Night_Raven Публикувано Февруари 27, 2014 Report Share Публикувано Февруари 27, 2014 Изтегли последната версия на Kaspersky Virus Removal Tool от тази страница, стратирай го и изчакай да се саморазархивира и инсталира. Постави отметка на I accept the license agreement и кликни бутон Start. Кликни бутона със зъбното колело вдясно и постави отметки на всички дялове на твърдия диск. След това кликни бутон Actions вляво, вдясно избери Select action и махни двете отметки. Кликни Automatic Scan вляво и кликни бутон Start scanning. Ако случайно попита за някакво действие по време на сканирането, избери Skip. След като приключи да сканира кликни бутона с хартиения лист (до бутона за настройките), вляво избери Detected Threats, кликни бутон Save и запази файла на удобно място. Копирай съдържанието на този коментар в следващия си коментар или (ако е доста текст) го прикачи. Затвори Kaspersky Virus Removal Tool, това ще го деинсталира. Цитирай Link to comment Сподели другаде More sharing options...
B-boy/StyLe/ Публикувано Февруари 28, 2014 Report Share Публикувано Февруари 28, 2014 Прегледах логовете и мисля, че тук става въпрос за полиморфен вирус Sality. Мне...става въпрос за KillAV.DR (Win32/AutoRun.Agent.UA worm). Цитирай Link to comment Сподели другаде More sharing options...
stani_mir Публикувано Февруари 28, 2014 Author Report Share Публикувано Февруари 28, 2014 Дано този път да съм се справил добре. Тъй като нямаше име сложих такова, което да разпознавам лесно. сканиране на вируси.txt Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Февруари 28, 2014 Report Share Публикувано Февруари 28, 2014 Компютърът използва ли се в мрежа? Споделяш ли файлове и/или принтери от/на него? Цитирай Link to comment Сподели другаде More sharing options...
stani_mir Публикувано Февруари 28, 2014 Author Report Share Публикувано Февруари 28, 2014 Status: Detected (events: 76) 28.2.2014 г. 11:46:56 ч. Detected adware not-a-virus:AdWare.Win32.Agent.ahgx C:\Documents and Settings\Administrator\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Medium 28.2.2014 г. 11:53:48 ч. Detected adware not-a-virus:AdWare.Win32.Agent.ahgx C:\Documents and Settings\Administrator\Local Settings\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Medium 28.2.2014 г. 11:55:03 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Documents\My Music\Music.scr High 28.2.2014 г. 11:55:07 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Documents\Documents.exe High 28.2.2014 г. 11:55:09 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Music.scr High 28.2.2014 г. 11:55:16 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Documents\My Pictures\Pictures.exe High 28.2.2014 г. 11:55:22 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Pictures.exe High 28.2.2014 г. 11:55:23 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Documents\My Videos\Videos.pif High 28.2.2014 г. 11:55:30 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Documents\My Videos\Sample Videos\Videos.pif High 28.2.2014 г. 11:55:35 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Favorites\Favorites.bat High 28.2.2014 г. 11:56:27 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Documents\Documents.exe High 28.2.2014 г. 11:56:30 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Public.exe High 28.2.2014 г. 11:56:32 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Documents\My Music\Music.scr High 28.2.2014 г. 11:56:39 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Documents\My Music\Sample Music\Music.scr High 28.2.2014 г. 11:56:47 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Documents\My Pictures\Pictures.exe High 28.2.2014 г. 11:56:48 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Documents\My Pictures\Sample Pictures\Pictures.exe High 28.2.2014 г. 11:56:49 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Documents\My Videos\Videos.pif High 28.2.2014 г. 11:56:56 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Favorites\Favorites.bat High 28.2.2014 г. 11:56:58 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Documents\My Videos\Sample Videos\Videos.pif High 28.2.2014 г. 11:56:59 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Downloads\Downloads.exe High 28.2.2014 г. 11:57:02 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Libraries\Libraries.pif High 28.2.2014 г. 11:57:06 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Music\Sample Music\Music.scr High 28.2.2014 г. 11:57:09 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Music\Music.scr High 28.2.2014 г. 11:57:11 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Pictures\Pictures.exe High 28.2.2014 г. 11:57:15 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Pictures\Sample Pictures\Pictures.exe High 28.2.2014 г. 11:57:17 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Recorded TV\Recorded TV.exe High 28.2.2014 г. 11:57:19 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Recorded TV\Sample Media\Media.bat High 28.2.2014 г. 11:57:24 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Videos\Videos.pif High 28.2.2014 г. 11:57:29 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Public\Videos\Sample Videos\Videos.pif High 28.2.2014 г. 12:00:35 ч. Detected Trojan program Packed.Win32.Krap.iu C:\Documents and Settings\stanimirkata\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\17015b13-5cfefdf3//PE-Crypt.XorPE High 28.2.2014 г. 12:12:05 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\ProgramData\Documents\My Music\Music.scr High 28.2.2014 г. 12:12:08 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\ProgramData\Documents\Documents.exe High 28.2.2014 г. 12:12:10 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\ProgramData\Documents\My Music\Sample Music\Music.scr High 28.2.2014 г. 12:12:14 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\ProgramData\Documents\My Pictures\Pictures.exe High 28.2.2014 г. 12:12:15 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\ProgramData\Documents\My Pictures\Sample Pictures\Pictures.exe High 28.2.2014 г. 12:12:19 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\ProgramData\Documents\My Videos\Videos.pif High 28.2.2014 г. 12:12:23 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\ProgramData\Documents\My Videos\Sample Videos\Videos.pif High 28.2.2014 г. 12:12:24 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\ProgramData\Favorites\Favorites.bat High 28.2.2014 г. 12:12:34 ч. Detected Trojan program Trojan.Win32.Genome.sowp C:\TDSSKiller_Quarantine\25.02.2014_20.21.17\tdlfs0000\tsk0005.dta High 28.2.2014 г. 12:12:34 ч. Detected Trojan program Trojan-Downloader.Win32.Agent.exgl C:\TDSSKiller_Quarantine\25.02.2014_20.21.17\tdlfs0000\tsk0003.dta//UPX High 28.2.2014 г. 12:12:34 ч. Detected Trojan program Backdoor.Win64.TDSS.a C:\TDSSKiller_Quarantine\25.02.2014_20.21.17\tdlfs0000\tsk0008.dta High 28.2.2014 г. 12:12:35 ч. Detected Trojan program Trojan-Downloader.Win32.Agent.exgl C:\TDSSKiller_Quarantine\25.02.2014_20.21.17\tdlfs0001\tsk0003.dta//UPX High 28.2.2014 г. 12:12:35 ч. Detected Trojan program Trojan.Win32.Genome.sowp C:\TDSSKiller_Quarantine\25.02.2014_20.21.17\tdlfs0001\tsk0005.dta High 28.2.2014 г. 12:12:35 ч. Detected Trojan program Backdoor.Win64.TDSS.a C:\TDSSKiller_Quarantine\25.02.2014_20.21.17\tdlfs0001\tsk0008.dta High 28.2.2014 г. 12:12:35 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\TDSSKiller_Quarantine\25.02.2014_20.21.17\tdlfs0000\tsk0009.dta High 28.2.2014 г. 12:12:35 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\TDSSKiller_Quarantine\25.02.2014_20.21.17\tdlfs0001\tsk0009.dta High 28.2.2014 г. 12:15:32 ч. Detected adware not-a-virus:AdWare.Win32.Agent.ahgx C:\Users\Administrator\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Medium 28.2.2014 г. 12:20:58 ч. Detected adware not-a-virus:AdWare.Win32.Agent.ahgx C:\Users\Administrator\Local Settings\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Medium 28.2.2014 г. 12:22:06 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\All Users\Documents\My Music\Music.scr High 28.2.2014 г. 12:22:08 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\All Users\Documents\Documents.exe High 28.2.2014 г. 12:22:09 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\All Users\Documents\My Music\Sample Music\Music.scr High 28.2.2014 г. 12:22:14 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\All Users\Documents\My Pictures\Pictures.exe High 28.2.2014 г. 12:22:18 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\All Users\Documents\My Videos\Videos.pif High 28.2.2014 г. 12:22:19 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\All Users\Documents\My Pictures\Sample Pictures\Pictures.exe High 28.2.2014 г. 12:22:23 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\All Users\Documents\My Videos\Sample Videos\Videos.pif High 28.2.2014 г. 12:22:25 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\All Users\Favorites\Favorites.bat High 28.2.2014 г. 12:22:48 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Documents\Documents.exe High 28.2.2014 г. 12:22:51 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Documents\My Music\Music.scr High 28.2.2014 г. 12:22:53 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Public.exe High 28.2.2014 г. 12:22:56 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Documents\My Music\Sample Music\Music.scr High 28.2.2014 г. 12:23:01 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Documents\My Pictures\Pictures.exe High 28.2.2014 г. 12:23:05 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Documents\My Videos\Videos.pif High 28.2.2014 г. 12:23:06 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Documents\My Pictures\Sample Pictures\Pictures.exe High 28.2.2014 г. 12:23:12 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Downloads\Downloads.exe High 28.2.2014 г. 12:23:12 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Documents\My Videos\Sample Videos\Videos.pif High 28.2.2014 г. 12:23:18 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Libraries\Libraries.pif High 28.2.2014 г. 12:23:18 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Favorites\Favorites.bat High 28.2.2014 г. 12:23:24 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Music\Sample Music\Music.scr High 28.2.2014 г. 12:23:25 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Music\Music.scr High 28.2.2014 г. 12:23:30 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Pictures\Pictures.exe High 28.2.2014 г. 12:23:31 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Pictures\Sample Pictures\Pictures.exe High 28.2.2014 г. 12:23:37 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Recorded TV\Sample Media\Media.bat High 28.2.2014 г. 12:23:39 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Recorded TV\Recorded TV.exe High 28.2.2014 г. 12:23:40 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Videos\Videos.pif High 28.2.2014 г. 12:23:44 ч. Detected Trojan program HEUR:Trojan.Win32.Generic C:\Users\Public\Videos\Sample Videos\Videos.pif High 28.2.2014 г. 12:25:57 ч. Detected Trojan program Packed.Win32.Krap.iu C:\Users\stanimirkata\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\17015b13-5cfefdf3//PE-Crypt.XorPE High Копютъра не е в мрежа. Не ползвам флашки и принтери. Споделям файлове по фейсбук. Цитирай Link to comment Сподели другаде More sharing options...
ba4o_kiro Публикувано Февруари 28, 2014 Report Share Публикувано Февруари 28, 2014 Мне...става въпрос за KillAV.DR (Win32/AutoRun.Agent.UA worm). Аз съм доста объркан.Според тази енциклопедия вируса Win32/AutoRun.Agent.UA worm трябва да се намира във папка %Temp%, А до тук всички логове сочат към C:\Users. Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Февруари 28, 2014 Report Share Публикувано Февруари 28, 2014 Изтегли Windows Worms Doors Cleaner и запази я на работния плот. Стартирай я като администратор. Кликни всички бутони, вляво от които има червен кръг с бял кръст. Ако ти се поиска някакво потвърждение, кликай Yes. След това изключи System Restore функцията: кликни с десния бутон върху Computer и избери Properties, вляво кликни върху System Protection, после бутон Configure..., избери Turn off system protection и потвърди с OK на всички прозорци. След това отвори Старт менюто, долу в полето за търсене напиши services.msc, след което кликни върху открития резултат. В списъка с услуги намери услугата Server, кликни два пъти върху нея, от падащото меню избери Disabled и потвърди с OK. След това кликни с десния бутон върху мрежовата икона долу до часовника и избери Open Network and Sharing Center, вляво кликни Change adapter settings, десен клик върху мрежовата връзка -> Properties, там махни отметките на Client for Microsoft Networks и File and Printer Sharing for Microsoft Networks и потвърди с OK. След това рестартирай компютъра, отново сканирай с Malwarebytes Anti-Malware и дай резултатите. Цитирай Link to comment Сподели другаде More sharing options...
ba4o_kiro Публикувано Февруари 28, 2014 Report Share Публикувано Февруари 28, 2014 Аз съм доста объркан.Според тази енциклопедия вируса Win32/AutoRun.Agent.UA worm трябва да се намира във папка %Temp%, А до тук всички логове сочат към C:\Users.Имах предвид, този сайт:http://www.eset.com/us/threat-center/encyclopedia/threats/win32autorunagentup/ Цитирай Link to comment Сподели другаде More sharing options...
B-boy/StyLe/ Публикувано Март 1, 2014 Report Share Публикувано Март 1, 2014 Имах предвид, този сайт:http://www.eset.com/us/threat-center/encyclopedia/threats/win32autorunagentup/ Ами не...дал си линк за друга зараза - Win32/AutoRun.Agent.UP, не за Win32/AutoRun.Agent.UA Цитирай Link to comment Сподели другаде More sharing options...
