Решен Trojan-Downloader.Win32.Vespula (A)+Backdoor...

[The Shooter]

Здравейте,преди време ви писах за броблем със забавена система и забиващ браузър(за браузъра се оказа,че MBAM anti Expl. i Hitman Pro Alert си пречат) Но след оптимизация на системата,чистене,дефрагментация ситемата ми се струва бавна.Преди няколко дни след рестарт искаше да се стартира някакъв процес Reader.js или нещо подобно (от управлвние на потребителските акаунту дойде питането) иначе нямаше да разбера какво става.Стартирах под Save Mode МБАМ откри BDB.Backdoor (след рестарта изтрих карантината и логовете....без да искам и не помня пълното наименование) сканирах и с a-squared и намери Начало на проверката:  3.7.2014 г. 19:51:56C:UsersNightRiderAppDataRoamingc731200  Открити: Trojan-Downloader.Win32.Vespula (A) това го направих след сканирането с MBAM.............В момента никоя програма не открива нищо Системата пак е някак си тромава,ако се наложи ще преинсталирам............дано да не стигам до там ето логовете.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014Ran by NightRider (administrator) on OUTPOST on 05-07-2014 13:04:23Running from C:UsersNightRiderDesktopPlatform: Windows 7 Professional Service Pack 1 (X64) OS Language: Български (България)Internet Explorer Version 8Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe(COMODO) C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe(SUPERAntiSpyware.com) C:Program FilesSUPERAntiSpywareSASCore64.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Exploitmbae-svc.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe() C:Program Files (x86)MSI AfterburnerMSIAfterburner.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe(Safer-Networking Ltd.) C:Program Files (x86)Spybot - Search & Destroy 2SDFSSvc.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe(COMODO) C:Program FilesCOMODOCOMODO Internet Securitycfp.exe() C:Program Files (x86)RocketDockRocketDock.exe(VIA) C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Exploitmbae.exe(Safer-Networking Ltd.) C:Program Files (x86)Spybot - Search & Destroy 2SDTray.exe(Safer-Networking Ltd.) C:Program Files (x86)Spybot - Search & Destroy 2SDUpdSvc.exe(VMware, Inc.) D:Virtual MSvmware-authd.exe(Safer-Networking Ltd.) C:Program Files (x86)Spybot - Search & Destroy 2SDWSCSvc.exe(Microsoft Corporation) C:WindowsSystem32audiodg.exe==================== Registry (Whitelisted) ==================HKLM...Run: [COMODO Internet Security] => C:Program FilesCOMODOCOMODO Internet Securitycfp.exe [9577680 2012-11-07] (COMODO)HKLM-x32...Run: [HDAudDeck] => C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe [2792448 2009-12-04] (VIA)HKLM-x32...Run: [Malwarebytes Anti-Exploit] => C:Program Files (x86)Malwarebytes Anti-Exploitmbae.exe [382608 2014-06-04] (Malwarebytes Corporation)HKLM-x32...Run: [sDTray] => C:Program Files (x86)Spybot - Search & Destroy 2SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)WinlogonNotifySDWinLogon-x32: SDWinLogon.dll [X]HKUS-1-5-19...Run: [sidebar] => %ProgramFiles%Windows SidebarSidebar.exe /autoRunHKUS-1-5-20...Run: [sidebar] => %ProgramFiles%Windows SidebarSidebar.exe /autoRunHKUS-1-5-21-2578195413-4270418453-1147072934-1000...Run: [RocketDock] => C:Program Files (x86)RocketDockRocketDock.exe [495616 2007-09-02] ()HKUS-1-5-21-2578195413-4270418453-1147072934-1000...PoliciesExplorer: [NoLowDiskSpaceChecks] 1AppInit_DLLs: C:Windowssystem32guard64.dll => C:Windowssystem32guard64.dll [390392 2012-11-07] (COMODO)AppInit_DLLs-x32: C:WindowsSysWOW64guard32.dll => C:WindowsSysWOW64guard32.dll [301264 2012-11-07] (COMODO)BootExecute: autocheck autochk * sdnclean64.exe==================== Internet (Whitelisted) ====================SearchScopes: HKLM-x32 - DefaultScope value is missing.Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpipParameters: [DhcpNameServer] 46.40.72.18 46.40.72.17Tcpip..Interfaces{4C832BE6-3FF0-476E-9DB5-AFC0F254BFC8}: [NameServer]198.153.192.40,198.153.194.40FireFox:========FF ProfilePath: C:UsersNightRiderAppDataRoamingMozillaFirefoxProfiles9putosvv.defaultFF Plugin: @adobe.com/FlashPlayer - C:Windowssystem32MacromedFlashNPSWF64_14_0_0_125.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @adobe.com/FlashPlayer - C:WindowsSysWOW64MacromedFlashNPSWF32_14_0_0_125.dll ()FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchplugins911bg.xmlFF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginsdiribg.xmlFF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginspe-bg.xmlFF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginsportalbgdict.xmlFF Extension: Element Hiding Helper for Adblock Plus - C:UsersNightRiderAppDataRoamingMozillaFirefoxProfiles9putosvv.defaultExtensionselemhidehelper@adblockplus.org.xpi [2014-06-23]FF Extension: Ghostery - C:UsersNightRiderAppDataRoamingMozillaFirefoxProfiles9putosvv.defaultExtensionsfirefox@ghostery.com.xpi [2014-04-10]FF Extension: NoScript - C:UsersNightRiderAppDataRoamingMozillaFirefoxProfiles9putosvv.defaultExtensions{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-23]FF Extension: Adblock Plus - C:UsersNightRiderAppDataRoamingMozillaFirefoxProfiles9putosvv.defaultExtensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-10]==================== Services (Whitelisted) =================R2 !SASCORE; C:Program FilesSUPERAntiSpywareSASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)R2 cmdAgent; C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe [2828408 2012-11-07] (COMODO)R2 MbaeSvc; C:Program Files (x86)Malwarebytes Anti-Exploitmbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)R2 MBAMScheduler; C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 SDScannerService; C:Program Files (x86)Spybot - Search & Destroy 2SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)R2 SDUpdateService; C:Program Files (x86)Spybot - Search & Destroy 2SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)R2 SDWSCService; C:Program Files (x86)Spybot - Search & Destroy 2SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)R2 VMAuthdService; D:Virtual MSvmware-authd.exe [86744 2014-06-12] (VMware, Inc.)