Премини към съдържанието

Wrath

Потребител
  • Публикации

    162
  • Регистрация

  • Последно онлайн

Харесвания

26 Добра репутация

Всичко за Wrath

  • Титла
    uj doktor
  • Рожден ден 23.01.1998

Информация

  • Пол
    Мъж
  • Интереси
    Фитнес

Последни посетители

2777 прегледа на профила
  1. Заповядайте ! Мисля, че всичко е решено ? Благодарен съм за отделеното време ! Системата върви супер ! # DelFix v1.013 - Logfile created 29/10/2017 at 21:53:55 # Updated 17/04/2016 by Xplode # Username : user - WRATH # Operating System : Windows 10 Pro (64 bits) ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\SecurityCheck Deleted : C:\Users\user\Desktop\FRST64.exe Deleted : C:\Users\user\Desktop\SecurityCheck.exe ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #3 [Windows Backup | 10/26/2017 14:37:21] Deleted : RP #5 [Restore Point Created by FRST | 10/28/2017 16:26:24] Deleted : RP #6 [Windows Backup | 10/29/2017 17:00:02] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  2. Има лек бууст относно бързината. Деинсталирах дадената програма и обнових chrome. Благодаря за съдействието!
  3. Благодаря за бързите отговори ! SecurityCheck by glax24 & Severnyj v.1.4.0.52 [25.07.17] WebSite: www.safezone.cc DateLog: 28.10.2017 21:58:14 Path starting: C:\Users\user\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: user VersionXML: 4.73is-27.10.2017 ___________________________________________________________________________ Windows 10(6.3.16299) (x64) Professional Release: 1709 Lang: English(0409) Installation date OS: 18.10.2017 17:00:16 LicenseStatus: Windows(R), Professional edition Volume activation will expire : 259128 minutes LicenseStatus: Office 16, Office16O365HomePremR_SubTrial5 edition Windows is in Notification mode LicenseStatus: Office 16, Office16ProPlusVL_KMS_Client edition Volume activation will expire : 259128 minutes LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode Boot Mode: Normal Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe SystemDrive: C: FS: [NTFS] Capacity: [223 Gb] Used: [92.2 Gb] Free: [130.8 Gb] -------------------------- [ SecurityUtilities ] -------------------------- Malwarebytes version 3.2.2.2029 v.3.2.2.2029 Unchecky v1.1 v.1.1 --------------------------- [ OtherUtilities ] ---------------------------- WinRAR 5.50 (64-bit) v.5.50.0 --------------------------------- [ IM ] ---------------------------------- Skype™ 7.40 v.7.40.103 --------------------------------- [ P2P ] --------------------------------- µTorrent v.3.5.0.44090 Warning! P2P-client. ------------------------------- [ Browser ] ------------------------------- Google Chrome v.61.0.3163.100 Warning! Download Update --------------------------- [ RunningProcess ] ---------------------------- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.61.0.3163.100 ------------------ [ AntivirusFirewallProcessServices ] ------------------- D:\Programs\Malwarebytes Anti-Malware\Anti-Malware\mbamtray.exe v.3.0.0.1208 Malwarebytes Service (MBAMService) - The service is running D:\Programs\Malwarebytes Anti-Malware\Anti-Malware\MBAMService.exe v.3.1.0.556 C:\Program Files\Windows Defender\MsMpEng.exe v.4.12.16299.15 C:\Program Files\Windows Defender\NisSrv.exe v.4.12.16299.15 C:\Program Files\Windows Defender\MSASCuiL.exe v.4.12.16299.15 Windows Defender Antivirus Service (WinDefend) - The service is running Windows Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running ---------------------------- [ UnwantedApps ] ----------------------------- Unity Web Player v.5.3.5f1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. ----------------------------- [ End of Log ] ------------------------------
  4. Заповядайте ! # AdwCleaner 7.0.4.0 - Logfile created on Sat Oct 28 17:40:50 2017 # Updated on 2017/27/10 by Malwarebytes # Database: 10-28-2017.1 # Running on Windows 10 Pro (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mail.ru PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0} ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [1137 B] - [2017/10/28 17:39:16] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ########## # AdwCleaner 7.0.4.0 - Logfile created on Sat Oct 28 17:40:50 2017 # Updated on 2017/27/10 by Malwarebytes # Database: 10-28-2017.1 # Running on Windows 10 Pro (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mail.ru PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0} ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [1137 B] - [2017/10/28 17:39:16] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########
  5. Лога от Zemana Antimalware не успях да го намеря, но успях този последния от преди малко. Fixlog.txt Last scan.txt
  6. Добър ден ! Днес забелязах, че имам чужди опити за логини във всичките си абв акаунти. От Нидерландия, Алжир, Оман и така нататък. Верятно да е фалшвиш ип адрес, но винаги има все пак. Опитите за влизане са несполучливи понеже няма как да ми улучат паролата , но все пак се притесних. Ще съм супер благодарен за малко помощ ! Addition.txt FRST.txt
  7. Wrath

    Вирус - mio.exe

    Благодаря ви много за отделеното време ! Браво, отлична работа !!!
  8. Wrath

    Вирус - mio.exe

    Всичко е наред !
  9. Wrath

    Вирус - mio.exe

    Премахнах ги вече. Изтрих и дадения файл, сега остава да минат няколко, че през няколко часа Chrome се рестартираше, но, мисля че най-вероятно проблема ще е разрешен. Благодаря много за бързото съдейтсвие !!!!
  10. Wrath

    Вирус - mio.exe

    Ето ги лог файловете. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/12/2017 Scan Time: 1:49 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2017.04.12.03 Rootkit Database: v2017.04.02.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: user Scan Type: Threat Scan Result: Completed Objects Scanned: 281299 Time Elapsed: 7 min, 5 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 Adware.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{78D356EE-C57D-4825-BFF0-5EAF4A62B9F3}, , [64cfcd230e9a9d99b84ecfc7936dba46], Registry Values: 1 Adware.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{78D356EE-C57D-4825-BFF0-5EAF4A62B9F3}|Path, \Milimili, , [64cfcd230e9a9d99b84ecfc7936dba46] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) HitmanPro 3.7.18.284 www.hitmanpro.com Computer name . . . . : WRATH Windows . . . . . . . : 10.0.0.14393.X64/4 User name . . . . . . : WRATH\user UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (29 days left) Scan date . . . . . . : 2017-04-12 13:58:10 Scan mode . . . . . . : Normal Scan duration . . . . : 1m 51s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 1 Objects scanned . . . : 1,772,581 Files scanned . . . . : 49,719 Remnants scanned . . : 346,154 files / 1,376,708 keys Suspicious files ____________________________________________________________ C:\Users\user\Desktop\FRST64.exe Size . . . . . . . : 2,424,832 bytes Age . . . . . . . : 0.6 days (2017-04-11 23:21:16) Entropy . . . . . : 7.6 SHA-256 . . . . . : 3A3DCD0D3C9C1FE10C45AF795DC9452DA192246BB67D896AB7F16151A53C1B5F Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -1.4s C:\Users\user\AppData\Local\Zemana\Zemana AntiMalware\reports\2017.04.11-23.20.33-i0-t92-d0.txt 0.0s C:\Users\user\Desktop\FRST64.exe 24.8s C:\FRST\Logs\ct 24.8s C:\Users\user\Desktop\malware.txt 28.0s C:\System Volume Information\SPP\OnlineMetadataCache\{325a18cf-fc6e-4300-9305-f06151fd0f75}_OnDiskSnapshotProp 28.3s C:\System Volume Information\{3c722f18-1eba-11e7-89c0-4ccc6a66153b}{3808876b-c176-4e48-b7ae-04046e6cc752} 30.5s C:\Windows\Prefetch\DLLHOST.EXE-BF26B840.pf 30.5s C:\FRST\Quarantine\C\ 30.5s C:\FRST\Quarantine\C\WINDOWS\ 30.5s C:\FRST\Quarantine\C\WINDOWS\system32\GroupPolicy\ 30.5s C:\FRST\Quarantine\C\WINDOWS\system32\ 30.5s C:\Windows\Prefetch\SRTASKS.EXE-29C2E869.pf 30.6s C:\ProgramData\NVIDIA\MessageBus_1824_0x27D934F8B60.log 30.6s C:\ProgramData\NVIDIA\MessageBus_1824_0x27D934F93E0.log 30.8s C:\FRST\Quarantine\C\Users\ 30.8s C:\FRST\Quarantine\C\Users\user\ 30.8s C:\FRST\Quarantine\C\Users\user\AppData\Local\Google\Chrome\ 30.8s C:\FRST\Quarantine\C\Users\user\AppData\Local\Google\ 30.8s C:\FRST\Quarantine\C\Users\user\AppData\Local\ 30.8s C:\FRST\Quarantine\C\Users\user\AppData\ 30.8s C:\FRST\Quarantine\C\Users\user\AppData\Local\Google\Chrome\User Data\ 30.9s C:\FRST\Quarantine\C\Users\user\AppData\Local\Google\Chrome\User Data\Default\ 30.9s C:\FRST\Quarantine\C\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ 31.0s C:\FRST\Quarantine\C\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\ 31.0s C:\FRST\Quarantine\C\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ 31.3s C:\FRST\Quarantine\C\Program Files (x86)\ 31.3s C:\FRST\Quarantine\C\Users\Public\ 31.3s C:\FRST\Quarantine\C\Users\Public\Documents\ 31.4s C:\FRST\Quarantine\C\Users\user\AppData\Local\Temp\ 33.4s C:\Windows\Prefetch\FRST64.EXE-0DF83B79.pf 34.7s C:\Windows\Prefetch\BITSADMIN.EXE-51D741B1.pf 34.8s C:\Windows\Prefetch\NETSH.EXE-59756CAC.pf 34.9s C:\Windows\Prefetch\IPCONFIG.EXE-EEA91845.pf 34.9s C:\Windows\Prefetch\DLLHOST.EXE-B51A0D95.pf 35.7s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx 39.5s C:\Windows\Prefetch\OFFICECLICKTORUN.EXE-4FE3D34D.pf 40.5s C:\Windows\Prefetch\SEARCHINDEXER.EXE-EF8503D3.pf 40.6s C:\Windows\Prefetch\NVCONTAINER.EXE-33394D19.pf 47.1s C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db 47.1s C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db 47.1s C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db 47.1s C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db 47.1s C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db 47.1s C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db 47.1s C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db 47.1s C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db 47.1s C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db 47.1s C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db 47.1s C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db 47.1s C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db 47.1s C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db 47.1s C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db 47.1s C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db 47.2s C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 47.2s C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db 50.7s C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx 53.2s C:\Windows\Prefetch\SETTINGSYNCHOST.EXE-DD400067.pf 53.6s C:\Windows\Prefetch\DLLHOST.EXE-6E31253B.pf 54.2s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\History 54.2s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Cache\index 54.2s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies 54.3s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Visited Links 54.3s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Cache\data_0 54.3s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Cache\data_1 54.3s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Cache\data_2 54.3s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Cache\data_3 54.4s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\GPUCache\index 54.4s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\GPUCache\data_0 54.4s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\GPUCache\data_1 54.4s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\GPUCache\data_2 54.4s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\GPUCache\data_3 56.1s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Last Session 56.1s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Current Session 58.9s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Cache\f_000003 59.7s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage 59.7s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal 62.7s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Cache\f_000008 64.2s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\https_www.facebook.com_0.localstorage 64.2s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\https_www.facebook.com_0.localstorage-journal 66.7s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Last Tabs 66.7s C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Current Tabs C:\Program Files (x86)\Microsoft Toolkit Final\MicrosoftToolkitInstall.bat Win32/TrojanDropper.Addrop.AS trojan C:\Users\user\AppData\Roaming\EloBuddy\Addons\Aka´s Vayne_6A6165C9.exe a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Addons\EvadeIC_5BE723BF.exe a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Addons\EvadePlus_74097FCC.exe a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Addons\TwistedBuddy_1B30D8EF.exe a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Addons\WuMorgana_8AD88252.exe a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Addons\Libraries\EloBuddy.Sandbox.dll a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Addons\Libraries\EloBuddy.SDK.dll a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Repositories\312AC617\Aka´s Vayne\bin\Release\Auto Carry Vayne.exe a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Repositories\312AC617\Aka´s Vayne\bin\Release\EloBuddy.Sandbox.dll a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Repositories\312AC617\Aka´s Vayne\bin\Release\EloBuddy.SDK.dll a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Repositories\312AC617\Aka´s Vayne\obj\Release\Auto Carry Vayne.exe a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Repositories\520A0EE1\WuMorgana\WuMorgana\bin\Release\EloBuddy.Sandbox.dll a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Repositories\520A0EE1\WuMorgana\WuMorgana\bin\Release\EloBuddy.SDK.dll a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Repositories\520A0EE1\WuMorgana\WuMorgana\bin\Release\WuMorgana.exe a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Repositories\520A0EE1\WuMorgana\WuMorgana\obj\Release\WuMorgana.exe a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Repositories\80AE9C8D\TwistedFate\bin\Release\EloBuddy.Sandbox.dll a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Repositories\80AE9C8D\TwistedFate\bin\Release\EloBuddy.SDK.dll a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Repositories\80AE9C8D\TwistedFate\bin\Release\TwistedBuddy.exe a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Repositories\80AE9C8D\TwistedFate\obj\Release\TwistedBuddy.exe a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Repositories\A8DA7FD4\Dependencies\EloBuddy.SDK.dll a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Repositories\A8DA7FD4\EvadePlus\bin\Release\EloBuddy.Sandbox.dll a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Repositories\A8DA7FD4\EvadePlus\bin\Release\EloBuddy.SDK.dll a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Repositories\A8DA7FD4\EvadePlus\bin\Release\EvadePlus.exe a variant of MSIL/GameHack.QL potentially unsafe application C:\Users\user\AppData\Roaming\EloBuddy\Repositories\A8DA7FD4\EvadePlus\obj\Release\EvadePlus.exe a variant of MSIL/GameHack.QL potentially unsafe application C:\Windows\SECOH-QAD.dll Win64/HackKMS.D potentially unsafe application C:\Windows\SECOH-QAD.exe Win64/HackKMS.C potentially unsafe application C:\Windows\Installer\b04b5b2.msi a variant of Win32/Adware.ELEX.GJ application
  11. Wrath

    Вирус - mio.exe

    Ето го лог файла от стъпка 1. Помислих,че съм го качил. Изпълних него първо, извинявам се за неудобството. Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017 Ran by user (11-04-2017 23:21:41) Run:1 Running from C:\Users\user\Desktop Loaded Profiles: user (Available Profiles: user) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: GroupPolicy: Restriction - Chrome <======= ATTENTION GroupPolicy\User: Restriction <======= ATTENTION CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-01] <==== ATTENTION CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16] CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-07] HKU\S-1-5-21-2796335869-2349784613-4229149687-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Antanna\Application\chrome.exe <==== ATTENTION HKU\S-1-5-21-2796335869-2349784613-4229149687-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Antanna\Application\chrome.exe <==== ATTENTION C:\Program Files (x86)\Antanna S2 Nipuytersary; C:\Program Files (x86)\Ghibay\qialhophCll.dll [X] C:\Program Files (x86)\Ghibay S3 dbx; system32\DRIVERS\dbx.sys [X] 2017-04-11 15:31 - 2017-04-11 15:31 - 00000000 ____D C:\Users\user\AppData\Local\AdvinstAnalytics 2017-04-03 21:46 - 2017-04-08 23:21 - 00000040 _____ C:\Program Files (x86)\settings.dat 2017-04-11 09:40 - 2017-03-01 18:04 - 00000000 _____ C:\Users\Public\Documents\temp.dat 2017-04-10 23:13 - 2017-03-01 18:04 - 00000000 _____ C:\Users\Public\Documents\report.dat 2017-03-01 19:22 - 2017-03-01 19:22 - 0000000 _____ () C:\Program Files (x86)\metadata 2017-04-01 18:37 - 2017-04-01 18:37 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\-vjyuqze.dll 2017-03-08 16:28 - 2017-03-08 16:28 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\1xyyh09y.dll 2017-04-11 12:17 - 2017-04-11 12:17 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\2bszby0g.dll 2017-03-22 16:06 - 2017-03-22 16:06 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\2lrzyizh.dll 2017-03-27 11:07 - 2017-03-27 11:07 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\6y9au1u8.dll 2017-03-25 14:13 - 2017-03-25 14:13 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\91tgvnhd.dll 2017-03-30 15:00 - 2017-03-30 15:00 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\ba-ql7uc.dll 2017-03-24 17:43 - 2017-03-24 17:43 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\ej8affyw.dll 2017-03-15 16:44 - 2017-03-15 16:44 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\er2dwo66.dll 2017-03-28 19:33 - 2017-03-28 19:33 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\g3pgqouw.dll 2017-03-18 11:38 - 2017-03-18 11:38 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\gdkmcjue.dll 2017-04-11 15:27 - 2017-04-11 15:27 - 3957784 _____ (Geek Unіnstaller) C:\Users\user\AppData\Local\Temp\geek64.exe 2017-03-21 16:36 - 2017-03-21 16:36 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\gqdm7zzk.dll 2017-02-25 19:20 - 2017-02-21 15:57 - 0898072 _____ (BlueStack Systems, Inc.) C:\Users\user\AppData\Local\Temp\HD-Common.dll 2017-02-25 19:20 - 2017-02-21 15:57 - 0516120 _____ (BlueStack Systems, Inc.) C:\Users\user\AppData\Local\Temp\HD-InstallerUtils.dll 2017-02-25 19:20 - 2017-02-21 15:47 - 0187416 _____ (BlueStack Systems) C:\Users\user\AppData\Local\Temp\HD-LibraryHandler.dll 2017-02-25 19:20 - 2017-02-21 15:47 - 0246808 _____ (BlueStack Systems) C:\Users\user\AppData\Local\Temp\HD-Logger-Native.dll 2017-02-25 19:20 - 2017-02-21 15:57 - 0426008 _____ (BlueStack Systems, Inc.) C:\Users\user\AppData\Local\Temp\HD-Uninstaller.exe 2017-03-09 17:42 - 2017-03-09 17:42 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\izvlsesl.dll 2017-03-28 15:21 - 2017-03-28 15:21 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\jnamcggs.dll 2017-03-16 18:43 - 2017-03-16 18:43 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\kwsifptt.dll 2017-03-16 18:43 - 2017-03-16 18:43 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\l8kibiru.dll 2017-02-25 19:11 - 2017-02-25 19:11 - 0023040 _____ () C:\Users\user\AppData\Local\Temp\LZMA.DLL 2017-03-08 15:47 - 2017-03-08 15:47 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\mfgyzeto.dll 2017-04-04 14:53 - 2017-04-04 14:53 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\ngjd6f0r.dll 2017-02-11 19:15 - 2016-12-29 15:43 - 0747464 _____ (NVIDIA Corporation) C:\Users\user\AppData\Local\Temp\nvSCPAPI.dll 2017-02-11 19:15 - 2016-12-29 15:43 - 0860776 _____ (NVIDIA Corporation) C:\Users\user\AppData\Local\Temp\nvSCPAPI64.dll 2017-03-09 19:56 - 2016-12-29 15:43 - 0351680 _____ (NVIDIA Corporation) C:\Users\user\AppData\Local\Temp\nvStInst.exe 2017-03-15 16:58 - 2017-03-15 16:58 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\p6x4sjmo.dll 2017-03-19 14:04 - 2017-03-19 14:04 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\pu2sxvxb.dll 2017-03-16 17:10 - 2017-03-16 17:10 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\r9qyacto.dll 2017-03-29 16:08 - 2017-03-29 16:08 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\t8_jgg44.dll 2017-02-25 19:11 - 2017-02-25 19:24 - 0245248 _____ (NEEMedia) C:\Users\user\AppData\Local\Temp\USkinDLL.dll 2017-03-06 16:37 - 2017-03-06 16:37 - 14456872 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\vc_redist.x86.exe 2017-04-01 10:33 - 2017-04-01 10:33 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\wsotaicm.dll 2017-03-26 12:18 - 2017-03-26 12:18 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\xgwlkfct.dll 2017-03-22 15:27 - 2017-03-22 15:27 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\z5wwvodu.dll 2017-03-21 17:30 - 2017-03-21 17:30 - 0061440 _____ () C:\Users\user\AppData\Local\Temp\zcombj77.dll Task: {2FE6D5B5-C9EE-402A-B13F-0DBD0AFD859C} - \Milimili -> No File <==== ATTENTION Task: {BE8B5D45-BD34-4247-9414-573A9567706A} - \Aniqipypharaph -> No File <==== ATTENTION Task: {C071DD59-6A6E-4F78-AC3E-E1CC2278BCA7} - \Milimili -> No File <==== ATTENTION FirewallRules: [{C3DF99EF-D8E4-43D2-B2D0-0036887DC072}] => (Allow) C:\Users\user\AppData\Local\Amigo\Application\amigo.exe FirewallRules: [{5E5908F5-DCE9-4CDB-B09A-2CC7E221AB54}] => (Allow) C:\Program Files (x86)\Antanna\Application\chrome.exe FirewallRules: [{B266C4D3-8403-454B-9443-80BC8722DC3C}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe FirewallRules: [{674B7817-D214-4864-A341-F9698816916D}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe FirewallRules: [{1EEA8785-D2B7-4BDA-9C83-191DDFD2DD83}] => (Allow) C:\Program Files (x86)\MIO\loader\kingstonxsuv400s37240g_50026b7669030f3a.dat FirewallRules: [{343316B5-22AC-4FDA-BC6F-B85F27119458}] => (Allow) C:\Program Files (x86)\MIO\loader\kingstonxsuv400s37240g_50026b7669030f3a.dat C:\Users\user\AppData\Local\Amigo C:\Program Files (x86)\Firefox C:\Program Files (x86)\MIO CMD: winmgmt /resyncperf CMD: lodctr /R CMD: winmgmt /resyncperf CMD: lodctr /R cmd: bitsadmin /reset /allusers cmd: netsh winsock reset catalog cmd: ipconfig /flushdns RemoveProxy: EmptyTemp: End ***************** Restore point was successfully created. Processes closed successfully. C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\system32\GroupPolicy\User => moved successfully C:\Users\user\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully HKU\S-1-5-21-2796335869-2349784613-4229149687-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML => key removed successfully HKU\S-1-5-21-2796335869-2349784613-4229149687-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Antanna\Application\chrome.exe <==== ATTENTION => Error: No automatic fix found for this entry. "C:\Program Files (x86)\Antanna" => not found. HKLM\System\CurrentControlSet\Services\Nipuytersary => key removed successfully Nipuytersary => service removed successfully "C:\Program Files (x86)\Ghibay" => not found. HKLM\System\CurrentControlSet\Services\dbx => key removed successfully dbx => service removed successfully C:\Users\user\AppData\Local\AdvinstAnalytics => moved successfully C:\Program Files (x86)\settings.dat => moved successfully C:\Users\Public\Documents\temp.dat => moved successfully C:\Users\Public\Documents\report.dat => moved successfully C:\Program Files (x86)\metadata => moved successfully C:\Users\user\AppData\Local\Temp\-vjyuqze.dll => moved successfully C:\Users\user\AppData\Local\Temp\1xyyh09y.dll => moved successfully C:\Users\user\AppData\Local\Temp\2bszby0g.dll => moved successfully C:\Users\user\AppData\Local\Temp\2lrzyizh.dll => moved successfully C:\Users\user\AppData\Local\Temp\6y9au1u8.dll => moved successfully C:\Users\user\AppData\Local\Temp\91tgvnhd.dll => moved successfully C:\Users\user\AppData\Local\Temp\ba-ql7uc.dll => moved successfully C:\Users\user\AppData\Local\Temp\ej8affyw.dll => moved successfully C:\Users\user\AppData\Local\Temp\er2dwo66.dll => moved successfully C:\Users\user\AppData\Local\Temp\g3pgqouw.dll => moved successfully C:\Users\user\AppData\Local\Temp\gdkmcjue.dll => moved successfully C:\Users\user\AppData\Local\Temp\geek64.exe => moved successfully C:\Users\user\AppData\Local\Temp\gqdm7zzk.dll => moved successfully C:\Users\user\AppData\Local\Temp\HD-Common.dll => moved successfully C:\Users\user\AppData\Local\Temp\HD-InstallerUtils.dll => moved successfully C:\Users\user\AppData\Local\Temp\HD-LibraryHandler.dll => moved successfully C:\Users\user\AppData\Local\Temp\HD-Logger-Native.dll => moved successfully C:\Users\user\AppData\Local\Temp\HD-Uninstaller.exe => moved successfully C:\Users\user\AppData\Local\Temp\izvlsesl.dll => moved successfully C:\Users\user\AppData\Local\Temp\jnamcggs.dll => moved successfully C:\Users\user\AppData\Local\Temp\kwsifptt.dll => moved successfully C:\Users\user\AppData\Local\Temp\l8kibiru.dll => moved successfully C:\Users\user\AppData\Local\Temp\LZMA.DLL => moved successfully C:\Users\user\AppData\Local\Temp\mfgyzeto.dll => moved successfully C:\Users\user\AppData\Local\Temp\ngjd6f0r.dll => moved successfully C:\Users\user\AppData\Local\Temp\nvSCPAPI.dll => moved successfully C:\Users\user\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully C:\Users\user\AppData\Local\Temp\nvStInst.exe => moved successfully C:\Users\user\AppData\Local\Temp\p6x4sjmo.dll => moved successfully C:\Users\user\AppData\Local\Temp\pu2sxvxb.dll => moved successfully C:\Users\user\AppData\Local\Temp\r9qyacto.dll => moved successfully C:\Users\user\AppData\Local\Temp\t8_jgg44.dll => moved successfully C:\Users\user\AppData\Local\Temp\USkinDLL.dll => moved successfully C:\Users\user\AppData\Local\Temp\vc_redist.x86.exe => moved successfully C:\Users\user\AppData\Local\Temp\wsotaicm.dll => moved successfully C:\Users\user\AppData\Local\Temp\xgwlkfct.dll => moved successfully C:\Users\user\AppData\Local\Temp\z5wwvodu.dll => moved successfully C:\Users\user\AppData\Local\Temp\zcombj77.dll => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FE6D5B5-C9EE-402A-B13F-0DBD0AFD859C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FE6D5B5-C9EE-402A-B13F-0DBD0AFD859C} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Milimili => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE8B5D45-BD34-4247-9414-573A9567706A} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE8B5D45-BD34-4247-9414-573A9567706A} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Aniqipypharaph => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C071DD59-6A6E-4F78-AC3E-E1CC2278BCA7} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C071DD59-6A6E-4F78-AC3E-E1CC2278BCA7} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Milimili => key not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3DF99EF-D8E4-43D2-B2D0-0036887DC072} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E5908F5-DCE9-4CDB-B09A-2CC7E221AB54} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B266C4D3-8403-454B-9443-80BC8722DC3C} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{674B7817-D214-4864-A341-F9698816916D} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1EEA8785-D2B7-4BDA-9C83-191DDFD2DD83} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{343316B5-22AC-4FDA-BC6F-B85F27119458} => value removed successfully "C:\Users\user\AppData\Local\Amigo" => not found. "C:\Program Files (x86)\Firefox" => not found. "C:\Program Files (x86)\MIO" => not found. ========= winmgmt /resyncperf ========= ========= End of CMD: ========= ========= lodctr /R ========= Error: Unable to rebuild performance counter setting from system backup store, error code is 2 ========= End of CMD: ========= ========= winmgmt /resyncperf ========= ========= End of CMD: ========= ========= lodctr /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {D8011157-9FB3-4531-9FD1-92678A2B9D5C} canceled. 1 out of 1 jobs canceled. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-2796335869-2349784613-4229149687-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-2796335869-2349784613-4229149687-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= =========== EmptyTemp: ========== BITS transfer queue => 32768 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 306691547 B Java, Flash, Steam htmlcache => 117394807 B Windows/system/drivers => 67785498 B Edge => 102071568 B Chrome => 2072483735 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 6 B systemprofile32 => 18491008 B LocalService => 3270 B NetworkService => 224050 B user => 346600282 B RecycleBin => 0 B EmptyTemp: => 2.8 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 23:22:33 ====
  12. Wrath

    Вирус - mio.exe

    След сканирането с AdwCleaner появилите се лог файлове са S0 i C0 ето това е съдържанието на C0 : # AdwCleaner v6.045 - Logfile created 11/04/2017 at 23:40:14 # Updated on 28/03/2017 by Malwarebytes # Database : 2017-04-11.1 [Server] # Operating System : Windows 10 Enterprise (X64) # Username : user - WRATH # Running from : D:\ChromeDownloads\adwcleaner_6.045.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\users\user\AppData\Local\Поиcк в Интeрнете [-] Folder deleted: C:\Program Files (x86)\reports ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** [-] Task deleted: Milimili ***** [ Registry ] ***** [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARER [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARER [-] Key deleted: HKU\.DEFAULT\Software\b`nl{y [-] Key deleted: HKU\S-1-5-21-2796335869-2349784613-4229149687-1001\Software\PC [-] Key deleted: HKU\S-1-5-21-2796335869-2349784613-4229149687-1001\Software\Event Monitor [-] Key deleted: HKU\S-1-5-21-2796335869-2349784613-4229149687-1001\Software\Xpom [-] Key deleted: HKU\S-1-5-21-2796335869-2349784613-4229149687-1001\Software\deskapp [-] Key deleted: HKU\S-1-5-21-2796335869-2349784613-4229149687-1001\Software\AppDataLow\Software\Mail.Ru [#] Key deleted on reboot: HKU\S-1-5-18\Software\b`nl{y [#] Key deleted on reboot: HKCU\Software\PC [#] Key deleted on reboot: HKCU\Software\Event Monitor [#] Key deleted on reboot: HKCU\Software\Xpom [#] Key deleted on reboot: HKCU\Software\deskapp [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Mail.Ru [-] Key deleted: HKLM\SOFTWARE\PC [-] Key deleted: HKLM\SOFTWARE\Event Monitor [-] Key deleted: HKLM\SOFTWARE\ScreenShot [-] Key deleted: HKLM\SOFTWARE\b`nl{y [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D} [#] Key deleted on reboot: [x64] HKCU\Software\PC [#] Key deleted on reboot: [x64] HKCU\Software\Event Monitor [#] Key deleted on reboot: [x64] HKCU\Software\Xpom [#] Key deleted on reboot: [x64] HKCU\Software\deskapp [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Mail.Ru [-] Key deleted: [x64] HKLM\SOFTWARE\b`nl{y [-] Key deleted: [x64] HKLM\SOFTWARE\InterSect Alliance [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc] ***** [ Web browsers ] ***** [-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [2871 Bytes] - [11/04/2017 23:40:14] C:\AdwCleaner\AdwCleaner[S0].txt - [2864 Bytes] - [11/04/2017 23:37:52] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3017 Bytes] ##########
  13. Wrath

    Вирус - mio.exe

    Дообре
  14. Компютъра ми се държи много странно.. изключва се антивирусната на windowsa , след това автоматично се спира chrome и се инсталира някакъв фалшив.. Addition.txt FRST.txt
  15. Fix result of Farbar Recovery Scan Tool (x64) Version:05-06-2016 02 Ran by Alan (2016-06-06 19:48:25) Run:2 Running from C:\Users\Alan\Desktop Loaded Profiles: Alan (Available Profiles: Alan) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: C:\ProgramData\simplitec DeleteKey: HKEY_USERS\S-1-5-21-1352778182-863649867-920629562-1001\SOFTWARE\CONDUIT DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SIMPLITEC DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFCTRL.ANIGIF DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFCTRL.ANIGIF DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG.1 DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG.1 DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2 DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2 DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2.1 DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2.1 DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81} DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81} end ***************** Restore point was successfully created. Processes closed successfully. C:\ProgramData\simplitec => moved successfully HKEY_USERS\S-1-5-21-1352778182-863649867-920629562-1001\SOFTWARE\CONDUIT => could not remove at first attempt (ErrorCode: C0000121), see next line. HKEY_USERS\S-1-5-21-1352778182-863649867-920629562-1001\SOFTWARE\CONDUIT => key removed successfully HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SIMPLITEC => could not remove at first attempt (ErrorCode: C0000121), see next line. HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SIMPLITEC => key removed successfully HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFCTRL.ANIGIF => could not remove at first attempt (ErrorCode: C0000121), see next line. HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFCTRL.ANIGIF => key removed successfully HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFCTRL.ANIGIF => key not found. HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG => could not remove at first attempt (ErrorCode: C0000121), see next line. HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG => key removed successfully HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG => key not found. HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG.1 => could not remove at first attempt (ErrorCode: C0000121), see next line. HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG.1 => key removed successfully HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG.1 => key not found. HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2 => could not remove at first attempt (ErrorCode: C0000121), see next line. HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2 => key removed successfully HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2 => key not found. HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2.1 => could not remove at first attempt (ErrorCode: C0000121), see next line. HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2.1 => key removed successfully HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2.1 => key not found. HKLM\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81} => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81} => key removed successfully HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81} => key not found. The system needed a reboot. ==== End of Fixlog 19:53:37 ==== Всичко изглежда напълно наред. Благодаря Ви много !!!!
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.