Премини към съдържанието
От 1-ви септември 2021 г., вход във форумите ще е възможен само с имейл адрес вместо потребителско име. Ако не помните имейла с който сте се регистрирали, вижте го в настройките на профила си. ×
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Премахване на нагъл Adware


Препоръчан отговор


От скоро започна да се появава TOBA във всеки един сайт и с всеки браузър, от който го отворя. Разбрах, че е Adware и пробвах с програмата Advanced Windows Care, но безупсех. Има ли отърване от това нещо?

Линк към коментара
Сподели в други сайтове

Лелееее, от кога не бях трил 12 теми....

Мале мале...

Да не се мешам в раздела на колегите, но!!!

Изчетете и изпълнете изисквнията в тази тема: Системата ми е инфектирана - Какво да правя сега?

Линк към коментара
Сподели в други сайтове

Моля, в бъдеще се въздържайте от подобни коментари.

Този, който ви е подразнил също е премахнат, можеше просто с доклад да ни информирате, за да вземем мерки навреме, вместо да иронизираме колегите.

Линк към коментара
Сподели в други сайтове

От скоро започна да се появава TOBA във всеки един сайт и с всеки браузър, от който го отворя. Разбрах, че е Adware и пробвах с програмата Advanced Windows Care, но безупсех. Има ли отърване от това нещо?

 

Здраейте..След като обстановката вече е спокойна, моля следвайте стъпките на темата Системата ми е инфектирана - Какво да правя сега? и публикувайте в следващия си пост дневници с резултатите..! :)