==================== Drivers (Whitelisted) ====================R1 A2DDA; D:PROGRAMSEMSISOFTRUNa2ddax64.sys [26176 2014-01-29] (Emsisoft GmbH)S3 cleanhlp; D:ProgramsEmsisoftRuncleanhlp64.sys [57024 2014-01-29] (Emsisoft GmbH)R1 cmderd; C:WindowsSystem32DRIVERScmderd.sys [22736 2012-11-07] (COMODO)R1 cmdGuard; C:WindowsSystem32DRIVERScmdguard.sys [584056 2012-11-07] (COMODO)R1 cmdHlp; C:WindowsSystem32DRIVERScmdhlp.sys [38144 2012-11-07] (COMODO)R1 ESProtectionDriver; C:Program Files (x86)Malwarebytes Anti-Exploitmbae64.sys [62392 2014-06-04] ()R1 inspect; C:WindowsSystem32DRIVERSinspect.sys [94288 2012-11-07] (COMODO)R3 MBAMProtector; C:Windowssystem32driversmbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:Windowssystem32driversMBAMSwissArmy.sys [122584 2014-07-05] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:Windowssystem32driversmwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R3 RTCore64; C:Program Files (x86)MSI AfterburnerRTCore64.sys [13368 2013-01-23] ()R1 SASDIFSV; C:Program FilesSUPERAntiSpywareSASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:Program FilesSUPERAntiSpywareSASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R2 VMparport; C:Windowssystem32driversVMparport.sys [32472 2014-06-12] (VMware, Inc.)R0 vsock; C:WindowsSystem32driversvsock.sys [73296 2013-10-08] (VMware, Inc.)==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-07-05 13:04 - 2014-07-05 13:04 - 00008294 _____ () C:UsersNightRiderDesktopFRST.txt2014-07-05 13:03 - 2014-07-05 13:04 - 00000000 ____D () C:FRST2014-07-05 13:03 - 2014-07-05 13:03 - 02084352 _____ (Farbar) C:UsersNightRiderDesktopFRST64.exe2014-07-05 12:55 - 2014-07-05 12:55 - 00000000 ____D () C:UsersNightRiderAppDataLocalTeknoGods2014-07-04 20:51 - 2014-07-04 22:24 - 00000794 _____ () C:WindowsPFRO.log2014-07-04 20:46 - 2014-07-05 12:51 - 00003640 _____ () C:Windowssetupact.log2014-07-04 20:46 - 2014-07-04 20:46 - 00058504 _____ () C:UsersNightRiderAppDataLocalGDIPFONTCACHEV1.DAT2014-07-04 20:46 - 2014-07-04 20:46 - 00000000 _____ () C:Windowssetuperr.log2014-07-04 20:39 - 2014-07-04 20:39 - 00000000 ____D () C:UsersNightRiderDesktopAutoruns2014-07-04 12:22 - 2014-06-12 18:23 - 00359128 _____ (VMware, Inc.) C:WindowsSysWOW64vmnetdhcp.exe2014-07-04 12:22 - 2014-06-12 18:23 - 00064728 _____ (VMware, Inc.) C:Windowssystem32Driversvmx86.sys2014-07-04 12:22 - 2014-06-12 18:22 - 00931032 _____ (VMware, Inc.) C:Windowssystem32vnetlib64.dll2014-07-04 12:22 - 2014-06-12 18:22 - 00437976 _____ (VMware, Inc.) C:WindowsSysWOW64vmnat.exe2014-07-04 12:22 - 2014-06-12 18:22 - 00032472 _____ (VMware, Inc.) C:Windowssystem32DriversVMparport.sys2014-07-04 12:22 - 2014-06-12 18:22 - 00031448 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetuserif.sys2014-07-04 12:22 - 2014-06-12 18:21 - 00033496 _____ (VMware, Inc.) C:Windowssystem32DriversVMkbd.sys2014-07-04 12:22 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:Windowssystem32Driversvsock.sys2014-07-04 12:22 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:Windowssystem32vsocklib.dll2014-07-04 12:22 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:WindowsSysWOW64vsocklib.dll2014-07-04 12:21 - 2014-07-04 12:21 - 00001561 _____ () C:UsersPublicDesktopVMware Player.lnk2014-07-04 12:21 - 2014-07-04 12:21 - 00000000 ____D () C:Program FilesCommon FilesVMware2014-07-04 12:21 - 2014-02-27 18:40 - 00054464 _____ (VMware, Inc.) C:Windowssystem32Drivershcmon.sys2014-07-04 12:21 - 2014-02-27 18:40 - 00038720 _____ (VMware, Inc.) C:Windowssystem32Driversvmusb.sys2014-07-04 03:55 - 2014-07-04 03:55 - 00000000 ____D () C:UsersNightRiderDocumentsProcAlyzer Dumps2014-07-02 03:49 - 2014-07-02 03:49 - 00001395 _____ () C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot-S&D Start Center.lnk2014-07-02 03:49 - 2014-07-02 03:49 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy 22014-07-02 03:49 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:Windowssystem32sdnclean64.exe2014-06-24 00:19 - 2014-06-24 00:19 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Exploit2014-06-24 00:19 - 2014-06-24 00:19 - 00000000 ____D () C:Program Files (x86)Malwarebytes Anti-Exploit2014-06-23 01:35 - 2014-07-04 15:17 - 00000000 ____D () C:ProgramDataMalwarebytes Anti-Exploit2014-06-12 18:22 - 2014-06-12 18:22 - 00080464 _____ (VMware, Inc.) C:Windowssystem32vmnetbridge.dll2014-06-12 18:22 - 2014-06-12 18:22 - 00049232 _____ (VMware, Inc.) C:Windowssystem32vnetinst.dll2014-06-12 18:22 - 2014-06-12 18:22 - 00046160 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetbridge.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00024656 _____ (VMware, Inc.) C:Windowssystem32Driversvmnet.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00020560 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetadapter.sys2014-06-10 23:41 - 2014-04-25 05:34 - 00801280 _____ (Microsoft Corporation) C:Windowssystem32usp10.dll2014-06-10 23:41 - 2014-04-25 05:06 - 00626688 _____ (Microsoft Corporation) C:WindowsSysWOW64usp10.dll2014-06-10 23:41 - 2014-04-05 05:47 - 01903552 _____ (Microsoft Corporation) C:Windowssystem32Driverstcpip.sys2014-06-10 23:41 - 2014-04-05 05:47 - 00288192 _____ (Microsoft Corporation) C:Windowssystem32DriversFWPKCLNT.SYS2014-06-10 23:40 - 2014-03-26 17:44 - 02002432 _____ (Microsoft Corporation) C:Windowssystem32msxml6.dll2014-06-10 23:40 - 2014-03-26 17:44 - 01882112 _____ (Microsoft Corporation) C:Windowssystem32msxml3.dll2014-06-10 23:40 - 2014-03-26 17:41 - 00002048 _____ (Microsoft Corporation) C:Windowssystem32msxml6r.dll2014-06-10 23:40 - 2014-03-26 17:41 - 00002048 _____ (Microsoft Corporation) C:Windowssystem32msxml3r.dll2014-06-10 23:40 - 2014-03-26 17:27 - 01389056 _____ (Microsoft Corporation) C:WindowsSysWOW64msxml6.dll2014-06-10 23:40 - 2014-03-26 17:27 - 01237504 _____ (Microsoft Corporation) C:WindowsSysWOW64msxml3.dll2014-06-10 23:40 - 2014-03-26 17:25 - 00002048 _____ (Microsoft Corporation) C:WindowsSysWOW64msxml6r.dll2014-06-10 23:40 - 2014-03-26 17:25 - 00002048 _____ (Microsoft Corporation) C:WindowsSysWOW64msxml3r.dll2014-06-10 23:32 - 2014-05-08 12:32 - 03178496 _____ (Microsoft Corporation) C:Windowssystem32rdpcorets.dll2014-06-10 23:32 - 2014-05-08 12:32 - 00016384 _____ (Microsoft Corporation) C:Windowssystem32RdpGroupPolicyExtension.dll2014-06-10 19:26 - 2014-06-11 13:46 - 00000000 ____D () C:Program Files (x86)Mozilla Firefox2014-06-10 03:25 - 2014-07-05 11:25 - 00922178 _____ () C:WindowsWindowsUpdate.log==================== One Month Modified Files and Folders =======2014-07-05 13:04 - 2014-07-05 13:04 - 00008294 _____ () C:UsersNightRiderDesktopFRST.txt2014-07-05 13:04 - 2014-07-05 13:03 - 00000000 ____D () C:FRST2014-07-05 13:03 - 2014-07-05 13:03 - 02084352 _____ (Farbar) C:UsersNightRiderDesktopFRST64.exe2014-07-05 13:02 - 2014-04-10 22:10 - 00000384 _____ () C:WindowsTasksWpsNotifyTask_NightRider.job2014-07-05 13:02 - 2014-04-10 18:40 - 01474832 _____ () C:Windowssystem32Driverssfi.dat2014-07-05 12:56 - 2014-04-10 22:10 - 00000384 _____ () C:WindowsTasksWpsUpdateTask_NightRider.job2014-07-05 12:55 - 2014-07-05 12:55 - 00000000 ____D () C:UsersNightRiderAppDataLocalTeknoGods2014-07-05 