Премини към съдържанието
От 1-ви септември 2021 г., вход във форумите ще е възможен само с имейл адрес вместо потребителско име. Ако не помните имейла с който сте се регистрирали, вижте го в настройките на профила си. ×
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Проблем със спайуер


Препоръчан отговор


Здравейте,

От два,три дни който и сайт да отворя ( zamunda, dir ,facebook и др. ) ми се отварят  по няколко рекламни прозореца,забива понякога  като се опитам да отворя  и някой нов прозорец,появи се някакво Fast Start на Мозилата........

Имам няколко чистачки  като: Мalwarebytes Anti-Malware ,SUPERAntiSpyware,CCleaner и вчера понеже проблема с този спайуер просто не се търпи си свалих Spybot -S&D.Без CCleaner другите ги ъпдейтнах и пак същата работа,само май XoftSpy oще не съм я пробвал.

Може ли някой по запознат да каже програма или друг начин ако трябва ръчно с който да мога да премахна тази гад.

Забравих да спомена ,че съм с Windows XP SP3 ако е от някакво значение.

Благодаря предварително за отделеното време и отговора ви.

Линк към коментара
Сподели в други сайтове

Ето темата. Не виждам да си изпълнил стъпките. Колегите от HJT Team ще помогнат

Линк към коментара
Сподели в други сайтове

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by bebo (administrator) on BEBO-D36ABF589C on 09-09-2014 16:12:31
Running from G:\Филми
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cherished Technololgy LIMITED) C:\Documents and Settings\All Users\Application Data\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(InfoHD-V2.1) C:\Program Files\HD-V2.1\b6871200-4fce-465f-8aaa-c0ac45b69709.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Nalpeiron Ltd.) C:\WINDOWS\system32\ASTSRV.EXE
(ASUSTeK COMPUTER INC.) C:\WINDOWS\ATKKBService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
() C:\Program Files\ICQ6Toolbar\ICQ Service.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
() C:\WINDOWS\system32\nethtsrv.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Creative Technology Ltd) C:\Program Files\Creative\DVDAudio\CTDVDDET.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CtHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Creative Technology Ltd) C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Datecs\FlexType 2K\FType2K.exe
() C:\WINDOWS\system32\r_server.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\WINDOWS\system32\netupdsrv.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(www.BitComet.com) C:\Program Files\BitComet\BitComet.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [standby] => c:\Program Files\Common Files\Corel\Standby\Standby.exe [105632 2010-01-07] (Corel)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2602784 2013-10-23] ()
HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [CTDVDDET] => C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE [45056 2003-06-18] (Creative Technology Ltd)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM\...\Run: [CTHelper] => CTHELPER.EXE
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [383528 2014-05-30] (Acronis)
HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\.DEFAULT\...\Run: [bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\.DEFAULT\...\Run: [bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\.DEFAULT\...\Run: [bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
HKU\S-1-5-19\...\RunOnce: [showDeskFix] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-20\...\RunOnce: [showDeskFix] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-21-861567501-1409082233-682003330-1003\...\Run: [Creative Detector] => C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [102400 2004-12-02] (Creative Technology Ltd)
HKU\S-1-5-21-861567501-1409082233-682003330-1003\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\S-1-5-21-861567501-1409082233-682003330-1003\...\Policies\system: [HideLogoffScripts] 0
HKU\S-1-5-21-861567501-1409082233-682003330-1003\...\Policies\system: [RunLogonScriptSync] 1
HKU\S-1-5-21-861567501-1409082233-682003330-1003\...\Policies\system: [RunStartupScriptSync] 0
HKU\S-1-5-21-861567501-1409082233-682003330-1003\...\Policies\system: [HideStartupScripts] 0
HKU\S-1-5-21-861567501-1409082233-682003330-1003\...\MountPoints2: {25197c72-7c2e-11dd-a2da-00e04c1d000e} - F:\AutoRunCD.exe
HKU\S-1-5-21-861567501-1409082233-682003330-1003\...\MountPoints2: {25197c77-7c2e-11dd-a2da-00e04c1d000e} - F:\autoplay.exe
HKU\S-1-5-21-861567501-1409082233-682003330-1003\...\MountPoints2: {25197c7a-7c2e-11dd-a2da-00e04c1d000e} - F:\autorun.exe
HKU\S-1-5-21-861567501-1409082233-682003330-1003\...\MountPoints2: {894122a1-849e-11dc-a0f7-00e04c1d000e} - F:\autoplay.exe
HKU\S-1-5-21-861567501-1409082233-682003330-1003\...\MountPoints2: {a8672e22-7cc5-11dd-a2dd-00e04c1d000e} - H:\autoplay.exe
HKU\S-1-5-21-861567501-1409082233-682003330-1008\...\RunOnce: [showDeskFix] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-21-861567501-1409082233-682003330-1008\...\RunOnce: [iE7-10] => rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N
HKU\S-1-5-21-861567501-1409082233-682003330-1008\...\RunOnce: [NeroHomeFirstStart] => C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe [208896 2005-09-04] (Nero AG)
IFEO\Your Image File Name Here without a path: [Debugger]
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk
ShortcutTarget: FlexType 2K.lnk -> C:\Program Files\Datecs\FlexType 2K\FType2K.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1410076223&from=amt&uid=ST3400620AS_9QG57HARXXXX9QG57HAR
HKCU\Software\Microsoft\Internet Explorer\Main,Prev Search Bar = http://google.icq.com/search/search_frame.php
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.conduit.com?SearchSource=10&ctid=CT2801948
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1410076223&from=amt&uid=ST3400620AS_9QG57HARXXXX9QG57HAR
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1410076223&from=amt&uid=ST3400620AS_9QG57HARXXXX9QG57HAR&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1410076223&from=amt&uid=ST3400620AS_9QG57HARXXXX9QG57HAR
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1410076223&from=amt&uid=ST3400620AS_9QG57HARXXXX9QG57HAR
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1410076223&from=amt&uid=ST3400620AS_9QG57HARXXXX9QG57HAR&q={searchTerms}
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1410076223&from=amt&uid=ST3400620AS_9QG57HARXXXX9QG57HAR
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - DE86335D79A24289BC516F1C7139E599 URL = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=BG&install_date=20121209&user_guid=1C406ADCAD80449CAA4B8F9F020455C0&machine_id=96d60dd14565dd098e9059c4abc91437&browser=IE&os=win&os_version=5.1-x86-SP2&iesrc={referrer:source}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {80AEF9C4-7C2D-4716-B08F-10D57E300EFF} URL = http://www.mysearchresults.com/search?c=2408&t=14&q={searchTerms}
SearchScopes: HKCU - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9} URL = http://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2450490
SearchScopes: HKCU - {BE9654C9-9D79-42ec-B55A-3CAEB12DBF58} URL = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
BHO: HD-V2.1 -> {11111111-1111-1111-1111-110611411141} -> C:\Program Files\HD-V2.1\HD-V2.1-bho.dll (InfoHD-V2.1)
BHO: Freecorder Toolbar -> {1392b8d2-5c05-419f-a8f6-b9f15a596612} -> C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM - Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Freecorder Toolbar - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193495668500
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193495661500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AC519E4E-EDF0-48C7-8ADA-2A4A5B1C81C9} -  No File [ ]
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: hxxp://www.istartsurf.com/?type=hp&ts=1410076223&from=amt&uid=ST3400620AS_9QG57HARXXXX9QG57HAR
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\bebo\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\searchplugins\yahoo-zugo.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\911bg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\istartsurf.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pe-bg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml
FF Extension: HD-V2.1 - C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\Extensions\[email protected] [2014-09-07]
FF Extension: Fast Start - C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\Extensions\[email protected] [2014-09-07]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-01]
FF Extension: StartNow Toolbar - C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\Extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} [2012-12-10]
FF Extension: ICQ Toolbar - C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-04-01]
FF Extension: Apps Hat - C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} [2013-11-18]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-14]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-06-27]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\extensions\[email protected]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-11-15]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.istartsurf.com/?type=sc&ts=1410076223&from=amt&uid=ST3400620AS_9QG57HARXXXX9QG57HAR

Chrome:
=======
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=1410076223&from=amt&uid=ST3400620AS_9QG57HARXXXX9QG57HAR
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1410076223&from=amt&uid=ST3400620AS_9QG57HARXXXX9QG57HAR"
CHR DefaultSearchKeyword: Default -> istartsurf
CHR DefaultSearchProvider: Default -> istartsurf
CHR DefaultSearchURL: Default -> http://www.istartsurf.com/web/?type=ds&ts=1410076223&from=amt&uid=ST3400620AS_9QG57HARXXXX9QG57HAR&q={searchTerms}
CHR CustomProfile: C:\Documents and Settings\bebo\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\bebo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (NCH EN) - C:\Documents and Settings\bebo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn [2013-02-20]
CHR Extension: (StartNow) - C:\Documents and Settings\bebo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei [2013-02-20]
CHR Extension: (Google Wallet) - C:\Documents and Settings\bebo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR HKLM\...\Chrome\Extension: [cmfpfjjciophcbhnhnpbadhmdmfgceic] - C:\Program Files\DiVapton\cmfpfjjciophcbhnhnpbadhmdmfgceic.crx []
CHR HKLM\...\Chrome\Extension: [eiimolhnbbbdagljikeckdkldgemmmlj] - C:\Program Files\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx []
CHR HKLM\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Documents and Settings\bebo\Local Settings\Application Data\CRE\gclijllifhfpomppedeljakfegbcpojn.crx [2012-09-20]
CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx [2012-09-20]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKCU\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Documents and Settings\bebo\Local Settings\Application Data\CRE\gclijllifhfpomppedeljakfegbcpojn.crx [2012-09-20]
CHR HKCU\...\Chrome\Extension: [incfcgceegpikennjoplhfghaaikdgei] - C:\Documents and Settings\bebo\Application Data\StartNow Toolbar\CR\zcrx.crx [2012-12-13]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1410076223&from=amt&uid=ST3400620AS_9QG57HARXXXX9QG57HAR

