РЕШЕН Проблем с гугъл и фейсбук

[jelio_jelev]

Здравейте!

Днес при опит за отваряне на Гугъл или Фейсбук с интернет експлорер ми излиза това: И като последвам връзката ми иска данни от кредитна карта.

С Гугъл хром няма проблем. Други сайтове се отварят нормално (от тези с които съм пробвал) само тези не. Сканирах с Malwarebytes Anti-Malware, намери три заплахи, изтри ги и рестартирах, но няма ефект. Ето и логовете:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Дата на сканиране: 24.9.2015 г.
Час на сканиране: 17:25 ч.
Дневник: Malwarebytes1.txt
Администратор: Да

Версия: 2.1.8.1057
База от данни за злонамерен софтуер: v2015.09.24.03
База от данни за рууткити: v2015.09.22.01
Лиценз: Безплатен
Защита от злонамерен софтуер: Забранено
Защита от злонамерени страници: Забранено
Самозащита: Забранено

ОС: Windows 7 Service Pack 1
Процесор: x64
Файлова система: NTFS
Потребител: Жельо

Тип сканиране: Сканиране за заплахи
Резултат: Завършено
Сканиране обекти: 392907
Изминало време: 1 ч., 33 мин., 46 сек.

Памет: Разрешено
Начално стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
Рууткити: Разрешено
Дълбоко сканиране за рууткити: Разрешено
Евристика: Разрешено
ПНП: Предупреди
ПНИ: Разрешено

Процеси: 0
(Не бяха открити злонамерени обекти)

Модули: 0
(Не бяха открити злонамерени обекти)

Ключове в системния регистър: 3
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATPopups, Поставен под карантина, [e7cc7fb447447db9d916487da06429d7],
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATUpdaters, Поставен под карантина, [763dac8773185fd7a44b883de91b44bc],
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\Google Analytics Package, Поставен под карантина, [1e952e057912a195757c8a3b43c146ba],

Стойности в системния регистър: 0
(Не бяха открити злонамерени обекти)

Данни в системния регистър: 0
(Не бяха открити злонамерени обекти)

Папки: 0
(Не бяха открити злонамерени обекти)

Файлове: 0
(Не бяха открити злонамерени обекти)

Физически сектори: 0
(Не бяха открити злонамерени обекти)

(end)

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by Жельо (administrator) on JAX-LAPTOP (24-09-2015 19:52:16)
Running from C:\Users\Жельо\Desktop
Loaded Profiles: Жельо (Available Profiles: Жельо)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Autodata Limited) C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
() C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\ouc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [iTSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [unlockerAssistant] => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iR_SERVER] => C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-05] (Avast Software s.r.o.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\Run: [TOPI.EXE] => C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\Run: [Google Update] => C:\Users\Жельо\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-05-28] (Samsung)
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\Run: [WindowsPhotoViewerstart] => C:\Users\Жельо\AppData\Roaming\Windows Photo Viewer\WindowsPhotoViewerstart.exe [192512 2015-09-24] (Sltone)
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {cdb173f4-4794-11e4-9418-047d7b60ad51} - I:\AutoRun.exe
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\...\MountPoints2: {cdb17402-4794-11e4-9418-047d7b60ad51} - H:\AutoRun.exe
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-02] (Avast Software s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2012-07-10]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 192.168.0.1
Tcpip\..\Interfaces\{521254B9-7035-4424-A79B-C73FEF009E56}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6408F382-43EF-45F8-A183-6E98326494E7}: [NameServer] 212.39.90.42 212.39.90.43
Tcpip\..\Interfaces\{A41B8DB8-C9BE-4B37-B8E9-4F4D5D0EDF75}: [DhcpNameServer] 195.175.39.40 195.175.39.39
Tcpip\..\Interfaces\{BBA08E84-E9B5-4B8C-8E2B-BE9854F9D071}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{C1BEB88E-16D3-4CA3-B902-802B99874DED}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{E53FC36D-0D30-463D-BA69-5934D48886C5}: [DhcpNameServer] 192.168.100.1 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-678885870-2144746608-4001290835-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-02] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\My Program\BitComet\tools\BitCometBHO_1.5.4.11.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-02] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {CB927D12-4FF7-4A9E-A169-56E4B8A75598} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/x64/ractrl.cab?lmi=1007
DPF: HKLM-x32 {028C3B99-F9B0-4188-8C2C-D71CA84824D5} hxxp://77.71.2.130:7000/program/SonySncCs1011View.cab
DPF: HKLM-x32 {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} hxxps://eu.mydlink.com/8D/activeX//TunnelX.ocx
DPF: HKLM-x32 {6E49B4EF-9FE5-44DF-8D04-445AA94F83DB} hxxp://78.130.205.132:9999/program/SonyNetworkCameraViewer.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://95.87.29.5/WebClient.exe
DPF: HKLM-x32 {9F1C0B35-8230-4176-8B99-5C2485121A4E} hxxp://85.217.132.132/program/SNCActiveXViewer.cab
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://cam1.kassabasystems.com:83/codebase/DVM_IPCam2.ocx
DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://rbweb.corpbank.bg/CSWebBankASP/capicom.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://84.54.135.77/activex/AMC.cab
DPF: HKLM-x32 {EDD8DF0B-A160-45DF-A26E-67C390A57B18} hxxp://95.87.29.4:10106/webrec.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1082

FireFox:
========
FF ProfilePath: C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\agvgq22e.default
FF Homepage: hxxp://www.homepage.bg/?a=dhp
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll [2014-04-16] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll [2014-04-16] ()
FF Plugin-x32: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files\webrec\WEB30\WebPlugin\npmedia.dll [2015-05-16] ()
FF Plugin-x32: @DVR/npmedia,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npmedia.dll [2015-01-30] ()
FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files\webrec\WEB30\WebPlugin\npTimeGrid.dll [2015-05-16] (Unauthorized copy)
FF Plugin-x32: @DVR/npTimeGrid,version=33.2.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\33.2.0.4\npTimeGrid.dll [2015-01-30] (Unauthorized copy)
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: @google.com/sewebplugin -> C:\Windows\system32\npsewebplugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-10-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-10-30] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\My Program\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-678885870-2144746608-4001290835-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Жельо\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-678885870-2144746608-4001290835-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Жельо\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-678885870-2144746608-4001290835-1000: www.mydlink.com/Uplayer -> C:\Users\Жельо\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll [2015-07-09] (D-LINK CORPORATION)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Extension: BitComet Video Downloader - C:\Users\Жельо\AppData\Roaming\Mozilla\Firefox\Profiles\agvgq22e.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.homepage.bg/
CHR Plugin: (Shockwave Flash) - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\45.0.2454.99\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\45.0.2454.99\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\45.0.2454.99\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Java Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Google Update) - C:\Users\Жельо\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (W2MO: Logistics Design, Optimization, WMS, 3D) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\acbokjkdobbboamnnfehlboekicdhcog [2012-08-17]
CHR Extension: (Angry Birds) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-08-17]
CHR Extension: (YouTube) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-17]
CHR Extension: (FARMERAMA) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkfdgnfefjmciocbhnffnbpkjpdleca [2012-08-17]
CHR Extension: (Google Търсене) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-17]
CHR Extension: (Avast Online Security) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-03]
CHR Extension: (Pixorial Photo & Video Sharing) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilbibicalpgnmbjnganinjppjephokai [2012-08-17]
CHR Extension: (Happy Farmer by Fupa) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjdmmbgcdeojkmeablmdjkhplahnmii [2012-08-17]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-17]
CHR Extension: (радио) - C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaapjbgohfgkalmmjpakodbpomahebn [2012-08-17]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-02]
StartMenuInternet: Google Chrome.MBWLTUWGU5OHAGWKF2LZRQIORY - C:\Users\Жельо\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2012-07-17] (Autodata Limited) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-02] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-02] (Avast Software)
S3 BITCOMET_HELPER_SERVICE; C:\My Program\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [13080 2009-12-26] (Microsoft Corporation)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [200704 2006-08-11] (InterVideo Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-04] (NVIDIA Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-04] (NVIDIA Corporation)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625816 2012-06-22] (Pandora.TV)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S2 VIVACOM 3G USB Modem. RunOuc; C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [651856 2013-10-26] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [312184 2010-09-21] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-02] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-02] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-02] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-05] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-02] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-02] ()
S3 CM2593; C:\Windows\System32\DRIVERS\CM2593.sys [12848 2008-09-30] () [File not signed]
S3 CM2593; C:\Windows\SysWOW64\DRIVERS\CM2593.sys [10800 2008-09-30] () [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2014-04-30] () [File not signed]
S3 GRemoteBus; C:\Windows\System32\DRIVERS\GRemoteBus64.sys [27336 2009-08-05] (GBM Software)
S3 GRemoteJoy; C:\Windows\System32\DRIVERS\GRemoteJoy64.sys [46792 2009-08-05] (GBM Software)
S3 GWHid; C:\Windows\System32\DRIVERS\GWHid.sys [22576 2008-09-30] (Microsoft Corporation) [File not signed]
S3 GWHid; C:\Windows\SysWOW64\DRIVERS\GWHid.sys [18992 2008-09-30] (Microsoft Corporation) [File not signed]
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [121728 2013-10-23] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [376448 2013-11-01] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MSBDA; C:\Windows\System32\DRIVERS\UTVAD.sys [1410952 2011-07-15] (Gadmei Electronic Technology Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [225256 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-07-10] () [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-04-11] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-02] (Avast Software)
U3 asb63kqm; C:\Windows\System32\Drivers\asb63kqm.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WINIO; \??\C:\Users\Жельо\Desktop\Test na sistemata\Test na sistemata\psc_2.071\winio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-24 19:52 - 2015-09-24 19:52 - 00031363 _____ C:\Users\Жельо\Desktop\FRST.txt
2015-09-24 19:16 - 2015-09-24 19:17 - 00001699 _____ C:\Users\Жельо\Desktop\Malwarebytes.txt
2015-09-24 19:08 - 2015-09-24 19:52 - 00000000 ____D C:\FRST
2015-09-24 19:07 - 2015-09-24 19:07 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-09-24 19:07 - 2015-09-24 19:07 - 00000000 ____D C:\Windows\system32\vbox
2015-09-24 18:06 - 2015-09-24 18:06 - 02192384 _____ (Farbar) C:\Users\Жельо\Desktop\FRST64.exe
2015-09-24 17:14 - 2015-09-24 17:14 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-24 16:08 - 2015-09-24 19:44 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\Windows Photo Viewer
2015-09-14 16:14 - 2015-09-14 16:15 - 00000000 ____D C:\ProgramData\BSD
2015-09-14 16:14 - 2015-09-14 16:14 - 00000000 ____D C:\ProgramData\TweakBit
2015-09-14 16:03 - 2015-09-14 16:03 - 00000000 ____D C:\Program Files (x86)\CM2593
2015-09-14 16:03 - 2008-09-30 04:18 - 00065072 _____ C:\Windows\system32\Hidhlp.dll
2015-09-14 16:03 - 2008-09-30 04:18 - 00064048 _____ C:\Windows\SysWOW64\Hidhlp.dll
2015-09-14 16:03 - 2008-09-30 04:18 - 00018992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\GWHid.sys
2015-09-14 16:03 - 2008-09-30 04:17 - 00022576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GWHid.sys
2015-09-14 16:03 - 2008-09-30 04:17 - 00012848 _____ C:\Windows\system32\Drivers\CM2593.sys
2015-09-14 16:03 - 2008-09-30 04:17 - 00010800 _____ C:\Windows\SysWOW64\Drivers\CM2593.sys
2015-09-11 10:32 - 2015-09-11 10:32 - 07129308 _____ C:\Users\Жельо\Desktop\Незнайните райски места в България, които трябва да посетите.mht
2015-09-06 16:10 - 2015-09-06 16:10 - 00040803 _____ C:\Users\Жельо\Desktop\Statements.zip
2015-08-27 23:21 - 2015-08-27 23:21 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\Sun
2015-08-27 23:21 - 2015-08-27 23:21 - 00000000 ____D C:\Users\Жельо\.oracle_jre_usage

