Премини към съдържанието

Mariana Racheva

Потребител
  • Публикации

    6
  • Регистрация

  • Последно онлайн

Харесвания

9 Неутрална репутация

Всичко за Mariana Racheva

  • Титла
    Новобранец

Информация

  • Пол
    Жена
  1. Mariana Racheva

    Istartsurf... нежелана и досадна придобивка

    Здравейте! Благодаря Ви отново за търпението и времето, което ми отделихте! Един прекрасен, пъстър и усмихнат ден Ви пожелавам! Бъдете здрав и благословен с безброй добрини! С признателност, Мариана Рачева
  2. Mariana Racheva

    Istartsurf... нежелана и досадна придобивка

    Привет, отново! Прикачените файлове са резултата от тези стъпки. Надявам се да не съм объркала пак нещо... Благодаря Ви за търпението! checkup.txt Fixlog.txt
  3. Mariana Racheva

    Istartsurf... нежелана и досадна придобивка

    Здравейте! Ето това е информацията от стъпка 4: HitmanPro 3.7.9.225 www.hitmanpro.com Computer name . . . . : MARIANA-PC Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : Mariana-PC\Mariana UAC . . . . . . . . . : Disabled License . . . . . . . : Free Scan date . . . . . . : 2014-09-27 18:51:52 Scan mode . . . . . . : Normal Scan duration . . . . : 5m 6s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 3 Traces . . . . . . . : 41 Objects scanned . . . : 1 870 113 Files scanned . . . . : 82 296 Remnants scanned . . : 273 626 files / 1 514 191 keys Malware _____________________________________________________________________ C:\FRST\Quarantine\C\Program Files (x86)\Reimageplus.com\reiextsetup.exe Size . . . . . . . : 12 767 584 bytes Age . . . . . . . : 1.9 days (2014-09-25 21:42:24) Entropy . . . . . : 8.0 SHA-256 . . . . . : 863F6A32B31488E289146E1FC3B381A16CECC56444D97FFF8E7F2CBCC9DCA2A4 Product . . . . . : Description . . . : Snusikrfoygyxm Version . . . . . : 15.13.0.5 RSA Key Size . . . : 2048 LanguageID . . . . : 1033 Authenticode . . . : Valid > Kaspersky . . . . : not-a-virus:AdWare.NSIS.Adwapper.bf Fuzzy . . . . . . : 101.0 Forensic Cluster -5.1s C:\FRST\Quarantine\C\Program Files (x86)\Reimageplus.com\ -5.1s C:\FRST\Quarantine\C\Program Files (x86)\Reimageplus.com\ReimageRepair.exe 0.0s C:\FRST\Quarantine\C\Program Files (x86)\Reimageplus.com\reiextsetup.exe 0.1s C:\FRST\Quarantine\C\Windows\Reimage.ini.xBAD C:\FRST\Quarantine\C\ProgramData\IePluginServices\PluginService.exe Size . . . . . . . : 715 656 bytes Age . . . . . . . : 1.9 days (2014-09-25 21:24:41) Entropy . . . . . : 5.7 SHA-256 . . . . . : 837CFA0DD4F810CFB012079D2460A43413A7F7F651F141784D32066CACF9CB2B Product . . . . . : IePlugin control Publisher . . . . : Cherished Technololgy LIMITED Description . . . : IePlugin Service Version . . . . . : 13.27.0.746 RSA Key Size . . . : 2048 LanguageID . . . . : 9 Authenticode . . . : Valid > Bitdefender . . . : Adware.Agent.OKO > Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.eqwa Fuzzy . . . . . . : 95.0 Forensic Cluster -10.2s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\ -6.8s C:\FRST\Quarantine\C\ProgramData\WindowsMangerProtect\ -6.0s C:\FRST\Quarantine\C\ProgramData\WindowsMangerProtect\log\ -5.9s C:\FRST\Quarantine\C\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-25[21-24-35-533].log -5.8s C:\FRST\Quarantine\C\ProgramData\WindowsMangerProtect\update\ -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\skin\ -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\skin\btn.png -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\skin\close.png -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\skin\main.xml -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\ -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\data.html -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\img\ -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\img\google_trends.png -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\img\icon128.png -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\img\icon16.png -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\img\icon48.png -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\img\loading.gif -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\img\logo32.ico -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\indexIE.html -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\indexIE8.html -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\js\ -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\js\common.js -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\js\ga.js -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js -3.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\js\js.js -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\js\library.js -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\js\xagainit-ie8.js -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\js\xagainit2.0.js -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\main.css -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\ver.txt -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\en-US\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\en-US\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\es-419\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\es-419\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\es-ES\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\fr-BE\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\fr-CA\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\fr-CH\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\fr-FR\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\fr-LU\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\it-CH\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\it-IT\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\pl\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\pl\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\pt\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\pt\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\pt-BR\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\ru\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\ru\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\ru-MO\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\tr-TR\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\vi-VI\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\zh-CN\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\zh-TW\ -3.4s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json -2.0s C:\FRST\Quarantine\C\ProgramData\IePluginServices\ -1.5s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\install.data -0.0s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\ient.json 0.0s C:\FRST\Quarantine\C\ProgramData\IePluginServices\PluginService.exe 0.8s C:\FRST\Quarantine\C\ProgramData\IePluginServices\update\ 0.9s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\skin\bk_shadow.png 0.9s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\skin\main.xml.bak 0.9s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\skin\image\ 0.9s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\skin\image\ck_box.png 0.9s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\skin\image\ck_check.png 0.9s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\skin\image\radio_bk.png 0.9s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\skin\image\radio_check.png 0.9s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe 0.9s C:\FRST\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe 22.4s C:\FRST\Quarantine\C\Users\Mariana\AppData\Local\globalUpdate\CrashReports\ 22.4s C:\FRST\Quarantine\C\Users\Mariana\AppData\Local\globalUpdate\ 22.4s C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\CrashReports\ 22.4s C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\ 23.3s C:\Windows\Prefetch\GOOGLEUPDATE.EXE-87A539F8.pf Suspicious files ____________________________________________________________ C:\Users\Mariana\Desktop\KALDATA\!! Kaldata\FRST64.exe Size . . . . . . . : 2 108 928 bytes Age . . . . . . . : 1.2 days (2014-09-26 14:20:51) Entropy . . . . . : 7.5 SHA-256 . . . . . : AB0E01BD8C09B75A15C3B691974641B38B3D50F0C663FE34E9078E64FA0E35CE Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References HKU\S-1-5-21-237922284-3637321266-3144964717-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Mariana\Desktop\KALDATA\!! Kaldata\FRST64.exe Malware remnants ____________________________________________________________ HKLM\SOFTWARE\Classes\Interface\{EFC32678-546B-4367-8B25-B40BF45CC1A3}\ (BuenoSearch) Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF\ (YTDownloader) HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1\ (YTDownloader) HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg\ (YTDownloader) HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1\ (YTDownloader) HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2\ (YTDownloader) HKLM\SOFTWARE\Classes\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ (YTDownloader) HKLM\SOFTWARE\Classes\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ (YTDownloader) HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\ (YTDownloader) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}\ (YTDownloader) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}\ (YTDownloader) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\ (YTDownloader) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ (YTDownloader) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ (YTDownloader) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\ (YTDownloader) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent) HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey) HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey) HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey) Cookies _____________________________________________________________________ C:\Users\Mariana\AppData\Roaming\Mozilla\Firefox\Profiles\s7gzuyja.default\cookies.sqlite:ad.360yield.com C:\Users\Mariana\AppData\Roaming\Mozilla\Firefox\Profiles\s7gzuyja.default\cookies.sqlite:ad.sbb.bg C:\Users\Mariana\AppData\Roaming\Mozilla\Firefox\Profiles\s7gzuyja.default\cookies.sqlite:ads.betweendigital.com C:\Users\Mariana\AppData\Roaming\Mozilla\Firefox\Profiles\s7gzuyja.default\cookies.sqlite:ads.elmaz.com C:\Users\Mariana\AppData\Roaming\Mozilla\Firefox\Profiles\s7gzuyja.default\cookies.sqlite:ads.kaldata.com C:\Users\Mariana\AppData\Roaming\Mozilla\Firefox\Profiles\s7gzuyja.default\cookies.sqlite:ads.stickyadstv.com C:\Users\Mariana\AppData\Roaming\Mozilla\Firefox\Profiles\s7gzuyja.default\cookies.sqlite:ads.yahoo.com C:\Users\Mariana\AppData\Roaming\Mozilla\Firefox\Profiles\s7gzuyja.default\cookies.sqlite:adtech.de C:\Users\Mariana\AppData\Roaming\Mozilla\Firefox\Profiles\s7gzuyja.default\cookies.sqlite:ru4.com C:\Users\Mariana\AppData\Roaming\Mozilla\Firefox\Profiles\s7gzuyja.default\cookies.sqlite:smartadserver.com C:\Users\Mariana\AppData\Roaming\Mozilla\Firefox\Profiles\s7gzuyja.default\cookies.sqlite:track.hubrus.com C:\Users\Mariana\AppData\Roaming\Mozilla\Firefox\Profiles\s7gzuyja.default\cookies.sqlite:www.googleadservices.com C:\Users\Mariana\AppData\Roaming\Mozilla\Firefox\Profiles\s7gzuyja.default\cookies.sqlite:yadro.ru Извинете, моля. Сега ще оправя Avast, а за папките, които бяха в облака на mail.ru. не се притеснявам. Yandex.disk си работи. Нужно ли е още нещо да направя? Благодаря Ви!
  4. Mariana Racheva

    Istartsurf... нежелана и досадна придобивка

    Здравейте! Толкова подробно и така добре ми описахте какво да направя, че се надявам да не съм се изложила. Сърдечно Ви благодаря за времето, което сте отделили за да опишете стъпка по стъпка всяко действие. С прикачени файлове Ви изпращам информацията от дневниците на стъпки 1 и 2 , а от 3 и 4 помествам тук. Ура, ура и пак благодаря, че ме отървахте от този досадник istartsurf (изхвърлихте го от Mozilla Firefox и Google Chrome) и от безброй невидими за мен гадинки. Оставам на разположение за по-нататъшни инструкции... Стъпка 3: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 27.9.2014 г. Scan Time: 18:28:35 ч. Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.09.27.06 Rootkit Database: v2014.09.19.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Mariana Scan Type: Threat Scan Result: Completed Objects Scanned: 305253 Time Elapsed: 11 min, 23 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 4 PUP.Optional.DefaultTab.A, HKU\S-1-5-21-237922284-3637321266-3144964717-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [e4a1509fb8c3d26405c90a8c09f915eb], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, Quarantined, [087d1dd20c6f3105eaa3b5c48a7aea16], PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HD01-V2.1V25.09, Quarantined, [aed7747b6813979f93f4b952996a17e9], PUP.Optional.FastStart.A, HKU\S-1-5-21-237922284-3637321266-3144964717-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [4a3bf1fe43381125181642cc51b2817f], Registry Values: 1 PUP.Optional.FastStart.A, HKU\S-1-5-21-237922284-3637321266-3144964717-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [4a3bf1fe43381125181642cc51b2817f] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Стъпка 4: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 27.9.2014 г. Scan Time: 18:28:35 ч. Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.09.27.06 Rootkit Database: v2014.09.19.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Mariana Scan Type: Threat Scan Result: Completed Objects Scanned: 305253 Time Elapsed: 11 min, 23 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 4 PUP.Optional.DefaultTab.A, HKU\S-1-5-21-237922284-3637321266-3144964717-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [e4a1509fb8c3d26405c90a8c09f915eb], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, Quarantined, [087d1dd20c6f3105eaa3b5c48a7aea16], PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HD01-V2.1V25.09, Quarantined, [aed7747b6813979f93f4b952996a17e9], PUP.Optional.FastStart.A, HKU\S-1-5-21-237922284-3637321266-3144964717-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [4a3bf1fe43381125181642cc51b2817f], Registry Values: 1 PUP.Optional.FastStart.A, HKU\S-1-5-21-237922284-3637321266-3144964717-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [4a3bf1fe43381125181642cc51b2817f] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) AdwCleanerS0.txt JRT.txt
  5. Mariana Racheva

    Istartsurf... нежелана и досадна придобивка

    Благодаря Ви! Рестартирах и ето съдържанието на файла... Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2014 Ran by Mariana at 2014-09-27 13:01:11 Run:1 Running from C:\Users\Mariana\Desktop\KALDATA\!! Kaldata Loaded Profile: Mariana (Available profiles: Mariana) Boot Mode: Normal ============================================== Content of fixlist: ***************** start closeprocesses: IFEO\jumpflip: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1411669439&from=amt&uid=TOSHIBAXMQ01ABD075_Z28VT86YTXXZ28VT86YT&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1411669439&from=amt&uid=TOSHIBAXMQ01ABD075_Z28VT86YTXXZ28VT86YT&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1411669439&from=amt&uid=TOSHIBAXMQ01ABD075_Z28VT86YTXXZ28VT86YT HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1411669439&from=amt&uid=TOSHIBAXMQ01ABD075_Z28VT86YTXXZ28VT86YT&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1411669439&from=amt&uid=TOSHIBAXMQ01ABD075_Z28VT86YTXXZ28VT86YT HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1411669439&from=amt&uid=TOSHIBAXMQ01ABD075_Z28VT86YTXXZ28VT86YT&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1411669439&from=amt&uid=TOSHIBAXMQ01ABD075_Z28VT86YTXXZ28VT86YT HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1411669439&from=amt&uid=TOSHIBAXMQ01ABD075_Z28VT86YTXXZ28VT86YT&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1411669439&from=amt&uid=TOSHIBAXMQ01ABD075_Z28VT86YTXXZ28VT86YT SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1411669439&from=amt&uid=TOSHIBAXMQ01ABD075_Z28VT86YTXXZ28VT86YT&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1411669439&from=amt&uid=TOSHIBAXMQ01ABD075_Z28VT86YTXXZ28VT86YT&q={searchTerms} SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1235&systemid=406&v=u11099-237&apn_uid=3403089435364115&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1411669439&from=amt&uid=TOSHIBAXMQ01ABD075_Z28VT86YTXXZ28VT86YT&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1411669439&from=amt&uid=TOSHIBAXMQ01ABD075_Z28VT86YTXXZ28VT86YT&q={searchTerms} SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1235&systemid=406&v=u11099-237&apn_uid=3403089435364115&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: No Name -> {389943B0-C3A2-4E69-82CB-8596A84CB3DC} -> No File BHO-x32: No Name -> {4AF9DF3E-17A4-428F-A39E-28ADA0A3A522} -> No File BHO-x32: No Name -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> No File BHO-x32: No Name -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> No File BHO-x32: No Name -> {FF7C3CF0-4B15-11D1-ABED-709549C10000} -> No File Toolbar: HKLM-x32 - No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File FF NewTab: hxxp://www.istartsurf.com/newtab/?type=nt&ts=1411669439&from=amt&uid=TOSHIBAXMQ01ABD075_Z28VT86YTXXZ28VT86YT FF SearchEngineOrder.1: Ask.com FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=101&systemid=488&v=u13614-455&apn_dtid=TCH001&apn_ptnrs=AG1&apn_uid=4130942234574072&o=APN11459&q= FF Plugin-x32: @FromDocToPDF_65.com/Plugin -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll No File FF SearchPlugin: C:\Users\Mariana\AppData\Roaming\Mozilla\Firefox\Profiles\s7gzuyja.default\searchplugins\buenosearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml FF HKLM-x32\...\Firefox\Extensions: [searchpredict@speedbit.com] - C:\Program Files (x86)\SearchPredict\PRFireFox FF HKLM-x32\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Mariana\AppData\Roaming\Mozilla\Firefox\Profiles\s7gzuyja.default\extensions\faststartff@gmail.com CHR HKLM-x32\...\Chrome\Extension: [faklkmlkcleeoibffcbligohmkciloif] - C:\Program Files (x86)\PutLockerDownloader\PutLockerDownloader10.crx [2013-06-26] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-25] (Cherished Technololgy LIMITED) S2 Update AtuZi; "C:\Program Files (x86)\AtuZi\updateAtuZi.exe" [X] S2 updater; C:\Windows\SysWOW64\rundll32.exe "C:\Users\Mariana\AppData\Roaming\Updater\updater.dll",init_service R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\x64\configmgrc2.cfg [42064 2014-08-04] (SafetyNut Inc) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] Task: {57FE95A0-2172-4ACF-82CF-1AE001A579DC} - System32\Tasks\EPUpdater => C:\Users\Mariana\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION Task: {6556E7AB-9231-4F65-9EF9-650566996CDB} - System32\Tasks\GWYTUHQ => C:\Users\Mariana\AppData\Roaming\GWYTUHQ.exe [2014-09-25] (Info01HD-V2.1V25.09) Task: {A92E180F-DDD7-48A2-90E7-67063CCCB600} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION Task: {B4383B73-218E-4DF9-BDC1-153463604E7C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {D8D8BC24-8BE6-4038-AA0E-FD6F66991AF5} - System32\Tasks\UCDQBS => C:\Users\Mariana\AppData\Roaming\UCDQBS.exe [2014-09-25] (Info01HD-V2.1V25.09) Task: C:\Windows\Tasks\GWYTUHQ.job => C:\Users\Mariana\AppData\Roaming\GWYTUHQ.exe Task: C:\Windows\Tasks\UCDQBS.job => C:\Users\Mariana\AppData\Roaming\UCDQBS.exe C:\Users\Mariana\AppData\Roaming\BABSOL~1 C:\Users\Mariana\AppData\Roaming\GWYTUHQ.exe C:\Users\Mariana\AppData\Roaming\UCDQBS.exe C:\Program Files (x86)\YourFileDownloader C:\Program Files (x86)\MyPC Backup C:\Program Files (x86)\Browser Tab Search by Ask C:\Program Files (x86)\SupTab C:\Program Files (x86)\globalUpdate C:\ProgramData\IePluginServices C:\Program Files (x86)\PutLockerDownloader C:\Program Files (x86)\AtuZi C:\Users\Mariana\AppData\Roaming\Updater C:\Program Files\Enigma Software Group C:\Users\Mariana\AppData\Local\globalUpdate C:\ProgramData\WindowsMangerProtect C:\Windows\System32\Tasks\GWYTUHQ C:\Windows\System32\Tasks\UCDQBS C:\Windows\Tasks\GWYTUHQ.job C:\Windows\Tasks\UCDQBS.job C:\Windows\Reimage.ini C:\Program Files (x86)\Reimageplus.com C:\Windows\System32\Tasks\{DB60FA0C-FA6F-420A-A024-56C33DEB98B2} C:\Windows\System32\Tasks\{49F0C3FD-A995-4BB7-AAD0-147B82235B00} C:\Windows\System32\Tasks\LaunchSignup C:\Program Files (x86)\SiteLookup C:\Users\Mariana\AppData\Local\onlysearch C:\ProgramData\SafetyNut C:\Users\Mariana\AppData\Roaming\GWYTUHQ C:\Users\Mariana\AppData\Roaming\UCDQBS C:\Users\Mariana\AppData\Roaming\SimilarAddon C:\Users\Mariana\AppData\Roaming\FirefoxToolbar C:\Program Files (x86)\SearchPredict C:\Program Files (x86)\SpeedBit Video Downloader C:\ProgramData\YTD Video Downloader AlternateDataStreams: C:\Users\Mariana\AppData\Local:wa HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" emptytemp: end ***************** Processes closed successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. "HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully. "HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully. "HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4AF9DF3E-17A4-428F-A39E-28ADA0A3A522}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{4AF9DF3E-17A4-428F-A39E-28ADA0A3A522}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}" => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}" => Key not found. Firefox newtab deleted successfully. Firefox SearchEngineOrder.1 deleted successfully. Firefox Keyword.URL deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@FromDocToPDF_65.com/Plugin" => Key deleted successfully. C:\Users\Mariana\AppData\Roaming\Mozilla\Firefox\Profiles\s7gzuyja.default\searchplugins\buenosearch.xml => Moved successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\searchpredict@speedbit.com => value deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} => value deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\faststartff@gmail.com => value deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\faklkmlkcleeoibffcbligohmkciloif" => Key deleted successfully. C:\Program Files (x86)\PutLockerDownloader\PutLockerDownloader10.crx => Moved successfully. "HKCU\SOFTWARE\Policies\Google" => Key deleted successfully. IePluginServices => Service deleted successfully. Update AtuZi => Service deleted successfully. updater => Service deleted successfully. F06DEFF2-5B9C-490D-910F-35D3A91196222 => Unable to stop service F06DEFF2-5B9C-490D-910F-35D3A91196222 => Service deleted successfully. esgiguard => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57FE95A0-2172-4ACF-82CF-1AE001A579DC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57FE95A0-2172-4ACF-82CF-1AE001A579DC}" => Key deleted successfully. C:\Windows\System32\Tasks\EPUpdater => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6556E7AB-9231-4F65-9EF9-650566996CDB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6556E7AB-9231-4F65-9EF9-650566996CDB}" => Key deleted successfully. C:\Windows\System32\Tasks\GWYTUHQ => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GWYTUHQ" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A92E180F-DDD7-48A2-90E7-67063CCCB600}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A92E180F-DDD7-48A2-90E7-67063CCCB600}" => Key deleted successfully. C:\Windows\System32\Tasks\YourFile DownloaderUpdate => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4383B73-218E-4DF9-BDC1-153463604E7C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4383B73-218E-4DF9-BDC1-153463604E7C}" => Key deleted successfully. C:\Windows\System32\Tasks\LaunchSignup => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D8D8BC24-8BE6-4038-AA0E-FD6F66991AF5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8D8BC24-8BE6-4038-AA0E-FD6F66991AF5}" => Key deleted successfully. C:\Windows\System32\Tasks\UCDQBS => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCDQBS" => Key deleted successfully. C:\Windows\Tasks\GWYTUHQ.job => Moved successfully. C:\Windows\Tasks\UCDQBS.job => Moved successfully. "C:\Users\Mariana\AppData\Roaming\BABSOL~1" => File/Directory not found. C:\Users\Mariana\AppData\Roaming\GWYTUHQ.exe => Moved successfully. C:\Users\Mariana\AppData\Roaming\UCDQBS.exe => Moved successfully. "C:\Program Files (x86)\YourFileDownloader" => File/Directory not found. "C:\Program Files (x86)\MyPC Backup" => File/Directory not found. C:\Program Files (x86)\Browser Tab Search by Ask => Moved successfully. C:\Program Files (x86)\SupTab => Moved successfully. C:\Program Files (x86)\globalUpdate => Moved successfully. C:\ProgramData\IePluginServices => Moved successfully. C:\Program Files (x86)\PutLockerDownloader => Moved successfully. "C:\Program Files (x86)\AtuZi" => File/Directory not found. C:\Users\Mariana\AppData\Roaming\Updater => Moved successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Users\Mariana\AppData\Local\globalUpdate => Moved successfully. C:\ProgramData\WindowsMangerProtect => Moved successfully. "C:\Windows\System32\Tasks\GWYTUHQ" => File/Directory not found. "C:\Windows\System32\Tasks\UCDQBS" => File/Directory not found. "C:\Windows\Tasks\GWYTUHQ.job" => File/Directory not found. "C:\Windows\Tasks\UCDQBS.job" => File/Directory not found. C:\Windows\Reimage.ini => Moved successfully. C:\Program Files (x86)\Reimageplus.com => Moved successfully. C:\Windows\System32\Tasks\{DB60FA0C-FA6F-420A-A024-56C33DEB98B2} => Moved successfully. C:\Windows\System32\Tasks\{49F0C3FD-A995-4BB7-AAD0-147B82235B00} => Moved successfully. "C:\Windows\System32\Tasks\LaunchSignup" => File/Directory not found. C:\Program Files (x86)\SiteLookup => Moved successfully. C:\Users\Mariana\AppData\Local\onlysearch => Moved successfully. C:\ProgramData\SafetyNut => Moved successfully. C:\Users\Mariana\AppData\Roaming\GWYTUHQ => Moved successfully. C:\Users\Mariana\AppData\Roaming\UCDQBS => Moved successfully. C:\Users\Mariana\AppData\Roaming\SimilarAddon => Moved successfully. C:\Users\Mariana\AppData\Roaming\FirefoxToolbar => Moved successfully. C:\Program Files (x86)\SearchPredict => Moved successfully. C:\Program Files (x86)\SpeedBit Video Downloader => Moved successfully. C:\ProgramData\YTD Video Downloader => Moved successfully. C:\Users\Mariana\AppData\Local => ":wa" ADS removed successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully. EmptyTemp: => Removed 407.2 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== Благодаря Ви! Рестартирах и прикачих файла...
  6. Привет! Сдобих с istartsurf. Почти до разсъмване се мъчих да го премахна. Пробвах първо по стандартния начин Control Panel - “Програми и компоненти” - “Деинсталиране на програма” , но нищо не се получи… стои си и стои иконата, макар че ме разиграва да изписвам разни кодове и симулира че деинсталира. След като разбрах, че Аvast не може да ми помогне, изтеглих и инсталирах програмата Spybot и започнах да сканирам с нея – безброй пъти. Иконата в Control Panel - “Програми и компоненти” изчезна… зарадвах се! Реших да ползвам Internet Explorer и ето - отново неприятна изненада… се оказа че istartsur си е там. Пробвах и с другите два браузера Mozilla Firefox и Google Chrome… там си е – отваря и затваря прозорци каквито и както си иска. Последвах стъпките, които Вие сте описали, с надеждата, че ще ми помогнете да се отърва от тази нежелана и досадна придобивка. Сканирах с програмата Farbar и ето какво получих… Предварително Ви благодаря, за времето което ще отделите за мен. Addition.txt FRST.txt FRST.txt
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.