Линк към коментара
Сподели в други сайтове

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by Stanimir (administrator) on STANIMIR-PC on 26-09-2014 22:10:48
Running from C:\Users\Stanimir\Desktop
Loaded Profile: Stanimir (Available profiles: Stanimir)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-15] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [sRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-02-06] (SRS Labs, Inc.)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-450262157-189194946-1214278858-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-450262157-189194946-1214278858-1000\...\MountPoints2: {5bbf2d9b-cb95-11e3-a564-afd7af151643} - G:\setup.exe
HKU\S-1-5-21-450262157-189194946-1214278858-1000\...\MountPoints2: {5e873540-ab88-11e3-9fa2-94f46d306e5f} - F:\autorun.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA74B586E913FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1406983082&from=smt&uid=TOSHIBAXMQ01ABD075_Y2LFC61FTXXY2LFC61FT
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 212.39.90.42 8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://acmilan-bg.com/
CHR StartupUrls: Default -> "hxxp://acmilan-bg.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Диск) - C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-27]
CHR Extension: (NexTTCoup) - C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbanoggchifijainhpkjecdkaijncjo [2014-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-26]
CHR Extension: (GoSavee) - C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhfmlpahcpfneifileigncicplnajpf [2014-09-22]
CHR Extension: (Saving Smart) - C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad [2014-09-22]
CHR Extension: (Отдалечен работен плот на Chrome) - C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-08-26]
CHR Extension: (AdBlock) - C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-22]
CHR Extension: (Google Проверка на пощата) - C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-08-26]
CHR Extension: (Google Wallet) - C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-19]
CHR Extension: (NexTTCoup) - C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbanoggchifijainhpkjecdkaijncjo\1.0 [2014-09-24]
CHR Extension: (GoSavee) - C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhfmlpahcpfneifileigncicplnajpf\2.0 [2014-09-22]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Stanimir\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-07-26]
CHR HKLM-x32\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Users\Stanimir\AppData\Local\Temp\swlfiles\smileyswelovetoolbar.crx [2014-07-26]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe [51016 2014-07-17] (Google Inc.)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-08-02] (Cherished Technololgy LIMITED) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-04-19] ()
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-14] (Disc Soft Ltd)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [47320 2013-07-12] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [2974424 2013-08-07] (Realtek Semiconductor Corporation                           )
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-26 22:10 - 2014-09-26 22:11 - 00013298 _____ () C:\Users\Stanimir\Desktop\FRST.txt
2014-09-26 22:10 - 2014-09-26 22:10 - 02108928 _____ (Farbar) C:\Users\Stanimir\Desktop\FRST64.exe
2014-09-26 22:10 - 2014-09-26 22:10 - 00000000 ____D () C:\FRST
2014-09-24 22:48 - 2014-09-24 22:48 - 00003258 _____ () C:\Windows\System32\Tasks\Trojan Killer
2014-09-24 22:47 - 2014-09-24 22:47 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-09-24 10:25 - 2014-09-24 22:43 - 00000000 ____D () C:\ProgramData\NexTTCoup
2014-09-24 10:25 - 2014-09-24 22:42 - 00000000 ____D () C:\Program Files (x86)\NexTTCoup
2014-09-23 23:28 - 2014-09-23 23:28 - 00000000 ____D () C:\Users\Stanimir\Desktop\I9300XXUGNG3_I9300OXFGNG2_XEH
2014-09-23 10:07 - 2014-09-23 10:07 - 00000000 ____D () C:\Users\Stanimir\Desktop\dox_20140923100055003
2014-09-23 10:00 - 2014-09-23 10:06 - 394954082 _____ () C:\Users\Stanimir\Desktop\dox_20140923100055003.zip
2014-09-23 00:10 - 2014-09-23 00:10 - 00000000 ____D () C:\Users\Stanimir\Desktop\72.metra.2004.xvid.dvdrip(subsunacs.net)
2014-09-22 23:47 - 2014-09-22 23:47 - 00027259 _____ () C:\Users\Stanimir\Desktop\72.metra.2004.xvid.dvdrip(subsunacs.net).rar