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-09-07] (SUPERAntiSpyware.com)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [662088 2014-05-30] (Acronis)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-06-30] (Adobe Systems) [File not signed]
R2 ASTSRV; C:\WINDOWS\system32\ASTSRV.EXE [57344 2010-05-29] (Nalpeiron Ltd.) [File not signed]
R2 ATKKeyboardService; C:\WINDOWS\ATKKBService.exe [258560 2006-11-15] (ASUSTeK COMPUTER INC.) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-04-27] (Creative Labs) [File not signed]
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-07] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-07] (globalUpdate) [File not signed]
R2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [246520 2010-01-03] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IePluginServices; C:\Documents and Settings\All Users\Application Data\IePluginServices\PluginService.exe [715656 2014-09-07] (Cherished Technololgy LIMITED)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-04-12] (Sun Microsystems, Inc.)
R2 NetHttpService; C:\WINDOWS\system32\nethtsrv.exe [179200 2014-09-07] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [272024 2007-05-14] ()
R2 r_server; C:\WINDOWS\system32\r_server.exe [708608 2004-06-16] () [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ServiceUpdater; C:\WINDOWS\system32\netupdsrv.exe [159744 2014-09-07] () [File not signed]
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 Tlncapd_wo; C:\WINDOWS\system32\attrib.exe [12288 2008-04-14] (Microsoft Corporation)
S3 TuneUp.Defrag; C:\WINDOWS\System32\TuneUpDefragService.exe [355584 2010-06-27] (TuneUp Software GmbH)
R2 WindowsMangerProtect; C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-09-07] (Fuyu LIMITED) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADIDTSFiltService; C:\WINDOWS\System32\drivers\adidts.sys [139776 2006-12-08] (Analog Devices, Inc.) [File not signed]
S3 ADIHdAudAddService; C:\WINDOWS\System32\drivers\ADIHdAud.sys [293888 2007-01-16] (Analog Devices, Inc.) [File not signed]
S3 AEAudio; C:\WINDOWS\System32\drivers\AEAudio.sys [93952 2006-08-07] (Andrea Electronics Corporation) [File not signed]
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12664 2006-10-18] ()
S1 asusgsb; C:\WINDOWS\System32\drivers\asusgsb32.sys [12416 2005-10-20] (ASUSTeK Computer Inc.) [File not signed]
R1 asuskbnt; C:\WINDOWS\System32\drivers\atkkbnt.sys [11136 2007-02-14] (ASUSTeK COMPUTER INC.) [File not signed]
S3 ASUSVRC; C:\WINDOWS\System32\DRIVERS\AsusVRC.sys [18432 2007-01-29] (ASUSTeK COMPUTER INC.) [File not signed]
U4 Btcivf; C:\WINDOWS\system32\drivers\ipnat.sys [152832 2008-04-14] (Microsoft Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 COMMONFX; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99416 2010-03-18] (Creative Technology Ltd)
R3 COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [99416 2010-03-18] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\WINDOWS\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.)
S3 CTAUDFX; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555096 2010-03-18] (Creative Technology Ltd)
R3 CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [555096 2010-03-18] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347144 2010-03-18] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\WINDOWS\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\WINDOWS\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\WINDOWS\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\WINDOWS\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd)
S3 CTERFXFX; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100952 2010-03-18] (Creative Technology Ltd)
S3 CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [100952 2010-03-18] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\WINDOWS\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\WINDOWS\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.)
S3 CTSBLFX; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566360 2010-03-18] (Creative Technology Ltd)
R3 CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [566360 2010-03-18] (Creative Technology Ltd)
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R1 EIO; C:\WINDOWS\system32\drivers\EIO.sys [12288 2006-06-14] (ASUSTeK Computer Inc.) [File not signed]
S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan) [File not signed]
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [118768 2013-09-17] (ESET)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [798808 2010-03-18] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [162904 2010-03-18] (Creative Technology Ltd)
R3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189528 2010-03-18] (Creative Technology Ltd)
R0 JGOGO; C:\WINDOWS\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron )
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [44416 2006-12-06] (JMicron Technology Corp.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 rspndr; C:\WINDOWS\System32\DRIVERS\rspndr.sys [62336 2007-05-30] (Microsoft Corporation) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [5248 2006-09-24] (Windows ® 2000 DDK provider) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2008-09-06] () [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28352 2007-03-01] (Avira GmbH)
R3 Video3D; C:\WINDOWS\System32\Drivers\Video3D32.sys [10752 2006-09-29] (ASUSTeK COMPUTER INC.) [File not signed]
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [248832 2006-07-26] (Marvell)
S3 ZSMC302; C:\WINDOWS\System32\Drivers\usbVM31b.sys [91263 2004-08-17] (VM) [File not signed]
U3 azonsc1f; C:\WINDOWS\system32\Drivers\azonsc1f.sys [0 ] (Microsoft Corporation)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 catchme; \??\C:\Vundoo.exe\catchme.sys [X]
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S4 IntelIde; No ImagePath
S3 mcdbus; system32\DRIVERS\mcdbus.sys [X]
S1 nethfdrv; \??\C:\WINDOWS\system32\drivers\nethfdrv.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-14] (Microsoft Corporation)
S3 SenFiltService; system32\drivers\Senfilt.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: SSHNAS -> No Registry Path.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 16:12 - 2014-09-09 16:12 - 00000000 ____D () C:\FRST
2014-09-09 11:48 - 2014-09-09 11:48 - 00000687 _____ () C:\awh4E.tmp
2014-09-09 02:33 - 2014-09-09 02:33 - 00000687 _____ () C:\awhD92.tmp
2014-09-08 14:03 - 2014-09-09 11:42 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-09-08 14:03 - 2014-09-09 11:41 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-09-08 14:03 - 2014-09-08 14:03 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-08 14:03 - 2014-09-08 14:03 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-09-08 14:03 - 2014-09-08 14:03 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-09-08 14:03 - 2014-09-08 14:03 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-09-08 14:03 - 2014-09-08 14:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-08 14:02 - 2014-09-08 14:06 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-08 14:02 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-09-07 23:11 - 2014-09-07 23:11 - 00099616 _____ () C:\Documents and Settings\bebo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-09-07 12:32 - 2014-09-09 11:42 - 00000000 ____D () C:\SUPERDelete
2014-09-07 12:29 - 2014-09-09 11:43 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-09-07 12:29 - 2014-09-09 11:43 - 00000052 _____ () C:\WINDOWS\wiaservc.log
2014-09-07 12:29 - 2014-09-07 12:29 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-09-07 12:28 - 2014-09-07 12:28 - 00329888 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-07 12:27 - 2014-09-09 11:41 - 04933339 _____ () C:\WINDOWS\{00000005-00000000-00000002-00001102-00000008-10011102}.BAK
2014-09-07 12:15 - 2014-09-07 12:15 - 00000687 _____ () C:\awh13.tmp
2014-09-07 10:55 - 2014-09-07 10:55 - 00000687 _____ () C:\awh1ADE.tmp
2014-09-07 10:52 - 2014-09-07 12:03 - 00000000 ____D () C:\Documents and Settings\bebo\Application Data\25540
2014-09-07 10:51 - 2014-09-09 15:56 - 00003428 _____ () C:\WINDOWS\Tasks\d763c749-dda0-4d10-85f1-d9cc91924381-6.job
2014-09-07 10:51 - 2014-09-09 11:44 - 00003092 _____ () C:\WINDOWS\Tasks\d763c749-dda0-4d10-85f1-d9cc91924381-7.job
2014-09-07 10:51 - 2014-09-09 11:44 - 00002404 _____ () C:\WINDOWS\Tasks\d763c749-dda0-4d10-85f1-d9cc91924381-5.job
2014-09-07 10:51 - 2014-09-09 11:44 - 00001370 _____ () C:\WINDOWS\Tasks\LXSYWC.job
2014-09-07 10:51 - 2014-09-09 11:43 - 00002068 _____ () C:\WINDOWS\Tasks\d763c749-dda0-4d10-85f1-d9cc91924381-2.job
2014-09-07 10:51 - 2014-09-09 11:43 - 00001368 _____ () C:\WINDOWS\Tasks\VIJCW.job
2014-09-07 10:51 - 2014-09-09 11:42 - 00004454 _____ () C:\WINDOWS\Tasks\d763c749-dda0-4d10-85f1-d9cc91924381-11.job
2014-09-07 10:51 - 2014-09-09 11:42 - 00003428 _____ () C:\WINDOWS\Tasks\d763c749-dda0-4d10-85f1-d9cc91924381-4.job
2014-09-07 10:51 - 2014-09-09 11:42 - 00003092 _____ () C:\WINDOWS\Tasks\d763c749-dda0-4d10-85f1-d9cc91924381-3.job
2014-09-07 10:51 - 2014-09-09 11:42 - 00002716 _____ () C:\WINDOWS\Tasks\d763c749-dda0-4d10-85f1-d9cc91924381-1.job
2014-09-07 10:51 - 2014-09-09 11:42 - 00001400 _____ () C:\WINDOWS\Tasks\b6871200-4fce-465f-8aaa-c0ac45b69709.job
2014-09-07 10:51 - 2014-09-09 11:42 - 00000920 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-09-07 10:51 - 2014-09-09 11:42 - 00000578 _____ () C:\WINDOWS\Tasks\0e85def0-cb85-45ac-9426-bb6475f956ad.job
2014-09-07 10:51 - 2014-09-09 11:41 - 00000000 ____D () C:\Program Files\HD-V2.1
2014-09-07 10:51 - 2014-09-09 10:56 - 00000924 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-09-07 10:51 - 2014-09-07 10:51 - 01975160 _____ (InfoHD-V2.1) C:\Documents and Settings\bebo\Application Data\LXSYWC.exe
2014-09-07 10:51 - 2014-09-07 10:51 - 01521528 _____ (InfoHD-V2.1) C:\Documents and Settings\bebo\Application Data\VIJCW.exe
2014-09-07 10:51 - 2014-09-07 10:51 - 00000000 ____D () C:\Program Files\globalUpdate
2014-09-07 10:51 - 2014-09-07 10:51 - 00000000 ____D () C:\Documents and Settings\bebo\Local Settings\Application Data\globalUpdate
2014-09-07 10:50 - 2014-09-07 10:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IePluginServices
2014-09-07 10:50 - 2014-09-07 10:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect
2014-09-07 05:39 - 2014-09-07 05:39 - 00246784 _____ () C:\WINDOWS\system32\hfpapi.dll
2014-09-07 05:39 - 2014-09-07 05:39 - 00179200 _____ () C:\WINDOWS\system32\nethtsrv.exe
2014-09-07 05:39 - 2014-09-07 05:39 - 00159744 _____ () C:\WINDOWS\system32\netupdsrv.exe
2014-09-07 05:39 - 2014-09-07 05:39 - 00108544 _____ () C:\WINDOWS\system32\installd.exe
2014-09-07 05:39 - 2014-09-07 05:39 - 00108544 _____ () C:\WINDOWS\system32\hfnapi.dll
2014-09-03 11:55 - 2014-09-03 11:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-01 11:18 - 2014-09-01 11:18 - 00002086 _____ () C:\Documents and Settings\bebo\Application Data\VIJCW
2014-09-01 11:18 - 2014-09-01 11:18 - 00001248 _____ () C:\Documents and Settings\bebo\Application Data\LXSYWC
2014-08-10 23:01 - 2014-08-10 23:01 - 00000000 ____D () C:\Documents and Settings\bebo\Local Settings\Application Data\Adobe
2014-08-10 08:20 - 2014-08-10 08:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\.mono