12:51 - 2014-07-04 20:46 - 00003640 _____ () C:Windowssetupact.log2014-07-05 12:44 - 2014-04-10 22:54 - 00000830 _____ () C:WindowsTasksAdobe Flash Player Updater.job2014-07-05 11:25 - 2014-06-10 03:25 - 00922178 _____ () C:WindowsWindowsUpdate.log2014-07-05 08:24 - 2014-05-17 02:22 - 00122584 _____ (Malwarebytes Corporation) C:Windowssystem32DriversMBAMSwissArmy.sys2014-07-05 02:27 - 2014-04-10 22:04 - 00000000 ____D () C:Program Files (x86)MSI Afterburner2014-07-05 00:30 - 2009-07-14 07:45 - 00021280 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-05 00:30 - 2009-07-14 07:45 - 00021280 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-05 00:22 - 2009-07-14 08:08 - 00000006 ____H () C:WindowsTasksSA.DAT2014-07-05 00:21 - 2014-04-10 22:05 - 00003030 _____ () C:WindowsSystem32TasksMSIAfterburner2014-07-04 22:40 - 2014-04-11 22:18 - 00000000 ____D () C:UsersNightRiderAppDataRoamingVMware2014-07-04 22:40 - 2014-04-11 22:18 - 00000000 ____D () C:UsersNightRiderAppDataLocalVMware2014-07-04 22:35 - 2014-04-10 22:09 - 00000000 ____D () C:UsersNightRiderAppDataRoamingWise Disk Cleaner2014-07-04 22:24 - 2014-07-04 20:51 - 00000794 _____ () C:WindowsPFRO.log2014-07-04 20:58 - 2014-04-10 22:12 - 00000000 ____D () C:ProgramDataTEMP2014-07-04 20:46 - 2014-07-04 20:46 - 00058504 _____ () C:UsersNightRiderAppDataLocalGDIPFONTCACHEV1.DAT2014-07-04 20:46 - 2014-07-04 20:46 - 00000000 _____ () C:Windowssetuperr.log2014-07-04 20:42 - 2014-04-10 22:30 - 00000000 ____D () C:UsersNightRiderAppDataRoaminguTorrent2014-07-04 20:39 - 2014-07-04 20:39 - 00000000 ____D () C:UsersNightRiderDesktopAutoruns2014-07-04 15:17 - 2014-06-23 01:35 - 00000000 ____D () C:ProgramDataMalwarebytes Anti-Exploit2014-07-04 12:22 - 2014-04-11 22:12 - 00000000 ____D () C:ProgramDataVMware2014-07-04 12:21 - 2014-07-04 12:21 - 00001561 _____ () C:UsersPublicDesktopVMware Player.lnk2014-07-04 12:21 - 2014-07-04 12:21 - 00000000 ____D () C:Program FilesCommon FilesVMware2014-07-04 12:21 - 2014-04-10 20:52 - 00789792 _____ () C:WindowsSysWOW64PerfStringBackup.INI2014-07-04 03:55 - 2014-07-04 03:55 - 00000000 ____D () C:UsersNightRiderDocumentsProcAlyzer Dumps2014-07-04 02:09 - 2014-04-10 18:36 - 00000000 ___HD () C:Program Files (x86)InstallShield Installation Information2014-07-03 18:10 - 2014-04-10 18:58 - 00000000 ____D () C:WindowsPanther2014-07-03 04:43 - 2009-07-14 08:08 - 00032580 _____ () C:WindowsTasksSCHEDLGU.TXT2014-07-02 03:53 - 2014-04-11 02:19 - 00000000 ____D () C:Program Files (x86)Spybot - Search & Destroy 22014-07-02 03:49 - 2014-07-02 03:49 - 00001395 _____ () C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot-S&D Start Center.lnk2014-07-02 03:49 - 2014-07-02 03:49 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy 22014-07-02 03:49 - 2014-04-11 02:19 - 00000000 ____D () C:ProgramDataSpybot - Search & Destroy2014-07-02 03:47 - 2014-04-29 00:42 - 00000085 _____ () C:Windowswininit.ini2014-06-26 01:53 - 2014-04-10 22:12 - 00000000 ____D () C:Program Files (x86)SpywareBlaster2014-06-25 04:22 - 2009-07-14 05:34 - 00450709 ____R () C:Windowssystem32Driversetchosts.20140702-035526.backup2014-06-24 00:19 - 2014-06-24 00:19 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Exploit2014-06-24 00:19 - 2014-06-24 00:19 - 00000000 ____D () C:Program Files (x86)Malwarebytes Anti-Exploit2014-06-22 17:59 - 2014-04-11 01:40 - 00000024 _____ () C:UsersNightRiderDesktopНов текстов документ.txt2014-06-21 02:07 - 2014-04-10 22:54 - 00699056 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerApp.exe2014-06-21 02:07 - 2014-04-10 22:54 - 00071344 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerCPLApp.cpl2014-06-21 02:07 - 2014-04-10 22:54 - 00003768 _____ () C:WindowsSystem32TasksAdobe Flash Player Updater2014-06-19 15:10 - 2014-04-10 22:16 - 00000000 ____D () C:Program FilesSUPERAntiSpyware2014-06-17 12:44 - 2009-07-14 06:20 - 00000000 ____D () C:Windowssystem32NDF2014-06-16 02:45 - 2009-07-14 05:34 - 00450709 ____R () C:Windowssystem32Driversetchosts.20140625-042254.backup2014-06-12 18:23 - 2014-07-04 12:22 - 00359128 _____ (VMware, Inc.) C:WindowsSysWOW64vmnetdhcp.exe2014-06-12 18:23 - 2014-07-04 12:22 - 00064728 _____ (VMware, Inc.) C:Windowssystem32Driversvmx86.sys2014-06-12 18:22 - 2014-07-04 12:22 - 00931032 _____ (VMware, Inc.) C:Windowssystem32vnetlib64.dll2014-06-12 18:22 - 2014-07-04 12:22 - 00437976 _____ (VMware, Inc.) C:WindowsSysWOW64vmnat.exe2014-06-12 18:22 - 2014-07-04 12:22 - 00032472 _____ (VMware, Inc.) C:Windowssystem32DriversVMparport.sys2014-06-12 18:22 - 2014-07-04 12:22 - 00031448 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetuserif.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00080464 _____ (VMware, Inc.) C:Windowssystem32vmnetbridge.dll2014-06-12 18:22 - 2014-06-12 18:22 - 00049232 _____ (VMware, Inc.) C:Windowssystem32vnetinst.dll2014-06-12 18:22 - 2014-06-12 18:22 - 00046160 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetbridge.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00024656 _____ (VMware, Inc.) C:Windowssystem32Driversvmnet.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00020560 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetadapter.sys2014-06-12 18:21 - 2014-07-04 12:22 - 00033496 _____ (VMware, Inc.) C:Windowssystem32DriversVMkbd.sys2014-06-11 13:46 - 2014-06-10 19:26 - 00000000 ____D () C:Program Files (x86)Mozilla Firefox2014-06-10 23:34 - 2014-04-10 20:05 - 00000000 ____D () C:Windowssystem32MRT2014-06-10 23:33 - 2014-04-10 20:05 - 95414520 _____ (Microsoft Corporation) C:Windowssystem32MRT.exe2014-06-10 00:54 - 2014-05-07 21:29 - 00000000 ____D () C:UsersNightRiderAppDataRoamingSumatraPDF==================== Bamital & volsnap Check =================C:WindowsSystem32winlogon.exe => File is digitally signedC:WindowsSystem32wininit.exe => File is digitally signedC:WindowsSysWOW64wininit.exe => File is digitally signedC:Windowsexplorer.exe => File is digitally signedC:WindowsSysWOW64explorer.exe => File is digitally signedC:WindowsSystem32svchost.exe => File is digitally signedC:WindowsSysWOW64svchost.exe => File is digitally signedC:WindowsSystem32services.exe => File is digitally signedC:WindowsSystem32User32.dll => File is digitally signedC:WindowsSysWOW64User32.dll => File is digitally signedC:WindowsSystem32userinit.exe => File is digitally signedC:WindowsSysWOW64userinit.exe => File is digitally signedC:WindowsSystem32rpcss.dll => File is digitally signedC:WindowsSystem32Driversvolsnap.sys => File is digitally signedLastRegBack: 2014-06-28 12:09==================== End Of Log ============================