2014-09-22 23:47 - 2014-09-22 23:47 - 00010935 _____ () C:\Users\Stanimir\Desktop\72.metra.2004.XviD.DVDRip.avi.torrent
2014-09-22 15:06 - 2014-09-22 15:06 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-09-22 15:05 - 2014-09-24 10:25 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-09-22 15:05 - 2014-09-24 10:25 - 00000000 ____D () C:\ProgramData\GoSavee
2014-09-22 15:05 - 2014-09-24 10:25 - 00000000 ____D () C:\Program Files (x86)\GoSavee
2014-09-22 15:05 - 2014-09-22 15:05 - 00840704 _____ (Resort Or) C:\Users\Stanimir\Desktop\Low Deep T - MegaMix (Mixed DJ Lumosss) 2014.mp3.exe
2014-09-22 15:05 - 2014-09-22 15:05 - 00000000 ____D () C:\Users\Stanimir\AppData\Local\Chromatic Browser
2014-09-22 15:05 - 2014-09-22 15:05 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-09-22 15:05 - 2014-09-22 15:05 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-22 12:15 - 2014-09-22 12:15 - 00013474 _____ () C:\Users\Stanimir\Desktop\Armin Van Buuren - A State of Trance 681.torrent
2014-09-22 12:13 - 2014-09-22 12:13 - 00013073 _____ () C:\Users\Stanimir\Desktop\Tiesto Club Life 390.torrent
2014-09-21 10:16 - 2014-09-21 10:59 - 977829403 _____ () C:\Users\Stanimir\Desktop\I9300XXUGNG3_I9300OXFGNG2_XEH.zip
2014-09-18 21:45 - 2014-09-22 18:20 - 00001601 _____ () C:\Users\Stanimir\Desktop\Cheat Engine - Shortcut.lnk
2014-09-18 14:26 - 2014-09-18 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-09-18 14:26 - 2014-09-18 14:26 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-09-18 14:15 - 2014-09-18 14:15 - 00000000 ____D () C:\Users\Stanimir\AppData\Roaming\Nero
2014-09-18 14:09 - 2014-09-18 14:18 - 00000000 ____D () C:\ProgramData\Nero
2014-09-18 14:08 - 2014-09-18 14:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-18 13:35 - 2014-09-18 13:35 - 00000000 ____D () C:\Users\Stanimir\Documents\My ISO Files
2014-09-18 13:35 - 2014-09-18 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2014-09-18 13:35 - 2014-09-18 13:35 - 00000000 ____D () C:\Program Files (x86)\UltraISO
2014-09-15 09:50 - 2014-09-23 23:25 - 00000000 ____D () C:\Users\Stanimir\Desktop\galaxys3
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-26 22:09 - 2014-03-14 17:08 - 01170583 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 22:06 - 2014-03-19 19:03 - 00000998 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 22:05 - 2014-07-22 16:28 - 00016702 _____ () C:\Windows\setupact.log
2014-09-26 22:05 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 16:54 - 2009-07-14 07:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 16:54 - 2009-07-14 07:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 16:25 - 2014-03-19 19:03 - 00001002 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 19:46 - 2014-07-22 16:28 - 00006102 _____ () C:\Windows\PFRO.log
2014-09-24 23:09 - 2014-07-22 14:33 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-09-24 22:42 - 2014-03-19 14:33 - 00000000 ____D () C:\ProgramData\6a6a2e35ee9453b7
2014-09-23 23:10 - 2009-07-14 08:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 00:11 - 2014-03-14 17:42 - 00000000 ____D () C:\Users\Stanimir\AppData\Roaming\uTorrent
2014-09-22 15:05 - 2014-03-14 17:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-22 15:05 - 2009-07-14 06:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-22 15:05 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-21 18:00 - 2014-03-19 22:02 - 00000000 ___RD () C:\Users\Stanimir\Google Диск
2014-09-21 15:28 - 2014-06-14 13:55 - 00000000 ____D () C:\Users\Stanimir\AppData\Roaming\ViberPC
2014-09-21 15:09 - 2014-08-06 10:24 - 00000000 ____D () C:\Users\Stanimir\AppData\Roaming\TeamViewer
2014-09-21 10:18 - 2014-06-14 13:54 - 00000000 ____D () C:\Users\Stanimir\AppData\Local\Viber
2014-09-18 21:45 - 2014-03-14 17:14 - 00000000 ____D () C:\Users\Stanimir
2014-09-18 14:11 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\Cursors
2014-09-18 13:24 - 2014-06-06 12:46 - 00000000 ____D () C:\Users\Stanimir\AppData\Local\PokerStars.NET
2014-09-18 13:24 - 2014-06-06 12:46 - 00000000 ____D () C:\Program Files (x86)\PokerStars.NET
2014-09-14 22:51 - 2014-03-14 18:05 - 00000000 ____D () C:\Users\Stanimir\AppData\Local\Downloaded Installations
2014-09-11 21:27 - 2014-03-19 19:03 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
 