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-24 19:52 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\tracing
2015-09-24 19:50 - 2014-12-06 19:27 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-24 19:48 - 2012-07-10 13:44 - 01408455 _____ C:\Windows\WindowsUpdate.log
2015-09-24 19:28 - 2012-08-17 08:39 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-678885870-2144746608-4001290835-1000UA.job
2015-09-24 19:12 - 2009-07-14 07:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-24 19:12 - 2009-07-14 07:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-24 19:03 - 2013-08-09 19:15 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-09-24 19:03 - 2013-04-28 18:02 - 00000686 ____H C:\Windows\Tasks\{F78FF1FF-7F8C-40BF-956E-099D61E0547F}.job
2015-09-24 19:03 - 2012-08-21 12:46 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-24 19:03 - 2009-07-14 07:51 - 00060270 _____ C:\Windows\setupact.log
2015-09-24 19:02 - 2012-07-10 13:59 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-24 19:02 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-24 19:01 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\Speech
2015-09-24 17:07 - 2012-07-17 11:26 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\vlc
2015-09-24 15:28 - 2012-08-17 08:39 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-678885870-2144746608-4001290835-1000Core.job
2015-09-24 10:30 - 2012-08-17 08:40 - 00002364 _____ C:\Users\Жельо\Desktop\Google Chrome.lnk
2015-09-23 19:47 - 2012-08-23 17:41 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-21 21:44 - 2012-10-22 11:38 - 00000000 ____D C:\Users\Жельо\Documents\Euro Truck Simulator 2
2015-09-20 20:39 - 2012-07-10 16:14 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\BitComet
2015-09-19 22:18 - 2012-07-10 21:17 - 00000000 ____D C:\Users\Жельо\AppData\Roaming\Skype
2015-09-18 15:23 - 2012-08-17 08:39 - 00003978 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-678885870-2144746608-4001290835-1000UA
2015-09-18 15:23 - 2012-08-17 08:39 - 00003582 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-678885870-2144746608-4001290835-1000Core
2015-09-16 18:48 - 2015-01-10 19:21 - 00000000 ____D C:\Users\Жельо\Desktop\METRO
2015-09-15 10:13 - 2012-08-17 08:39 - 00000000 ____D C:\Users\Жельо\AppData\Local\Google
2015-09-14 16:14 - 2009-07-14 05:34 - 00000614 _____ C:\Windows\win.ini
2015-09-14 15:59 - 2013-04-08 12:55 - 00000000 ____D C:\Windows\USB Vibration
2015-09-14 15:59 - 2012-07-10 14:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-14 15:45 - 2013-04-08 12:54 - 00000000 ____D C:\Program Files (x86)\USB Vibration
2015-09-14 12:10 - 2009-07-14 08:13 - 00796930 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-11 09:59 - 2009-07-14 08:08 - 00032536 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-28 18:06 - 2012-07-12 12:43 - 00000000 ___RD C:\Users\Жельо\Desktop\GAME
2015-08-28 09:16 - 2012-07-10 17:13 - 00496040 _____ C:\Windows\PFRO.log
2015-08-27 23:22 - 2013-10-20 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-27 23:22 - 2013-10-20 16:55 - 00000000 ____D C:\ProgramData\Oracle
2015-08-27 23:22 - 2013-07-13 15:52 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-27 23:21 - 2014-10-20 11:11 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-27 23:21 - 2012-07-10 13:49 - 00000000 ____D C:\Users\Жельо
2015-08-27 18:40 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\L2Schemas
2015-08-27 18:39 - 2013-05-02 22:04 - 00000000 ____D C:\ProgramData\BrowserProtect
2015-08-27 15:23 - 2014-12-06 19:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

==================== Files in the root of some directories =======

2013-09-01 10:52 - 2013-09-01 10:52 - 0039523 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2012-05-04 10:04 - 2012-05-04 10:04 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2013-09-30 14:38 - 2013-09-30 14:38 - 0000053 _____ () C:\Users\Жельо\AppData\Roaming\Battery Meter_Data.ini
2012-07-17 11:20 - 2014-12-07 08:09 - 0000180 _____ () C:\Users\Жельо\AppData\Roaming\default.rss
2013-08-06 18:10 - 2013-08-06 20:48 - 0000018 _____ () C:\Users\Жельо\AppData\Roaming\Network Meter_Usage.ini
2012-08-22 12:27 - 2012-10-16 14:49 - 0005120 _____ () C:\Users\Жельо\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-10 22:27 - 2014-02-10 22:27 - 0000093 _____ () C:\Users\Жельо\AppData\Local\fusioncache.dat
2015-03-26 14:56 - 2015-03-26 14:56 - 0000054 _____ () C:\Users\Жельо\AppData\Local\oPlayer.ini
2012-07-17 17:18 - 2013-04-28 18:36 - 0007596 _____ () C:\Users\Жельо\AppData\Local\Resmon.ResmonCfg
2012-06-21 12:04 - 2012-06-21 18:07 - 0055545 _____ () C:\ProgramData\Cutevideoconverter.ini
2012-06-21 12:04 - 2011-07-23 13:24 - 0111450 _____ () C:\ProgramData\Cutevideoformat.ini

Files to move or delete:
====================
C:\Users\Жельо\Network_Meter_Data.js
C:\Windows\Tasks\{F78FF1FF-7F8C-40BF-956E-099D61E0547F}.job

Some files in TEMP:
====================
C:\Users\Жельо\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Жельо\AppData\Local\Temp\rkm4eh-r.dll
C:\Users\Жельо\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-21 11:29

==================== End of FRST.txt ============================

Addition.txt

[B-boy/StyLe/]

Здравейте,

 

 

СТЪПКА 1

 

 

Изтеглете програмата GeekUninstaller и я запазете на десктопа.

Разархивирайте я и стартирайте файла geek.exe http://i.imgur.com/IxXO5oO.jpg
От списъка намерете BrowserProtect (примера е за Mozilla Firefox, но това е просто за показно).

Кликнете с десен бутон върху програмата и изберете Uninstall
 
http://i.imgur.com/XhV2QLa.png
 
След края на инсталацията ще се отвори прозорец подканващ ви да премахнете всички остатъци от програмата (ако има такива, ако няма този прозорец няма да се появи):
 
Пример за Mozilla браузъра:

Натиснете бутона Finish за да изтриете останките от програмата.

 

Повторете стъпките за програмата Pandora Service

 

 

 

СТЪПКА 2

Изтеглете http://www.lersus.de/img/icons/tutorial/edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

 

Пишете след това и как е положението.

Поздрави!

[jelio_jelev]

Здравей!

BrowserProtect липсва в списъка, но Pandora Service я имаше и извърших инструкциите. FRST зацикли и след 15 минути чакане рестартирах компютъра, но въпреки това имаше лог. За съжаление резултат нямаше.

Fixlog.txt

[B-boy/StyLe/]

Не е била зациклила...моля повторете стъпките без повече своеволия. Причината да се забави, бе, защото включих команда за проверка на системните файлове...

[jelio_jelev]

Моя грешка. Ето новия лог.

 

Fixlog.txt

[B-boy/StyLe/]

Супер...както си и мислех...има оправени системни файлове. Ще проверим дали има още такива за поправяне:

 

Също така направете и следното:

 

 

СТЪПКА 1

 

 

Проверете дяла и за грешки и лоши сектори и да поправим някои от проблемите с файловата система.

 

В полето за търсене CMD => кликнете върху файла CMD.exe и изберете Run as administrator => въведете командата: chkdsk c: /x /f /r => натиснете Enter

 

Съгласете се с Y на диалоговия прозорец. Рестартирайте компютъра и би трябвало проверката да започне.След това вижте какви са били резултатите.

 

Рапорта от проверката ще намерите тук: В полето за търсене въведете eventvwr.msc => Аpplications => събитие WinInit Event ID 1001. Kопирайте рапорта в следващия си пост.

 

Ето как да намерите лог файла.

 

Ако с командата ви е трудно просто отворете My Computer => кликнете с десен бутон на дял C:\ и изберете Properties => отидете на Tools => Check Now... => сложете двете отметки и натиснете бутона Start. Рестартирайте системата и изчакайте проветката да приключи (може да мине над час). След това проверете отново и публикувайте лог файла от последната дата.

 

 

 

СТЪПКА 2

 

 

 

В полето за търсене на Windows въведете CMD => кликнете с десен бутон върху CMD.exe и изберете Run as administrator.

 

След това с копи/пейст изпълнете една по една командите и след всяка натиснете Enter

 

sfc /scannow

findstr /c:"[sR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

 

Сега трябва да се появи sfcdetails.txt на десктопа. Прикачете файла, който ще се появи на десктопа - sfcdetails.txt в следващия си коментар и пишете дали има промяна.

 

 

 

СТЪПКА 3

 

 

 

Изтеглете и стартирайте файла SFCFix.exe.с десен клик на мишката => Run as administraror.

 

Следвайте инструкциите, които ще се появят подканващи ви да натиснете произволен клавиш от клавиатурата.

 

Ако ви поиска инсталационния диск на места, го поставете в оптичното устройство преди да натиснете ОК.

 

Публикувайте лог файла, който ще се появи.

[jelio_jelev]

Стъпка 1

 

 

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                        

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x35007.
  424704 file records processed.                                          File verification completed.
  622 large file records processed.                                      0 bad file records processed.                                        2 EA records processed.                                              31 reparse records processed.                                       CHKDSK is verifying indexes (stage 2 of 5)...
  499810 index entries processed.                                         Index verification completed.
  0 unindexed files scanned.                                           0 unindexed files recovered.                                       CHKDSK is verifying security descriptors (stage 3 of 5)...
  424704 file SDs/SIDs processed.                                         Cleaning up 4135 unused index entries from index $SII of file 0x9.
Cleaning up 4135 unused index entries from index $SDH of file 0x9.
Cleaning up 4135 unused security descriptors.
CHKDSK is compacting the security descriptor stream
  37554 data files processed.                                            CHKDSK is verifying Usn Journal...
  36370968 USN bytes processed.                                             Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  424688 files processed.                                                 File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  1026043 free clusters processed.                                         Free space verification is complete.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

  62914524 KB total disk space.
  58147764 KB in 224064 files.
    133156 KB in 37557 indexes.
         0 KB in bad sectors.
    529428 KB in use by the system.
     65536 KB occupied by the log file.
   4104176 KB available on disk.

      4096 bytes in each allocation unit.
  15728631 total allocation units on disk.
   1026044 allocation units available on disk.

Internal Info:
00 7b 06 00 fe fd 03 00 72 69 07 00 00 00 00 00  .{......ri......
ff 03 00 00 1f 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

 

Стъпка 2

sfcdetails.txt

 

Стъпка 3

SFCFix version 2.4.5.0 by niemiro.
Start time: 2015-09-26 22:49:08.978
Microsoft Windows 7 Service Pack 1 - amd64
Not using a script file.

 

AutoAnalysis::
SUMMARY: No corruptions were detected.
AutoAnalysis:: directive completed successfully.

 

Successfully processed all directives.
SFCFix version 2.4.5.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2015-09-26 22:50:02.568
----------------------EOF-----------------------

 

 

Но пак няма промяна.

 

PS: Не мога да го разбера. Преди малко пробвах пак и ги отваря и след няколко минути пак неще.

Редактиран Септември 26, 2015 от jelio_jelev

[B-boy/StyLe/]

Нормално е да го има проблема все още, защото ние в момента правихме малко maintenance както се казва. Обикновено вашия проблем идва с рууткит Cidox, но при вас липсват симптомите за наличието на този рууткит. Затова ще проверим за адуер, който е много вероятно все още да не е напълно изчистен.

 

Сега за да продължим с почистването следвайте следните стъпки:

 

 

СТЪПКА 1

• Изтеглете и стартирайтe http://i.imgur.com/6sv1DN9.jpgAdwCleaner.exe.
• Натиснете бутона Scan.
• AdwCleaner ще започне да проверява компютъра.
• След като проверката приключи натиснете бутона Clean.
• Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
• Ще се появи автоматично лог файл с името (AdwCleaner[C1].txt) в C:\Adwcleaner
• Публикувайте съдържанието му в следващия си коментар.

 

 

СТЪПКА 2

 

Моля изтеглете http://www.bleepstatic.com/download/product-logos/2012/10/25/icon1351185104.pngJunkware Removal Tool на вашия десктоп.

• Спрете временно работата на защитните програми.
• Стартирайте инструмента JRT.exe
• Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
• Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
• Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
• Моля копирайте съдържанието на лог файла в следващия си пост.

 

 

СТЪПКА 3

 

http://i1214.photobucket.com/albums/cc497/olgun52/icon_zps423a0d9f.jpgМоля изтеглете ZHPcleaner и я запазете на вашия десктоп.

• Стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
• Кликнете върху http://i1214.photobucket.com/albums/cc497/olgun52/Ashampoo_Snap_20140819_13h09m50s_001__zps96d58678.png за да се съгласите с лицензионното споразумение.
• Изберете бутона http://i.imgur.com/y3pI4LR.png.
• Браузърите ще бъдат затворени автоматично.
• Ще се отвори лог файл след приключването на проверката (ако не се появи такъв, натиснете бутона Report).
• Публикувайте лог файла в следващия си коментар.
• Засега не натискайте бутона Repair в инструмента!

 

 

Поздрави!

[jelio_jelev]

Излезе това съобщение докато сканирах с ZHPCleaner. Кое да натисна?

[B-boy/StyLe/]

Дали ви е познат DNS адреса. Явно е на доставчика ви - Vivacom. Натиснете Да.

[jelio_jelev]

Не ми е познат. Не съм на Виваком. Но все пак натиснах да.

Ето и резултатите:

 

Стъпка 1

 

# AdwCleaner v5.008 - Logfile created 27/09/2015 at 10:38:34
# Updated 18/09/2015 by Xplode
# Database : 2015-09-23.1 [server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Жельо - JAX-LAPTOP
# Running from : C:\Users\Жельо\Desktop\adwcleaner_5.008.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Object
[-] Folder Deleted : C:\Program Files (x86)\myfree codec
[-] Folder Deleted : C:\Program Files (x86)\iSmartViewPro
[-] Folder Deleted : C:\ProgramData\Ask
[-] Folder Deleted : C:\ProgramData\InstallBrainService
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Folder Deleted : C:\Users\Жельо\VideoConverter
[-] Folder Deleted : C:\Users\Жельо\AppData\Roaming\eType
[-] Folder Deleted : C:\Users\Жельо\AppData\Roaming\PerformerSoft
[-] Folder Deleted : C:\Users\Жельо\AppData\Roaming\Systweak

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\958b8bb13fec41
[-] Key Deleted : HKLM\SOFTWARE\958b8bb13fec41
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{06DFEF1C-4D02-42FC-A21E-B01BD12A576F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{812AC722-8FD5-4C96-9FB0-F3A4D218F2C9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98B01DCB-DD48-41B2-BEE6-3DF89A8D473A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CB488543-8277-4C97-A99A-AFAEE60B420B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{628EA5BC-42F8-4EA5-9608-E04B10ECE093}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\DSNR Labs
[-] Key Deleted : HKCU\Software\ilivid
[-] Key Deleted : HKCU\Software\Myfree Codec
[-] Key Deleted : HKCU\Software\PIP
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\VIS
[-] Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
[-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
[-] Key Deleted : HKLM\SOFTWARE\PIP
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\VIS
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8EC13308-5065-43FA-A8E8-E985F18DAB89}_is1
[!] Key Not Deleted : [x64] HKCU\Software\APN PIP
[!] Key Not Deleted : [x64] HKCU\Software\DSNR Labs
[!] Key Not Deleted : [x64] HKCU\Software\ilivid
[!] Key Not Deleted : [x64] HKCU\Software\Myfree Codec
[!] Key Not Deleted : [x64] HKCU\Software\PIP
[!] Key Not Deleted : [x64] HKCU\Software\systweak
[!] Key Not Deleted : [x64] HKCU\Software\VIS

***** [ Web browsers ] *****

[-] [C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : babylon.com
[-] [C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com
[-] [C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aidbbndgjnlaclnmhkdimcdjiebjpdel
[-] [C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bfcpnihmbfoaeoakalclfalkdepgiaje
[-] [C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : cfcbmgbfdbijmjgjihagbomfbjfjmgon
[-] [C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : hgojaaaiddhmiiakpejiklijbalpckih
[-] [C:\Users\Жельо\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mocblcnaofikinigmceddfghppkkjbog

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5170 bytes] ##########

 

Стъпка 2

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.3 (09.21.2015:1)
OS: Windows 7 Ultimate x64
Ran by †Ґ«м® on ­Ґ¤ 27.09.2015 Ј. at 10:47:14,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ FireFox

Emptied folder: C:\Users\†Ґ«м®\AppData\Roaming\mozilla\firefox\profiles\agvgq22e.default\minidumps [5 files]

 

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh

[C:\Users\†Ґ«м®\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\†Ґ«м®\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\†Ґ«м®\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\†Ґ«м®\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ­Ґ¤ 27.09.2015 Ј. at 10:51:39,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Стъпка 3

 

~ ZHPCleaner v2015.9.24.356 by Nicolas Coolman (2015/09/24)
~ Run by Жельо (Administrator)  (27/09/2015 10:53:38)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Жельо\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Жельо\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

---\\  Services (0)
~ No malicious or unnecessary items found.

---\\  Browser internet (0)
~ No malicious or unnecessary items found.

---\\  Hosts file (1)
~ The hosts file is legitimate (15302)

---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\  Explorer ( File, Folder) (2)
FOUND folder: C:\ProgramData\InstallMate\AB9C4854  =>PUP.Optional.Tarma
FOUND folder: C:\ProgramData\InstallMate  =>PUP.Optional.Tarma

---\\  Registry ( Key, Value, Data) (19)
FOUND data: [X64] HKLM\SOFTWARE\Classes\JSFile\Shell\Open\Command\\Default [bad : [js] C:\Windows\SysWow64\CScript.exe "%1" %*]  =>Broken.OpenCommand
FOUND key: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com []  =>PUP.Optional.Softonic
FOUND key: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.olark.com [10761]  =>PUP.Optional.Generic
FOUND key: [X64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [iTool]  =>Toolbar.Ask
FOUND key: [X64] HKLM\SOFTWARE\Classes\Applications\iLividSetup-r418-n-bi.exe []  =>PUP.Optional.Bandoo
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32 []  =>Toolbar.Ask
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS []  =>Toolbar.Ask
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32 []  =>Toolbar.Ask
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS []  =>Toolbar.Ask
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASAPI32 []  =>PUP.Optional.BabSolution
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASMANCS []  =>PUP.Optional.BabSolution
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup-r418-n-bi_RASAPI32 []  =>PUP.Optional.Bandoo
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup-r418-n-bi_RASMANCS []  =>PUP.Optional.Bandoo
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32 []  =>PUP.Optional.Babylon
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS []  =>PUP.Optional.Babylon
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OCBrowserHelper_1_RASAPI32 []  =>PUP.Optional.OpenCandy
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OCBrowserHelper_1_RASMANCS []  =>PUP.Optional.OpenCandy
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCPerformer_RASAPI32 []  =>PUP.Optional.PerformerSoft
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCPerformer_RASMANCS []  =>PUP.Optional.PerformerSoft

---\\ Result of repair
~ Any repair made
~ Browser not found (Opera Software)

---\\ Statistics
~ Items scanned : 113942
~ Items found : 21
~ Items cancelled : 0
~ Items repaired : 0

~ End of search in 95 minutes
===================
ZHPCleaner--27092015-12_28_44.txt

[B-boy/StyLe/]

Ами ако не ви е познат DNS-а, тогава като стартирате отново програмата ако се появи въобщението просто натиснете Не или после от настройките на мрежовата карта го сменете ръчно на автоматичен адрес или задайте DNS-ите на Google например, както съм направил аз:

 

http://i.imgur.com/K1zEE2t.jpg

 

А иначе стартирайте отново ZHPCleaner и направете нова проверка с него. След като приключи натиснете бутона Repair и след това публикувайте новия лог файл.

Пишете и как е положението с браузърите.

 

Поздрави!

[jelio_jelev]

Сега и Гугъл и Фейсбук се отварят нормално. IP адреса си беше на автоматичен. DNSа ръчно го въведох както сте го показали. Ето и лога след поправката.

 

~ ZHPCleaner v2015.9.24.356 by Nicolas Coolman (2015/09/24)
~ Run by Жельо (Administrator)  (27/09/2015 15:13:41)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Жельо\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Жельо\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

---\\  Services (0)
~ No malicious or unnecessary items found.

---\\  Browser internet (0)
~ No malicious or unnecessary items found.

