Премини към съдържанието
От 1-ви септември 2021 г., вход във форумите ще е възможен само с имейл адрес вместо потребителско име. Ако не помните имейла с който сте се регистрирали, вижте го в настройките на профила си. ×
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Съмнение за keylogger?


Препоръчан отговор


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Asus (administrator) on ASUS-PC on 21-09-2014 16:16:22
Running from C:\Users\Asus\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Български (България)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\ProgramData\DataCardService\HWDeviceService64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BitTorrent Inc.) C:\Users\Asus\AppData\Roaming\uTorrent\uTorrent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\ouc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() D:\Games\RADS\system\rads_user_kernel.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
() D:\Games\RADS\projects\lol_launcher\releases\0.0.0.222\deploy\LoLLauncher.exe
() D:\Games\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\LoLPatcher.exe
() D:\Games\RADS\projects\lol_air_client\releases\0.0.1.110\deploy\LolClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1023104 2012-11-29] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-11-29] (Atheros Commnucations)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-20] (Intel Corporation)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2583472303-2120457411-2282673170-1000\...\Run: [uTorrent] => C:\Users\Asus\AppData\Roaming\uTorrent\uTorrent.exe [1418832 2014-09-13] (BitTorrent Inc.)
HKU\S-1-5-21-2583472303-2120457411-2282673170-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-2583472303-2120457411-2282673170-1000\...\Run: [MKLOL] => "C:\Program Files (x86)\MKJogo\MKLOL\MK.exe" -auto
HKU\S-1-5-21-2583472303-2120457411-2282673170-1000\...\Run: [spotify Web Helper] => C:\Users\Asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-04] (Spotify Ltd)
HKU\S-1-5-21-2583472303-2120457411-2282673170-1000\...\Run: [MicroUpdate] => C:\Windows\system32\MSDCSC\msdcsc.exe
HKU\S-1-5-21-2583472303-2120457411-2282673170-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6462744 2014-08-21] (Piriform Ltd)
HKU\S-1-5-21-2583472303-2120457411-2282673170-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2583472303-2120457411-2282673170-1000\...\MountPoints2: {25b1f969-0669-11e3-ba34-240a64271754} - G:\AutoRun.exe
HKU\S-1-5-21-2583472303-2120457411-2282673170-1000\...\MountPoints2: {25b1f978-0669-11e3-ba34-240a64271754} - G:\AutoRun.exe
HKU\S-1-5-21-2583472303-2120457411-2282673170-1000\...\MountPoints2: {25b1f9a7-0669-11e3-ba34-240a64271754} - G:\AutoRun.exe
HKU\S-1-5-21-2583472303-2120457411-2282673170-1000\...\MountPoints2: {b08f300b-08c5-11e3-8e95-240a64271754} - G:\AutoRun.exe
HKU\S-1-5-21-2583472303-2120457411-2282673170-1000\...\MountPoints2: {f10e45c0-056f-11e3-af8f-806e6f6e6963} - F:\Install.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {7C479AAB-BA6A-4A2B-8E62-738ACE623810} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{AF94B4B2-625B-44EE-8CEC-34447A5E0F79}: [NameServer] 212.39.90.42 212.39.90.43
Tcpip\..\Interfaces\{F7EF917D-9ADD-4969-8CC1-4A4A94678483}: [NameServer] 212.39.90.42 212.39.90.43
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://istart.webssearches.com/?type=hp&ts=1409660573&from=wpc&uid=HGSTXHTS541075A9E680_J81100A9G1DVKHG1DVKHX", "hxxp://search.gboxapp.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Profile: C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Диск) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-15]
CHR Extension: (YouTube) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-15]
CHR Extension: (Google Търсене) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-15]
CHR Extension: (Marlies Dekkers) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepnljgdbelppefncogilfbjikmnbhjm [2013-09-29]
CHR Extension: (Google Wallet) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-15]
CHR HKCU\...\Chrome\Extension: [fibbpolejomdcpiahkgcmdmaliooeien] - C:\Users\Asus\AppData\Local\CRE\fibbpolejomdcpiahkgcmdmaliooeien.crx [2014-08-03]
CHR HKLM-x32\...\Chrome\Extension: [fibbpolejomdcpiahkgcmdmaliooeien] - C:\Users\Asus\AppData\Local\CRE\fibbpolejomdcpiahkgcmdmaliooeien.crx [2014-08-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-19] ()
S2 VIVACOM 3G USB Modem. RunOuc; C:\Users\Asus\Desktop\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [655712 2013-08-16] ()
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-11-29] (Atheros)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 VMUSBArbService; "C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [65784 2013-02-06] (ASUS Corporation)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-16] (Disc Soft Ltd)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [224768 2013-08-16] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-14] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-08-15] (Duplex Secure Ltd.)
U3 acy50jn1; C:\Windows\System32\Drivers\acy50jn1.sys [0 ] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 16:16 - 2014-09-21 16:17 - 00022735 _____ () C:\Users\Asus\Downloads\FRST.txt
2014-09-21 16:16 - 2014-09-21 16:16 - 02105856 _____ (Farbar) C:\Users\Asus\Downloads\FRST64.exe
2014-09-21 16:16 - 2014-09-21 16:16 - 00000000 ____D () C:\FRST
2014-09-21 15:59 - 2014-09-21 15:59 - 00000000 ___RD () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-21 15:52 - 2014-09-21 15:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-09-21 15:52 - 2014-09-21 15:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-09-21 15:45 - 2014-09-21 15:58 - 00012618 _____ () C:\Windows\PFRO.log
2014-09-21 14:46 - 2014-09-21 14:46 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-21 14:46 - 2014-09-21 14:46 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-21 14:46 - 2014-09-21 14:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-21 14:46 - 2014-09-21 14:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-21 14:45 - 2014-09-21 14:45 - 14087848 _____ (Microsoft Corporation) C:\Users\Asus\Downloads\mseinstall.exe
2014-09-21 14:19 - 2014-09-21 14:19 - 00287496 _____ () C:\Windows\Minidump\092114-19047-01.dmp
2014-09-21 13:20 - 2014-09-21 15:58 - 00000672 _____ () C:\Windows\setupact.log
2014-09-21 13:20 - 2014-09-21 13:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-20 21:14 - 2014-09-20 21:14 - 00001329 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2014-09-20 21:14 - 2014-09-20 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-09-20 21:13 - 2014-09-20 21:13 - 30993712 _____ (Riot Games) C:\Users\Asus\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe
2014-09-20 19:14 - 2014-09-20 19:14 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-09-20 19:14 - 2014-09-20 19:14 - 00000000 ____D () C:\Windows\system32\NV
2014-09-20 19:14 - 2014-09-20 19:14 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-20 19:11 - 2014-09-14 02:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-20 19:11 - 2014-09-14 02:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-09-20 19:11 - 2014-09-14 02:48 - 00032576 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-09-19 19:13 - 2014-09-19 19:13 - 00000000 ____D () C:\Users\Asus\Downloads\geek
2014-09-19 19:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-19 19:10 - 2014-09-20 19:46 - 00000000 ____D () C:\AdwCleaner