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 16:12 - 2014-09-09 16:12 - 00000000 ____D () C:\FRST
2014-09-09 16:12 - 2008-06-19 20:21 - 00000000 ____D () C:\Documents and Settings\bebo\Local Settings\temp
2014-09-09 16:00 - 2010-06-27 21:54 - 00000484 _____ () C:\WINDOWS\Tasks\1-Click Maintenance.job
2014-09-09 15:57 - 2013-11-13 19:18 - 00009978 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-09-09 15:56 - 2014-09-07 10:51 - 00003428 _____ () C:\WINDOWS\Tasks\d763c749-dda0-4d10-85f1-d9cc91924381-6.job
2014-09-09 15:51 - 2014-04-22 21:55 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 15:28 - 2010-09-23 22:39 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 15:15 - 2012-04-06 23:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-09 12:25 - 2007-10-27 15:45 - 02088521 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-09 11:48 - 2014-09-09 11:48 - 00000687 _____ () C:\awh4E.tmp
2014-09-09 11:44 - 2014-09-07 10:51 - 00003092 _____ () C:\WINDOWS\Tasks\d763c749-dda0-4d10-85f1-d9cc91924381-7.job
2014-09-09 11:44 - 2014-09-07 10:51 - 00002404 _____ () C:\WINDOWS\Tasks\d763c749-dda0-4d10-85f1-d9cc91924381-5.job
2014-09-09 11:44 - 2014-09-07 10:51 - 00001370 _____ () C:\WINDOWS\Tasks\LXSYWC.job
2014-09-09 11:43 - 2014-09-07 12:29 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-09-09 11:43 - 2014-09-07 12:29 - 00000052 _____ () C:\WINDOWS\wiaservc.log
2014-09-09 11:43 - 2014-09-07 10:51 - 00002068 _____ () C:\WINDOWS\Tasks\d763c749-dda0-4d10-85f1-d9cc91924381-2.job
2014-09-09 11:43 - 2014-09-07 10:51 - 00001368 _____ () C:\WINDOWS\Tasks\VIJCW.job
2014-09-09 11:43 - 2007-10-27 15:43 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-09-09 11:42 - 2014-09-08 14:03 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-09-09 11:42 - 2014-09-07 12:32 - 00000000 ____D () C:\SUPERDelete
2014-09-09 11:42 - 2014-09-07 10:51 - 00004454 _____ () C:\WINDOWS\Tasks\d763c749-dda0-4d10-85f1-d9cc91924381-11.job
2014-09-09 11:42 - 2014-09-07 10:51 - 00003428 _____ () C:\WINDOWS\Tasks\d763c749-dda0-4d10-85f1-d9cc91924381-4.job
2014-09-09 11:42 - 2014-09-07 10:51 - 00003092 _____ () C:\WINDOWS\Tasks\d763c749-dda0-4d10-85f1-d9cc91924381-3.job
2014-09-09 11:42 - 2014-09-07 10:51 - 00002716 _____ () C:\WINDOWS\Tasks\d763c749-dda0-4d10-85f1-d9cc91924381-1.job
2014-09-09 11:42 - 2014-09-07 10:51 - 00001400 _____ () C:\WINDOWS\Tasks\b6871200-4fce-465f-8aaa-c0ac45b69709.job
2014-09-09 11:42 - 2014-09-07 10:51 - 00000920 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-09-09 11:42 - 2014-09-07 10:51 - 00000578 _____ () C:\WINDOWS\Tasks\0e85def0-cb85-45ac-9426-bb6475f956ad.job
2014-09-09 11:42 - 2014-07-05 11:12 - 00000408 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1383309797.job
2014-09-09 11:42 - 2014-03-24 21:11 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-09 11:42 - 2012-08-17 05:35 - 00000468 _____ () C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
2014-09-09 11:42 - 2010-09-23 22:39 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 11:42 - 2007-10-27 16:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-09 11:42 - 2004-08-04 15:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-09 11:41 - 2014-09-08 14:03 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-09-09 11:41 - 2014-09-07 12:27 - 04933339 _____ () C:\WINDOWS\{00000005-00000000-00000002-00001102-00000008-10011102}.BAK
2014-09-09 11:41 - 2014-09-07 10:51 - 00000000 ____D () C:\Program Files\HD-V2.1
2014-09-09 11:41 - 2014-04-27 21:22 - 04933339 _____ () C:\WINDOWS\{00000005-00000000-00000002-00001102-00000008-10011102}.CDF
2014-09-09 11:41 - 2007-10-27 16:03 - 00000178 __SHC () C:\Documents and Settings\bebo\ntuser.ini
2014-09-09 11:41 - 2007-10-27 16:01 - 00032530 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-09 11:35 - 2008-01-16 01:28 - 00000000 ____D () C:\Documents and Settings\bebo\Application Data\Skype
2014-09-09 10:56 - 2014-09-07 10:51 - 00000924 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-09-09 09:28 - 2008-06-18 16:58 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-09 08:54 - 2012-01-11 02:10 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{6655FF0E-5154-4E7B-943B-8DD397BC58CB}.job
2014-09-09 02:33 - 2014-09-09 02:33 - 00000687 _____ () C:\awhD92.tmp
2014-09-08 15:00 - 2014-03-24 21:11 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-09-08 14:09 - 2008-06-18 17:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-09-08 14:06 - 2014-09-08 14:02 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-08 14:03 - 2014-09-08 14:03 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-08 14:03 - 2014-09-08 14:03 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-09-08 14:03 - 2014-09-08 14:03 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-09-08 14:03 - 2014-09-08 14:03 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-09-08 14:03 - 2014-09-08 14:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-08 05:36 - 2014-04-22 21:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-08 05:36 - 2014-04-22 21:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-08 05:36 - 2012-01-01 23:11 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-07 23:49 - 2014-03-05 20:58 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-09-07 23:11 - 2014-09-07 23:11 - 00099616 _____ () C:\Documents and Settings\bebo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-09-07 19:22 - 2007-10-27 16:20 - 00196608 _____ () C:\WINDOWS\system32\Drivers\nStandard.bin
2014-09-07 12:32 - 2013-11-10 15:55 - 00000000 ____D () C:\Documents and Settings\bebo\Application Data\IObit
2014-09-07 12:29 - 2014-09-07 12:29 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-09-07 12:28 - 2014-09-07 12:28 - 00329888 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-07 12:25 - 2007-10-27 16:03 - 00000000 ____D () C:\Documents and Settings\bebo
2014-09-07 12:20 - 2013-11-11 03:11 - 00000000 ____D () C:\Documents and Settings\bebo\Application Data\Wise Disk Cleaner
2014-09-07 12:19 - 2007-10-27 22:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\TGTSoft
2014-09-07 12:15 - 2014-09-07 12:15 - 00000687 _____ () C:\awh13.tmp
2014-09-07 12:10 - 2012-04-26 22:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-07 12:05 - 2007-10-28 01:50 - 00115200 _____ () C:\Documents and Settings\bebo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-07 12:03 - 2014-09-07 10:52 - 00000000 ____D () C:\Documents and Settings\bebo\Application Data\25540
2014-09-07 10:55 - 2014-09-07 10:55 - 00000687 _____ () C:\awh1ADE.tmp
2014-09-07 10:51 - 2014-09-07 10:51 - 01975160 _____ (InfoHD-V2.1) C:\Documents and Settings\bebo\Application Data\LXSYWC.exe
2014-09-07 10:51 - 2014-09-07 10:51 - 01521528 _____ (InfoHD-V2.1) C:\Documents and Settings\bebo\Application Data\VIJCW.exe
2014-09-07 10:51 - 2014-09-07 10:51 - 00000000 ____D () C:\Program Files\globalUpdate
2014-09-07 10:51 - 2014-09-07 10:51 - 00000000 ____D () C:\Documents and Settings\bebo\Local Settings\Application Data\globalUpdate
2014-09-07 10:51 - 2014-09-07 10:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IePluginServices
2014-09-07 10:50 - 2014-09-07 10:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WindowsMangerProtect
2014-09-07 10:50 - 2014-03-20 14:02 - 00002001 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-09-07 10:50 - 2013-11-01 15:39 - 00001688 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2014-09-07 10:50 - 2013-11-01 15:39 - 00001682 _____ () C:\Documents and Settings\All Users\Desktop\Opera.lnk
2014-09-07 10:50 - 2011-10-12 00:22 - 00000920 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-07 10:50 - 2010-01-10 13:03 - 00000914 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-09-07 10:50 - 2007-10-27 16:03 - 00001085 _____ () C:\Documents and Settings\bebo\Start Menu\Programs\Internet Explorer.lnk
2014-09-07 05:39 - 2014-09-07 05:39 - 00246784 _____ () C:\WINDOWS\system32\hfpapi.dll
2014-09-07 05:39 - 2014-09-07 05:39 - 00179200 _____ () C:\WINDOWS\system32\nethtsrv.exe
2014-09-07 05:39 - 2014-09-07 05:39 - 00159744 _____ () C:\WINDOWS\system32\netupdsrv.exe
2014-09-07 05:39 - 2014-09-07 05:39 - 00108544 _____ () C:\WINDOWS\system32\installd.exe
2014-09-07 05:39 - 2014-09-07 05:39 - 00108544 _____ () C:\WINDOWS\system32\hfnapi.dll
2014-09-05 22:30 - 2013-11-17 01:46 - 00000000 ____D () C:\Documents and Settings\UpdatusUser.BEBO-D36ABF589C\Local Settings\Temp
2014-09-05 09:38 - 2009-10-03 10:21 - 00000416 _____ () C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
2014-09-03 22:57 - 2010-06-27 21:53 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2008
2014-09-03 22:56 - 2008-04-13 21:10 - 00000000 ____D () C:\Documents and Settings\bebo\Application Data\Media Player Classic
2014-09-03 22:56 - 2007-10-27 17:23 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-03 11:56 - 2014-09-03 11:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-02 19:33 - 2013-11-01 15:39 - 00000000 ____D () C:\Program Files\Opera
2014-09-01 11:18 - 2014-09-01 11:18 - 00002086 _____ () C:\Documents and Settings\bebo\Application Data\VIJCW
2014-09-01 11:18 - 2014-09-01 11:18 - 00001248 _____ () C:\Documents and Settings\bebo\Application Data\LXSYWC
2014-08-13 20:11 - 2011-12-15 14:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-13 20:10 - 2013-11-10 04:25 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-13 20:05 - 2007-05-30 05:29 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-10 23:01 - 2014-08-10 23:01 - 00000000 ____D () C:\Documents and Settings\bebo\Local Settings\Application Data\Adobe
2014-08-10 15:49 - 2014-04-29 19:50 - 00000670 _____ () C:\Documents and Settings\All Users\Desktop\ApexDC++.lnk
2014-08-10 15:49 - 2014-04-29 19:50 - 00000000 ____D () C:\Program Files\ApexDC++
2014-08-10 15:49 - 2014-04-29 19:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ApexDC++ - The Pinnacle of File-Sharing
2014-08-10 08:20 - 2014-08-10 08:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\.mono

Files to move or delete:
====================
C:\Documents and Settings\bebo\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================


Мисля ,че е това

Addition.txt

Линк към коментара
Сподели в други сайтове

153772-albums14-picture187t.gif  Ще имаме доста работа с вас ..доста омазана система...!Да видим до къде ще я докараме..! :)
 
Като за начало деинсталирайте следния софтуер по стандартния метод:
 


DAEMON Tools Toolbar (HKLM\...\DAEMON Tools Toolbar) (Version: 1.0.0.2 - DT Soft Ltd)
Freecorder Toolbar (HKLM\...\Freecorder Toolbar) (Version: 6.15.0.27 - Freecorder)
OffersWizard Network System Driver (HKLM\...\inethnfd) (Version: 1.0.0.3001 - )
uTorrentBar Toolbar (HKLM\...\uTorrentBar Toolbar) (Version: 6.14.0.28 - uTorrentBar)
WindowsMangerProtect20.0.0.722 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.722 - WindowsProtect LIMITED)

 
Освен това временно деинсталирайте:
 

Spybot - Search & Destroy

 

 

 Премахнете остатъците от BitDefender  така:

 

  • Изтеглете и стартирайте инструмента BitDefender Uninstall Tool (или BitDefender Uninstall Tool 2013 - за продуктите 2013).
  • Натиснете бутона Uninstall.
  • Изчакайте иструмента да приключи своята работа .
  • Рестартирайте компютъра си.

 

 

2lsf8k9.pngМоля, изтеглете и стартирайте програмата AdwCleaner(by Xplode):

  • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте Clean
  • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
  • Моля, да публикувате съдържанието на този лог в отговора си
  • Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

+
 
dl-ico_1-53944839-5270.png

  • Отворете следния сайт и изтеглете RKill.exe и ги запазете на вашия десктоп.
  • Стартирате програмата с двоен клик върху файла и изчакайте търпеливо.
  • След приключване на проверката ще се генерира лог файл с извършените процедури.
  • Прикачете лог файла в следващия си пост.
     
     
    +
     
     
    i_arrow-r.gif Изтеглете ComboFix combofix.gif от тук и го запазете на десктопа си.
    How to use ComboFix
    icon_exclaim.gif Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.
    Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to disable your security applications by amateur
    icon_arrow.gif Стартирайте Combo-Fix.com combofix.gif и следвайте инструкциите.
    Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:ComboFix.txt в следващия Ви коментар в тази тема.
    i_exclaim.gif Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.
Линк към коментара
Сподели в други сайтове

Изтеглих AdwCleaner програмата,пуснах я да сканира , почистих без да искам първо  нещата от Services  вместо на Registry,надявам се само да не е проблем.После го почистих и него.Затова слагам и двата файла.