Addition.txt

[icotonev]

Здравейте..!

 

 Мисля че щом използвате COMODO Internet Security, няма нужда от Spybot - Search & Destroy или поне му спрете защитата в реално време.

 Деинсталирайте Emsisoft със следния инструмент Emsiclean.

 

1. Изтеглете инструмента Emsiclean и го запазете на вашия декстоп.

2 .Стартирайте инструмента и "Emsisoft Clean" (emsiclean.exe) и изберете продукта който искате да премахнете.

 

 

Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt

Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.

Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

 

Освен това възстановете файла Hosts в положението по подразбиране

[The Shooter]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01Ran by NightRider at 2014-07-05 19:29:22 Run:1Running from C:UsersNightRiderDesktopBoot Mode: Normal==============================================Content of fixlist:*****************startWinlogonNotifySDWinLogon-x32: SDWinLogon.dll [X]AlternateDataStreams: C:ProgramDataTEMP:5C321E34end*****************'HKLMSoftwareWow6432NodeMicrosoftWindows NTCurrentVersionWinlogonNotifySDWinLogon' => Key deleted successfully.C:ProgramDataTEMP => ":5C321E34" ADS removed successfully.==== End of Fixlog ====

[icotonev]

Здравейте отново..! Има ли някаква промяна след изпълненеие на фикса..?

[The Shooter]

Здравей,ще поработя малко с компютъра и ще пиша.Забелязах,че  C: се е напълнил с около 400MB........Нямам спомен да съм инсталирал нещо ново,кеша на браузъра го изчистих,TEMP фалове и т.н..............След като направих фикса след рестарта ОС се стартира малко по-бавно и изкочи някакво съобщение за секунди..................

[icotonev]

Здравей,ще поработя малко с компютъра и ще пиша.Забелязах,че  C: се е напълнил с около 400MB........Нямам спомен да съм инсталирал нещо ново,кеша на браузъра го изчистих,TEMP фалове и т.н..............След като направих фикса след рестарта ОС се стартира малко по-бавно и изкочи някакво съобщение за секунди..................

 

Ясно..! После няма да е лошо да направите и едно свежо сканиране с Farbar Recovery Scan Tool за да видим какво се е получило..!Хм..има нещо което мъчи системата и много ме съмнява че някаде се получава конфликт между защитен софтуер...Ще видим....!

[The Shooter]

Има подобрение вече,като се наложи рестарт на системата не ме пита дали това да стане принудително.........понеже преди все някакъв процес пречеше това да стане веднага.Причината е била и Comodo,но често не е имало име на процеса ............Ще пробвам по нататък да върна и хост файла по подразбиране.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01Ran by NightRider (administrator) on OUTPOST on 05-07-2014 20:55:40Running from C:UsersNightRiderDesktopPlatform: Windows 7 Professional Service Pack 1 (X64) OS Language: Български (България)Internet Explorer Version 8Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe(COMODO) C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe(Microsoft Corporation) C:WindowsSystem32audiodg.exe(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe(SUPERAntiSpyware.com) C:Program FilesSUPERAntiSpywareSASCore64.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Exploitmbae-svc.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe() C:Program Files (x86)MSI AfterburnerMSIAfterburner.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe(Safer-Networking Ltd.) C:Program Files (x86)Spybot - Search & Destroy 2SDFSSvc.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe(COMODO) C:Program FilesCOMODOCOMODO Internet Securitycfp.exe() C:Program Files (x86)RocketDockRocketDock.exe(VIA) C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Exploitmbae.exe(Safer-Networking Ltd.) C:Program Files (x86)Spybot - Search & Destroy 2SDTray.exe(Safer-Networking Ltd.) C:Program Files (x86)Spybot - Search & Destroy 2SDUpdSvc.exe(VMware, Inc.) D:Virtual MSvmware-authd.exe(Safer-Networking Ltd.) C:Program Files (x86)Spybot - Search & Destroy 2SDWSCSvc.exe==================== Registry (Whitelisted) ==================HKLM...Run: [COMODO Internet Security] => C:Program FilesCOMODOCOMODO Internet Securitycfp.exe [9577680 2012-11-07] (COMODO)HKLM-x32...Run: [HDAudDeck] => C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe [2792448 2009-12-04] (VIA)HKLM-x32...Run: [Malwarebytes Anti-Exploit] => C:Program Files (x86)Malwarebytes Anti-Exploitmbae.exe [382608 2014-06-04] (Malwarebytes Corporation)HKLM-x32...Run: [sDTray] => C:Program Files (x86)Spybot - Search & Destroy 2SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)HKUS-1-5-19...Run: [sidebar] => %ProgramFiles%Windows SidebarSidebar.exe /autoRunHKUS-1-5-20...Run: [sidebar] => %ProgramFiles%Windows SidebarSidebar.exe /autoRunHKUS-1-5-21-2578195413-4270418453-1147072934-1000...Run: [RocketDock] => C:Program Files (x86)RocketDockRocketDock.exe [495616 2007-09-02] ()HKUS-1-5-21-2578195413-4270418453-1147072934-1000...PoliciesExplorer: [NoLowDiskSpaceChecks] 1AppInit_DLLs: C:Windowssystem32guard64.dll => C:Windowssystem32guard64.dll [390392 2012-11-07] (COMODO)AppInit_DLLs-x32: C:WindowsSysWOW64guard32.dll => C:WindowsSysWOW64guard32.dll [301264 2012-11-07] (COMODO)BootExecute: autocheck autochk * sdnclean64.exe==================== Internet (Whitelisted) ====================SearchScopes: HKLM-x32 - DefaultScope value is missing.Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpipParameters: [DhcpNameServer] 46.40.72.18 46.40.72.17Tcpip..Interfaces{4C832BE6-3FF0-476E-9DB5-AFC0F254BFC8}: [NameServer]198.153.192.40,198.153.194.40FireFox:========FF ProfilePath: C:UsersNightRiderAppDataRoamingMozillaFirefoxProfiles9putosvv.defaultFF Plugin: @adobe.com/FlashPlayer - C:Windowssystem32MacromedFlashNPSWF64_14_0_0_125.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @adobe.com/FlashPlayer - C:WindowsSysWOW64MacromedFlashNPSWF32_14_0_0_125.dll ()FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchplugins911bg.xmlFF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginsdiribg.xmlFF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginspe-bg.xmlFF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginsportalbgdict.xmlFF Extension: Element Hiding Helper for Adblock Plus - C:UsersNightRiderAppDataRoamingMozillaFirefoxProfiles9putosvv.defaultExtensionselemhidehelper@adblockplus.org.xpi [2014-06-23]FF Extension: Ghostery - C:UsersNightRiderAppDataRoamingMozillaFirefoxProfiles9putosvv.defaultExtensionsfirefox@ghostery.com.xpi [2014-04-10]FF Extension: NoScript - C:UsersNightRiderAppDataRoamingMozillaFirefoxProfiles9putosvv.defaultExtensions{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-23]FF Extension: Adblock Plus - C:UsersNightRiderAppDataRoamingMozillaFirefoxProfiles9putosvv.defaultExtensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-10]==================== Services (Whitelisted) =================R2 !SASCORE; C:Program FilesSUPERAntiSpywareSASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)R2 cmdAgent; C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe [2828408 2012-11-07] (COMODO)R2 MbaeSvc; C:Program Files (x86)Malwarebytes Anti-Exploitmbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)R2 MBAMScheduler; C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 SDScannerService; C:Program Files (x86)Spybot - Search & Destroy 2SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)R2 SDUpdateService; C:Program Files (x86)Spybot - Search & Destroy 2SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)R2 SDWSCService; C:Program Files (x86)Spybot - Search & Destroy 2SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)R2 VMAuthdService; D:Virtual MSvmware-authd.exe [86744 2014-06-12] (VMware, Inc.)==================== Drivers (Whitelisted) ====================R1 A2DDA; D:PROGRAMSEMSISOFTRUNa2ddax64.sys [26176 2014-01-29] (Emsisoft GmbH)S3 cleanhlp; D:ProgramsEmsisoftRuncleanhlp64.sys [57024 2014-01-29] (Emsisoft GmbH)R1 cmderd; C:WindowsSystem32DRIVERScmderd.sys [22736 2012-11-07] (COMODO)R1 cmdGuard; C:WindowsSystem32DRIVERScmdguard.sys [584056 2012-11-07] (COMODO)R1 cmdHlp; C:WindowsSystem32DRIVERScmdhlp.sys [38144 2012-11-07] (COMODO)R1 ESProtectionDriver; C:Program Files (x86)Malwarebytes Anti-Exploitmbae64.sys [62392 2014-06-04] ()R1 inspect; C:WindowsSystem32DRIVERSinspect.sys [94288 2012-11-07] (COMODO)R3 MBAMProtector; C:Windowssystem32driversmbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:Windowssystem32driversMBAMSwissArmy.sys [122584 2014-07-05] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:Windowssystem32driversmwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R3 RTCore64; C:Program Files (x86)MSI AfterburnerRTCore64.sys [13368 2013-01-23] ()R1 SASDIFSV; C:Program FilesSUPERAntiSpywareSASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:Program FilesSUPERAntiSpywareSASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R2 VMparport; C:Windowssystem32driversVMparport.sys [32472 2014-06-12] (VMware, Inc.)R0 vsock; C:WindowsSystem32driversvsock.sys [73296 2013-10-08] (VMware, Inc.)==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-07-05 20:55 - 2014-07-05 20:56 - 00008245 _____ () C:UsersNightRiderDesktopFRST.txt2014-07-05 20:55 - 2014-07-05 20:55 - 02084352 _____ (Farbar) C:UsersNightRiderDesktopFRST64.exe2014-07-05 19:29 - 2014-07-05 20:55 - 00000000 ____D () C:FRST2014-07-05 17:54 - 2014-07-05 20:52 - 00001624 _____ () C:Windowssetupact.log2014-07-05 17:54 - 2014-07-05 17:54 - 00058504 _____ () C:UsersNightRiderAppDataLocalGDIPFONTCACHEV1.DAT2014-07-05 17:54 - 2014-07-05 17:54 - 00000484 _____ () C:WindowsPFRO.log2014-07-05 17:54 - 2014-07-05 17:54 - 00000000 _____ () C:Windowssetuperr.log2014-07-05 16:57 - 2014-07-05 17:46 - 00000000 ____D () C:ProgramDataPanda Security2014-07-05 12:55 - 2014-07-05 12:55 - 00000000 ____D () C:UsersNightRiderAppDataLocalTeknoGods2014-07-04 20:39 - 2014-07-04 20:39 - 00000000 ____D () C:UsersNightRiderDesktopAutoruns2014-07-04 12:22 - 2014-06-12 18:23 - 00359128 _____ (VMware, Inc.) C:WindowsSysWOW64vmnetdhcp.exe2014-07-04 12:22 - 2014-06-12 18:23 - 00064728 _____ (VMware, Inc.) C:Windowssystem32Driversvmx86.sys2014-07-04 12:22 - 2014-06-12 18:22 - 00931032 _____ (VMware, Inc.) C:Windowssystem32vnetlib64.dll2014-07-04 12:22 - 2014-06-12 18:22 - 00437976 _____ (VMware, Inc.) C:WindowsSysWOW64vmnat.exe2014-07-04 12:22 - 2014-06-12 18:22 - 00032472 _____ (VMware, Inc.) C:Windowssystem32DriversVMparport.sys2014-07-04 12:22 - 2014-06-12 18:22 - 00031448 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetuserif.sys2014-07-04 12:22 - 2014-06-12 18:21 - 00033496 _____ (VMware, Inc.) C:Windowssystem32DriversVMkbd.sys2014-07-04 12:22 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:Windowssystem32Driversvsock.sys2014-07-04 12:22 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:Windowssystem32vsocklib.dll2014-07-04 12:22 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:WindowsSysWOW64vsocklib.dll2014-07-04 12:21 - 2014-07-04 12:21 - 00001561 _____ () C:UsersPublicDesktopVMware Player.lnk2014-07-04 12:21 - 2014-07-04 12:21 - 00000000 ____D () C:Program FilesCommon FilesVMware2014-07-04 12:21 - 2014-02-27 18:40 - 00054464 _____ (VMware, Inc.) C:Windowssystem32Drivershcmon.sys2014-07-04 12:21 - 2014-02-27 18:40 - 00038720 _____ (VMware, Inc.) C:Windowssystem32Driversvmusb.sys2014-07-04 03:55 - 2014-07-04 03:55 - 00000000 ____D () C:UsersNightRiderDocumentsProcAlyzer Dumps2014-07-02 03:49 - 2014-07-02 03:49 - 00001395 _____ () C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot-S&D Start Center.lnk2014-07-02 03:49 - 2014-07-02 03:49 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy 22014-07-02 03:49 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:Windowssystem32sdnclean64.exe2014-06-24 00:19 - 2014-06-24 00:19 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Exploit2014-06-24 00:19 - 2014-06-24 00:19 - 00000000 ____D () C:Program Files (x86)Malwarebytes Anti-Exploit2014-06-23 01:35 - 2014-07-05 18:05 - 00000000 ____D () C:ProgramDataMalwarebytes Anti-Exploit2014-06-12 18:22 - 2014-06-12 18:22 - 00080464 _____ (VMware, Inc.) C:Windowssystem32vmnetbridge.dll2014-06-12 18:22 - 2014-06-12 18:22 - 00049232 _____ (VMware, Inc.) C:Windowssystem32vnetinst.dll2014-06-12 18:22 - 2014-06-12 18:22 - 00046160 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetbridge.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00024656 _____ (VMware, Inc.) C:Windowssystem32Driversvmnet.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00020560 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetadapter.sys2014-06-10 23:41 - 2014-04-25 05:34 - 00801280 _____ (Microsoft Corporation) C:Windowssystem32usp10.dll2014-06-10 23:41 - 2014-04-25 05:06 - 00626688 _____ (Microsoft Corporation) C:WindowsSysWOW64usp10.dll2014-06-10 23:41 - 2014-04-05 05:47 - 01903552 _____ (Microsoft Corporation) C:Windowssystem32Driverstcpip.sys2014-06-10 23:41 - 2014-04-05 05:47 - 00288192 _____ (Microsoft Corporation) C:Windowssystem32DriversFWPKCLNT.SYS2014-06-10 23:40 - 2014-03-26 17:44 - 02002432 _____ (Microsoft Corporation) C:Windowssystem32msxml6.dll2014-06-10 23:40 - 2014-03-26 17:44 - 01882112 _____ (Microsoft Corporation) C:Windowssystem32msxml3.dll2014-06-10 23:40 - 2014-03-26 17:41 - 00002048 _____ (Microsoft Corporation) C:Windowssystem32msxml6r.dll2014-06-10 23:40 - 2014-03-26 17:41 - 00002048 _____ (Microsoft Corporation) C:Windowssystem32msxml3r.dll2014-06-10 23:40 - 2014-03-26 17:27 - 01389056 _____ (Microsoft Corporation) C:WindowsSysWOW64msxml6.dll2014-06-10 23:40 - 2014-03-26 17:27 - 01237504 _____ (Microsoft Corporation) C:WindowsSysWOW64msxml3.dll2014-06-10 23:40 - 2014-03-26 17:25 - 00002048 _____ (Microsoft Corporation) C:WindowsSysWOW64msxml6r.dll2014-06-10 23:40 - 2014-03-26 17:25 - 00002048 _____ (Microsoft Corporation) C:WindowsSysWOW64msxml3r.dll2014-06-10 23:32 - 2014-05-08 12:32 - 03178496 _____ (Microsoft Corporation) C:Windowssystem32rdpcorets.dll2014-06-10 23:32 - 2014-05-08 12:32 - 00016384 _____ (Microsoft Corporation) C:Windowssystem32RdpGroupPolicyExtension.dll2014-06-10 19:26 - 2014-06-11 13:46 - 00000000 ____D () C:Program Files (x86)Mozilla Firefox2014-06-10 03:25 - 2014-07-05 20:55 - 00958762 _____ () C:WindowsWindowsUpdate.log==================== One Month Modified Files and Folders =======2014-07-05 20:56 - 2014-07-05 20:55 - 00008245 _____ () C:UsersNightRiderDesktopFRST.txt2014-07-05 20:56 - 2014-04-10 22:10 - 00000384 _____ () C:WindowsTasksWpsUpdateTask_NightRider.job2014-07-05 20:55 - 2014-07-05 20:55 - 02084352 _____ (Farbar) C:UsersNightRiderDesktopFRST64.exe2014-07-05 20:55 - 2014-07-05 19:29 - 00000000 ____D () C:FRST2014-07-05 20:55 - 2014-06-10 03:25 - 00958762 _____ () C:WindowsWindowsUpdate.log2014-07-05 20:52 - 2014-07-05 17:54 - 00001624 _____ () C:Windowssetupact.log2014-07-05 20:52 - 2014-05-17 02:22 - 00122584 _____ (Malwarebytes Corporation) C:Windowssystem32DriversMBAMSwissArmy.sys2014-07-05 20:52 - 2009-07-14 08:08 - 00000006 ____H () C:WindowsTasksSA.DAT2014-07-05 20:51 - 2014-04-10 22:05 - 00003030 _____ () C:WindowsSystem32TasksMSIAfterburner2014-07-05 20:51 - 2014-04-10 18:40 - 01474832 _____ () C:Windowssystem32Driverssfi.dat2014-07-05 20:45 - 2009-07-14 07:45 - 00021280 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-05 20:45 - 2009-07-14 07:45 - 00021280 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-05 20:44 - 2014-04-10 22:54 - 00000830 _____ () C:WindowsTasksAdobe Flash Player Updater.job2014-07-05 20:02 - 2014-04-10 22:10 - 00000384 _____ () C:WindowsTasksWpsNotifyTask_NightRider.job2014-07-05 18:05 - 2014-06-23 01:35 - 00000000 ____D () C:ProgramDataMalwarebytes Anti-Exploit2014-07-05 17:54 - 2014-07-05 17:54 - 00058504 _____ () C:UsersNightRiderAppDataLocalGDIPFONTCACHEV1.DAT2014-07-05 17:54 - 2014-07-05 17:54 - 00000484 _____ () C:WindowsPFRO.log2014-07-05 17:54 - 2014-07-05 17:54 - 00000000 _____ () C:Windowssetuperr.log2014-07-05 17:53 - 2014-04-10 22:09 - 00000000 ____D () C:UsersNightRiderAppDataRoamingWise Disk Cleaner2014-07-05 17:50 - 2014-04-10 22:04 - 00000000 ____D () C:Program Files (x86)MSI Afterburner2014-07-05 17:47 - 2009-07-14 07:45 - 00267936 _____ () C:Windowssystem32FNTCACHE.DAT2014-07-05 17:46 - 2014-07-05 16:57 - 00000000 ____D () C:ProgramDataPanda Security2014-07-05 12:55 - 2014-07-05 12:55 - 00000000 ____D () C:UsersNightRiderAppDataLocalTeknoGods2014-07-04 22:40 - 2014-04-11 22:18 - 00000000 ____D () C:UsersNightRiderAppDataRoamingVMware2014-07-04 22:40 - 2014-04-11 22:18 - 00000000 ____D () C:UsersNightRiderAppDataLocalVMware2014-07-04 20:58 - 2014-04-10 22:12 - 00000000 ____D () C:ProgramDataTEMP2014-07-04 20:42 - 2014-04-10 22:30 - 00000000 ____D () C:UsersNightRiderAppDataRoaminguTorrent2014-07-04 20:39 - 2014-07-04 20:39 - 00000000 ____D () C:UsersNightRiderDesktopAutoruns2014-07-04 12:22 - 2014-04-11 22:12 - 00000000 ____D () C:ProgramDataVMware2014-07-04 12:21 - 2014-07-04 12:21 - 00001561 _____ () C:UsersPublicDesktopVMware Player.lnk2014-07-04 12:21 - 2014-07-04 12:21 - 00000000 ____D () C:Program FilesCommon FilesVMware2014-07-04 12:21 - 2014-04-10 20:52 - 00789792 _____ () C:WindowsSysWOW64PerfStringBackup.INI2014-07-04 03:55 - 2014-07-04 03:55 - 00000000 ____D () C:UsersNightRiderDocumentsProcAlyzer Dumps2014-07-04 02:09 - 2014-04-10 18:36 - 00000000 ___HD () C:Program Files (x86)InstallShield Installation Information2014-07-03 18:10 - 2014-04-10 18:58 - 00000000 ____D () C:WindowsPanther2014-07-03 04:43 - 2009-07-14 08:08 - 00032580 _____ () C:WindowsTasksSCHEDLGU.TXT2014-07-02 03:53 - 2014-04-11 02:19 - 00000000 ____D () C:Program Files (x86)Spybot - Search & Destroy 22014-07-02 03:49 - 2014-07-02 03:49 - 00001395 _____ () C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot-S&D Start Center.lnk2014-07-02 03:49 - 2014-07-02 03:49 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy 22014-07-02 03:49 - 2014-04-11 02:19 - 00000000 ____D () C:ProgramDataSpybot - Search & Destroy2014-07-02 03:47 - 2014-04-29 00:42 - 00000085 _____ () C:Windowswininit.ini2014-06-26 01:53 - 2014-04-10 22:12 - 00000000 ____D () C:Program Files (x86)SpywareBlaster2014-06-25 04:22 - 2009-07-14 05:34 - 00450709 ____R () C:Windowssystem32Driversetchosts.20140702-035526.backup2014-06-24 00:19 - 2014-06-24 00:19 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Exploit2014-06-24 00:19 - 2014-06-24 00:19 - 00000000 ____D () C:Program Files (x86)Malwarebytes Anti-Exploit2014-06-22 17:59 - 2014-04-11 01:40 - 00000024 _____ () C:UsersNightRiderDesktopНов текстов документ.txt2014-06-21 02:07 - 2014-04-10 22:54 - 00699056 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerApp.exe2014-06-21 02:07 - 2014-04-10 22:54 - 00071344 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerCPLApp.cpl2014-06-21 02:07 - 2014-04-10 22:54 - 00003768 _____ () C:WindowsSystem32TasksAdobe Flash Player Updater2014-06-19 15:10 - 2014-04-10 22:16 - 00000000 ____D () C:Program FilesSUPERAntiSpyware2014-06-17 12:44 - 2009-07-14 06:20 - 00000000 ____D () C:Windowssystem32NDF2014-06-16 02:45 - 2009-07-14 05:34 - 00450709 ____R () C:Windowssystem32Driversetchosts.20140625-042254.backup2014-06-12 18:23 - 2014-07-04 12:22 - 00359128 _____ (VMware, Inc.) C:WindowsSysWOW64vmnetdhcp.exe2014-06-12 18:23 - 2014-07-04 12:22 - 00064728 _____ (VMware, Inc.) C:Windowssystem32Driversvmx86.sys2014-06-12 18:22 - 2014-07-04 12:22 - 00931032 _____ (VMware, Inc.) C:Windowssystem32vnetlib64.dll2014-06-12 18:22 - 2014-07-04 12:22 - 00437976 _____ (VMware, Inc.) C:WindowsSysWOW64vmnat.exe2014-06-12 18:22 - 2014-07-04 12:22 - 00032472 _____ (VMware, Inc.) C:Windowssystem32DriversVMparport.sys2014-06-12 18:22 - 2014-07-04 12:22 - 00031448 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetuserif.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00080464 _____ (VMware, Inc.) C:Windowssystem32vmnetbridge.dll2014-06-12 18:22 - 2014-06-12 18:22 - 00049232 _____ (VMware, Inc.) C:Windowssystem32vnetinst.dll2014-06-12 18:22 - 2014-06-12 18:22 - 00046160 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetbridge.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00024656 _____ (VMware, Inc.) C:Windowssystem32Driversvmnet.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00020560 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetadapter.sys2014-06-12 18:21 - 2014-07-04 12:22 - 00033496 _____ (VMware, Inc.) C:Windowssystem32DriversVMkbd.sys2014-06-11 13:46 - 2014-06-10 19:26 - 00000000 ____D () C:Program Files (x86)Mozilla Firefox2014-06-10 23:34 - 2014-04-10 20:05 - 00000000 ____D () C:Windowssystem32MRT2014-06-10 23:33 - 2014-04-10 20:05 - 95414520 _____ (Microsoft Corporation) C:Windowssystem32MRT.exe2014-06-10 00:54 - 2014-05-07 21:29 - 00000000 ____D () C:UsersNightRiderAppDataRoamingSumatraPDF==================== Bamital & volsnap Check =================C:WindowsSystem32winlogon.exe => File is digitally signedC:WindowsSystem32wininit.exe => File is digitally signedC:WindowsSysWOW64wininit.exe => File is digitally signedC:Windowsexplorer.exe => File is digitally signedC:WindowsSysWOW64explorer.exe => File is digitally signedC:WindowsSystem32svchost.exe => File is digitally signedC:WindowsSysWOW64svchost.exe => File is digitally signedC:WindowsSystem32services.exe => File is digitally signedC:WindowsSystem32User32.dll => File is digitally signedC:WindowsSysWOW64User32.dll => File is digitally signedC:WindowsSystem32userinit.exe => File is digitally signedC:WindowsSysWOW64userinit.exe => File is digitally signedC:WindowsSystem32rpcss.dll => File is digitally signedC:WindowsSystem32Driversvolsnap.sys => File is digitally signedLastRegBack: 2014-06-28 12:09==================== End Of Log ============================

Addition.txt

[icotonev]

Здравейте..! Ами в тези дневници няма никаква следа от зловреден софтуер.Но продължава да се вижда много защитен софтуер.

 

 

Panda Security , Emsisoft..освен това Spybot - Search & Destroy,SUPERAntiSpyware,Malwarebytes,SpywareBlaster и като прибавим COMODO Internet Security

 

Всички тези програми са прекрасни и напълно легални,но когато работят едновременно на компютъра ви може да се получи конфликт между тях.Причината за това е, че някой от тези продукти изпълняващ функциите си, в един момент, ще се опитват да имат достъп до един и същи файл по едно и също време.Това може да предизвика проблеми с производителността на системата и сериозно  забавяне.

[B-boy/StyLe/]

И аз това писах на автора в предишната му тема (и за hosts и за останалите), но явно мнението ми НЕ е било взето под сериозно внимание.

[The Shooter]

Panda Я сложих вчера и вече е премахната.Emsisoft Emergency Kit и SuperAntispyware ги ползвам само като контролни скенери............Ще прамахна SuperAntispyware i SpywareBlastera ................

[B-boy/StyLe/]

Ghostery също е излишна при наличието на ADB.

Разкарай и Spybot и ти бях казал в другата тема как да спреш и някои ненужни услуги като NVIDIA Display Driver Service и т.н.

За финал може да ти пратя преработения от мен скрипт за MyDefrag (базиран на скриптовете на Jaspion v10 alpha 2)...ефекта се усеща... (12 фази са).

[The Shooter]

Като пате в калчище съм

 

Понеже компютъра не го ползвам само аз и май доста е "омазана" системата вече..........Виждам,че и в COMODO са сменяни настройките за глобални правила........ще направя една чиста инсталация.....................

Значи след инсталацията слагам COMODO,MBAM,MBAE...........Браузъра..........ADBLOCK,NoScRIpt,Element Hiding Helper

 

Забравям за SpywareBlaster,Ghostery,SuperAntispyware,Spybot.......

 

Благодаря на всички за помоща.

[DarkEdge]

Spybot не е лош за имунизация само, т.е. за пасивна защита. Веднъж на две седмици - месец имунизираш с портативен Spybot.

[B-boy/StyLe/]

Няма нужда от Spybot...както писах и преди...нещата от които пази  (имунизира са около 200.000)...зловредния софтуер в момента е над 20 000 000...Дори да имунизира срещу всички известни заплахи то системата ще стане неизползваема и всички изчисления ще са насочени в тази насока. Да не говорим, че новите версии имат вече и куп услуги във фонов режим и самата програма се обновява веднъж седмично. Крайно недостатъчно и неефективно. Признавам, че е една от първите и винаги ще си я пазя в колекцията от сантиментална стойност, но беше ефективна заедно с ad-aware в миналото. Сега втората заложи на антивирусен енджин...а първата дори adwcleaner вече я изпреварва по-ефективност на почистваните тулбари и други боклуци. Като цяло модата на пасивната защита премина...сега е ерата на ХИПС-а (за напреднали потребители) или (на пясъчника за обикновените потребители)...те идеално покриват липсата на дефиниции от антивирусния компонент. TeaTimer също е доста досаден..ако ще ползвам програма за следене на регистрите в реално време ще е MJ Registry Watcher.

[The Shooter]

Здравейте.

Пиша да докладвам какви ги свърших

Понеже не ми се преинсталираше премахнах само програмите,които ми казахте.Браузъра литна .Имам само една молба да ми кажете дали съм успял да върна host файла по подразбиране(понеже не зная в кой точно лог се съдържа тази информация,ще прикача и двата).На Comodo сложих парола за да се застраховам,че вече няма да се бъзикат настройки от друг освен мене.Искам да попитам по какъв начин мога да огранича инсталацията на нови програми. @B-Boy[style] в предишната тема беше споменал за CryptoPrevent,но доколкото разбрах тя служи за съвсем друго нещо.............

 

Благодаря предварително.

FRST.txt

Addition.txt

[icotonev]

Прекрасно..! Тя вашата работа стана "Като си пееш Пенкеле,кой ли те слуша"..В системата ви не се виждат активни зарази.

 

Изтеглете следния файл и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи публикувайте лог файла - fixlog.txt, който ще се създаде след работата. Той трябва да изтрие карантинната папка на инструмента разположена в C:FRSTQuarantine.

 

 

Ако нямате други въпроси и проблеми маркирам случая за "Решен"..! Пожелавам лека  вечер и безопасен интернет..! 

[The Shooter]

Относно зарази нямам повече въпроси.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01Ran by NightRider at 2014-07-08 21:32:03 Run:1Running from C:UsersNightRiderDesktopBoot Mode: Normal==============================================Content of fixlist:*****************startDeleteQuarantine:end*****************"C:FRSTQuarantine" => removed successfully.==== End of Fixlog ====

[B-boy/StyLe/]

Искам да попитам по какъв начин мога да огранича инсталацията на нови програми. @B-Boy[style] в предишната тема беше споменал за CryptoPrevent,но доколкото разбрах тя служи за съвсем друго нещо.............

 

Благодаря предварително.

 

Точно с gpedit.msc може да се направи това...CryptoPrevent е главно за пресичане на CryptoLocker базираните бацили, но действа на базата на Group Policy...Алтернативните варианти мисля, че ги знаеш:

 

1. Ограничен акаунт.

2. Групови политики + родителски контрол

3. Applocker и други Default Deny системи като Program Blocker v1 или VoodooShield, Anti-Executable, AppGuard, ProcessGuard или по-корави настройки в Comodo + паролата за настройките.

4. Или просто обясни на ползвателите ако стартират нови програми да го правят или на VirtualBox или в Sandboxie.