2014-09-19 19:09 - 2014-09-19 19:09 - 01373475 _____ () C:\Users\Asus\Desktop\AdwCleaner.exe
2014-09-17 14:22 - 2014-09-17 14:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-17 14:22 - 2014-09-17 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-11 03:14 - 2014-08-19 21:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:14 - 2014-08-19 20:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 03:14 - 2014-08-19 02:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:14 - 2014-08-19 01:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:14 - 2014-08-19 01:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:14 - 2014-08-19 01:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 03:14 - 2014-08-19 01:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:14 - 2014-08-19 01:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:14 - 2014-08-19 01:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:14 - 2014-08-19 01:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:14 - 2014-08-19 01:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:14 - 2014-08-19 01:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:14 - 2014-08-19 01:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 03:14 - 2014-08-19 01:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:14 - 2014-08-19 01:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:14 - 2014-08-19 01:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:14 - 2014-08-19 01:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:14 - 2014-08-19 01:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:14 - 2014-08-19 01:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:14 - 2014-08-19 00:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 03:14 - 2014-08-19 00:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:14 - 2014-08-19 00:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:14 - 2014-08-19 00:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 03:14 - 2014-08-19 00:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:14 - 2014-08-19 00:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 03:14 - 2014-08-19 00:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 03:14 - 2014-08-19 00:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 03:14 - 2014-08-19 00:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 03:14 - 2014-08-19 00:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:14 - 2014-08-19 00:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:14 - 2014-08-19 00:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 03:14 - 2014-08-19 00:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 03:14 - 2014-08-19 00:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:14 - 2014-08-19 00:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 03:14 - 2014-08-19 00:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 03:14 - 2014-08-19 00:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 03:14 - 2014-08-19 00:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 03:14 - 2014-08-19 00:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:14 - 2014-08-19 00:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:14 - 2014-08-19 00:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:14 - 2014-08-19 00:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:14 - 2014-08-19 00:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 03:14 - 2014-08-19 00:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 03:14 - 2014-08-19 00:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 03:14 - 2014-08-19 00:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 03:14 - 2014-08-19 00:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:14 - 2014-08-19 00:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 03:14 - 2014-08-19 00:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:14 - 2014-08-19 00:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 03:14 - 2014-08-19 00:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 03:14 - 2014-08-19 00:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 03:14 - 2014-08-18 23:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:14 - 2014-08-18 23:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 03:14 - 2014-08-18 23:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 03:14 - 2014-08-18 23:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:14 - 2014-08-18 23:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 03:00 - 2014-06-27 05:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 03:00 - 2014-06-27 04:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 23:36 - 2014-08-01 14:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 23:36 - 2014-08-01 14:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 23:29 - 2014-07-07 05:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 23:29 - 2014-07-07 05:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 23:29 - 2014-07-07 04:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 23:29 - 2014-07-07 04:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 23:29 - 2014-07-07 04:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 23:29 - 2014-06-24 06:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 23:29 - 2014-06-24 05:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 23:28 - 2014-09-05 05:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 23:28 - 2014-09-05 05:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-08 22:47 - 2014-09-08 22:47 - 03082897 _____ () C:\Users\Asus\Downloads\LFS-Tweak.com_0.6E_Pro_Tweaker.rar
2014-09-03 22:34 - 2014-09-07 18:42 - 00001131 _____ () C:\Users\Asus\Desktop\Учебници 10 клас.txt
2014-08-31 16:43 - 2014-09-12 19:34 - 00000000 ____D () C:\Users\Asus\Desktop\subs season 4 TW
2014-08-28 15:20 - 2014-08-23 05:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 15:20 - 2014-08-23 04:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 15:20 - 2014-08-23 03:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 16:17 - 2014-09-21 16:16 - 00022735 _____ () C:\Users\Asus\Downloads\FRST.txt
2014-09-21 16:17 - 2013-08-15 14:22 - 00000000 ____D () C:\Users\Asus\AppData\Local\PMB Files
2014-09-21 16:17 - 2013-08-15 07:51 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Skype
2014-09-21 16:16 - 2014-09-21 16:16 - 02105856 _____ (Farbar) C:\Users\Asus\Downloads\FRST64.exe
2014-09-21 16:16 - 2014-09-21 16:16 - 00000000 ____D () C:\FRST
2014-09-21 16:16 - 2013-08-15 08:08 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\uTorrent
2014-09-21 16:06 - 2009-07-14 07:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-21 16:06 - 2009-07-14 07:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 16:04 - 2013-08-14 22:26 - 01216349 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 15:59 - 2014-09-21 15:59 - 00000000 ___RD () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-21 15:58 - 2014-09-21 15:45 - 00012618 _____ () C:\Windows\PFRO.log
2014-09-21 15:58 - 2014-09-21 13:20 - 00000672 _____ () C:\Windows\setupact.log
2014-09-21 15:58 - 2013-08-15 00:16 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-21 15:58 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 15:57 - 2013-08-15 10:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-21 15:57 - 2013-08-15 00:16 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-21 15:56 - 2013-08-15 10:18 - 00000039 _____ () C:\Windows\vbaddin.ini