Some content of TEMP:
====================
C:\Users\Stanimir\AppData\Local\Temp\309d1c34.exe
C:\Users\Stanimir\AppData\Local\Temp\smt_istartsurf.exe
C:\Users\Stanimir\AppData\Local\Temp\trolatuntSetup.exe
C:\Users\Stanimir\AppData\Local\Temp\_unps.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-17 14:51
 
==================== End Of Log ============================

Addition.txt


Линк към коментара
Сподели в други сайтове

Здравейте..! :) Деинсталирайте следния софтуер:
 

RelevantKnowledge


 
2lsf8k9.pngМоля, изтеглете и стартирайте програмата AdwCleaner(by Xplode):

  • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте Clean
  • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
  • Моля, да публикувате съдържанието на този лог в отговора си
  • Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

 

thisisujrt.gif Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

    mqdefault.jpg

 

FRST.gif Фикс с Farbar Recovery Scan Tool

 
icon13.gif Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 
FRST.gif Сканиране с Farbar Recovery Scan Tool

Повторете сканирането с Farbar Recovery Scan Tool

Линк към коментара
Сподели в други сайтове

Изпълних всички стъпки, ето и логовете:

 

AdwCleaner

 

# AdwCleaner v3.310 - Report created 28/09/2014 at 22:10:06

# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Stanimir - STANIMIR-PC
# Running from : C:\Users\Stanimir\Desktop\adwcleaner_3.310.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : IePluginServices
[#] Service Deleted : RelevantKnowledge
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\SNT
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\NExtCoupp
Folder Deleted : C:\ProgramData\NexTTCoup
Folder Deleted : C:\ProgramData\soafeweb
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
Folder Deleted : C:\Program Files (x86)\SNT
Folder Deleted : C:\Program Files (x86)\NExtCoupp
Folder Deleted : C:\Program Files (x86)\NexTTCoup
Folder Deleted : C:\Program Files (x86)\soafeweb
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Stanimir\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Stanimir\AppData\Local\Popajar
Folder Deleted : C:\Users\Stanimir\AppData\Local\torch
Folder Deleted : C:\Users\Stanimir\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Stanimir\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\begdeafllggilmgkmldpkdpgddkccnjj
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\begdeafllggilmgkmldpkdpgddkccnjj
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgafplppgalmfobpokfhnifcbeonalmn
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgafplppgalmfobpokfhnifcbeonalmn
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbanoggchifijainhpkjecdkaijncjo
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbanoggchifijainhpkjecdkaijncjo
Folder Deleted : C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbanoggchifijainhpkjecdkaijncjo
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmacjbpiakinlihlffmaapglogckbjcj
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmacjbpiakinlihlffmaapglogckbjcj
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\begdeafllggilmgkmldpkdpgddkccnjj
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\begdeafllggilmgkmldpkdpgddkccnjj
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgafplppgalmfobpokfhnifcbeonalmn
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgafplppgalmfobpokfhnifcbeonalmn
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbanoggchifijainhpkjecdkaijncjo
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbanoggchifijainhpkjecdkaijncjo
[!] Folder Deleted : C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbanoggchifijainhpkjecdkaijncjo
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmacjbpiakinlihlffmaapglogckbjcj
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmacjbpiakinlihlffmaapglogckbjcj
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbanoggchifijainhpkjecdkaijncjo
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbanoggchifijainhpkjecdkaijncjo
[!] Folder Deleted : C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbanoggchifijainhpkjecdkaijncjo
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-576482620
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43b06dbb-2bc8-4fab-9b58-67116e1dcf78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{43b06dbb-2bc8-4fab-9b58-67116e1dcf78}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{43b06dbb-2bc8-4fab-9b58-67116e1dcf78}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\Popajar
Key Deleted : HKCU\Software\SmileysWeLove
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
Key Deleted : HKLM\SOFTWARE\SystemK
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D08D9F98-1C78-4704-87E6-368B0023D831}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://websearch.exitingsearch.info/?l=1&q={searchTerms}&pid=1273&r=2014/03/19&hid=2928988362499753532&lg=EN&cc=BG&unqvl=50
Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1406983082&from=smt&uid=TOSHIBAXMQ01ABD075_Y2LFC61FTXXY2LFC61FT&q={searchTerms}
Deleted [Extension] : begdeafllggilmgkmldpkdpgddkccnjj
Deleted [Extension] : bgafplppgalmfobpokfhnifcbeonalmn
Deleted [Extension] : ccbanoggchifijainhpkjecdkaijncjo
Deleted [Extension] : jmacjbpiakinlihlffmaapglogckbjcj
 
*************************
 
AdwCleaner[R0].txt - [12693 octets] - [28/09/2014 22:08:43]
AdwCleaner[s0].txt - [12173 octets] - [28/09/2014 22:10:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [12234 octets] ##########
 
 
 
JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Windows 7 Ultimate x64
Ran by Stanimir on ­Ґ¤ 28.09.2014 Ј. at 22:12:44,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-450262157-189194946-1214278858-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\APNSetup1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\APNSetup1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\trolatuntSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\trolatuntSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\trolatunt_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\trolatunt_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\trolatunt_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\trolatunt_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatetrolatunt_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatetrolatunt_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\trolatuntSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\trolatuntSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\trolatunt_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\trolatunt_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\trolatunt_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\trolatunt_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatetrolatunt_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatetrolatunt_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ­Ґ¤ 28.09.2014 Ј. at 22:16:00,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

Fixlog.txt

FRST.txt

Линк към коментара
Сподели в други сайтове

Здравейте..!  Има ли промяна след процедурите до тук..?

 

GUZVCQN.jpg  Моля, изтеглете Malwarebytes Anti -Malware и го запомнете на вашия работен плот .
  Кликнете два пъти върху mbam-setup-consumer-2.0.0.1хххх.exe и следвайте инструкциите, за да инсталирате програмата .

  • В секцията Settings = > Detection and Protection => Detection Options, се поставя отметка в квадратчето 'Scan for rootkits'.

 

  • MBAMsettings.JPG
  • В главния прозорец на програмата , щракнете върху 'Update Now'
  • След актуализацията завърши, кликнете на бутона " 'Scan Now  " .
  • Ако има налична актуализация , щракнете върху бутона Update Now button .
  • Ще стартира Threat Scan.
  • Когато сканирането приключи, ако има някакви открити зарази , щракнете върху Apply Actions за да се позволи на Mbam да почисти засеченото. .

MBAMReboot.JPG

  •   След рестарта ,стартирайте Mbam още веднъж.
  •   Кликнете на History tab > Application Logs .
  •   Кликнете два пъти върху реда , който показва датата и часа на сканирането или View Detailed Log .
  •   Кликнете върху " Copy да Clipboard "

 

  • MBAMLog.JPG

 

  •   Поставете  съдържанието на клипборда в следващия си  отговор.

 

 

 

 

1.Изтеглете Hitman Pro.
 

 

  • За 32-битова система - dEMD6.gif.
  • За 64-битова система - Download-button3.gif
    2.Стартирайте програмата.

3.След като сте стартирали програмата като кликнете върху иконата 5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).
4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.
 
Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:
 
6-scanfin-choose.jpg
 
Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:ProgramdataHitmanProLogs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

 

 

i_arrow-r.gif Изтеглете програмата: ESET Online Scanner

 

  • Стартирайте esetsmartinstaller_enu.exe 7c9e83b53227ef3d.jpg
  • Сложете отметка на YES, I accept the Terms of Use и изберете Start:

 

04ed1c15c0abe843.jpg

 

  • Скенерът ще започне да изтегля компонентите, които са му необходими:

 

3b734079c5ccd713.jpg

 

 

  • Уверете се, че Enable detection of potentially unwanted applications е избран.

 

Уверете се, че е премахната отметката от:

 

  • Remove found threats

Уверете се че са маркирани следните позиции:

  • Scan Archives

Кликнете върху Advanced Settings и маркирайте следните опции:

  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

Накрая изберете Start

 

2.JPG

 

Скенерът ще започне да изтегля последните дефиниции и ще започне сканиране на вашия компютър.
Моля, бъдете търпеливи, тъй като това може да отнеме известно време.

  • След, като сканирането завърши кликнете на List of found threats.
  • Щракнете върху Export, и запишете файла на вашия работен плот с  име  ESETScan. Копирайте съдържанието на този доклад, в следващия си отговор.
  • Изберете бутона Back.
  • Изберете бутона Finish.
Линк към коментара
Сподели в други сайтове

След сканирането и пращането на 29 заразена файла под карантина, няма след от досадата!
Ето и новите логове:
 
mbam
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 30.9.2014 г.
Scan Time: 08:46:56 ч.
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.30.02
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Stanimir
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326360
Time Elapsed: 9 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [bbcae10e3447e452ea66860abf4326da], 
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [bbcae10e3447e452ea66860abf4326da], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 6
PUP.Optional.SavingSmart.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad, Quarantined, [a1e47f70601b40f6ee8cdc14e61ccc34], 
PUP.Optional.SavingSmart.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247, Quarantined, [a1e47f70601b40f6ee8cdc14e61ccc34], 
PUP.Optional.SavingSmart.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad, Quarantined, [295c40afd0abf73f1862579955ada060], 
PUP.Optional.SavingSmart.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247, Quarantined, [295c40afd0abf73f1862579955ada060], 
PUP.Optional.SavingSmart.A, C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad, Quarantined, [4d382ec18cef48ee7901fbf504fe9d63], 
PUP.Optional.SavingSmart.A, C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247, Quarantined, [4d382ec18cef48ee7901fbf504fe9d63], 
 
Files: 21
PUP.Optional.RelevantKnowledge, C:\Windows\System32\rlls64.dll, Quarantined, [1b6aa34c22593204a4ea889dca3b9769], 
PUP.Optional.MultiPlug, C:\Windows\SysWOW64\setup.exe, Quarantined, [7312fcf30a71b2846f45dad8966b25db], 
PUP.Optional.OpenCandy, C:\Users\Stanimir\Downloads\DAEMON Tools Lite 4.49.1.0356 (kaldata.com).exe, Quarantined, [04815d92e299132396dc6dca06ff9868], 
PUP.Optional.OpenCandy, C:\Users\Stanimir\Downloads\GOMPLAYERENSETUP.EXE, Quarantined, [3d485a95e596270fdd9585b2b15409f7], 
PUP.Optional.SavingSmart.A, C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ffdodpcdalagnkbkojidmmcehlnhniad_0.localstorage, Delete-on-Reboot, [b0d5b53a1368cf67f7b355d1fd06c63a], 
PUP.Optional.SavingSmart.A, C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ffdodpcdalagnkbkojidmmcehlnhniad_0.localstorage-journal, Quarantined, [582d19d652292a0c0e9caf7711f2857b], 
PUP.Optional.SavingSmart.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247\background.html, Quarantined, [a1e47f70601b40f6ee8cdc14e61ccc34], 
PUP.Optional.SavingSmart.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247\content.js, Quarantined, [a1e47f70601b40f6ee8cdc14e61ccc34], 
PUP.Optional.SavingSmart.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247\fc.js, Quarantined, [a1e47f70601b40f6ee8cdc14e61ccc34], 
PUP.Optional.SavingSmart.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247\lsdb.js, Quarantined, [a1e47f70601b40f6ee8cdc14e61ccc34], 
PUP.Optional.SavingSmart.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247\manifest.json, Quarantined, [a1e47f70601b40f6ee8cdc14e61ccc34], 
PUP.Optional.SavingSmart.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247\background.html, Quarantined, [295c40afd0abf73f1862579955ada060], 
PUP.Optional.SavingSmart.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247\content.js, Quarantined, [295c40afd0abf73f1862579955ada060], 
PUP.Optional.SavingSmart.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247\fc.js, Quarantined, [295c40afd0abf73f1862579955ada060], 
PUP.Optional.SavingSmart.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247\lsdb.js, Quarantined, [295c40afd0abf73f1862579955ada060], 
PUP.Optional.SavingSmart.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247\manifest.json, Quarantined, [295c40afd0abf73f1862579955ada060], 
PUP.Optional.SavingSmart.A, C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247\background.html, Quarantined, [4d382ec18cef48ee7901fbf504fe9d63], 
PUP.Optional.SavingSmart.A, C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247\content.js, Quarantined, [4d382ec18cef48ee7901fbf504fe9d63], 
PUP.Optional.SavingSmart.A, C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247\fc.js, Quarantined, [4d382ec18cef48ee7901fbf504fe9d63], 
PUP.Optional.SavingSmart.A, C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247\lsdb.js, Quarantined, [4d382ec18cef48ee7901fbf504fe9d63], 
PUP.Optional.SavingSmart.A, C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\247\manifest.json, Quarantined, [4d382ec18cef48ee7901fbf504fe9d63], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
HitmanPro
 
 
HitmanPro 3.7.9.225
www.hitmanpro.com
 
   Computer name . . . . : STANIMIR-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Stanimir-PC\Stanimir
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-09-30 09:12:00
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 19s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 25
 
   Objects scanned . . . : 1 426 545
   Files scanned . . . . : 30 725
   Remnants scanned  . . : 415 231 files / 980 589 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Stanimir\Desktop\hjt\FRST64.exe
      Size . . . . . . . : 2 108 928 bytes
      Age  . . . . . . . : 3.5 days (2014-09-26 22:10:13)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : AB0E01BD8C09B75A15C3B691974641B38B3D50F0C663FE34E9078E64FA0E35CE
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -3.1s C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bleepingcomputer.com_0.localstorage
          0.0s C:\Users\Stanimir\Desktop\hjt\FRST64.exe
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PluginService_RASAPI32\ (Qone8)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PluginService_RASMANCS\ (Qone8)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\putfu_RASAPI32\ (SpeedSurfing)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\putfu_RASMANCS\ (SpeedSurfing)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\rkinstaller_RASAPI32\ (RelevantKnowledge)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\rkinstaller_RASMANCS\ (RelevantKnowledge)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\rlvknlg_RASAPI32\ (RelevantKnowledge)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\rlvknlg_RASMANCS\ (RelevantKnowledge)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SettingsManagerMediaBar_RASAPI32\ (Linkey)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SettingsManagerMediaBar_RASMANCS\ (Linkey)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SettingsManagerSetup_RASAPI32\ (Linkey)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SettingsManagerSetup_RASMANCS\ (Linkey)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TBNotifier_RASAPI32\ (AskBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TBNotifier_RASMANCS\ (AskBar)
   HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey)
   HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey)
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey)
   HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro)
   HKU\S-1-5-21-450262157-189194946-1214278858-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{54739D49-AC03-4C57-9264-C5195596B3A1} (Linkey)
 
Cookies _____________________________________________________________________
 
   C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
 
 
 
 
ESET scan
 
 
C:\AdwCleaner\Quarantine\C\Users\Stanimir\AppData\Roaming\OpenCandy\2F0AF32010214064925D3B5148D3BE20\SettingsManagerSetup.exe.vir a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application
C:\Users\Stanimir\AppData\Local\Downloaded Installations\{FE5201C9-A684-47A1-AC22-3401B18E7682}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Stanimir\Cheat Engine 6.2\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application
C:\Users\Stanimir\Cheat Engine 6.2\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Users\Stanimir\Downloads\aida64extreme450.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
 
Линк към коментара
Сподели в други сайтове

Прекрасно..! :) Виждат се малко остатъци ..ще ти напиша скрипт за да ги махнем и ще се ориантираме към приключване..!:)


FRST.gif Фикс с Farbar Recovery Scan Tool

 
icon13.gif Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

 

Повторете сканирането с HitmanPro

Линк към коментара
Сподели в други сайтове

Мисля, че всичко вече е ОК!
Логове:

 

HitmanPro 3.7.9.225
www.hitmanpro.com
 
   Computer name . . . . : STANIMIR-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Stanimir-PC\Stanimir
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-09-30 21:19:34
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 46s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 2
 
   Objects scanned . . . : 1 421 187
   Files scanned . . . . : 29 006
   Remnants scanned  . . : 411 600 files / 980 581 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Stanimir\Desktop\hjt\FRST64.exe
      Size . . . . . . . : 2 108 928 bytes
      Age  . . . . . . . : 4.0 days (2014-09-26 22:10:13)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : AB0E01BD8C09B75A15C3B691974641B38B3D50F0C663FE34E9078E64FA0E35CE
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -3.1s C:\Users\Stanimir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bleepingcomputer.com_0.localstorage
          0.0s C:\Users\Stanimir\Desktop\hjt\FRST64.exe
 
 
Potential Unwanted Programs _________________________________________________
 
   HKU\S-1-5-21-450262157-189194946-1214278858-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{54739D49-AC03-4C57-9264-C5195596B3A1} (Linkey)
 
 
 

 

Fixlog.txt

Линк към коментара
Сподели в други сайтове

Да така е...всичко е чисто..! :)

 

На финала сме..:

 

icon_arrow.gif Изтеглете следния файл и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи публикувайте лог файла - fixlog.txt, който ще се създаде след работата. Той трябва да изтрие карантинната папка на инструмента разположена в C:FRSTQuarantine.

 

 

icon_arrow.gif Изтеглете DelFix и го стартирайте. Сложете отметка пред Remove disinfection tools и след това натиснете бутона Run
Инструмента ще се самоизтрие след като приключи своята задача!
 
1_tmb_68929169_delfix.gif.jpg

 
 
icon_exclaim.gif Деинсталирайте adwcleaner.exe
 

  • Моля, затворете всички отворени програми и интернет браузъри.
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Кликнете върху Uninstall .
  • Щракнете върху Yes за да деинсталирате Adwcleaner

 
 
icon_arrow.gif Деинсталирайте ESET Online Scaner.
 

  • Start => Run, въведете control appwiz.cpl в полето.След това натиснете ENTER.
  • Изберете ESET Online Scanner от списъка с приложения, а след това маркирайте Remove. Aко бъдете подканени рестартирайте компютъра си.

 

icon_arrow.gif Препоръчвам програмата Malwarebytes' Anti-Malware да остане на вашия компютър и периодично да сканирате системата си с нея (поне един -два пъти в седмицата),като не забравяйте да обновите дефинициите и преди всяко сканиране..!

 

 

 

vxyzw0.gifСтартирайте PatchMyPC и инсталирайте всички ъпдейти, които инструмента ви предложи.

 

 Ако има инструменти, папки или логове от използваните от нас неща и те не са се изтрили при горе-споменатите процедури, ги изтрийте ръчно.

Ако нямате други  проблеми маркирам случая за "Решен"..! Пожелавам лека вечер и безопасен интернет..!  :)

Линк към коментара
Сподели в други сайтове

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване