Премини към съдържанието

  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Профилактика след чистене на вируси

crazyfan_metal

Препоръчан отговор

crazyfan_metal Ентусиаст

crazyfan_metal

публикувано
публикувано

Здравейте,

 

Старият ми комп днес не можеше да се включи - даваше син екран с грешка 0x0000007b и през сейф мод пуснах да сканира за вируси и откри много вируси, даже имаше някакъв rootkit, но не му записах името. След като почистих вирусите с MSE и MBAM, уиндоусът изглежда малко по-различно и пише Test mode. Исках да видя дали успешно са се почистили вирусите. Мерси предварително за помощта Публикувано изображение.

 

Първо не бях запазил програмата на десктопа и направи логовете. Втория път я запазих на десктопа и ми изкара само първия лог, така че прикаченият лог е от другата папка, ако има значение.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Semeistvo (administrator) on KOLIO-PC-LOL on 16-07-2014 19:57:55
Running from C:UsersSemeistvoDesktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:Program FilesMicrosoft Security ClientMsMpEng.exe
(AMD) C:WindowsSystem32atiesrxx.exe
(AMD) C:WindowsSystem32atieclxx.exe
(ABBYY) C:Program Files (x86)ABBYY FineReader 11NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe
() C:WindowsSysWOW64srvany.exe
() C:WindowskmsemKMService.exe
() C:Program Files (x86)T-MobileConnection ManagerBackgroundServiceServiceManager.exe
(Raxco Software, Inc.) C:Program FilesRaxcoPerfectDiskPDAgent.exe
(TeamViewer GmbH) C:Program Files (x86)TeamViewerVersion9TeamViewer_Service.exe
(VIA Technologies, Inc.) C:WindowsSystem32ViakaraokeSrv.exe
(VMware, Inc.) C:WindowsSysWOW64vmnat.exe
(VMware, Inc.) C:WindowsSysWOW64vmnetdhcp.exe
(VMware, Inc.) C:Program Files (x86)VMwareVMware Playervmware-authd.exe
(Raxco Software, Inc.) C:Program FilesCommon FilesRaxcoSharedPDEngine.exe
(Microsoft Corporation) C:Program FilesMicrosoft Security ClientNisSrv.exe
(Microsoft Corporation) C:Program FilesMicrosoft Security Clientmsseces.exe
(Advanced Micro Devices Inc.) C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe
() C:Program Files (x86)T-MobileConnection ManagerBackgroundModemListener.exe
(Oracle Corporation) C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
(ATI Technologies Inc.) C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe
(TeamViewer GmbH) C:Program Files (x86)TeamViewerVersion9TeamViewer.exe
(TeamViewer GmbH) C:Program Files (x86)TeamViewerVersion9tv_w32.exe
(TeamViewer GmbH) C:Program Files (x86)TeamViewerVersion9tv_x64.exe
(Mozilla Corporation) C:ProgramDataMozilla Firefoxfirefox.exe


==================== Registry (Whitelisted) ==================

HKLM...Run: [MSC] => C:Program FilesMicrosoft Security Clientmsseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32...Run: [startCCC] => C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32...Run: [T-Mobile ModemListener] => C:Program Files (x86)T-MobileConnection ManagerBackgroundModemListener.exe [117624 2012-04-25] ()
HKLM-x32...Run: [sunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32...Winlogon: [userinit] userinit.exe, [X]
HKLM...PoliciesExplorer: [NoRecentDocsHistory] 1
HKUS-1-5-19...Run: [sidebar] => %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20...Run: [sidebar] => %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-21-479965618-2439488080-2504878910-1003...Run: [DAEMON Tools Lite] => C:Program Files (x86)DAEMON Tools LiteDTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKUS-1-5-21-479965618-2439488080-2504878910-1003...Run: [HydraVisionDesktopManager] => "C:Program Files (x86)ATI TechnologiesHydraVisionHydraDM.exe"
HKUS-1-5-21-479965618-2439488080-2504878910-1003...Policiessystem: [LogonHoursAction] 2
HKUS-1-5-21-479965618-2439488080-2504878910-1003...Policiessystem: [DontDisplayLogonHoursWarnings] 1
HKUS-1-5-21-479965618-2439488080-2504878910-1003...PoliciesExplorer: [NoThumbnailCache] 1
HKUS-1-5-21-479965618-2439488080-2504878910-1003...PoliciesExplorer: [DisableThumbnailsOnNetworkFolders] 1
HKUS-1-5-21-479965618-2439488080-2504878910-1003...MountPoints2: {2048fd0d-83ec-11e1-9be6-0025223b00ea} - F:setup.exe
HKUS-1-5-21-479965618-2439488080-2504878910-1003...MountPoints2: {3c6334ad-561d-11e1-8010-0025223b00ea} - F:autorun.exe
HKUS-1-5-21-479965618-2439488080-2504878910-1003...MountPoints2: {4eb9468e-254a-11e0-a52d-0025223b00ea} - F:Setup.exe
HKUS-1-5-21-479965618-2439488080-2504878910-1003...MountPoints2: {50dd1066-28c1-11e2-bcbb-0025223b00ea} - F:Install.cmd
HKUS-1-5-21-479965618-2439488080-2504878910-1003...MountPoints2: {d04ceaf8-0c3f-11e1-8f29-0025223b00ea} - F:autorun.exe
HKUS-1-5-21-479965618-2439488080-2504878910-1003...MountPoints2: {d7142c6b-f698-11e0-acad-0025223b00ea} - F:Autorun.exe
HKUS-1-5-21-479965618-2439488080-2504878910-1003...MountPoints2: {f35fafc0-cd5a-11e0-ba6c-806e6f6e6963} - F:SetuprsrcAutorun.exe
HKUS-1-5-21-479965618-2439488080-2504878910-1003...Winlogon: [shell] C:Windowsexplorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
Startup: C:UserskolioAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:UsersSemeistvoAppDataRoamingDropboxbinDropbox.exe (No File)
Startup: C:UserskolioAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupLaunchy.lnk
ShortcutTarget: Launchy.lnk -> C:Program Files (x86)LaunchyLaunchy.exe ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: PDBoot.exeautocheck autochk *
GroupPolicyUsersS-1-5-21-479965618-2439488080-2504878910-1003User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.daum.net/
HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://www.msn.com/
HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 0x34247B62BD22CB01
HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = bg
SearchScopes: HKCU - DefaultScope {81138A69-E54A-4E88-A03B-E5860CFECDED} URL = http://search.daum.net/cgi-bin/nsp/search.cgi?w=tot&nil_ch=MSKR&q={searchTerms}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {81138A69-E54A-4E88-A03B-E5860CFECDED} URL = http://search.daum.net/cgi-bin/nsp/search.cgi?w=tot&nil_ch=MSKR&q={searchTerms}
SearchScopes: HKCU - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = http://eu.ask.com/web?l=dis&o=APN10234&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^BG&apn_ptnrs=^A8B&apn_uid=2032206156714563&p2=^A8B^YYYYYY^YY^BG&q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:Program FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program Files (x86)Javajre7binssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:Program Files (x86)Microsoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program Files (x86)Javajre7binjp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies)
TcpipParameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.default
FF Plugin: @adobe.com/FlashPlayer - C:Windowssystem32MacromedFlashNPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 - C:Windowssystem32npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:Program FilesMicrosoft Silverlight5.1.30214.0npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:PROGRA~1MICROS~3Office14NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:WindowsSysWOW64MacromedFlashNPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:Program Files (x86)Javajre7bindtpluginnpDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:Program Files (x86)Javajre7binplugin2npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:Program Files (x86)Microsoft Silverlight5.1.30214.0npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:PROGRA~2MICROS~3Office14NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:PROGRA~2MICROS~3Office14NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:Program Files (x86)SumatraPDFnpPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:Program Files (x86)GoogleUpdate1.3.24.15npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:Program Files (x86)GoogleUpdate1.3.24.15npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:Program Files (x86)VeetlepluginsnpVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:Program Files (x86)VeetlePlayernpvlc.dll (Veetle Inc)
FF Plugin HKCU: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:Program Files (x86)SumatraPDFnpPdfViewer.dll (Simon Bünzli)
FF Plugin ProgramFiles/Appdata: C:Program Files (x86)mozilla firefoxpluginsnp-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:Program Files (x86)mozilla firefoxpluginsNPOlp32.dll (Element K Corporation)
FF SearchPlugin: C:Program Files (x86)mozilla firefoxsearchplugins911bg.xml
FF SearchPlugin: C:Program Files (x86)mozilla firefoxsearchpluginsask.xml
FF SearchPlugin: C:Program Files (x86)mozilla firefoxsearchpluginsdiribg.xml
FF SearchPlugin: C:Program Files (x86)mozilla firefoxsearchpluginspe-bg.xml
FF SearchPlugin: C:Program Files (x86)mozilla firefoxsearchpluginsportalbgdict.xml
FF Extension: Default Full Zoom Level - C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultExtensions{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014-05-12]
FF Extension: Adblock Plus - C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultExtensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-06]
FF HKLM-x32...FirefoxExtensions: [[email protected]] - C:Program Files (x86)T-MobileConnection Manageraddon
FF Extension: Bytemobile Optimization Client - C:Program Files (x86)T-MobileConnection Manageraddon [2013-05-25]
FF HKLM-x32...FirefoxExtensions: [[email protected]] - C:Program Files (x86)[email protected]
FF StartMenuInternet: FIREFOX.EXE - C:ProgramDataMozilla Firefoxfirefox.exe

Chrome:
=======
CHR Extension: (Google Документи) - C:UsersSemeistvoAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2014-04-04]
CHR Extension: (Google Диск) - C:UsersSemeistvoAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2014-04-04]
CHR Extension: (YouTube) - C:UsersSemeistvoAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-04]
CHR Extension: (Google Търсене) - C:UsersSemeistvoAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf [2014-04-04]
CHR Extension: (Google Wallet) - C:UsersSemeistvoAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2014-04-04]
CHR Extension: (Gmail) - C:UsersSemeistvoAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2014-04-04]

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:Program Files (x86)ABBYY FineReader 11NetworkLicenseServer.exe [821840 2012-07-19] (ABBYY)
R2 AMD FUEL Service; C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 KMService; C:WindowsSysWOW64srvany.exe [8192 2012-11-05] () [File not signed]
R2 Modem Device Helper; C:Program Files (x86)T-MobileConnection ManagerBackgroundServiceServiceManager.exe [51576 2012-04-25] ()
R2 MsMpSvc; c:Program FilesMicrosoft Security ClientMsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:Windowssystem32HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:Program FilesMicrosoft Security ClientNisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:Windowssystem32HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 VIAKaraokeService; C:Windowssystem32viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S3 AODDriver4.0; C:Program FilesATI TechnologiesATI.ACEFuelamd64AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.1; C:Program FilesATI TechnologiesATI.ACEFuelamd64AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S2 atksgt; C:WindowsSystem32DRIVERSatksgt.sys [312480 2010-11-13] ()
R0 BMLoad; C:WindowsSystem32driversBMLoad.sys [16512 2011-08-05] (Bytemobile, Inc.) [File not signed]
R3 Ca2001v; C:WindowsSystem32DriversCa2001v.sys [2475648 2008-02-19] (Digital Camera)
R1 dtsoftbus01; C:WindowsSystem32DRIVERSdtsoftbus01.sys [283200 2013-03-14] (DT Soft Ltd)
S3 irsir; C:WindowsSystem32DRIVERSirsir.sys [27648 2008-01-19] (Microsoft Corporation)
S3 jrdusbser; C:WindowsSystem32DRIVERSjrdusbser.sys [119680 2011-08-05] (TCT International Mobile Ltd)
R2 lirsgt; C:WindowsSystem32DRIVERSlirsgt.sys [43168 2010-11-13] ()
R0 MpFilter; C:WindowsSystem32DRIVERSMpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:WindowsSystem32DRIVERSNisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 pwdrvio; C:Windowssystem32pwdrvio.sys [19936 2010-04-09] ()
S3 pwdspio; C:Windowssystem32pwdspio.sys [13280 2010-04-09] ()
R0 sptd; C:WindowsSystem32Driverssptd.sys [564824 2012-11-06] (Duplex Secure Ltd.)
S2 SVKP; C:WindowsSysWOW64SVKP.sys [2368 2011-10-22] (AntiCracking) [File not signed]
S3 tap0901; C:WindowsSystem32DRIVERStap0901.sys [29696 2009-01-21] (The OpenVPN Project) [File not signed]
R1 tcpipBM; C:Windowssystem32driverstcpipBM.sys [39552 2011-08-05] (Bytemobile, Inc.) [File not signed]
S3 VBoxUSB; C:WindowsSystem32DriversVBoxUSB.sys [106272 2014-03-13] (Oracle Corporation)
R0 vsock; C:WindowsSystem32driversvsock.sys [73296 2013-08-15] (VMware, Inc.)
S3 wod0205; C:WindowsSystem32DRIVERSwod0205.sys [33160 2011-04-23] (WeOnlyDo Software)
U3 a0hqvdj5; C:WindowsSystem32Driversa0hqvdj5.sys [0 ] (Advanced Micro Devices)
S3 GGSAFERDriver; ??C:Program Files (x86)Garenasafedrv.sys [X]
S3 SliceDisk5; ??C:UserskolioAppDataLocalTempFindAndMountslicedisk-x64.sys [X]
S3 VBoxNetFlt; system32DRIVERSVBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-16 19:57 - 2014-07-16 19:57 - 00016678 _____ () C:UsersSemeistvoDesktopFRST.txt
2014-07-16 19:55 - 2014-07-16 19:55 - 00055181 _____ () C:UsersSemeistvoDownloadsAddition.txt
2014-07-16 19:52 - 2014-07-16 19:57 - 00000000 ____D () C:FRST
2014-07-16 19:52 - 2014-07-16 19:55 - 00040913 _____ () C:UsersSemeistvoDownloadsFRST.txt
2014-07-16 19:52 - 2014-07-16 19:52 - 02086912 _____ (Farbar) C:UsersSemeistvoDesktopFRST64.exe
2014-07-16 19:22 - 2014-07-16 19:30 - 00122584 _____ (Malwarebytes Corporation) C:Windowssystem32Drivers48230029.sys
2014-07-16 18:02 - 2014-07-16 18:02 - 00041928 _____ () C:Windowssystem32Driversbafec3b6610c210.sys
2014-07-16 17:59 - 2014-07-16 18:05 - 00122584 _____ (Malwarebytes Corporation) C:Windowssystem32DriversMBAMSwissArmy.sys
2014-07-16 17:59 - 2014-07-16 17:59 - 00001102 _____ () C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk
2014-07-16 17:59 - 2014-07-16 17:59 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Malware
2014-07-16 17:59 - 2014-07-16 17:59 - 00000000 ____D () C:Program Files (x86)Malwarebytes Anti-Malware
2014-07-16 17:59 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:Windowssystem32Driversmbamchameleon.sys
2014-07-16 17:59 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:Windowssystem32Driversmwac.sys
2014-07-16 17:53 - 2014-07-16 17:53 - 00000000 ____D () C:UserskolioAppDataLocalGoogle
2014-07-09 07:32 - 2014-06-20 23:14 - 00266424 _____ (Microsoft Corporation) C:Windowssystem32iedkcs32.dll
2014-07-09 07:32 - 2014-06-20 22:39 - 00240824 _____ (Microsoft Corporation) C:WindowsSysWOW64iedkcs32.dll
2014-07-09 07:32 - 2014-06-19 04:39 - 23464448 _____ (Microsoft Corporation) C:Windowssystem32mshtml.dll
2014-07-09 07:32 - 2014-06-19 04:06 - 02724864 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb
2014-07-09 07:32 - 2014-06-19 04:06 - 00004096 _____ (Microsoft Corporation) C:Windowssystem32ieetwcollectorres.dll
2014-07-09 07:32 - 2014-06-19 03:48 - 02768384 _____ (Microsoft Corporation) C:Windowssystem32iertutil.dll
2014-07-09 07:32 - 2014-06-19 03:42 - 00548352 _____ (Microsoft Corporation) C:Windowssystem32vbscript.dll
2014-07-09 07:32 - 2014-06-19 03:42 - 00066048 _____ (Microsoft Corporation) C:Windowssystem32iesetup.dll
2014-07-09 07:32 - 2014-06-19 03:41 - 00083968 _____ (Microsoft Corporation) C:Windowssystem32MshtmlDac.dll
2014-07-09 07:32 - 2014-06-19 03:41 - 00048640 _____ (Microsoft Corporation) C:Windowssystem32ieetwproxystub.dll
2014-07-09 07:32 - 2014-06-19 03:32 - 00051200 _____ (Microsoft Corporation) C:Windowssystem32jsproxy.dll
2014-07-09 07:32 - 2014-06-19 03:31 - 00033792 _____ (Microsoft Corporation) C:Windowssystem32iernonce.dll
2014-07-09 07:32 - 2014-06-19 03:26 - 00598016 _____ (Microsoft Corporation) C:Windowssystem32ieui.dll
2014-07-09 07:32 - 2014-06-19 03:24 - 00139264 _____ (Microsoft Corporation) C:Windowssystem32ieUnatt.exe
2014-07-09 07:32 - 2014-06-19 03:24 - 00111616 _____ (Microsoft Corporation) C:Windowssystem32ieetwcollector.exe
2014-07-09 07:32 - 2014-06-19 03:23 - 00752640 _____ (Microsoft Corporation) C:Windowssystem32jscript9diag.dll
2014-07-09 07:32 - 2014-06-19 03:16 - 17276416 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.dll
2014-07-09 07:32 - 2014-06-19 03:14 - 00940032 _____ (Microsoft Corporation) C:Windowssystem32MsSpellCheckingFacility.exe
2014-07-09 07:32 - 2014-06-19 03:09 - 00452608 _____ (Microsoft Corporation) C:Windowssystem32dxtmsft.dll
2014-07-09 07:32 - 2014-06-19 02:59 - 00038400 _____ (Microsoft Corporation) C:Windowssystem32JavaScriptCollectionAgent.dll
2014-07-09 07:32 - 2014-06-19 02:56 - 02724864 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb
2014-07-09 07:32 - 2014-06-19 02:53 - 00195584 _____ (Microsoft Corporation) C:Windowssystem32msrating.dll
2014-07-09 07:32 - 2014-06-19 02:51 - 05721088 _____ (Microsoft Corporation) C:Windowssystem32jscript9.dll
2014-07-09 07:32 - 2014-06-19 02:50 - 00085504 _____ (Microsoft Corporation) C:Windowssystem32mshtmled.dll
2014-07-09 07:32 - 2014-06-19 02:48 - 00292864 _____ (Microsoft Corporation) C:Windowssystem32dxtrans.dll
2014-07-09 07:32 - 2014-06-19 02:39 - 00608768 _____ (Microsoft Corporation) C:Windowssystem32ie4uinit.exe
2014-07-09 07:32 - 2014-06-19 02:38 - 00455168 _____ (Microsoft Corporation) C:WindowsSysWOW64vbscript.dll
2014-07-09 07:32 - 2014-06-19 02:37 - 00061952 _____ (Microsoft Corporation) C:WindowsSysWOW64iesetup.dll
2014-07-09 07:32 - 2014-06-19 02:36 - 00051200 _____ (Microsoft Corporation) C:WindowsSysWOW64ieetwproxystub.dll
2014-07-09 07:32 - 2014-06-19 02:35 - 00062464 _____ (Microsoft Corporation) C:WindowsSysWOW64MshtmlDac.dll
2014-07-09 07:32 - 2014-06-19 02:33 - 00631808 _____ (Microsoft Corporation) C:Windowssystem32msfeeds.dll
2014-07-09 07:32 - 2014-06-19 02:32 - 02179072 _____ (Microsoft Corporation) C:WindowsSysWOW64iertutil.dll
2014-07-09 07:32 - 2014-06-19 02:28 - 00043008 _____ (Microsoft Corporation) C:WindowsSysWOW64jsproxy.dll
2014-07-09 07:32 - 2014-06-19 02:28 - 00032768 _____ (Microsoft Corporation) C:WindowsSysWOW64iernonce.dll
2014-07-09 07:32 - 2014-06-19 02:27 - 02040832 _____ (Microsoft Corporation) C:Windowssystem32inetcpl.cpl
2014-07-09 07:32 - 2014-06-19 02:27 - 01249280 _____ (Microsoft Corporation) C:Windowssystem32mshtmlmedia.dll
2014-07-09 07:32 - 2014-06-19 02:25 - 00442368 _____ (Microsoft Corporation) C:WindowsSysWOW64ieui.dll
2014-07-09 07:32 - 2014-06-19 02:23 - 00112128 _____ (Microsoft Corporation) C:WindowsSysWOW64ieUnatt.exe
2014-07-09 07:32 - 2014-06-19 02:22 - 00592896 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript9diag.dll
2014-07-09 07:32 - 2014-06-19 02:12 - 00367616 _____ (Microsoft Corporation) C:WindowsSysWOW64dxtmsft.dll
2014-07-09 07:32 - 2014-06-19 02:06 - 00032256 _____ (Microsoft Corporation) C:WindowsSysWOW64JavaScriptCollectionAgent.dll
2014-07-09 07:32 - 2014-06-19 02:01 - 00164864 _____ (Microsoft Corporation) C:WindowsSysWOW64msrating.dll
2014-07-09 07:32 - 2014-06-19 01:59 - 00069632 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtmled.dll
2014-07-09 07:32 - 2014-06-19 01:58 - 02266112 _____ (Microsoft Corporation) C:Windowssystem32wininet.dll
2014-07-09 07:32 - 2014-06-19 01:58 - 00239616 _____ (Microsoft Corporation) C:WindowsSysWOW64dxtrans.dll
2014-07-09 07:32 - 2014-06-19 01:52 - 04254720 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript9.dll
2014-07-09 07:32 - 2014-06-19 01:51 - 13527040 _____ (Microsoft Corporation) C:Windowssystem32ieframe.dll
2014-07-09 07:32 - 2014-06-19 01:49 - 00526336 _____ (Microsoft Corporation) C:WindowsSysWOW64msfeeds.dll
2014-07-09 07:32 - 2014-06-19 01:46 - 01068032 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtmlmedia.dll
2014-07-09 07:32 - 2014-06-19 01:45 - 01964544 _____ (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl
2014-07-09 07:32 - 2014-06-19 01:35 - 11742208 _____ (Microsoft Corporation) C:WindowsSysWOW64ieframe.dll
2014-07-09 07:32 - 2014-06-19 01:34 - 01393664 _____ (Microsoft Corporation) C:Windowssystem32urlmon.dll
2014-07-09 07:32 - 2014-06-19 01:15 - 00846336 _____ (Microsoft Corporation) C:Windowssystem32ieapfltr.dll
2014-07-09 07:32 - 2014-06-19 01:13 - 01791488 _____ (Microsoft Corporation) C:WindowsSysWOW64wininet.dll
2014-07-09 07:32 - 2014-06-19 01:09 - 01139200 _____ (Microsoft Corporation) C:WindowsSysWOW64urlmon.dll
2014-07-09 07:32 - 2014-06-19 01:07 - 00704512 _____ (Microsoft Corporation) C:WindowsSysWOW64ieapfltr.dll
2014-07-09 07:32 - 2014-06-18 05:18 - 00692736 _____ (Microsoft Corporation) C:Windowssystem32osk.exe
2014-07-09 07:32 - 2014-06-18 04:51 - 00646144 _____ (Microsoft Corporation) C:WindowsSysWOW64osk.exe
2014-07-09 07:32 - 2014-06-18 04:10 - 03157504 _____ (Microsoft Corporation) C:Windowssystem32win32k.sys
2014-07-09 07:32 - 2014-06-06 13:10 - 00624128 _____ (Microsoft Corporation) C:Windowssystem32qedit.dll
2014-07-09 07:32 - 2014-06-06 12:44 - 00509440 _____ (Microsoft Corporation) C:WindowsSysWOW64qedit.dll
2014-07-09 07:32 - 2014-06-05 17:45 - 01460736 _____ (Microsoft Corporation) C:Windowssystem32lsasrv.dll
2014-07-09 07:32 - 2014-06-05 17:26 - 00022016 _____ (Microsoft Corporation) C:WindowsSysWOW64secur32.dll
2014-07-09 07:32 - 2014-06-05 17:25 - 00096768 _____ (Microsoft Corporation) C:WindowsSysWOW64sspicli.dll
2014-07-09 07:32 - 2014-05-30 11:08 - 00728064 _____ (Microsoft Corporation) C:Windowssystem32kerberos.dll
2014-07-09 07:32 - 2014-05-30 11:08 - 00340992 _____ (Microsoft Corporation) C:Windowssystem32schannel.dll
2014-07-09 07:32 - 2014-05-30 11:08 - 00314880 _____ (Microsoft Corporation) C:Windowssystem32msv1_0.dll
2014-07-09 07:32 - 2014-05-30 11:08 - 00307200 _____ (Microsoft Corporation) C:Windowssystem32ncrypt.dll
2014-07-09 07:32 - 2014-05-30 11:08 - 00210944 _____ (Microsoft Corporation) C:Windowssystem32wdigest.dll
2014-07-09 07:32 - 2014-05-30 11:08 - 00086528 _____ (Microsoft Corporation) C:Windowssystem32TSpkg.dll
2014-07-09 07:32 - 2014-05-30 11:08 - 00022016 _____ (Microsoft Corporation) C:Windowssystem32credssp.dll
2014-07-09 07:32 - 2014-05-30 10:52 - 00550912 _____ (Microsoft Corporation) C:WindowsSysWOW64kerberos.dll
2014-07-09 07:32 - 2014-05-30 10:52 - 00259584 _____ (Microsoft Corporation) C:WindowsSysWOW64msv1_0.dll
2014-07-09 07:32 - 2014-05-30 10:52 - 00247808 _____ (Microsoft Corporation) C:WindowsSysWOW64schannel.dll
2014-07-09 07:32 - 2014-05-30 10:52 - 00220160 _____ (Microsoft Corporation) C:WindowsSysWOW64ncrypt.dll
2014-07-09 07:32 - 2014-05-30 10:52 - 00172032 _____ (Microsoft Corporation) C:WindowsSysWOW64wdigest.dll
2014-07-09 07:32 - 2014-05-30 10:52 - 00065536 _____ (Microsoft Corporation) C:WindowsSysWOW64TSpkg.dll
2014-07-09 07:32 - 2014-05-30 10:52 - 00017408 _____ (Microsoft Corporation) C:WindowsSysWOW64credssp.dll
2014-07-09 07:32 - 2014-05-30 09:45 - 00497152 _____ (Microsoft Corporation) C:Windowssystem32Driversafd.sys
2014-06-19 18:07 - 2014-06-19 18:31 - 00000000 ____D () C:Program Files (x86)Pale Moon