---\\  Hosts file (1)
~ The hosts file is legitimate (15302)

---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\  Explorer ( File, Folder) (1)
MOVED folder: C:\ProgramData\InstallMate  =>PUP.Optional.Tarma

---\\  Registry ( Key, Value, Data) (19)
DELETED data: [X64] HKLM\SOFTWARE\Classes\JSFile\Shell\Open\Command\\Default [bad : [js] C:\Windows\SysWow64\CScript.exe "%1" %*]  =>Broken.OpenCommand
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com []  =>PUP.Optional.Softonic
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.olark.com [10761]  =>PUP.Optional.Generic
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [iTool]  =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Applications\iLividSetup-r418-n-bi.exe []  =>PUP.Optional.Bandoo
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32 []  =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS []  =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32 []  =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS []  =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASAPI32 []  =>PUP.Optional.BabSolution
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASMANCS []  =>PUP.Optional.BabSolution
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup-r418-n-bi_RASAPI32 []  =>PUP.Optional.Bandoo
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup-r418-n-bi_RASMANCS []  =>PUP.Optional.Bandoo
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32 []  =>PUP.Optional.Babylon
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS []  =>PUP.Optional.Babylon
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OCBrowserHelper_1_RASAPI32 []  =>PUP.Optional.OpenCandy
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OCBrowserHelper_1_RASMANCS []  =>PUP.Optional.OpenCandy
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCPerformer_RASAPI32 []  =>PUP.Optional.PerformerSoft
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCPerformer_RASMANCS []  =>PUP.Optional.PerformerSoft

---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)

---\\ Statistics
~ Items scanned : 31126
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 20

~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-27092015-15_14_10.txt
ZHPCleaner--27092015-12_28_44.txt
ZHPCleaner--27092015-15_13_00.txt

[B-boy/StyLe/]

Чудесно....преди да приключим нека да направим няколко финални проверки и след това ще ви дам финални съвети.

 

 

СТЪПКА 1

 

 

Моля изтеглете Malwarebytes Anti-Malware 2.1.8.1057 Final и я запазете на вашия десктоп.

• Стартирайте файла mbam-setup-2.1.8.1057.exe и следвайте указанията за да инсталирате програмата.
• След като инсталацията приключи се уверете че сте сложили отметка пред:
• Launch Malwarebytes Anti-Malware
• Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката. Т.е. премахнете първата отметка:

http://i.imgur.com/DkgJ7Zr.png

• Натиснете бутона Finish.
• Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
• Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
• Ще започне проверка за зловреден софтуер.
• При някои инфекции можете да видите съобщението:
• "Could not load DDA driver"
• Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
• Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
• След като проверката приключи натиснете бутона Apply Actions.
• Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
• След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
• Отидете то табът History > Application Logs.

http://i.imgur.com/65ZBqkR.jpg

• Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
• Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

 

 

СТЪПКА 2

 

 

1.Изтеглете Hitman Pro.

За 32-битова система - http://i.imgur.com/dEMD6.gif.
За 64-битова система - http://wiki.splatterladder.com/images/Download-button3.gif

2.Стартирайте програмата.

3.След като сте стартирали програмата като кликнете върху иконата http://i.imgur.com/5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).

4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.
 
Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:
 
http://forums.majorgeeks.com/chaslang/images/Hitman/6-scanfin-choose.jpg
 
Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:\Programdata\HitmanPro\Logs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

 

Забележка: Папката C:\ProgramData е скрита и затова трябва да направите скритите файлове видими по-следния начин:

 

От My Computer => Tools => Folder Options => View:

 

Сложете отметка пред "Show hidden files, folders and drives"

 

и махнете отметката пред "Hide protected operating system files (recommended)".

 

Натиснете Apply.

 

Сега проверете за лог файла в папката C:Programdata\HitmanPro\Logs и го прикачете в следващия си коментар.

 

 

СТЪПКА 3

 

 

http://filepony.de/icon/emsisoft_emergency_kit.pnghttp://www.deeprybka.trojaner-board.de/bausteine/emsisoft/logo.png

• Моля изтеглете EmsisoftEmergencyKit, стартирайте exe файла и посочете къде да се разархивира програмата - например в (C:\EEK), натискайки бутона Extract.
• Стартирайте иконата на файла Start Emsisoft Emergency Kit от десктопа за да стартирате приложението.
• Натиснете бутона"Yes", когато бъдете подканени да обновите дефинициите на програмата.

http://deeprybka.trojaner-board.de/bausteine/emsisoft/EKK.gif

• След като процеса по обновяването на дефинициите приключи натиснете бутона "Scan".
• Натиснете бутона "Yes", когато бъдете попитани дали да програмата да включи засичането на потенциално нежелани приложения (Potentially Unwanted Applications).
• Сега вече изберете бутона Custom Scan. Премахнете от списъка всички дялове без C:\ (т.е. нека да остане само дял C:\ в списъка).
• Натиснете Next за да започне проверката.
• Когато проверката приключи натиснете бутона View Report.
• Копирайте съдържанието на лог файла в следващия си коментар.

 

 

 

СТЪПКА 4

 

 

• Моля изтеглете и стартирайте изпълнимия файл от линка отдолу:
  ESET OnlineScan
• Сложете отметката предhttp://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
• Натиснете бутона http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png.
• Сложете отметката пред Enable detection of potentially unwanted applications.
• Сега кликнете на Advanced Settings и се уверете, че опцията Remove found threats не е маркирана, а следните са маркирани:
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Изберете сега бутона Change и изберете само Operating memory и дял C:\

http://i.imgur.com/fhSji42.png

 

• Натиснете бутона Start.
• ESET ще започне да сваля и инсталира актуализации за вирусните дефиниции и след това ще започне да сканира компютъра. Бъдете търпеливи, защото процеса е бавен и може да отнеме доста време.
• След като проверката приключи натиснете бутонаhttp://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
• Сега натиснете бутона http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, и запазете файла на десктопа с име по избор като например (ESETScan.txt). Копирайте резултата в следващия си коментар.
• Натиснете бутона http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png и след това натиснете бутона http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png за да затворите приложението.