stani_mir Публикувано Март 1, 2014 Author Report Share Публикувано Март 1, 2014 Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Версия на базата от данни: v2014.02.24.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16518 Administrator :: STANIMIRKATA-PC [администратор] Защита: включена 1.3.2014 г. 08:26:50 ч. mbam-log-2014-03-01 (08-26-50).txt Тип сканиране: Бързо сканиране Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUM Изключени опции за сканиране: P2P Сканирани обекти: 284950 Изминало време: 12 минута(и), 34 секунда(и) Открити процеси в паметта: 0 (Не бяха открити зловредни обекти) Открити модули в паметта: 0 (Не бяха открити зловредни обекти) Открити ключове в системния регистър: 0 (Не бяха открити зловредни обекти) 1.3.2014 г. 08:26:50 ч. mbam-log-2014-03-01 (08-26-50).txt Тип сканиране: Бързо сканиране Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUM Изключени опции за сканиране: P2P Сканирани обекти: 284950 Изминало време: 12 минута(и), 34 секунда(и) Открити процеси в паметта: 0 (Не бяха открити зловредни обекти) Открити модули в паметта: 0 (Не бяха открити зловредни обекти) Открити ключове в системния регистър: 0 (Не бяха открити зловредни обекти) Открити стойности в системния регистър: 0 (Не бяха открити зловредни обекти) Открити информационни обекти в системния регистър: 0 (Не бяха открити зловредни обекти) Открити папки: 0 (Не бяха открити зловредни обекти) Открити файлове: 8 C:\Users\Public\Documents\Documents.exe (Trojan.Chydo) -> Поставен под карантина и изтрит успешно. C:\Users\Public\Downloads\Downloads.exe (Trojan.Chydo) -> Поставен под карантина и изтрит успешно. C:\Users\Public\Favorites\Favorites.bat (Trojan.Chydo) -> Поставен под карантина и изтрит успешно. C:\Users\Public\Libraries\Libraries.pif (Trojan.Chydo) -> Поставен под карантина и изтрит успешно. C:\Users\Public\Music\Music.scr (Trojan.Chydo) -> Поставен под карантина и изтрит успешно. C:\Users\Public\Pictures\Pictures.exe (Trojan.Chydo) -> Поставен под карантина и изтрит успешно. C:\Users\Public\Recorded TV\Recorded TV.exe (Trojan.Chydo) -> Поставен под карантина и изтрит успешно. C:\Users\Public\Videos\Videos.pif (Trojan.Chydo) -> Поставен под карантина и изтрит успешно. (край) Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Март 1, 2014 Report Share Публикувано Март 1, 2014 Добре, отново са премахнати файловете. По-късно ще проверим дали ще се върнат. През това време ще премахнем други неща. Моля, деинсталирай следните продукти: - FastAgain PC Booster; - jv16 PowerTools; - Internet Explorer Toolbar 4.6 by SweetPacks. Това са ненужни и безполезни програми. Първите две може и да твърдят, че оптимизират и ускоряват системата, но това са лъжи. След като ги деинсталираш изпълни следното... Изтегли AdwCleaner и го запази на работния плот. Стартирай го и кликни бутон Scan. Изчакай да се сканира, след което кликни бутон Clean. Потвърди с OK на всички прозорци, което ще доведе до рестарт на системата. След рестарта ще се отвори текстов файл. Моля, копирай съдържанието му тук. След това отново изготви дневници от FRST, както беше направил още в началото. Ако не си спомняш как, погледни отново т.2 от този коментар. Цитирай Link to comment Сподели другаде More sharing options...
stani_mir Публикувано Март 2, 2014 Author Report Share Публикувано Март 2, 2014 AdwCleaner v3.020 - Report created 02/03/2014 at 12:26:45 # Updated 27/02/2014 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits) # Username : Administrator - STANIMIRKATA-PC # Running from : C:\Users\Administrator\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Alawar Stargaze Folder Deleted : C:\ProgramData\AlawarWrapper Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\SweetIM Folder Deleted : C:\Users\stanimirkata\AppData\Local\Babylon Folder Deleted : C:\Users\stanimirkata\AppData\LocalLow\Conduit Folder Deleted : C:\Users\stanimirkata\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\stanimirkata\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Administrator\AppData\Local\Conduit Folder Deleted : C:\Users\Administrator\AppData\Local\genienext Folder Deleted : C:\Users\Administrator\AppData\Local\Mobogenie Folder Deleted : C:\Users\Administrator\AppData\Local\NativeMessaging Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Administrator\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Administrator\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Administrator\AppData\LocalLow\SweetIM Folder Deleted : C:\Users\Administrator\AppData\Roaming\Systweak Folder Deleted : C:\Users\Administrator\Documents\Mobogenie Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6msig1jy.default\SweetPacksToolbarData Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6msig1jy.default\Extensions\ffxtlbr@searchya.com Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6msig1jy.default\Extensions\staged File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6msig1jy.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi File Deleted : C:\END File Deleted : C:\Users\stanimirkata\AppData\Roaming\Mozilla\Firefox\Profiles\b8f4ijx6.default\searchplugins\Conduit.xml File Deleted : C:\Users\stanimirkata\AppData\Roaming\Mozilla\Firefox\Profiles\b8f4ijx6.default\searchplugins\daemon-search.xml File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6msig1jy.default\searchplugins\searchya.xml File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6msig1jy.default\searchplugins\SweetIm.xml File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6msig1jy.default\user.js ***** [ Shortcuts ] ***** Цитирай Link to comment Сподели другаде More sharing options...
stani_mir Публикувано Март 2, 2014 Author Report Share Публикувано Март 2, 2014 Scan резултат на възстановяване на Farbar Scan Tool (Frst) (x86) Version: 03.02.2014 01 Ран от Administrator (администратор) на STANIMIRKATA-PC на 03.02.2014 13:41:04 В ход от C: Users \ Administrator \ Desktop \ Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Език: English (US) Internet Explorer Version 9 Boot Mode: Normal Единствената официална връзка за изтегляне The за Frst: Изтегляне на връзката за 32-битова версия: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Изтегляне на връзката за 64-битова версия: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Изтегляне на връзката от всяко място, различно от Bleeping Computer е неразрешената или остаряла. Вижте настойнически за Frst: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Процеси (в белия списък) ================= (Malwarebytes Corporation) C: \ Program Files \ Malwarebytes 'Anti-Malware \ mbamscheduler.exe (Malwarebytes Corporation) C: \ Program Files \ Malwarebytes 'Anti-Malware \ mbamservice.exe (Skype Technologies SA) C: \ ProgramData \ Skype \ Toolbars \ Skype C2C Service \ c2c_service.exe (Malwarebytes Corporation) C: \ Program Files \ Malwarebytes 'Anti-Malware \ mbamgui.exe (TeamViewer GmbH) C: \ Program Files \ TeamViewer \ Version8 \ TeamViewer_Service.exe (TOSHIBA Corporation) C: \ Program Files \ Toshiba \ Power Saver \ TosCoSrv.exe (TOSHIBA Corporation) C: \ Program Files \ Toshiba \ Power Saver \ TPwrMain.exe (TOSHIBA Corporation) C: \ Program Files \ Toshiba \ SmoothView \ SmoothView.exe (TOSHIBA Corporation) C: \ Program Files \ Toshiba \ FlashCards \ TCrdMain.exe (Realtek Semiconductor) C: \ Program Files \ Realtek \ Audio \ HDA \ RtHDVCpl.exe (Google) C: \ Program Files \ Google \ диск \ googledrivesync.exe (Skype Technologies SA) C: \ Program Files \ Skype \ Phone \ Skype.exe (Google Инк.) C: \ Users \ Administrator \ AppData \ Local \ Google \ обновяване \ GoogleUpdate.exe (Google Инк.) C: \ Users \ Administrator \ AppData \ Local \ Google \ обновяване \ 1.3.22.5 \ GoogleCrashHandler.exe (Google) C: \ Program Files \ Google \ диск \ googledrivesync.exe (Intel Corporation) C: \ Windows \ system32 \ igfxext.exe (Intel Corporation) C: \ Windows \ system32 \ igfxsrvc.exe (TOSHIBA CORPORATION) C: \ Program Files \ TOSHIBA \ ConfigFree \ CFIWmxSvcs.exe (TOSHIBA CORPORATION) C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe (Google Инк.) C: \ Program Files \ Google \ обновяване \ 1.3.22.5 \ GoogleCrashHandler.exe (Google Инк.) C: \ Users \ Administrator \ AppData \ Local \ Google \ Chrome \ Application \ chrome.exe (Google Инк.) C: \ Users \ Administrator \ AppData \ Local \ Google \ Chrome \ Application \ chrome.exe (Google Инк.) C: \ Users \ Administrator \ AppData \ Local \ Google \ Chrome \ Application \ chrome.exe ==================== Вписванията (в белия списък) ================== HKLM \ ... \ Run: [TPwrMain] - C: \ Program Files \ TOSHIBA \ Power Saver \ TPwrMain.EXE [480608 2009-11-05] (TOSHIBA Corporation) HKLM \ ... \ Run: [HSON] - C: \ Program Files \ TOSHIBA \ TBS \ HSON.exe [55160 2009-03-09] (TOSHIBA Corporation) HKLM \ ... \ Run: [smoothView] - C: \ Program Files \ Toshiba \ SmoothView \ SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation) HKLM \ ... \ Run: [00TCrdMain] - C: \ Program Files \ TOSHIBA \ FlashCards \ TCrdMain.exe [738616 2009-11-10] (TOSHIBA Corporation) HKLM \ ... \ Run: [RtHDVCpl] - C: \ Program Files \ Realtek \ Audio \ HDA \ RtHDVCpl.exe [7625248 2009-08-03] (Realtek Semiconductor) HKU \ S-1-5-21-3877745543-721231576-308643949-500 \ ... \ Run: [GoogleDriveSync] - C: \ Program Files \ Google \ диск \ googledrivesync.exe [21822128 30.01.2014] ( Google) HKU \ S-1-5-21-3877745543-721231576-308643949-500 \ ... \ Run: [skype] - C: \ Program Files \ Skype \ Phone \ Skype.exe [20584608 11.14.2013] ( Skype Technologies SA) HKU \ S-1-5-21-3877745543-721231576-308643949-500 \ ... \ Run: [Google Актуализиране] - C: \ Users \ Administrator \ AppData \ Local \ Google \ обновяване \ GoogleUpdate.exe [136176 2012 -01-28] (Google Инк.) HKU \ S-1-5-21-3877745543-721231576-308643949-500 \ ... \ Run: [GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949] - C: \ Users \ Administrator \ AppData \ Local \ Google \ Chrome \ Application \ chrome.exe [859464 02.20.2014] (Google Инк.) ==================== Интернет (в белия списък) ==================== HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page Redirect Cache_TIMESTAMP = 0xD85DDBE045F8CC01 HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page Redirect Cache AcceptLangs = BG-BG HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://www.google.com/ie HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://www.google.com/ie SearchScopes: HKLM - DefaultScope стойност липсва. SearchScopes: HKCU - 8C9FE4FB335944C1A160FD3BBF0AF8B5 URL = http://searchya.com/?chnl=dcom-100&s=1&cr=1497037303&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDtAtCyE&q={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q = {съсухрен BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C: \ Program Files \ Microsoft Office \ Office14 \ GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C: \ Program Files \ Microsoft Office \ Office14 \ URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435B-BC74-9C25C1C588A9} - C: \ Program Files \ Java \ jre6 \ бен \ jp2ssv.dll (Sun Microsystems, Inc) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab Handler: Skype-т.е.-адон-данни - {91774881-D725-4E58-B298-07617B9B86A8} - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ skypeieplugin.dll (Skype Technologies SA) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C: \ Program Files \ Common Files \ Skype \ Skype4COM.dll (Skype Technologies) Силите: 127.0.0.1 Localhost TCPIP \ Параметри: [DhcpNameServer] 217.9.237.182 84.252.0.18 FireFox: ======== FF ProfilePath: C: \ Users \ Administrator \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ 6msig1jy.default FF Plugin: @ adobe.com / FlashPlayer - C: \ Windows \ system32 \ Macromed \ Flash \ NPSWF32_12_0_0_70.dll () FF Plugin: @ Google.com / GoogleEarthPlugin - C: \ Program Files \ Google \ Google Earth \ плъгин \ npgeplugin.dll (Google) FF Plugin: @ google.com/npPicasa3, версия 3.0.0 = - C: \ Program Files \ Google \ Picasa3 \ npPicasa3.dll (Google, Inc) FF Plugin: @ java.com / JavaPlugin - C: \ Program Files \ Java \ jre6 \ бен \ new_plugin \ npjp2.dll (Sun Microsystems, Inc) FF Plugin: @ microsoft.com / GENUINE - инвалиди No File FF Plugin: @ microsoft.com / OfficeAuthz, версия = 14.0 - C: \ Progra ~ 1 \ MICROS ~ 2 \ Office14 \ NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @ microsoft.com / SharePoint, версия = 14.0 - C: \ Progra ~ 1 \ MICROS ~ 2 \ Office14 \ NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @ tools.google.com / Google обновяване; версия = 3 - C: \ Program Files \ Google \ обновяване \ 1.3.22.5 \ npGoogleUpdate3.dll (Google Инк.) FF Plugin: @ tools.google.com / Google обновяване; версия = 9 - C: \ Program Files \ Google \ обновяване \ 1.3.22.5 \ npGoogleUpdate3.dll (Google Инк.) FF Plugin: Adobe Reader - C: \ Program Files \ Adobe \ Reader 10.0 Reader \ AIR \ nppdf32.dll \ (Adobe Systems, Inc) FF Plugin HKCU: @ talk.google.com / GoogleTalkPlugin - C: \ Users \ Administrator \ AppData \ Roaming \ Mozilla \ плъгини \ npgoogletalk.dll (Google) FF Plugin HKCU: @ talk.google.com/O1DPlugin - C: \ Users \ Administrator \ AppData \ Roaming \ Mozilla \ плъгини \ npo1d.dll (Google) FF Plugin HKCU: @ talk.google.com/O3DPlugin - C: \ Users \ Administrator \ AppData \ Roaming \ Mozilla \ плъгини \ npgtpo3dautoplugin.dll () FF Plugin HKCU: @ tools.google.com / Google обновяване; версия = 3 - C: \ Users \ Administrator \ AppData \ Local \ Google \ обновяване \ 1.3.22.5 \ npGoogleUpdate3.dll (Google Инк.) FF Plugin HKCU: @ tools.google.com / Google обновяване; версия = 9 - C: \ Users \ Administrator \ AppData \ Local \ Google \ обновяване \ 1.3.22.5 \ npGoogleUpdate3.dll (Google Инк.) FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ nppdf32.dll (Adobe Systems, Inc) FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ npqtplugin.dll (Apple Инк.) FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ npqtplugin2.dll (Apple Инк.) FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ npqtplugin3.dll (Apple Инк.) FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ npqtplugin4.dll (Apple Инк.) FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ npqtplugin5.dll (Apple Инк.) FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ npqtplugin6.dll (Apple Инк.) FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ npqtplugin7.dll (Apple Инк.) FF Plugin ProgramFiles / AppData: C: \ Program Files \ Mozilla Firefox \ плъгини \ npzylomgamesplayer.dll (Zylom) FF Plugin ProgramFiles / AppData: C: \ Users \ Administrator \ AppData \ Roaming \ Mozilla \ плъгини \ npgoogletalk.dll (Google) FF Plugin ProgramFiles / AppData: C: \ Users \ Administrator \ AppData \ Roaming \ Mozilla \ плъгини \ npgtpo3dautoplugin.dll () FF Plugin ProgramFiles / AppData: C: \ Users \ Administrator \ AppData \ Roaming \ Mozilla \ плъгини \ npo1d.dll (Google) FF Extension: Speed Dial - [2012-01-28] FF Extension: Skype Кликнете да се обадя - C: \ Program Files \ Mozilla Firefox разширения \ \ {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-02-27] ========================== Services (в белия списък) ================= R2 cfWiMAXService; C: \ Program Files \ TOSHIBA \ ConfigFree \ CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION) R2 ConfigFree Service; C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION) R2 MBAMScheduler; C: \ Program Files \ Malwarebytes 'Anti-Malware \ mbamscheduler.exe [418376 04.04.2013] (Malwarebytes Corporation) R2 MBAMService; C: \ Program Files \ Malwarebytes 'Anti-Malware \ mbamservice.exe [701512 04.04.2013] (Malwarebytes Corporation) R2 Skype C2C Service; C: \ ProgramData \ Skype \ Toolbars \ Skype C2C Service \ c2c_service.exe [3048136 2012-05-30] (Skype Technologies SA) ==================== Drivers (в белия списък) ==================== R3 MBAMProtector; C: \ Windows \ System32 \ Drivers \ mbam.sys [22856 04.04.2013] (Malwarebytes Corporation) R3 NETwLv32; C: \ Windows \ System32 \ Drivers \ NETwLv32.sys [6639616 2010-10-07] (Intel Corporation) S3 pwdrvio; C: \ Windows \ system32 \ pwdrvio.sys [16472 2011-05-06] () S3 pwdspio; C: \ Windows \ system32 \ pwdspio.sys [11104 2011-05-06] () S3 UVCFTR; C: \ Windows \ System32 \ Drivers \ UVCFTR_S.SYS [17960 2009-04-10] (Chicony Electronics Ко ООД) S3 Andbus; system32 \ DRIVERS \ lgandbus.sys [X] S3 AndDiag; system32 \ DRIVERS \ lganddiag.sys [X] S3 AndGps; system32 \ DRIVERS \ lgandgps.sys [X] S3 ANDModem; system32 \ DRIVERS \ lgandmodem.sys [X] S3 androidusb; System32 \ Drivers \ lgandadb.sys [X] S3 ApfiltrService; system32 \ DRIVERS \ Apfiltr.sys [X] S3 cpuz135; \ \ C:? \ Windows \ Temp \ cpuz135 \ cpuz135_x32.sys [X] S1 ijfsefak; \ \ C:? \ Windows \ System32 \ Drivers \ ijfsefak.sys [X] S3 lmimirr; system32 \ DRIVERS \ lmimirr.sys [X] S1 prbifnoo; \ \ C:? \ Windows \ System32 \ Drivers \ prbifnoo.sys [X] S3 VGPU; System32 \ Drivers \ rdvgkmd.sys [X] S3 WinRing0_1_2_0; \ \ D:? \ INSTALL \ RealTemp_360 \ WinRing0.sys [X] ==================== NetSvcs (в белия списък) =================== ==================== Едномесечен създадените файлове и папки ======== 02.03.2014 13:41 - 02.03.2014 13:41 - 00011554 _____ () C: \ Users \ Administrator \ Desktop \ FRST.txt 02.03.2014 13:40 - 02.03.2014 13:40 - 01144832 _____ (Farbar) C: \ Users \ Administrator \ Desktop \ FRST.exe 02.03.2014 12:24 - 02.03.2014 12:26 - 00000000 ____ D () C: \ AdwCleaner 02.03.2014 12:23 - 02.03.2014 12:24 - 01244192 _____ () C: \ Users \ Administrator \ Desktop \ adwcleaner.exe 02.03.2014 10:34 - 02.03.2014 10:34 - 00001026 _____ () C:. \ Users \ Administrator \ Desktop \ Вашият непред-Сталер LNK! 02.03.2014 10:34 - 02.03.2014 10:34 - 00000000 ____ D () C: \ Program Files \ Your Uninstaller! 7 02.03.2014 10:33 - 02.03.2014 10:33 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ URSoft 02.03.2014 09:30 - 02.03.2014 10:48 - 00000000 ____ D () C: \ Program Files \ Microsoft Silverlight 03.01.2014 15:45 - 01.03.2014 15:56 - 00001048 _____ () C: \ Users \ Public \ Desktop \ TeamViewer 8.lnk 02.28.2014 11:18 - 28.02.2014 11:18 - 00010969 _____ () C: \ Users \ Administrator \ Documents \ сканиране на вируси.txt 02.28.2014 08:02 - 28.02.2014 08:02 - 00000000 ____ D () C: \ ProgramData \ Kaspersky Lab 02.26.2014 16:37 - 02.03.2014 12:28 - 00001344 _____ () C: \ Windows \ Setupact.log 02.26.2014 16:37 - 02.03.2014 10:51 - 00094614 _____ () C: \ Windows \ PFRO.log 02.26.2014 16:37 - 02.26.2014 16:37 - 00000000 _____ () C: \ Windows \ setuperr.log 02.26.2014 11:36 - 02.26.2014 11:36 - 00001229 _____ () C: \ Windows \ IE9_main.log 02.25.2014 20:33 - 02.25.2014 20:33 - 00000000 ____ D () C: \ Program Files \ TeamViewer 02.25.2014 20:31 - 02.25.2014 20:32 - 06946176 _____ (TeamViewer GmbH) C: \ Users \ Administrator \ Desktop \ TeamViewer_Setup-ckq.exe 23.02.2014 20:44 - 23.02.2014 20:44 - 00000981 _____ () C: \ Users \ Public \ Desktop \ WinRAR.lnk 23.02.2014 20:44 - 23.02.2014 20:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ WinRAR 23.02.2014 20:24 - 23.02.2014 20:24 - 00000866 _____ () C: \ Users \ Administrator \ Desktop \ μTorrent.lnk 23.02.2014 20:24 - 23.02.2014 20:24 - 00000846 _____ () C: \ Users \ Administrator \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ μTorrent.lnk 23.02.2014 16:55 - 24.02.2014 07:31 - 00012872 _____ (SurfRight BV) C: \ Windows \ system32 \ bootdelete.exe 23.02.2014 16:43 - 23.02.2014 17:19 - 00000000 ____ D () C: \ ProgramData \ HitmanPro 02.22.2014 07:20 - 27.02.2014 13:46 - 00075480 _____ (Malwarebytes Corporation) C: \ Windows \ System32 \ Drivers \ mbamchameleon.sys 02.21.2014 11:41 - 02.03.2014 13:41 - 00000000 ____ D () C: \ Frst 02/18/2014 11:44 - 18/02/2014 11:44 - 00000190 _____ () C: \ ProgramData \ Microsoft.SqlServer.Compact.400.32.bc 02/18/2014 11:44 - 18/02/2014 11:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Online Radio Tuner 02/18/2014 11:44 - 18/02/2014 11:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Bassic Technologies 02/18/2014 11:44 - 18/02/2014 11:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Local \ IsolatedStorage 02/18/2014 11:43 - 18/02/2014 11:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Local \ Deployment 02/18/2014 08:50 - 18/02/2014 08:54 - 00000000 ____ D () C: \ Program Files \ Malwarebytes 'Anti-Malware 02.18.2014 08:50 - 04.04.2013 14:50 - 00022856 _____ (Malwarebytes Corporation) C: \ Windows \ System32 \ Drivers \ mbam.sys 02.17.2014 17:50 - 17.02.2014 17:54 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Local \ кеш . 02.17.2014 17:50 - 17.02.2014 17:50 - 00000000 ____ D () C: \ Users \ Administrator \ Android 02.17.2014 17:50 - 17.02.2014 17:50 - 00000000 _____ () C: \ Users \ Administrator \ daemonprocess.txt 02.17.2014 17:47 - 17.02.2014 17:47 - 01519696 _____ (BitTorrent Инк.) C: \ Users \ Administrator \ Downloads \ Utorrent 3.3.2 Build 30544.exe 02.13.2014 14:50 - 13.02.2014 16:24 - 00000405 _____ () C: \ Users \ Administrator \ AppData \ Roaming \ burnaware.ini 12.02.2014 22:29 - 12.02.2014 22:29 - 00000000 ____ D () C: \ Program Files \ Microsoft SQL Server Compact Edition 12.02.2014 07:01 - 01.01.2014 01:05 - 00420008 _____ () C: \ Windows \ system32 \ locale.nls 12.02.2014 07:01 - 06.12.2013 04:02 - 01237504 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Msxml3.dll 12.02.2014 07:01 - 06.12.2013 04:02 - 00002048 _____ (Microsoft Corporation) C: \ Windows \ system32 \ msxml3r.dll 12.02.2014 07:00 - 25.12.2013 01:09 - 01987584 _____ (Microsoft Corporation) C: \ Windows \ system32 \ d3d10warp.dll 02/12/2014 07:00 - 04/12/2013 04:03 - 00428032 _____ (Microsoft Corporation) C: \ Windows \ system32 \ secproc.dll 02/12/2014 07:00 - 04/12/2013 04:03 - 00423936 _____ (Microsoft Corporation) C: \ Windows \ system32 \ secproc_isv.dll 02/12/2014 07:00 - 04/12/2013 04:03 - 00087040 _____ (Microsoft Corporation) C: \ Windows \ system32 \ secproc_ssp_isv.dll 02/12/2014 07:00 - 04/12/2013 04:03 - 00087040 _____ (Microsoft Corporation) C: \ Windows \ system32 \ secproc_ssp.dll 02/12/2014 07:00 - 04/12/2013 04:02 - 00390144 _____ (Microsoft Corporation) C: \ Windows \ system32 \ msdrm.dll 02/12/2014 07:00 - 04/12/2013 03:54 - 00594944 _____ (Microsoft Corporation) C: \ Windows \ system32 \ RMActivate_isv.exe 02/12/2014 07:00 - 04/12/2013 03:54 - 00572416 _____ (Microsoft Corporation) C: \ Windows \ system32 \ RMActivate.exe 02/12/2014 07:00 - 04/12/2013 03:54 - 00510976 _____ (Microsoft Corporation) C: \ Windows \ system32 \ RMActivate_ssp.exe 02/12/2014 07:00 - 04/12/2013 03:54 - 00508928 _____ (Microsoft Corporation) C: \ Windows \ system32 \ RMActivate_ssp_isv.exe 12.02.2014 07:00 - 11.26.2013 10:16 - 03419136 _____ (Microsoft Corporation) C: \ Windows \ system32 \ d2d1.dll 06.02.2014 22:50 - 06.02.2014 22:50 - 00001270 _____ () C: \ Windows \ System32 \ Config \ bqcxgodo 04.02.2014 10:06 - 19.02.2014 16:35 - 00046592 ___ SH () C: \ Users \ Administrator \ Desktop \ Thumbs.db ==================== Едномесечен променените файлове и папки ======= 02.03.2014 13:41 - 02.03.2014 13:41 - 00011554 _____ () C: \ Users \ Administrator \ Desktop \ FRST.txt 02.03.2014 13:41 - 21.02.2014 11:41 - 00000000 ____ D () C: \ Frst 02.03.2014 13:40 - 02.03.2014 13:40 - 01144832 _____ (Farbar) C: \ Users \ Administrator \ Desktop \ FRST.exe 02.03.2014 13:28 - 01.29.2012 11:30 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Skype 02.03.2014 12:35 - 07.14.2009 06:34 - 00021472 ____ H () C: \ Windows \ system32 \ 7B296FB0-376В-497e-B012-9C450E1B7327-5P-1.C7483456-А289-439d-8115 -601632D005A0 02.03.2014 12:35 - 07.14.2009 06:34 - 00021472 ____ H () C: \ Windows \ system32 \ 7B296FB0-376В-497e-B012-9C450E1B7327-5P-0.C7483456-А289-439d-8115 -601632D005A0 02.03.2014 12:31 - 14.05.2011 23:36 - 01589385 _____ () C: \ Windows \ Windowsupdate.log 02.03.2014 12:28 - 02.26.2014 16:37 - 00001344 _____ () C: \ Windows \ Setupact.log 02.03.2014 12:28 - 2.10.2013 10:48 - 00000000 ___ RD () C: \ Users \ Administrator \ Google Диск 02.03.2014 12:28 - 07.14.2009 06:53 - 00032528 _____ () C: \ Windows \ Задачи \ SCHEDLGU.TXT 02.03.2014 12:28 - 07.14.2009 06:53 - 00000006 ____ H () C: \ Windows \ Задачи \ SA.DAT 02.03.2014 12:26 - 02.03.2014 12:24 - 00000000 ____ D () C: \ AdwCleaner 02.03.2014 12:24 - 02.03.2014 12:23 - 01244192 _____ () C: \ Users \ Administrator \ Desktop \ adwcleaner.exe 02.03.2014 11:30 - 01.28.2012 21:49 - 00001409 _____ () C: \ Users \ Administrator \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Internet Explorer.lnk 02.03.2014 11:28 - 07.14.2009 04:37 - 00000000 ____ D () C: \ Windows \ system32 \ BG-BG 02.03.2014 10:51 - 02.26.2014 16:37 - 00094614 _____ () C: \ Windows \ PFRO.log 02.03.2014 10:51 - 05.15.2011 07:46 - 00000000 ___ HD () C: \ Program Files \ InstallShield информация Инсталация 02.03.2014 10:48 - 02.03.2014 09:30 - 00000000 ____ D () C: \ Program Files \ Microsoft Silverlight 02.03.2014 10:41 - 22.01.2014 18:20 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Utorrent 02.03.2014 10:38 - 05.24.2011 22:24 - 00000000 ____ D () C: \ ProgramData \ LogMeIn 02.03.2014 10:34 - 02.03.2014 10:34 - 00001026 _____ () C:. \ Users \ Administrator \ Desktop \ Вашият непред-Сталер LNK! 02.03.2014 10:34 - 02.03.2014 10:34 - 00000000 ____ D () C: \ Program Files \ Your Uninstaller! 7 02.03.2014 10:33 - 02.03.2014 10:33 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ URSoft 02.03.2014 10:27 - 05.15.2011 10:31 - 00000000 ____ D () C: \ Windows \ Panther 02.03.2014 08:08 - 16.04.2012 10:46 - 01212200 _____ () C: \ Windows \ system32 \ oodbs.lor 02.03.2014 07:10 - 07.14.2009 06:33 - 00477224 _____ () C: \ Windows \ system32 \ FNTCACHE.DAT 03.01.2014 17:01 - 01.28.2012 21:49 - 00145064 _____ () C: \ Users \ Administrator \ AppData \ Local \ GDIPFONTCACHEV1.DAT 03.01.2014 15:56 - 01.03.2014 15:45 - 00001048 _____ () C: \ Users \ Public \ Desktop \ TeamViewer 8.lnk 03.01.2014 14:10 - 01.28.2012 21:49 - 00000000 ____ D () C: \ Users \ Administrator 03.01.2014 13:53 - 12.25.2012 13:25 - 00000000 ____ D () C: \ Program Files \ jv16 PowerTools 2012 03.01.2014 08:48 - 21.11.2010 02:46 - 00000000 __ SHD () C: \ Windows \ BitLockerDiscoveryVolumeContents 03.01.2014 08:47 - 21.11.2010 02:46 - 00000000 ___ RD () C: \ Users \ Public \ Recorded TV 03.01.2014 08:47 - 07.14.2009 04:37 - 00000000 __ RHD () C: \ Users \ Public \ Libraries 03/01/2014 08:18 - 09/30/2011 11:08 - 00001036 _____ () C: \ Windows \ Задачи \ GoogleUpdateTaskUserS-1-5-21-3877745543-721231576-308643949-1000UA.job 03.01.2014 08:12 - 01.28.2012 22:16 - 00001040 _____ () C: \ Windows \ Задачи \ GoogleUpdateTaskUserS-1-5-21-3877745543-721231576-308643949-500UA.job 03.01.2014 07:46 - 05.06.2013 09:54 - 00000216 _____ () C: \ Windows \ Задачи \ AutoKMS.job 03.01.2014 07:46 - 05.15.2011 14:51 - 00000994 _____ () C: \ Windows \ Задачи \ GoogleUpdateTaskMachineCore.job 03.01.2014 07:44 - 16.04.2012 10:47 - 00000830 _____ () C: \ Windows \ \ Задачи Adobe Flash Player Updater.job 03.01.2014 07:33 - 05.15.2011 14:51 - 00000998 _____ () C: \ Windows \ Задачи \ GoogleUpdateTaskMachineUA.job 02.28.2014 21:38 - 07.14.2009 04:37 - 00000000 ___ RD () C: \ Users \ Public 02/28/2014 18:18 - 09/30/2011 11:08 - 00000984 _____ () C: \ Windows \ Задачи \ GoogleUpdateTaskUserS-1-5-21-3877745543-721231576-308643949-1000Core.job 02.28.2014 15:01 - 12.05.2012 08:38 - 00000292 _____ () C: \ Windows \ \ Задачи FastAgain PC Booster_DEFAULT.job 02.28.2014 14:16 - 05.15.2011 18:00 - 00000000 ____ D () C: \ Windows \ PCHEALTH 02.28.2014 11:18 - 28.02.2014 11:18 - 00010969 _____ () C: \ Users \ Administrator \ Documents \ сканиране на вируси.txt 02.28.2014 09:56 - 06.01.2014 14:34 - 00000000 ____ D () C: \ Users \ Administrator \ Documents \ Outlook Files 02.28.2014 08:02 - 28.02.2014 08:02 - 00000000 ____ D () C: \ ProgramData \ Kaspersky Lab 02.28.2014 07:12 - 01.28.2012 22:16 - 00000988 _____ () C: \ Windows \ Задачи \ GoogleUpdateTaskUserS-1-5-21-3877745543-721231576-308643949-500Core.job 02.28.2014 07:09 - 21.11.2010 02:46 - 00000000 ____ D () C: \ Windows \ CSC 27.02.2014 14:16 - 07.14.2009 04:37 - 00000000 ____ D () C: \ Windows \ Microsoft.NET 02/27/2014 13:46 - 02/22/2014 07:20 - 00075480 _____ (Malwarebytes Corporation) C: \ Windows \ System32 \ Drivers \ mbamchameleon.sys 27.02.2014 11:48 - 11.20.2010 23:01 - 00770824 _____ () C: \ Windows \ system32 \ PerfStringBackup.INI 27.02.2014 11:13 - 01.28.2012 22:02 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Mozilla 27.02.2014 06:29 - 21.11.2010 02:46 - 00000000 ____ D () C: \ Windows \ RemotePackages 02.26.2014 16:37 - 02.26.2014 16:37 - 00000000 _____ () C: \ Windows \ setuperr.log 02.26.2014 16:37 - 05.20.2011 19:16 - 00000000 ____ D () C: \ Windows \ GeoOCX 02.26.2014 11:36 - 02.26.2014 11:36 - 00001229 _____ () C: \ Windows \ IE9_main.log 02.26.2014 08:38 - 12.05.2012 08:38 - 00000300 _____ () C: \ Windows \ \ Задачи FastAgain PC Booster_UPDATES.job 02.25.2014 21:20 - 05.24.2011 18:18 - 00000000 ____ D () C: \ Windows \ Acronis 02.25.2014 20:33 - 02.25.2014 20:33 - 00000000 ____ D () C: \ Program Files \ TeamViewer 02.25.2014 20:32 - 02.25.2014 20:31 - 06946176 _____ (TeamViewer GmbH) C: \ Users \ Administrator \ Desktop \ TeamViewer_Setup-ckq.exe 02.25.2014 08:51 - 07.14.2009 04:37 - 00000000 ____ D () C: \ Windows \ регистрация 24.02.2014 14:55 - 05.30.2012 12:07 - 00000000 ____ D () C: \ Windows \ Minidump 24.02.2014 07:31 - 23.02.2014 16:55 - 00012872 _____ (SurfRight BV) C: \ Windows \ system32 \ bootdelete.exe 23.02.2014 20:44 - 23.02.2014 20:44 - 00000981 _____ () C: \ Users \ Public \ Desktop \ WinRAR.lnk 23.02.2014 20:44 - 23.02.2014 20:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ WinRAR 23.02.2014 20:44 - 15.05.2012 11:51 - 00000000 ____ D () C: \ Program Files \ WinRAR 23.02.2014 20:24 - 23.02.2014 20:24 - 00000866 _____ () C: \ Users \ Administrator \ Desktop \ μTorrent.lnk 23.02.2014 20:24 - 23.02.2014 20:24 - 00000846 _____ () C: \ Users \ Administrator \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ μTorrent.lnk 23.02.2014 17:19 - 23.02.2014 16:43 - 00000000 ____ D () C: \ ProgramData \ HitmanPro 02.22.2014 22:22 - 07.14.2009 04:37 - 00000000 ____ D () C: \ Windows \ Web 02.21.2014 13:44 - 07.14.2009 04:37 - 00000000 ____ D () C: \ Windows \ IME 02.21.2014 11:17 - 05.15.2011 09:49 - 00000000 ____ D () C: \ Windows \ tiinst 02.21.2014 09:44 - 16.04.2012 10:47 - 00692616 _____ (Adobe Systems Incorporated) C: \ Windows \ system32 \ FlashPlayerApp.exe 02.21.2014 09:44 - 05.15.2011 10:25 - 00071048 _____ (Adobe Systems Incorporated) C: \ Windows \ system32 \ FlashPlayerCPLApp.cpl 02.21.2014 07:42 - 15.02.2013 21:20 - 00000000 ____ D () C: \ Windows \ Sun 02.19.2014 16:35 - 04.02.2014 10:06 - 00046592 ___ SH () C: \ Users \ Administrator \ Desktop \ Thumbs.db 02.18.2014 12:22 - 05.15.2011 10:17 - 00001945 _____ () C: \ Windows \ epplauncher.mif 02/18/2014 11:44 - 18/02/2014 11:44 - 00000190 _____ () C: \ ProgramData \ Microsoft.SqlServer.Compact.400.32.bc 02/18/2014 11:44 - 18/02/2014 11:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Online Radio Tuner 02/18/2014 11:44 - 18/02/2014 11:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Bassic Technologies 02/18/2014 11:44 - 18/02/2014 11:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Local \ IsolatedStorage 02/18/2014 11:44 - 18/02/2014 11:43 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Local \ Deployment 02.18.2014 11:43 - 01.12.2014 06:48 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Local \ Apps \ 2.0 02.18.2014 09:13 - 07.14.2009 06:52 - 00000000 ____ D () C: \ Windows \ twain_32 02/18/2014 08:54 - 18/02/2014 08:50 - 00000000 ____ D () C: \ Program Files \ Malwarebytes 'Anti-Malware 02.17.2014 17:54 - 17.02.2014 17:50 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Local \ кеш . 02.17.2014 17:50 - 17.02.2014 17:50 - 00000000 ____ D () C: \ Users \ Administrator \ Android 02.17.2014 17:50 - 17.02.2014 17:50 - 00000000 _____ () C: \ Users \ Administrator \ daemonprocess.txt 02.17.2014 17:47 - 17.02.2014 17:47 - 01519696 _____ (BitTorrent Инк.) C: \ Users \ Administrator \ Downloads \ Utorrent 3.3.2 Build 30544.exe 02.17.2014 09:24 - 07.14.2009 04:37 - 00 милиона __ RSD () C: \ Windows \ Media 02.13.2014 16:24 - 13.02.2014 14:50 - 00000405 _____ () C: \ Users \ Administrator \ AppData \ Roaming \ burnaware.ini 02.13.2014 15:06 - 07.14.2009 04:37 - 00000000 ____ D () C: \ Windows \ Help 02.13.2014 10:35 - 07.14.2009 04:37 - 00000000 ____ D () C: \ Windows \ rescache 12.02.2014 22:46 - 05.15.2011 17:57 - 00000000 ____ D () C: \ ProgramData \ Microsoft Help 12.02.2014 22:38 - 18.07.2013 19:27 - 00000000 ____ D () C: \ Windows \ system32 \ MRT 12.02.2014 22:31 - 07.14.2009 04:04 - 00000478 _____ () C: \ Windows \ win.ini 12.02.2014 22:29 - 12.02.2014 22:29 - 00000000 ____ D () C: \ Program Files \ Microsoft SQL Server Compact Edition 12.02.2014 21:02 - 07.14.2009 04:37 - 00000000 ____ D () C: \ Windows \ system32 \ НУГ 12.02.2014 09:09 - 10.04.2013 19:54 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Local \ Facebook 11/02/2014 08:07 - 05.15.2011 07:03 - 00000000 ____ D () C: \ Program Files \ Java 11/02/2014 07:56 - 01/09/2014 06:44 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Google+ Auto Backup 06.02.2014 22:50 - 06.02.2014 22:50 - 00001270 _____ () C: \ Windows \ System32 \ Config \ bqcxgodo 04.02.2014 19:09 - 05.20.2011 19:19 - 85946576 _____ (Microsoft Corporation) C: \ Windows \ system32 \ MRT.exe 04.02.2014 09:52 - 12.25.2012 12:34 - 00000000 ____ D () C: \ Windows \ system32 \ Adobe 04.02.2014 03:17 - 03.18.2011 06:10 - 00000000 ____ D () C: \ Windows \ BG-BG 01.31.2014 14:07 - 30.01.2014 17:13 - 00000000 ____ D () C: \ Users \ Administrator \ AppData \ Roaming \ PFRouterDetector ZeroAccess: C: \ Users \ stanimirkata \ AppData \ Local \ ae106a06 C:. \ Users \ stanimirkata \ AppData \ \ ae106a06 \ U \ 000000cf $ Local C:. \ Users \ stanimirkata \ AppData \ \ ae106a06 \ U \ 800000cf $ Local Част от съдържанието на TEMP: ==================== C: \ Users \ Administrator \ AppData \ Local \ Temp \ Quarantine.exe ==================== Bamital & volsnap Проверка ================= C: \ Windows \ explorer.exe => MD5 е легитимни C: \ Windows \ system32 \ winlogon.exe => MD5 е легитимни C: \ Windows \ system32 \ wininit.exe => MD5 е легитимни C: \ Windows \ System32 \ svchost.exe => MD5 е легитимни C: \ Windows \ system32 \ services.exe => MD5 е легитимни C: \ Windows \ system32 \ User32.dll => MD5 е легитимни C: \ Windows \ system32 \ Userinit.Exe => MD5 е легитимни C: \ Windows \ system32 \ rpcss.dll => MD5 е легитимни C: \ Windows \ System32 \ Drivers \ volsnap.sys => MD5 е легитимни LastRegBack: 02.28.2014 15:24 ==================== End Of Log =========================== = Цитирай Link to comment Сподели другаде More sharing options...
stani_mir Публикувано Март 2, 2014 Author Report Share Публикувано Март 2, 2014 Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Версия на базата от данни: v2014.02.24.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Administrator :: STANIMIRKATA-PC [администратор] Защита: включена 2.3.2014 г. 14:08:53 ч. mbam-log-2014-03-02 (14-08-53).txt Тип сканиране: Бързо сканиране Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUM Изключени опции за сканиране: P2P Сканирани обекти: 285554 Изминало време: 11 минута(и), 39 секунда(и) Открити процеси в паметта: 0 (Не бяха открити зловредни обекти) Открити модули в паметта: 0 (Не бяха открити зловредни обекти) Открити ключове в системния регистър: 0 (Не бяха открити зловредни обекти) Открити стойности в системния регистър: 0 (Не бяха открити зловредни обекти) Открити информационни обекти в системния регистър: 0 (Не бяха открити зловредни обекти) Открити папки: 0 (Не бяха открити зловредни обекти) Открити файлове: 0 (Не бяха открити зловредни обекти) (край) Цитирай Link to comment Сподели другаде More sharing options...
ba4o_kiro Публикувано Март 2, 2014 Report Share Публикувано Март 2, 2014 Scan резултат на възстановяване на Farbar Scan Tool (Frst) (x86) Version: 03.02.2014 01Ран от Administrator (администратор) на STANIMIRKATA-PC на 03.02.2014 13:41:04В ход от C: Users \ Administrator \ Desktop \Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Език: English (US)Internet Explorer Version 9Boot Mode: Normal Единствената официална връзка за изтегляне The за Frst:Изтегляне на връзката за 32-битова версия: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool==================== End Of Log =========================== = Опитай от тук:http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.