Премини към съдържанието

geizer7

Потребител
  • Публикации

    16
  • Регистрация

  • Последно онлайн

Харесвания

0 Неутрална репутация

Всичко за geizer7

  • Титла
    Потребител
  1. Първо искам да се извиня че няколко дена не бях на линия, но бях затрупана с работа. Относно проблема с компютъра отново трябва да се извиня , но си позволих на своя глава да сканирам с разни програми и се получи такова мазало с администраторските ми права, че не ми издържаха нервите и накрая форматирах всичко. Та от днеска си имам чистак ново копие на windows на което също успях да си лепна чистак новички гадинки , мноооооого съм способна в това отношение. Благодаря ви много за отделеното време и за положените усилия. Темата ми беше изключително полезна, както и програмите които ми препоръчахте. С тяхна помощ успях да се справя успешно с новите гадинки. Та може да считате проблема за приключен и да закриете темата.
  2. Няма оправия тази напаст. Вече съвсем се отчаях
  3. Съвсем случайно намерих GoogleUpdateHelper за който говорехме преди няколко дена. Странно е че търсачката не го открива, нито пък в списъка със инсталираните програми е наличен. Файлът се намира в C:\Program Files (x86)\Google\Update \1.3.24.15 . GoogleUpdateHelper.msi - тип пакет за инсталиране на windows. Ще бъде ли проблем ако изтрия цялата папка за по сигурно? И защо търсачката не го открива файла ? Качвам и снимка на съдържанието на папката.
  4. В началото успях да изтегля един филм, без да се отвори нито една реклама, но като стигнах до субтитрите, пак се започна. При всеки клик на мишката по един нов прозорец. Не знам какъв е този вирус, но явно непрекъснато се възпроизвежда
  5. Забелязах че намерените файлове са поставени под карантина, след което има опция да бъдат изтрити оттам. Трябва ли да ги изтрия, или да ги оставя така ? ESETScan2.txt
  6. C:\AdwCleaner\Quarantine\C\Program Files (x86)\EnJooyCCoupOoN\YQwuQCBBAwAyon.x64.dll.vir a variant of Win64/Adware.MultiPlug.G application C:\AdwCleaner\Quarantine\C\Program Files (x86)\mozilla firefox\dbghelp.dll.vir a variant of Win32/Adware.MultiPlug.IY application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SSaloePlues\Qu8xaGBTptX9YF.x64.dll.vir a variant of Win64/Adware.MultiPlug.G application C:\AdwCleaner\Quarantine\C\Program Files (x86)\uanisallees\AmsWJ0bVddraTu.x64.dll.vir a variant of Win64/Adware.MultiPlug.I application C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutUbeAdBlocke\JLVvAwM2UwwNw5.x64.dll.vir a variant of Win64/Adware.MultiPlug.I application C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Chromatic Browser\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js.vir JS/Kryptik.ATB trojan C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Local\torch\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js.vir JS/Adware.MultiPlug.B application C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Roaming\OpenCandy\6F0368E0ADC24DBB93EF22573D595C24\dm317c.exe.vir a variant of Win32/OpenCandy.A potentially unsafe application C:\AdwCleaner\Quarantine\C\Users\Катето\AppData\Roaming\webssearches\UninstallManager.exe.vir a variant of Win32/ELEX.CP potentially unwanted application C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js JS/Kryptik.ATB trojan C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js JS/Kryptik.ATB trojan C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js JS/Adware.MultiPlug.B application C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js JS/Kryptik.ATB trojan C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js JS/Kryptik.ATB trojan C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js JS/Adware.MultiPlug.B application C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js JS/Kryptik.ATB trojan C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js JS/Kryptik.ATB trojan C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js JS/Adware.MultiPlug.B application C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js JS/Kryptik.ATB trojan C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js JS/Kryptik.ATB trojan C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js JS/Adware.MultiPlug.B application C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js JS/Kryptik.ATB trojan C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js JS/Adware.MultiPlug.B application C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js JS/Adware.MultiPlug.B application C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js JS/Kryptik.ATB trojan C:\Users\Катето\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js JS/Adware.MultiPlug.B application C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ceflikpoblganbbhicdocmnoihfnenke\1.0\lsdb.js JS/Kryptik.ATB trojan C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\content.js JS/Adware.MultiPlug.B application C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejedahgfenghofoccmflgmddeaciifgm\1.0\lsdb.js JS/Adware.MultiPlug.B application C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jgbpngphlajpmloppcchedbchkbmbchc\1.0\lsdb.js JS/Kryptik.ATB trojan C:\Users\Катето\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\objealhbgcnigbohndfncpilfffijhhl\1.0\lsdb.js JS/Adware.MultiPlug.B application C:\Users\Катето\AppData\Roaming\rmi\KMPlayer_v3.8.0.117.exe Win32/OpenCandy potentially unsafe application C:\Users\Катето\AppData\Roaming\uTorrent\updates\3.4.1_30768.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application C:\Users\Катето\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe a variant of Win32/OpenCandy.C potentially unsafe application C:\Users\Катето\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe a variant of Win32/OpenCandy.C potentially unsafe application C:\Windows\Installer\MSI5564.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
  7. Единственото което открих за програмата Google Update Helper е че е упомената в един текстов документ който съм прикачила. Може би е била изтрита от някой от скенерите или от антивирусната , незнам, но никъде не я откривам. Прикачвам и файла от FRST64 Add-Remove Programs.txt Fixlog.txt
  8. Eто и резултатите... FRST.txt Addition.txt
  9. Позволих си да сканирам с adwcleaner още 2 пъти веднага един след друг, и в двата резултата ми намира C:\Users\Катето\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://websearch.coolsearches.info/?pid=21735&r=2015/03/31&hid=8210722968839278389&lg=EN&cc=GR&unqvl=85. Това означава ли че не може да го почисти? Уж след рестарта трябва да е изтрито, а него пак го има. Или аз съм в грешка? За съжаление познанията ми са колкото на обикновен потребител AdwCleanerR16.txt AdwCleanerR17.txt AdwCleanerR18.txt
  10. Със adwcleaner и преди бях сканирала, затова номера на лог файла е 15. AdwCleanerS15.txt JRT.txt
  11. Забелязах че след сканирането във дял С се появиха нови папки, които преди не бяха видими, като папката програм дата например, въпреки че бях настроила да ми се показват и скритите файлове и папки. ComboFix 15-06-27.01 - Катето 06.2015 г. 11:36:39.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1033.18.3819.2849 [GMT 3:00] Running from: c:\users\¦рЄхЄю\Desktop\ComboFix.exe AV: Norton Security *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB} FW: Norton Security *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0} SP: Norton Security *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk c:\programdata\ntuser.pol c:\windows\msdownld.tmp c:\windows\PFRO.log c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2015-05-28 to 2015-06-28 ))))))))))))))))))))))))))))))) . . 2015-06-28 08:50 . 2015-06-28 08:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-06-26 17:11 . 2015-06-26 19:28 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-06-26 17:10 . 2015-04-14 06:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-06-26 17:10 . 2015-04-14 06:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-06-26 17:10 . 2015-04-14 06:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-06-26 17:10 . 2015-06-26 17:10 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2015-06-26 17:10 . 2015-06-26 17:10 -------- d-----w- c:\programdata\Malwarebytes 2015-06-26 09:11 . 2015-06-26 09:11 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2015-06-26 08:48 . 2015-06-26 08:48 102616 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2015-06-26 08:48 . 2015-06-26 08:48 -------- d-----w- c:\program files\Common Files\Symantec Shared 2015-06-26 08:44 . 2015-06-26 08:44 -------- d-----w- c:\windows\system32\drivers\NSx64 2015-06-26 08:44 . 2015-06-26 08:44 -------- d-----w- c:\program files (x86)\Norton Security 2015-06-26 08:43 . 2015-06-26 08:43 -------- d-----w- c:\program files (x86)\NortonInstaller 2015-06-26 08:42 . 2015-06-26 09:00 -------- d-----w- c:\programdata\Norton 2015-06-25 15:50 . 2015-06-25 15:50 -------- d-----w- C:\Rbackup 2015-06-25 15:47 . 2015-06-25 15:50 -------- d-----w- c:\program files\Perfect Uninstaller 2015-06-25 15:33 . 2015-06-25 15:33 -------- d-----w- c:\users\Катето\AppData\Roaming\ChemTable Software 2015-06-25 15:32 . 2015-06-25 15:32 -------- d-----w- c:\program files (x86)\Full Uninstall 2015-06-25 15:32 . 2015-06-25 15:32 -------- d-----w- c:\users\Катето\AppData\Local\ChemTable Software 2015-06-25 08:08 . 2015-06-26 08:26 -------- d-----w- c:\programdata\F-Secure 2015-06-25 08:08 . 2015-06-26 08:25 -------- d-----w- c:\users\Катето\AppData\Local\F-Secure 2015-06-25 07:50 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5BB419D-E924-45FF-B2BA-DA0E6349A227}\mpengine.dll 2015-06-24 15:27 . 2015-06-25 17:11 -------- d-----w- C:\FRST 2015-06-24 14:14 . 2015-06-24 14:14 -------- d-----w- C:\RegBackup 2015-06-24 13:04 . 2010-05-13 15:34 14232 ----a-w- c:\windows\SysWow64\sh4native.exe 2015-06-24 11:20 . 2015-06-24 11:20 32152 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2015-06-24 07:44 . 2015-06-24 07:44 110080 ----a-r- c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe 2015-06-24 07:44 . 2015-06-24 07:44 110080 ----a-r- c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe 2015-06-24 07:44 . 2015-06-24 07:44 110080 ----a-r- c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe 2015-06-24 07:44 . 2015-06-24 07:44 -------- d-----w- C:\sh4ldr 2015-06-20 07:13 . 2015-06-24 09:27 -------- d-----w- c:\program files\HitmanPro 2015-06-19 19:10 . 2015-06-20 07:32 -------- d-----w- c:\programdata\HitmanPro 2015-06-17 11:32 . 2015-06-17 11:32 -------- d-----w- c:\users\Катето\AppData\Roaming\InfraRecorder 2015-06-16 20:06 . 2015-06-26 08:04 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2015-06-16 16:51 . 2015-06-16 16:51 -------- d-----w- c:\program files\InfraRecorder 2015-06-11 06:46 . 2015-04-24 18:17 633856 ----a-w- c:\windows\system32\comctl32.dll 2015-06-11 06:46 . 2015-04-24 17:56 530432 ----a-w- c:\windows\SysWow64\comctl32.dll 2015-06-11 06:46 . 2015-05-25 17:08 3206144 ----a-w- c:\windows\system32\win32k.sys 2015-06-11 06:46 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys 2015-06-05 14:56 . 2015-05-22 18:18 1021440 ----a-w- c:\windows\system32\appraiser.dll 2015-06-05 14:56 . 2015-05-22 18:18 700416 ----a-w- c:\windows\system32\generaltel.dll 2015-06-05 14:56 . 2015-05-22 18:18 757248 ----a-w- c:\windows\system32\invagent.dll 2015-06-05 14:56 . 2015-05-22 18:18 423424 ----a-w- c:\windows\system32\devinv.dll 2015-06-05 14:56 . 2015-05-22 18:18 45568 ----a-w- c:\windows\system32\acmigration.dll 2015-06-05 14:56 . 2015-05-22 18:13 1119232 ----a-w- c:\windows\system32\aeinv.dll 2015-06-05 14:56 . 2015-05-21 13:19 193536 ----a-w- c:\windows\system32\aepic.dll 2015-06-05 14:56 . 2015-05-22 18:18 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-06-03 12:22 . 2015-06-03 12:22 -------- d-----w- c:\users\Катето\AppData\Local\GWX . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-06-24 07:44 . 2015-06-24 07:44 110080 ----a-r- c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe 2015-06-24 07:44 . 2015-06-24 07:44 110080 ----a-r- c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe 2015-06-24 07:44 . 2015-06-24 07:44 110080 ----a-r- c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe 2015-06-24 07:44 . 2015-06-24 07:44 110080 ----a-r- c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe 2015-06-24 07:44 . 2015-06-24 07:44 110080 ----a-r- c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe 2015-06-24 07:44 . 2015-06-24 07:44 110080 ----a-r- c:\users\Катето\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe 2015-06-23 21:23 . 2014-04-09 06:07 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-06-23 21:23 . 2014-04-09 06:07 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-06-12 00:03 . 2014-04-09 04:47 140135120 ----a-w- c:\windows\system32\MRT.exe 2015-05-25 18:01 . 2015-06-11 06:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-05-01 13:17 . 2015-05-14 00:02 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-01 13:16 . 2015-05-14 00:02 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2015-04-20 03:17 . 2015-05-13 06:35 1647104 ----a-w- c:\windows\system32\DWrite.dll 2015-04-20 03:17 . 2015-05-13 06:35 1179136 ----a-w- c:\windows\system32\FntCache.dll 2015-04-20 02:56 . 2015-05-13 06:35 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll 2015-04-18 03:10 . 2015-05-13 06:37 460800 ----a-w- c:\windows\system32\certcli.dll 2015-04-18 02:56 . 2015-05-13 06:37 342016 ----a-w- c:\windows\SysWow64\certcli.dll 2015-04-13 03:28 . 2015-05-13 06:36 328704 ----a-w- c:\windows\system32\services.exe 2015-04-08 03:29 . 2015-05-13 06:35 275456 ----a-w- c:\windows\system32\InkEd.dll 2015-04-08 03:29 . 2015-05-13 06:35 24576 ----a-w- c:\windows\system32\jnwmon.dll 2015-04-08 03:14 . 2015-05-13 06:35 216064 ----a-w- c:\windows\SysWow64\InkEd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CONNMGRTRAY"="c:\program files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe" [2011-03-03 363112] "uTorrent"="c:\users\Катето\AppData\Roaming\uTorrent\uTorrent.exe" [2015-05-06 1694560] "DAEMON Tools Ultra Agent"="c:\program files (x86)\DAEMON Tools Ultra\DTAgent.exe" [2014-04-28 3198224] "NETGATERegistryCleaner"="c:\program files\NETGATE\Registry Cleaner\RegistryCleaner.exe" [2013-07-11 2303824] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-06-02 28785280] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;tsusbhub [x] S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\NSx64\1605000.07C\SYMEFASI64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1605000.07C\SYMEFASI64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150625.001\BHDrvx64.sys;c:\program files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150625.001\BHDrvx64.sys [x] S1 ccSet_NS;NS Settings Manager;c:\windows\system32\drivers\NSx64\1605000.07C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSx64\1605000.07C\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150626.001\IDSvia64.sys;c:\program files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150626.001\IDSvia64.sys [x] S1 PFolder;PFolder;c:\windows\System32\Drivers\PFolder64.sys;c:\windows\SYSNATIVE\Drivers\PFolder64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NSx64\1605000.07C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1605000.07C\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NSx64\1605000.07C\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1605000.07C\SYMNETS.SYS [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S2 NGRegClnSrv;NETGATE Registry Cleaner Service;c:\program files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe;c:\program files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe [x] S2 NS;Norton Security;c:\program files (x86)\Norton Security\Engine\22.5.0.124\NS.exe;c:\program files (x86)\Norton Security\Engine\22.5.0.124\NS.exe [x] S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x] S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMPROTECTOR . Contents of the 'Scheduled Tasks' folder . 2015-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-09 21:23] . . --------- X64 Entries ----------- . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.google.com mDefault_Page_URL = about:blank mDefault_Search_URL = hxxp://www.google.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Катето\AppData\Roaming\Mozilla\Firefox\Profiles\ufhrkess.default-1403927861999\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.bg/ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-PrivateFolder - c:\program files (x86)\PrivateFolder\PF_Pass.exe Wow6432Node-HKLM-Run-Andy - c:\program files\Andy\HandyAndy.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NS] "ImagePath"="\"c:\program files (x86)\Norton Security\Engine\22.5.0.124\NS.exe\" /s \"NS\" /m \"c:\program files (x86)\Norton Security\Engine\22.5.0.124\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\system32\drivers\NSx64\1605000.07C\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton Security\Engine\22.5.0.124;c:\program files (x86)\Norton Security\Engine64\22.5.0.124" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-06-28 11:55:52 ComboFix-quarantined-files.txt 2015-06-28 08:55 . Pre-Run: 124 812 935 168 bytes free Post-Run: 124 626 305 024 bytes free . - - End Of File - - 5EA533D2B6C24A6FDC9B7CB6D9F1C48E A36C5E4F47E84449FF07ED3517B43A31
  12. Malwarebytes Anti-Malware не откри никакви заплахи , но за съжаление проблема си остава. mbam-log-2015-06-26 (20-15-28).xml
  13. Понеже днеска си нямах друга работа, надявам се само да не съм сгрешила, успях да изтрия под сейфмод инсталационната папка на Private Folder Packages, след което изпълних стъпка 2 и 3 и ви прикачвам лог файловете Malwarebytes Anti-Malware.txt Fixlog.txt
  14. Какво да правя? Да премина ли към стъпка 2 или да се опитам да изтрия ръчно каквото мога от програмата
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.