 

Ето и на последната програма

 

 

 

ComboFix 14-09-09.01 - bebo 2014-09-10   0:09.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1251.1.1033.18.3071.2101 [GMT 3:00]
Running from: g:\lшыьш\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1384135728.bdinstall.bin
c:\documents and settings\All Users\Application Data\1384160573.2596.bin
c:\documents and settings\All Users\Application Data\1384160573.bdinstall.bin
c:\documents and settings\All Users\Application Data\1384160576.bdinstall.bin
c:\documents and settings\All Users\Application Data\1384160704.bdinstall.bin
c:\documents and settings\All Users\Application Data\1384161759.bdinstall.bin
c:\documents and settings\All Users\Application Data\A25F9FE907.sys
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\bebo\sqlite3.dll
c:\documents and settings\bebo\WINDOWS
c:\program files\Common Files\Config\uninstinethnfd.exe
c:\program files\Common Files\Config\ver.xml
c:\windows\iun6002.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\hfnapi.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Process.exe
c:\windows\system32\r_server.exe
c:\windows\system32\raddrv.dll
c:\windows\system32\SecuredImage32.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\wininit.ini
c:\windows\XSxS
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DEFAULTTABSEARCH
-------\Legacy_KERNELPORT
-------\Service_KernelPort
-------\Legacy_r_server
-------\Service_r_server
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-09 to 2014-09-09  )))))))))))))))))))))))))))))))
.
.
2014-09-09 14:19 . 2010-08-30 05:34    536576    ----a-w-    c:\windows\system32\sqlite3.dll
2014-09-09 14:19 . 2014-09-09 14:27    --------    d-----w-    C:\AdwCleaner
2014-09-09 13:12 . 2014-09-09 13:13    --------    d-----w-    C:\FRST
2014-09-08 23:33 . 2014-09-08 23:33    687    ----a-w-    C:\awhD92.tmp
2014-09-08 11:02 . 2014-09-09 20:51    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2014-09-07 09:32 . 2014-09-09 08:42    --------    d-----w-    C:\SUPERDelete
2014-09-07 09:15 . 2014-09-07 09:15    687    ----a-w-    C:\awh13.tmp
2014-09-07 07:55 . 2014-09-07 07:55    687    ----a-w-    C:\awh1ADE.tmp
2014-09-07 07:52 . 2014-09-07 09:03    --------    d-----w-    c:\documents and settings\bebo\Application Data\25540
2014-09-07 07:51 . 2014-09-07 07:51    1521528    ----a-w-    c:\documents and settings\bebo\Application Data\VIJCW.exe
2014-09-07 07:51 . 2014-09-07 07:51    1975160    ----a-w-    c:\documents and settings\bebo\Application Data\LXSYWC.exe
2014-09-07 07:50 . 2014-09-09 21:12    --------    d-----w-    c:\program files\Common Files\Config
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-09 12:51 . 2014-04-22 18:55    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-07 16:22 . 2007-10-27 13:20    196608    ----a-w-    c:\windows\system32\drivers\nStandard.bin
2014-07-08 20:15 . 2012-04-06 20:02    699056    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-07-08 20:15 . 2011-05-19 15:13    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-06 10:08 . 2014-07-06 10:08    190240    ----a-w-    c:\windows\system32\drivers\snapman.sys
2014-07-06 10:04 . 2014-07-06 10:04    88352    ----a-w-    c:\windows\system32\drivers\fltsrv.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-10-23 15709984]
"NvMediaCenter"="NvMCTray.dll" [2013-10-23 209184]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-10-23 2602784]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"CTDVDDET"="c:\program files\Creative\DVDAudio\CTDVDDET.EXE" [2003-06-17 45056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2014-05-30 383528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2011-1-21 95232]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^bebo^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\bebo\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2006-11-16 09:05    1953792    ------r-    c:\windows\system32\JMRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
2007-03-27 22:29    1110016    -c--a-w-    c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-03 12:18    94208    ----a-w-    c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:42    110592    ----a-w-    c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 15:23    102400    ------w-    c:\program files\Creative\MediaSource\Detector\CTDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02    490952    ----a-w-    c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2013-09-12 10:06    5110672    ----a-w-    c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
2006-11-01 12:50    2154496    ----a-w-    c:\program files\GameFace Messenger\GameFace.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GamerOSD]
2007-02-14 06:42    380928    -c--a-w-    c:\program files\ASUS\GamerOSD\GamerOSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 15:36    30040    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2006-10-30 12:44    36864    -c----r-    c:\windows\JM\JMInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50    155648    -c--a-w-    c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2014-09-07 09:27    6688024    ----a-w-    c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-11 17:55    68856    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" silent loginmode=4
"Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BigDogPath"=c:\windows\VM_STI.EXE VIMICRO USB PC Camera
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"c:\\Program Files\\GameFace Messenger\\GameFace.exe"=
"g:\\Valve\\hl.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"g:\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"g:\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"g:\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13948:TCP"= 13948:TCP:BitComet 13948 TCP
"13948:UDP"= 13948:UDP:BitComet 13948 UDP
"4899:TCP"= 4899:TCP:RA
"9218:TCP"= 9218:TCP:BitComet 9218 TCP
"9218:UDP"= 9218:UDP:BitComet 9218 UDP
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2014-07-06 88352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-10-27 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-09-17 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2013-09-17 118768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-10-11 142648]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2010-06-16 57344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-03-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-03-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-03-18 566360]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-03-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2014-04-27 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-03-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-03-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-03-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-03-18 566360]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2009-12-30 27064]
S3 Tlncapd_wo;Tlncapd_wo;c:\windows\system32\attrib.exe [2004-08-04 12288]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-05-06 11520]
S3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [2007-10-28 91263]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-09 20:33    1096520    ----a-w-    c:\program files\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-09 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 06:09]
.
2014-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 20:15]
.
2014-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 19:39]
.
2014-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 19:39]
.
2014-09-09 c:\windows\Tasks\LXSYWC.job
- c:\documents and settings\bebo\Application Data\LXSYWC.exe [2014-09-07 07:51]
.
2014-09-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2001-12-31 01:59]
.
2014-09-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2001-12-31 01:59]
.
2014-09-09 c:\windows\Tasks\Opera scheduled Autoupdate 1383309797.job
- c:\program files\Opera\launcher.exe [2013-11-01 09:15]
.
2014-09-09 c:\windows\Tasks\User_Feed_Synchronization-{6655FF0E-5154-4E7B-943B-8DD397BC58CB}.job
- c:\windows\system32\msfeedssync.exe [2007-10-27 01:31]
.
2014-09-09 c:\windows\Tasks\VIJCW.job
- c:\documents and settings\bebo\Application Data\VIJCW.exe [2014-09-07 07:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.10\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.10\MediaManager\grab.html
TCP: DhcpNameServer = 192.168.0.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Notify-WgaLogon - (no file)
MSConfigStartUp-avgnt - c:\program files\AntiVir PersonalEdition Classic\avgnt.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
MSConfigStartUp-DAEMON Tools-1033 - c:\program files\D-Tools\daemon.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.0\ICQ.exe
MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-STYLEXP - c:\program files\TGTSoft\StyleXP\StyleXP.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-XoftSpySE - c:\program files\XoftSpySE6\XoftSpySE.exe
AddRemove-GameFace_Messenger - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-10 00:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?
  CTHelper = CTHELPER.EXE?
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1240)
c:\windows\system32\WININET.dll
c:\windows\system32\newdll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\ATKKBService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2014-09-10  00:19:45 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-09 21:19
.
Pre-Run: 8,780,533,760 bytes free
Post-Run: 8,848,396,288 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 65BDB751345FB26CB5386C720AACE5C4
8F558EB6672622401DA993E1E865C861
 


От програмите който ми казахте да изтрия успях да намеря и махна само първата

 

DAEMON Tools Toolbar (HKLM\...\DAEMON Tools Toolbar) (Version: 1.0.0.2 - DT Soft Ltd)

 

Другите

 

Freecorder Toolbar (HKLM\...\Freecorder Toolbar) (Version: 6.15.0.27 - Freecorder)
OffersWizard Network System Driver (HKLM\...\inethnfd) (Version: 1.0.0.3001 - )
uTorrentBar Toolbar (HKLM\...\uTorrentBar Toolbar) (Version: 6.14.0.28 - uTorrentBar)
WindowsMangerProtect20.0.0.722 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.722 - WindowsProtect LIMITED)

 

 

Търсих ги в All Programs , Add Remove Programs в Control Panela но така и не можах да ги намеря и деинсталирам.

Ползвах търсачката даже и на Revo Uninstaller  но пак без резултат,важни ли са ,може ли малко помощ как да ги намеря и изтрия.

AdwCleanerS0.txt

AdwCleanerS1.txt

Rkill.txt


Линк към коментара
Сподели в други сайтове

Бихте ли проверили на VirusTotal следните файлове:
 

c:\documents and settings\bebo\Application Data\VIJCW.exe
 c:\documents and settings\bebo\Application Data\LXSYWC.exe

 
Публикувайте линкове към резултатите в следващия си пост.
 
 
Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

 

KILLALL::
ClearJavaCache::

File:: 
C:\awhD92.tmp
C:\awh13.tmp
C:\awh1ADE.tmp

Folder::
c:\program files\Spybot - Search & Destroy 2

DirLook::
C:\SUPERDelete
c:\documents and settings\bebo\Application Data\25540


Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:TCP"=-

 
 След съхранението преместете  CFScript.txt на иконата на ComboFix.exe

CFScriptB-4.gif

Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

 

 

 

Търсих ги в All Programs , Add Remove Programs в Control Panela но така и не можах да ги намеря и деинсталирам.

Ползвах търсачката даже и на Revo Uninstaller  но пак без резултат,важни ли са ,може ли малко помощ как да ги намеря и изтрия.

 

Не се притеснявайте..!Те вече са премахнати...! :)

Линк към коментара
Сподели в други сайтове

VIJCW.exe

 

This file was last analysed by VirusTotal on 2014-09-08 14:34:21 UTC, it was first analysed by VirusTotal on 2014-09-08 14:34:21 UTC.

Съотношение на разпознаване: 13/55

Може да погледнете последния анализ или да го анализирате отново.

 

LXSYWC.exe

 

 

This file was last analysed by VirusTotal on 2014-09-07 16:52:12 UTC, it was first analysed by VirusTotal on 2014-09-07 16:52:12 UTC.

Съотношение на разпознаване: 21/55

Може да погледнете последния анализ или да го анализирате отново.

Линк към коментара
Сподели в други сайтове

VIJCW.exe

 

This file was last analysed by VirusTotal on 2014-09-08 14:34:21 UTC, it was first analysed by VirusTotal on 2014-09-08 14:34:21 UTC.

Съотношение на разпознаване: 13/55

Може да погледнете последния анализ или да го анализирате отново.

 

LXSYWC.exe

 

 

This file was last analysed by VirusTotal on 2014-09-07 16:52:12 UTC, it was first analysed by VirusTotal on 2014-09-07 16:52:12 UTC.

Съотношение на разпознаване: 21/55

Може да погледнете последния анализ или да го анализирате отново.

 

Може ли линкове към резултатите..!

Линк към коментара
Сподели в други сайтове

ComboFix 14-09-09.01 - bebo 2014-09-10  19:33:57.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1251.1.1033.18.3071.2175 [GMT 3:00]
Running from: g:\филми\ComboFix.exe
Command switches used :: c:\documents and settings\bebo\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"C:\awh13.tmp"
"C:\awh1ADE.tmp"
"C:\awhD92.tmp"
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\awh13.tmp
C:\awh1ADE.tmp
C:\awhD92.tmp
c:\program files\Spybot - Search & Destroy 2
c:\program files\Spybot - Search & Destroy 2\SDTray.exe.log
c:\program files\Spybot - Search & Destroy 2\spybotsd2-install-bdcore-update.exe
c:\program files\Spybot - Search & Destroy 2\spybotsd2-translation-hux2.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-10 to 2014-09-10  )))))))))))))))))))))))))))))))
.
.
2014-09-09 14:19 . 2010-08-30 05:34    536576    ----a-w-    c:\windows\system32\sqlite3.dll
2014-09-09 14:19 . 2014-09-09 14:27    --------    d-----w-    C:\AdwCleaner
2014-09-09 13:12 . 2014-09-09 13:13    --------    d-----w-    C:\FRST
2014-09-07 09:32 . 2014-09-09 08:42    --------    d-----w-    C:\SUPERDelete
2014-09-07 07:52 . 2014-09-07 09:03    --------    d-----w-    c:\documents and settings\bebo\Application Data\25540
2014-09-07 07:51 . 2014-09-07 07:51    1521528    ----a-w-    c:\documents and settings\bebo\Application Data\VIJCW.exe
2014-09-07 07:51 . 2014-09-07 07:51    1975160    ----a-w-    c:\documents and settings\bebo\Application Data\LXSYWC.exe
2014-09-07 07:50 . 2014-09-09 21:12    --------    d-----w-    c:\program files\Common Files\Config
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 16:15 . 2012-04-06 20:02    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-09-10 16:15 . 2011-05-19 15:13    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-09 12:51 . 2014-04-22 18:55    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-07 16:22 . 2007-10-27 13:20    196608    ----a-w-    c:\windows\system32\drivers\nStandard.bin
2014-07-06 10:08 . 2014-07-06 10:08    190240    ----a-w-    c:\windows\system32\drivers\snapman.sys
2014-07-06 10:04 . 2014-07-06 10:04    88352    ----a-w-    c:\windows\system32\drivers\fltsrv.sys
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\bebo\Application Data\25540 ----
.
2014-09-07 07:52 . 2014-09-07 07:52    1    ----a-w-    c:\documents and settings\bebo\Application Data\25540\status.cfg
2014-09-07 07:52 . 2014-09-07 09:01    2226    ----a-w-    c:\documents and settings\bebo\Application Data\25540\Updater.xml
.
---- Directory of C:\SUPERDelete ----
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-10-23 15709984]
"NvMediaCenter"="NvMCTray.dll" [2013-10-23 209184]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-10-23 2602784]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"CTDVDDET"="c:\program files\Creative\DVDAudio\CTDVDDET.EXE" [2003-06-17 45056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2014-05-30 383528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2011-1-21 95232]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^bebo^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\bebo\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2006-11-16 09:05    1953792    ------r-    c:\windows\system32\JMRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
2007-03-27 22:29    1110016    -c--a-w-    c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-03 12:18    94208    ----a-w-    c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:42    110592    ----a-w-    c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 15:23    102400    ------w-    c:\program files\Creative\MediaSource\Detector\CTDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2013-09-12 10:06    5110672    ----a-w-    c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
2006-11-01 12:50    2154496    ----a-w-    c:\program files\GameFace Messenger\GameFace.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GamerOSD]
2007-02-14 06:42    380928    -c--a-w-    c:\program files\ASUS\GamerOSD\GamerOSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 15:36    30040    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2006-10-30 12:44    36864    -c----r-    c:\windows\JM\JMInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50    155648    -c--a-w-    c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2014-09-07 09:27    6688024    ----a-w-    c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-11 17:55    68856    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" silent loginmode=4
"Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BigDogPath"=c:\windows\VM_STI.EXE VIMICRO USB PC Camera
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"c:\\Program Files\\GameFace Messenger\\GameFace.exe"=
"g:\\Valve\\hl.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"g:\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"g:\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"g:\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13948:TCP"= 13948:TCP:BitComet 13948 TCP
"13948:UDP"= 13948:UDP:BitComet 13948 UDP
"9218:TCP"= 9218:TCP:BitComet 9218 TCP
"9218:UDP"= 9218:UDP:BitComet 9218 UDP
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2014-07-06 88352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-10-27 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-09-17 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2013-09-17 118768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-10-11 142648]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2010-06-16 57344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-03-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-03-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-03-18 566360]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-03-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2014-04-27 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-03-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-03-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-03-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-03-18 566360]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2009-12-30 27064]
S3 Tlncapd_wo;Tlncapd_wo;c:\windows\system32\attrib.exe [2004-08-04 12288]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-05-06 11520]
S3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [2007-10-28 91263]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-09 20:33    1096520    ----a-w-    c:\program files\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 06:09]
.
2014-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 16:15]
.
2014-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 19:39]
.
2014-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 19:39]
.
2014-09-10 c:\windows\Tasks\LXSYWC.job
- c:\documents and settings\bebo\Application Data\LXSYWC.exe [2014-09-07 07:51]
.
2014-09-10 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2001-12-31 01:59]
.
2014-09-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2001-12-31 01:59]
.
2014-09-10 c:\windows\Tasks\Opera scheduled Autoupdate 1383309797.job
- c:\program files\Opera\launcher.exe [2013-11-01 09:15]
.
2014-09-10 c:\windows\Tasks\User_Feed_Synchronization-{6655FF0E-5154-4E7B-943B-8DD397BC58CB}.job
- c:\windows\system32\msfeedssync.exe [2007-10-27 01:31]
.
2014-09-10 c:\windows\Tasks\VIJCW.job
- c:\documents and settings\bebo\Application Data\VIJCW.exe [2014-09-07 07:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.10\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.10\MediaManager\grab.html
TCP: DhcpNameServer = 192.168.0.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-10 19:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?
  CTHelper = CTHELPER.EXE?
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(360)
c:\windows\system32\WININET.dll
c:\windows\system32\newdll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\ATKKBService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2014-09-10  19:44:39 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-10 16:44
ComboFix2.txt  2014-09-09 21:19
.
Pre-Run: 8,651,943,936 bytes free
Post-Run: 8,638,021,632 bytes free
.
- - End Of File - - 88FAE225A4DF3F39D957055F895E2787
8F558EB6672622401DA993E1E865C861

Линк към коментара
Сподели в други сайтове

В Application Data има обаче все още папка Deamon Tools с ini файл в нея.Може ли да го изтрия него ?

 

Можеш ли да видиш дали са това линковете на екзетата ?

 

https://www.virustotal.com/bg/file/99d04f0dd20c09af526e92787ef9baa836e6b5974c26a983aa7741d1b64cbf5f/analysis/

 

https://www.virustotal.com/bg/file/93624850188415f2b1caf01e5473803e9d749132edc3f15e2465f74148049c94/analysis/

Линк към коментара
Сподели в други сайтове

В Application Data има обаче все още папка Deamon Tools с ini файл в нея.Може ли да го изтрия него ?

 

Можеш ли да видиш дали са това линковете на екзетата ?

 

https://www.virustotal.com/bg/file/99d04f0dd20c09af526e92787ef9baa836e6b5974c26a983aa7741d1b64cbf5f/analysis/

 

https://www.virustotal.com/bg/file/93624850188415f2b1caf01e5473803e9d749132edc3f15e2465f74148049c94/analysis/

 

 

Здравейте..! Да, това са линковете...! Бацили..! ;)

 

 

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

 

KILLALL::
ClearJavaCache::

File::
c:\documents and settings\bebo\Application Data\VIJCW.exe
c:\documents and settings\bebo\Application Data\LXSYWC.exe
c:\windows\Tasks\LXSYWC.job
c:\windows\Tasks\VIJCW.job

Folder::
C:\SUPERDelete

 

 След съхранението преместете  CFScript.txt на иконата на ComboFix.exe

CFScriptB-4.gif

Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

Линк към коментара
Сподели в други сайтове

ComboFix 14-09-12.01 - bebo 2014-09-12   2:47.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1251.1.1033.18.3071.2348 [GMT 3:00]
Running from: g:\филми\ComboFix.exe
Command switches used :: c:\documents and settings\bebo\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
 * Created a new restore point
.
FILE ::
"c:\documents and settings\bebo\Application Data\LXSYWC.exe"
"c:\documents and settings\bebo\Application Data\VIJCW.exe"
"c:\windows\Tasks\LXSYWC.job"
"c:\windows\Tasks\VIJCW.job"
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\SUPERDelete
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-11 to 2014-09-11  )))))))))))))))))))))))))))))))
.
.
2014-09-09 14:19 . 2010-08-30 05:34    536576    ----a-w-    c:\windows\system32\sqlite3.dll
2014-09-09 14:19 . 2014-09-09 14:27    --------    d-----w-    C:\AdwCleaner
2014-09-09 13:12 . 2014-09-09 13:13    --------    d-----w-    C:\FRST
2014-09-07 07:52 . 2014-09-07 09:03    --------    d-----w-    c:\documents and settings\bebo\Application Data\25540
2014-09-07 07:50 . 2014-09-09 21:12    --------    d-----w-    c:\program files\Common Files\Config
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-11 16:26 . 2007-10-27 13:20    196608    ----a-w-    c:\windows\system32\drivers\nStandard.bin
2014-09-10 16:15 . 2012-04-06 20:02    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-09-10 16:15 . 2011-05-19 15:13    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-09 12:51 . 2014-04-22 18:55    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-06 10:08 . 2014-07-06 10:08    190240    ----a-w-    c:\windows\system32\drivers\snapman.sys
2014-07-06 10:04 . 2014-07-06 10:04    88352    ----a-w-    c:\windows\system32\drivers\fltsrv.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-10-23 15709984]
"NvMediaCenter"="NvMCTray.dll" [2013-10-23 209184]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-10-23 2602784]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"CTDVDDET"="c:\program files\Creative\DVDAudio\CTDVDDET.EXE" [2003-06-17 45056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2014-05-30 383528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2011-1-21 95232]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^bebo^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\bebo\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2006-11-16 09:05    1953792    ------r-    c:\windows\system32\JMRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
2007-03-27 22:29    1110016    -c--a-w-    c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-03 12:18    94208    ----a-w-    c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:42    110592    ----a-w-    c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 15:23    102400    ------w-    c:\program files\Creative\MediaSource\Detector\CTDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2013-09-12 10:06    5110672    ----a-w-    c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
2006-11-01 12:50    2154496    ----a-w-    c:\program files\GameFace Messenger\GameFace.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GamerOSD]
2007-02-14 06:42    380928    -c--a-w-    c:\program files\ASUS\GamerOSD\GamerOSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 15:36    30040    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2006-10-30 12:44    36864    -c----r-    c:\windows\JM\JMInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50    155648    -c--a-w-    c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2014-09-07 09:27    6688024    ----a-w-    c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-11 17:55    68856    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" silent loginmode=4
"Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BigDogPath"=c:\windows\VM_STI.EXE VIMICRO USB PC Camera
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"c:\\Program Files\\GameFace Messenger\\GameFace.exe"=
"g:\\Valve\\hl.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"g:\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"g:\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"g:\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13948:TCP"= 13948:TCP:BitComet 13948 TCP
"13948:UDP"= 13948:UDP:BitComet 13948 UDP
"9218:TCP"= 9218:TCP:BitComet 9218 TCP
"9218:UDP"= 9218:UDP:BitComet 9218 UDP
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2014-07-06 88352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-10-27 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-09-17 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2013-09-17 118768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-10-11 142648]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2010-06-16 57344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-03-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-03-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-03-18 566360]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-03-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2014-04-27 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-03-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-03-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-03-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-03-18 566360]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2009-12-30 27064]
S3 Tlncapd_wo;Tlncapd_wo;c:\windows\system32\attrib.exe [2004-08-04 12288]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-05-06 11520]
S3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [2007-10-28 91263]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-09 20:33    1096520    ----a-w-    c:\program files\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 06:09]
.
2014-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 16:15]
.
2014-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 19:39]
.
2014-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 19:39]
.
2014-09-11 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2001-12-31 01:59]
.
2014-09-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2001-12-31 01:59]
.
2014-09-11 c:\windows\Tasks\Opera scheduled Autoupdate 1383309797.job
- c:\program files\Opera\launcher.exe [2013-11-01 09:15]
.
2014-09-11 c:\windows\Tasks\User_Feed_Synchronization-{6655FF0E-5154-4E7B-943B-8DD397BC58CB}.job
- c:\windows\system32\msfeedssync.exe [2007-10-27 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.10\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.10\MediaManager\grab.html
TCP: DhcpNameServer = 192.168.0.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-12 02:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?
  CTHelper = CTHELPER.EXE?
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(852)
c:\windows\system32\WININET.dll
c:\windows\system32\newdll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\ATKKBService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2014-09-12  02:58:36 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-11 23:58
ComboFix2.txt  2014-09-10 16:44
ComboFix3.txt  2014-09-09 21:19
.
Pre-Run: 8,720,752,640 bytes free
Post-Run: 8,700,960,768 bytes free
.
- - End Of File - - 30A59C8609D38859E9EB312ECC7D8690
8F558EB6672622401DA993E1E865C861
 

Линк към коментара
Сподели в други сайтове

След процедурите до тук,какво е положението със системата ви..?Има ли промяна..?д

Да разбира се,търсех един хак за играта Contract Wars от фейса и затова се подредих така.

Благодаря за помоща все пак.

Не казахте обаче дали трябва да изтрия ini файла от папката.

Линк към коментара
Сподели в други сайтове

Да разбира се,търсех един хак за играта Contract Wars от фейса и затова се подредих така.

Благодаря за помоща все пак.

Не казахте обаче дали трябва да изтрия ini файла от папката.

 

 

Прекрасно..!Да разбирам че системата ви работи стабилно. В такъв случай да направим контролни проверки и приключваме.До колкото за този файл,по принцип е легален..но ако не искате да използвате Deamon lToos ..го изтрийте с папката...Другия вариант е да го махнете и да си инсталирате отново Deamon lToos.

 

 

icon1348768721.jpg  Изтеглете Security Check (автор: screen317) от тук

  • Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
  • Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.
  • Копирайте съдържанието на checkup.txt с Копирай (Copy) и с Постави (Paste) го поставете в следващия си коментар.

 

 

 

GUZVCQN.jpg  Моля, изтеглете Malwarebytes Anti -Malware и го запомнете на вашия работен плот .

  Кликнете два пъти върху mbam-setup-consumer-2.0.0.1хххх.exe и следвайте инструкциите, за да инсталирате програмата .

  • В секцията Settings = > Detection and Protection => Detection Options, се поставя отметка в квадратчето 'Scan for rootkits'.

 

MBAMsettings.JPG

 

  • В главния прозорец на програмата , щракнете върху 'Update Now'
  • След актуализацията завърши, кликнете на бутона " 'Scan Now  " .
  • Ако има налична актуализация , щракнете върху бутона Update Now button .
  • Ще стартира Threat Scan.
  • Когато сканирането приключи, ако има някакви открити зарази , щракнете върху Apply Actions за да се позволи на Mbam да почисти засеченото. .

 

MBAMReboot.JPG

 

  •   След рестарта ,стартирайте Mbam още веднъж.
  •   Кликнете на History tab > Application Logs .
  •   Кликнете два пъти върху реда , който показва датата и часа на сканирането или View Detailed Log .
  •   Кликнете върху " Copy да Clipboard "

 

MBAMLog.JPG

 

  •   Поставете  съдържанието на клипборда в следващия си  отговор.

 

 

i_arrow-r.gif Изтеглете програмата: ESET Online Scanner

 

  • Стартирайте esetsmartinstaller_enu.exe 7c9e83b53227ef3d.jpg
  • Сложете отметка на YES, I accept the Terms of Use и изберете Start:

 

04ed1c15c0abe843.jpg

 

  • Скенерът ще започне да изтегля компонентите, които са му необходими:

 

3b734079c5ccd713.jpg

 

 

Уверете се, че е премахната отметката от:

 

  • Remove found threats
  • Уверете се че са маркирани следните позиции:
  • Scan Archives

    Кликнете върху Advanced Settings и маркирайте следните опции:

  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

    Накрая изберете Start

    Скенерът ще започне да изтегля последните дефиниции и ще започне сканиране на вашия компютър.

    Моля, бъдете търпеливи, тъй като това може да отнеме известно време.

  • След, като сканирането завърши кликнете на List of found threats.
  • Щракнете върху Export, и запишете файла на вашия работен плот с  име  ESETScan. Копирайте съдържанието на този доклад, в следващия си отговор.
  • Изберете бутона Back.
  • Изберете бутона Finish.
Линк към коментара
Сподели в други сайтове

Results of screen317's Security Check version 0.99.87  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
ESET NOD32 Antivirus 7.0   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 TuneUp Utilities 2008   
 Български интерфейс за TuneUp Utilities 2008
 CCleaner     
 Wise Disk Cleaner 7.96  
 Java 6 Update 20  
 Java version out of Date!
 Adobe Flash Player     15.0.0.152  
 Adobe Reader 10.1.11 Adobe Reader out of Date!  
 Mozilla Firefox (32.0)
 Google Chrome 37.0.2062.103  
 Google Chrome 37.0.2062.120  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````

 

Програмата Мalwarebytes Anti-Malware я имам,само ще я пусна да сканира

 

 

 

 

 

Линк към коментара
Сподели в други сайтове

ESET

 

 

 

 

 

 

 

 

Documents and Settings\All Users\Application Data\IePluginServices\PluginService.exe.vir    a variant of Win32/ELEX.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe.vir    a variant of Win32/ELEX.AM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\Extensions\[email protected]\extensionData\plugins\91.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\bebo\Local Settings\Application Data\Freecorder\hk64tbFre2.dll.vir    Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\bebo\Local Settings\Application Data\Freecorder\hktbFre2.dll.vir    Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\bebo\Local Settings\Application Data\Freecorder\tbFre1.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\bebo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\10.31.4.510_0\APISupport\APISupport.dll.vir    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\bebo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\bebo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\bebo\Local Settings\Application Data\uTorrentBar\hk64tbuTo0.dll.vir    Win64/Toolbar.Conduit.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\bebo\Local Settings\Application Data\uTorrentBar\hk64tbuTo2.dll.vir    a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\bebo\Local Settings\Application Data\uTorrentBar\hktbuTo0.dll.vir    Win32/Toolbar.Conduit.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\bebo\Local Settings\Application Data\uTorrentBar\hktbuTo2.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\bebo\Local Settings\Application Data\uTorrentBar\tbuTo1.dll.vir    a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert1.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Freecorder\hk64tbFre2.dll.vir    Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Freecorder\hktbFre2.dll.vir    Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Freecorder\prxtbFre2.dll.vir    Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Freecorder\tbFre1.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.1\14a9ca0f-2689-4bfd-9623-84acf12219b8.crx.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.1\b6871200-4fce-465f-8aaa-c0ac45b69709.exe.vir    a variant of Win32/Toolbar.CrossRider.AG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.1\d763c749-dda0-4d10-85f1-d9cc91924381-11.exe.vir    a variant of Win32/Toolbar.CrossRider.AQ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.1\d763c749-dda0-4d10-85f1-d9cc91924381-2.exe.vir    a variant of Win32/Toolbar.CrossRider.AR potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.1\d763c749-dda0-4d10-85f1-d9cc91924381-3.exe.vir    a variant of Win32/Toolbar.CrossRider.AQ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.1\d763c749-dda0-4d10-85f1-d9cc91924381-4.exe.vir    a variant of Win32/Toolbar.CrossRider.AQ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.1\d763c749-dda0-4d10-85f1-d9cc91924381-5.exe.vir    a variant of Win32/Toolbar.CrossRider.AN potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.1\d763c749-dda0-4d10-85f1-d9cc91924381-6.exe.vir    a variant of Win32/Toolbar.CrossRider.AP potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.1\d763c749-dda0-4d10-85f1-d9cc91924381-7.exe.vir    a variant of Win32/Toolbar.CrossRider.AM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.1\d763c749-dda0-4d10-85f1-d9cc91924381.crx.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.1\d763c749-dda0-4d10-85f1-d9cc91924381.xpi.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.1\f7cddb53-3758-4031-bc8f-635e2b0323e5.crx.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.1\f7cddb53-3758-4031-bc8f-635e2b0323e5.dll.vir    a variant of Win32/Toolbar.CrossRider.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.1\HD-V2.1-bg.exe.vir    a variant of Win32/Toolbar.CrossRider.AL potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.1\HD-V2.1-bho.dll.vir    a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD-V2.1\HD-V2.1-codedownloader.exe.vir    a variant of Win32/Toolbar.CrossRider.AM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\uTorrentBar\hk64tbuTo0.dll.vir    Win64/Toolbar.Conduit.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\uTorrentBar\hk64tbuTo2.dll.vir    a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\uTorrentBar\hktbuTo0.dll.vir    Win32/Toolbar.Conduit.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\uTorrentBar\hktbuTo2.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\uTorrentBar\tbuTo1.dll.vir    a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\WINDOWS\system32\hfpapi.dll.vir    a variant of Win32/RiskWare.NetFilter.B application
C:\AdwCleaner\Quarantine\C\WINDOWS\system32\installd.exe.vir    a variant of Win32/Amonetize.AZ potentially unwanted application
C:\AdwCleaner\Quarantine\C\WINDOWS\system32\nethtsrv.exe.vir    a variant of Win32/Amonetize.AZ potentially unwanted application
C:\AdwCleaner\Quarantine\C\WINDOWS\system32\netupdsrv.exe.vir    a variant of Win32/Amonetize.AZ potentially unwanted application
C:\Documents and Settings\bebo\Application Data\Opera Software\Opera Stable\Extensions\pldeppocfnbnopadlkalkhefdhglkijd\1.26.23_0\extensionData\plugins\91.js    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Program Files\Radmin\raddrv.dll    Win32/RemoteAdmin potentially unsafe application
C:\Program Files\Radmin\r_server.exe    Win32/RAdmin.22 potentially unsafe application
C:\Qoobox\Quarantine\C\WINDOWS\system32\hfnapi.dll.vir    a variant of Win32/RiskWare.NetFilter.B application
C:\Qoobox\Quarantine\C\WINDOWS\system32\Process.exe.vir    Win32/PrcView potentially unsafe application
C:\Qoobox\Quarantine\C\WINDOWS\system32\raddrv.dll.vir    Win32/RemoteAdmin potentially unsafe application
C:\Qoobox\Quarantine\C\WINDOWS\system32\r_server.exe.vir    Win32/RAdmin.22 potentially unsafe application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000012.exe    a variant of Win32/ELEX.AV potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000013.exe    a variant of Win32/ELEX.AM potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000014.dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000085.dll    Win64/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000086.dll    Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000087.dll    Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000088.dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000092.dll    Win64/Toolbar.Conduit.A potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000093.dll    a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000094.dll    Win32/Toolbar.Conduit.W potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000095.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000096.dll    a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000101.exe    a variant of Win32/Toolbar.CrossRider.AG potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000102.exe    a variant of Win32/Toolbar.CrossRider.AQ potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000103.exe    a variant of Win32/Toolbar.CrossRider.AR potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000104.exe    a variant of Win32/Toolbar.CrossRider.AQ potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000105.exe    a variant of Win32/Toolbar.CrossRider.AQ potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000106.exe    a variant of Win32/Toolbar.CrossRider.AN potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000107.exe    a variant of Win32/Toolbar.CrossRider.AP potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000108.exe    a variant of Win32/Toolbar.CrossRider.AM potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000109.dll    a variant of Win32/Toolbar.CrossRider.AI potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000110.exe    a variant of Win32/Toolbar.CrossRider.AL potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000111.dll    a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000112.exe    a variant of Win32/Toolbar.CrossRider.AM potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000125.dll    Win64/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000126.dll    Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000127.dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000130.dll    Win64/Toolbar.Conduit.A potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000131.dll    a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000132.dll    Win32/Toolbar.Conduit.W potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000133.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000134.dll    a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000440.dll    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000441.exe    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000442.dll    a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000444.dll    a variant of Win32/RiskWare.NetFilter.B application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000445.exe    a variant of Win32/Amonetize.AZ potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000446.exe    a variant of Win32/Amonetize.AZ potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000447.exe    a variant of Win32/Amonetize.AZ potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000648.dll    a variant of Win32/RiskWare.NetFilter.B application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000651.exe    Win32/PrcView potentially unsafe application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000652.exe    Win32/RAdmin.22 potentially unsafe application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP1\A0000653.dll    Win32/RemoteAdmin potentially unsafe application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP2\A0000948.exe    a variant of Win32/Toolbar.CrossRider.AQ potentially unwanted application
C:\System Volume Information\_restore{C19506E2-AAFA-471F-A119-DF2330332196}\RP2\A0000949.exe    a variant of Win32/Toolbar.CrossRider.AQ potentially unwanted application
G:\ApexDC++_1.5.12.2141_Setup.exe    Win32/OpenCandy potentially unsafe application
G:\????????\ACDSee.Photo.Manager.v10.0.219.Incl.Keymaker-CORE.rar    a variant of Win32/Keygen.AG potentially unsafe application
G:\????????\ACDSee.v9.0.108.Photo.Manager.Incl.Keymaker-CORE.rar    a variant of Win32/Keygen.AG potentially unsafe application
G:\????????\BSPlayer Pro 2.12.942+keygen.rar    a variant of Win32/Keygen.AG potentially unsafe application
G:\????????\Cyberlink PowerDVD DELUXE v6.0.0.1102 Multilanguage + Keygen.rar    a variant of Win32/Keygen.CW potentially unsafe application
G:\????????\CyberLink.PowerDVD.v7.0.1725.0+pach+bgfile+key.zip    a variant of Win32/Keygen.CW potentially unsafe application
G:\????????\setupxv.exe    Win32/FraudTool.AntiSpyware potentially unsafe application
G:\????????\Adobe PhotoShop CS2 - CS3\Adobe Photoshop 9.0 CS2.rar    a variant of Win32/Keygen.CW potentially unsafe application
G:\????????\Adobe PhotoShop CS2 - CS3\Adobe.Photoshop.CS4.Extended.Read.Nfo-ENGiNE\Adobe_PS_CS4.iso    a variant of Win32/HackTool.Patcher.D potentially unsafe application
G:\????????\BSPlayer Pro 2.56 Build 1043\keygen.rar    a variant of Win32/Keygen.AC potentially unsafe application
G:\????????\CCleaner v3.12.1572 + Portable\Setup\ccsetup312.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application
G:\????????\HardCopy Pro 3.0.7\hardcopy.pro.v3.0.7-patch.exe    a variant of Win32/HackTool.Patcher.BD potentially unsafe application
G:\????????\Mark\3D Mark\3DMark2005\Futuremark 3DMark Pro 2005 v1.0.0 Keygen.zip    a variant of Generik.IWBNQQW trojan
G:\????????\Mark\PC Mark\PCMark05\PCMark05 + crack.zip    a variant of Win32/Keygen.CS potentially unsafe application
G:\????????\Perfect.Photo.Suite.6.0.2\Activator.X-Force\onOneSoftware Perfect Photo Suite Activator-X-Force.exe    a variant of Win32/Keygen.HA potentially unsafe application
G:\????????\Photo  Shop - ???????\Adobe.Photoshop.CS3.Plugins\OnOne.Genuine.Fractals.PrintPro.v.5.0.3.for.Adobe.Photoshop-SCOTCH\onOne.Software.MultiKeygen.v1.0.exe    a variant of Win32/Keygen.IU potentially unsafe application
G:\????????\Photo  Shop - ???????\Adobe.Photoshop.CS3.Plugins\OnOne.Intellihance.Pro.v4.2.1.for.Adobe.Photoshop-SCOTCH\onOne.Software.MultiKeygen.v1.0.exe    a variant of Win32/Keygen.IU potentially unsafe application
G:\????????\Photo  Shop - ???????\Adobe.Photoshop.CS3.Plugins\OnOne.PhotoFrame.Pro.v3.1.1.for.Adobe.Photoshop-SCOTCH\Keygen\onOne.Software.MultiKeygen.v1.0.exe    a variant of Win32/Keygen.IU potentially unsafe application
G:\????????\Photo  Shop - ???????\Akvis_Pack\Akvis 10 Crack 8bf\AKVIS_Frame_Suite_1.0.271.1144-r_Cracked-ahteam.zip    a variant of Win32/Kryptik.CVZ trojan
G:\????????\Photo  Shop - ???????\Akvis_Pack\Akvis 10 Crack 8bf\AKVIS_Ligth Shop1.2.rar    a variant of Generik.MGEXBHQ trojan
G:\????????\Photo  Shop - ???????\Akvis_Pack\Akvis 10 Crack 8bf\AKVIS_Noise Buster 4.0.436.rar    a variant of Generik.GHSWGER trojan
G:\????????\Photo  Shop - ???????\Akvis_Pack\Akvis 10 Crack 8bf\AKVIS_Stamp_3.0_Cracked-ahteam.zip    a variant of Generik.KJPOLTL trojan
G:\????????\Photo  Shop - ???????\onOne Software\Intellihance Pro 4.2.1\onOne.Software.MultiKeygen.v1.1.exe    a variant of Win32/Keygen.IU potentially unsafe application
G:\????????\Photo  Shop - ???????\onOne Software\Intellihance Pro 4.2.1\onOne.Software.MultiKeygen.v1.1.rar    a variant of Win32/Keygen.IU potentially unsafe application
G:\????????\Photo  Shop - ???????\onOne Software\onOne Software Mask Pro 4.1.8\Mask_Pro_4.1.8.rar    a variant of Win32/Keygen.BH potentially unsafe application
G:\????????\Photo  Shop - ???????\onOne Software\onOne Software Mask Pro 4.1.8\cr-oomp4\keygen.exe    a variant of Win32/Keygen.BH potentially unsafe application
G:\????????\Photo  Shop - ???????\??????? ?? PhotoShop Alien Skins Software 2009 pack\Alien Skin BlowUp v2.0.2\blow.up.2.0.2-patch.exe    a variant of Win32/HackTool.Patcher.T potentially unsafe application
G:\????????\Photo  Shop - ???????\??????? ?? PhotoShop Alien Skins Software 2009 pack\BlowUp 2.0.3\Keygen\keygen.exe    a variant of Win32/Keygen.CX potentially unsafe application
G:\????????\Photo  Shop - ???????\??????? ?? PhotoShop Alien Skins Software 2009 pack\Bokeh 1.0.2\Keygen\keygen.exe    a variant of Win32/Keygen.CX potentially unsafe application
G:\????????\Photo  Shop - ???????\??????? ?? PhotoShop Alien Skins Software 2009 pack\EyeCandy 6.0\Keygen\keygen.exe    a variant of Win32/Keygen.CX potentially unsafe application
G:\????????\Photo  Shop - ???????\??????? ?? PhotoShop Alien Skins Software 2009 pack\SnapArt 2.0\Keygen\keygen.exe    a variant of Win32/Keygen.CX potentially unsafe application
G:\????????\Photo Shop - ??????? ???? ?? ????\Mask_Pro_4.1.8.rar    a variant of Win32/Keygen.BH potentially unsafe application
G:\?????\????????\???????? ?? ??????? ?? ????????\Driver Genius.zip    Win32/DriverGenius.A potentially unwanted application
G:\?????\????????\???????? ?? ??????? ?? ????????\Driver.Genius.v12.0.0.1211\Driver.Genius.v12.0.0.1211.exe    Win32/DriverGenius.A potentially unwanted application
G:\?????\????????\???????? ?? ????????\cbsidlm-cbsi134-Wise_Disk_Cleaner-ORG-10613345.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
G:\?????\????????\???????? ?? ????????\New WinRAR ZIP ?????.zip    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
G:\?????\????????\???????? ?? ????????\Revo.Uninstaller.Pro.v3.0.7\revo.uninstaller.pro.3.x.(x64)-patch.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
G:\?????\????????\???????? ?? ????????\Revo.Uninstaller.Pro.v3.0.7\revo.uninstaller.pro.3.x.(x86)-patch.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
 


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2014-09-12
Scan Time: 19:24
Logfile: antimaware.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.12.05
Rootkit Database: v2014.09.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: bebo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360698
Time Elapsed: 11 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.DiVapton.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cmfpfjjciophcbhnhnpbadhmdmfgceic, Quarantined, [be06509c7209a6900c9f1bf240c37f81],
PUP.Optional.FastStart.A, HKU\S-1-5-21-861567501-1409082233-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [13b1826a32493501e42548b5b44e1be5],

Registry Values: 1
PUP.Optional.FastStart.A, HKU\S-1-5-21-861567501-1409082233-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, [email protected], Quarantined, [13b1826a32493501e42548b5b44e1be5]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.IStartSurf.A, C:\Documents and Settings\bebo\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences, Good: (), Bad: (        "search_url": "http://www.istartsurf.com/web/?type=ds&ts=1410076223&from=amt&uid=ST3400620AS_9QG57HARXXXX9QG57HAR&q={searchTerms}"), Replaced,[6d576a82adcebd79b25a71bca95c30d0]

Physical Sectors: 0
(No malicious items detected)


(end)

Линк към коментара
Сподели в други сайтове

Отворете Notepad и с copy/paste копирайте цялата информация от карето по-долу:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Documents and Settings\bebo\Application Data\Opera Software\Opera Stable\Extensions\pldeppocfnbnopadlkalkhefdhglkijd\1.26.23_0\extensionData\plugins\91.js"
"C:\Program Files\Radmin\raddrv.dll"
"C:\Program Files\Radmin\r_server.exe"


) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0

Запазвате файла Notepad  като fix.bat като изберете Save as type: - All Files
Файла трябва да изглежда така: vista_bat_icon.png
Кликнете два пъти върху fix.bat за да го стартирате.
Публикувайте това, което пише в следващия си отговор. Натиснете произволен клавиш, за да продължите.

 

 

1 Създайте нова точка за възстановяване

Кликнете на Start => Programs => Accessories => System Tools => System Restore

 

systemrestore-thumb.png
Изберете Create a restore point, щракнете върху Next.

 

createsystemrestorepoint-thumb.png
Въведете име на точка за възстановяване и щракнете върху Create

 

 

 

2 Почистете  всички предишни (стари) точки за възстановяване,

Кликнете на Start => Programs => Accessories => System Tools => Disk Cleanup, изберете системния диск.
В раздела Advanced => > System Restore, натиснете Clear
Щракнете върху Yes , за да изчистите всички точки за възстановяване с изключение на последната.

 

http://www.youtube.com/watch?v=hVqOfvUCLaI

Линк към коментара
Сподели в други сайтове

C:\Documents and Settings\bebo\Application Data\Opera Software\Opera Stable\Extensions\pldeppocfnbnopadlkalkhefdhglkijd\1.26.23_0\extensionData\plugins\91.js
C:\Program Files\Radmin\raddrv.dll
C:\Program Files\Radmin\r_server.exe
 


Какво име на точка за възстановяване трябва да въведа ?

Линк към коментара
Сподели в други сайтове

C:\Documents and Settings\bebo\Application Data\Opera Software\Opera Stable\Extensions\pldeppocfnbnopadlkalkhefdhglkijd\1.26.23_0\extensionData\plugins\91.js

C:\Program Files\Radmin\raddrv.dll

C:\Program Files\Radmin\r_server.exe

 

Бач файла не е сработил..!

 

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

 

KILLALL::
ClearJavaCache::

File::
C:\Documents and Settings\bebo\Application Data\Opera Software\Opera Stable\Extensions\pldeppocfnbnopadlkalkhefdhglkijd\1.26.23_0\extensionData\plugins\91.js
C:\Program Files\Radmin\raddrv.dll
C:\Program Files\Radmin\r_server.exe

Folder::
C:\Program Files\Radmin


 

 След съхранението преместете  CFScript.txt на иконата на ComboFix.exe

CFScriptB-4.gif

Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

Линк към коментара
Сподели в други сайтове

ComboFix 14-09-12.01 - bebo 2014-09-14   9:57.5.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1251.1.1033.18.3071.2038 [GMT 3:00]
Running from: g:\филми\ComboFix.exe
Command switches used :: c:\documents and settings\bebo\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\documents and settings\bebo\Application Data\Opera Software\Opera Stable\Extensions\pldeppocfnbnopadlkalkhefdhglkijd\1.26.23_0\extensionData\plugins\91.js"
"c:\program files\Radmin\r_server.exe"
"c:\program files\Radmin\raddrv.dll"
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\bebo\Application Data\Opera Software\Opera Stable\Extensions\pldeppocfnbnopadlkalkhefdhglkijd\1.26.23_0\extensionData\plugins\91.js
c:\program files\Radmin
c:\program files\Radmin\help.cnt
c:\program files\Radmin\help.hlp
c:\program files\Radmin\license.txt
c:\program files\Radmin\r_server.exe
c:\program files\Radmin\raddrv.dll
c:\program files\Radmin\README.TXT
c:\program files\Radmin\uninstal.exe
c:\program files\Radmin\uninstal.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-14 to 2014-09-14  )))))))))))))))))))))))))))))))
.
.
2014-09-09 14:19 . 2010-08-30 05:34    536576    ----a-w-    c:\windows\system32\sqlite3.dll
2014-09-09 14:19 . 2014-09-09 14:27    --------    d-----w-    C:\AdwCleaner
2014-09-09 13:12 . 2014-09-09 13:13    --------    d-----w-    C:\FRST
2014-09-07 07:52 . 2014-09-07 09:03    --------    d-----w-    c:\documents and settings\bebo\Application Data\25540
2014-09-07 07:50 . 2014-09-09 21:12    --------    d-----w-    c:\program files\Common Files\Config
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-13 14:09 . 2007-10-27 13:20    196608    ----a-w-    c:\windows\system32\drivers\nStandard.bin
2014-09-12 20:24 . 2014-04-22 18:55    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-10 16:15 . 2012-04-06 20:02    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-09-10 16:15 . 2011-05-19 15:13    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-06 10:08 . 2014-07-06 10:08    190240    ----a-w-    c:\windows\system32\drivers\snapman.sys
2014-07-06 10:04 . 2014-07-06 10:04    88352    ----a-w-    c:\windows\system32\drivers\fltsrv.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-10-23 15709984]
"NvMediaCenter"="NvMCTray.dll" [2013-10-23 209184]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-10-23 2602784]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"CTDVDDET"="c:\program files\Creative\DVDAudio\CTDVDDET.EXE" [2003-06-17 45056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2014-05-30 383528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2011-1-21 95232]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^bebo^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\bebo\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2006-11-16 09:05    1953792    ------r-    c:\windows\system32\JMRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
2007-03-27 22:29    1110016    -c--a-w-    c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-03 12:18    94208    ----a-w-    c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:42    110592    ----a-w-    c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 15:23    102400    ------w-    c:\program files\Creative\MediaSource\Detector\CTDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2013-09-12 10:06    5110672    ----a-w-    c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
2006-11-01 12:50    2154496    ----a-w-    c:\program files\GameFace Messenger\GameFace.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GamerOSD]
2007-02-14 06:42    380928    -c--a-w-    c:\program files\ASUS\GamerOSD\GamerOSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 15:36    30040    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2006-10-30 12:44    36864    -c----r-    c:\windows\JM\JMInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50    155648    -c--a-w-    c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2014-09-07 09:27    6688024    ----a-w-    c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-11 17:55    68856    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" silent loginmode=4
"Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BigDogPath"=c:\windows\VM_STI.EXE VIMICRO USB PC Camera
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"c:\\Program Files\\GameFace Messenger\\GameFace.exe"=
"g:\\Valve\\hl.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"g:\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"g:\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"g:\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13948:TCP"= 13948:TCP:BitComet 13948 TCP
"13948:UDP"= 13948:UDP:BitComet 13948 UDP
"9218:TCP"= 9218:TCP:BitComet 9218 TCP
"9218:UDP"= 9218:UDP:BitComet 9218 UDP
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2014-07-06 88352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-10-27 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-09-17 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2013-09-17 118768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-10-11 142648]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2010-06-16 57344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-09-12 1337752]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-03-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-03-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-03-18 566360]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-03-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2014-04-27 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-03-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-03-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-03-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-03-18 566360]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2009-12-30 27064]
S3 Tlncapd_wo;Tlncapd_wo;c:\windows\system32\attrib.exe [2004-08-04 12288]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-05-06 11520]
S3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\drivers\usbVM31b.sys [2007-10-28 91263]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-09 20:33    1096520    ----a-w-    c:\program files\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 06:09]
.
2014-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 16:15]
.
2014-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 19:39]
.
2014-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 19:39]
.
2014-09-14 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2001-12-31 01:59]
.
2014-09-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2001-12-31 01:59]
.
2014-09-14 c:\windows\Tasks\Opera scheduled Autoupdate 1383309797.job
- c:\program files\Opera\launcher.exe [2013-11-01 09:15]
.
2014-09-13 c:\windows\Tasks\User_Feed_Synchronization-{6655FF0E-5154-4E7B-943B-8DD397BC58CB}.job
- c:\windows\system32\msfeedssync.exe [2007-10-27 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.10\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.10\MediaManager\grab.html
TCP: DhcpNameServer = 192.168.0.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\bebo\Application Data\Mozilla\Firefox\Profiles\qyfs33tg.default\
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Remote Administrator v2.2 - c:\program files\Radmin\uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-14 10:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?
  CTHelper = CTHELPER.EXE?
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3872)
c:\windows\system32\WININET.dll
c:\windows\system32\newdll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\ATKKBService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2014-09-14  10:08:03 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-14 07:07
ComboFix2.txt  2014-09-11 23:58
ComboFix3.txt  2014-09-10 16:44
ComboFix4.txt  2014-09-09 21:19
.
Pre-Run: 8,933,314,560 bytes free
Post-Run: 8,921,124,864 bytes free
.
- - End Of File - - C0D3B86FA2B34E3993D0F7C53D7D8C20
8F558EB6672622401DA993E1E865C861
 

Линк към коментара
Сподели в други сайтове

Прекрасно..! Ами да приключваме:
 
Деинсталирайте ComboFix така:
 
 

  • Натиснете Start ==> Run ==> въведете командата Combofix /Uninstall ==> OK

CF.jpg
 

  • Моля, следвайте инструкциите, за да деинсталирате ComboFix. Ще получите съобщение, в което се казва ComboFix е деинсталиран успешно.

     
     
    icon_arrow.gif Изтеглете следния файл и го запазете в папката от която стартирахте FRST.exe.
    Стартирайте FRST.exe и натиснете бутона Fix веднъж!
    След като приключи публикувайте лог файла - fixlog.txt, който ще се създаде след работата. Той трябва да изтрие карантинната папка на инструмента разположена в C:FRSTQuarantine.
     
     
    icon_exclaim.gif Деинсталирайте adwcleaner.exe
     
  • Моля, затворете всички отворени програми и интернет браузъри.
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Кликнете върху Uninstall .
  • Щракнете върху Yes за да деинсталирате Adwcleaner

 
 
icon_arrow.gif Деинсталирайте ESET Online Scaner.
 

  • Start => Run, въведете control appwiz.cpl в полето.След това натиснете ENTER.
  • Изберете ESET Online Scanner от списъка с приложения, а след това маркирайте Remove. Aко бъдете подканени рестартирайте компютъра си.

 
 
icon_arrow.gif Препоръчвам програмата Malwarebytes' Anti-Malware да остане на вашия компютър и периодично да сканирате системата си с нея (поне един -два пъти в седмицата),като не забравяйте да обновите дефинициите и преди всяко сканиране..!
 
 
vxyzw0.gif Java не е актуална а по-старите версии съдържат уязвимости. Нужно е да обновете до най-новата версия:
Изтеглете най-новата версия от тук: Free Java Download
Важно е да се отстранят по-стари версии на Java, тъй като тя не прави това автоматично и старите версии все още ви оставя уязвими.
Отидете на Start > Control Panel > отворете Uninstall a program
Намерете в списъка  всички предишни инсталирани версии на Java. (J2SE Runtime Environment).Във вашия случай:Java 7 Update 20.Изберете всяка поотделно и я деинсталирайте като щракнете върху Uninstall.След като старите версии са премахнати, моля инсталирайте най-новата версия.

 

vxyzw0.gifСтартирайте PatchMyPC и инсталирайте всички ъпдейти, които инструмента ви предложи.
 
 
icons-support.png 
 
Дефрагментирайте  вашата система. Аз ви препоръчвам това да стане с програмата MyDefrag.

 

  • Не се препоръчва дефрагментация на SSD Твърд диск
    Изтеглете MyDefrag и я инсталирайте.
     
    Изберете System Disk Monthly => Посочете системния и recovery дяловете и натиснете Run
     
    t23MhLW.png
     
    Може да отнеме доста време...след като приключи ще изпише Finished и можете да затворите програмата от X-са
     
    How+do+I+consolidate+free+space+using+My
     
    След това рестартирайте системата.

 

 

Бих ви препоръчал:

 

 

Ръководство за поддръжка на Windows (XP, Vista и 7) [Revision 2.0]

Какво да направя, ако компютърът ми работи бавно

Профилактика на компютъра,как?

 

 

Това е от мен..!Ако нямате други въпроси маркирам случая за "Решен"...! Пожелавам лек ден и безопасен интернет..! :)

 

Линк към коментара
Сподели в други сайтове

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от CaptainJord
      Здравейте, от известно време системата ми не работи както обикновенно. Много често процесора е към 100%, както и другите статистики. Също така, докато съм пуснал някоя игра получавам рязки спадове на FPS, което не е нормално за компютъра ми. Имам стабилна конфигурация GTX 1050 TI 4gb I5 6600k. Теглих какви ли не програми за сканиране на malware - намираха доста зловредни файлове, но уж ги чистят, а пак продължава проблема...
       

       
      Addition.txt FRST.txt

    • от FrankyF
      Здравейте, на скоро ми излезе един попъп :

      И понеже нямах антивирусна преди това исках да направя профилактична проверка.
      Прикачвам FRST & Adition.
      Adition - https://dox.abv.bg/download?id=ec814d8d64# - Линк за сваляне
      ckfiles - https://dox.abv.bg/download?id=e280a29d87# - Линк за сваляне
      FRST - https://dox.abv.bg/download?id=bb2866b435# - Линк за сваляне
      Днес като стартирах PC  видях за около части от секундата 4 терминала които се отвориха и затвориха.
       
      Благодаря предварително.
      Поздрави
    • от blazarow09
      От скоро ползвам машината и след като я закупих(нова) Windows defender беше спрян по подразбиране и на негово място имаше Norton Security, като аз прецених да го оставя, въпреки, че винаги съм ползвал Windows Defender. Преди седмица-две, след сканиране на системата ми излязоха няколко зловредни файла и антивирусната започна да спрами за някакви BitCoin Miners, аз мислех, че съм ги зачистил, но явно все още има останали зловредни файлове и днес ми се наложи да отворя Device Manager-a, като получих това съобщение.
       
      Не усещам разлика в performance-a на самата машина, но искам да съм сигурен, че всичко е наред и няма файлове, които могат да ми навредят за в бъдеще.

      Прикачвам логовете от Farbar и се надявам да ми помогнете. Благодаря предварително!
      Addition.txt FRST.txt
    • от Yanichka
      Здравейте. Имам проблеми с лаптопа ми от известно време - много е бавен, пренатоварва се и CPU-то работи на по-малко от  50%.. Бях посъветвана първо да проверя за вируси и нежелани софтуери, преди да предприема други мерки. Лаптопът е DELL Latitude E5540, Intel inside core i7 vPro. Да кажем, че  е средно на около 6 годинки :)) Коя антивирусна програма бихте ми препоръчали? Ако имате нужда от още информация за лаптопа, само пишете ;))  Благодаря предварително
  • Дарение

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване