHIBA CORPORATION) C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe

(Google Инк.) C: \ Program Files \ Google \ обновяване \ 1.3.22.5 \ GoogleCrashHandler.exe

(Google Инк.) C: \ Users \ Administrator \ AppData \ Local \ Google \ Chrome \ Application \ chrome.exe

(Google Инк.) C: \ Users \ Administrator \ AppData \ Local \ Google \ Chrome \ Application \ chrome.exe

(Google Инк.) C: \ Users \ Administrator \ AppData \ Local \ Google \ Chrome \ Application \ chrome.exe

 

 

==================== Вписванията (в белия списък) ==================

 

HKLM \ ... \ Run: [TPwrMain] - C: \ Program Files \ TOSHIBA \ Power Saver \ TPwrMain.EXE [480608 2009-11-05] (TOSHIBA Corporation)

HKLM \ ... \ Run: [HSON] - C: \ Program Files \ TOSHIBA \ TBS \ HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)

HKLM \ ... \ Run: [smoothView] - C: \ Program Files \ Toshiba \ SmoothView \ SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)

HKLM \ ... \ Run: [00TCrdMain] - C: \ Program Files \ TOSHIBA \ FlashCards \ TCrdMain.exe [738616 2009-11-10] (TOSHIBA Corporation)

HKLM \ ... \ Run: [RtHDVCpl] - C: \ Program Files \ Realtek \ Audio \ HDA \ RtHDVCpl.exe [7625248 2009-08-03] (Realtek Semiconductor)

HKU \ S-1-5-21-3877745543-721231576-308643949-500 \ ... \ Run: [GoogleDriveSync] - C: \ Program Files \ Google \ диск \ googledrivesync.exe [21822128 30.01.2014] ( Google)

HKU \ S-1-5-21-3877745543-721231576-308643949-500 \ ... \ Run: [skype] - C: \ Program Files \ Skype \ Phone \ Skype.exe [20584608 11.14.2013] ( Skype Technologies SA)

HKU \ S-1-5-21-3877745543-721231576-308643949-500 \ ... \ Run: [Google Актуализиране] - C: \ Users \ Administrator \ AppData \ Local \ Google \ обновяване \ GoogleUpdate.exe [136176 2012 -01-28] (Google Инк.)

HKU \ S-1-5-21-3877745543-721231576-308643949-500 \ ... \ Run: [GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949] - C: \ Users \ Administrator \ AppData \ Local \ Google \ Chrome \ Application \ chrome.exe [859464 02.20.2014] (Google Инк.)

 

==================== Интернет (в белия списък) ====================

 

HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP

HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page Redirect Cache_TIMESTAMP = 0xD85DDBE045F8CC01

HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page Redirect Cache AcceptLangs = BG-BG

HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://www.google.com/ie

HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://www.google.com/ie

SearchScopes: HKLM - DefaultScope стойност липсва.

SearchScopes: HKCU - 8C9FE4FB335944C1A160FD3BBF0AF8B5 URL = http://searchya.com/?chnl=dcom-100&s=1&cr=1497037303&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDtAtCyE&q={searchTerms}

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q = {съсухрен

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C: \ Program Files \ Microsoft Office \ Office14 \ GROOVEEX.DLL (Microsoft Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C: \ Program Files \ Microsoft Office \ Office14 \ URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435B-BC74-9C25C1C588A9} - C: \ Program Files \ Java \ jre6 \ бен \ jp2ssv.dll (Sun Microsystems, Inc)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

Handler: Skype-т.е.-адон-данни - {91774881-D725-4E58-B298-07617B9B86A8} - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ skypeieplugin.dll (Skype Technologies SA)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C: \ Program Files \ Common Files \ Skype \ Skype4COM.dll (Skype Technologies)

Силите: 127.0.0.1 Localhost

TCPIP \ Параметри: [DhcpNameServer] 217.9.237.182 84.252.0.18

 

FireFox:

========

FF ProfilePath: C: \ Users \ Administrator \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ 6msig1jy.default

FF Plugin: @ adobe.com / FlashPlayer - C: \ Windows \ system32 \ Macromed \ Flash \ NPSWF32_12_0_0_70.dll ()

FF Plugin: @ Google.com / GoogleEarthPlugin - C: \ Program Files \ Google \ Google Earth \ плъгин \ npgeplugin.dll (Google)

FF Plugin: @ google.com/npPicasa3, версия 3.0.0 = - C: \ Program Files \ Google \ Picasa3 \ npPicasa3.dll (Google, Inc)

FF Plugin: @ java.com / JavaPlugin - C: \ Program Files \ Java \ jre6 \ бен \ new_plugin \ npjp2.dll (Sun Microsystems, Inc)

FF Plugin: @ microsoft.com / GENUINE - инвалиди No File

FF Plugin: @ microsoft.com / OfficeAuthz, версия = 14.0 - C: \ Progra ~ 1 \ MICROS ~ 2 \ Office14 \ NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @ microsoft.com / SharePoint, версия = 14.0 - C: \ Progra ~ 1 \ MICROS ~ 2 \ Office14 \ NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @ tools.google.com / Google обновяване; версия = 3 - C: \ Program Files \ Google \ обновяване \ 1.3.22.5 \ npGoogleUpdate3.dll (Google Инк.)

FF Plugin: @ tools.google.com / Google обновяване; версия = 9 - C: \ Program Files \ Google \ обновяване \ 1.3.22.5 \ npGoogleUpdate3.dll (Google Инк.)

FF Plugin: Adobe Reader - C: \ Program Files \ Adobe \ Reader 10.0 Reader \ AIR \ nppdf32.dll \ (Adobe Systems, Inc)

FF Plugin HKCU: @ talk.google.com / GoogleTalkPlugin - C: \ Users \ Administrator \ AppData \ Roaming \ Mozilla \ плъгини \ npgoogletalk.dll (Google)

FF Plugin HKCU: @ talk.google.com/O1DPlugin - C: \ Users \ Administrator \ AppData \ Roaming \ Mozilla \ плъгини \ npo1d.dll (Google)

FF Plugin HKCU: @ talk.google.com/O3DPlugin - C: \ Users \ Administrator \ AppData \ Roaming \ Mozilla \ плъгини \ npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @ tools.google.com / Google обновяване; версия = 3 - C: \ Users \ Administrator \ AppData \ Local \ Google \ обновяване \ 1.3.22.5 \ npGoogleUpdate3.dll (Google Инк.)

FF Plugin HKCU: @ tools.google.com / Google обновяване; версия = 9 - C: \ Users \ Administrator \ AppData \ Local \ Google \ обновяване \ 1.3.22.5 \ npGoogleUpdate3.dll (Google Инк.)

FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ nppdf32.dll (Adobe Systems, Inc)

FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ npqtplugin.dll (Apple Инк.)

FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ npqtplugin2.dll (Apple Инк.)

FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ npqtplugin3.dll (Apple Инк.)

FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ npqtplugin4.dll (Apple Инк.)

FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ npqtplugin5.dll (Apple Инк.)

FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ npqtplugin6.dll (Apple Инк.)

FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ npqtplugin7.dll (Apple Инк.)

FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ npzylomgamesplayer.dll (Zylom)

FF Plugin ProgramFiles / AppData: C: \ Users \ Administrator \ AppData \ Roaming \ Mozilla \ плъгини \ npgoogletalk.dll (Google)

FF Plugin ProgramFiles / AppData: C: \ Users \ Administrator \ AppData \ Roaming \ Mozilla \ плъгини \ npgtpo3dautoplugin.dll ()

FF Plugin ProgramFiles / AppData: C: \ Users \ Administrator \ AppData \ Roaming \ Mozilla \ плъгини \ npo1d.dll (Google)

FF Extension: Speed ​​Dial - [2012-01-28]

FF Extension: Skype Кликнете да се обадя - C: \ Program Files \ Mozilla Firefox разширения \ \ {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-02-27]

 

========================== Services (в белия списък) =================

 

R2 cfWiMAXService; C: \ Program Files \ TOSHIBA \ ConfigFree \ CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)

R2 ConfigFree Service; C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)

R2 MBAMScheduler; C: \ Program Files \ Malwarebytes 'Anti-Malware \ mbamscheduler.exe [418376 04.04.2013] (Malwarebytes Corporation)

R2 MBAMService; C: \ Program Files \ Malwarebytes 'Anti-Malware \ mbamservice.exe [701512 04.04.2013] (Malwarebytes Corporation)

R2 Skype C2C Service; C: \ ProgramData \ Skype \ Toolbars \ Skype C2C Service \ c2c_service.exe [3048136 2012-05-30] (Skype Technologies SA)

 

==================== Drivers (в белия списък) ====================

 

R3 MBAMProtector; C: \ Windows \ System32 \ Drivers \ mbam.sys [22856 04.04.2013] (Malwarebytes Corporation)

R3 NETwLv32; C: \ Windows \ System32 \ Drivers \ NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)

S3 pwdrvio; C: \ Windows \ system32 \ pwdrvio.sys [16472 2011-05-06] ()

S3 pwdspio; C: \ Windows \ system32 \ pwdspio.sys [11104 2011-05-06] ()

S3 UVCFTR; C: \ Windows \ System32 \ Drivers \ UVCFTR_S.SYS [17960 2009-04-10] (Chicony Electronics Ко ООД)

S3 Andbus; system32 \ DRIVERS \ lgandbus.sys [X]

S3 AndDiag; system32 \ DRIVERS \ lganddiag.sys [X]

S3 AndGps; system32 \ DRIVERS \ lgandgps.sys [X]

S3 ANDModem; system32 \ DRIVERS \ lgandmodem.sys [X]

S3 androidusb; System32 \ Drivers \ lgandadb.sys [X]

S3 ApfiltrService; system32 \ DRIVERS \ Apfiltr.sys [X]

S3 cpuz135; \ \ C:? \ Windows \ Temp \ cpuz135 \ cpuz135_x32.sys [X]

S1 ijfsefak; \ \ C:? \ Windows \ System32 \ Drivers \ ijfsefak.sys [X]

S3 lmimirr; system32 \ DRIVERS \ lmimirr.sys [X]

S1 prbifnoo; \ \ C:? \ Windows \ System32 \ Drivers \ prbifnoo.sys [X]

S3 VGPU; System32 \ Drivers \ rdvgkmd.sys [X]

S3 WinRing0_1_2_0; \ \ D:? \ INSTALL \ RealTemp_360 \ WinRing0.sys [X]

 

==================== NetSvcs (в белия списък) ===================

 

 

==================== Едномесечен създадените файлове и папки ========

 

02.03.2014 13:41 - 02.03.2014 13:41 - 00011554 _____ () C: \ Users \ Administrator \ Desktop \ FRST.txt

02.03.2014 13:40 - 02.03.2014 13:40 - 01144832 _____ (Farbar) C: \ Users \ Administrator \ Desktop \ FRST.exe

02.03.2014 12:24 - 02.03.2014 12:26 - 00000000 ____ D () C: \ AdwCleaner

02.03.2014 12:23 - 02.03.2014 12:24 - 01244192 _____ () C: \ Users \ Administrator \ Desktop \ adwcleaner.exe

02.03.2014 10:34 - 02.03.2014 10:34 - 00001026 _____ () C:. \ Users \ Administrator \ Desktop \ Вашият непред-Сталер LNK!

02.03.2014 10:34 - 02.03.2014 10:34 - 00000000 ____ D () C: \ Program Files \ Your Uninstaller! 7

02.03.2014 10:33 - 02.03.2014 10:33 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ URSoft

02.03.2014 09:30 - 02.03.2014 10:48 - 00000000 ____ D () C: \ Program Files \ Microsoft Silverlight

03.01.2014 15:45 - 01.03.2014 15:56 - 00001048 _____ () C: \ Users \ Public \ Desktop \ TeamViewer 8.lnk

02.28.2014 11:18 - 28.02.2014 11:18 - 00010969 _____ () C: \ Users \ Administrator \ Documents \ сканиране на вируси.txt

02.28.2014 08:02 - 28.02.2014 08:02 - 00000000 ____ D () C: \ ProgramData \ Kaspersky Lab

02.26.2014 16:37 - 02.03.2014 12:28 - 00001344 _____ () C: \ Windows \ Setupact.log

02.26.2014 16:37 - 02.03.2014 10:51 - 00094614 _____ () C: \ Windows \ PFRO.log

02.26.2014 16:37 - 02.26.2014 16:37 - 00000000 _____ () C: \ Windows \ setuperr.log

02.26.2014 11:36 - 02.26.2014 11:36 - 00001229 _____ () C: \ Windows \ IE9_main.log

02.25.2014 20:33 - 02.25.2014 20:33 - 00000000 ____ D () C: \ Program Files \ TeamViewer

02.25.2014 20:31 - 02.25.2014 20:32 - 06946176 _____ (TeamViewer GmbH) C: \ Users \ Administrator \ Desktop \ TeamViewer_Setup-ckq.exe

23.02.2014 20:44 - 23.02.2014 20:44 - 00000981 _____ () C: \ Users \ Public \ Desktop \ WinRAR.lnk

23.02.2014 20:44 - 23.02.2014 20:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ WinRAR

23.02.2014 20:24 - 23.02.2014 20:24 - 00000866 _____ () C: \ Users \ Administrator \ Desktop \ μTorrent.lnk

23.02.2014 20:24 - 23.02.2014 20:24 - 00000846 _____ () C: \ Users \ Administrator \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ μTorrent.lnk

23.02.2014 16:55 - 24.02.2014 07:31 - 00012872 _____ (SurfRight BV) C: \ Windows \ system32 \ bootdelete.exe

23.02.2014 16:43 - 23.02.2014 17:19 - 00000000 ____ D () C: \ ProgramData \ HitmanPro

02.22.2014 07:20 - 27.02.2014 13:46 - 00075480 _____ (Malwarebytes Corporation) C: \ Windows \ System32 \ Drivers \ mbamchameleon.sys

02.21.2014 11:41 - 02.03.2014 13:41 - 00000000 ____ D () C: \ Frst

02/18/2014 11:44 - 18/02/2014 11:44 - 00000190 _____ () C: \ ProgramData \ Microsoft.SqlServer.Compact.400.32.bc

02/18/2014 11:44 - 18/02/2014 11:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Online Radio Tuner

02/18/2014 11:44 - 18/02/2014 11:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Bassic Technologies

02/18/2014 11:44 - 18/02/2014 11:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Local \ IsolatedStorage

02/18/2014 11:43 - 18/02/2014 11:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Local \ Deployment

02/18/2014 08:50 - 18/02/2014 08:54 - 00000000 ____ D () C: \ Program Files \ Malwarebytes 'Anti-Malware

02.18.2014 08:50 - 04.04.2013 14:50 - 00022856 _____ (Malwarebytes Corporation) C: \ Windows \ System32 \ Drivers \ mbam.sys

02.17.2014 17:50 - 17.02.2014 17:54 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Local \ кеш

. 02.17.2014 17:50 - 17.02.2014 17:50 - 00000000 ____ D () C: \ Users \ Administrator \ Android

02.17.2014 17:50 - 17.02.2014 17:50 - 00000000 _____ () C: \ Users \ Administrator \ daemonprocess.txt

02.17.2014 17:47 - 17.02.2014 17:47 - 01519696 _____ (BitTorrent Инк.) C: \ Users \ Administrator \ Downloads \ Utorrent 3.3.2 Build 30544.exe

02.13.2014 14:50 - 13.02.2014 16:24 - 00000405 _____ () C: \ Users \ Administrator \ AppData \ Roaming \ burnaware.ini

12.02.2014 22:29 - 12.02.2014 22:29 - 00000000 ____ D () C: \ Program Files \ Microsoft SQL Server Compact Edition

12.02.2014 07:01 - 01.01.2014 01:05 - 00420008 _____ () C: \ Windows \ system32 \ locale.nls

12.02.2014 07:01 - 06.12.2013 04:02 - 01237504 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Msxml3.dll

12.02.2014 07:01 - 06.12.2013 04:02 - 00002048 _____ (Microsoft Corporation) C: \ Windows \ system32 \ msxml3r.dll

12.02.2014 07:00 - 25.12.2013 01:09 - 01987584 _____ (Microsoft Corporation) C: \ Windows \ system32 \ d3d10warp.dll

02/12/2014 07:00 - 04/12/2013 04:03 - 00428032 _____ (Microsoft Corporation) C: \ Windows \ system32 \ secproc.dll

02/12/2014 07:00 - 04/12/2013 04:03 - 00423936 _____ (Microsoft Corporation) C: \ Windows \ system32 \ secproc_isv.dll

02/12/2014 07:00 - 04/12/2013 04:03 - 00087040 _____ (Microsoft Corporation) C: \ Windows \ system32 \ secproc_ssp_isv.dll

02/12/2014 07:00 - 04/12/2013 04:03 - 00087040 _____ (Microsoft Corporation) C: \ Windows \ system32 \ secproc_ssp.dll

02/12/2014 07:00 - 04/12/2013 04:02 - 00390144 _____ (Microsoft Corporation) C: \ Windows \ system32 \ msdrm.dll

02/12/2014 07:00 - 04/12/2013 03:54 - 00594944 _____ (Microsoft Corporation) C: \ Windows \ system32 \ RMActivate_isv.exe

02/12/2014 07:00 - 04/12/2013 03:54 - 00572416 _____ (Microsoft Corporation) C: \ Windows \ system32 \ RMActivate.exe

02/12/2014 07:00 - 04/12/2013 03:54 - 00510976 _____ (Microsoft Corporation) C: \ Windows \ system32 \ RMActivate_ssp.exe

02/12/2014 07:00 - 04/12/2013 03:54 - 00508928 _____ (Microsoft Corporation) C: \ Windows \ system32 \ RMActivate_ssp_isv.exe

12.02.2014 07:00 - 11.26.2013 10:16 - 03419136 _____ (Microsoft Corporation) C: \ Windows \ system32 \ d2d1.dll

06.02.2014 22:50 - 06.02.2014 22:50 - 00001270 _____ () C: \ Windows \ System32 \ Config \ bqcxgodo

04.02.2014 10:06 - 19.02.2014 16:35 - 00046592 ___ SH () C: \ Users \ Administrator \ Desktop \ Thumbs.db

 

==================== Едномесечен променените файлове и папки =======

 

02.03.2014 13:41 - 02.03.2014 13:41 - 00011554 _____ () C: \ Users \ Administrator \ Desktop \ FRST.txt

02.03.2014 13:41 - 21.02.2014 11:41 - 00000000 ____ D () C: \ Frst

02.03.2014 13:40 - 02.03.2014 13:40 - 01144832 _____ (Farbar) C: \ Users \ Administrator \ Desktop \ FRST.exe

02.03.2014 13:28 - 01.29.2012 11:30 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Skype

02.03.2014 12:35 - 07.14.2009 06:34 - 00021472 ____ H () C: \ Windows \ system32 \ 7B296FB0-376В-497e-B012-9C450E1B7327-5P-1.C7483456-А289-439d-8115 -601632D005A0

02.03.2014 12:35 - 07.14.2009 06:34 - 00021472 ____ H () C: \ Windows \ system32 \ 7B296FB0-376В-497e-B012-9C450E1B7327-5P-0.C7483456-А289-439d-8115 -601632D005A0

02.03.2014 12:31 - 14.05.2011 23:36 - 01589385 _____ () C: \ Windows \ Windowsupdate.log

02.03.2014 12:28 - 02.26.2014 16:37 - 00001344 _____ () C: \ Windows \ Setupact.log

02.03.2014 12:28 - 2.10.2013 10:48 - 00000000 ___ RD () C: \ Users \ Administrator \ Google Диск

02.03.2014 12:28 - 07.14.2009 06:53 - 00032528 _____ () C: \ Windows \ Задачи \ SCHEDLGU.TXT

02.03.2014 12:28 - 07.14.2009 06:53 - 00000006 ____ H () C: \ Windows \ Задачи \ SA.DAT

02.03.2014 12:26 - 02.03.2014 12:24 - 00000000 ____ D () C: \ AdwCleaner

02.03.2014 12:24 - 02.03.2014 12:23 - 01244192 _____ () C: \ Users \ Administrator \ Desktop \ adwcleaner.exe

02.03.2014 11:30 - 01.28.2012 21:49 - 00001409 _____ () C: \ Users \ Administrator \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Internet Explorer.lnk

02.03.2014 11:28 - 07.14.2009 04:37 - 00000000 ____ D () C: \ Windows \ system32 \ BG-BG

02.03.2014 10:51 - 02.26.2014 16:37 - 00094614 _____ () C: \ Windows \ PFRO.log

02.03.2014 10:51 - 05.15.2011 07:46 - 00000000 ___ HD () C: \ Program Files \ InstallShield информация Инсталация

02.03.2014 10:48 - 02.03.2014 09:30 - 00000000 ____ D () C: \ Program Files \ Microsoft Silverlight

02.03.2014 10:41 - 22.01.2014 18:20 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Utorrent

02.03.2014 10:38 - 05.24.2011 22:24 - 00000000 ____ D () C: \ ProgramData \ LogMeIn

02.03.2014 10:34 - 02.03.2014 10:34 - 00001026 _____ () C:. \ Users \ Administrator \ Desktop \ Вашият непред-Сталер LNK!

02.03.2014 10:34 - 02.03.2014 10:34 - 00000000 ____ D () C: \ Program Files \ Your Uninstaller! 7

02.03.2014 10:33 - 02.03.2014 10:33 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ URSoft

02.03.2014 10:27 - 05.15.2011 10:31 - 00000000 ____ D () C: \ Windows \ Panther

02.03.2014 08:08 - 16.04.2012 10:46 - 01212200 _____ () C: \ Windows \ system32 \ oodbs.lor

02.03.2014 07:10 - 07.14.2009 06:33 - 00477224 _____ () C: \ Windows \ system32 \ FNTCACHE.DAT

03.01.2014 17:01 - 01.28.2012 21:49 - 00145064 _____ () C: \ Users \ Administrator \ AppData \ Local \ GDIPFONTCACHEV1.DAT

03.01.2014 15:56 - 01.03.2014 15:45 - 00001048 _____ () C: \ Users \ Public \ Desktop \ TeamViewer 8.lnk

03.01.2014 14:10 - 01.28.2012 21:49 - 00000000 ____ D () C: \ Users \ Administrator

03.01.2014 13:53 - 12.25.2012 13:25 - 00000000 ____ D () C: \ Program Files \ jv16 PowerTools 2012

03.01.2014 08:48 - 21.11.2010 02:46 - 00000000 __ SHD () C: \ Windows \ BitLockerDiscoveryVolumeContents

03.01.2014 08:47 - 21.11.2010 02:46 - 00000000 ___ RD () C: \ Users \ Public \ Recorded TV

03.01.2014 08:47 - 07.14.2009 04:37 - 00000000 __ RHD () C: \ Users \ Public \ Libraries

03/01/2014 08:18 - 09/30/2011 11:08 - 00001036 _____ () C: \ Windows \ Задачи \ GoogleUpdateTaskUserS-1-5-21-3877745543-721231576-308643949-1000UA.job

03.01.2014 08:12 - 01.28.2012 22:16 - 00001040 _____ () C: \ Windows \ Задачи \ GoogleUpdateTaskUserS-1-5-21-3877745543-721231576-308643949-500UA.job

03.01.2014 07:46 - 05.06.2013 09:54 - 00000216 _____ () C: \ Windows \ Задачи \ AutoKMS.job

03.01.2014 07:46 - 05.15.2011 14:51 - 00000994 _____ () C: \ Windows \ Задачи \ GoogleUpdateTaskMachineCore.job

03.01.2014 07:44 - 16.04.2012 10:47 - 00000830 _____ () C: \ Windows \ \ Задачи Adobe Flash Player Updater.job

03.01.2014 07:33 - 05.15.2011 14:51 - 00000998 _____ () C: \ Windows \ Задачи \ GoogleUpdateTaskMachineUA.job

02.28.2014 21:38 - 07.14.2009 04:37 - 00000000 ___ RD () C: \ Users \ Public

02/28/2014 18:18 - 09/30/2011 11:08 - 00000984 _____ () C: \ Windows \ Задачи \ GoogleUpdateTaskUserS-1-5-21-3877745543-721231576-308643949-1000Core.job

02.28.2014 15:01 - 12.05.2012 08:38 - 00000292 _____ () C: \ Windows \ \ Задачи FastAgain PC Booster_DEFAULT.job

02.28.2014 14:16 - 05.15.2011 18:00 - 00000000 ____ D () C: \ Windows \ PCHEALTH

02.28.2014 11:18 - 28.02.2014 11:18 - 00010969 _____ () C: \ Users \ Administrator \ Documents \ сканиране на вируси.txt

02.28.2014 09:56 - 06.01.2014 14:34 - 00000000 ____ D () C: \ Users \ Administrator \ Documents \ Outlook Files

02.28.2014 08:02 - 28.02.2014 08:02 - 00000000 ____ D () C: \ ProgramData \ Kaspersky Lab

02.28.2014 07:12 - 01.28.2012 22:16 - 00000988 _____ () C: \ Windows \ Задачи \ GoogleUpdateTaskUserS-1-5-21-3877745543-721231576-308643949-500Core.job

02.28.2014 07:09 - 21.11.2010 02:46 - 00000000 ____ D () C: \ Windows \ CSC

27.02.2014 14:16 - 07.14.2009 04:37 - 00000000 ____ D () C: \ Windows \ Microsoft.NET

02/27/2014 13:46 - 02/22/2014 07:20 - 00075480 _____ (Malwarebytes Corporation) C: \ Windows \ System32 \ Drivers \ mbamchameleon.sys

27.02.2014 11:48 - 11.20.2010 23:01 - 00770824 _____ () C: \ Windows \ system32 \ PerfStringBackup.INI

27.02.2014 11:13 - 01.28.2012 22:02 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Mozilla

27.02.2014 06:29 - 21.11.2010 02:46 - 00000000 ____ D () C: \ Windows \ RemotePackages

02.26.2014 16:37 - 02.26.2014 16:37 - 00000000 _____ () C: \ Windows \ setuperr.log

02.26.2014 16:37 - 05.20.2011 19:16 - 00000000 ____ D () C: \ Windows \ GeoOCX

02.26.2014 11:36 - 02.26.2014 11:36 - 00001229 _____ () C: \ Windows \ IE9_main.log

02.26.2014 08:38 - 12.05.2012 08:38 - 00000300 _____ () C: \ Windows \ \ Задачи FastAgain PC Booster_UPDATES.job

02.25.2014 21:20 - 05.24.2011 18:18 - 00000000 ____ D () C: \ Windows \ Acronis

02.25.2014 20:33 - 02.25.2014 20:33 - 00000000 ____ D () C: \ Program Files \ TeamViewer

02.25.2014 20:32 - 02.25.2014 20:31 - 06946176 _____ (TeamViewer GmbH) C: \ Users \ Administrator \ Desktop \ TeamViewer_Setup-ckq.exe

02.25.2014 08:51 - 07.14.2009 04:37 - 00000000 ____ D () C: \ Windows \ регистрация

24.02.2014 14:55 - 05.30.2012 12:07 - 00000000 ____ D () C: \ Windows \ Minidump

24.02.2014 07:31 - 23.02.2014 16:55 - 00012872 _____ (SurfRight BV) C: \ Windows \ system32 \ bootdelete.exe

23.02.2014 20:44 - 23.02.2014 20:44 - 00000981 _____ () C: \ Users \ Public \ Desktop \ WinRAR.lnk

23.02.2014 20:44 - 23.02.2014 20:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ WinRAR

23.02.2014 20:44 - 15.05.2012 11:51 - 00000000 ____ D () C: \ Program Files \ WinRAR

23.02.2014 20:24 - 23.02.2014 20:24 - 00000866 _____ () C: \ Users \ Administrator \ Desktop \ μTorrent.lnk

23.02.2014 20:24 - 23.02.2014 20:24 - 00000846 _____ () C: \ Users \ Administrator \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ μTorrent.lnk

23.02.2014 17:19 - 23.02.2014 16:43 - 00000000 ____ D () C: \ ProgramData \ HitmanPro

02.22.2014 22:22 - 07.14.2009 04:37 - 00000000 ____ D () C: \ Windows \ Web

02.21.2014 13:44 - 07.14.2009 04:37 - 00000000 ____ D () C: \ Windows \ IME

02.21.2014 11:17 - 05.15.2011 09:49 - 00000000 ____ D () C: \ Windows \ tiinst

02.21.2014 09:44 - 16.04.2012 10:47 - 00692616 _____ (Adobe Systems Incorporated) C: \ Windows \ system32 \ FlashPlayerApp.exe

02.21.2014 09:44 - 05.15.2011 10:25 - 00071048 _____ (Adobe Systems Incorporated) C: \ Windows \ system32 \ FlashPlayerCPLApp.cpl

02.21.2014 07:42 - 15.02.2013 21:20 - 00000000 ____ D () C: \ Windows \ Sun

02.19.2014 16:35 - 04.02.2014 10:06 - 00046592 ___ SH () C: \ Users \ Administrator \ Desktop \ Thumbs.db

02.18.2014 12:22 - 05.15.2011 10:17 - 00001945 _____ () C: \ Windows \ epplauncher.mif

02/18/2014 11:44 - 18/02/2014 11:44 - 00000190 _____ () C: \ ProgramData \ Microsoft.SqlServer.Compact.400.32.bc

02/18/2014 11:44 - 18/02/2014 11:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Online Radio Tuner

02/18/2014 11:44 - 18/02/2014 11:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Bassic Technologies

02/18/2014 11:44 - 18/02/2014 11:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Local \ IsolatedStorage

02/18/2014 11:44 - 18/02/2014 11:43 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Local \ Deployment

02.18.2014 11:43 - 01.12.2014 06:48 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Local \ Apps \ 2.0

02.18.2014 09:13 - 07.14.2009 06:52 - 00000000 ____ D () C: \ Windows \ twain_32

02/18/2014 08:54 - 18/02/2014 08:50 - 00000000 ____ D () C: \ Program Files \ Malwarebytes 'Anti-Malware

02.17.2014 17:54 - 17.02.2014 17:50 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Local \ кеш

. 02.17.2014 17:50 - 17.02.2014 17:50 - 00000000 ____ D () C: \ Users \ Administrator \ Android

02.17.2014 17:50 - 17.02.2014 17:50 - 00000000 _____ () C: \ Users \ Administrator \ daemonprocess.txt

02.17.2014 17:47 - 17.02.2014 17:47 - 01519696 _____ (BitTorrent Инк.) C: \ Users \ Administrator \ Downloads \ Utorrent 3.3.2 Build 30544.exe

02.17.2014 09:24 - 07.14.2009 04:37 - 00 милиона __ RSD () C: \ Windows \ Media

02.13.2014 16:24 - 13.02.2014 14:50 - 00000405 _____ () C: \ Users \ Administrator \ AppData \ Roaming \ burnaware.ini

02.13.2014 15:06 - 07.14.2009 04:37 - 00000000 ____ D () C: \ Windows \ Help

02.13.2014 10:35 - 07.14.2009 04:37 - 00000000 ____ D () C: \ Windows \ rescache

12.02.2014 22:46 - 05.15.2011 17:57 - 00000000 ____ D () C: \ ProgramData \ Microsoft Help

12.02.2014 22:38 - 18.07.2013 19:27 - 00000000 ____ D () C: \ Windows \ system32 \ MRT

12.02.2014 22:31 - 07.14.2009 04:04 - 00000478 _____ () C: \ Windows \ win.ini

12.02.2014 22:29 - 12.02.2014 22:29 - 00000000 ____ D () C: \ Program Files \ Microsoft SQL Server Compact Edition

12.02.2014 21:02 - 07.14.2009 04:37 - 00000000 ____ D () C: \ Windows \ system32 \ НУГ

12.02.2014 09:09 - 10.04.2013 19:54 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Local \ Facebook

11/02/2014 08:07 - 05.15.2011 07:03 - 00000000 ____ D () C: \ Program Files \ Java

11/02/2014 07:56 - 01/09/2014 06:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Google+ Auto Backup

06.02.2014 22:50 - 06.02.2014 22:50 - 00001270 _____ () C: \ Windows \ System32 \ Config \ bqcxgodo

04.02.2014 19:09 - 05.20.2011 19:19 - 85946576 _____ (Microsoft Corporation) C: \ Windows \ system32 \ MRT.exe

04.02.2014 09:52 - 12.25.2012 12:34 - 00000000 ____ D () C: \ Windows \ system32 \ Adobe

04.02.2014 03:17 - 03.18.2011 06:10 - 00000000 ____ D () C: \ Windows \ BG-BG

01.31.2014 14:07 - 30.01.2014 17:13 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ PFRouterDetector

 

ZeroAccess:

C: \ Users \ stanimirkata \ AppData \ Local \ ae106a06

C:. \ Users \ stanimirkata \ AppData \ \ ae106a06 \ U \ 000000cf $ Local

C:. \ Users \ stanimirkata \ AppData \ \ ae106a06 \ U \ 800000cf $ Local

 

Част от съдържанието на TEMP:

====================

C: \ Users \ Administrator \ AppData \ Local \ Temp \ Quarantine.exe

 

 

==================== Bamital & volsnap Проверка =================

 

C: \ Windows \ explorer.exe => MD5 е легитимни

C: \ Windows \ system32 \ winlogon.exe => MD5 е легитимни

C: \ Windows \ system32 \ wininit.exe => MD5 е легитимни

C: \ Windows \ System32 \ svchost.exe => MD5 е легитимни

C: \ Windows \ system32 \ services.exe => MD5 е легитимни

C: \ Windows \ system32 \ User32.dll => MD5 е легитимни

C: \ Windows \ system32 \ Userinit.Exe => MD5 е легитимни

C: \ Windows \ system32 \ rpcss.dll => MD5 е легитимни

C: \ Windows \ System32 \ Drivers \ volsnap.sys => MD5 е легитимни

 

 

LastRegBack: 02.28.2014 15:24

 

==================== End Of Log =========================== =

[stani_mir]

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Версия на базата от данни: v2014.02.24.04

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Administrator :: STANIMIRKATA-PC [администратор]

 

Защита: включена

 

2.3.2014 г. 14:08:53 ч.

mbam-log-2014-03-02 (14-08-53).txt

 

Тип сканиране: Бързо сканиране

Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUM

Изключени опции за сканиране: P2P

Сканирани обекти: 285554

Изминало време: 11 минута(и), 39 секунда(и)

 

Открити процеси в паметта: 0

(Не бяха открити зловредни обекти)

 

Открити модули в паметта: 0

(Не бяха открити зловредни обекти)

 

Открити ключове в системния регистър: 0

(Не бяха открити зловредни обекти)

 

Открити стойности в системния регистър: 0

(Не бяха открити зловредни обекти)

 

Открити информационни обекти в системния регистър: 0

(Не бяха открити зловредни обекти)

 

Открити папки: 0

(Не бяха открити зловредни обекти)

 

Открити файлове: 0

(Не бяха открити зловредни обекти)

 

(край)

[ba4o_kiro]

 

Scan резултат на възстановяване на Farbar Scan Tool (Frst) (x86) Version: 03.02.2014 01

Ран от Administrator (администратор) на STANIMIRKATA-PC на 03.02.2014 13:41:04

В ход от C: Users \ Administrator \ Desktop \

Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Език: English (US)

Internet Explorer Version 9

Boot Mode: Normal

 

Единствената официална връзка за изтегляне The за Frst:

Изтегляне на връзката за 32-битова версия: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool==================== End Of Log =========================== =

 

Опитай от тук:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/