 

Поздрави!

[jelio_jelev]

Стъпка 1:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Дата на сканиране: 28.9.2015 г.
Час на сканиране: 22:19 ч.
Дневник:
Администратор: Да

Версия: 2.1.8.1057
База от данни за злонамерен софтуер: v2015.09.28.06
База от данни за рууткити: v2015.09.22.01
Лиценз: Безплатен
Защита от злонамерен софтуер: Забранено
Защита от злонамерени страници: Забранено
Самозащита: Забранено

ОС: Windows 7 Service Pack 1
Процесор: x64
Файлова система: NTFS
Потребител: Жельо

Тип сканиране: Сканиране за заплахи
Резултат: Завършено
Сканиране обекти: 386758
Изминало време: 27 мин. 10 сек.

Памет: Разрешено
Начално стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
Рууткити: Разрешено
Дълбоко сканиране за рууткити: Разрешено
Евристика: Разрешено
ПНП: Предупреди
ПНИ: Разрешено

Процеси: 0
(Не бяха открити злонамерени обекти)

Модули: 0
(Не бяха открити злонамерени обекти)

Ключове в системния регистър: 0
(Не бяха открити злонамерени обекти)

Стойности в системния регистър: 0
(Не бяха открити злонамерени обекти)

Данни в системния регистър: 0
(Не бяха открити злонамерени обекти)

Папки: 0
(Не бяха открити злонамерени обекти)

Файлове: 0
(Не бяха открити злонамерени обекти)

Физически сектори: 0
(Не бяха открити злонамерени обекти)

(end)

 

 

Стъпка 2:

 

 

HitmanPro 3.7.9.246
www.hitmanpro.com
   Computer name . . . . : JAX-LAPTOP
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : JAX-LAPTOP\Жельо
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2015-09-28 22:51:28
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 40s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 32
   Objects scanned . . . : 2 112 646
   Files scanned . . . . : 36 782
   Remnants scanned  . . : 341 808 files / 1 734 056 keys
Malware _____________________________________________________________________
   C:\Ross-Tech\VCDS-12.12.0\update.exe
      Size . . . . . . . : 476 672 bytes
      Age  . . . . . . . : 653.4 days (2013-12-14 12:23:50)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : EEC6688B24CB96672F3FEDC74E535707E192153A0FCA59DAE6BE36D041DCCE70
      Product  . . . . . : On-line update
      Description  . . . : On-line update tool
      Version  . . . . . : 3.5.3.0
      LanguageID . . . . : 1033
    > G Data . . . . . . : Trojan.Generic.9233449
      Fuzzy  . . . . . . : 111.0
      References
         C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCDS 12.12.0\VCDS On-line update.lnk

Suspicious files ____________________________________________________________
   C:\Windows\SysWOW64\dllh264.dll
      Size . . . . . . . : 103 936 bytes
      Age  . . . . . . . : 549.4 days (2014-03-28 14:18:06)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 4C7A6457EE496B935763BD3FBBE145067F2673EE342724D9725C20C589216AE3
      Fuzzy  . . . . . . : 24.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The Entry Point of this file lies in a resource section. This is an indication of malware infection.
         The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
   C:\Windows\SysWOW64\dllmpeg4.dll
      Size . . . . . . . : 91 648 bytes
      Age  . . . . . . . : 549.4 days (2014-03-28 14:18:06)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 0577D3C0C1C451D7FA9805B9F16D1F0EE5FDB5D3D2F9E61390FD4CE6D762D4B7
      Fuzzy  . . . . . . : 24.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The Entry Point of this file lies in a resource section. This is an indication of malware infection.
         The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.

Potential Unwanted Programs _________________________________________________
   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegCleanPro_RASAPI32\ (RegClean Pro)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegCleanPro_RASMANCS\ (RegClean Pro)
   HKLM\SOFTWARE\Wow6432Node\Reg\Clean\ (AskBar)
   HKU\S-1-5-21-678885870-2144746608-4001290835-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-678885870-2144746608-4001290835-1000\Software\Reg\Clean\ (RegClean Pro)
Cookies _____________________________________________________________________
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\00PXOGQS.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\107BXLNZ.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\2VJ0NJCD.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\5JH86R9W.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\70L7JTW2.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\9J20ENFX.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\A8QJODV7.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\AX57EKDG.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\BWGGYMBK.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\CXSKIJY7.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\D527MSB2.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\D9BSBQ33.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\G13L07O7.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\HDYD6QXQ.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\KIK2R3K9.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\NT2CB6PE.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\T9JY6YFV.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\THIGJH4O.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\W2UNBWQ4.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\X3XH741F.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\YJI67KJ2.txt
   C:\Users\Жельо\AppData\Roaming\Microsoft\Windows\Cookies\YVUHN3F1.txt

 

Стъпка 3:

 

Emsisoft Emergency Kit - Version 10.0
Last update: 28.9.2015 г. 23:06:45
User account: JAX-LAPTOP\Жельо

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 28.9.2015 г. 23:08:50
C:\Users\Жельо\Favorites\links\mp3.url  detected: Adware.Win32.Gipho (A)
Value: HKEY_USERS\S-1-5-21-678885870-2144746608-4001290835-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-678885870-2144746608-4001290835-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32  detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS  detected: Application.Win32.InstallExt (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\INSTALLBRAINSERVICE  detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\INSTALLBRAINSERVICE  detected: Application.InstallAd (A)

Scanned 322810
Found 7

Scan end: 29.9.2015 г. 00:10:17
Scan time: 1:01:27

 

 

Стъпка 4:

Есет не откри нищо и съответно нямаше бутон за списък.