Премини към съдържанието

HappyPower

Потребител
  • Публикации

    30
  • Регистрация

  • Последно онлайн

Харесвания

5 Неутрална репутация

Всичко за HappyPower

  • Титла
    Потребител
  1. Благодаря за всичко отново ! Лек ден и на вас ))))) !
  2. Мерси за всичко , ето и последното пейстче Results of screen317's Security Check version 0.99.98 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG 2015 AVG Web TuneUp AVG 2015 `````````Anti-malware/Other Utilities Check:````````` AVG Web TuneUp CCleaner Java 7 Update 76 Java 6 Update 22 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 Adobe Reader XI ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 0% ````````````````````End of Log``````````````````````
  3. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015 Ran by bbb at 2015-03-12 23:40:53 Run:1 Running from C:\Downloads Loaded Profiles: bbb (Available profiles: bbb) Boot Mode: Normal ============================================== Content of fixlist: ***************** start DeleteQuarantine: end ***************** "C:\FRST\Quarantine" => removed successfully. ==== End of Fixlog 23:40:54 ==== Понеже са много файловете ще ги прикача от анализа на Windows repair _Windows_Repair_Log.txt ip_reset.txt Repair_Icons.txt Repair_MSI_Windows_Installer.txt Repair_Print_Spooler.txt Repair_Volume_Shadow_Copy_Service.txt Repair_Windows_Firewall.txt Repair_Windows_Updates.txt Repair_Winsock_and_DNS_Cache.txt Repair_WMI.txt
  4. Да , има промяна , по добре върви от преди
  5. C:\Documents and Settings\All Users\Application Data\InstallMate\{CF40E13A-51BB-4E82-AC69-199914A3C3CC}\Custom.dll C:\Downloads\Programs\LF2_v20a_Install.exe C:\Downloads\Programs\SopCast\Setup-SopCast-3.8.3-2013-6-26.exe C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP656\A0475672.dll C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP656\A0475673.dll C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP656\A0475676.dll C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP656\A0475785.exe Malware : Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11.3.2015 г. Scan Time: 14:30:56 Logfile: malwareeeeeee.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.03.11.04 Rootkit Database: v2015.02.25.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: bbb Scan Type: Threat Scan Result: Completed Objects Scanned: 359247 Time Elapsed: 38 min, 0 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Deep Rootkit Scan: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.BSPlayer.A, HKU\S-1-5-21-1778425323-2299251919-3364654975-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BS_Player, Quarantined, [edbcd84af09aae88a6734a5dec17d42c], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 10 PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\EmailNotifier, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\LanguagePack, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\LanguagePack\en-us, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\Logs, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\MyStuffComponents, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\RadioPlayer, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\SearchInNewTab, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\UserDefinedItems, Quarantined, [6742ce547e0c0333fc049312f21119e7], Files: 48 PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\LanguagePack.xml, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\LocalSettings.txt, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\ThirdPartyComponents.xml, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633724757294662500_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633724757411068750_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633724757532631250_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633724757637787500_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633940748123387500_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633942315507262500_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633942318595700000_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_Menu-Bsilkset_information_gif-silk_2-633709923447750000_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_Menu-Bsilkset_information_gif-silk_2-633728054059006250_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_Menu-silkset_cog_gif-Silk_1-633996946273117500_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633724757176693750_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_Weather_xml-12-Colorized-633840317439131250_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633513048245868750_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633524940793225000_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633524940956350000_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633717859047931250_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633717859665118750_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633717859733556250_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633717859785587500_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633717859834025000_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633717859912618750_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633717859977775000_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633723011629906250_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_59_175_CT1750559_Images_633724756908412500_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\LanguagePack\en-us\LanguagePack.xml, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\RadioPlayer\IP_Stations_Media_List.xml, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\RadioPlayer\Predefined_Media_List.xml, Quarantined, [6742ce547e0c0333fc049312f21119e7], PUP.Optional.BSPlayer.A, C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\BS_Player\SearchInNewTab\SearchInNewTabContent.xml, Quarantined, [6742ce547e0c0333fc049312f21119e7], Physical Sectors: 0 (No malicious items detected) (end)
  6. Здравейте отново ! Копирам файловете от анализа ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.3 (03.01.2015:1) OS: Microsoft Windows XP x86 Ran by bbb on 11.03.2015 г. at 14:17:06,76 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\bbb.ACER-6E\Application Data\getrighttogo" Successfully deleted: [Folder] "C:\Documents and Settings\bbb.ACER-6E\Local Settings\Application Data\conduit" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.03.2015 г. at 14:25:13,03 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware www.malwarebytes.org Protection, 11.3.2015 г. 13:43:57, SYSTEM, SOFIA1, Protection, Malware Protection, Starting, Protection, 11.3.2015 г. 13:43:57, SYSTEM, SOFIA1, Protection, Malware Protection, Started, Protection, 11.3.2015 г. 13:43:57, SYSTEM, SOFIA1, Protection, Malicious Website Protection, Starting, Protection, 11.3.2015 г. 13:45:29, SYSTEM, SOFIA1, Protection, Malicious Website Protection, Started, Protection, 11.3.2015 г. 13:58:51, SYSTEM, SOFIA1, Protection, Malicious Website Protection, Stopping, Protection, 11.3.2015 г. 13:58:58, SYSTEM, SOFIA1, Protection, Malicious Website Protection, Stopped, Protection, 11.3.2015 г. 13:58:58, SYSTEM, SOFIA1, Protection, Malware Protection, Stopping, Protection, 11.3.2015 г. 14:00:43, SYSTEM, SOFIA1, Protection, Malware Protection, Stopped, Protection, 11.3.2015 г. 14:27:08, SYSTEM, SOFIA1, Protection, Malware Protection, Starting, Protection, 11.3.2015 г. 14:27:08, SYSTEM, SOFIA1, Protection, Malware Protection, Started, Protection, 11.3.2015 г. 14:27:08, SYSTEM, SOFIA1, Protection, Malicious Website Protection, Starting, Protection, 11.3.2015 г. 14:28:02, SYSTEM, SOFIA1, Protection, Malicious Website Protection, Started, Update, 11.3.2015 г. 14:30:54, SYSTEM, SOFIA1, Manual, Malware Database, 2015.3.10.5, 2015.3.11.4, Protection, 11.3.2015 г. 14:30:55, SYSTEM, SOFIA1, Protection, Refresh, Starting, Protection, 11.3.2015 г. 14:30:55, SYSTEM, SOFIA1, Protection, Malicious Website Protection, Stopping, Protection, 11.3.2015 г. 14:30:57, SYSTEM, SOFIA1, Protection, Malicious Website Protection, Stopped, Protection, 11.3.2015 г. 14:31:51, SYSTEM, SOFIA1, Protection, Refresh, Success, Protection, 11.3.2015 г. 14:31:53, SYSTEM, SOFIA1, Protection, Malicious Website Protection, Starting, Protection, 11.3.2015 г. 14:33:00, SYSTEM, SOFIA1, Protection, Malicious Website Protection, Started, Scan, 11.3.2015 г. 15:10:04, SYSTEM, SOFIA1, Manual, Start:11.3.2015 г. 14:30:56, Duration:38 min 0 sec, Threat Scan, Completed, 0 Malware Detections, 59 Non-Malware Detections, Protection, 11.3.2015 г. 15:10:14, SYSTEM, SOFIA1, Protection, Malicious Website Protection, Stopping, Protection, 11.3.2015 г. 15:10:23, SYSTEM, SOFIA1, Protection, Malicious Website Protection, Stopped, Protection, 11.3.2015 г. 15:10:35, SYSTEM, SOFIA1, Protection, Malicious Website Protection, Starting, Protection, 11.3.2015 г. 15:14:05, SYSTEM, SOFIA1, Protection, Malware Protection, Starting, Protection, 11.3.2015 г. 15:14:05, SYSTEM, SOFIA1, Protection, Malware Protection, Started, Protection, 11.3.2015 г. 15:14:07, SYSTEM, SOFIA1, Protection, Malicious Website Protection, Starting, Protection, 11.3.2015 г. 15:15:07, SYSTEM, SOFIA1, Protection, Malicious Website Protection, Started, (end) # AdwCleaner v4.111 - Logfile created 01/03/2015 at 23:38:49 # Updated 18/02/2015 by Xplode # Database : 2015-02-18.3 [Local] # Operating system : Microsoft Windows XP Service Pack 3 (x86) # Username : bbb - SOFIA1 # Running from : C:\Downloads\adwcleaner_4.111.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar Folder Deleted : C:\Documents and Settings\All Users\Application Data\RightClick Folder Deleted : C:\Program Files\BS_Player Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\DAEMON Tools Toolbar Folder Deleted : C:\Program Files\Common Files\AVG Secure Search ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Toolbar Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\dt soft\daemon tools toolbar Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar ***** [ Web browsers ] ***** -\\ Internet Explorer v7.0.6000.17080 -\\ Mozilla Firefox v -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [3845 bytes] - [01/03/2015 23:29:24] AdwCleaner[s0].txt - [3848 bytes] - [01/03/2015 23:38:49] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3907 bytes] ########## ESETScan : C:\AdwCleaner\Quarantine\C\Program Files\BS_Player\tbBS_1.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\BS_Player\tbBS_P.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application C:\Documents and Settings\All Users\Application Data\InstallMate\{CF40E13A-51BB-4E82-AC69-199914A3C3CC}\Custom.dll Win32/InstalleRex.T potentially unwanted application C:\Downloads\Programs\LF2_v20a_Install.exe Win32/Toolbar.Conduit.Y potentially unwanted application C:\Downloads\Programs\SopCast\Setup-SopCast-3.8.3-2013-6-26.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP656\A0475672.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP656\A0475673.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP656\A0475676.dll Win32/Toolbar.Conduit.Y potentially unwanted application C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP656\A0475785.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
  7. ComboFix 15-03-01.01 - bbb 03.2015 г. 12:52:12.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1251.359.1033.18.1012.599 [GMT 2:00] Running from: c:\downloads\ComboFix.exe AV: AVG AntiVirus 2015 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\bbb.ACER-6E\WINDOWS c:\program files\Internet Explorer\SET285.tmp c:\program files\Internet Explorer\SET28A.tmp c:\program files\Internet Explorer\SET33D.tmp . . ((((((((((((((((((((((((( Files Created from 2015-02-03 to 2015-03-03 ))))))))))))))))))))))))))))))) . . 2015-03-03 09:04 . 2015-03-03 10:26 -------- d-----w- C:\FRST 2015-03-02 10:46 . 2015-03-02 10:46 53248 ----a-w- c:\windows\system32\zlib.dll 2015-03-02 10:46 . 2015-03-02 10:46 -------- d-----w- c:\program files\Foolish IT 2015-03-02 10:43 . 2015-03-02 10:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Unchecky 2015-03-02 10:43 . 2015-03-02 10:44 -------- d-----w- c:\program files\Unchecky 2015-03-02 10:22 . 2015-03-02 10:22 -------- d-----w- c:\program files\Common Files\Java 2015-03-02 10:22 . 2015-03-02 10:22 -------- d-----w- c:\documents and settings\bbb.ACER-6E\Local Settings\Application Data\Sun 2015-03-02 10:21 . 2015-03-02 10:21 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2015-03-02 10:13 . 2015-03-02 10:13 -------- d-----w- c:\program files\Common Files\Adobe 2015-03-01 21:29 . 2015-03-01 21:38 -------- d-----w- C:\AdwCleaner 2015-03-01 20:11 . 2015-03-01 20:11 -------- d-----w- c:\documents and settings\bbb.ACER-6E\Local Settings\Application Data\AVG Web TuneUp 2015-03-01 20:11 . 2015-03-01 20:11 -------- d-----w- c:\documents and settings\bbb.ACER-6E\Application Data\AVG Web TuneUp 2015-03-01 20:09 . 2015-03-01 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Web TuneUp 2015-03-01 20:08 . 2015-03-01 20:09 -------- d-----w- c:\program files\AVG Web TuneUp 2015-03-01 19:56 . 2015-03-01 19:56 -------- d-----w- c:\documents and settings\bbb.ACER-6E\Application Data\AVG2015 2015-03-01 19:54 . 2015-03-01 19:54 -------- d-----w- c:\documents and settings\bbb.ACER-6E\Application Data\TuneUp Software 2015-03-01 19:53 . 2015-03-01 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2015 2015-03-01 19:53 . 2015-03-01 19:53 -------- d-----w- C:\$AVG 2015-03-01 19:52 . 2015-03-01 19:52 -------- d-----w- c:\program files\AVG 2015-03-01 19:49 . 2015-03-03 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2015-03-01 19:49 . 2015-03-01 20:01 -------- d-----w- c:\documents and settings\bbb.ACER-6E\Local Settings\Application Data\Avg2015 2015-03-01 19:49 . 2015-03-01 19:49 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2015-03-01 19:49 . 2015-03-01 19:49 -------- d-----w- c:\documents and settings\bbb.ACER-6E\Local Settings\Application Data\MFAData 2015-03-01 19:11 . 2015-03-01 19:47 -------- d-----w- c:\documents and settings\bbb.ACER-6E\Application Data\uTorrent 2015-03-01 19:04 . 2015-03-01 19:44 -------- d-----w- c:\windows\SxsCaPendDel 2015-03-01 18:46 . 2015-03-03 10:13 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-03-01 18:45 . 2014-11-21 04:14 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-03-01 18:45 . 2015-03-01 18:45 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2015-03-01 18:45 . 2015-03-01 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2015-03-01 18:45 . 2014-11-21 04:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-02-19 19:27 . 2015-02-19 19:27 202208 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys 2015-02-03 08:47 . 2015-02-03 08:47 265184 ----a-w- c:\windows\system32\drivers\avglogx.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-03-02 10:21 . 2010-10-03 14:23 145408 ----a-w- c:\windows\system32\javacpl.cpl 2015-03-02 09:58 . 2014-12-16 15:04 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-03-02 09:58 . 2014-12-16 15:04 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-01-23 07:40 . 2015-01-23 07:40 107488 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2015-01-16 09:15 . 2015-01-16 09:15 210400 ----a-w- c:\windows\system32\drivers\avgtdix.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-01-23 31087200] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-02-19 5503768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "M3000Mnt"="M3000Rmv.dll " [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720] "AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768] "AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-02-19 3710416] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-12-18 271744] "WinampAgent"="c:\downloads\Programs\winamp5.6\Winamp\winampa.exe" [2013-12-13 85600] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2010-10-5 95232] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2009-11-13 14:49 323392 -c--a-w- c:\program files\DNA\btdna.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService] 2008-05-22 13:30 425984 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] 2008-04-15 03:00 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2007-03-29 12:41 222128 -c--a-w- c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] 2008-04-15 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2014-12-18 17:02 271744 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC] 2007-05-07 17:28 589824 ----a-w- c:\program files\TightVNC\WinVNC.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Downloads\\Games\\Heroes 3 Gold\\HEROES3.EXE"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Downloads\\Programs\\SopCast\\SopCast.exe"= "c:\\Documents and Settings\\bbb.ACER-6E\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Documents and Settings\\bbb.ACER-6E\\Application Data\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2015\\avgemcx.exe"= "c:\\Downloads\\Programs\\winamp5.6\\Winamp\\winamp.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "15878:TCP"= 15878:TCP:BitComet 15878 TCP "15878:UDP"= 15878:UDP:BitComet 15878 UDP "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management "10950:TCP"= 10950:TCP:Inhatch P2P Streaming "10951:TCP"= 10951:TCP:Inhatch P2P Streaming "10952:TCP"= 10952:TCP:Inhatch P2P Streaming "10953:TCP"= 10953:TCP:Inhatch P2P Streaming "49780:UDP"= 49780:UDP:Inhatch P2P Streaming . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [18.11.2014 і. 21:41 154904] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [03.2.2015 і. 10:47 265184] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [18.6.2014 і. 20:03 27416] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.9.2010 і. 18:19 697328] R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [18.6.2014 і. 20:03 121624] R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [19.2.2015 і. 21:27 202208] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [18.6.2014 і. 20:03 21272] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [28.8.2014 і. 20:43 192792] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [16.1.2015 і. 11:15 210400] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [19.2.2015 і. 21:37 308720] R2 Unchecky;Unchecky;c:\program files\Unchecky\bin\unchecky_svc.exe [02.3.2015 і. 12:43 126568] R2 WtuSystemSupport;WtuSystemSupport;c:\program files\AVG Web TuneUp\WtuSystemSupport.exe [01.3.2015 і. 22:08 620056] R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [05.5.2008 і. 18:01 254976] R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [01.3.2010 і. 18:35 80000] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [19.2.2015 і. 21:43 3411408] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [01.3.2015 і. 20:45 1871160] S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [01.3.2015 і. 20:45 969016] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [02.1.2015 і. 19:45 315488] S2 vToolbarUpdater18.4.0;vToolbarUpdater18.4.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [?] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\BBB~1.ACE\LOCALS~1\Temp\KYR119.tmp --> c:\docume~1\BBB~1.ACE\LOCALS~1\Temp\KYR119.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?] S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [11.1.2009 і. 02:07 96856] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [01.3.2015 і. 20:45 23256] S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [12.1.2011 і. 21:30 114688] S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [12.1.2011 і. 21:30 105856] . Contents of the 'Scheduled Tasks' folder . 2015-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-16 09:58] . 2015-03-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1778425323-2299251919-3364654975-1006Core.job - c:\documents and settings\bbb.ACER-6E\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-11-29 19:26] . 2015-03-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1778425323-2299251919-3364654975-1006UA.job - c:\documents and settings\bbb.ACER-6E\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-11-29 19:26] . 2015-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1778425323-2299251919-3364654975-1006Core.job - c:\documents and settings\bbb.ACER-6E\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-10 19:12] . 2015-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1778425323-2299251919-3364654975-1006UA.job - c:\documents and settings\bbb.ACER-6E\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-10 19:12] . 2015-03-03 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job - c:\windows\system32\xp_eos.exe [2014-03-28 01:59] . 2015-02-10 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job - c:\windows\system32\xp_eos.exe [2014-03-28 01:59] . 2015-03-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1778425323-2299251919-3364654975-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 14:02] . 2015-02-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1778425323-2299251919-3364654975-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 14:02] . . ------- Supplementary Scan ------- . uStart Page = https://mysearch.avg.com/?cid={E5CC813E-9B82-48F1-92ED-59868F30830D}&mid=Unknown&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-03-0122:10&v=4.1.0.404&pid=wtu&sg=&sap=hp IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . . ------- File Associations ------- . .scr=CryptoPreventSCR . - - - - ORPHANS REMOVED - - - - . HKCU-Run-HW_OPENEYE_OUC_M-Tel NETAGENT - c:\program files\M-Tel NETAGENT\UpdateDog\ouc.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTAgent.exe AddRemove-CarmageddonDeinstKey - c:\program files\Games\Carmageddon\DeIsL1.isu AddRemove-Garena - c:\program files\Garena\uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2015-03-03 13:01 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\BBB~1.ACE\LOCALS~1\Temp\KYR119.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\B20@O=5 *=0 *C*C*l*e*a*n*e*r*& \command] @="c:\\Program Files\\CCleaner\\ccleaner.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2015-03-03 13:04:59 ComboFix-quarantined-files.txt 2015-03-03 11:04 . Pre-Run: 117 747 154 944 bytes free Post-Run: 117 734 309 888 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe . - - End Of File - - 02527256B7FE68055D0ADF84CD11EA1A 99852D5C3A78447C3D6D82B6155FE848
  8. Иска да тегля тези неща , да продължа ли напред ? http://dox.bg/files/dw?a=c10bcb4170
  9. Windows XP home sp3 Intel Atom CPU n270 @ 1.60GHz , 1,0GB RAM , Mobile intel 945 Express Chipset Family
  10. Ами тегля 32 бита , защото като изтегля за 64 и после ми пише FRST63.exe is not a valid Win32 application ....
  11. Честит празник ! 4 пъти се опитах , но програмата ми забива всеки път като стигне extra chek . Какво да правя ?
  12. Здравейте отново . Имам едно бавно лаптопче , но не знам дали вирус причинява всичко това или просто го пренатоварвам с някои програми . Наскоро му инсталирах някои програми ( AVG 2015 , CryptoPrevent , Malwarebytes Anti-Malware , Unchecky ) възможно ли е от тях да е така бавен . Ако може да направим същите стъпки със сканирането , ще съм ви отново благодарен .
  13. Много благодаря за сътрудничеството , доволен съм от работата ви , благодаря много за всичко ! Компютъра върви като по вода Прикачвам последния файл . Благодаря още веднъж . Имам един бавен лаптоп , скоро може и да направим същата процедура. Благодаря отново ! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-02-2015 Ran by petar at 2015-03-02 10:57:45 Run:2 Running from E:\ Loaded Profiles: petar & UpdatusUser (Available profiles: petar & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** start DeleteQuarantine: end ***************** "C:\FRST\Quarantine" => Removed successfully. ==== End of Fixlog 10:57:46 ====
  14. C:\Users\petar\AppData\Roaming\Identities\AppServices.exe C:\Users\petar\AppData\Roaming\glitz\updater.exe Благодаря . Много по добре върви компютъра откакто изтрих вируса . Кои програми да изтрия от тези които теглих , и кои да оставя
  15. Прикачвам файловете . ESETScan.txt malware.txt
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.