2014-09-21 15:55 - 2009-07-14 05:34 - 00000580 _____ () C:\Windows\win.ini
2014-09-21 15:52 - 2014-09-21 15:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-09-21 15:52 - 2014-09-21 15:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-09-21 15:45 - 2013-08-15 00:15 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-21 14:46 - 2014-09-21 14:46 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-21 14:46 - 2014-09-21 14:46 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-21 14:46 - 2014-09-21 14:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-21 14:46 - 2014-09-21 14:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-21 14:45 - 2014-09-21 14:45 - 14087848 _____ (Microsoft Corporation) C:\Users\Asus\Downloads\mseinstall.exe
2014-09-21 14:19 - 2014-09-21 14:19 - 00287496 _____ () C:\Windows\Minidump\092114-19047-01.dmp
2014-09-21 14:19 - 2014-08-13 16:58 - 00000000 ____D () C:\Windows\Minidump
2014-09-21 13:44 - 2013-08-15 14:22 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-21 13:20 - 2014-09-21 13:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-21 01:47 - 2013-12-28 19:24 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-21 01:47 - 2013-08-16 01:35 - 00000000 ____D () C:\Users\Asus\AppData\Local\CrashDumps
2014-09-20 21:14 - 2014-09-20 21:14 - 00001329 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2014-09-20 21:14 - 2014-09-20 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-09-20 21:14 - 2014-05-03 17:56 - 00000000 __SHD () C:\AI_RecycleBin
2014-09-20 21:13 - 2014-09-20 21:13 - 30993712 _____ (Riot Games) C:\Users\Asus\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe
2014-09-20 21:09 - 2013-08-15 14:23 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-20 19:46 - 2014-09-19 19:10 - 00000000 ____D () C:\AdwCleaner
2014-09-20 19:14 - 2014-09-20 19:14 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-09-20 19:14 - 2014-09-20 19:14 - 00000000 ____D () C:\Windows\system32\NV
2014-09-20 19:14 - 2014-09-20 19:14 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-20 19:14 - 2013-08-14 23:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-19 19:37 - 2013-08-17 10:15 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\PhotoScape
2014-09-19 19:16 - 2013-08-15 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-19 19:16 - 2013-08-14 22:31 - 00000969 _____ () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-19 19:13 - 2014-09-19 19:13 - 00000000 ____D () C:\Users\Asus\Downloads\geek
2014-09-19 19:09 - 2014-09-19 19:09 - 01373475 _____ () C:\Users\Asus\Desktop\AdwCleaner.exe
2014-09-19 13:38 - 2013-08-14 23:31 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Atheros
2014-09-18 21:50 - 2013-08-14 23:31 - 00000000 ____D () C:\Users\Asus\Documents\Bluetooth Folder
2014-09-18 18:35 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache
2014-09-17 14:22 - 2014-09-17 14:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-17 14:22 - 2014-09-17 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-17 14:22 - 2014-02-27 15:31 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-17 14:22 - 2013-08-15 07:51 - 00000000 ____D () C:\ProgramData\Skype
2014-09-17 01:37 - 2014-08-17 11:37 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-15 19:22 - 2014-08-17 11:37 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-15 18:26 - 2013-08-15 07:54 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2014-09-14 02:48 - 2014-09-20 19:11 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-14 02:48 - 2014-09-20 19:11 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-09-14 02:48 - 2014-09-20 19:11 - 00032576 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-09-14 02:48 - 2014-08-07 00:08 - 16875856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-09-14 02:48 - 2014-08-07 00:08 - 03223120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-09-14 02:48 - 2014-08-07 00:08 - 02838424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-09-14 02:48 - 2014-08-07 00:08 - 00984424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-09-14 02:48 - 2014-08-07 00:08 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-09-14 02:48 - 2014-08-07 00:08 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-09-14 02:48 - 2014-08-07 00:08 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-09-14 02:48 - 2013-08-14 23:04 - 00026956 _____ () C:\Windows\system32\nvinfo.pb
2014-09-14 00:53 - 2013-08-14 23:08 - 06890696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-09-14 00:53 - 2013-08-14 23:08 - 03529872 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-09-14 00:53 - 2013-08-14 23:08 - 02557640 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-09-14 00:53 - 2013-08-14 23:08 - 01087688 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-09-14 00:53 - 2013-08-14 23:08 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-09-14 00:53 - 2013-08-14 23:08 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-09-14 00:53 - 2013-08-14 23:08 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-09-14 00:53 - 2013-08-14 23:08 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-09-12 19:34 - 2014-08-31 16:43 - 00000000 ____D () C:\Users\Asus\Desktop\subs season 4 TW
2014-09-11 18:37 - 2013-08-14 23:08 - 03961833 _____ () C:\Windows\system32\nvcoproc.bin
2014-09-11 05:50 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2014-09-11 05:50 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-09-11 03:12 - 2013-08-14 23:07 - 00774914 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 03:12 - 2009-07-14 08:13 - 00774914 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 03:11 - 2013-08-15 01:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:01 - 2013-08-15 01:25 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 03:00 - 2014-05-07 01:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 15:39 - 2009-07-14 08:08 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-08 22:47 - 2014-09-08 22:47 - 03082897 _____ () C:\Users\Asus\Downloads\LFS-Tweak.com_0.6E_Pro_Tweaker.rar
2014-09-07 18:42 - 2014-09-03 22:34 - 00001131 _____ () C:\Users\Asus\Desktop\Учебници 10 клас.txt
2014-09-06 06:00 - 2013-08-15 00:16 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-05 05:10 - 2014-09-10 23:28 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 05:05 - 2014-09-10 23:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 17:09 - 2014-05-02 23:23 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Spotify
2014-09-04 16:43 - 2014-05-02 23:23 - 00000000 ____D () C:\Users\Asus\AppData\Local\Spotify
2014-09-02 15:24 - 2014-05-26 15:36 - 00000000 ____D () C:\ProgramData\b940fdcd55b32e4
2014-09-02 15:22 - 2014-07-08 12:48 - 00000426 __RSH () C:\ProgramData\ntuser.pol
2014-09-02 01:47 - 2009-07-14 08:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-02 01:46 - 2014-01-03 13:27 - 00000000 ____D () C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-01 17:29 - 2014-03-30 22:21 - 00000000 ____D () C:\Users\Asus\Documents\My Games
2014-08-29 03:36 - 2009-07-14 07:45 - 00409552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 05:07 - 2014-08-28 15:20 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 04:45 - 2014-08-28 15:20 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 03:59 - 2014-08-28 15:20 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-23 00:10 - 2014-08-10 11:40 - 00000004 _____ () C:\Users\Asus\AppData\Roaming\appdataFr2.bin
 
Some content of TEMP:
====================
C:\Users\Asus\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-18 17:27
 
==================== End Of Log ============================

Addition.txt

Линк към коментара
Сподели в други сайтове

Изчакайте намеса на колегите от HJT Team, кейлогър не виждам,  но има какво да се чисти.

Линк към коментара
Сподели в други сайтове

Изчакайте намеса на колегите от HJT Team, кейлогър не виждам,  но има какво да се чисти.

 

Всъщност има. :)

Изтеглете edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

 

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

Линк към коментара
Сподели в други сайтове

Всъщност има. :)

CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://istart.webssearches.com/?type=hp&ts=1409660573&from=wpc&uid=HGSTXHTS541075A9E680_J81100A9G1DVKHG1DVKHX", "hxxp://search.gboxapp.com/"

 

 

Това и буустера на Пандо, ми направиха основно впечатление. Би ли ни показал, кое е кейлогера, ако не е от тези двете :)


Линк към коментара
Сподели в други сайтове

 

 

Това и буустера на Пандо, ми направиха основно впечатление. Би ли ни показал, кое е кейлогера, ако не е от тези двете :)

 

 

Разбира се, че не е от тези двете... Pando е легитимен, а реда в Chrome са просто стартиращи страници добавени от adware, които съм включил за почистване.

 

Keylogger-a е този:

 

HKU\S-1-5-21-2583472303-2120457411-2282673170-1000\...\Run: [MicroUpdate] => C:\Windows\system32\MSDCSC\msdcsc.exe
Линк към коментара
Сподели в други сайтове

Разбира се, че не е от тези двете... Pando е легитимен, а реда в Chrome са просто стартиращи страници добавени от adware, които съм включил за почистване.

 

Keylogger-a е този:

Значи все пак има keylogger? или ?

Линк към коментара
Сподели в други сайтове

Ами на такъв прилича...по-горе съм казал как да се премахне...

 

Описание на гадината:

 

или е Keylogger:

 

http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Keylog-PU/detailed-analysis.aspx

 

или троянска разновидност:

 

http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~VB-HBW/detailed-analysis.aspx

 

Все тая...не е легитимно при всички положения. :)

Линк към коментара
Сподели в други сайтове

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014 01
Ran by Asus at 2014-09-21 17:38:59 Run:1
Running from C:\Users\Asus\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
closeprocesses:
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe
HKU\S-1-5-21-2583472303-2120457411-2282673170-1000\...\Run: [MicroUpdate] => C:\Windows\system32\MSDCSC\msdcsc.exe
C:\Windows\system32\MSDCSC
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.as...q={searchTerms}
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://istart.webssearches.com/?type=hp&ts=1409660573&from=wpc&uid=HGSTXHTS541075A9E680_J81100A9G1DVKHG1DVKHX", "hxxp://search.gboxapp.com/"
CHR HKCU\...\Chrome\Extension: [fibbpolejomdcpiahkgcmdmaliooeien] - C:\Users\Asus\AppData\Local\CRE\fibbpolejomdcpiahkgcmdmaliooeien.crx [2014-08-03]
CHR HKLM-x32\...\Chrome\Extension: [fibbpolejomdcpiahkgcmdmaliooeien] - C:\Users\Asus\AppData\Local\CRE\fibbpolejomdcpiahkgcmdmaliooeien.crx [2014-08-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-09-02 15:24 - 2014-05-26 15:36 - 00000000 ____D () C:\ProgramData\b940fdcd55b32e4
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\Users\Asus\AppData\Roaming:NT
emptytemp:
end
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKU\S-1-5-21-2583472303-2120457411-2282673170-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => value deleted successfully.
"C:\Windows\system32\MSDCSC" => File/Directory not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}" => Key not found.
Chrome StartupUrls deleted successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\fibbpolejomdcpiahkgcmdmaliooeien" => Key deleted successfully.
C:\Users\Asus\AppData\Local\CRE\fibbpolejomdcpiahkgcmdmaliooeien.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fibbpolejomdcpiahkgcmdmaliooeien" => Key deleted successfully.
"C:\Users\Asus\AppData\Local\CRE\fibbpolejomdcpiahkgcmdmaliooeien.crx" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\ProgramData\b940fdcd55b32e4 => Moved successfully.
C:\ProgramData => ":NT" ADS removed successfully.
"C:\Users\All Users" => ":NT" ADS not found.
"C:\ProgramData\Application Data" => ":NT" ADS not found.
C:\ProgramData\MTA San Andreas All => ":NT" ADS removed successfully.
C:\Users\Asus\AppData\Roaming => ":NT" ADS removed successfully.
EmptyTemp: => Removed 402.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
Линк към коментара
Сподели в други сайтове

От лога се вижда, че явно е остатък в регистрите, защото файла лиспва (по-вероятно е да е бил вече изтрит от антивирусната ви програма), но записа в регистрите бе останал (и вече и него го няма).

 

Да проверим за остатъци:

 

 

 

СТЪПКА 1

 
Моля изтеглете Malwarebytes Anti-Malware 2.0.2.1012 Final и я запазете на вашия десктоп.

  • Стартирайте файла mbam-setup-2.0.2.1012.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката.
  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.
  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"

Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.


СТЪПКА 2
 
 
1.Изтеглете Hitman Pro.
За 32-битова система - dEMD6.gif.
За 64-битова система - Download-button3.gif


2.Стартирайте програмата.

3.След като сте стартирали програмата като кликнете върху иконата 5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).

4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.
 
Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:
 
6-scanfin-choose.jpg
 
Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:ProgramdataHitmanProLogs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

Линк към коментара
Сподели в други сайтове

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 21.9.2014 г. 18:11:47 ч., SYSTEM, ASUS-PC, Protection, Malware Protection, Starting, 
Protection, 21.9.2014 г. 18:11:47 ч., SYSTEM, ASUS-PC, Protection, Malware Protection, Started, 
Protection, 21.9.2014 г. 18:11:47 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, Starting, 
Update, 21.9.2014 г. 18:11:56 ч., SYSTEM, ASUS-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.9.19.1, 
Update, 21.9.2014 г. 18:12:04 ч., SYSTEM, ASUS-PC, Manual, Malware Database, 2014.3.4.9, 2014.9.21.5, 
Protection, 21.9.2014 г. 18:12:06 ч., SYSTEM, ASUS-PC, Protection, Refresh, Starting, 
Protection, 21.9.2014 г. 18:12:44 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, Started, 
Protection, 21.9.2014 г. 18:12:44 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 21.9.2014 г. 18:12:44 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 21.9.2014 г. 18:12:48 ч., SYSTEM, ASUS-PC, Protection, Refresh, Success, 
Protection, 21.9.2014 г. 18:12:48 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, Starting, 
Protection, 21.9.2014 г. 18:12:48 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, Started, 
Detection, 21.9.2014 г. 18:16:59 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, IP, 79.142.73.208, 36036, Outbound, C:\Users\Asus\AppData\Roaming\uTorrent\uTorrent.exe, 
Detection, 21.9.2014 г. 18:16:59 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, IP, 79.142.73.208, 36036, Outbound, C:\Users\Asus\AppData\Roaming\uTorrent\uTorrent.exe, 
Detection, 21.9.2014 г. 18:30:15 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, IP, 188.64.170.222, 36036, Outbound, C:\Users\Asus\AppData\Roaming\uTorrent\uTorrent.exe, 
Detection, 21.9.2014 г. 18:30:15 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, IP, 188.64.170.222, 36036, Outbound, C:\Users\Asus\AppData\Roaming\uTorrent\uTorrent.exe, 
Detection, 21.9.2014 г. 18:30:15 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, IP, 188.64.170.222, 36036, Outbound, C:\Users\Asus\AppData\Roaming\uTorrent\uTorrent.exe, 
Detection, 21.9.2014 г. 18:30:16 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, IP, 188.64.170.222, 36036, Outbound, C:\Users\Asus\AppData\Roaming\uTorrent\uTorrent.exe, 
Detection, 21.9.2014 г. 18:30:17 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, IP, 188.64.170.222, 36036, Outbound, C:\Users\Asus\AppData\Roaming\uTorrent\uTorrent.exe, 
Protection, 21.9.2014 г. 18:35:53 ч., SYSTEM, ASUS-PC, Protection, Malware Protection, Starting, 
Protection, 21.9.2014 г. 18:35:53 ч., SYSTEM, ASUS-PC, Protection, Malware Protection, Started, 
Protection, 21.9.2014 г. 18:35:53 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, Starting, 
Protection, 21.9.2014 г. 18:36:52 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, Started, 
Detection, 21.9.2014 г. 18:38:00 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, IP, 178.90.91.192, 36036, Outbound, C:\Users\Asus\AppData\Roaming\uTorrent\uTorrent.exe, 
Detection, 21.9.2014 г. 18:38:00 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, IP, 178.90.91.192, 36036, Outbound, C:\Users\Asus\AppData\Roaming\uTorrent\uTorrent.exe, 
Detection, 21.9.2014 г. 18:38:35 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, IP, 188.65.50.47, 36036, Outbound, C:\Users\Asus\AppData\Roaming\uTorrent\uTorrent.exe, 
Detection, 21.9.2014 г. 18:38:35 ч., SYSTEM, ASUS-PC, Protection, Malicious Website Protection, IP, 188.65.50.47, 36036, Outbound, C:\Users\Asus\AppData\Roaming\uTorrent\uTorrent.exe, 
 
(end) Това е резултатът от първата стъпка.

HitmanPro 3.7.9.225
www.hitmanpro.com
 
   Computer name . . . . : ASUS-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Asus-PC\Asus
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-09-21 18:44:48
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 48s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 3
   Traces  . . . . . . . : 71
 
   Objects scanned . . . : 1 591 204
   Files scanned . . . . : 24 286
   Remnants scanned  . . : 482 784 files / 1 084 134 keys
 
Miniport ____________________________________________________________________
 
   Primary
      DriverObject . . . : FFFFFA80060201E0
      DriverName . . . . : \Driver\iaStorA
      DriverPath . . . . : \SystemRoot\system32\DRIVERS\iaStorA.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA8005AFA2C0 +0
   Solution
      DriverObject . . . : FFFFFA80060201E0
      DriverName . . . . : \Driver\iaStorA
      DriverPath . . . . : \SystemRoot\system32\DRIVERS\iaStorA.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF880017956C0 \SystemRoot\system32\DRIVERS\storport.sys+5824
 
Malware _____________________________________________________________________
 
   C:\ProgramData\InstallMate\{373F83F8-7158-4199-A372-397AECDCA10E}\Custom.dll
      Size . . . . . . . : 93 696 bytes
      Age  . . . . . . . : 118.1 days (2014-05-26 15:37:14)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : EC9146DFB838AD477BDF3CBDE578BAF014C8151D741559568DCB3803D6C9A0EB
      Product  . . . . . : TopApp software
      Publisher  . . . . : TopApp software
      Description  . . . : Custom DLL for TopApp so
      Version  . . . . . : 2014.5.
      LanguageID . . . . : 1037
    > Bitdefender  . . . : Gen:Variant.Application.Kazy.365295
    > Kaspersky  . . . . : Trojan.Win32.AntiFW.b
      Fuzzy  . . . . . . : 100.0
 
   C:\ProgramData\InstallMate\{99E7D37A-D36D-4D90-AF7B-9B4F4204F18C}\Custom.dll
      Size . . . . . . . : 93 696 bytes
      Age  . . . . . . . : 75.2 days (2014-07-08 12:49:20)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : EC9146DFB838AD477BDF3CBDE578BAF014C8151D741559568DCB3803D6C9A0EB
      Product  . . . . . : TopApp software
      Publisher  . . . . : TopApp software
      Description  . . . : Custom DLL for TopApp so
      Version  . . . . . : 2014.5.
      LanguageID . . . . : 1037
    > Bitdefender  . . . : Gen:Variant.Application.Kazy.365295
    > Kaspersky  . . . . : Trojan.Win32.AntiFW.b
      Fuzzy  . . . . . . : 100.0
 
 
Suspicious files ____________________________________________________________
 
   C:\Users\Asus\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll
      Size . . . . . . . : 963 480 bytes
      Age  . . . . . . . : 126.1 days (2014-05-18 15:18:42)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
 
   C:\Users\Asus\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 963 480 bytes
      Age  . . . . . . . : 119.7 days (2014-05-25 01:11:25)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
 
   C:\Users\Asus\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 963 480 bytes
      Age  . . . . . . . : 126.2 days (2014-05-18 14:46:17)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
 
   C:\Users\Asus\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 139 032 bytes
      Age  . . . . . . . : 126.2 days (2014-05-18 14:47:50)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 0CA9D48C9E3D938121A73EBE6EA3FBE19A9AE017EEDA066A22CF254A688A98C2
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
 
   C:\Users\Asus\Downloads\FRST64.exe
      Size . . . . . . . : 2 105 856 bytes
      Age  . . . . . . . : 0.1 days (2014-09-21 16:16:00)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : B36B465C69EE92024F9E2935C5CFBAE2683E2028A2FD0A8034A4187C4A7E36E7
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Asus\Downloads\FRST64.exe
          0.0s C:\Users\Asus\Downloads\FRST64.exe
          0.0s C:\Users\Asus\Downloads\FRST64.exe
          0.0s C:\Users\Asus\Downloads\FRST64.exe
          0.0s C:\Users\Asus\Downloads\FRST64.exe
          0.0s C:\Users\Asus\Downloads\FRST64.exe
          0.0s C:\Users\Asus\Downloads\FRST64.exe
         11.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\80\
         11.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\80\
         11.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\80\
         11.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\80\62008E6A6BA3CB88.dat
         11.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{404C9CDA-01AA-461B-BFCA-372A57463D50}
         14.4s C:\FRST\Logs\
         14.4s C:\FRST\
         14.4s C:\FRST\Quarantine\
         14.4s C:\FRST\Hives\
         15.9s C:\FRST\Hives\ERDNT.INF
         15.9s C:\FRST\Hives\ERDNT.CON
         15.9s C:\FRST\Hives\ERDNT.CON
         15.9s C:\FRST\Hives\BCD
         15.9s C:\FRST\Hives\SYSTEM
         16.3s C:\FRST\Hives\SOFTWARE
         16.3s C:\FRST\Hives\SOFTWARE
         17.5s C:\FRST\Hives\DEFAULT
         17.6s C:\FRST\Hives\SECURITY
         17.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{4D74C72B-9FE2-43F9-8822-02BD9B9FDC7C}
         17.7s C:\FRST\Hives\SAM
         17.7s C:\FRST\Hives\Users\
         17.7s C:\FRST\Hives\Users\00000001\
         17.7s C:\FRST\Hives\Users\00000001\NTUSER.DAT
         18.2s C:\FRST\Hives\Users\00000002\
         18.2s C:\FRST\Hives\Users\00000002\UsrClass.dat
         18.6s C:\FRST\Hives\ERDNT.EXE
         18.6s C:\FRST\Hives\ERDNTWIN.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         18.6s C:\FRST\Hives\ERDNTDOS.LOC
         21.6s C:\Users\Asus\Downloads\FRST.txt
         21.6s C:\Users\Asus\Downloads\FRST.txt
         21.6s C:\Users\Asus\Downloads\FRST.txt
 
 
Malware remnants ____________________________________________________________
 
   HKLM\SOFTWARE\Classes\Interface\{EFC32678-546B-4367-8B25-B40BF45CC1A3}\ (BuenoSearch)
 
Potential Unwanted Programs _________________________________________________
 
   session/startup_urls[1]
   C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
   C:\Users\Asus\AppData\Local\TB\ (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\ (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015.129336860020050107.search.selectedEngineId.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015.129336860020050107.search.settings.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015.downloadRefCookieData.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015.dum.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015.installUsage.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015.installUsageEarly.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015.NOTIFICATION_ID.notifications-repository.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015.NOTIFICATION_ID.notifications-service_1228076.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015.NOTIFICATION_ID.notifications-servicemap.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015.NotificationSettings.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015.searchProtectorData.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015.searchUserMode.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_10.33.0.5.serviceLayer_services_appsMetadata.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_10.33.0.5.serviceLayer_services_appTrackingFirstTime.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_10.33.0.5.serviceLayer_services_Configuration.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_10.33.0.5.serviceLayer_services_gottenAppsContextMenu.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_10.33.0.5.serviceLayer_services_installUsage_ToolbarInstall.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_10.33.0.5.serviceLayer_services_installUsage_ToolbarInstallEarly.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_10.33.0.5.serviceLayer_services_login.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_10.33.0.5.serviceLayer_services_otherAppsContextMenu.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_10.33.0.5.serviceLayer_services_searchAPI.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_10.33.0.5.serviceLayer_services_serviceMap.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_10.33.0.5.serviceLayer_services_toolbarContextMenu.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_10.33.0.5.serviceLayer_services_toolbarSettings.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_10.33.0.5.serviceLayer_services_translation.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_RAW.serviceLayer_services_appsMetadata.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_RAW.serviceLayer_services_appTrackingFirstTime.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_RAW.serviceLayer_services_Configuration.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_RAW.serviceLayer_services_gottenAppsContextMenu.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_RAW.serviceLayer_services_installUsage_ToolbarInstall.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_RAW.serviceLayer_services_installUsage_ToolbarInstallEarly.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_RAW.serviceLayer_services_login.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_RAW.serviceLayer_services_otherAppsContextMenu.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_RAW.serviceLayer_services_searchAPI.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_RAW.serviceLayer_services_serviceMap.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_RAW.serviceLayer_services_toolbarContextMenu.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_RAW.serviceLayer_services_toolbarSettings.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\CT2836015_RAW.serviceLayer_services_translation.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\localStorageBackup.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\toolbar_initializing_logger.txt.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\ToolbarFullUserID.txt (Conduit)
   C:\Users\Asus\AppData\LocalLow\TB\ChromeExtData\fibbpolejomdcpiahkgcmdmaliooeien\Repository\ToolbarUserId.txt (Conduit)
   HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey)
   HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey)
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey)
   HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
 
Cookies _____________________________________________________________________
 
   C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.kaldata.com
   C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
 
 
Eто.
 
Линк към коментара
Сподели в други сайтове

Публикували сте грешния лог от Malwarebytes. Отворете отново програмата

  • Отидете то табът History > Application Logs.
  • Отворете рапорта с името Scan Log (не Protection Log) и го публикувайте.

 

Поздрави! :)

Линк към коментара
Сподели в други сайтове

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 21.9.2014 г.
Scan Time: 21:51:51 ч.
Logfile: sdsfgghj.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.21.07
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Asus
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335977
Time Elapsed: 12 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.GboxApp.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ ""http://istart.webssearches.com/?type=hp&ts=1409660573&from=wpc&uid=HGSTXHTS541075A9E680_J81100A9G1DVKHG1DVKHX", "http://search.gboxapp.com/" ],), Replaced,[420930c079022313fd39a49536cf40c0]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 21.9.2014 г.
Scan Time: 21:51:51 ч.
Logfile: sdsfgghj.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.21.07
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Asus
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335977
Time Elapsed: 12 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.GboxApp.A, C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ ""http://istart.webssearches.com/?type=hp&ts=1409660573&from=wpc&uid=HGSTXHTS541075A9E680_J81100A9G1DVKHG1DVKHX", "http://search.gboxapp.com/" ],), Replaced,[420930c079022313fd39a49536cf40c0]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 Бях изтрила програмата,изтеглих я и сега сканирах наново..надявам се да няма променя :/

Линк към коментара
Сподели в други сайтове

Ами за съжаление така ще се види само резултата от последната ви проверка (без предишната ако е намерила нещо)...Нищо..здраве да е.

 

Това мисля, че ще е последния скрипт...безобидни остатъци в регистрите от потенциално нежелани приложения:

 

Изтеглете edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

Линк към коментара
Сподели в други сайтове

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014 01
Ran by Asus at 2014-09-21 22:30:00 Run:2
Running from C:\Users\Asus\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
C:\ProgramData\InstallMate
C:\Users\Asus\AppData\Local\TB
C:\Users\Asus\AppData\LocalLow\TB
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{EFC32678-546B-4367-8B25-B40BF45CC1A3}
DeleteKey: HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622
DeleteKey: HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622
DeleteKey: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Deletekey: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
DeleteKey: HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
DeleteKey: HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
end
*****************
 
C:\ProgramData\InstallMate => Moved successfully.
C:\Users\Asus\AppData\Local\TB => Moved successfully.
C:\Users\Asus\AppData\LocalLow\TB => Moved successfully.
HKLM\SOFTWARE\Classes\Interface\{EFC32678-546B-4367-8B25-B40BF45CC1A3} => Key Deleted successfully.
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622 => Failed to delete key at first attempt (Error: C0000121), see next line.
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622 => Key Deleted Successfully.
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622 => Failed to delete key at first attempt (Error: C0000121), see next line.
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622 => Key Deleted Successfully.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622 => Key not found.
HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} => Key Deleted Successfully.
HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} => Key not found.
HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} => Key Deleted Successfully.
HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} => Key Deleted Successfully.
 
==== End of Fixlog ====
Линк към коментара
Сподели в други сайтове

Супер...за финал да проверим все пак и с нормална антивирусна програма:

 

  • 1) Изтеглете: ESET Online Scanner
  • 2) Стартирайте esetsmartinstaller_enu.exe
  • 3) Сложете отметка на YES, I accept the Terms of Use и изберете Start
  • 4) Скенерът ще започне да изтегля компонентите, които са му необходими.
  • 5) Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:
  • Scan archives
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology и премахнете отметката пред Remove found threats и накрая изберете Start
  • 6) Скенерът ще започне да изтегля последните дефиниции.
  • 7) След, като сканирането завърши изберете Finish.
  • 8) Отидете в:C:Program FilesESETESET Online Scanner.
  • 9) Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си пост.

 

Както и да видим за стар и уязвим софтуер:

 

 

Изтеглете Security Check от screen317 от този линк или и го запаметете на вашия десктоп.
Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
Накрая, автоматично ще се отвори текстов документ, наречен checkup.txt, моля прикачете го в следващия ви коментар в тази тема.
 

 

Поздрави! :)

Линк към коментара
Сподели в други сайтове

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3bb3e849bb2f6842b1809b4d9eb5c5ef
# engine=20241
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-21 10:11:49
# local_time=2014-09-22 01:11:49 )
# country="Bulgaria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 37499 34325103 0 0
# scanned=193389
# found=20
# cleaned=20
# scan_time=7981
sh=4D2782E2FC86F82026A27FA38F52CABB363F613F ft=1 fh=c71c001176b83fc8 vn="a variant of Win32/AdWare.MultiPlug.BN application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ppriiCechop\dQ1iqnb2ai0zKR.dll.vir"
sh=364EA07869F1432F6F84C73734FE9372D33D7083 ft=1 fh=83d9a98ce0fe49c5 vn="a variant of Win64/Adware.MultiPlug.E application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ppriiCechop\dQ1iqnb2ai0zKR.x64.dll.vir"
sh=32F99788C6D45851A067C84FFFA1116E54CA3EF3 ft=1 fh=c71c00116263307f vn="a variant of Win32/SProtector.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sw-booster\Assistant.dll.vir"
sh=1B26B0B47757F786A8FEE44847BDBB959DD19A58 ft=1 fh=e26ac01139d0474f vn="a variant of Win32/SProtector.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sw-booster\AssistantSvc.dll.vir"
sh=AE4B3ECB491AEF6D1594361E820A6FCC8EF44E3E ft=1 fh=c71c0011d35ff60a vn="a variant of Win64/SProtector.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sw-booster\Assistant_x64.dll.vir"
sh=6148DAB05D76E4FCEF4B394B0F60D9ADB2E2AB1E ft=1 fh=c71c0011346812ac vn="Win32/ELEX.AV potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=9F8F3D0524F13866F44FC1465DEC2D6B05C8EED3 ft=1 fh=9738eed2ec93df6c vn="a variant of Win32/AdWare.MultiPlug.CF application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\ppriiCechop\uQx7aIkyOv1YQaN.exe.vir"
sh=77918B0878255FC1383E41084977C8CF7CD463D9 ft=1 fh=c71c00119ea191b0 vn="a variant of Win32/ELEX.AM potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=58CAC1ADC63835D6D035BEAA49C7BA957C9A7F9E ft=1 fh=f76b63c0c0358233 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Asus\AppData\Local\NativeMessaging\CT2836015\1_0_2_0\TBMessagingHost.exe.vir"
sh=4515533AF4E133845BBFE2573FE2CB1982D34D0D ft=1 fh=39f3190ccaaabb88 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Asus\AppData\Local\Tbccint\Chrome\CT2836015\CHUninstaller.exe.vir"
sh=19F0E6DE388FBA7AA857509537403CEBD5E8F09E ft=1 fh=281eb2f4bfcca60e vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Asus\AppData\Local\Tbccint\Chrome\CT2836015\UninstallerUI.exe.vir"
sh=EE8D2F68EFDF7C0B779D9D44BB7FFB2A42785035 ft=1 fh=40dd8444eed4c60f vn="a variant of Win64/Riskware.NetFilter.F application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys.vir"
sh=360313131E7AE57002C2403DFC48BC20718D2CB0 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\ProgramData\InstallMate\{373F83F8-7158-4199-A372-397AECDCA10E}\Custom.dll"
sh=360313131E7AE57002C2403DFC48BC20718D2CB0 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\ProgramData\InstallMate\{99E7D37A-D36D-4D90-AF7B-9B4F4204F18C}\Custom.dll"
sh=938107A0D664DB623D73D574ADB71B0D9FCC3520 ft=1 fh=8c69682630555fba vn="Win32/AdWare.1ClickDownload.AT application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000"
sh=C94F3861C34FDE5EB211112199B2886D451ECEAE ft=1 fh=3c93efe5b57a9874 vn="Win32/InstalleRex.M potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000"
sh=E518A9052B872683A514D5A560AE16586A2F20A5 ft=1 fh=e63e03d4bde9fb73 vn="Win32/AdWare.1ClickDownload.AT application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000"
sh=9CBA4E301A66AD26694F487E183DE624F9865147 ft=1 fh=d1384180f0c4a34d vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="D:\adfghjk\YTDSetup.exe"
sh=0C914EC1109757234758EEAFEAC0E29BC1CC3AF3 ft=1 fh=b5f6dd2dfab95d53 vn="Win32/DownWare.L potentially unwanted application (deleted - quarantined)" ac=C fn="D:\Software\DTLite4471-0337.exe"
sh=5815114D16E9C0DBB6C4544511785868748B9F08 ft=1 fh=2e504d44e6133f87 vn="Win32/SoftonicDownloader.E potentially unwanted application (deleted - quarantined)" ac=C fn="D:\Software\SoftonicDownloader_for_kmplayer.exe"

Ето втората част.

checkup.txt

Линк към коментара
Сподели в други сайтове

Лога от Eset е чист...намерените неща от него (без 3 рекламни файлчета) вече са били изтрити от adwcleaner и се намират в карантинната му папка.

 

Обновете следните програми (свалете програмите отдолу и ги запазете на десктопа. Преди да ги инсталирате обаче затворете всички браузъри):

 

software.gif Изтегли: Adobe Flash Player 15.0.0.152 Final за (Internet Explorer)

software.gif Изтегли: Adobe Flash Player 15.0.0.152 Final за (Firefox, Safari, Opera)

 

software.gif Изтегли: Java 7 Update 67

 

За финал не забравяйте да смените ВСИЧКИТЕ си пароли (електронна поща, фейсбук, скайп) и т.н.

 

 

Поздрави! :)


 
Линк към коментара
Сподели в други сайтове

 

Лога от Eset е чист...намерените неща от него (без 3 рекламни файлчета) вече са били изтрити от adwcleaner и се намират в карантинната му папка.

 

Обновете следните програми (свалете програмите отдолу и ги запазете на десктопа. Преди да ги инсталирате обаче затворете всички браузъри):

 

software.gif Изтегли: Adobe Flash Player 15.0.0.152 Final за (Internet Explorer)

software.gif Изтегли: Adobe Flash Player 15.0.0.152 Final за (Firefox, Safari, Opera)

 

software.gif Изтегли: Java 7 Update 67

 

За финал не забравяйте да смените ВСИЧКИТЕ си пароли (електронна поща, фейсбук, скайп) и т.н.

 

 

Поздрави! :)

 

 

Благодаря Ви много за помощта! :):):)

А може ли да изтрия програми които ми казахте да изтегля? Malware,Hitman и т.н?

Линк към коментара
Сподели в други сайтове

Здравейте,

 

Няколко финални препоръки:

 

1. Проверете и за други стари приложения с помощта на PatchMyPC.

 

2. Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools (трябва да има такава по-подразбиране, но все пак да си кажа) => натиснете бутона Run

Инструмента ще се самоизтрие след като приключи своята задача!

 

3. За подобряване на производителността вижте следните няколко теми:

 

Оптимизиране на Windows с цел по-добра производителност

Ръководство за поддръжка на Windows (XP, Vista и 7) [Revision 2.0]

Какво да направя, ако компютърът ми работи бавно

Профилактика на компютъра,как?

 

Направете и една дефрагментация с MyDefrag за повишаване на производителноста при дисковите операции: (ще се отрази благоприятно и при игрите):

 

Изтеглете MyDefrag и я инсталирайте.

 

Изтеглете следния архив http://file.bg/f301630iWurH и го разархивирайте в C:Program FilesMyDefrag v4.3.1Scripts

 

Стартирайте MyDefrag.exe и изберете System Disk Level V и посочете системния дял C: и натиснете Run

 

KcdlAEi.jpg

 

Може да отнеме доста време, защото за основа на скрипта са използвани скриптовете на Jaspion и на някои други потребители + мои лични настройки и модификации.

Скрипта ще направи приоритизация на често използваните програми и файлове.

След като приключи ще изпише Finished и можете да затворите програмата от X-са.

 

Рестартирайте системата.

 

Проверете системата си актуални драйвери от сайтовете на производителите на компонентите ако ви се занимава.

 

4. Използвайте генератори на сложни пароли като Norton Password Generator и след това ако ще ги запазвате в браузъра си за по-лесно логване (за Mozilla Firefox винаги използвайте опцията за Master Password - гледайте да не я забравите, защото така няма да имате достъп до нито една парола)

 

UhAnt2y.jpg

 

Ако ще използвате тази стратегия добра добавка в случая е Secure Login (която предпазва от java и други exploits и начини за открадване на паролата)... Използва се много лесно...просто се натиска иконата преди момента на логване и тя върши цялата работа автоматично.

 

Тъй като другите браузъри нямат Master Password, ако решите да използвате Google Chrome например (нещо, което не е фатално ако все пак системата се ползва физически само от вас), но все пак не е приятно паролите да се съхраняват в чист текстов вид...за целта може да използвате програмата KeePass или услугата LastPass които криптират паролите и ги правят по-трудни за открадване от зложелатели.

 

За финал е добре да си имате някоя програмка от сорта на Comodo Firewall 5.12, Zemana AntiLogger Free или SpyShelter Personal Free които да следят за подозрителна активност (и кейлогъри). Вярно е, че са подходящи главно са по-напреднали потребители..в ръцете на начинаещите биха били с по-малка ефективност, но ако се научите да боравите с някоя от тях (не инсталирайте никога повече от една програма с подобна функционалност), то те са силно оръжие. И все пак внимавайте къде влизате, каква лична информация споделята и никога не използвайте една и съща парола за всичките си акаунти и избягвайте лесните пароли (1-9, имена на приятели и роднини и т.н.).

 

Поздрави и усмихната седмица! Ще маркирам случая като РЕШЕН. :bye1:

 

Поздрави! :)

Линк към коментара
Сподели в други сайтове

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване