Премини към съдържанието
Todor91

Зараза с Win32 Trojan/Krypt постоянно се създават файлове

Препоръчан отговор


Добър Вечер HJT.  :)   От няколко дена системата сече, забива дори ми прекъсва интернета. Диск с Windows нямам. Постоянно се създават файлове от рода на:

amrys.exedcgcjnmk.exencerucdp.exeoieimivi.exetuke.exearxurqp.exe
Всички тези файлове се създават в папката System32.

Company Name на файловете (Neowise).

В Task Manager също има странен процес: fqcqbdp.exe  :( 

 

Благодаря предварително  :)

 

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2Run by user 1 at 1:17:54 on 2013-08-10Microsoft Windows XP Professional  5.1.2600.3.1251.1.1033.18.2037.1414 [GMT 3:00].AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}.============== Running Processes ================.C:WINDOWSExplorer.EXEC:WINDOWSsystem32spoolsv.exeC:Program FilesSUPERAntiSpywareSASCORE.EXEC:Program FilesESETESET NOD32 Antivirusekrn.exeC:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXEC:WINDOWSsystem32wuauclt.exeC:WINDOWSSystem32alg.exeC:WINDOWSsystem32wbemwmiprvse.exeC:Documents and SettingsNetworkServiceLocal SettingsApplication Datafqcqbdp.exeC:WINDOWSRTHDCPL.EXEC:Program FilesESETESET NOD32 Antivirusegui.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesSkypePhoneSkype.exeC:Program FilesuTorrentuTorrent.exeC:WINDOWSsystem32wuauclt.exeC:WINDOWSSystem32svchost.exe -k netsvcsC:WINDOWSsystem32svchost.exe -k WudfServiceGroupC:WINDOWSsystem32svchost.exe -k NetworkServiceC:WINDOWSsystem32svchost.exe -k LocalServiceC:WINDOWSsystem32svchost.exe -k LocalService.============== Pseudo HJT Report ===============.uStart Page = about:blankmStart Page = about:blankmWinlogon: Shell = explorer.exe,BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesjavajre7binssv.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre7binjp2ssv.dlluRun: [CTFMON.EXE] c:windowssystem32ctfmon.exeuRun: [Skype] "c:program filesskypephoneSkype.exe" /minimized /regrunuRun: [uTorrent] "c:program filesutorrentuTorrent.exe"mRun: [IgfxTray] c:windowssystem32igfxtray.exemRun: [HotKeysCmds] c:windowssystem32hkcmd.exemRun: [Persistence] c:windowssystem32igfxpers.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [egui] "c:program fileseseteset nod32 antivirusegui.exe" /hide /waitservicedRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXEuExplorerRun: [Microsoft] c:documents and settingsuser 1application dataifthhrgtheebbher.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: E&xport to Microsoft Excel - c:progra~1micros~3office11EXCEL.EXE/3000IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exeTCP: Interfaces{5209ADAD-71B7-4973-A9AB-128863D756C4} : NameServer = 11.2.90.1,11.1.1.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dllNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32wpdshserviceobj.dllSEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:program filessuperantispywareSASSEH.DLL.============= SERVICES / DRIVERS ===============.R0 MxEFUF;Matrox Extio Upper Function Filter;c:windowssystem32driversMxEFUF32.sys [2013-8-1 102728]R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [2009-5-12 107256]R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys [2009-5-12 94360]R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2011-7-22 12880]R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2011-7-13 67664]R2 !SASCORE;SAS Core Service;c:program filessuperantispywareSASCore.exe [2013-5-23 119056]R2 ekrn;ESET Service;c:program fileseseteset nod32 antivirusekrn.exe [2009-5-12 731840]R3 analog;analog;c:windowssystem32driversanalog.sys [2013-8-1 11264]R3 iegdmini;iegdmini;c:windowssystem32driversiegdmini.sys [2013-8-1 1677440]R3 ip100Awin7;IC Plus IP100A 10/100 Fast Ethernet Adapter NT Driver;c:windowssystem32driversipfnd51.sys [2013-7-25 31232]R3 lvds;lvds;c:windowssystem32driverslvds.sys [2013-8-1 10496]R3 sdvo;sdvo;c:windowssystem32driverssdvo.sys [2013-8-1 38784]R3 tv;tv;c:windowssystem32driverstv.sys [2013-8-1 36864]S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [2013-7-21 1691480]S3 ip100xp;TP-LINK TF-3200 10/100 Fast Ethernet Adapter NT Driver;c:windowssystem32driversipfnd51.sys [2013-7-25 31232]S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2013-8-10 40776]S3 NPF;WinPcap Packet Driver (NPF);c:windowssystem32driversnpf.sys [2013-8-1 50704]S3 teamviewervpn;TeamViewer VPN Adapter;c:windowssystem32driversteamviewervpn.sys [2013-7-22 25088]S3 uji4ndk0;AVZ-SG Kernel Driver;??c:windowssystem32driversuji4ndk0.sys --> c:windowssystem32driversuji4ndk0.sys [?]S3 uti4ndk0;AVZ Kernel Driver;c:windowssystem32driversuti4ndk0.sys [2013-8-9 7168]S4 Skype C2C Service;Skype C2C Service;c:documents and settingsall usersapplication dataskypetoolbarsskype c2c servicec2c_service.exe [2013-5-14 3289208]S4 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2013-6-21 162408]S4 TeamViewer8;TeamViewer 8;c:program filesteamviewerversion8TeamViewer_Service.exe [2013-7-22 4153184].=============== Created Last 30 ================.2013-08-09 22:16:15 63380 ----a-w- c:windowssystem32tsaa.exe2013-08-09 22:16:15 205808 ----a-w- c:windowssystem32nmjjcuq.exe2013-08-09 22:13:20 63380 ----a-w- c:windowssystem32wywixyh.exe2013-08-09 22:13:20 205808 ----a-w- c:windowssystem32afngjp.exe2013-08-09 22:03:12 40776 ----a-w- c:windowssystem32driversmbamswissarmy.sys2013-08-09 21:54:42 63380 ----a-w- c:windowssystem32hffd.exe2013-08-09 21:54:42 205808 ----a-w- c:windowssystem32nngxbaac.exe2013-08-09 21:52:01 205808 ----a-w- c:windowssystem32aohzpaue.exe2013-08-09 20:58:58 7168 ----a-w- c:windowssystem32driversuti4ndk0.sys2013-08-08 03:31:01 -------- d-----w- c:documents and settingsuser 1local settingsapplication dataWSHelper2013-08-07 18:06:54 22856 ----a-w- c:windowssystem32driversmbam.sys2013-08-07 18:06:54 -------- d-----w- c:program filesMalwarebytes' Anti-Malware2013-08-07 17:24:51 -------- d-sh--w- c:program filescommon filesSteam Client02013-08-06 10:55:52 -------- d-----w- c:documents and settingsuser 1local settingsapplication dataNVIDIA Corporation2013-08-06 10:00:22 -------- d-----w- c:documents and settingsuser 1application dataSUPERAntiSpyware.com2013-08-06 10:00:16 -------- d-----w- c:program filesSUPERAntiSpyware2013-08-06 09:55:39 -------- d-----w- c:documents and settingsuser 1local settingsapplication dataESET2013-08-06 09:55:34 -------- d-----w- c:documents and settingsall usersapplication dataSUPERAntiSpyware.com2013-08-05 22:28:03 -------- d-----w- c:program filesWonderFox Soft2013-08-05 22:15:28 -------- d-----w- c:documents and settingsall usersapplication dataxml_param2013-08-05 22:14:35 -------- d-----w- c:documents and settingsuser 1Videos2013-08-05 22:13:55 -------- d-----w- c:documents and settingsall usersapplication dataWondershare Player2013-08-05 22:13:44 -------- d-----w- c:program filescommon filesWondershare2013-08-05 22:13:15 -------- d-----w- c:documents and settingsall usersapplication dataWondershare Video Converter Pro2013-08-05 21:44:25 -------- d-----w- c:documents and settingsuser 1local settingsapplication dataAdobe2013-08-05 21:42:12 71048 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl2013-08-05 21:42:12 692104 ----a-w- c:windowssystem32FlashPlayerApp.exe2013-08-05 19:33:01 -------- d-----w- c:program filesESET2013-08-03 14:10:19 -------- d-----w- c:documents and settingsuser 1Doctor Web2013-08-03 12:57:55 -------- d-----w- c:documents and settingsuser 1local settingsapplication dataDeployment2013-08-03 12:50:05 -------- d-----w- c:documents and settingsall usersapplication dataMalwarebytes' Anti-Malware (portable)2013-08-03 12:44:55 -------- d-----w- c:windowspss2013-08-03 12:36:17 -------- d-----w- c:documents and settingsuser 1application dataMalwarebytes2013-08-03 12:35:18 -------- d-----w- c:documents and settingsall usersapplication dataMalwarebytes2013-08-03 11:55:30 -------- d-----w- c:windowsERUNT2013-08-03 11:53:04 -------- d-----w- c:documents and settingsuser 1local settingsapplication dataHelp2013-08-02 23:29:10 -------- d-----w- c:windowssystem32appmgmt2013-08-02 11:54:40 -------- d-----w- c:program filesSigmatel2013-08-02 11:54:32 273296 ----a-w- c:windowssystem32driversSTAC97.sys2013-08-02 11:54:32 102912 ----a-w- c:windowssystem32staco.dll2013-08-02 02:00:53 -------- d-----w- c:windowsCS 1.6 COOL EDiTiON2013-08-01 12:56:57 -------- d-----w- c:program filesPANDORA.TV2013-08-01 12:56:03 50704 ----a-w- c:windowssystem32driversnpf.sys2013-08-01 12:56:03 281104 ----a-w- c:windowssystem32wpcap.dll2013-08-01 12:56:03 100880 ----a-w- c:windowssystem32Packet.dll2013-08-01 00:38:56 102728 ----a-w- c:windowssystem32driversMxEFUF32.sys2013-08-01 00:09:59 401792 ----a-w- c:windowssystem32iegd3dg3.dll2013-08-01 00:09:59 38784 ----a-w- c:windowssystem32driverssdvo.sys2013-08-01 00:09:59 36864 ----a-w- c:windowssystem32driverstv.sys2013-08-01 00:09:59 1677440 ----a-w- c:windowssystem32driversiegdmini.sys2013-08-01 00:09:59 11264 ----a-w- c:windowssystem32driversanalog.sys2013-08-01 00:09:58 403328 ----a-w- c:windowssystem32iegddis.dll2013-08-01 00:09:58 10496 ----a-w- c:windowssystem32driverslvds.sys2013-07-31 23:55:07 -------- d-----w- c:documents and settingsuser 1local settingsapplication dataInnovative Solutions2013-07-31 23:54:59 -------- d-----w- c:program filesInnovative Solutions2013-07-31 13:50:29 -------- d-----w- c:documents and settingsuser 1application datavloader-bg2013-07-31 13:49:57 -------- d-----w- c:program filesvloader-bg2013-07-26 21:23:58 -------- d-----w- c:documents and settingsuser 1application dataBANDISOFT2013-07-26 21:21:52 -------- d-----w- c:program filesBandicam2013-07-26 21:21:48 -------- d-----w- c:program filesBandiMPEG12013-07-26 16:48:15 28552 ----a-w- c:windowssystem32spoolprtprocsw32x86mdippr.dll2013-07-26 16:48:15 28040 ----a-w- c:windowssystem32mdimon.dll2013-07-26 16:47:15 -------- d-----w- c:program filescommon filesL&H2013-07-26 16:46:57 -------- d-----w- c:program filesMicrosoft ActiveSync2013-07-26 16:45:40 -------- d-----w- c:windowsSHELLNEW2013-07-26 15:22:09 -------- d-----w- c:program filesMSECache2013-07-25 08:34:53 -------- d-----w- c:windowssystem32MRT2013-07-25 07:36:48 31232 ----a-w- c:windowssystem32driversipfnd51.sys2013-07-25 00:43:55 -------- d-----w- c:program filesVbox7 convertor2013-07-24 23:17:32 -------- d-----w- c:documents and settingsuser 1local settingsapplication dataIdentities2013-07-23 22:53:52 -------- d-----w- c:program filesFraps2013-07-22 22:58:07 -------- d-----w- c:program filesFreeTime2013-07-22 21:51:11 -------- d-----w- c:documents and settingsuser 1local settingsapplication dataSun2013-07-22 21:50:34 867240 ----a-w- c:windowssystem32npDeployJava1.dll2013-07-22 21:50:34 789416 ----a-w- c:windowssystem32deployJava1.dll2013-07-22 21:50:34 144896 ----a-w- c:windowssystem32javacpl.cpl2013-07-22 21:50:30 94632 ----a-w- c:windowssystem32WindowsAccessBridge.dll2013-07-22 16:08:22 -------- d-----w- c:documents and settingsuser 1application dataTeamViewer2013-07-22 16:03:39 19448 ----a-w- c:windowssystem32spoolprtprocsw32x86TeamViewer_PrintProcessor.dll2013-07-22 16:03:08 25088 ----a-w- c:windowssystem32driversteamviewervpn.sys2013-07-22 16:03:04 -------- d-----w- c:program filesTeamViewer2013-07-22 15:46:20 275696 ----a-w- c:windowssystem32mucltui.dll2013-07-22 15:46:20 214256 ----a-w- c:windowssystem32muweb.dll2013-07-22 15:46:20 17136 ----a-w- c:windowssystem32mucltui.dll.mui2013-07-21 23:50:44 -------- d-----w- c:documents and settingsuser 1application dataNico Mak Computing2013-07-21 23:49:07 -------- d-----w- c:program filesThe KMPlayer2013-07-21 22:02:26 238872 ------w- c:windowssystem32MpSigStub.exe2013-07-21 21:58:09 -------- d-----w- c:windowsie8updates2013-07-21 21:27:05 17920 -c----w- c:windowssystem32dllcachemsyuv.dll2013-07-21 21:26:14 8704 -c----w- c:windowssystem32dllcachetsbyuv.dll2013-07-21 21:26:14 48128 -c----w- c:windowssystem32dllcacheiyuv_32.dll2013-07-21 21:25:37 456320 -c----w- c:windowssystem32dllcachemrxsmb.sys2013-07-21 21:23:27 12928 -c----w- c:windowssystem32dllcacheusb8023x.sys2013-07-21 21:21:25 293376 ------w- c:windowssystem32browserchoice.exe2013-07-21 21:20:39 55296 -c----w- c:windowssystem32dllcachemsfeedsbs.dll2013-07-21 21:20:38 247808 -c----w- c:windowssystem32dllcacheieproxy.dll2013-07-21 21:20:38 12800 -c----w- c:windowssystem32dllcachexpshims.dll2013-07-21 21:20:37 743424 -c----w- c:windowssystem32dllcacheiedvtool.dll2013-07-21 21:20:37 630272 -c----w- c:windowssystem32dllcachemsfeeds.dll2013-07-21 21:20:34 11112960 -c----w- c:windowssystem32dllcacheieframe.dll2013-07-21 21:20:33 522240 -c----w- c:windowssystem32dllcachejsdbgui.dll2013-07-21 21:20:33 2005504 -c----w- c:windowssystem32dllcacheiertutil.dll2013-07-21 21:18:34 2193536 -c----w- c:windowssystem32dllcachentoskrnl.exe2013-07-21 21:18:34 2149888 -c----w- c:windowssystem32dllcachentkrnlmp.exe2013-07-21 21:18:33 2070144 -c----w- c:windowssystem32dllcachentkrnlpa.exe2013-07-21 21:18:33 2028544 -c----w- c:windowssystem32dllcachentkrpamp.exe2013-07-21 21:18:25 3072 -c----w- c:windowssystem32dllcacheiacenc.dll2013-07-21 21:18:25 3072 ------w- c:windowssystem32iacenc.dll2013-07-21 18:25:01 -------- d-----w- c:windowssystem32SoftwareDistribution2013-07-21 17:56:59 -------- d-----r- c:program filesSkype.==================== Find3M  ====================.2013-08-07 21:53:05 52352 ----a-w- c:windowssystem32driversvolsnap.sys2013-08-07 21:52:41 68224 ----a-w- c:windowssystem32driverspci.sys2013-08-07 21:51:43 105472 ----a-w- c:windowssystem32driversmup.sys2013-08-07 21:45:03 187776 ----a-w- c:windowssystem32driversacpi.sys2013-07-21 14:47:38 784880 ----a-w- c:program filesChromeSetup.exe2013-06-07 21:56:06 920064 ----a-w- c:windowssystem32wininet.dll2013-06-07 21:56:06 43520 ----a-w- c:windowssystem32licmgr10.dll2013-06-07 21:56:05 1469440 ----a-w- c:windowssystem32inetcpl.cpl2013-06-07 20:55:44 385024 ----a-w- c:windowssystem32html.iec2013-06-04 07:23:02 562688 ----a-w- c:windowssystem32qedit.dll2013-06-04 01:40:45 1876736 ----a-w- c:windowssystem32win32k.sys.============= FINISH:  1:18:20.92 ===============
ATTACH

.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: DeviceHarddiskVolume1Install Date: 7/21/2013 16:58:13System Uptime: 8/10/2013 01:15:48 (0 hours ago).Motherboard: Gigabyte Technology Co., Ltd. |  | G31M-S2CProcessor: Intel(R) Celeron(R) CPU        E1400  @ 2.00GHz | Socket 775 | 1999/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 55 GiB total, 38.904 GiB free.D: is FIXED (NTFS) - 122 GiB total, 34.583 GiB free.E: is FIXED (NTFS) - 121 GiB total, 16.142 GiB free.F: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Realtek PCIe FE Family ControllerDevice ID: PCIVEN_10EC&DEV_8136&SUBSYS_E0001458&REV_024&3A0400F3&0&00E1Manufacturer: Realtek Semiconductor Corp.Name: Realtek PCIe FE Family ControllerPNP Device ID: PCIVEN_10EC&DEV_8136&SUBSYS_E0001458&REV_024&3A0400F3&0&00E1Service: RTLE8023xp.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: 1394 Net AdapterDevice ID: V1394NIC139421D4B9B8308D01Manufacturer: MicrosoftName: 1394 Net AdapterPNP Device ID: V1394NIC139421D4B9B8308D01Service: NIC1394.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: TeamViewer VPN AdapterDevice ID: ROOTNET0000Manufacturer: TeamViewer GmbHName: TeamViewer VPN AdapterPNP Device ID: ROOTNET0000Service: teamviewervpn.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.П°єµт ·° съІјµстёјѕст ·° сёстµј°т° Office 2007Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginBandicamBandisoft MPEG-1 DecoderCS 1.6 COOL EDiTiONDriverMax 7ESET NOD32 AntivirusFlexType 2KFormatFactory 2.10Fraps (remove only)Google ChromeGoogle Update HelperHD Video Converter FactoryHigh Definition Audio Driver Package - KB835221Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2779562)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976002-v5)Intel(R) Graphics Media Accelerator DriverJava 7 Update 25Java Auto UpdaterMalwarebytes Anti-Malware, Іµрсёя 1.75.0.1300Microsoft .NET Framework 2.0 Service Pack 2Microsoft Application Error ReportingMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9Microsoft Office File Validation Add-InMicrosoft Office Professional Edition 2003Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Pandora ServiceREALTEK GbE & FE Ethernet PCI-E NIC DriverRealtek High Definition Audio DriverSecurity Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2846071)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB2834904)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219-v2)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135-v2)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2753842-v2)Security Update for Windows XP (KB2757638)Security Update for Windows XP (KB2758857)Security Update for Windows XP (KB2770660)Security Update for Windows XP (KB2780091)Security Update for Windows XP (KB2802968)Security Update for Windows XP (KB2807986)Security Update for Windows XP (KB2813345)Security Update for Windows XP (KB2820197)Security Update for Windows XP (KB2820917)Security Update for Windows XP (KB2834886)Security Update for Windows XP (KB2839229)Security Update for Windows XP (KB2845187)Security Update for Windows XP (KB2850851)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982665)Skype Click to CallSkype™ 6.6SpeccySUPERAntiSpywareTeamViewer 8The KMPlayer (remove only)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2749655)Update for Windows XP (KB955759)Update for Windows XP (KB971029)Vbox7 convertor, Іµрсёя 1.0.RC2vloader-bgWebFldrs XPWinampWinamp Detector Plug-inWindows Internet Explorer 8WinRAR 4.20 (32-±ётѕІ° Іµрсёя)µTorrent.==== Event Viewer Messages From Past Week ========.8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Workstation service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Wireless Zero Configuration service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Windows Time service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Windows Audio service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Telephony service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The System Event Notification service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Security Center service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Secondary Logon service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Remote Access Connection Manager service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Network Location Awareness (NLA) service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Logical Disk Manager service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The HID Input Service service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Fast User Switching Compatibility service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Error Reporting Service service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The DHCP Client service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Cryptographic Services service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The COM+ Event System service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7034]  - The Automatic Updates service terminated unexpectedly.  It has done this 1 time(s).8/9/2013 09:24:57, error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.8/9/2013 09:24:57, error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.8/9/2013 09:24:57, error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.8/9/2013 09:24:57, error: Service Control Manager [7031]  - The Help and Support service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.8/8/2013 06:30:37, error: NetBT [4307]  - Initialization failed because the transport refused to open initial Addresses.8/8/2013 00:14:31, error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.8/8/2013 00:14:31, error: Ftdisk [45]  - The system could not sucessfully load the crash dump driver.8/7/2013 23:51:58, error: Ftdisk [49]  - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.8/7/2013 23:19:47, error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.8/7/2013 22:47:43, error: SRService [104]  - The System Restore initialization process failed.8/7/2013 22:47:43, error: Service Control Manager [7023]  - The System Restore Service service terminated with the following error:  The directory is not empty.8/7/2013 22:47:18, error: Service Control Manager [7031]  - The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.8/7/2013 22:16:17, error: Service Control Manager [7023]  - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:  Access is denied.8/7/2013 21:34:00, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.8/7/2013 21:03:00, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}8/7/2013 15:20:33, error: Service Control Manager [7034]  - The Machine Debug Manager service terminated unexpectedly.  It has done this 1 time(s).8/7/2013 03:00:58, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2686509).8/6/2013 00:48:07, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .8/6/2013 00:48:07, error: SideBySide [59]  - Generate Activation Context failed for C:Program FilesFreeTimeFormatFactoryMFC80U.DLL. Reference error message: The operation completed successfully. .8/6/2013 00:48:07, error: SideBySide [32]  - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.8/3/2013 15:24:31, error: Service Control Manager [7000]  - The 5689 service failed to start due to the following error:  The system cannot find the file specified.8/3/2013 15:06:19, error: atapi [9]  - The device, DeviceIdeIdePort1, did not respond within the timeout period..==== End Of File ===========================
 

Прилагам лог от Malwarebytes

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Версия на базата от данни: v2013.08.09.07

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

user 1 :: PC-6BDC7AD1890B [администратор]

 

8/10/2013 01:21:41

mbam-log-2013-08-10 (01-21-41).txt

 

Тип сканиране: Бързо сканиране

Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUM

Изключени опции за сканиране: P2P

Сканирани обекти: 196870

Изминало време: 3 минута(и), 14 секунда(и)

 

Открити процеси в паметта: 1

C:Documents and SettingsNetworkServiceLocal SettingsApplication Datafqcqbdp.exe (Trojan.Crypted.FS) -> 1448 -> Ще бъде изтрит при рестартиране.

 

Открити модули в паметта: 0

(Не бяха открити зловредни обекти)

 

Открити ключове в системния регистър: 0

(Не бяха открити зловредни обекти)

 

Открити стойности в системния регистър: 1

HKCUSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerRun|Microsoft (Trojan.Crypted.FS) -> Данни: C:Documents and Settingsuser 1Application Dataifthhrgtheebbher.exe -> Поставен под карантина и изтрит успешно.

 

Открити информационни обекти в системния регистър: 0

(Не бяха открити зловредни обекти)

 

Открити папки: 0

(Не бяха открити зловредни обекти)

 

Открити файлове: 12

C:Documents and SettingsNetworkServiceLocal SettingsApplication Datafqcqbdp.exe (Trojan.Crypted.FS) -> Ще бъде изтрит при рестартиране.

C:Documents and Settingsuser 1Application Dataifthhrgtheebbher.exe (Trojan.Crypted.FS) -> Поставен под карантина и изтрит успешно.

C:WINDOWSsystem32hffd.exe (Trojan.Crypted.FS) -> Поставен под карантина и изтрит успешно.

C:WINDOWSsystem32nmjjcuq.exe (Trojan.Crypted.FS) -> Поставен под карантина и изтрит успешно.

C:WINDOWSsystem32nngxbaac.exe (Trojan.Crypted.FS) -> Поставен под карантина и изтрит успешно.

C:WINDOWSsystem32afngjp.exe (Trojan.Crypted.FS) -> Поставен под карантина и изтрит успешно.

C:WINDOWSsystem32aohzpaue.exe (Trojan.Crypted.FS) -> Поставен под карантина и изтрит успешно.

C:WINDOWSsystem32tsaa.exe (Trojan.Crypted.FS) -> Поставен под карантина и изтрит успешно.

C:WINDOWSsystem32wywixyh.exe (Trojan.Crypted.FS) -> Поставен под карантина и изтрит успешно.

C:Documents and SettingsNetworkServiceLocal SettingsApplication Datairstsiixd.exe (Trojan.Crypted.FS) -> Поставен под карантина и изтрит успешно.

C:Documents and SettingsNetworkServiceLocal SettingsApplication Datakvtxcm.exe (Trojan.Crypted.FS) -> Поставен под карантина и изтрит успешно.

C:Documents and SettingsNetworkServiceLocal SettingsApplication Datawpmwf.exe (Trojan.Crypted.FS) -> Поставен под карантина и изтрит успешно.

 

(край)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

Сигурни ли сте, че след като Malwarebytes' Anti-Malware премахне заразите те отново се връщат?

 

  • [*]Моля изтеглете
Farbar Recovery Scan Tool и го запазете на десктопа. [*]Стартирайте файла FRST.exe. [*]Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение. [*]Сложете всички отметки. [*]Натиснете бутона SCAN. [*]Ще се създадат два лог файл с името - FRST.txt и Addition.txt на десктопа. [*]Прикачете лог файловете в следващия си коментар.

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте B-boy[styLe]:)

Да. Сканирам с Malwarebytes трия файловете иска рестарт, съгласявам се. Пуска се отново, сканирам пак и същите файлове са там. Понеже системата не се пуска в Normal Mode, в момента съм в Safe Mode With Networking.

 

 

FRST - FRST.txt

Addition - Addition.txt

Ето и от Malwarebytes - mbam-log-2013-08-10 (12-53-01).txt

Редактирано от Todor91 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Мда...доста зле е положението - доста файлове изглеждат без цифров подпис + един пачнат драйвър + премахнат ключ за стартирането на explorer.exe

 

Стартирайте отново FRST.exe и въведете в полето за търсене volsnap.sys и натиснете бутона Search File(s).

 

Публикувано изображение

 

Публикувайте search.txt лог файла, който ще се създаде.

 

И не използвайте сами инструменти като AVZ...ще премахна драйвъра му после за да не създава проблеми.

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Заповядайте.

Search.txt


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Лошо...нямате чисто копие на файла...

Ще ви пратя линк с файла по Л.С. (линка ще е активен само 24 часа, защото не e незаконен обмена на системни файлове по-този начин).

Запазете файла в папката C: => така че да се получи C:volsnap.sys

 

Сега изтеглете прикачения файл => fixlist.txt и го запазете в папката от която стартирахте FRST.exe.

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата и пишете дали системата вече стартира в Normal Mode.

  • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Има една лека грешка в синтаксиса на последните два реда от скрипта и да опитаме пак:

 

Сега изтеглете прикачения файл => fixlist.txt и го запазете в папката от която стартирахте FRST.exe.

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата и пишете дали системата вече стартира в Normal Mode.

 

 

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Стига до зареждането на Windows и се рестартира сам. И сега, пак съм в Safe Mode with Networking.

Ето лога:  Fixlog.txt

Редактирано от Todor91 (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Тъй като има някои грешки с драйвърите на Eset и SUPERAntispyware при зареждането на Windows:

 

Error: (08/10/2013 00:48:30 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ehdrv
Fips
intelppm
SASDIFSV
SASKUTIL

 

 

Временно деинсталирайте Eset и SUPERAntispyware от Control Panel-a;

 

След това почистете остатъците от първата с това - Download ESET Uninstaller, а от втората с това - SUPERAntiSpyware Uninstaller Assistant (32-Bit)

 

Сега изтеглете прикачения файл => fixlist.txt и го запазете в папката от която стартирахте FRST.exe.

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата и пишете дали системата вече стартира в Normal Mode.

  • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не мога да деинсталирам ESET под Safe Mode with Networkig. Изтрих SuperAnti Spyware и почистих с инструмента. Да продължавам ли със FRST.exe?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Защо да не можете...стартирахте ли тулчето...то е именно за safe mode:

 

http://kb.eset.com/esetkb/index?page=content&id=SOLN2289&locale=en_US

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не уточних. От контролния панел не мога да я деинсталирам. Стартирах тулл-а за премахване на Есет, той свърши работа.

Ето лога от FRST:

Fixlog.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сега можете ли вече да стартирате в нормален режим?

 

Налага ми се да излезна за 2-3 часа и после ще продължим.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Лоша работа..а кога престана да зарежда в Normal Mode. Почиствали ли сте собственоръчно с нещо?

И какво се случва при опит за зареждане в Normal Mode...някаква грешка, съобщение?

 

1. Изтеглете ComboFix от BleepingComputer и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:
Публикувано изображение
След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:
Публикувано изображение


2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.



3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.



4. ComboFix ще провери дали Windows Recovery Console e инсталиранa.


*Ако Windows Recovery Console не е инсталирана, ще е необходимо да използвате YES за инсталация на Windows Recovery Console
*Ако Windows Recovery Console е инсталирана, ComboFix ще продължи работата си.
Публикувано изображение


Забележка: Необходимо е да сте свързани към Интернет за да може Windows Recovery Console да се изтегли.


След инсталация на Windows Recovery Console потвърдете с YES, за да продължите напред. Снимка:
Публикувано изображение


5. ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на Combofix, моля да прочетете това: Manually restoring the Internet connection section.


6. След като работата на ComboFix приключи, компютъра ще се рестартира автоматично. След рестарта заредете отново в Safe Mode нарочно за да може Combofix да приключи своята работа. След това ще се появи текстов документ (log) в Notepad:
Публикувано изображение

 

7. Копирайте лог файла в следващия си коментар.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Лошо...пачнат е файла на ядрото на Windows...

 

Първо създайте нова точка за възстановяване на системата.

 

След това изтеглете тези файлове и ги запазете на десктопа:

 

http://download.bleepingcomputer.com/win-services/xp/IntelIde.reg
http://download.bleepingcomputer.com/win-services/xp/WS2IFSL.reg
http://download.bleepingcomputer.com/win-services/xp/Fips.reg

 

Стартирайте ги един по един и изберете YES на диалоговия прозорец.

 

Отворете Notepad.exe и се уверете, че пред Format => няма отметка пред Word Wrap (ако има я махнете).

 

Публикувано изображение

 

След това отново отворете notepad и с copy/paste поставете следната информация:

 

SecCenter::
{E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
MIA::
c:windowssystem32ntkrnlpa.exe
c:windowssystem32driverspci.sys
c:windowssystem32driversacpi.sys
Registry::
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalhitmanpro37]
[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalhitmanpro37.sys]

 

Запазете файла с име CFScript и го провлачете и пуснете в Combofix (както на картинката отдолу):

Публикувано изображение
 

Рестартирайте отново в Safe Mode и публикувайте лог файл в следващия си пост.

 

Ако всичко мине успешно сега пробвайте вече да заредите в Normal Mode и пишете за резултата.

  • Харесва ми 4

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

После ще се опитам да заменя файла на ядрото, но има шанс системата да не буутне изобщо. То и без това така не можете да работите, така че ще е добре да се сдобиете с инсталационен диск. С него можем да пробваме също две-три неща преди преинсталацията.

 

 

СТЪПКА 1

 

 

Публикувано изображение
Моля изтеглете Farbar Service Scanner и я стартирайте.

 

  • [*]Сложете
всички отметки и натиснете бутона "Scan". [*]Ще се създаде лог файл с името (FSS.txt) в папката откъдето стартирате инструмента. [*]Прикачете лог файла в следващия си пост.

 

 

 

СТЪПКА 2

 

 

Публикувано изображение

  • [*]Отворете
следния сайт и изтеглете RKill.exe и ги запазете на вашия десктоп. [*]Стартирате програмата с двоен клик върху файла и изчакайте търпеливо. [*]След приключване на проверката ще се генерира лог файл с извършените процедури. [*]Прикачете лог файла в следващия си пост.

 

 

СТЪПКА 3

 

 

Публикувано изображение

  • [*]Изтеглете
MiniToolBox.exe и го запазете на десктопа. [*]Сложете всички отметки и натиснете Go. [*]Прикачете лог файла Result.txt в следващия си пост.

 

 

СТЪПКА 4

 

 

Публикувано изображение

Изтеглете Autoruns и:

  • [*]Стартирайте програмата; [*]Изберете
Options => Filter Options => сложете отметки пред Verify Code Signature и Hide Microsoft Entries; [*]От менюто File -> Refresh; [*]От менюто File -> Save...; [*]Запазете файла някъде с желано от вас име (във формат arn), архивирайте го с програма по желание и го прикачете към темата за да ви кажа, кои отметки да премахнете.

  • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте. :)  Утре ще взема диск и ще го преинсталирам, то се е видяло, че повече няма да стартира в Normal Mode. Все пак Благодаря за бързите отговори и се извинявам, че Ви изгубих времето. 

 

Поздрави и лека вечер  :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ще е интересно да пробвам няколко неща след като вземете диска. Преинсталацията е най-лесното нещо, но важното е да се види какви поражения прави за да знаем как да противодействаме следващия път. Определено този троянец изглежда доста нов ако съдя по номенклатурата от MBAM.

 

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход


  • Горещи теми в момента

  • Подобни теми

    • от bobivg
      Здравейте, от известно време ми направи впечатление, че след като изгасне монитора (не се ползва компютъра) се увеличават оборотите на вентилатора на процесора. Проблема изчезва веднага след като размърдам мишката. Предположих, че имам някакъв миньор и от предходните теми за подобен проблем качих и сканирах с Malwarebytes, който не откри нищо. Сканирах с free версията (с крака не можах да се оправя).
      Прилагам снимки от Resoursce Monitor и Task Manager. Aко е необходима повече информация казвайте.  
      Предварително благодаря за помощта.
      п.п Шума със сигурност е вентилатора на процесора, защото до скоро нямах видео карта и звученето си го познавам добре.
      п.п. 2  Farbar Recovery Scan Tool  FRST.txt и Addition.txt
       

    • от Emilyr
      Здравейте, не знам дали темата е в правилния раздел, просто съм нова в сайта,  съжалявам ако нещо не е както трябва..  Преди малко получих известие от антивирусната ми система, че е блокиран вирус на име 64win malware-gen.. Който е преместен в "затвора за вируси" Какво трябва да предприема, това опасен вирус ли е... Не разбирам от компютри, и не знам как да постъпя, пък ме е страх и за информацията на лаптопа ми. Моля ви дайте ми съвет какво да направя или не трябва да предприемам действия.. Страх ме е да няма и други вируси, защото отдолу на снимката не се вижда добре, но пише че "може да се спотайват и още други заплахи ".   Ще приложа и снимка на съобщението от антивирусната система.. Благодаря Ви предварително..
      Пс:съжалявам за лошото качество на снимката, но трябваше да намалявам размерите й, защото иначе не можех да я кача..

    • от Studenta
      Здравейте, от доста време насам браузъра ми е заразен с някаква руска търсачка. Пробвал съм да трия браузъра да променям настройките да премахвам всички добавки но без успех. Мисля,че с тоя боклук вървят в с още 2 с нея. Когато съм изгасил браузъра и си играя някоя игра примерно изведнъж ми се отваря някакъв шибан руски сайт asap.ru нещо подобно. 
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
      Ran by ASUS (administrator) on ASUS-PC (30-12-2017 20:36:37)
      Running from C:\Users\ASUS\Downloads
      Loaded Profiles: ASUS & UpdatusUser (Available Profiles: ASUS & UpdatusUser)
      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
      Internet Explorer Version 9 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
      (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
      (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
      (Microsoft Corporation) C:\Windows\System32\wlanext.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Intel Corporation) C:\Windows\System32\hkcmd.exe
      (Intel Corporation) C:\Windows\System32\igfxpers.exe
      (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
      () C:\Users\ASUS\AppData\Local\Facebook\Games\FacebookGames.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
      (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
      (Atheros) C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
      () C:\Windows\Microsoft\svchost.exe
      (The CefSharp Authors) C:\Users\ASUS\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-20] (Intel Corporation)
      Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-15] (Sandboxie Holdings, LLC)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [vyrtapcchc] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526" <==== ATTENTION
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [57446848 2017-12-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\...\MountPoints2: {7e52b7ab-80b8-11e5-abf8-ac220bd789b4} - G:\Install.exe
      AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-07-08] (NVIDIA Corporation)
      AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-07-08] (NVIDIA Corporation)
      Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Games Arcade (BETA).lnk [2016-09-19]
      ShortcutTarget: Facebook Games Arcade (BETA).lnk -> C:\Users\ASUS\AppData\Local\Facebook\Games\FacebookGames.exe ()
      GroupPolicy: Restriction - Chrome <==== ATTENTION
      GroupPolicy\User: Restriction <==== ATTENTION
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 77.76.144.10
      Tcpip\..\Interfaces\{18B97A15-4C37-40AB-8ABC-148924326CD0}: [NameServer] 8.8.8.8,8.8.4.4
      Tcpip\..\Interfaces\{18B97A15-4C37-40AB-8ABC-148924326CD0}: [DhcpNameServer] 77.76.144.10
      Tcpip\..\Interfaces\{7B128963-1D6F-410F-B447-36004838DDB1}: [DhcpNameServer] 10.0.0.13
      Internet Explorer:
      ==================
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
      HKU\S-1-5-21-3540903787-1263480670-1707380032-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
      SearchScopes: HKU\S-1-5-21-3540903787-1263480670-1707380032-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BA4B52271-83DE-44E1-91D2-F540224D09C8%7D&gp=811014
      BHO-x32: Searchgo Class -> {598AEFC6-DD3C-4A63-9AC3-53FCF6155931} -> C:\Users\ASUS\AppData\LocalLow\SearchGo\searchgo.dll [2017-12-30] (Searchgo)
      BHO-x32: Поиск@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\ASUS\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-05-26] (Mail.Ru)
      Toolbar: HKLM-x32 - Searchgo - {2BC46CFA-4B00-4193-A7BD-6AD1D0BCB5BC} - C:\Users\ASUS\AppData\LocalLow\SearchGo\searchgo.dll [2017-12-30] (Searchgo)
      FireFox:
      ========
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-30] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-30] ()
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
      FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
      FF Plugin HKU\S-1-5-21-3540903787-1263480670-1707380032-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ASUS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
      Chrome: 
      =======
      CHR HomePage: Default -> mail.ru
      CHR StartupUrls: Default -> "hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=3B6FA89994383A9FB1DBD199FEE7BAD7&utm_d=20160526"
      CHR NewTab: Default ->  Not-active:"chrome-extension://nagnmfhgkjkplbhplkbicmpkfopmnefp/newtab.html"
      CHR DefaultSearchURL: Default -> hxxp://go-search.ru/search?q={searchTerms}
      CHR DefaultSearchKeyword: Default -> GoSearch
      CHR DefaultSuggestURL: Default -> hxxp://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}
      CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default [2017-12-30]
      CHR Extension: (Презентации) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Документи) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Диск) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-01]
      CHR Extension: (YouTube) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-01]
      CHR Extension: (Chrome Cleaner Pro) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2017-11-12]
      CHR Extension: (Save Tabs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjepfldodmdfmdidhhgamnklbdibndi [2017-11-05]
      CHR Extension: (Таблици) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Документи офлайн) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-01]
      CHR Extension: (Skype) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-30]
      CHR Extension: (Microcosm - New Tab) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nagnmfhgkjkplbhplkbicmpkfopmnefp [2017-11-05]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
      CHR Extension: (Gmail) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-01]
      CHR Extension: (Chrome Media Router) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
      CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-12]
      CHR Extension: (No Name) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-08-25]
      CHR HKLM-x32\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lbjjfiihgfegniolckphpnfaokdkbmdm] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [nagnmfhgkjkplbhplkbicmpkfopmnefp] - hxxps://clients2.google.com/service/update2/crx
      CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-15] (Sandboxie Holdings, LLC)
      R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
      R2 SvcHost Service Host; C:\Windows\Microsoft\svchost.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
      R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
      R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
      R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-11-01] (DT Soft Ltd)
      R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-15] (Sandboxie Holdings, LLC)
      S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
      S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] (Microsoft Corporation)
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-30 20:36 - 2017-12-30 20:37 - 000014515 _____ C:\Users\ASUS\Downloads\FRST.txt
      2017-12-30 20:36 - 2017-12-30 20:36 - 000000000 ____D C:\FRST
      2017-12-30 20:35 - 2017-12-30 20:35 - 002391552 _____ (Farbar) C:\Users\ASUS\Downloads\FRST64.exe
      2017-12-30 19:58 - 2017-12-30 20:04 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
      2017-12-30 19:58 - 2017-12-30 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-12-30 20:15 - 2016-03-17 20:38 - 000000000 ___RD C:\Users\ASUS\Desktop\Снимки
      2017-12-30 20:05 - 2016-05-26 03:40 - 000000000 ____D C:\Users\ASUS\AppData\LocalLow\SearchGo
      2017-12-30 20:05 - 2016-05-26 03:40 - 000000000 ____D C:\Users\ASUS\AppData\Local\SearchGo
      2017-12-30 20:03 - 2017-07-09 14:45 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-30 20:03 - 2016-05-26 03:39 - 000000000 ____D C:\Users\ASUS\AppData\Local\PowerMonitor
      2017-12-30 20:02 - 2009-07-14 07:13 - 000782154 _____ C:\Windows\system32\PerfStringBackup.INI
      2017-12-30 20:02 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
      2017-12-30 20:00 - 2015-11-01 19:02 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-12-30 20:00 - 2015-11-01 19:02 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-12-30 20:00 - 2015-11-01 19:02 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-30 20:00 - 2015-11-01 19:02 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-30 20:00 - 2015-11-01 19:02 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-30 19:57 - 2017-03-06 20:25 - 000000000 ___RD C:\Program Files (x86)\Skype
      2017-12-30 19:57 - 2015-11-01 18:59 - 000000000 ____D C:\ProgramData\Skype
      2017-12-30 19:55 - 2016-04-06 12:07 - 000001382 _____ C:\Windows\Sandboxie.ini
      2017-12-30 19:54 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-11-30 12:07 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-11-30 12:07 - 2009-07-14 06:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-11-30 05:25 - 2015-11-01 18:59 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Skype
      ==================== Files in the root of some directories =======
      2016-03-30 13:19 - 2016-03-30 13:19 - 000000036 _____ () C:\Users\ASUS\AppData\Local\housecall.guid.cache
      2016-07-12 22:16 - 2016-07-12 22:16 - 000004096 ____H () C:\Users\ASUS\AppData\Local\keyfile3.drm
      Some files in TEMP:
      ====================
      2017-11-24 23:55 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\113.tmp.exe
      2017-11-25 00:04 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\1214.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\1B95.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\1C50.tmp.exe
      2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\27E4.tmp.exe
      2017-11-12 15:44 - 2017-11-12 11:13 - 000775168 ____N (PhoneLine SOFT Inc) C:\Users\ASUS\AppData\Local\Temp\28DE.tmp.exe
      2017-11-17 01:08 - 2017-11-16 23:36 - 000807912 _____ () C:\Users\ASUS\AppData\Local\Temp\2AE7.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\2B1F.tmp.exe
      2017-11-25 00:04 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\2E2B.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\30E9.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\31B4.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3212.tmp.exe
      2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3443.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\34A1.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3665.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3B45.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C01.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C3F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3C4F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3CAC.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\3CCB.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\4DCC.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\4EB6.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5403.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5480.tmp.exe
      2017-11-24 23:59 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\5885.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5D75.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E6F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E7E.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5E8E.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\5EFB.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\62A3.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\67A2.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\6A8F.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\727B.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7327.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7420.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7568.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\7F37.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\8F4E.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\949B.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\9EC8.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A129.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A5BB.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\A934.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\AA4D.tmp.exe
      2017-11-27 07:14 - 2017-11-27 01:56 - 000930776 ____N () C:\Users\ASUS\AppData\Local\Temp\B082.tmp.exe
      2017-11-25 00:00 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\BF81.tmp.exe
      2017-11-25 00:01 - 2017-11-24 21:33 - 000902136 ____N () C:\Users\ASUS\AppData\Local\Temp\C184.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\C1D2.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\C838.tmp.exe
      2017-11-18 14:23 - 2017-11-18 13:59 - 000803816 _____ () C:\Users\ASUS\AppData\Local\Temp\CA7F.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CD09.tmp.exe
      2017-11-18 14:23 - 2017-11-18 13:59 - 000803816 _____ () C:\Users\ASUS\AppData\Local\Temp\CD7B.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CDD4.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CF4A.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\CFD6.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\D275.tmp.exe
      2017-11-25 00:06 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\DB8A.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\DFCE.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\E05A.tmp.exe
      2017-11-25 00:05 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\E662.tmp.exe
      2017-11-17 01:08 - 2017-11-16 23:36 - 000807912 _____ () C:\Users\ASUS\AppData\Local\Temp\EDF7.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\F512.tmp.exe
      2017-11-25 00:07 - 2017-11-24 21:33 - 000902136 _____ () C:\Users\ASUS\AppData\Local\Temp\F6D6.tmp.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\Windows\system32\winlogon.exe
      [2010-11-21 05:24] - [2011-01-16 02:01] - 000389632 _____ (Microsoft Corporation) 81257415084B84F3C0D95C381A8D4C8F
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll
      [2010-11-21 05:24] - [2011-01-16 02:01] - 001008640 _____ (Microsoft Corporation) 0B864E15A0BADFF0E7BB8B59009FDDCF
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2017-11-19 01:44
      ==================== End of FRST.txt ============================
       

      Addition.txt
    • от Technokom Plovdiv
      Ето събщението, което получава всеки изпратил имейл до нас:
      This message was created automatically by mail delivery software.
      A message that you sent has not yet been delivered to one or more of its recipients after more than 24 hours on the queue on hemus.superhosting.bg.
       
       
      The message identifier is:     1eJa1Z-003lh9-9Y
      The subject of the message is: =?utf-8?B?Rlc6INC80LDQvdC+0LzQtdGC0YrRgA==?=
      The date of the message is:    Tue, 28 Nov 2017 09:09:44 +0200
       
       
      The address to which the message has not yet been delivered is:
       
       
        henryresult111@gmail.com
          (ultimately generated from xxxxxxx@xxxxxxxx.bg)
          host alt4.gmail-smtp-in.l.google.com [74.125.28.27]
          Delay reason: SMTP error from remote mail server after RCPT TO:<henryresult111@gmail.com>:
          452-4.2.2 The email account that you tried to reach is over quota. Please direct
          452-4.2.2 the recipient to
          452 4.2.2  https://support.google.com/mail/?p=OverQuotaTemp h72si2628468pfj.20 - gsmtp
       
       
      No action is required on your part. Delivery attempts will continue for some time, and this warning may be repeated at intervals if the message remains undelivered. Eventually the mail delivery software will give up, and when that happens, the message will be returned to you.
       
      Това съобщение го получават изпращащите мейли към този домейн. Събщенията се получават без проблем. Няма проблем и със сървърното място.
      Не разбирам и каква е връзката с gmail и google след като домейнът е частен. Също нямам никаква идея чий е този имейл: henryresult111@gmail.com
      Възможно ли е да е вирус? Сканирани са всички служебни машини. Имаше разни гадини, които уж обезвредихме, но проблемът не се оправи.
      Сменихме и паролите на всички мейли - нищо.
      Ето информацията от FRST:
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-11-2017
      Ran by pc (administrator) on PC1 (30-11-2017 14:23:09)
      Running from C:\Documents and Settings\pc.PC1\Desktop
      Loaded Profiles: pc (Available Profiles: pc & Administrator & Guest)
      Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
      Internet Explorer Version 8 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
      (HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
      (HP) C:\WINDOWS\system32\HPSIsvc.exe
      (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
      (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
      (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
      (Viber Media S.à r.l.) C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Viber\Viber.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
      (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
      () C:\2017\wsklad.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [16859648 2008-01-09] (Realtek Semiconductor Corp.)
      HKLM\...\Run: [Alcmtr] => C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
      HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-10-31] (AVG Technologies CZ, s.r.o.)
      HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [302744 2017-11-16] (AVG Technologies CZ, s.r.o.)
      HKU\S-1-5-20\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\...\Run: [Viber] => C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.à r.l.)
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\...\MountPoints2: {260473e8-84c9-11e3-a542-001cf0d5a2b8} - G:\SISetup.exe
      HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
      Startup: C:\Documents and Settings\pc.PC1\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2017-11-30]
      ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()
      Startup: C:\Documents and Settings\pc.PC1\Start Menu\Programs\Startup\Skype.lnk [2017-03-06]
      ShortcutTarget: Skype.lnk -> C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\Skype.ico (No File)
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Tcpip\..\Interfaces\{E7E61260-FB73-4F9E-B467-F1870B906C7C}: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-22] (Sun Microsystems, Inc.)
      BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-22] (Sun Microsystems, Inc.)
      DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} hxxp://dl-ak.solidworks.com/nonsecure/edrawings/e2012sp02/12.2.0.110/cab//eModelsStandard.cab
      DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
      DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
      FireFox:
      ========
      FF DefaultProfile: 07ckpc18.default-1412315343695
      FF ProfilePath: C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695 [2017-11-30]
      FF Extension: (YouTube Video and Audio Downloader) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-05-22] [Lagacy]
      FF Extension: (Google Search by Image) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\google@hitachi.com.xpi [2016-05-03] [Lagacy]
      FF Extension: (signTextJS) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\jid1-AXn9cXcB4fD1QQ@jetpack.xpi [2017-06-15] [Lagacy]
      FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
      FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-06-22] [Lagacy] [not signed]
      FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
      FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-27] [Lagacy] [not signed]
      FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
      FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Lagacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-09-04] ()
      FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
      Chrome:
      =======
      CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [282536 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5954792 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-10-31] (AVG Technologies CZ, s.r.o.)
      R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (HP)
      S4 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-06-22] (Sun Microsystems, Inc.)
      S4 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2003-10-22] (HP) [File not signed]
      S4 rcp_service; C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe [558592 2007-11-30] (ReaSoft) [File not signed]
      R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
      S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
      S2 APNMCP; "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
      S2 HP LaserJet Service; "C:\Program Files\hp\HPLaserJetService\HPLaserJetService.exe" [X]
      S0 MBAMService; no ImagePath
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [20624 2012-10-31] (AVAST Software)
      R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [149592 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiskx.sys [135872 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriverx.sys [249232 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidshx.sys [151024 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgblog; C:\WINDOWS\System32\drivers\avgblogx.sys [270344 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbunivx.sys [43992 2017-11-16] (AVG Technologies CZ, s.r.o.)
      S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [35264 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [117368 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [63280 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [775552 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [381184 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [290776 2017-11-16] (AVG Technologies CZ, s.r.o.)
      S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
      S3 dg_ssudbus; C:\WINDOWS\System32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.)
      S3 HP1210FAX; C:\WINDOWS\System32\Drivers\HPM1210FAX.sys [13824 2010-04-28] () [File not signed]
      R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
      R3 m4cxw2k3; C:\WINDOWS\System32\DRIVERS\m4cxw2k3.sys [250752 2007-02-15] (D-Link Corporation)
      S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
      S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
      S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2009-08-03] (VSO Software) [File not signed]
      R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
      S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
      S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-07-13] (Duplex Secure Ltd.)
      S3 ssudmdm; C:\WINDOWS\System32\DRIVERS\ssudmdm.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
      S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [File not signed]
      S2 adfs; no ImagePath
      S3 BOCDRIVE; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys [X]
      S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
      S3 FXDrv32; \??\D:\FXDrv32.sys [X]
      S4 IntelIde; no ImagePath
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-11-30 14:23 - 2017-11-30 14:23 - 000012709 _____ C:\Documents and Settings\pc.PC1\Desktop\FRST.txt
      2017-11-30 14:22 - 2017-11-30 14:23 - 000000000 ____D C:\FRST
      2017-11-30 14:22 - 2017-11-30 14:22 - 001752064 _____ (Farbar) C:\Documents and Settings\pc.PC1\Desktop\FRST.exe
      2017-11-30 10:49 - 2017-11-30 10:49 - 000025377 _____ C:\Documents and Settings\pc.PC1\Local Settings\Application Data\recently-used.xbel
      2017-11-24 14:34 - 2017-11-24 14:34 - 000000000 ____D C:\Program Files\Quester
      2017-11-24 14:34 - 2017-11-24 14:34 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QMailFilter
      2017-11-24 14:32 - 2017-11-24 14:32 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Application Data\CEF
      2017-11-24 14:32 - 2017-11-24 14:32 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Application Data\AVG
      2017-11-24 14:31 - 2017-11-24 14:31 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Application Data\Avg
      2017-11-24 14:21 - 2017-11-24 14:21 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\PCHealth
      2017-11-20 12:24 - 2017-11-20 12:40 - 000065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt
      2017-11-20 12:24 - 2017-11-20 12:24 - 000000000 ____D C:\Documents and Settings\pc.PC1\Doctor Web
      2017-11-20 12:24 - 2017-11-20 12:24 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Doctor Web
      2017-11-16 14:45 - 2017-11-16 14:45 - 000087203 _____ C:\Documents and Settings\pc.PC1\My Documents\Untitled.pdf
      2017-11-16 14:45 - 2017-11-16 14:45 - 000087203 _____ C:\Documents and Settings\pc.PC1\Desktop\Untitled.pdf
      2017-11-16 13:03 - 2017-11-16 13:05 - 000000000 ____D C:\EEK
      2017-11-16 13:02 - 2017-11-16 13:02 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Temp
      2017-11-16 10:11 - 2017-11-16 10:11 - 000001608 _____ C:\Documents and Settings\All Users\Desktop\AVG AntiVirus FREE.lnk
      2017-11-16 10:11 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\AVG
      2017-11-16 10:10 - 2017-11-30 10:10 - 000000288 ____H C:\WINDOWS\Tasks\Antivirus Emergency Update.job
      2017-11-16 10:10 - 2017-11-16 10:10 - 000775552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000381184 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000306448 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
      2017-11-16 10:10 - 2017-11-16 10:10 - 000290776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000249232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000149592 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiskx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
      2017-11-16 10:08 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
      2017-11-16 10:08 - 2017-11-16 10:08 - 000000629 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
      2017-11-16 10:06 - 2017-11-30 11:06 - 000000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
      2017-11-16 10:06 - 2017-11-16 10:08 - 000000000 ____D C:\Program Files\AVG
      2017-11-16 09:51 - 2017-11-16 09:51 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\CEF
      2017-11-16 09:50 - 2017-11-16 11:23 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
      2017-11-16 09:50 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Avg
      2017-11-16 09:50 - 2017-11-16 10:08 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\AvgSetupLog
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-11-30 14:23 - 2013-08-02 12:50 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Temp
      2017-11-30 14:20 - 2015-08-03 07:23 - 000271360 _____ C:\Documents and Settings\pc.PC1\My Documents\Outlook_Archive.pst
      2017-11-30 14:16 - 2016-12-27 11:00 - 000000000 ____D C:\2017
      2017-11-30 10:49 - 2014-01-15 10:08 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\gtk-2.0
      2017-11-30 10:49 - 2013-08-02 12:55 - 000000000 ____D C:\Documents and Settings\pc.PC1\.gimp-2.8
      2017-11-30 07:55 - 2016-08-12 14:25 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\ViberPC
      2017-11-30 07:52 - 2014-03-28 08:20 - 000000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
      2017-11-30 07:52 - 2008-09-12 18:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-11-30 07:52 - 2008-04-14 14:00 - 000011936 _____ C:\WINDOWS\system32\wpa.dbl
      2017-11-29 16:54 - 2013-08-02 12:50 - 000000178 ___SH C:\Documents and Settings\pc.PC1\ntuser.ini
      2017-11-29 16:54 - 2013-08-02 12:50 - 000000000 ____D C:\Documents and Settings\pc.PC1
      2017-11-29 16:54 - 2008-09-12 18:28 - 000032520 _____ C:\WINDOWS\SchedLgU.Txt
      2017-11-28 11:37 - 2011-12-19 11:25 - 000000000 ____D C:\Program Files\The KMPlayer
      2017-11-24 14:40 - 2013-08-02 13:09 - 000211496 _____ C:\Documents and Settings\pc.PC1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2017-11-24 14:37 - 2013-11-01 13:09 - 000000178 ___SH C:\Documents and Settings\Administrator.PC1\ntuser.ini
      2017-11-24 14:36 - 2010-03-25 10:10 - 000979370 _____ C:\WINDOWS\ntbtlog.txt
      2017-11-24 14:35 - 2013-11-01 13:09 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Temp
      2017-11-24 14:28 - 2008-09-12 21:12 - 002469912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2017-11-24 14:25 - 2013-08-02 14:23 - 000065536 _____ C:\WINDOWS\system32\config\ODiag.evt
      2017-11-24 14:15 - 2008-09-13 10:13 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2017-11-24 14:12 - 2008-04-14 14:00 - 000000668 _____ C:\WINDOWS\win.ini
      2017-11-24 11:47 - 2016-08-12 14:25 - 000000000 ____D C:\Documents and Settings\pc.PC1\My Documents\ViberDownloads
      2017-11-22 16:05 - 2013-12-11 14:52 - 000000000 ____D C:\2014
      2017-11-22 16:04 - 2010-12-03 14:28 - 000000000 ____D C:\2011
      2017-11-22 16:03 - 2011-12-09 14:39 - 000000000 ____D C:\2012
      2017-11-22 15:40 - 2013-08-02 13:28 - 000002515 _____ C:\Documents and Settings\pc.PC1\Desktop\Microsoft Office Word 2007.lnk
      2017-11-22 14:28 - 2014-12-29 16:42 - 000000000 ____D C:\2015
      2017-11-22 14:25 - 2015-12-23 11:32 - 000000000 ____D C:\2016
      2017-11-16 10:55 - 2014-10-02 15:34 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\istartsurf
      2017-11-16 10:48 - 2012-12-20 13:57 - 000000000 ____D C:\2013
      2017-11-16 10:38 - 2014-10-02 15:34 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\IePluginServices
      2017-11-16 09:28 - 2010-09-30 15:57 - 000000000 ____D C:\Program Files\ough
      2017-11-16 09:01 - 2013-09-23 15:54 - 002755382 ___SH C:\Documents and Settings\pc.PC1\Desktop\Thumbs.db
      2017-11-10 13:23 - 2013-08-02 13:49 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\Skype
      2017-11-08 15:00 - 2014-03-28 08:20 - 000000210 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
      ==================== Files in the root of some directories =======
      2015-08-17 11:04 - 2015-08-17 11:08 - 000304492 _____ (AYURvmkth8) C:\Documents and Settings\pc.PC1\Application Data\adobe.exe
      2013-10-07 13:55 - 2014-04-09 12:28 - 000000531 _____ () C:\Documents and Settings\pc.PC1\Application Data\burnaware.ini
      2013-08-02 13:31 - 2017-08-18 12:25 - 000036352 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2014-02-27 17:15 - 2014-02-28 09:48 - 000000600 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\PUTTY.RND
      2017-11-30 10:49 - 2017-11-30 10:49 - 000025377 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\recently-used.xbel
      2011-03-11 09:28 - 2011-03-11 09:28 - 000000016 _____ () C:\Documents and Settings\All Users\Application Data\.7486160831680234
      2008-10-31 09:19 - 2008-10-31 09:19 - 000000041 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib
      2008-09-13 13:47 - 2016-04-26 08:08 - 000001669 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
      2014-08-15 11:57 - 2010-03-30 10:12 - 000024772 _____ () C:\Documents and Settings\All Users\Application Data\P1210DEF.css
      2014-08-15 11:57 - 2016-01-22 14:22 - 000015499 _____ () C:\Documents and Settings\All Users\Application Data\P1210OS.HTM
      2014-08-15 11:57 - 2010-03-30 10:12 - 000002944 _____ () C:\Documents and Settings\All Users\Application Data\P1210SIG.GIF
      Some files in TEMP:
      ====================
      2017-10-13 09:08 - 2011-12-29 11:44 - 001275396 _____ (NCH Software) C:\Documents and Settings\pc.PC1\Local Settings\Temp\uninst.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      ==================== End of FRST.txt ============================
      Addition.txt
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.