==================== One Month Modified Files and Folders =======

2014-07-16 19:58 - 2014-07-16 19:57 - 00016678 _____ () C:UsersSemeistvoDesktopFRST.txt
2014-07-16 19:58 - 2014-04-04 22:41 - 00001004 _____ () C:WindowsTasksGoogleUpdateTaskMachineUA.job
2014-07-16 19:57 - 2014-07-16 19:52 - 00000000 ____D () C:FRST
2014-07-16 19:57 - 2009-07-14 07:45 - 00026144 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 19:57 - 2009-07-14 07:45 - 00026144 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 19:56 - 2009-07-14 08:13 - 00791754 _____ () C:Windowssystem32PerfStringBackup.INI
2014-07-16 19:55 - 2014-07-16 19:55 - 00055181 _____ () C:UsersSemeistvoDownloadsAddition.txt
2014-07-16 19:55 - 2014-07-16 19:52 - 00040913 _____ () C:UsersSemeistvoDownloadsFRST.txt
2014-07-16 19:54 - 2011-11-01 11:26 - 01080355 _____ () C:WindowsWindowsUpdate.log
2014-07-16 19:52 - 2014-07-16 19:52 - 02086912 _____ (Farbar) C:UsersSemeistvoDesktopFRST64.exe
2014-07-16 19:50 - 2014-04-04 22:41 - 00001000 _____ () C:WindowsTasksGoogleUpdateTaskMachineCore.job
2014-07-16 19:50 - 2013-04-21 10:21 - 00039246 _____ () C:Windowssetupact.log
2014-07-16 19:49 - 2014-06-03 18:13 - 00000000 ____D () C:ProgramDataVMware
2014-07-16 19:49 - 2009-07-14 08:08 - 00000006 ____H () C:WindowsTasksSA.DAT
2014-07-16 19:30 - 2014-07-16 19:22 - 00122584 _____ (Malwarebytes Corporation) C:Windowssystem32Drivers48230029.sys
2014-07-16 19:27 - 2010-09-21 21:47 - 00000000 ____D () C:Windowspss
2014-07-16 18:17 - 2013-05-25 20:19 - 00005888 _____ () C:WindowsPFRO.log
2014-07-16 18:05 - 2014-07-16 17:59 - 00122584 _____ (Malwarebytes Corporation) C:Windowssystem32DriversMBAMSwissArmy.sys
2014-07-16 18:02 - 2014-07-16 18:02 - 00041928 _____ () C:Windowssystem32Driversbafec3b6610c210.sys
2014-07-16 17:59 - 2014-07-16 17:59 - 00001102 _____ () C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk
2014-07-16 17:59 - 2014-07-16 17:59 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Malware
2014-07-16 17:59 - 2014-07-16 17:59 - 00000000 ____D () C:Program Files (x86)Malwarebytes Anti-Malware
2014-07-16 17:59 - 2011-04-23 20:52 - 00000000 ____D () C:UsersSemeistvoAppDataRoamingMalwarebytes
2014-07-16 17:59 - 2011-04-23 17:55 - 00000000 ____D () C:ProgramDataMalwarebytes
2014-07-16 17:59 - 2011-04-23 17:55 - 00000000 ____D () C:Program Files (x86)Malwarebytes' Anti-Malware
2014-07-16 17:53 - 2014-07-16 17:53 - 00000000 ____D () C:UserskolioAppDataLocalGoogle
2014-07-16 14:13 - 2012-03-28 15:41 - 00000830 _____ () C:WindowsTasksAdobe Flash Player Updater.job
2014-07-15 20:32 - 2009-07-14 06:20 - 00000000 ____D () C:Windowsrescache
2014-07-10 08:22 - 2009-07-14 07:45 - 00343448 _____ () C:Windowssystem32FNTCACHE.DAT
2014-07-10 08:20 - 2009-07-14 06:20 - 00000000 ____D () C:WindowsSysWOW64Dism
2014-07-10 08:20 - 2009-07-14 06:20 - 00000000 ____D () C:Windowssystem32Dism
2014-07-09 07:55 - 2013-08-15 10:04 - 00000000 ____D () C:Windowssystem32MRT
2014-07-09 07:55 - 2010-07-15 18:33 - 00000000 ____D () C:ProgramDataMicrosoft Help
2014-07-09 07:53 - 2010-07-13 13:30 - 96441528 _____ (Microsoft Corporation) C:Windowssystem32MRT.exe
2014-07-06 14:19 - 2013-01-18 11:49 - 00000000 ___RD () C:UserskolioDropbox
2014-07-06 13:51 - 2014-05-27 17:41 - 00000000 ____D () C:UserskolioAppDataRoamingDropboxMaster
2014-07-06 13:51 - 2013-01-18 11:46 - 00000000 ____D () C:UserskolioAppDataRoamingDropbox
2014-07-06 13:50 - 2010-07-13 14:09 - 00000000 ____D () C:UserskolioAppDataRoaminguTorrent
2014-07-06 13:50 - 2010-07-13 12:55 - 00085368 _____ () C:UserskolioAppDataLocalGDIPFONTCACHEV1.DAT
2014-06-30 16:46 - 2010-07-19 17:39 - 00000000 ____D () C:UsersSemeistvoAppDataRoamingSkype
2014-06-30 16:11 - 2014-03-31 11:37 - 00000000 ___RD () C:Program Files (x86)Skype
2014-06-30 16:11 - 2010-07-13 14:21 - 00000000 ____D () C:ProgramDataSkype
2014-06-21 15:53 - 2014-04-04 22:41 - 00004000 _____ () C:WindowsSystem32TasksGoogleUpdateTaskMachineUA
2014-06-21 15:53 - 2014-04-04 22:41 - 00003748 _____ () C:WindowsSystem32TasksGoogleUpdateTaskMachineCore
2014-06-20 23:14 - 2014-07-09 07:32 - 00266424 _____ (Microsoft Corporation) C:Windowssystem32iedkcs32.dll
2014-06-20 22:39 - 2014-07-09 07:32 - 00240824 _____ (Microsoft Corporation) C:WindowsSysWOW64iedkcs32.dll
2014-06-19 21:12 - 2010-07-13 16:55 - 00085368 _____ () C:UsersSemeistvoAppDataLocalGDIPFONTCACHEV1.DAT
2014-06-19 20:08 - 2013-01-13 02:40 - 00000000 ____D () C:t-engine4-windows-1.0.0
2014-06-19 18:31 - 2014-06-19 18:07 - 00000000 ____D () C:Program Files (x86)Pale Moon
2014-06-19 18:29 - 2012-09-25 22:04 - 00000000 ____D () C:UserskolioAppDataRoaming.Torrent Stream
2014-06-19 18:29 - 2012-09-25 22:03 - 00000000 ____D () C:UserskolioAppDataRoamingTorrentStream
2014-06-19 18:27 - 2011-10-14 19:45 - 00000000 ____D () C:Program FilesOracle
2014-06-19 18:25 - 2012-03-24 03:23 - 00000000 ____D () C:Program Files (x86)Hasbro
2014-06-19 18:25 - 2011-01-10 20:00 - 00000000 ____D () C:UserskolioAppDataRoamingGameRanger
2014-06-19 18:25 - 2010-08-30 16:44 - 00000000 ___RD () C:ProgramDataMicrosoftWindowsStart MenuProgramsGames
2014-06-19 18:25 - 2010-07-13 14:26 - 00000000 ____D () C:Program Files (x86)Auslogics
2014-06-19 18:24 - 2010-07-13 14:41 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsAuslogics
2014-06-19 18:24 - 2010-07-13 14:33 - 00000000 ____D () C:ProgramDataTEMP
2014-06-19 04:39 - 2014-07-09 07:32 - 23464448 _____ (Microsoft Corporation) C:Windowssystem32mshtml.dll
2014-06-19 04:06 - 2014-07-09 07:32 - 02724864 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb
2014-06-19 04:06 - 2014-07-09 07:32 - 00004096 _____ (Microsoft Corporation) C:Windowssystem32ieetwcollectorres.dll
2014-06-19 03:48 - 2014-07-09 07:32 - 02768384 _____ (Microsoft Corporation) C:Windowssystem32iertutil.dll
2014-06-19 03:42 - 2014-07-09 07:32 - 00548352 _____ (Microsoft Corporation) C:Windowssystem32vbscript.dll
2014-06-19 03:42 - 2014-07-09 07:32 - 00066048 _____ (Microsoft Corporation) C:Windowssystem32iesetup.dll
2014-06-19 03:41 - 2014-07-09 07:32 - 00083968 _____ (Microsoft Corporation) C:Windowssystem32MshtmlDac.dll
2014-06-19 03:41 - 2014-07-09 07:32 - 00048640 _____ (Microsoft Corporation) C:Windowssystem32ieetwproxystub.dll
2014-06-19 03:32 - 2014-07-09 07:32 - 00051200 _____ (Microsoft Corporation) C:Windowssystem32jsproxy.dll
2014-06-19 03:31 - 2014-07-09 07:32 - 00033792 _____ (Microsoft Corporation) C:Windowssystem32iernonce.dll
2014-06-19 03:26 - 2014-07-09 07:32 - 00598016 _____ (Microsoft Corporation) C:Windowssystem32ieui.dll
2014-06-19 03:24 - 2014-07-09 07:32 - 00139264 _____ (Microsoft Corporation) C:Windowssystem32ieUnatt.exe
2014-06-19 03:24 - 2014-07-09 07:32 - 00111616 _____ (Microsoft Corporation) C:Windowssystem32ieetwcollector.exe
2014-06-19 03:23 - 2014-07-09 07:32 - 00752640 _____ (Microsoft Corporation) C:Windowssystem32jscript9diag.dll
2014-06-19 03:16 - 2014-07-09 07:32 - 17276416 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.dll
2014-06-19 03:14 - 2014-07-09 07:32 - 00940032 _____ (Microsoft Corporation) C:Windowssystem32MsSpellCheckingFacility.exe
2014-06-19 03:09 - 2014-07-09 07:32 - 00452608 _____ (Microsoft Corporation) C:Windowssystem32dxtmsft.dll
2014-06-19 02:59 - 2014-07-09 07:32 - 00038400 _____ (Microsoft Corporation) C:Windowssystem32JavaScriptCollectionAgent.dll
2014-06-19 02:56 - 2014-07-09 07:32 - 02724864 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb
2014-06-19 02:53 - 2014-07-09 07:32 - 00195584 _____ (Microsoft Corporation) C:Windowssystem32msrating.dll
2014-06-19 02:51 - 2014-07-09 07:32 - 05721088 _____ (Microsoft Corporation) C:Windowssystem32jscript9.dll
2014-06-19 02:50 - 2014-07-09 07:32 - 00085504 _____ (Microsoft Corporation) C:Windowssystem32mshtmled.dll
2014-06-19 02:48 - 2014-07-09 07:32 - 00292864 _____ (Microsoft Corporation) C:Windowssystem32dxtrans.dll
2014-06-19 02:39 - 2014-07-09 07:32 - 00608768 _____ (Microsoft Corporation) C:Windowssystem32ie4uinit.exe
2014-06-19 02:38 - 2014-07-09 07:32 - 00455168 _____ (Microsoft Corporation) C:WindowsSysWOW64vbscript.dll
2014-06-19 02:37 - 2014-07-09 07:32 - 00061952 _____ (Microsoft Corporation) C:WindowsSysWOW64iesetup.dll
2014-06-19 02:36 - 2014-07-09 07:32 - 00051200 _____ (Microsoft Corporation) C:WindowsSysWOW64ieetwproxystub.dll
2014-06-19 02:35 - 2014-07-09 07:32 - 00062464 _____ (Microsoft Corporation) C:WindowsSysWOW64MshtmlDac.dll
2014-06-19 02:33 - 2014-07-09 07:32 - 00631808 _____ (Microsoft Corporation) C:Windowssystem32msfeeds.dll
2014-06-19 02:32 - 2014-07-09 07:32 - 02179072 _____ (Microsoft Corporation) C:WindowsSysWOW64iertutil.dll
2014-06-19 02:28 - 2014-07-09 07:32 - 00043008 _____ (Microsoft Corporation) C:WindowsSysWOW64jsproxy.dll
2014-06-19 02:28 - 2014-07-09 07:32 - 00032768 _____ (Microsoft Corporation) C:WindowsSysWOW64iernonce.dll
2014-06-19 02:27 - 2014-07-09 07:32 - 02040832 _____ (Microsoft Corporation) C:Windowssystem32inetcpl.cpl
2014-06-19 02:27 - 2014-07-09 07:32 - 01249280 _____ (Microsoft Corporation) C:Windowssystem32mshtmlmedia.dll
2014-06-19 02:25 - 2014-07-09 07:32 - 00442368 _____ (Microsoft Corporation) C:WindowsSysWOW64ieui.dll
2014-06-19 02:23 - 2014-07-09 07:32 - 00112128 _____ (Microsoft Corporation) C:WindowsSysWOW64ieUnatt.exe
2014-06-19 02:22 - 2014-07-09 07:32 - 00592896 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript9diag.dll
2014-06-19 02:12 - 2014-07-09 07:32 - 00367616 _____ (Microsoft Corporation) C:WindowsSysWOW64dxtmsft.dll
2014-06-19 02:06 - 2014-07-09 07:32 - 00032256 _____ (Microsoft Corporation) C:WindowsSysWOW64JavaScriptCollectionAgent.dll
2014-06-19 02:01 - 2014-07-09 07:32 - 00164864 _____ (Microsoft Corporation) C:WindowsSysWOW64msrating.dll
2014-06-19 01:59 - 2014-07-09 07:32 - 00069632 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtmled.dll
2014-06-19 01:58 - 2014-07-09 07:32 - 02266112 _____ (Microsoft Corporation) C:Windowssystem32wininet.dll
2014-06-19 01:58 - 2014-07-09 07:32 - 00239616 _____ (Microsoft Corporation) C:WindowsSysWOW64dxtrans.dll
2014-06-19 01:52 - 2014-07-09 07:32 - 04254720 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript9.dll
2014-06-19 01:51 - 2014-07-09 07:32 - 13527040 _____ (Microsoft Corporation) C:Windowssystem32ieframe.dll
2014-06-19 01:49 - 2014-07-09 07:32 - 00526336 _____ (Microsoft Corporation) C:WindowsSysWOW64msfeeds.dll
2014-06-19 01:46 - 2014-07-09 07:32 - 01068032 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtmlmedia.dll
2014-06-19 01:45 - 2014-07-09 07:32 - 01964544 _____ (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl
2014-06-19 01:35 - 2014-07-09 07:32 - 11742208 _____ (Microsoft Corporation) C:WindowsSysWOW64ieframe.dll
2014-06-19 01:34 - 2014-07-09 07:32 - 01393664 _____ (Microsoft Corporation) C:Windowssystem32urlmon.dll
2014-06-19 01:15 - 2014-07-09 07:32 - 00846336 _____ (Microsoft Corporation) C:Windowssystem32ieapfltr.dll
2014-06-19 01:13 - 2014-07-09 07:32 - 01791488 _____ (Microsoft Corporation) C:WindowsSysWOW64wininet.dll
2014-06-19 01:09 - 2014-07-09 07:32 - 01139200 _____ (Microsoft Corporation) C:WindowsSysWOW64urlmon.dll
2014-06-19 01:07 - 2014-07-09 07:32 - 00704512 _____ (Microsoft Corporation) C:WindowsSysWOW64ieapfltr.dll
2014-06-18 05:18 - 2014-07-09 07:32 - 00692736 _____ (Microsoft Corporation) C:Windowssystem32osk.exe
2014-06-18 04:51 - 2014-07-09 07:32 - 00646144 _____ (Microsoft Corporation) C:WindowsSysWOW64osk.exe
2014-06-18 04:10 - 2014-07-09 07:32 - 03157504 _____ (Microsoft Corporation) C:Windowssystem32win32k.sys
2014-06-17 22:18 - 2014-06-03 18:16 - 00000000 ____D () C:UsersSemeistvoAppDataLocalVMware
2014-06-17 22:16 - 2009-07-14 08:32 - 00000000 ____D () C:Windowssystem32FxsTmp
2014-06-17 22:15 - 2014-06-03 18:16 - 00000000 ____D () C:UsersSemeistvoAppDataRoamingVMware

Some content of TEMP:
====================
C:UserskolioAppDataLocalTempdropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppjzdmm.dll
C:UserskolioAppDataLocalTempjre-7u51-windows-i586-iftw.exe
C:UserskolioAppDataLocalTempsfamcc00001.dll
C:UsersSemeistvoAppDataLocalTempGUninstaller.exe
C:UsersSemeistvoAppDataLocalTempjre-7u25-windows-i586-iftw.exe
C:UsersSemeistvoAppDataLocalTempjre-7u45-windows-i586-iftw.exe
C:UsersSemeistvoAppDataLocalTempjre-7u55-windows-i586-iftw.exe
C:UsersSemeistvoAppDataLocalTempSkypeSetup.exe
C:UsersSemeistvoAppDataLocalTempuninst1.exe


==================== Bamital & volsnap Check =================

C:WindowsSystem32winlogon.exe => File is digitally signed
C:WindowsSystem32wininit.exe => File is digitally signed
C:WindowsSysWOW64wininit.exe => File is digitally signed
C:Windowsexplorer.exe => File is digitally signed
C:WindowsSysWOW64explorer.exe => File is digitally signed
C:WindowsSystem32svchost.exe => File is digitally signed
C:WindowsSysWOW64svchost.exe => File is digitally signed
C:WindowsSystem32services.exe => File is digitally signed
C:WindowsSystem32User32.dll => File is digitally signed
C:WindowsSysWOW64User32.dll => File is digitally signed
C:WindowsSystem32userinit.exe => File is digitally signed
C:WindowsSysWOW64userinit.exe => File is digitally signed
C:WindowsSystem32rpcss.dll => File is digitally signed
C:WindowsSystem32Driversvolsnap.sys => File is digitally signed


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-07-17 06:48

==================== End Of Log ============================

Addition.txt

Линк към коментара
Сподели в други сайтове
icotonev Баш майстор

icotonev

публикувано
публикувано

Здравейте..! Не се е получило с чистенето..Все още системата ви е заразена..!

 

Публикувано изображение Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

 

ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

 

След това:

 

СТЪПКА 1:

 

 

Публикувано изображениеМоля, изтеглете и стартирайте програмата AdwCleaner(by Xplode):

  • [*]Затворете всички стартирани програми и браузъри [*]Кликнете два пъти върху
adwcleaner.exe за да стартирате инструмента. [*]Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени. [*]Маркирайте Clean [*]Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта. [*]Моля, да публикувате съдържанието на този лог в отговора си [*]Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

 

СТЪПКА 2:

 

 

 

Публикувано изображение Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • [*]Спрете временно работата на защитните програми. [*]Стартирайте инструмента
JRT.exe [*]Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата. [*]Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши. [*]Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt). [*]Моля копирайте съдържанието на лог файла в следващия си пост.

Публикувано изображение

 

 

СТЪПКА 3:

 

Публикувано изображение Изтеглете ComboFix Публикувано изображение от тук и го запазете на десктопа си.
How to use ComboFix
Публикувано изображение Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.
Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to disable your security applications by amateur
Публикувано изображение Стартирайте Combo-Fix.com Публикувано изображение и следвайте инструкциите.
Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:ComboFix.txt в следващия Ви коментар в тази тема.
Публикувано изображение Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

Линк към коментара
Сподели в други сайтове
icotonev Баш майстор

icotonev

публикувано
публикувано

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

 

KILLALL::ClearJavaCache::DDS::Trusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.com

 

 
След съхранението преместете  CFScript.txt на иконата на ComboFix.exe

Публикувано изображение

Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

Линк към коментара
Сподели в други сайтове
icotonev Баш майстор

icotonev

публикувано
публикувано

Здравейте..!Как е положението след процедурите до тук..?

 

За контрол и приключваме..:

 

 Публикувано изображениеИзтеглете Hitman Pro.

  • [*]За
32-битова система - Публикувано изображение. [*]За 64-битова система - Публикувано изображение

2.Стартирайте програмата.
3.След като сте стартирали програмата като кликнете върху иконата Публикувано изображение и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).
4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".
5.Натиснете бутона „Напред“.
6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.
7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.
8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.
9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.
Забележка: Ако няма падащо меню, където да изберете ignore както на снимката
:
Публикувано изображение

...тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:ProgramdataHitmanProLogs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

 

 

Публикувано изображение Изтеглете програмата: ESET Online Scanner

  • [*]Стартирайте esetsmartinstaller_enu.exe
Публикувано изображение [*]Сложете отметка на YES, I accept the Terms of Use и изберете Start:

  • [*]
Публикувано изображение

  • [*]Скенерът ще започне да изтегля компонентите, които са му необходими:

  • [*]
Публикувано изображение

Уверете се, че е премахната отметката от:

  • [*]
Remove found threats

Уверете се че са маркирани следните позиции:

  • [*]
Scan Archives

Кликнете върху Advanced Settings и маркирайте следните опции:

  • [*]
Scan for potentially unwanted applications [*]Scan for potentially unsafe applications [*]Enable Anti-Stealth Technology

Накрая изберете Start
Скенерът ще започне да изтегля последните дефиниции и ще започне сканиране на вашия компютър.
Моля, бъдете търпеливи, тъй като това може да отнеме известно време.

  • [*]След, като сканирането завърши кликнете на
List of found threats. [*]Щракнете върху Export, и запишете файла на вашия работен плот с  име  ESETScan. Копирайте съдържанието на този доклад, в следващия си отговор. [*]Изберете бутона Back. [*]Изберете бутона Finish.

Линк към коментара
Сподели в други сайтове
crazyfan_metal Ентусиаст

crazyfan_metal

публикувано
  • Автор
публикувано

По-добре е вече. Благодаря за помощта :). Жив и здрав и все така да помагаш на нуждаещите се!

 

Логовете:

HitmanPro 3.7.9.221www.hitmanpro.com   Computer name . . . . : KOLIO-PC-LOL   Windows . . . . . . . : 6.1.1.7601.X64/3   User name . . . . . . : kolio-PC-lolSemeistvo   UAC . . . . . . . . . : Disabled   License . . . . . . . : Free   Scan date . . . . . . : 2014-07-20 15:18:19   Scan mode . . . . . . : Normal   Scan duration . . . . : 4m 33s   Disk access mode  . . : Direct disk access (SRB)   Cloud . . . . . . . . : Internet   Reboot  . . . . . . . : No   Threats . . . . . . . : 0   Traces  . . . . . . . : 144   Objects scanned . . . : 1 996 551   Files scanned . . . . : 43 461   Remnants scanned  . . : 584 741 files / 1 368 349 keysMiniport ____________________________________________________________________   Primary	  DriverObject . . . : FFFFFA80048CD2E0	  DriverName . . . . : Driveratapi	  DriverPath . . . . : SystemRootsystem32driversatapi.sys	  StartIo  . . . . . : 0000000000000000 +0	  IRP_MJ_SCSI  . . . : FFFFFA80048372C0 +0   Solution	  DriverObject . . . : FFFFFA80048CD2E0	  DriverName . . . . : Driveratapi	  DriverPath . . . . : SystemRootsystem32driversatapi.sys	  StartIo  . . . . . : 0000000000000000 +0	  IRP_MJ_SCSI  . . . : FFFFF88000C074D8 SystemRootsystem32driversataport.SYS+29912Suspicious files ____________________________________________________________   C:UsersSemeistvoDesktopFRST64.exe	  Size . . . . . . . : 2 086 912 bytes	  Age  . . . . . . . : 3.8 days (2014-07-16 19:52:14)	  Entropy  . . . . . : 7.5	  SHA-256  . . . . . : 9A197DE45C513978C0DFC0FD652D3C4C164D6949B4D0813F46B5B66C807F8047	  Needs elevation  . : Yes	  Fuzzy  . . . . . . : 24.0		 Program has no publisher information but prompts the user for permission elevation.		 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.		 Authors name is missing in version info. This is not common to most programs.		 Version control is missing. This file is probably created by an individual. This is not typical for most programs.		 Time indicates that the file appeared recently on this computer.Potential Unwanted Programs _________________________________________________   HKLMSOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved{947217BD-E967-400A-B14A-BA851A8EDCBB} (Babylon)Cookies _____________________________________________________________________   C:UserskolioAppDataLocalGoogleChromeUser DataDefaultCookies:ads.yahoo.com   C:UserskolioAppDataLocalGoogleChromeUser DataDefaultCookies:doubleclick.net   C:UsersSemeistvoAppDataRoamingMicrosoftWindowsCookiesENGDKSEX.txt   C:UsersSemeistvoAppDataRoamingMicrosoftWindowsCookiesGEHH68GS.txt   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:1xxx.cqcounter.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:21sextury.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:2o7.net   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:4porn.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:4tube.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:7x24-sex.net   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:ad.cdxnn.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:adultadworld.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:alphaporno.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:anyporn.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:anysex.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:atdmt.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:befuck.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:brazzers.sexdelivery.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:clubxxxvideos.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:collectionofbestporn.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:doubleclick.net   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:dutchporn.org   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:elitexxxvideo.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:epornon.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:ero-advertising.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:fr.t.hardsextube.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:freepornvs.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:geniusporn.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:getclicky.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:gustoporntube.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:h.atdmt.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:h2porn.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:hardsextube.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:hdfuck.xxx   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:hdpornfree.tv   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:hdsexworld.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:hearstmagazines.112.2o7.net   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:hellporno.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:hotlog.ru   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:hotpornshow.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:hugesex.tv   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:ice-porn.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:img.pornoid.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:in.getclicky.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:invitemedia.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:ixxx.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:kingsex.eu   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:lemmecheck.xxx   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:lightxxx.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:live-cams-1.livejasmin.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:livejasmin.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:lookforporn.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:maybeporn.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:microsoftsto.112.2o7.net   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:momssexy.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:monkeyporntube.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:mypornvideo.xxx   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:nhhotelessa.112.2o7.net   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:novoporn.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:oracle.112.2o7.net   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:pcworldcommunication.122.2o7.net   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:porn.hu   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:pornerbros.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:pornex.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:pornhub.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:pornoid.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:pornoinhd.xxx   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:pornorc.net   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:pornoxo.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:pornparadox.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:pornsharing.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:porntalk.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:pornyaz.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:premiumtv.122.2o7.net   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:pureandsexy.org   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:realitykings.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:rk.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:rossoporn.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:sexdelivery.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:sexlew.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:sexorc.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:sexvideomix.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:sexypornvideo.net   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:sonyhelpguideglobal.112.2o7.net   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:spylog.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:stat.onestat.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:statcounter.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:static.getclicky.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:statse.webtrendslive.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:streampornvideo.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:t.hardsextube.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:teenxxxtubes.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:track.hubrus.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:tubesexfind.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:vivaxxx.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:vporn.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:wileypublishing.112.2o7.net   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:worldsex.vc   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.4tube.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.amateursexmatch.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.befuck.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.geniusporn.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.googleadservices.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.hamstersex.xxx   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.hardsextube.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.hdpornoevim.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.hdpornvideo.xxx   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.hornybunny.net   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.hqneedsex.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.hqsexytube.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.hugesex.tv   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.lookforporn.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.momsexclipz.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.monkeyporntube.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.playxxxtube.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.pornerbros.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.pornhub.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.pornoid.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.pornorc.net   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.pornoxo.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.pornparadox.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.pornyaz.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.pureandsexy.org   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.sexlend.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.sexlew.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.sexmixed.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.sexorc.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.sextubehd.xxx   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.tubehardsex.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.vivaxxx.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.xelephantporn.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.xnxxhd.xxx   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.youhdporn.xxx   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:www.youporn.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:xiti.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:xnin.xxx   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:xxx-4-free.net   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:xxxbunker.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:xxxn.eu   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:yadro.ru   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:youporn.com   C:UsersSemeistvoAppDataRoamingMozillaFirefoxProfilesecszno6d.defaultcookies.sqlite:yourtube.xxx
 

C:Program Files (x86)ABBYY FineReader 1111.0.110.121.PE.exe  a variant of Win32/HackTool.Patcher.AD potentially unsafe applicationC:UserskolioAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5J2RNT7GBSopCast.zip  a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationC:UsersSemeistvoDownloadsBabylon10_setup.exe  a variant of Win32/Toolbar.Babylon.H potentially unwanted applicationC:WindowsKMService.exe  Win32/HackKMS.A potentially unsafe applicationC:WindowskmsemKMService.exe  Win32/HackKMS.B potentially unsafe applicationC:WindowskmsemShadow.KMS  Win32/HackKMS.B potentially unsafe applicationD:pladim113_0926Downloadsdriver_fusion_1.5.0.exe  Win32/OpenCandy potentially unsafe applicationD:pladim113_0926Downloadswintoflash-setup.exe  Win32/Somoto.A potentially unwanted applicationD:pladim113_0926Downloadsmini-KMS_Activator_v1.072_EN-FIXEDmKMSAct.exe  Win32/HackKMS.B potentially unsafe application 

Линк към коментара
Сподели в други сайтове
icotonev Баш майстор

icotonev

публикувано
публикувано

Виждат се два - три остатъка..махаме ги и финал..:
 
Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

 

KILLALL::File::C:UserskolioAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5J2RNT7GBSopCast.zipC:UsersSemeistvoDownloadsBabylon10_setup.exeD:pladim113_0926Downloadsdriver_fusion_1.5.0.exe   D:pladim113_0926Downloadswintoflash-setup.exe    Registry::[-HKLMSOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved{947217BD-E967-400A-B14A-BA851A8EDCBB}]

 
След съхранението преместете  CFScript.txt на иконата на ComboFix.exe

Публикувано изображение

Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

Линк към коментара
Сподели в други сайтове
icotonev Баш майстор

icotonev

публикувано
публикувано

Супер..! Публикувано изображение

 

Деинсталирайте ComboFix така:

  • [*]Натиснете Start ==> Run ==> въведете командата
Combofix /Uninstall ==> OK

  • [*]
Публикувано изображение

  • [*]Моля, следвайте инструкциите, за да деинсталирате ComboFix. Ще получите съобщение, в което се казва ComboFix е деинсталиран успешно.

 

Публикувано изображение Изтеглете следния файл и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи публикувайте лог файла - fixlog.txt, който ще се създаде след работата. Той трябва да изтрие карантинната папка на инструмента разположена в C:FRSTQuarantine.

 
Публикувано изображение Изтеглете DelFix и го стартирайте. Сложете отметка пред Remove disinfection tools и след това натиснете бутона Run
Инструмента ще се самоизтрие след като приключи своята задача!

 

Публикувано изображение
 
 
Публикувано изображение Деинсталирайте ESET Online Scaner.

  • [*]
Start => Run, въведете control appwiz.cpl в полето.След това натиснете ENTER. [*]Изберете ESET Online Scanner от списъка с приложения, а след това маркирайте Remove. Aко бъдете подканени рестартирайте компютъра си.

 
Ако има инструменти, папки или логове от използваните от нас неща и те не са се изтрили при горе-споменатите процедури, ги изтрийте ръчно.

Ако нямате други въпроси и проблеми маркирам случая за "Решен"..! Пожелавам лека  вечер и безопасен интернет..!  Публикувано изображение

Линк към коментара
Сподели в други сайтове

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

Назад
×
×
  • Добави ново...